There are a couple of cases where plugins load the hooks plugin. The callbacks invoked by hooks significantly slow down panda. We should consider whether loading hooks by default is correct in all cases. Maybe just adding a warning along with a method to disable the use of hooks would be enough - which wouldn't break anything if anyone is relying on the current behavior.

One instance where I'm seeing this is when an osi_linux kernel profile includes the optional parameter task.switch_hook_addr. In my case I got a 4x speed boost by using an updated profile with this parameter commented out.

Another case I'm seeing this is when the wintrospection plugin is loaded. In my case, I didn't need the functionality that wintrospection was leveraging from hooks so I updated wintrospection to not load hooks. This change cut my analysis time by a third.

Wondering if others are affected by either of these issues and may not be aware.