A C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.
But I found that the Execute is terribly slow compared to my previous code, showed here :
// Note that the asm code used is a tiny bit different. Since I can't
// automatically read the result with I can with Execute, the asm code
// writes the result in getflagfunmem.BaseAddress + 0x404 instead
safeHandle.Write(getflagfunmem.BaseAddress + 0x400, eventID, false);
IntPtr newThreadHook = (IntPtr)CreateRemoteThread(safeHandle.Handle, 0, 0, (int)getflagfunmem.BaseAddress, 0, 0, 0);
WaitForSingleObject(newThreadHook, 0xFFFFFFFFU);
CloseHandle(newThreadHook);
int flags = safeHandle.Read<int>(getflagfunmem.BaseAddress + 0x404, false);
And as you can see from the Execution times (in ms), the Execute code :
Flags function called 709 times, average duration : 5.46240267983074
Flags function called 709 times, average duration : 5.70936375176305
Is much slower than my own code, using Kernel calls :
Flags function called 709 times, average duration : 0.186416502115656
Flags function called 709 times, average duration : 0.187183215796897
I tried using MemorySharp to replace some dirty code I was using to Execute assembly from the memory.
First allocates the memory like this :
And then call it later on like this :
But I found that the Execute is terribly slow compared to my previous code, showed here :
And as you can see from the Execution times (in ms), the Execute code :
Is much slower than my own code, using Kernel calls :