search

rdbo / libmem

Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64/ARM/ARM64) (DLL/SO Injection) (Internal/External) (Assembler/Disassembler)
GNU Affero General Public License v3.0
784 stars 91 forks source link

Add process creation timestamp on lm_process_t #84

Closed rdbo closed 1 year ago

rdbo commented 1 year ago

Why do this? Because then it would be easy to detect PID collision. After all, two processes can't have the same PID and timestamp, that would not be possible.

On Windows, you can get a process timestamp using GetProcessTimes and on Linux you can parse /proc/<pid>/stat and get the creation time.

Mrhyuan commented 1 year ago

Hey rdbo, I was wondering if you could add a function to your library that retrieves the main thread ID by using similar way for threads. (You can use the GetThreadTimes function on Windows and the /proc//task//stat file on Linux to compare the execution time of all threads and determine the main thread by finding the thread with the highest execution time.) It would be really helpful. Thanks!

rdbo commented 1 year ago

Hey rdbo, I was wondering if you could add a function to your library that retrieves the main thread ID by using similar way for threads. (You can use the GetThreadTimes function on Windows and the /proc//task//stat file on Linux to compare the execution time of all threads and determine the main thread by finding the thread with the highest execution time.) It would be really helpful. Thanks!

Sounds interesting, although I would guess the main thread would be the parent of all the other threads, right?

rdbo commented 1 year ago

Hey rdbo, I was wondering if you could add a function to your library that retrieves the main thread ID by using similar way for threads. (You can use the GetThreadTimes function on Windows and the /proc//task//stat file on Linux to compare the execution time of all threads and determine the main thread by finding the thread with the highest execution time.) It would be really helpful. Thanks!

Sounds interesting, although I would guess the main thread would be the parent of all the other threads, right?

This would be for Linux at least, I'm not sure how this would play on Windows (I don't think threads are separate processes on Windows, so maybe your method would work)

Mrhyuan commented 1 year ago

I understand what you're saying about the main thread being the parent of all other threads on Linux. However, I have used the method I suggested (using the GetThreadTimes function on Windows) before and it worked well to determine the main thread. I'm not as familiar with how it applies to Linux, but it may be worth exploring as an option to find the effective way.

rdbo commented 1 year ago

Added process time stamp: 546cb4d9d2b33591c6aaae6e03ab567cccb1f9ce and ef88f8f052f228168f12f325856fe1415b551f7c Issue for thread times moved to #126