I'm working on a Memory Scanner, but the scan is so slow.. can anybody help-me improve it?

procedure FirstScan(scantype, scanvalue: string);
var
 value :integer;
 dwEndAddr : dword;
 i:dword;
 mbi : TMemoryBasicInformation;
begin
  while (VirtualQuery(Pointer(DWORD(mbi.BaseAddress) + MBI.RegionSize), MBI, SizeOf(MEMORY_BASIC_INFORMATION))=SizeOf(TMemoryBasicInformation)) do begin
   if (MBI.State = MEM_COMMIT) and (MBI.Protect = PAGE_READWRITE) then begin
    dwEndAddr := DWORD(mbi.BaseAddress) + MBI.RegionSize;
     for i := DWORD(MBI.BaseAddress) to (dwEndAddr - 1 - sizeof(DWORD)) do begin
      Application.ProcessMessages;
      try
       if scantype = '1 Byte' then begin
        value := PBYTE(i)^;
        if scanvalue = IntToStr(value) then ListBox1.Items.Add(IntToHex(i,8));
       end;
       //others scantypes here...
      except
       Break;
      end;
     end;
   end; 
  end;
end;

I've learned that I need to read 4096 byte pages at a time then store those in memory and do operations on it, until I need a new page then get another 4096 byte page...

But I don't know how can I do that...

Can anybody help-me? The code can be in C or C++...

• c++
• c
• delphi
• memory

To make slow code fast, there are a few things you can do. First, make sure your code is correct. Wrong results are still wrong results, even if you get them quickly. To that end, make sure that when you call VirtualQuery, you're passing in valid values for all the parameters. At that start of this function mbi is uninitialized, so the result of DWORD(mbi.BaseAddress) + MBI.RegionSize will be who-knows-what.

Once you have correctly working code, there are two ways to make it faster:

1. Find the slow parts and make them fast. To do this right, you need a profiler. A profiler will observe your program as it runs, and then tell you what percentage of time your program spent executing each part. That tells you where to focus your efforts.

2. Replace slow algorithms with faster algorithms. This might mean throwing away the entire function, or it might mean fixing just certain parts of the code.

For example, profiling might show that you spend a lot of time call ProcessMessages. You can't really make that function any faster since it's part of the VCL, but you can call it less often. You might even find that you don't need to call it at all, if the thread you're running this code on isn't expected to receive any messages that need processing.

Profiling might show that you're spending a lot of time doing string comparisons. If the starts of your strings are frequently equal, and usually only differ at the end, then you might wish to change your string-comparison algorithm to start comparing strings at the last character instead of the first.

Profiling might show that you're spending a lot of time converting integers into strings before you compare them. Most programming languages support comparing integers directly, so instead of using a string-comparing algorithm, you could try using an integer-comparing algorithm instead. You could convert scanvalue to an integer with StrToInt(scanvalue) and compare it directly to value.

Profiling might show that you're repeatedly calculating the same result from the same input. If a value doesn't change over some portion of a program, then values calculated from it won't change, either. You can reduce the cost of converting values by doing it only when a value has changed. For example, if you do integer comparisons, then you'll probably find that the integer version of scanvalue doesn't change in your function. You could convert scanvalue to an integer once at the start of the function, and then compare value to that inside the loop instead of calling StrToInt(scanvalue) lots of times.

I can help you a bit...get that Application.ProcessMessages out of the inner loop. You're calling it for every. single. byte. you. scan. You don't need to be quite that responsive to window messages. :)

Move it up into the outer loop, and you should see a significant speed increase. I'd say spawn a thread and get rid of Application.ProcessMessages altogether, as it's really not this code's job to handle, but i'm not sure how/whether Delphi does threads.

Also....you're passing the scan params as strings? If you insist on doing that, set an int or enum or something before you start the loop that says what scan type to use, convert the value to a useful type for your search, and compare that. String comparisons tend to be slower than integer comparisons, particularly when you're creating new strings each time.

Also: you're converting the current pointer to a string for every byte you access. Yech, horribly slow. Instead, change scanvalue to a BYTE at the start of your procedure and do the comparison directly on BYTEs.

Finally -- pull the "if scantype = '1 byte'" out of the for i:=DWORD(MBI.BaseAddress) loop. You don't want to be doing that "if" statement for every byte -- instead, do

if scantype = '1 byte' then
  for i:= DWORD(...)
else if scantype='other scan type' then...

and so on. (And yes, you should convert that "if scantype" comparison to an enum or whatnot.)