Allright, sorry for inconvenience...
So heres exactly what my code does:
OpenProcess(PROCESS_ALL_ACCESS, FALSE, IDProcess);
where IDProcess is my own variable. It has the return vale of "hOpenProcess"
VirtualAllocEx(hOpenProcess, 0, strlen(szDllPath), MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
hOpenProcess is the opened process, szDllPath is my absolute path to DLL. MEM_RESERVE|MEM_COMMIT is to reserve a range of the virtual address space and to allocate physical storage in memory. PAGE_EXECUTE_READWRITE - enables these permissions for the region of pages...
Returnvalue is "lpRemoteMemory"
Retrieve a module handle... Kernel32 obviously which handles memory management, IO and interrupts...
WriteProcessMemory(hOpenProcess, lpRemoteMemory, (LPVOID)szDllPath, strlen(szDllPath), NULL);
Writes data to the area in memory. Data in this case is (LPVOID)szDllPath - my DLL.
hRemoteThread = CreateRemoteThread(hOpenProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibrary(szDllPath), lpRemoteMemory, 0, &IDProcess);
hRemoteThread = CreateRemoteThread(hOpenProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(hKernel, "LoadLibraryA"), lpRemoteMemory, 0, NULL);
Creates the thread that runs in the virtual address space.
LPTHREAD_START_ROUTINE - Represents the starting address of the thread in the process.
LoadLibraryA - Uncertain about this, is it right?
Waits until hRemoteThread is finnished... Does mean only the init of my DLL, because I want my DLL to run all the time without having my injectionprocess running.
Gets termination status of hRemoteThread
CreateRemoteThread(hOpenProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(hKernel, "FreeLibraryA"), lpRemoteMemory, 0, NULL);
VirtualFreeEx(hOpenProcess, lpRemoteMemory, 0, MEM_RELEASE);
releases the region of memory lpRemoteMemory in hOpenProcess
CloseHandle(hRemoteThread) && !CloseHandle(hOpenProcess);
Closes the object handle hRemoteThread and hOpenProcess
Now as I see it, I'm not using the thread after I've closed it, or free'd the memory. Is GetExitCodeThread wrong?
I'm glad for your answers, and that you don't spoil anything, make me work... Keep it coming, thats how I learn!