Probably the startup process:
1, start LDR
2, CreateProcess Kyodai.exe Suspend
3, CREATEEVENT
4, Inject DLL
5, Wait Event
6, ResumeProcess
7, Show Dialog
DLL tasks and workflows:
1, by incject to the target process
2, hook code, set the jump to your own function
3, set event to make the LDR to make the program resume
4. After the program is running, come to his hook code, get the Map stored pointer, save, restore the original code, and run back to the original position to continue
