#include < windows.h>
#include < tlhelp32.h>

#pragma comment(linker,"/BASE:0x13140000") 

DWORD GetProcessID(char*);
BOOL Inject(HANDLE,DWORD(WINAPI* func)(LPVOID));
DWORD WINAPI func(LPVOID);


int WINAPI WinMain(HINSTANCE,HINSTANCE,LPTSTR,int)
{
if(!Inject(OpenProcess(PROCESS_ALL_ACCESS,false,GetProcessID("explorer.exe")),&func)) return false;
return true;
}


DWORD WINAPI func(LPVOID)
{
LoadLibrary("kernel32.dll"); 
LoadLibrary("user32.dll"); 
SYSTEMTIME SysTime;
GetSystemTime(&SysTime);
WORD time=SysTime.wSecond+30;
while(time!=SysTime.wSecond){GetSystemTime(&SysTime);}
MessageBox(0,"Hello from addres area of explorer","title",0);
return true;
}

DWORD GetProcessID(char* lpNameProcess) 
{
HANDLE snap;
PROCESSENTRY32 pentry32;
snap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(snap==INVALID_HANDLE_VALUE) return 0;
pentry32.dwSize=sizeof(PROCESSENTRY32);
if(!Process32First(snap,&pentry32)) {CloseHandle(snap);return 0;}
do
{
if(!lstrcmpi(lpNameProcess,&pentry32.szExeFile[0]))
{
CloseHandle(snap);
return pentry32.th32ProcessID;  
}
}while(Process32Next(snap,&pentry32));
CloseHandle(snap);
return 0;
}


BOOL Inject(HANDLE hProc,DWORD(WINAPI* func)(LPVOID))
{
DWORD id;
DWORD ByteOfWriten;
HMODULE hModule = GetModuleHandle(NULL);
DWORD size=((PIMAGE_OPTIONAL_HEADER)((LPVOID)((BYTE*)(hModule)+((PIMAGE_DOS_HEADER)(hM
odule))->e_lfanew+sizeof(DWORD)+
sizeof(IMAGE_FILE_HEADER))))->SizeOfImage;
char* hNewModule = (char*)VirtualAllocEx(hProc,hModule,size,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_REA
DWRITE);
if(hNewModule==NULL) return false;
WriteProcessMemory(hProc,hNewModule,hModule,size,&ByteOfWriten);
if(ByteOfWriten!=size){return false;}
HANDLE hThread=CreateRemoteThread(hProc,NULL,0,func,(LPVOID)hNewModule,0,&id);
if(hThread==0) return false;
return true;
}