//获得进程句柄
HWND hwnd=::FindWindow(NULL,"计算器");
if(!hwnd)
{
  AfxMessageBox("请打开计算器");
  return;
}

//取得进程句柄和进程ID
DWORD Process,ProcessId;
Process=::GetWindowThreadProcessId(hwnd,&ProcessId);

//利用进程句柄来打开进程
HANDLE hProcess=::OpenProcess(PROCESS_CREATE_THREAD |  PROCESS_VM_READ |PROCESS_VM_OPERATION
  | PROCESS_VM_WRITE,false,ProcessId);

CString m_DllName="C:\\Documents and Settings\\User\\桌面\\CreateRemoteThread\\GameHook1\\Debug\\GameHook1.dll";
char* m_Rometstr;

//在计算器进程中为DLL的名字申请内存空间,返回值为申请到的空间基址
m_Rometstr=(char*)::VirtualAllocEx(hProcess,NULL,m_DllName.GetLength()+1,MEM_COMMIT,PAGE_READWRITE);

//写入DLL名字
::WriteProcessMemory(hProcess,m_Rometstr,m_DllName.GetBuffer(0),m_DllName.GetLength()+1,NULL);


LPTHREAD_START_ROUTINE pfn_LoadLib;
HANDLE hThread;

//取得LoadLibraryA的入口地址
pfn_LoadLib=(LPTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle("Kernel32"),"LoadLibraryA");

//建立新线程,并令入口点为LoadLibraryA,附加参数为DLL名字,令DLL启动
hThread=::CreateRemoteThread(hProcess,NULL,NULL,pfn_LoadLib,m_Rometstr,0,NULL);


WaitForSingleObject(hThread,INFINITE);
VirtualFreeEx(hProcess,m_Rometstr,0,MEM_RELEASE);

/////如果进程结束，则关闭进程头和线程头；
    WaitForSingleObject( hProcess, INFINITE );

    CloseHandle( hProcess );
    CloseHandle( hThread );

//VirtualFreeEx(hProcess,m_Rometstr,0,MEM_RELEASE);
DWORD de=::GetLastError();