| View previous topic :: View next topic |
| Author |
Message |
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
 Posted: Fri Apr 02, 2010 10:48 am Post subject: 'Fast Scan' & 'Slow Scan' |
 |
|
Both of these take a while to scan through the processes memory, any help and faster methods to scan will definetly help 
Fast Scan:
| Code: |
if (CheckBox1 == BST_CHECKED)
{
for (DWORD i = BASE; i <= (DWORD) SI.lpMaximumApplicationAddress; i++)
{
S = VirtualQueryX((LPCVOID) i, &MBI, sizeof(MBI));
if ((MBI.RegionSize > 0) && (MBI.State == MEM_COMMIT) && (MBI.Type == MEM_PRIVATE) && (S == sizeof(MEMORY_BASIC_INFORMATION)))
{
lpMemoryBlock = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
__try
{
if ((Type == 0 && *(BYTE*) i == (BYTE) Value) || ((Type == 1) && *(WORD*) i == (WORD) Value) || ((Type == 2) && *(DWORD*) i == (DWORD) Value) || ((Type == 3) && *(UINT64*) i == (UINT64) Value) || ((Type == 4) && *(char*) i == (char) Value_Text))
{
InsertItem(i, hwndDlg);
}
}
__except (true)
{
i = lpMemoryBlock;
}
}
else
{
i = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
}
}
ShowResults(hwndDlg);
}
|
Slow Scan:
| Code: |
if (CheckBox2 == BST_CHECKED)
{
for (DWORD i = BASE; i <= (DWORD) SI.lpMaximumApplicationAddress; i++)
{
S = VirtualQueryX((LPCVOID) i, &MBI, sizeof(MBI));
if ((MBI.Protect == PAGE_READWRITE) && (MBI.RegionSize > 0) && (MBI.State == MEM_COMMIT) && (MBI.Type == MEM_IMAGE || MEM_PRIVATE || MEM_MAPPED) && (S == sizeof(MEMORY_BASIC_INFORMATION)))
{
lpMemoryBlock = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
__try
{
if ((Type == 0 && *(BYTE*) i == (BYTE) Value) || ((Type == 1) && *(WORD*) i == (WORD) Value) || ((Type == 2) && *(DWORD*) i == (DWORD) Value) || ((Type == 3) && *(UINT64*) i == (UINT64) Value) || ((Type == 4) && *(char*) i == (char) Value_Text))
{
InsertItem(i, hwndDlg);
}
}
__except (true)
{
i = lpMemoryBlock;
}
}
else
{
i = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
}
}
ShowResults(hwndDlg);
}
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 468
Joined: 09 May 2003
Posts: 25706
Location: The netherlands
|
| Posted: Fri Apr 02, 2010 10:55 am Post subject: |
|
|
the try/except slows it down (every try it'll write the exception address to fs:0, and every end of a try it'll estore it back)
See if you can only do a check on every 4KB boundary, and if an exception eventually happens (it will, no doubt about that), skip the current page you're in
and if you have a lot of results, "InsertItem" will probably slow it down as well unless you have disabled rendering (else it'll do a window refresh for each insert)
and you could probably change the if type=xxx into a switch (type) , that's faster
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Fri Apr 02, 2010 11:22 am Post subject: |
|
|
| Don't do VirtualQuery on every address, but only on every page.
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Fri Apr 02, 2010 9:32 pm Post subject: |
|
|
| wtf is going on in the middle, holy moley
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sat Apr 03, 2010 10:12 am Post subject: |
|
|
ill fix it up
i'll use switch and i'll remove the __try and __except functions.
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Sat Apr 03, 2010 11:29 am Post subject: |
|
|
| iPromise wrote: | ill fix it up
i'll use switch and i'll remove the __try and __except functions. |
And change the way you use VirtualQuery.
Right now you loop does VirtualQuery on every address. Instead you should do VirtualQuery, then do the loop on every address on THAT page, and at the end of the page do VirtualQuery again for the next page and so on.
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sat Apr 03, 2010 2:38 pm Post subject: |
|
|
Okay so like this:
| Code: |
for (DWORD i = lpStartAddress; i <= lpStopAddress; i++)
{
S = VirtualQuery((LPCVOID) i, &MBI, sizeof(MEMORY_BASIC_INFORMATION));
for (DWORD i = MBI.BaseAddress; i <= ((DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize); i++)
{
...
