BOOL (WINAPI *_CreateProcessInternalW)(DWORD Always01, LPCWSTR lpApplicationName

1. BOOL (WINAPI *_CreateProcessInternalW)(DWORD Always01, LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation, DWORD Always02);
2. BOOL WINAPI CreateProcessInternalWHook(DWORD Always01, LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation, DWORD Always02){
3.     //MessageBoxW(NULL, lpApplicationName, NULL, NULL);
4.     BOOL bResult;
5.     HANDLE hThread;
6.     if(lpCommandLine != NULL && wcsstr(lpCommandLine, L"BlackCipher\.aes")){
7.         bResult = _CreateProcessInternalW(Always01, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, CREATE_SUSPENDED, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation, Always02);
8.         hThread = OpenThread(THREAD_ALL_ACCESS, NULL, lpProcessInformation->dwThreadId);
9.         InjectThisDLL(lpProcessInformation->dwProcessId);
10.         //CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)InjectThisDLL, (void *)lpProcessInformation->dwProcessId, NULL, NULL);
11.        
12.         ResumeThread(hThread);
13.         return bResult;
14.     }
15.     return _CreateProcessInternalW(Always01, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation, Always02);
16. }