Szhlopp Posted August 26, 2008 Posted August 26, 2008 Well for the fun of it I was trying to create a memory scanner. And I got it to work, but heres the deal. It's to slow I have it searching chunks of memory. 0x006E0000 <- Starting location (Cheat engine confirmed. No value needs to be below this point) If that block fails to meet the Read+Write requirements (Alot of blocks do). It add's 0x00001000 Searches 0x006E1000 Ect ect. I get the inital values very fast but as soon as I get to the 0x01000000+ range alot of chunks start turning up searchable. I can't seems to loop through any faster to check the values. 1) Is there any way to speed up my loop? 2) Does anyone know of a call I can use to speed up the block searching process? Like another variable that says "This block isn't searchable"? I don't really expect to get many replies. So if this goes away I'll just have to wait till I can find some way of speeding this up myself Thanks all! Szh expandcollapse popup#include <GUIConstants.au3> #include <GuiListBox.au3> #include <ListboxConstants.au3> #include <WindowsConstants.au3> #include <NomadMemory.au3> ; SetPrivilege("SeDebugPrivilege", 1) Global $MemoryOpen, $ProcessOpened = False Global $AddressList $Form1 = GUICreate("Form1", 539, 277, 193, 125) $AddressList = GUICtrlCreateListView("Address | Value ", 2, 27, 185, 240) $Label1 = GUICtrlCreateLabel("Addresses", 51, 7, 53, 17) $ProcessLabel = GUICtrlCreateLabel("Memory: None opened", 230, 22, 200, 24) $SearchInput = GUICtrlCreateInput("Search", 232, 57, 270, 21) $Combo1 = GUICtrlCreateCombo("4 Byte", 232, 88, 105, 25) GUICtrlSetData(-1, "4 byte") $SearchButton = GUICtrlCreateButton("Search", 362, 85, 115, 28, 0) $Button2 = GUICtrlCreateButton("OpenMemory", 416, 12, 85, 35, 0) GUISetState(@SW_SHOW) While 1 Sleep(20) $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button2 $OpenProcess = OpenDialog() $MemoryOpen = _MemoryOpen($OpenProcess) Case $SearchButton If $ProcessOpened = True Then $sSearchText = GUICtrlRead($SearchInput) $SearchStart = 0x006E0000 $SearchCurrent = 0x006E0000 GUICtrlSetData($SearchInput, "Searching...") While 1 While 1 If Query($MemoryOpen, $SearchStart) = "00000004" Then ExitLoop $SearchStart += 4096 $SearchCurrent = $SearchStart WEnd Do $Read = _MemoryRead($SearchCurrent, $MemoryOpen) If $Read <> "0" And $Read = $sSearchText Then GUICtrlCreateListViewItem(Hex($SearchCurrent) & "|" & String($Read), $AddressList) EndIf $SearchCurrent += 1 Until $SearchCurrent = ($SearchStart + 4096) $SearchStart += 4096 ; 4096 65536 If Hex($SearchStart) = "08000000" Then ExitLoop WEnd GUICtrlSetData($SearchInput, "Done") EndIf EndSwitch WEnd Func OpenDialog() Local $aRet[2] $OpenForm = GUICreate("Processes", 222, 343, 193, 125) $ProcessListBox = GUICtrlCreateList("", 25, 9, 172, 266, $WS_BORDER + $WS_VSCROLL + $WS_TABSTOP + $LBS_NOTIFY) $OpenButton = GUICtrlCreateButton("Open", 39, 288, 147, 34, 0) GUISetState(@SW_SHOW) $ProcessList = ProcessList() For $I = 1 To $ProcessList[0][0] _GUICtrlListBox_AddString($ProcessListBox, "0x" & Hex($ProcessList[$I][1]) & "-" & $ProcessList[$I][0]) Next While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE GUIDelete($OpenForm) $aRet[0] = "" ExitLoop Case $OpenButton $iCurSel = _GUICtrlListBox_GetCurSel($ProcessListBox) $aRet = StringRegExp(_GUICtrlListBox_GetText($ProcessListBox, $iCurSel), "..(.*)-", 1) GUICtrlSetData($ProcessLabel, "Opened: " & _GUICtrlListBox_GetText($ProcessListBox, $iCurSel)) $ProcessOpened = True GUIDelete($OpenForm) ExitLoop EndSwitch WEnd Return Dec($aRet[0]) EndFunc Func Query($Handle, $Address) Local $Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword') Local $aRet[7] DllCall($Handle[0], 'int', 'VirtualQueryEx', 'int', $Handle[1], 'int', $Address, 'ptr', DllStructGetPtr($Buffer), 'int', DllStructGetSize($Buffer)) $aRet[0] = '0x' & Hex(DllStructGetData($Buffer, 1)); + 0) $aRet[1] = '0x' & Hex(DllStructGetData($Buffer, 2)) $aRet[2] = Hex(DllStructGetData($Buffer, 3)) $aRet[3] = Hex(DllStructGetData($Buffer, 4)) $aRet[4] = '0x' & Hex(DllStructGetData($Buffer, 5)) $aRet[5] = Hex(DllStructGetData($Buffer, 6)) $aRet[6] = '0x' & Hex(DllStructGetData($Buffer, 7)) Return $aRet[5] EndFunc RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+'
zorphnog Posted August 26, 2008 Posted August 26, 2008 Using a Global buffer for your Query function would help a little bit...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now