}
}
|
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sat Apr 03, 2010 3:20 pm Post subject: |
|
|
| no, now you have a double declaration of the same variable
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Sat Apr 03, 2010 3:34 pm Post subject: |
|
|
why the second for loop?
for i = min address; i <= max; i += region size
virtualquery for delicious informations, do whatever with it
go hog wild
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Sun Apr 04, 2010 12:57 pm Post subject: |
 |
|
| slovach wrote: | why the second for loop?
for i = min address; i <= max; i += region size
virtualquery for delicious informations, do whatever with it
go hog wild |
Wouldn't calling virtualquery on every address slow things down?
@iPromise: something like this:
| Code: | for (DWORD addr = lpStartAddress; addr <= lpStopAddress; )
{
S = VirtualQuery((LPCVOID) addr, &MBI, sizeof(MEMORY_BASIC_INFORMATION));
if( MBI.Protect == PAGE_READWRITE ){ //And other protections like execute and so on
for (DWORD i = MBI.BaseAddress; i <= ((DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize); i++)
{
...
}
}
addr = ((DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize);
} |
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Apr 04, 2010 1:58 pm Post subject: |
|
|
Mhmm..?
| Quote: |
Unhandled exception at 0x620b21ef (C++ - Memory Scanner.dll) in Run.exe: 0xC0000005: Access violation reading location 0x00031000.
|
| Code: |
SIZE_T S;
MEMORY_BASIC_INFORMATION MBI;
SYSTEM_INFO SI;
GetSystemInfo(&SI);
DWORD lpStartAddress, lpStopAddress;
lpStartAddress = (DWORD) SI.lpMinimumApplicationAddress;
lpStopAddress = (DWORD) SI.lpMaximumApplicationAddress;
for (DWORD addr = lpStartAddress; addr <= lpStopAddress; addr++)
{
S = VirtualQueryX((LPCVOID) addr, &MBI, sizeof(MEMORY_BASIC_INFORMATION));
if (MBI.Protect == PAGE_READWRITE)
{
for (DWORD i = (DWORD) MBI.BaseAddress; i <= ((DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize); i++)
{
if ((Type == 0 && *(BYTE*) i == (BYTE) Value) || ((Type == 1) && *(WORD*) i == (WORD) Value) || ((Type == 2) && *(DWORD*) i == (DWORD) Value) || ((Type == 3) && *(UINT64*) i == (UINT64) Value) || ((Type == 4) && *(char*) i == (char) Value_Text))
{
InsertItem(i, hwndDlg);
}
}
}
addr = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
}
ShowResults(hwndDlg);
|
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Apr 04, 2010 4:05 pm Post subject: |
|
|
as me and spencer both explained multiple times with a range of different analogies, you are missing basic conceptual understanding of memory addressing.
| Code: | | DWORD i = (DWORD) MBI.BaseAddress; i <= ((DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize); i++ |
it is crashing on the boundary case at the end. i'm not even gonna try to explain again.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 468
Joined: 09 May 2003
Posts: 25706
Location: The netherlands
|
| Posted: Sun Apr 04, 2010 6:26 pm Post subject: |
|
|
there's the boundary thing yes (reading the 4 byte value at 30ffd will also read 31000) but that it's an unhandled exception is even worse.
What if during your scan the game or a windows subsystem (or even your own dll, e.g: InsertItem doing some memory maintenance) freed the block at 30000 ?
You DO need to use try/except (I recommend in the first for loop, and on except increase the address to the next 4096 base so virtualqueryex can use that to continue from)
Tip: Split the scanning up into several different routines, that will make it easier and will hardly affect the speed at all
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Sun Apr 04, 2010 8:25 pm; edited 1 time in total |
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Sun Apr 04, 2010 8:13 pm Post subject: |
|
|
| tombana wrote: | | slovach wrote: | why the second for loop?
for i = min address; i <= max; i += region size
virtualquery for delicious informations, do whatever with it
go hog wild |
Wouldn't calling virtualquery on every address slow things down?
|
no, you'd be calling it on each region, not once per address.
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Mon Apr 05, 2010 7:19 am Post subject: |
|
|
| slovach wrote: | | tombana wrote: | | slovach wrote: | why the second for loop?
for i = min address; i <= max; i += region size
virtualquery for delicious informations, do whatever with it
go hog wild |
Wouldn't calling virtualquery on every address slow things down?
|
no, you'd be calling it on each region, not once per address. |
Yea stupid me. I didn't see the i += region size before, I thought it was i++;.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
