AssemblyFactory.Execute is terribly slow #17
Description
I tried using MemorySharp to replace some dirty code I was using to Execute assembly from the memory.
First allocates the memory like this :
// First allocate the memory
RemoteAllocation getflagfunmem = safeHandle.Memory.Allocate(0x8000);
string[] asm =
{
"mov eax, 0x" + (getflagfunmem.BaseAddress + 0x400).ToString("X"),
"mov eax, [eax]",
"push eax",
"call 0x" + Pointers.GET_EVENT_FLAG.ToString("X"),
"ret"
};
safeHandle.Assembly.Inject(asm, getflagfunmem.BaseAddress);And then call it later on like this :
safeHandle.Write(getflagfunmem.BaseAddress + 0x400, eventID, false);
int flags = safeHandle.Assembly.Execute<int>(getflagfunmem.BaseAddress);
return (flags >> 7) == 1;But I found that the Execute is terribly slow compared to my previous code, showed here :
// Note that the asm code used is a tiny bit different. Since I can't
// automatically read the result with I can with Execute, the asm code
// writes the result in getflagfunmem.BaseAddress + 0x404 instead
safeHandle.Write(getflagfunmem.BaseAddress + 0x400, eventID, false);
IntPtr newThreadHook = (IntPtr)CreateRemoteThread(safeHandle.Handle, 0, 0, (int)getflagfunmem.BaseAddress, 0, 0, 0);
WaitForSingleObject(newThreadHook, 0xFFFFFFFFU);
CloseHandle(newThreadHook);
int flags = safeHandle.Read<int>(getflagfunmem.BaseAddress + 0x404, false);And as you can see from the Execution times (in ms), the Execute code :
Flags function called 709 times, average duration : 5.46240267983074
Flags function called 709 times, average duration : 5.70936375176305
Is much slower than my own code, using Kernel calls :
Flags function called 709 times, average duration : 0.186416502115656
Flags function called 709 times, average duration : 0.187183215796897