带慢扫描的内存扫描器 [英] Memory scanner with a slow scan
问题描述
我正在使用内存扫描器,但扫描太慢了,可以帮助我改善吗?
I'm working on a Memory Scanner, but the scan is so slow.. can anybody help-me improve it?
procedure FirstScan(scantype, scanvalue: string);
var
value :integer;
dwEndAddr : dword;
i:dword;
mbi : TMemoryBasicInformation;
begin
while (VirtualQuery(Pointer(DWORD(mbi.BaseAddress) + MBI.RegionSize), MBI, SizeOf(MEMORY_BASIC_INFORMATION))=SizeOf(TMemoryBasicInformation)) do begin
if (MBI.State = MEM_COMMIT) and (MBI.Protect = PAGE_READWRITE) then begin
dwEndAddr := DWORD(mbi.BaseAddress) + MBI.RegionSize;
for i := DWORD(MBI.BaseAddress) to (dwEndAddr - 1 - sizeof(DWORD)) do begin
Application.ProcessMessages;
try
if scantype = '1 Byte' then begin
value := PBYTE(i)^;
if scanvalue = IntToStr(value) then ListBox1.Items.Add(IntToHex(i,8));
end;
//others scantypes here...
except
Break;
end;
end;
end;
end;
end;
我知道我需要一次读取4096个字节的页面,然后将它们存储在内存中,做操作,直到我需要一个新的页面,然后得到另一个4096字节页...
I've learned that I need to read 4096 byte pages at a time then store those in memory and do operations on it, until I need a new page then get another 4096 byte page...
但我不知道该怎么做... ...
But I don't know how can I do that...
有人可以帮助我吗?代码可以是C或C ++ ...
Can anybody help-me? The code can be in C or C++...
推荐答案
为了让慢代码更快, 。首先,请确保您的代码正确。错误的结果仍然是错误的结果,即使你很快得到他们。为此,请确保在调用 VirtualQuery 时,您将传递所有参数的有效值。在此函数开始时, mbi 未初始化,因此 DWORD(mbi.BaseAddress)+ MBI.RegionSize 将是谁知道的。
To make slow code fast, there are a few things you can do. First, make sure your code is correct. Wrong results are still wrong results, even if you get them quickly. To that end, make sure that when you call VirtualQuery, you're passing in valid values for all the parameters. At that start of this function mbi is uninitialized, so the result of DWORD(mbi.BaseAddress) + MBI.RegionSize will be who-knows-what.
一旦你有正确的工作代码,有两种方法使它更快:
Once you have correctly working code, there are two ways to make it faster:
-
找出慢的部分,使它们快。要做到这一点,你需要一个profiler。分析器将在运行时观察您的程序,然后告诉您程序花费执行每个部分的时间百分比。
Find the slow parts and make them fast. To do this right, you need a profiler. A profiler will observe your program as it runs, and then tell you what percentage of time your program spent executing each part. That tells you where to focus your efforts.
使用更快的算法替换慢速算法。这可能意味着丢弃整个函数,或者它可能意味着只修复代码的某些部分。
Replace slow algorithms with faster algorithms. This might mean throwing away the entire function, or it might mean fixing just certain parts of the code.
,分析可能会显示您花费大量时间调用 ProcessMessages 。你不能真正使这个功能更快,因为它是VCL的一部分,但你可以更少地调用它。如果您运行此代码的线程预计不会收到任何需要处理的消息,您甚至可能会发现您根本不需要调用它。
For example, profiling might show that you spend a lot of time call ProcessMessages. You can't really make that function any faster since it's part of the VCL, but you can call it less often. You might even find that you don't need to call it at all, if the thread you're running this code on isn't expected to receive any messages that need processing.
分析可能会显示您花费大量时间进行字符串比较。如果字符串的开始经常是相等的,通常只在结尾有所不同,那么您可能希望更改字符串比较算法,以开始比较最后一个字符而不是第一个字符串。
Profiling might show that you're spending a lot of time doing string comparisons. If the starts of your strings are frequently equal, and usually only differ at the end, then you might wish to change your string-comparison algorithm to start comparing strings at the last character instead of the first.
分析可能会显示您在花费大量时间将整数转换为字符串,然后再进行比较。大多数编程语言支持直接比较整数,因此,不使用字符串比较算法,您可以尝试使用整数比较算法。您可以将 scanvalue 转换为带有 StrToInt(scanvalue)的整数,并将其直接与 。
Profiling might show that you're spending a lot of time converting integers into strings before you compare them. Most programming languages support comparing integers directly, so instead of using a string-comparing algorithm, you could try using an integer-comparing algorithm instead. You could convert scanvalue to an integer with StrToInt(scanvalue) and compare it directly to value.
分析可能会显示您正在从同一个输入重复计算相同的结果。如果一个值在程序的某些部分没有改变,那么从它计算的值也不会改变。您可以通过仅在值已更改时执行转换来降低转换值的成本。例如,如果你做整数比较,那么你可能会发现整数版本的 scanvalue 在你的函数中不会改变。您可以在函数开始时将 scanvalue 转换为一个整数,然后将 value 与循环内部比较而不是调用 StrToInt(scanvalue)很多次。
Profiling might show that you're repeatedly calculating the same result from the same input. If a value doesn't change over some portion of a program, then values calculated from it won't change, either. You can reduce the cost of converting values by doing it only when a value has changed. For example, if you do integer comparisons, then you'll probably find that the integer version of scanvalue doesn't change in your function. You could convert scanvalue to an integer once at the start of the function, and then compare value to that inside the loop instead of calling StrToInt(scanvalue) lots of times.
这篇关于带慢扫描的内存扫描器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
