1.安装VS编译器

2.编写方法代码

static 
HMODULE WINAPI ThreadProc(PTHREAD_DATA pThreadData)
{
    pThreadData->RtlInitUnicodeString(&pThreadData->UnicodeString, pThreadData->DllName);
    pThreadData->LdrLoadDll(pThreadData->DllPath, pThreadData->Flags, &pThreadData->UnicodeString, &pThreadData->ModuleHandle);
    return pThreadData->ModuleHandle;
}
int main(int argc, char ** argv)
{
    printf("0x%X\n", ThreadProc);//注意这行打印，没有的话，编译器可能会将函数优化到调用里面去
}

3.配置编译选项（X64/X86）

配置为DEBUG编译选项：

General --  设置Whole Program Optimization为No Whole Program Optimization;

C++->General -- 设置SDL checks为No (/sdl-);

C++->Optimization -- 设置Whole Program Optimization为No;

C++->Code Generation -- 设置Security Check为Disable Security Check (/GS-);

C++->Output Files -- 设置Assembler Output为Assembly, Machine Code and Source (/FAcs);

5.编译可执行文件(X64/X86)

6.调试执行

a.右键跳转到汇编Go To Disassembly

b.继续右键选中Show Address\Show Source Code\Show Code Bytes\Show Symbol Names

找到对应的函数代码段，并进行转换保存。

BYTE X86CODEDATA[] = {
		'\x55',                                     //push    ebp
		'\x8B','\xEC',                              //mov     ebp, esp
		'\x53',                                     //push    ebx
		'\x8B','\x5D','\x08',                       //mov     ebx, [ebp+arg_0]
		'\x56',                                     //push    esi
		'\x57',                                     //push    edi
		'\x8D','\x43','\x10',                       //lea     eax, [ebx+10h]
		'\x50',                                     //push    eax
		'\x8B','\x03',                              //mov     eax, [ebx]
		'\x8D','\x73','\x08',                       //lea     esi, [ebx+8]
		'\x56',                                     //push    esi
		'\xFF','\xD0',                              //call    eax
		'\x8B','\x4B','\x04',                       //mov     ecx, [ebx+4]
		'\x8D','\xBB','\x20','\x02','\x00','\x00',  //lea     edi, [ebx+220h]
		'\x57',                                     //push    edi
		'\x56',                                     //push    esi
		'\xFF','\xB3','\x1C','\x02','\x00','\x00',  //push    dword ptr [ebx+21Ch]
		'\xFF','\xB3','\x18','\x02','\x00','\x00',  //push    dword ptr [ebx+218h]
		'\xFF','\xD1',                              //call    ecx
		'\x8B','\x07',                              //mov     eax, [edi]
		'\x5F',                                     //pop     edi
		'\x5E',                                     //pop     esi
		'\x5B',                                     //pop     ebx
		'\x5D',                                     //pop     ebp
		'\xC2','\x04','\x00',                       //retn    4
		};
BYTE X64CODEDATA[] = {
		'\x48','\x89','\x5C','\x24','\x08',					//mov[rsp + arg_0], rbx
		'\x48','\x89','\x74','\x24','\x10',					//mov[rsp + arg_8], rsi
		'\x57',												//push    rdi
		'\x48','\x83','\xEC','\x20',						//sub     rsp, 20h
		'\x48','\x8B','\xF1',								//mov     rsi, rcx
		'\x48','\x8D','\x51','\x20',						//lea     rdx,[rcx + 20h]
		'\x48','\x83','\xC1','\x10',						//add     rcx, 10h
		'\xFF','\x16',										//call    qword ptr[rsi]
		'\x8B','\x96','\x30','\x02','\x00','\x00',			//mov     edx,[rsi + 230h]
		'\x4C','\x8D','\x8E','\x38','\x02','\x00','\x00',	//lea     r9,[rsi + 238h]
		'\x48','\x8B','\x8E','\x28','\x02','\x00','\x00',	//mov     rcx,[rsi + 228h]
		'\x4C','\x8D','\x46','\x10',						//lea     r8,[rsi + 10h]
		'\xFF','\x56','\x08',								//call    qword ptr[rsi + 8]
		'\x48','\x8B','\x86','\x38','\x02','\x00','\x00',	//mov     rax,[rsi + 238h]
		'\x48','\x8B','\x74','\x24','\x38',					//mov     rsi,[rsp + 28h + arg_8]
		'\x48','\x8B','\x5C','\x24','\x30',					//mov     rbx,[rsp + 28h + arg_0]
		'\x48','\x83','\xC4','\x20',						//add     rsp, 20h
		'\x5F',												//pop     rdi
		'\xC3',												//retn
		};

万事大吉！