With this code I guess the scan was faster, but the scan always return the SAME address.
00123456 00124567 00135478 00145893 00123456 //start repeat 00124567 00135478 00145893 00123456 //start repeat 00124567 00135478 00145893
This is my procedure:
procedure SCANBYTE(value: integer); var lpflOldProtect: dword; s: size_t; mbi: MEMORY_BASIC_INFORMATION; SI: SYSTEM_INFO; lpStartAddress, lpStopAddress: dword; addr: dword; i: dword; begin GetSystemInfo(si); lpStartAddress := dword(SI.lpMinimumApplicationAddress); lpStopAddress := dword(SI.lpMaximumApplicationAddress); for addr := lpStartAddress to lpStopAddress do begin S:= VirtualQuery(Pointer(addr), MBI, SizeOf(MEMORY_BASIC_INFORMATION)); if (S=SizeOf(MEMORY_BASIC_INFORMATION)) and (MBI.State = MEM_COMMIT) and (MBI.Type_9 = MEM_PRIVATE) and (MBI.RegionSize>0) and (MBI.Protect = PAGE_READWRITE) then begin for i := dword(MBI.BaseAddress) to (dword(MBI.BaseAddress) + dword(MBI.RegionSize)) - 4096 do begin if value = PBYTE(i)^ then ListBox1.Items.Add(IntToHex(i,8)); end; end; end; end;
I guess the problem is at the last FOR loop:
(...) for i := dword(MBI.BaseAddress) to (dword(MBI.BaseAddress) + dword(MBI.RegionSize)) - 4096 do begin (...)
But I really don't know.. How can I solve this?
You run your code in a loop from the start address to the end address. The address
addr increases by 1 each time around the loop.
VirtualQuery gives you information about entire pages. All the addresses in a page have the same base address. The documentation tells you, "This value is rounded down to the next page boundary."
Look more closely, and you should see that
mbi.BaseAddress remains the same for 4096 iterations of your outer loop (assuming 4096 is the page size). Thus, you're re-scanning the same block of memory over and over again. (That might also explain why your code is slow.)