Originally when ntosebpfext was created, there was a pretty low limit on the number of characters that could be marshalled through, so the strings from the kernel were converted to UTF-8 to pack more characters into the limited space. But, with the recent PR (#76), we're now able to marshal much longer strings. Rather than convert them to UTF-8, only to re-convert back to UTF-16 in user mode in many cases, we just pass the UTF-16 string the whole way through.
This reduces 2 string allocations during process create events as a happy little perf side-effect.
Description
Originally when
ntosebpfextwas created, there was a pretty low limit on the number of characters that could be marshalled through, so the strings from the kernel were converted to UTF-8 to pack more characters into the limited space. But, with the recent PR (#76), we're now able to marshal much longer strings. Rather than convert them to UTF-8, only to re-convert back to UTF-16 in user mode in many cases, we just pass the UTF-16 string the whole way through.This reduces 2 string allocations during process create events as a happy little perf side-effect.
Testing
I ran the existing tests locally.
Documentation
No doc updates needed.
Installation
No installer impact.