Throughput issues with Easyhook and remoting

Nov 29, 2012 at 9:51 AM

Hi All,

First thing, congratulations on a very fine project. I've found Easyhook very useful and reliable method of hooking all manner of native APIs.

Now my issue:

I am using Easyhook 2.6 (I am stuck with VS2008 unfortunately), and am hooking a number of API calls in an application that makes those calls several thousand times a second. Originally I was using Easyhook 'as is' i.e. creating a remoting interface and allowing it to be called by my hooked process. Unfortunately however the speed of update and the resulting throughput was not fast enough for the client to receive information without an appreciable visual lag.

I did some profiling, and it seems that for every call to:

RemoteHooking.IpcCreateServer<T>() & RemoteHooking.Inject()

Easyhook somewhere, creates 2 threads, 1 of which is very high priority and spends a large amount of time waiting on:

IpcPort.WaitForConnect()

 

Looking at Easyhook code, it seems to me that this thread and the channel it listens on is primarily used to inject the user code into the remote process and then later used for communication with the RemoteInterface.

As a comparison, I wrote some code using NamedPipeServerStream (and ClientStream), to see if the throughput would improve. Visibly this did the trick: as soon as an API call is made I almost immediately receive the information I need in my client process - happy days :)

Unfortunately the two threads mentioned above still get created as I call IpcCreateServer & RemoteHooking.Inject() to get my code into the target process. During profiling, I note that they take up a proportionate amount of CPU time (i.e. with 4 threads in my client process 25%), is devoted to listening on the IPC port.

I'd really like some method of closing that thread and releasing it's resources so my client process can concentrate on receiving and processing messages received on PipeStream instead. But I can't find a non-dangerous way of doing it easily.

So before I dive into Easyhook code and the guts of .NET Remoting, is there anyone here that has done this kind of thing before me? Am I even using the right method to achieve higher throughput or is there something obvious I am missing.

 

Hope this was clear and thanks in advance...