I really like your library and I want to make more use of it. I have found the communication approach with .NET Remoting too slow and dangerous. Instead I do directly write ETW events to track the method arguments to e.g. MapViewOfFile and UnmapViewOfFile
and let ETW do the stack walking. This makes it extremely easy to create a watcher application which injects to strategic APIs where the application is having some handle (Font, File Mapping, Bitmap, Window, ....) leakage to track down who is allocating but
never releasing a handle.
This works perfectly under Windows 7 for 32-bit processes but due to a bug in the ETW x64 stack walker of Windows it stops walking the stack when a stack frame is found which is not inside the bounds of a dll.
Would it be much work to place your code in a empty dll to trick Windows into walking x64 stacks? This is solved in Windows 8 where everything does work. But there are still many Windows 7 machines out there.
I did basically this:
which is an ultra fast and save way to get data out of a hooked process with Minimum hassle and configurable call stacks if you need them.