Freelibrary using remote thread

In the book Windows via C/C++, Part IV , Chapter 22 - Injecting a Dll Using Remote Thread开发者_运维百科.

In the function BOOL WINAPI EjectLibW(DWORD dwProcessId, PCWSTR pszLibFile), the code:

hThread = CreateRemoteThread(hProcess, NULL, 0,
        pfnThreadRtn, me.modBaseAddr, 0, NULL);

My Question: Why the 5th param is not me.hModule? the Freelibrary func need a param of hModule.

This is a typo, but still works because HINSTANCEs/HMODULEs are now simply a pointer to the address where the DLL is mapped in the process's VA space.

Also, please don't inject threads into arbitrary processes, it is very tricky to get right in the general case.