内存扫描仪始终返回相同的结果 [英] Memory scanner always returning the same results
问题描述
使用此代码,我想扫描速度更快,但是扫描总是返回相同的地址.
With this code I guess the scan was faster, but the scan always return the SAME address.
E.G.:
00123456
00124567
00135478
00145893
00123456 //start repeat
00124567
00135478
00145893
00123456 //start repeat
00124567
00135478
00145893
这是我的程序:
procedure SCANBYTE(value: integer);
var
lpflOldProtect: dword;
s: size_t;
mbi: MEMORY_BASIC_INFORMATION;
SI: SYSTEM_INFO;
lpStartAddress, lpStopAddress: dword;
addr: dword;
i: dword;
begin
GetSystemInfo(si);
lpStartAddress := dword(SI.lpMinimumApplicationAddress);
lpStopAddress := dword(SI.lpMaximumApplicationAddress);
for addr := lpStartAddress to lpStopAddress do begin
S:= VirtualQuery(Pointer(addr), MBI, SizeOf(MEMORY_BASIC_INFORMATION));
if (S=SizeOf(MEMORY_BASIC_INFORMATION)) and (MBI.State = MEM_COMMIT) and (MBI.Type_9 = MEM_PRIVATE) and (MBI.RegionSize>0) and (MBI.Protect = PAGE_READWRITE) then begin
for i := dword(MBI.BaseAddress) to (dword(MBI.BaseAddress) + dword(MBI.RegionSize)) - 4096 do begin
if value = PBYTE(i)^ then ListBox1.Items.Add(IntToHex(i,8));
end;
end;
end;
end;
我猜问题出在最后一个FOR循环中:
I guess the problem is at the last FOR loop:
(...)
for i := dword(MBI.BaseAddress) to (dword(MBI.BaseAddress) + dword(MBI.RegionSize)) - 4096 do begin
(...)
但是我真的不知道. 我该如何解决?
But I really don't know.. How can I solve this?
推荐答案
您可以在从起始地址到结束地址的循环中运行代码.每次循环时,地址addr都会增加 1 . VirtualQuery提供有关整个页面的信息.页面中的所有地址都具有相同的基本地址. 文档告诉您,此值四舍五入向下到下一个页面边界."
You run your code in a loop from the start address to the end address. The address addr increases by 1 each time around the loop. VirtualQuery gives you information about entire pages. All the addresses in a page have the same base address. The documentation tells you, "This value is rounded down to the next page boundary."
仔细观察一下,您应该看到mbi.BaseAddress在外循环的4096次迭代中保持不变(假设4096是页面大小).因此,您要一遍又一遍地重新扫描相同的内存块. (这也可能会解释为什么您的代码运行缓慢.)
Look more closely, and you should see that mbi.BaseAddress remains the same for 4096 iterations of your outer loop (assuming 4096 is the page size). Thus, you're re-scanning the same block of memory over and over again. (That might also explain why your code is slow.)
这篇关于内存扫描仪始终返回相同的结果的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
