experiment:+CreateRemoteThread

/**

* demo: CreateRemoteThread
*
* original url : http://www.codeproject.com/KB/threads/winspy.aspx
* <<Three Ways to Inject Your Code into Another Process>>
*
* step:
* OpenProcess
* VirtualAllocEx RemoteDataSpace
* WriteProcessMemory RemoteDataSpace
* VirtualAllocEx RemoteCodeSpace
* WriteProcessMemory RemoteCodeSpace
* CreateRemoteThread RemoteCode
* do something and write results to Buffer on RemoteDataSpace
* WaitForSingleObject hRemoteCode
* ReadProcessMemory from RemoteDataSpace to Main Process Buffer
* VirtualFreeEx RemoteDataSpace and RemoteCodeSpace
* CloseHandle of RemoteCode;
* CloseHandle of OpenProcess;
*/

demo: srcLsWinSpy_V2011_1014_0200.rar

if use createRemoteThread + Loadlibrary, need call AdjustTokenPrivileges first.