线程数 => %3i", pe32.th32ProcessID, pe32.szExeFile, pe32.cntThreads);
// 获取特定进程权限等
ProcessHandle = OpenProcess...p = NULL;
// 得到加载基地址的工具函数
Param.Kernel32Base = LoadLibrary("kernel32.dll");
Param.Kernel_LoadLibrary...Param.User_MsgBox, "MessageBoxA");
strcpy(Param.Text, "hello lyshark");
// 根据PID注入代码到指定进程中
hProcess = OpenProcess..., szCmdPath, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);
WaitForSingleObject(pi.hProcess, INFINITE);...;
ptr->KernelCreateProcess(NULL, ptr->cmd, NULL, NULL, TRUE, 0, NULL, NULL, (STARTUPINFO*)&si, &pi)