#define WIN32_LEAN_AND_MEAN

#define UNICODE
#define _UNICODE

#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>

#define TARGET_EXE_NAME  "IEXPLORE.EXE"
#define DLL_FILE_NAME    "ClipBoard.dll"


int APIENTRY _tWinMain(HINSTANCE hInstance,
                       HINSTANCE hPrevInstance,
                       LPTSTR    lpCmdLine,
                       int       nCmdShow)
{
    HANDLE hSnap;
    if((hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) == INVALID_HANDLE_VALUE){
        MessageBox(NULL, _TEXT("CreateToolhelp32Snapshot"), _TEXT("Error"), MB_OK);
        return -1;
    }

    PROCESSENTRY32 pe;
    pe.dwSize = sizeof(pe);

    DWORD dwProcessId = 0;
    BOOL bResult = Process32First(hSnap, &pe);
    while(bResult){
        if(!lstrcmp(pe.szExeFile, _TEXT(TARGET_EXE_NAME))){
            dwProcessId = pe.th32ProcessID;
            break;
        }
        bResult = Process32Next(hSnap, &pe);
    }
    CloseHandle(hSnap);

    if(dwProcessId == 0){
        MessageBox(NULL, _TEXT("Process not found."), _TEXT("ERROR"), MB_OK);
        return -1;
    }

    HANDLE hProcess;
    hProcess = OpenProcess(
         PROCESS_QUERY_INFORMATION |
         PROCESS_CREATE_THREAD     |
         PROCESS_VM_OPERATION      |
         PROCESS_VM_WRITE,
         FALSE, dwProcessId);

    if(hProcess == NULL){
        MessageBox(NULL, _TEXT("OpenProcess"), _TEXT("ERROR"), MB_OK);
        return -1;
    }

    TCHAR szLibFile[256];
    GetModuleFileName(NULL, szLibFile, sizeof(szLibFile));
    _tcscpy(_tcsrchr(szLibFile, _TEXT('\\')) + 1, _TEXT(DLL_FILE_NAME));

    int szLibFileLen;
    szLibFileLen = lstrlen(szLibFile) + 1;
    szLibFileLen = szLibFileLen * sizeof(TCHAR);

    PWSTR RemoteProcessMemory;
    RemoteProcessMemory = (PWSTR)VirtualAllocEx(
        hProcess, NULL, szLibFileLen, MEM_COMMIT, PAGE_READWRITE);
    if(RemoteProcessMemory == NULL){
        MessageBox(NULL, _TEXT("VirtualAllocEx"), _TEXT("ERROR"), MB_OK);
        return -1;
    }

    if(WriteProcessMemory(hProcess, RemoteProcessMemory,
        (PVOID)szLibFile, szLibFileLen, NULL) == 0){
            MessageBox(NULL, _TEXT("WriteProcessMemory"), _TEXT("ERROR"), MB_OK);
            return -1;
    }

    PTHREAD_START_ROUTINE pfnThreadRtn;
    pfnThreadRtn = (PTHREAD_START_ROUTINE)GetProcAddress(
        GetModuleHandle(_TEXT("Kernel32")), "LoadLibraryW");
    if (pfnThreadRtn == NULL){
        MessageBox(NULL, _TEXT("GetProcAddress"), _TEXT("ERROR"), MB_OK);
        return -1;
    }

    HANDLE hThread;
    hThread = CreateRemoteThread(hProcess, NULL, 0, 
        pfnThreadRtn, RemoteProcessMemory, 0, NULL);
    if (hThread == NULL){
        MessageBox(NULL, _TEXT("CreateRemoteThread"), _TEXT("ERROR"), MB_OK);
        return -1;
    }

    return 0;
}