int main(int argc, CHAR* argv[]) { char dllpath[MAX_PATH] = "\\\\.\\C:\\Windows\\System32\\kernel32.dll"; printf("%s\n",dllpath); HANDLE file = CreateFile(dllpath,GENERIC_READ|GENERIC_EXECUTE,FILE_SHARE_READ,NULL,OPEN_EXISTING,0,0); HANDLE mappedfile = CreateFileMapping(file,NULL,PAGE_EXECUTE_READ|SEC_IMAGE,0,0,NULL); void *dlladdress = MapViewOfFile(mappedfile,FILE_MAP_READ|FILE_MAP_EXECUTE,0,0,0); void *kerneladdr = GetModuleHandle("kernel32.dll"); mappedTerminateProcess termaddress = (myTerminateProcess)((DWORD)dlladdress + ((DWORD)&TerminateProcess - (DWORD)kerneladdr)); mappedOpenProcess openprocaddress = (myOpenProcess)((DWORD)dlladdress + ((DWORD)&OpenProcess - (DWORD)kerneladdr)); DWORD pid = getPid("notepad.exe"); HANDLE h = openprocaddress(PROCESS_TERMINATE,false,pid); //Program crashes here termaddress(h,0) return 0; }