by L. Spiro » Thu Dec 02, 2010 3:45 pm
It will not do you any good to check for 0x8F bit masks as these could be anywhere for any reason.
You would already have to complete the board to know the pattern of the bombs.
The L. Spiro Script code in the MHS help file shows you the important addresses, unless you are working with Windows Vista or above, in which case there is no guarantee that they are still using the 0x8F system anyway.
The board on Windows Vista and above is dynamically allocated and uses a much more advanced system.
But to answer your actual question, MHS is by far the fastest scanner, which implies that explaining how to get MHS speeds is unreasonable because there is clearly some kind of wizardry involved.
But you can match average scanner speeds quite easily by eliminating a few flaws in your routine.
Firstly, don’t call ::ReadProcessMemory() for every byte.
The process works as follows:
#1: Determine which ranges of memory to search. A simple std::vector<> will do. All you need is to gather the start and end ranges for all of the chunks, walking the memory via ::VirtualQueryEx(). You should also decide on the largest chunk size you are willing to search, and when you encounter a chunk that is larger than that, break it down into smaller chunks and add multiple entries into your std::vector<>.
#2: While you were making the chunk array, you kept track of the largest chunk. Allocate a buffer of this size and you can use the same buffer for every call to ::ReadProcessMemory().
#3: Iterate over the chunks. For each chunk in the std::vector<> it will tell you the start and length of that chunk. Because your local buffer is already large enough for the largest chunk, there is no need to reallocate it every time. Simply ::ReadProcessMemory() into the same buffer for every chunk in your list.
#4: Now that you have copied a large section of the target-process RAM into your local space, you can scan it using a for () loop however you want, checking for whatever you want.
#5: When your scan is done, free the local buffer.
L. Spiro
Our songs remind you of songs you’ve never heard.