Place generated code in a native dll

Feb 13, 2014 at 8:59 PM
I really like your library and I want to make more use of it. I have found the communication approach with .NET Remoting too slow and dangerous. Instead I do directly write ETW events to track the method arguments to e.g. MapViewOfFile and UnmapViewOfFile and let ETW do the stack walking. This makes it extremely easy to create a watcher application which injects to strategic APIs where the application is having some handle (Font, File Mapping, Bitmap, Window, ....) leakage to track down who is allocating but never releasing a handle.

This works perfectly under Windows 7 for 32-bit processes but due to a bug in the ETW x64 stack walker of Windows it stops walking the stack when a stack frame is found which is not inside the bounds of a dll.

Would it be much work to place your code in a empty dll to trick Windows into walking x64 stacks? This is solved in Windows 8 where everything does work. But there are still many Windows 7 machines out there.

I did basically this:
which is an ultra fast and save way to get data out of a hooked process with Minimum hassle and configurable call stacks if you need them.

Alois Kraus