injecting a dll with createremotethread

Question

how does createremotethread execute a dll inside a process? One of the parameters it uses is the loadlibraryA. So I get the part where it executes the loadlibrary function w

Answer 1

Just like any other LoadLibrary call, the dynamic loader will call into your injected DLL's DllMain function with the DLL_PROCESS_ATTACH reason code. The code in your DllMain can take it from there, though I would strongly advise against doing too much from within DllMain itself due to the loader lock.