Home/ Questions/Q 7747937
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T10:39:17+00:00

I’m working on a Memory Scanner, but the scan is so slow.. can anybody

  • 0

I’m working on a Memory Scanner, but the scan is so slow.. can anybody help-me improve it?

procedure FirstScan(scantype, scanvalue: string);
var
 value :integer;
 dwEndAddr : dword;
 i:dword;
 mbi : TMemoryBasicInformation;
begin
  while (VirtualQuery(Pointer(DWORD(mbi.BaseAddress) + MBI.RegionSize), MBI, SizeOf(MEMORY_BASIC_INFORMATION))=SizeOf(TMemoryBasicInformation)) do begin
   if (MBI.State = MEM_COMMIT) and (MBI.Protect = PAGE_READWRITE) then begin
    dwEndAddr := DWORD(mbi.BaseAddress) + MBI.RegionSize;
     for i := DWORD(MBI.BaseAddress) to (dwEndAddr - 1 - sizeof(DWORD)) do begin
      Application.ProcessMessages;
      try
       if scantype = '1 Byte' then begin
        value := PBYTE(i)^;
        if scanvalue = IntToStr(value) then ListBox1.Items.Add(IntToHex(i,8));
       end;
       //others scantypes here...
      except
       Break;
      end;
     end;
   end; 
  end;
end;

I’ve learned that I need to read 4096 byte pages at a time then store those in memory and do operations on it, until I need a new page then get another 4096 byte page…

But I don’t know how can I do that…

Can anybody help-me? The code can be in C or C++…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To make slow code fast, there are a few things you can do. First, make sure your code is correct. Wrong results are still wrong results, even if you get them quickly. To that end, make sure that when you call VirtualQuery, you’re passing in valid values for all the parameters. At that start of this function mbi is uninitialized, so the result of DWORD(mbi.BaseAddress) + MBI.RegionSize will be who-knows-what.

    Once you have correctly working code, there are two ways to make it faster:

    1. Find the slow parts and make them fast. To do this right, you need a profiler. A profiler will observe your program as it runs, and then tell you what percentage of time your program spent executing each part. That tells you where to focus your efforts.

    2. Replace slow algorithms with faster algorithms. This might mean throwing away the entire function, or it might mean fixing just certain parts of the code.

    For example, profiling might show that you spend a lot of time call ProcessMessages. You can’t really make that function any faster since it’s part of the VCL, but you can call it less often. You might even find that you don’t need to call it at all, if the thread you’re running this code on isn’t expected to receive any messages that need processing.

    Profiling might show that you’re spending a lot of time doing string comparisons. If the starts of your strings are frequently equal, and usually only differ at the end, then you might wish to change your string-comparison algorithm to start comparing strings at the last character instead of the first.

    Profiling might show that you’re spending a lot of time converting integers into strings before you compare them. Most programming languages support comparing integers directly, so instead of using a string-comparing algorithm, you could try using an integer-comparing algorithm instead. You could convert scanvalue to an integer with StrToInt(scanvalue) and compare it directly to value.

    Profiling might show that you’re repeatedly calculating the same result from the same input. If a value doesn’t change over some portion of a program, then values calculated from it won’t change, either. You can reduce the cost of converting values by doing it only when a value has changed. For example, if you do integer comparisons, then you’ll probably find that the integer version of scanvalue doesn’t change in your function. You could convert scanvalue to an integer once at the start of the function, and then compare value to that inside the loop instead of calling StrToInt(scanvalue) lots of times.

    • 0