printf("nAll %d processes running. n", dwProcessNum / sizeof(DWORD));

    DWORD dwPid = 0;
    printf("n请输入要拦截的进程id:");
    scanf("%d", &dwPid);
    
    HANDLE hTargetProcess = OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_VM_READ, FALSE, dwPid);
    if(hTargetProcess == NULL)
    {
        printf("OpenProcess Error!n");
        return -1;
    }

    DWORD dwFunAddr = (DWORD)VirtualAllocEx(hTargetProcess, NULL, 8192,
                                            MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    
    if((LPVOID)dwFunAddr == NULL)
    {
        printf("申请线程内存失败!n");
        CloseHandle(hTargetProcess);
        return -1;
    }

    DWORD dwPramaAddr = (DWORD)VirtualAllocEx(hTargetProcess, NULL, sizeof(RemoteParam),
                                              MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);

    if((LPVOID)dwPramaAddr == NULL)
    {
        printf("申请参数内存失败!n");
        CloseHandle(hTargetProcess);
        return -1;
    }

    printf("n线程内存地址:%.8xn"
          "参数内存地址:%.8xn",
          dwFunAddr, dwPramaAddr);
      RemoteParam RParam;
    ZeroMemory(&RParam, sizeof(RParam));
    HMODULE hKernel32 = LoadLibrary("kernel32.dll");
    HMODULE hUser32 = LoadLibrary("user32.dll");

    RParam.dwCreateFile = (DWORD)GetProcAddress(hKernel32, MYCREATEFILE);
    RParam.dwGetCurrentProcess = (DWORD)GetProcAddress(hKernel32, "GetCurrentProcess");
    RParam.dwWriteProcessMemory = (DWORD)GetProcAddress(hKernel32, "WriteProcessMemory");
    RParam.dwMessageBox = (DWORD)GetProcAddress(hUser32, MYMESSAGEBOX);