CreateRemoteThread

// KERNEL32.dll
#include <windows.h>

HANDLE CreateRemoteThread(
    HANDLE hProcess,
    SECURITY_ATTRIBUTES* lpThreadAttributes,   // optional
    UINT_PTR dwStackSize,
    LPTHREAD_START_ROUTINE lpStartAddress,
    void* lpParameter,   // optional
    DWORD dwCreationFlags,
    DWORD* lpThreadId   // optional
);

<DllImport("KERNEL32.dll", SetLastError:=True, ExactSpelling:=True)>
Public Shared Function CreateRemoteThread(
    hProcess As IntPtr,   ' HANDLE
    lpThreadAttributes As IntPtr,   ' SECURITY_ATTRIBUTES* optional
    dwStackSize As UIntPtr,   ' UINT_PTR
    lpStartAddress As IntPtr,   ' LPTHREAD_START_ROUTINE
    lpParameter As IntPtr,   ' void* optional
    dwCreationFlags As UInteger,   ' DWORD
    lpThreadId As IntPtr   ' DWORD* optional, out
) As IntPtr
End Function

' hProcess : HANDLE
' lpThreadAttributes : SECURITY_ATTRIBUTES* optional
' dwStackSize : UINT_PTR
' lpStartAddress : LPTHREAD_START_ROUTINE
' lpParameter : void* optional
' dwCreationFlags : DWORD
' lpThreadId : DWORD* optional, out
Declare PtrSafe Function CreateRemoteThread Lib "kernel32" ( _
    ByVal hProcess As LongPtr, _
    ByVal lpThreadAttributes As LongPtr, _
    ByVal dwStackSize As LongPtr, _
    ByVal lpStartAddress As LongPtr, _
    ByVal lpParameter As LongPtr, _
    ByVal dwCreationFlags As Long, _
    ByVal lpThreadId As LongPtr) As LongPtr
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。

import ctypes
from ctypes import wintypes

CreateRemoteThread = ctypes.windll.kernel32.CreateRemoteThread
CreateRemoteThread.restype = ctypes.c_void_p
CreateRemoteThread.argtypes = [
    wintypes.HANDLE,  # hProcess : HANDLE
    ctypes.c_void_p,  # lpThreadAttributes : SECURITY_ATTRIBUTES* optional
    ctypes.c_size_t,  # dwStackSize : UINT_PTR
    ctypes.c_void_p,  # lpStartAddress : LPTHREAD_START_ROUTINE
    ctypes.POINTER(None),  # lpParameter : void* optional
    wintypes.DWORD,  # dwCreationFlags : DWORD
    ctypes.POINTER(wintypes.DWORD),  # lpThreadId : DWORD* optional, out
]
# GetLastError: use ctypes.GetLastError() (or ctypes.WinDLL(use_last_error=True))

require 'fiddle'
require 'fiddle/import'

lib = Fiddle.dlopen('KERNEL32.dll')
CreateRemoteThread = Fiddle::Function.new(
  lib['CreateRemoteThread'],
  [
    Fiddle::TYPE_VOIDP,  # hProcess : HANDLE
    Fiddle::TYPE_VOIDP,  # lpThreadAttributes : SECURITY_ATTRIBUTES* optional
    Fiddle::TYPE_UINTPTR_T,  # dwStackSize : UINT_PTR
    Fiddle::TYPE_VOIDP,  # lpStartAddress : LPTHREAD_START_ROUTINE
    Fiddle::TYPE_VOIDP,  # lpParameter : void* optional
    -Fiddle::TYPE_INT,  # dwCreationFlags : DWORD
    Fiddle::TYPE_VOIDP,  # lpThreadId : DWORD* optional, out
  ],
  Fiddle::TYPE_VOIDP)

#[link(name = "kernel32")]
extern "system" {
    fn CreateRemoteThread(
        hProcess: *mut core::ffi::c_void,  // HANDLE
        lpThreadAttributes: *mut SECURITY_ATTRIBUTES,  // SECURITY_ATTRIBUTES* optional
        dwStackSize: usize,  // UINT_PTR
        lpStartAddress: *const core::ffi::c_void,  // LPTHREAD_START_ROUTINE
        lpParameter: *mut (),  // void* optional
        dwCreationFlags: u32,  // DWORD
        lpThreadId: *mut u32  // DWORD* optional, out
    ) -> *mut core::ffi::c_void;
}
// crates: windows-sys provides ready-made bindings for this API.

