Add HookAnalyzer Logic

[IronHammer-Std]

Context

See Phobos PR #2201

NOTE

all the flags are temporarily stored in the SyringeDebugger class, and maybe we need to move it to another subclass.
HookAnalyzer class is moved from SyringeIH here as it was except a few translations.
HookAnalyzer::ReportNDJSON is not yet implemented until we import a JSON library,and I place the function here just as Kerbiter's wish.
some of the flags are set to default because the coupled components are not here in SyringeEx, so now every hook are set to be shown in the hook analysis.

New & Enhanced Logic :

Components (1) :
HookAnalyzer

New Flags (8) :

    bool bDryRun{ false };
    bool bGenerateINJ{ false };
    bool bReportLOG{ false };
    bool bReportJSON{ false };
    bool bDetectConflict{ false };
    bool bShowHookConflictPopup{ false };
    bool bReportLogByAddress{ true };
    bool bReportLogByLibrary{ true };

Launch Arguments (8) :

--dryrun : run syringe without launching game.
--generate-inj : generate INJ files and place them in .\INJ folder
--report-log : generate a HookAnalysis.log, as it functions in SyringeIH but in English
--no-by-address : Disable the "By Address" part in HookAnalysis.log.
--no-by-library : Disable the "By Library" part in HookAnalysis.log.
--report-json : generate a HookAnalysis.json TODO
--detect-conflict : Detect hook conflict and output to Syringe.log, as it functions in SyringeIH but in English
--show-hook-conflict-popup : Show a popup when --detect-conflict is enabled and a conflict is detected.

In the dry run mode all other 7 flags are available.

[ZivDero]

Can you elaborate on what this does?
--detect-conflict seems straghtforward and useful for cross-library problems.
But it's unclear what any of the rest is.

[IronHammer-Std]

OK let me explain the rest flags.
the design simply copies SyringeIH and most of the design reserved.

Dry Run Mode --dryrun

The dry-run mode is a new one.
It came from a request of Kerbiter which simply run the analysis without starting the game
It collects hook data from DLLs, performs selected analyses, then output results and exit.

Generate INJ File --generate-inj

This calls GenerateINJ() to export all recognized hooks into standard INJ files (like ares.dll.inj) under the .\INJ folder.
Maybe useful for backing up hook configurations or migrating to other tools that read the INJ format.

Hook Analysis Report --report-log/--no-by-address/--no-by-library

Produces a HookAnalysis.log file (in English, equivalent to SyringeIH's HookAnalysis.log). By default, it includes both "By Address" and "By Library" sections. (See Phobos PR #2201, TaranDahl's SKILL.md depend on this log) You can also use --no-by-address and --no-by-library to selectively disable either section.

Hook Analysis in NDJSON ( TODO ) --report-json

Reserved flag for generating a HookAnalysis.json in the future NDJSON format requested by Kerbiter. Implementation is pending the integration of a JSON library.

--detect-conflict/--show-hook-conflict-popup

When --detect-conflict is active, this flag also shows a message box warning the user about any detected conflicts when enabled.

[Metadorius]

why do we need to write this in a separate log other than syringe.log?

[Metadorius]

what's the INJ generation for? is there some other tool that uses INJ files, or what's the premise for it?

[Metadorius]

is it a slow operation? is there a reason to make it optional?

I would expect the conflict detection to be always on and outputting to syringe.log

[Metadorius]

does this output all hooks or only conflicts? I would expect only conflicts to be outputted, and I feel like they should always be sorted by address? not sure how the by DLL one functions, since the conflicts can (and will) be cross-dll. do we even need any sorting modes?

[IronHammer-Std]

OK let me explain :

Sorry to say that I did not redesign the hook analysis module so there might be something that didnt meet your expectations.
If you think these changes are needed, I will make a new commit for it.
Another thing is that what JSON library should we import ?
the NDJSON format output won't be there until a JSON library is chosen.

Details :

1.

why do we need to write this in a separate log other than syringe.log?

of course we can if you think this is necessary. If you want a why, it is just as it was.
If you think it should be in Syringe.log, we can change the target.

2.

what's the INJ generation for? is there some other tool that uses INJ files, or what's the premise for it?
For there was a INJ generation function.
If you think this is meaningless, a removal will be considered.

3.

is it a slow operation? is there a reason to make it optional?

I would expect the conflict detection to be always on and outputting to syringe.log

I'm sorry to say that again but it is optional because it was optional.
It's OK to let it enabled all the time.

4.

does this output all hooks or only conflicts? I would expect only conflicts to be outputted, and I feel like they should always be sorted by address? not sure how the by DLL one functions, since the conflicts can (and will) be cross-dll. do we even need any sorting modes?

this ReportLOG function is not the thing that detects conflicts.
there should be flags to control the range that ReportLOG outputs, however it isn't here.
" by DLL "just output these hooks DLL after DLL.
Sorting modes are not currently configurable.

