On Tue Mar 5 16:09:41 2024 +0000, Paul Gofman wrote:
Am still a bit hesitant to not querying first, at least the
performance measurements seem to indicate a noticeable difference between WriteProcessMemory and NtWriteVirtualMemory on Windows in the “normal” case (this could be as well due to Windows unconditionally flushing the instruction cache though). Are you saying that it is slower on Windows? Is that on ARM only probably? Can't imagine that being quicker on Linux / x86, with two server call roundtrips.
Slower on x86 Windows, haven’t tested ARM there yet, but would be interesting for comparison, especially since the flush should be no-op on x86.
In the inter-process case server round trip will be most likely the dominant factor as you said, but not too sure if performance regressions are too critical there, was more concerned about the intra-process case, where querying is fairly cheap.
IIRC some hooking frameworks use these APIs on themselves to “safely” read/write memory, but yeah letting it fail and unconditionally flush, would not be a performance regression on x86 in the normal case I think. Will do some testing on that.