$sig = @"
[DllImport("KERNEL32.dll", SetLastError = true)]
public static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, UIntPtr dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
"@
$api = Add-Type -MemberDefinition $sig -Name 'KERNEL32_CreateRemoteThread' -Namespace Win32 -PassThru
# $api::CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId)

#uselib "KERNEL32.dll"
#func global CreateRemoteThread "CreateRemoteThread" sptr, sptr, sptr, sptr, sptr, sptr, sptr
; CreateRemoteThread hProcess, varptr(lpThreadAttributes), dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, varptr(lpThreadId)   ; 戻り値は stat
; hProcess : HANDLE -> "sptr"
; lpThreadAttributes : SECURITY_ATTRIBUTES* optional -> "sptr"
; dwStackSize : UINT_PTR -> "sptr"
; lpStartAddress : LPTHREAD_START_ROUTINE -> "sptr"
; lpParameter : void* optional -> "sptr"
; dwCreationFlags : DWORD -> "sptr"
; lpThreadId : DWORD* optional, out -> "sptr"
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。

#uselib "KERNEL32.dll"
#cfunc global CreateRemoteThread "CreateRemoteThread" sptr, var, sptr, sptr, sptr, int, var
; res = CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId)
; hProcess : HANDLE -> "sptr"
; lpThreadAttributes : SECURITY_ATTRIBUTES* optional -> "var"
; dwStackSize : UINT_PTR -> "sptr"
; lpStartAddress : LPTHREAD_START_ROUTINE -> "sptr"
; lpParameter : void* optional -> "sptr"
; dwCreationFlags : DWORD -> "int"
; lpThreadId : DWORD* optional, out -> "var"
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。

; HANDLE CreateRemoteThread(HANDLE hProcess, SECURITY_ATTRIBUTES* lpThreadAttributes, UINT_PTR dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, void* lpParameter, DWORD dwCreationFlags, DWORD* lpThreadId)
#uselib "KERNEL32.dll"
#cfunc global CreateRemoteThread "CreateRemoteThread" intptr, var, intptr, intptr, intptr, int, var
; res = CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId)
; hProcess : HANDLE -> "intptr"
; lpThreadAttributes : SECURITY_ATTRIBUTES* optional -> "var"
; dwStackSize : UINT_PTR -> "intptr"
; lpStartAddress : LPTHREAD_START_ROUTINE -> "intptr"
; lpParameter : void* optional -> "intptr"
; dwCreationFlags : DWORD -> "int"
; lpThreadId : DWORD* optional, out -> "var"
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。

import (
	"golang.org/x/sys/windows"
	"unsafe"
)

var (
	kernel32 = windows.NewLazySystemDLL("KERNEL32.dll")
	procCreateRemoteThread = kernel32.NewProc("CreateRemoteThread")
)

// hProcess (HANDLE), lpThreadAttributes (SECURITY_ATTRIBUTES* optional), dwStackSize (UINT_PTR), lpStartAddress (LPTHREAD_START_ROUTINE), lpParameter (void* optional), dwCreationFlags (DWORD), lpThreadId (DWORD* optional, out)
r1, _, err := procCreateRemoteThread.Call(
	uintptr(hProcess),
	uintptr(lpThreadAttributes),
	uintptr(dwStackSize),
	uintptr(lpStartAddress),
	uintptr(lpParameter),
	uintptr(dwCreationFlags),
	uintptr(lpThreadId),
)
_ = err  // syscall.Errno (valid when the call sets last-error)
_ = r1   // HANDLE

function CreateRemoteThread(
  hProcess: THandle;   // HANDLE
  lpThreadAttributes: Pointer;   // SECURITY_ATTRIBUTES* optional
  dwStackSize: NativeUInt;   // UINT_PTR
  lpStartAddress: Pointer;   // LPTHREAD_START_ROUTINE
  lpParameter: Pointer;   // void* optional
  dwCreationFlags: DWORD;   // DWORD
  lpThreadId: Pointer   // DWORD* optional, out
): THandle; stdcall;
  external 'KERNEL32.dll' name 'CreateRemoteThread';

result := DllCall("KERNEL32\CreateRemoteThread"
    , "Ptr", hProcess   ; HANDLE
    , "Ptr", lpThreadAttributes   ; SECURITY_ATTRIBUTES* optional
    , "UPtr", dwStackSize   ; UINT_PTR
    , "Ptr", lpStartAddress   ; LPTHREAD_START_ROUTINE
    , "Ptr", lpParameter   ; void* optional
    , "UInt", dwCreationFlags   ; DWORD
    , "Ptr", lpThreadId   ; DWORD* optional, out
    , "Ptr")   ; return: HANDLE

●CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId) = DLL("KERNEL32.dll", "void* CreateRemoteThread(void*, void*, int, void*, void*, dword, void*)")
# 呼び出し: CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId)
# hProcess : HANDLE -> "void*"
# lpThreadAttributes : SECURITY_ATTRIBUTES* optional -> "void*"
# dwStackSize : UINT_PTR -> "int"
# lpStartAddress : LPTHREAD_START_ROUTINE -> "void*"
# lpParameter : void* optional -> "void*"
# dwCreationFlags : DWORD -> "dword"
# lpThreadId : DWORD* optional, out -> "void*"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。