With this code I guess the scan was faster, but the scan always return the SAME address.
E.G.:
00123456
00124567
00135478
00145893
00123456 //start repeat
00124567
00135478
00145893
00123456 //start repeat
00124567
00135478
00145893
This is my procedure:
procedure SCANBYTE(value: integer);
var
lpflOldProtect: dword;
s: size_t;
mbi: MEMORY_BASIC_INFORMATION;
SI: SYSTEM_INFO;
lpStartAddress, lpStopAddress: dword;
addr: dword;
i: dword;
begin
GetSystemInfo(si);
lpStartAddress := dword(SI.lpMinimumApplicationAddress);
lpStopAddress := dword(SI.lpMaximumApplicationAddress);
for addr := lpStartAddress to lpStopAddress do begin
S:= VirtualQuery(Pointer(addr), MBI, SizeOf(MEMORY_BASIC_INFORMATION));
if (S=SizeOf(MEMORY_BASIC_INFORMATION)) and (MBI.State = MEM_COMMIT) and (MBI.Type_9 = MEM_PRIVATE) and (MBI.RegionSize>0) and (MBI.Protect = PAGE_READWRITE) then begin
for i := dword(MBI.BaseAddress) to (dword(MBI.BaseAddress) + dword(MBI.RegionSize)) - 4096 do begin
if value = PBYTE(i)^ then ListBox1.Items.Add(IntToHex(i,8));
end;
end;
end;
end;
I guess the problem is at the last FOR loop:
(...)
for i := dword(MBI.BaseAddress) to (dword(MBI.BaseAddress) + dword(MBI.RegionSize)) - 4096 do begin
(...)
But I really don't know.. How can I solve this?
You run your code in a loop from the start address to the end address. The address addr increases by 1 each time around the loop. VirtualQuery gives you information about entire pages. All the addresses in a page have the same base address. The documentation tells you, "This value is rounded down to the next page boundary."
Look more closely, and you should see that mbi.BaseAddress remains the same for 4096 iterations of your outer loop (assuming 4096 is the page size). Thus, you're re-scanning the same block of memory over and over again. (That might also explain why your code is slow.)