BOOL CGameMainDlg::InjectModuleToProcess(void)
{
        //获取DLL路径
        char szDllPath[1024] = {0};
        GetCurrentDirectory(1024,szDllPath);       
        strcat(szDllPath,"\\GameDLL.dll");
        MessageBox(szDllPath);

        //获取窗口句柄
        HWND hGame = ::FindWindow(NULL,"计算器");
        if (hGame == NULL)
                return FALSE;

        //获取进程ID
        DWORD dwProcessId;
        GetWindowThreadProcessId(hGame,&dwProcessId);
        if (dwProcessId == 0)
                return FALSE;

        //打开远程进程
        HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessId);
        if (hProcess == NULL)
                return FALSE;

        //申请空间
        UINT nLen = (UINT)strlen(szDllPath)+1;
        LPVOID lpRemoteDLLName = VirtualAllocEx(hProcess,NULL,nLen,MEM_COMMIT,PAGE_READWRITE);
        if (lpRemoteDLLName == NULL)
                return FALSE;

        //把DLL名写入申请的内存空间
        if (WriteProcessMemory(hProcess,lpRemoteDLLName,szDllPath,nLen,NULL) == 0 )
                return FALSE;

        //获取动态链接库函数地址
        HMODULE hModule = GetModuleHandle ( "kernel32.dll" ) ;
        LPTHREAD_START_ROUTINE fnStartAddr = ( LPTHREAD_START_ROUTINE )GetProcAddress(hModule,"LoadLibraryA") ;
        if ( (DWORD)fnStartAddr == 0 )
                return FALSE;

        //创建远程线程
        HANDLE hRemoteThread = CreateRemoteThread ( hProcess, NULL, 0,fnStartAddr, lpRemoteDLLName, 0, NULL ) ;
        if ( hRemoteThread == NULL )
                return FALSE;

        return TRUE;
}

我看书上的这个，CTRL+F5就能注入，直接执行生成的文件就注入不了，高手指点条明路！

[课程]Linux pwn 探索篇！