I'm using CreateRemoteThread api to inject a dll into a process. This works when the process is running state. But If I launch a process in suspended state using CreateProcess api and try to inject a dll into it, then dll injection is not working. But If I use createprocess without suspended flag, then I can able to inject the dll. Can anyone tell me the solution of this problem?
It can not work because creating a process with suspended flag,it loads only ntdll.dll. kernal32.dll is not loaded yet, so you can not use createprocess to call LoadLibrary(in the kernal32.dll) in the remote suspended process. but you can use LdrLoadDll(in the ntdll.dll) instead. you can also use QueueUserAPC with LdrLoadDll ,too. it will works well~