[python-win32] Quest for memory scanner
Tim Roberts
timr at probo.com
Sat Oct 21 03:38:14 EDT 2017
On Oct 20, 2017, at 12:54 PM, Michael C <mysecretrobotfactory at gmail.com> wrote:
>
> Hello Tim, everyone:
>
> I actually have a semi-working scanner, but I can't figure out why it doesn't return
> nearly as many addresses as Cheat Engine does.(for scan run #1) Let's say I am scanning the Calculator that comes with Windows.
The Windows calculator uses an arbitrary-precision math library to store its numbers. It does not store them as double-precision floats.
You are only looking at PAGE_READWRITE memory. Processes also have read-only memory that you can scan, but not change.
When I suggested using a buffer, what I meant is that you should allocate a buffer of about a megabyte, then read a megabyte at a time from the other process, and scan through that memory in your code. That's much faster than making millions and millions of kernel calls. You may not be aware of what goes on behind the scenes when you do ReadProcessMemory. At any given time, only one process at a time (per CPU) can have its memory space in the page tables, and if it's not in the page tables, it can't be accessed. Thus, when you call ReadProcessMemory, the kernel has to switch to that other process as if it were going to start running, load its page tables, copy the memory into kernel space, switch back to your process and load its page tables, copy the data back to you, then start you running again. That's a lot of overhead.
—
Tim Roberts, timr at probo.com
Providenza & Boekelheide, Inc.
More information about the python-win32
mailing list