Dynamic-link library injection
The most common method of process injection is DLL Injection, which is popular due to how easy it is. A program can simply drop a DLL to the disk and then use “CreateRemoteThread” to call “LoadLibrary” in the target process, the loader will then take care of the rest.
Locate a target process to inject (CreateToolhelp32Snapshot(), Process32First(), and Process32Next()).
Open the target process (GetModuleHandle, GetProcAddress, or OpenProcess).
Allocate memory region for malicious DLL (VirtualAllocEx).
Write the malicious DLL to allocated memory (WriteProcessMemory).
Load and execute the malicious DLL (LoadLibraryA imported from kernel32. Once loaded, CreateRemoteThread can be used to execute memory using LoadLibrary as the starting function).