179.
180. int cbSize = strlen(m_szDllName)+1;
181. LPVOID lpRemoteDllName = ::VirtualAllocEx(hProcess, 0, cbSize, MEM_COMMIT, PAGE_READWRITE);
182. ::WriteProcessMemory(hProcess, lpRemoteDllName, m_szDllName, cbSize, NULL);
183. HANDLE hRemoteThread = ::CreateRemoteThreadEx(hProcess, NULL, 0, pfnFreeLibrary, lpRemoteDllName, 0, NULL, NULL);
184. if (NULL == hRemoteThread)
185. {
186. ::CloseHandle(hProcess);
188. }
189. //等待目标线程运行结束,即LoadLibraryA函数返回
190. ::WaitForSingleObject(hRemoteThread, INFINITE);
191. ::CloseHandle(hRemoteThread);
192. ::CloseHandle(hProcess);
193. return TRUE;
194. }