关于LdrLoadDll

clarexxg

调用过程：LoadLibraryA->LoadLibraryW->LdrLoadDll……

针对有些未加载kernel32.dll的进程，可以用ShellCode+LdrLoadDll进行DLL注入

还有就是可以用LdrGetProcedureAddress代替GetProcAddress

使用方法：

Private Declare Function LdrLoadDll Lib "NTDLL.DLL" (PathToFile As String, ByVal Flags As Long, ModuleFileName As UNICODE_STRING, ModuleHandle As Long) As Long

Private Type UNICODE_STRING
    Length As Integer
    MaximumLength As Integer
    Buffer As Long
End Type

Private Sub xx()
    Dim uPath As UNICODE_STRING
    Dim hModule As Long
    uPath.Buffer = StrPtr(dllPath)
    uPath.Length = LenB(dllPath)
    uPath.MaximumLength = uPath.Length
    LdrLoadDll vbNullString, 0, uPath, hModule
End Sub