没代码怎么分析呀？
试下这段代码，在我xp sp3下正常。
LONG FindTarget(LPCTSTR pProcessName)
{
BOOL bRet;
HANDLE hProcessSnap;
unsigned long ProcessID = -1;
PROCESSENTRY32 pe;
pe.dwSize = sizeof(pe);
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

bRet = Process32First(hProcessSnap, &pe);
while(bRet)
{
  if(lstrcmpi(pe.szExeFile, pProcessName) == 0)
  {
   ProcessID = pe.th32ProcessID;
   break;
  }
  bRet = Process32Next(hProcessSnap, &pe);
}
CloseHandle(hProcessSnap);

return ProcessID;
}

BOOL InjectExplorer(LPCTSTR szDllPath)
{
long pid = 0;
int ret = 0;
pid = FindTarget("Explorer.exe");
if(pid == -1)
{
  //没找到目标进程处理
  //....
  return FALSE;
}

HANDLE hProcess = NULL;
HANDLE hRemoteThread = NULL;
void *pLibRemote = NULL;
DWORD hLibModule = 0;
HMODULE hKernel32 = NULL;

hKernel32 = GetModuleHandle("Kernel32");
hProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
if(hProcess == NULL)
{
  //打开进程失败处理
  //...
  return FALSE;
}
//在目标进程内分配内存
pLibRemote = VirtualAllocEx(hProcess,NULL,sizeof(szDllPath),MEM_COMMIT,PAGE_READWRITE);
//在目标进程空间内写入数据
ret = WriteProcessMemory(hProcess,pLibRemote,(void *) szDllPath,sizeof(szDllPath),NULL);
if(ret == 0)
{
  //写入失败处理
  //...
  return FALSE;
}

//创建远程线程
hRemoteThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32, "LoadLibraryA"),pLibRemote,0,NULL);
//等待执行结束
WaitForSingleObject(hRemoteThread, INFINITE);
GetExitCodeThread(hRemoteThread, &hLibModule);
CloseHandle(hRemoteThread);
//释放分配内存
VirtualFreeEx(hProcess, pLibRemote, sizeof(szDllPath), MEM_RELEASE);
// 关闭远程进程句柄
CloseHandle(hProcess);
return TRUE;
}