#include <windows.h>
#include <cstdio>

typedef HINSTANCE (*fpLoadLibrary)(char*);
typedef LPVOID (*fpGetProcAddress)(HINSTANCE, char*);
typedef void (*fpFunktion)(void);

struct INJECTSTRUCT
{
      fpLoadLibrary LoadLibrary;
      fpGetProcAddress GetProcAddress;
      char path[255];
      char func[255];
};

DWORD WINAPI threadstart(LPVOID addr)
{
	HINSTANCE hDll;
	fpFunktion funktion;
	INJECTSTRUCT * is = (INJECTSTRUCT*)addr;       
	hDll = is->LoadLibrary(is->path);
	funktion = (fpFunktion)is->GetProcAddress(hDll, is->func);
	funktion();
	return 0;
}
void threadend()
{
}

extern "C" void __declspec(dllexport) Funktion()
{
   HANDLE hProc;
   LPVOID start, thread;
   DWORD funcsize, written;
   HINSTANCE hDll;
   INJECTSTRUCT is;
   DWORD id = 3972;
   hDll = LoadLibrary("KERNEL32");
   is.LoadLibrary = (fpLoadLibrary)GetProcAddress(hDll, "LoadLibraryA");
   is.GetProcAddress = (fpGetProcAddress)GetProcAddress(hDll, "GetProcAddress");
   strcpy(is.path, "C:\\DLL.dll");
   strcpy(is.func, "Funktion2");

   hProc = OpenProcess(PROCESS_ALL_ACCESS, false, id);
   printf("Prozess Handle:       %x\n", hProc);
start = VirtualAllocEx(hProc, 0, funcsize+sizeof(INJECTSTRUCT), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
printf("Memory:               %x\n", start);
WriteProcessMemory(hProc, start, (LPVOID)&is, sizeof(INJECTSTRUCT), NULL);

thread = (LPVOID)((DWORD)start+sizeof(INJECTSTRUCT));

WriteProcessMemory(hProc, thread, (LPVOID)threadstart, funcsize, NULL);
CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)thread, start, 0, 0);
   CloseHandle(hProc);
}

extern "C" void __declspec(dllexport) Funktion2()
{
    MessageBox(0, "selbst ist die DLL!", "xD", 0);
}

have fun