public static bool DoInjection(string DllPath, IntPtr hwnd)
{
IntPtr hProcess = LoadDll.GetHwndProcess(hwnd);
byte[] dllBytes = System.Text.Encoding.Default.GetBytes(DllPath);
int BufSize = dllBytes.Length;
IntPtr AllocAddr = VirtualAllocEx(hProcess, 0, BufSize, AllocationType.MEM_COMMIT, 0x04);
LoadDll.WriteProcessMemory(hProcess, AllocAddr, dllBytes, BufSize, IntPtr.Zero);
IntPtr pfnStartAddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
IntPtr hRemoteThread = CreateRemoteThread(hProcess, 0, 0, pfnStartAddr, AllocAddr, 0, 0);
// 等待远线程结束
WaitForSingleObject(hRemoteThread, 0xFFFFFFFF);
// 取DLL在目标进程的句柄
int remoteModule = 0;
GetExitCodeThread(hRemoteThread, ref remoteModule);
LoadDll.Free(hProcess, hRemoteThread, AllocAddr);
return(hRemoteThread.ToInt32() > 0);
}