内存扫描仪慢扫描 [英] Memory scanner with a slow scan
问题描述
我在记忆扫描仪的工作,但扫描速度很慢..任何人可以帮助,我改进呢?
I'm working on a Memory Scanner, but the scan is so slow.. can anybody help-me improve it?
procedure FirstScan(scantype, scanvalue: string);
var
value :integer;
dwEndAddr : dword;
i:dword;
mbi : TMemoryBasicInformation;
begin
while (VirtualQuery(Pointer(DWORD(mbi.BaseAddress) + MBI.RegionSize), MBI, SizeOf(MEMORY_BASIC_INFORMATION))=SizeOf(TMemoryBasicInformation)) do begin
if (MBI.State = MEM_COMMIT) and (MBI.Protect = PAGE_READWRITE) then begin
dwEndAddr := DWORD(mbi.BaseAddress) + MBI.RegionSize;
for i := DWORD(MBI.BaseAddress) to (dwEndAddr - 1 - sizeof(DWORD)) do begin
Application.ProcessMessages;
try
if scantype = '1 Byte' then begin
value := PBYTE(i)^;
if scanvalue = IntToStr(value) then ListBox1.Items.Add(IntToHex(i,8));
end;
//others scantypes here...
except
Break;
end;
end;
end;
end;
end;
我已经学会了,我需要一次读4096字节的页,然后存储这些内存和它做的业务,直到我需要一个新的页面,然后再弄4096字节的页...
I've learned that I need to read 4096 byte pages at a time then store those in memory and do operations on it, until I need a new page then get another 4096 byte page...
但我不知道我怎么能做到这一点...
But I don't know how can I do that...
任何人可以帮助,我呢?在code可以在C或C ++ ...
Can anybody help-me? The code can be in C or C++...
推荐答案
要慢做code快,有一些事情可以做。首先,确保你的code是的正确的。结果错了还是错误的结果,即使你很快得到它们。为此,请确保当你调用 VirtualQuery来,你是在有效的值传递所有参数。在此功能 MBI 那开始未初始化,所以 DWORD(mbi.BaseAddress)的结果+ MBI.RegionSize 会是谁也不知道的东西。
To make slow code fast, there are a few things you can do. First, make sure your code is correct. Wrong results are still wrong results, even if you get them quickly. To that end, make sure that when you call VirtualQuery, you're passing in valid values for all the parameters. At that start of this function mbi is uninitialized, so the result of DWORD(mbi.BaseAddress) + MBI.RegionSize will be who-knows-what.
一旦你正常工作code,有两种方式,使其更快:
Once you have correctly working code, there are two ways to make it faster:
-
查找缓慢的部分,让他们快。要做到这一点吧,你需要一个分析器。因为它运行一个分析器会观察你的程序,然后告诉你什么时间的百分比程序花费在执行每一个部分。这告诉你在哪里集中你的努力。
Find the slow parts and make them fast. To do this right, you need a profiler. A profiler will observe your program as it runs, and then tell you what percentage of time your program spent executing each part. That tells you where to focus your efforts.
有更快的算法替换缓慢算法。这可能意味着丢掉整函数,或者它可能意味着固定code的特定部分。
Replace slow algorithms with faster algorithms. This might mean throwing away the entire function, or it might mean fixing just certain parts of the code.
例如,分析可能显示你花了很多时间呼叫 ProcessMessages 的。你不能真正使该项职能的更快,因为它是VCL的一部分,但你的可以的较少调用它。你甚至可能会发现,你并不需要在所有调用它,如果线程你运行的是不是有望获得需要处理的任何消息这code。
For example, profiling might show that you spend a lot of time call ProcessMessages. You can't really make that function any faster since it's part of the VCL, but you can call it less often. You might even find that you don't need to call it at all, if the thread you're running this code on isn't expected to receive any messages that need processing.
剖析可能表明你花了很多时间做字符串比较。如果启动的你的字符串经常平等的,通常只在月底有所不同,那么你可能想改变你的字符串比较算法,开始在最后一个字符,而不是第一个比较字符串。
Profiling might show that you're spending a lot of time doing string comparisons. If the starts of your strings are frequently equal, and usually only differ at the end, then you might wish to change your string-comparison algorithm to start comparing strings at the last character instead of the first.
剖析可能表明你花了很多时间转换成整数,字符串,你比较它们之前。大多数编程语言支持直接比较整数,所以不是使用字符串比较算法,你可以尝试使用整数比较算法来代替。你可以 scanvalue 转换为整数, StrToInt(scanvalue),并直接把它比作价值。
Profiling might show that you're spending a lot of time converting integers into strings before you compare them. Most programming languages support comparing integers directly, so instead of using a string-comparing algorithm, you could try using an integer-comparing algorithm instead. You could convert scanvalue to an integer with StrToInt(scanvalue) and compare it directly to value.
剖析可能显示你重复计算从相同的输入相同的结果。如果一个值不超过一个节目的某些部分改变,那么值计算从它不会改变,无论是。您可以减少做只有当一个值发生变化值转换的成本。例如,如果你做的整数比较,那么你可能会发现, scanvalue 的整数版本不会在你的函数改变。你可以在函数的开始 scanvalue 转换为整数一次,然后值比较循环内而不是调用 StrToInt(scanvalue)很多次了。
Profiling might show that you're repeatedly calculating the same result from the same input. If a value doesn't change over some portion of a program, then values calculated from it won't change, either. You can reduce the cost of converting values by doing it only when a value has changed. For example, if you do integer comparisons, then you'll probably find that the integer version of scanvalue doesn't change in your function. You could convert scanvalue to an integer once at the start of the function, and then compare value to that inside the loop instead of calling StrToInt(scanvalue) lots of times.
这篇关于内存扫描仪慢扫描的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
