From b97dba1f45331decff3f31ec6f708fb6834beabc Mon Sep 17 00:00:00 2001
From: Helz <helzky@proton.me>
Date: Sun, 1 Feb 2026 02:19:16 -0500
Subject: [PATCH] Usermode busy waiting for read and write requests

Replaces blocking WaitForSingleObject calls with busy-wait
polling in SendReadRequest and SendWriteRequest.

Reads use a sentinel value on the destination buffer to detect
completion as soon as MmCopyVirtualMemory overwrites it, before
the kernel even signals KmEvent. Writes spin-poll the event
with zero timeout to avoid thread scheduler wake-up latency.
---
 src/rop_thread/rop_thread.cpp | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/rop_thread/rop_thread.cpp b/src/rop_thread/rop_thread.cpp
index 5038900..9b4cef7 100644
--- a/src/rop_thread/rop_thread.cpp
+++ b/src/rop_thread/rop_thread.cpp
@@ -128,12 +128,23 @@ void RopThreadManager::SendTargetProcessPid(const int TargetPid)
 
 void RopThreadManager::SendReadRequest(const std::uint64_t SourceAddress, const std::uint64_t DestAddress, const std::size_t Size)
 {
+    // spin on dest directly - MmCopyVirtualMemory overwrites this
+    // before the kernel signals KmEvent
+    *reinterpret_cast<volatile std::uint64_t*>(DestAddress) = 0xC0FEBABEC0FEBABE;
+
     SharedMemory->WriteSrcEProcess = SharedMemory->GameEProcess;
     SharedMemory->WriteDstEProcess = SharedMemory->CheatEProcess;
     SharedMemory->WriteSrcAddress = SourceAddress;
     SharedMemory->WriteDstAddress = DestAddress;
     SharedMemory->WriteSize = Size;
-    SendPacket();
+
+    SetEvent(UmEvent);
+
+    volatile std::uint64_t* Dest = reinterpret_cast<volatile std::uint64_t*>(DestAddress);
+    while (*Dest == 0xC0FEBABEC0FEBABE) {}
+
+    // drain the event so it doesn't leak into the next operation
+    WaitForSingleObject(KmEvent, INFINITE);
 }
 
 void RopThreadManager::SendWriteRequest(const std::uint64_t SourceAddress, const std::uint64_t DestAddress, const std::size_t Size)
@@ -143,5 +154,8 @@ void RopThreadManager::SendWriteRequest(const std::uint64_t SourceAddress, const
     SharedMemory->WriteSrcAddress = SourceAddress;
     SharedMemory->WriteDstAddress = DestAddress;
     SharedMemory->WriteSize = Size;
-    SendPacket();
+
+    SetEvent(UmEvent);
+
+    while (WaitForSingleObject(KmEvent, 0) != WAIT_OBJECT_0) {}
 }