[IronHammer-Std]

about --report-log :
Another thing is that TaranDahl's SKILL.md still depends on the HookAnalysis.log now and we need the adjusted logic functions similarly when rewritting it.
It enumerates hooks in the configured range. (still cannot configure it in this PR)
(an output format or output target change is OK)

about --detect-conflict :
Now the result is written in Syringe.log.
also you can change it's format and target.
It detects all cross-dll hook conflicts.

[Metadorius]

No need to be sorry, it's alright.

On 1 and 3 let's do it then (though I wonder if having it always on will impact startup time a lot, have you checked it?);

on 2: I mean I don't mind it in principle, I just wonder what's the specific use case?

on 4, sorry, I didn't understand what you mean. I was asking about the ByAddr and ByLib function, and I was also wondering whether the output is only conflicts or something else too.

[IronHammer-Std]

let --detect-conflict always on .. it seems that there may be a few milliseconds and I need a further benchmark.
Most of the time is used to sort the hooks( see std::sort in the function)
And I will try and give the result.

On 2 : Currently there is no active use case but it was used before though. Besides, it's just another way to output all the hooks in a more familiar format.

On 4 : ByAddr and ByLib not only output the conflicts. They are independent of conflict detection.
In this PR, they just output all the hooks sorted by addresses and libraries respectively.
for these two arguments , they affects the behavior of --report-log flag.
ByAddr and ByLib should be enabled for various ranges but I haven't implemented these ranges in this repo because the config component is not here.

[IronHammer-Std]

I just try to measure the time cost of function HookAnalyzer::HasHookConflict.

Status Log:

[19:54:31] SyringeDebugger::FindDLLs: Recognized DLL: "Ares.dll"
[19:54:31] SyringeDebugger::Handshake: Skipping handshake for DLL: "Ares.dll"
[19:54:31] SyringeDebugger::FindDLLs: Recognized DLL: "d3d9.dll"
[19:54:31] SyringeDebugger::Handshake: Skipping handshake for DLL: "d3d9.dll"
[19:54:31] SyringeDebugger::FindDLLs: Recognized DLL: "IHCore.dll"
[19:54:31] SyringeDebugger::Handshake: Skipping handshake for DLL: "IHCore.dll"
[19:54:31] SyringeDebugger::FindDLLs: Recognized DLL: "Phobos.dll"
[19:54:31] SyringeDebugger::Handshake: Skipping handshake for DLL: "Phobos.dll"
[19:54:31] SyringeDebugger::FindDLLs: Recognized DLL: "SIWinterIsComing_LTS#196_0.dll"
[19:54:31] SyringeDebugger::Handshake: Skipping handshake for DLL: "SIWinterIsComing_LTS#196_0.dll"
[19:54:31] SyringeDebugger::FindDLLs: Done (4136 hooks added).

Conflicts detected:

[19:54:31] Hook Conflict Detected:
[19:54:31] Hook"INIClass_Parse_IniSectionIncludes_CopySection2", At 0x00525E44, From"Ares.dll", 7 Bytes Overridden

[19:54:31] Hook"IniSectionIncludes_CopySection1", At 0x00525E47, From"d3d9.dll", 6 Bytes Overridden

[19:54:31] Hook Conflict Detected:
[19:54:31] Hook"_LoadRA2MD", At 0x006BC0CC, From"d3d9.dll", 6 Bytes Overridden

[19:54:31] Hook"LoadRA2MD", At 0x006BC0CD, From"Ares.dll", 5 Bytes Overridden

[19:54:31] Hook"ECInitialize", At 0x006BC0CD, From"IHCore.dll", 5 Bytes Overridden

[19:54:31] Hook Conflict Detected:
[19:54:31] Hook"TacticalClass_DrawRadialIndicators_WeaponRange", At 0x006DBE63, From"Phobos.dll", 6 Bytes Overridden

[19:54:31] Hook"SITacticalClass_DrawRadialIndicators_WeaponRange_2", At 0x006DBE68, From"SIWinterIsComing_LTS#196_0.dll", 7 Bytes Overridden

[19:54:31] Hook Conflict Detected:
[19:54:31] Hook"TacticalClass_DrawRadialIndicators_WeaponRange", At 0x006DC18E, From"Phobos.dll", 6 Bytes Overridden

[19:54:31] Hook"SITacticalClass_DrawRadialIndicators_WeaponRange_1", At 0x006DC193, From"SIWinterIsComing_LTS#196_0.dll", 7 Bytes Overridden

[19:54:31] Hook Conflict Detected:
[19:54:31] Hook"TechnoClass_EvalThreatRating", At 0x0070CF45, From"Ares.dll", 11 Bytes Overridden

[19:54:31] Hook"Verses_fmul_2", At 0x0070CF49, From"d3d9.dll", 7 Bytes Overridden

Time (in nanoseconds) :
Count : 1000
Average : 587976.8
Maximum : 2477700
Minimum : 406800
StandardDeviation: 182907.5
Median: 549400
P99: 949500

We can consider that the time cost is no more than 1 millisecond.

[IronHammer-Std]

OK 1 and 3 complete.
Now hook analysis result will output to Syringe.log rather than HookAnalysis.log
And hook conflict detection is always on, the flag --detect-conflict is removed

If there is no separate log, I think we should act quicker for a NDJSON format.