For my COMP6841 Something Awesome project I chose to do DLL Injection. DLL Injection is exactly what it sounds like – you inject, or insert, a DLL into a process. It can be used for malicious purposes, which was the goal of my project.
What is a DLL?
“The use of DLLs helps promote modularization of code, code reuse, efficient memory usage, and reduced disk space… A DLL is a library that contains code and data that can be used by more than one program at the same time.” – Microsoft Documentation 
Basically you can think of a DLL as a “library” of common functions that multiple programs can use. Most of Window’s functionality is based on libraries with APIs to syscalls being implemented in DLLs.
I implemented a basic example of a program that uses a Windows API – I use Process32Next()  combined with CreateToolhelp32Snapshot()  to list all currently running processes…
How do you ‘inject’ DLLs?
There are quite a few different methods of DLL injection – some more sneakier than others.  I went with the easiest and laziest – VirtualAllocEx() and CreateRemoteThread().
How do you ‘weaponise’ DLLs?
So DLLs are just a library of functions right? If you simply load them into memory it doesn’t really do anything… Luckily there’s this thing called DLL_PROCESS_ATTACH which allows you to run initialization code. 
” The entry-point function should perform only simple initialization or termination tasks.”
I’m not sure where I saw it, but I think I remembered creating threads (for persistency) in DLL_PROCESS_ATTACH was a bad idea – so instead we weaponise through something like IAT hooking.
IAT Hooking is when we override the address of a function in the process’s memory with our own function – which emulates the original function and adds some other code as well 🙂 
What did I learn?
- Had minimal experience with C++ before this – surprisingly it was quite similar to Python once I figured out that their strings are classes.
- Also, why does Windows even use wide strings? Conversions between char_t and wchar_t and all their variations are very painful.
- I hate socket programming (in C++) and ended up giving up on implementing sending binary files across sockets in C++.