问题
I'm trying to inject a thread to another process, which let the process load an external dll.
Here's the code I found on the internet, and it works.
HANDLE hThread = CreateRemoteThread (hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE) GetProcAddress(
GetModuleHandle(L"kernel32"), "LoadLibraryA"),
lpMemory, 0, NULL);
if (hThread == INVALID_HANDLE_VALUE)
{
return false;
}
But from my understandings, the address returned by GetProcAddress lives in the memory space of the current process, not the targeted one.
So why does it work?
Tested on Windows 7
来源:https://stackoverflow.com/questions/18941843/why-does-createremotethread-work-here