Consider reducing API back to PIDs only (?)

rdbo / libmem

Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64/ARM/ARM64) (DLL/SO Injection) (Internal/External) (Assembler/Disassembler)

GNU Affero General Public License v3.0

784 stars 91 forks source link

Consider reducing API back to PIDs only (?) #67

Closed rdbo closed 1 year ago

rdbo commented 1 year ago

On *nix, all the information you need to handle any process in libmem is its PID. On Windows, this kind of is the case too. The difference is that on Windows, most API calls require a process handle (that's the only reason why you have to LM_OpenProcess and LM_CloseProcess, because the handle gets saved in lm_process_t). I'm not sure if it would be a good idea, but it is possible to open handles at any time if you have the PID. That would make you able to just get the process ID, and not have to Open/Close the process. The downside is that opening and closing handles for every single API call might not be very efficient. This is something to consider, but I'm not sure what to do at the moment. Any feedback would be welcome.

rdbo commented 1 year ago

If this is a bad idea, then maybe it's also a bad idea to keep getting the module path everytime instead of storing it... This can be broken down basically into simplicity vs efficiency. The sole purpose of libmem is to provide a simple API for process hacking and other stuff. But how inefficient would it become if I did this? I'm not sure.

rdbo commented 1 year ago

Pros:

The API will become simpler (which is the sole purpose of libmem in the first place)
Some API calls will still work with the handle of a dead process. Opening a dead process would just return an invalid handle

Cons:

Opening new handles for every Windows API call (expensive)
Another process with the same PID might spawn in the mean time (this is also an unresolved problem on Linux)

Now I have to weigh which of these will bring more benefits to libmem

rdbo commented 1 year ago

I don't think performance is one of the big features of libmem. It's main purpose is being simple and cross platform. If you were looking for something extremely fast that only needs to work on Windows, there might be another library.

rdbo commented 1 year ago

Aparently, opening a dead process will not return an invalid handle: From: https://devblogs.microsoft.com/oldnewthing/20110107-00/?p=11803

What happens if somebody calls OpenProcess on a zombie process?
The same thing that happens if they call it on a running process:
They get a handle to the process. Why would you want to get a handle
to a zombie process? Well, you might not know that it’s a zombie yet;
you’re getting the handle so you can call WaitForSingleObject to see if
it has exited yet. Or you might get the handle, knowing that it’s a zombie,
because you want to call GetExitCodeProcess to see what the exit code was.

rdbo commented 1 year ago

If this API will stay, at the very least I should implement a check for GetExitCodeProcess on LM_VALID_PROCESS or something

rdbo commented 1 year ago

Done: from 83dae2ae0523cd8ba5ccf335a5d23e8b2a6f257d to 3576b901c48dba4d9fa8406a7f7c68c6f97ef1a6