Replace Live Game Scanner with Procmon or Something Similar

[SinisterLuffy5]

Live Game Scanner is too slow and unreliable at times. Procmon is not only way faster in getting file paths but can also get the obscure ones. The only issue is that It might also grab stuff unrelated to a map as well. You just need to filter the results given from the program.

Link to tool: https://learn.microsoft.com/en-us/sysinternals/downloads/procmon How it can be used: https://web.archive.org/web/20231201201948/https://www.hiveworkshop.com/threads/poc-reforged-mpq-name-scanner.351760/

[speige]

I believe this is exactly what I'm doing except instead of using ProcMon as an external app, I re-coded it directly inside WC3MapDeprotector.

I'm using WC3's "Allow local files" registry setting. I'm using this API from Microsoft for monitoring hard drive access: Microsoft.Diagnostics.Tracing.Session.TraceEventSession

I'd love to improve it if it's not working correctly or if there's a better way.

Can you give me an example of a map & unknown file that can be discovered via procmon & https://web.archive.org/web/20231201201948/https://www.hiveworkshop.com/threads/poc-reforged-mpq-name-scanner.351760 which is not found by "Live Game Scanner" of WC3MapDeprotector? Also, tell me if there's something specific I need to click inside the map to get the unknown file to load from disk. (Select a unit, enter a dungeon, etc)

Having this example would help me troubleshoot why WC3MapDeprotector is failing to discover the unknown file.

[SinisterLuffy5]

It is not really an issue with certain maps. It is just that Live Game Scanner is incredibly slow in general. I could be playing around for hours on end just to get the path for a file. With ProcMon, you just need to run the map in game, and it will fetch the paths for a whole bunch of files without doing much of anything. You don't even need to play the game really. That is why I think you should integrate a tool like ProcMon and then strip the results it gives.

[speige]

I understand exactly what you're saying. however, I need proof so I can fix it.

Live game scanner in my app already does use the same technology as procmon. It should produce the same result.

The reason live game scanner is slow & rarely finds files is because it's the last step of the deprotector and most files have already been discovered. For example, in a theoretical map maybe there are 1000 files, 990 are discovered by deprotector before live scanner, the last 10 are never found even by live scanner because they're probably not used. Procmon would also find 990 and not find the last 10.

Can you give me proof of 1 unknown file that is found by procmon but is unknown by my tool? I need this to help me research how to fix the bug because they should be the same.