For a few hours last night,I was trying to give my process more privileges to see if I could in fact write to other processes in memory.
I realised today that I would probably have to use VirtualProtectEx to un-protect atleast 2 pages of protected memory in most of the processes.
However,while I was trying to open some system process using OpenProcess for PROCESS_VM_OPERATION,it failed.
Using OpenProcessToken and adjusting the privileges didn't seem to make a difference.
But it is said to work on others..maybe this was an earlier build of win2k than mine.
I don't know how to run code in another process,but yes, its possible to run Threads if you have enough access to the process,you allocate memory using VirtualAlloc on the process you want to use,copy your code to that allocated memory and use CreateRemoteThread.
There is a way on Windows 9x to hide any process not only from the Task Manager using RegisterServiceProcess but from the system itself by hooking Process32First/Process32Next API's
I don't know how to do the latter,but a coder called Vecna demonstrates it in a program he wrote,I haven't been able to test it.
Vecnas site is down at the moment,so I can't provide a link.
I was playing with SetWindowsHookEx yesterday to do a global keyboard hook and log to a file.
I didn't get it to work yet,I'm still playing with it.
There are ways to hide listening sockets from netstat probably on Win9x in the same way you would hiding processes,I haven't really looked into that.
I did see an easy way to get files from other computers over the network,like from a www/ftp server using API's from WININET.DLL
Disassemble it,or any DLL file for that matter,and you'll see loads of API's
Then go to http://msdn.microsoft.com/
and search for them,you might find out how they work,alot easier than using BSD sockets,it you only require www/ftp connection.