#include "stdafx.h"
#include <Windows.h>   
typedef struct _UNICODE_STRING { // UNICODE_STRING structure   
    USHORT Length;  
    USHORT MaximumLength;  
    PWSTR  Buffer;  
} UNICODE_STRING;  
typedef UNICODE_STRING *PUNICODE_STRING;  

typedef NTSTATUS (WINAPI *fLdrLoadDll) //LdrLoadDll function prototype   
(  
IN PWCHAR PathToFile OPTIONAL,  
IN ULONG Flags OPTIONAL,  
IN PUNICODE_STRING ModuleFileName,  
OUT PHANDLE ModuleHandle  
);  

typedef VOID (WINAPI *fRtlInitUnicodeString) //RtlInitUnicodeString function prototype   
(  
PUNICODE_STRING DestinationString,  
PCWSTR SourceString  
);  

HMODULE hntdll;  
fLdrLoadDll _LdrLoadDll;  
fRtlInitUnicodeString _RtlInitUnicodeString;  

HMODULE LoadDll( LPCSTR lpFileName) //Coded by Viotto - http://viotto-security.net   
{  
    if (hntdll      == NULL) { hntdll = GetModuleHandleA("ntdll.dll"); }  
    if (_LdrLoadDll == NULL) { _LdrLoadDll = (fLdrLoadDll) GetProcAddress ( hntdll, "LdrLoadDll"); }  
    if (_RtlInitUnicodeString == NULL)  
    { _RtlInitUnicodeString = (fRtlInitUnicodeString) GetProcAddress ( hntdll, "RtlInitUnicodeString"); }  
       
    int StrLen = lstrlenA(lpFileName);  
    BSTR WideStr = SysAllocStringLen(NULL, StrLen);  
    MultiByteToWideChar(CP_ACP, 0, lpFileName, StrLen, WideStr, StrLen);  
       
    UNICODE_STRING usDllName;  
    _RtlInitUnicodeString(&usDllName, WideStr);  
    SysFreeString(WideStr);  
       
    HANDLE DllHandle;  
    _LdrLoadDll(0, 0, &usDllName, &DllHandle);  
       
    return (HMODULE)DllHandle;  
}  

typedef void (* _u)();  

int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPSTR     lpCmdLine,
                     int       nCmdShow)
{
        HMODULE hMydll = LoadDll("C:\\ww.dll");  
        _u ss = (_u)GetProcAddress(hMydll,"tt");  
        ss();  
    return 0;  
        // TODO: Place code here.

        return 0;
}

一个大牛的博客里面找到的，不过编译出错，不知道怎么回事。。
C:\Documents and Settings\Administrator\桌面\ssss\ssss.cpp(14) : error C2059: syntax error : '__stdcall'
C:\Documents and Settings\Administrator\桌面\ssss\ssss.cpp(20) : error C2091: function returns function
C:\Documents and Settings\Administrator\桌面\ssss\ssss.cpp(32) : error C2146: syntax error : missing ';' before identifier '_LdrLoadDll'
C:\Documents and Settings\Administrator\桌面\ssss\ssss.cpp(32) : error C2501: 'fLdrLoadDll' : missing storage-class or type specifiers
C:\Documents and Settings\Administrator\桌面\ssss\ssss.cpp(32) : fatal error C1004: unexpected end of file found
执行 cl.exe 时出错.

ssss.exe - 1 error(s), 0 warning(s)

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！