Injected DLL can sometimes freeze the game and create zombie processes

[PythonTryHard]

System info: Windows 11 Pro for Workstations, 23H2, build number 22631.3374. Vanilla/Modded: ModEngine2, issue also present in vanilla Elden Ring client Known affected client version: 1.13.1 (regulation 1.13.2) to 1.14.0 (regulation 1.14.1) Known affected commits: c21a886b5022592336eb9d58b0711388bd64dfd9 to 9701ce063143137ce75bfe869d639436119fdc61. Reproducible?: Cannot reliably reproduce.

Details I built from source like so:

1. git clone the repository down.
2. cmake . to generate the SLN files for Visual Studio.
3. Opening top-level EROverlay.sln, set target to Debug.
4. Build solution EROverlay.
5. Copy data to bin/Debug/ output directory.

Without experience dealing with Visual Studio, Windows API, and DLL injection, I opted for print-debugging. Some points of failure has been ruled out (all changes for debugging are non-critical and does not affect core behaviours and logic):

• Injector not working
• Issue in hooking.

Further print-debugging pointed me towards the issue being in void MainThread() itself. It is unclear which part of the main thread causes freezing. By attaching Visual Studio's debugger to eldenring.exe, I observed that when the game freezes, the debug output is flooded with:

Exception thrown at 0x00007FFB19EB53AC in eldenring.exe: Microsoft C++ exception: _com_error at memory location 0x000000AE992FF5D0.
Exception thrown at 0x00007FFB19EB53AC in eldenring.exe: Microsoft C++ exception: _com_error at memory location 0x000000AE95EFE058.
Exception thrown at 0x00007FFB19EB53AC in eldenring.exe: Microsoft C++ exception: _com_error at memory location 0x000000AE95EFE288.
Exception thrown at 0x00007FFB19EB53AC in eldenring.exe: Microsoft C++ exception: _com_error at memory location 0x000000AE95EFE2F0.
Exception thrown at 0x00007FFB19EB53AC in eldenring.exe: Microsoft C++ exception: _com_error at memory location 0x000000AE95EFEDB0.
...

At this point, if I were to close the frozen game client first, then close the debug console associated with the thread, a zombie eldenring.exe is spawned and can be seen in Task Manager. This zombie process cannot be terminated correctly ("Access Denied"). Doing the opposite (closing the associated debug console then the frozen game client) does not. These zombie processes interferes with the injector, forcing me to patch the injector to reliably inject:

diff --git a/injector/main.c b/injector/main.c
index 771c030..d0830eb 100644
--- a/injector/main.c
+++ b/injector/main.c
@@ -13,7 +13,7 @@ DWORD get_process_by_name(const wchar_t *process_name) {
         return -1;

     do {
-        if (lstrcmpiW(proc_entry.szExeFile, process_name) == 0)
+        if (lstrcmpiW(proc_entry.szExeFile, process_name) == 0 && proc_entry.cntThreads > 10)
             return proc_entry.th32ProcessID;
     } while (Process32NextW(proc_list, &proc_entry));

[PythonTryHard]

Note:

• No overlay was used. NVIDIA GeForce Experience's and Discord's overlays have been disabled completely.
• Changing window mode between Fullscreen, Borderless Window, and Windowed does not meaningfully impact the success rate.

[soarqin]

I'd think using injector is not recommended, will update README to notice this later.