CreateProcess(m_Path,m_Command.GetBuffer(0),NULL,NULL,false,CREATE_SUSPENDED|HIGH_PRIORITY_CLASS,NULL,NULL,&StartInfo,&hProcess);

char MyDllPath[MAX_PATH];
GetCurrentDirectory(MAX_PATH,MyDllPath);
lstrcat(MyDllPath,"\\DLL.DLL");
long lpLoadLibrary =(long)GetProcAddress(GetModuleHandle("Kernel32.dll"),"LoadLibraryA");
long lpDllName = (long)VirtualAllocEx(hProcess.hProcess,NULL,MAX_PATH,MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(hProcess.hProcess,(void*)lpDllName,&szMyDllFull,MAX_PATH,NULL);
CloseHandle(CreateRemoteThread(hProcess.hProcess,NULL,NULL,(LPTHREAD_START_ROUTINE)lpLoadLibrary,(void*)lpDllName,NULL,NULL));
ResumeThread(hProcess.hThread);

小弟在CreateRemoteThread下斷，然後用其他記憶體查看工具去看LoadLibraryA的位置顯示??(尚未載入kernel32.dll)

如果是這樣的話那CreateRemoteThread不是沒用? 問題是小弟測試那段代碼是可以注入但是進程創建5~8秒內會自動結束 (DLL無論有無注入都是差不多時間自動結束)

以上是指在作業系統XP下測試的結果 小弟自己在W7下測試都正常  ， 有大大可以解釋一下為甚麼在XP下會有這種問題

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法