Cheat Engine

[BlackDeviL13]

I was trying to write some text scanning code..
when I compile it as Application, it works fine..
but when I compiled it as a DLL ( for DLL injection ),,
the scan take a lot of time..
I have read somewhere in this forum and decided to write it like this:
1. convert my searched text value to array of byte
2. Readprocessmemory the whole address and save it in an array of byte
3. compare the buffer and the AoB of searched text
4. show the address in a list box

this is the part of my code:

...

hnd:=openprocess(process_all_access,false,GetCurrentProcessId); //I use GetCurrentProcessId because this code will be injected directly to ither process

...

procedure TForm1. Button1Click(Sender: TObject);
var
st1:Pchar;
buff:array of byte;
buff2:array [0..4095] of byte;
address,written:cardinal;
i,n:cardinal;
begin
st1:=Pchar(edit1. Text);
setlength(buff,0);
address:=$400000;
setlength(buff,length(st1));
for i:=0 to length(st1)-1 do
begin
buff[i]:=byte(st1[i]); //Convert text to AoB
end;
while address<$20000000 do //I know that the address must be placed between $400000 and $20000000
begin
if readprocessmemory(hnd,pointer(address),@buff2,4096,written)=true then //read a page size of byte and write it to an AoB buffer
begin
for n:=0 to 4095 do
begin
if buffcmp(buff2,n,buff,length(buff))=0 then //compare it
listbox1. Items. Add(inttohex(address+n,8 ); //show result in a listbox
end;
end;
address:=address+$1000;
end;
end;

...

function buffcmp(buff1:array of byte;n:integer;buff2:array of byte;size:integer):integer; //I found this part of code somewhere because in delphi I couldnt found memcmp function
var
i:integer;
begin
result:=0;
for i:=0 to size-1 do
begin
if buff1[n+i]<>buff2[i] then
begin
case buff1[n+i]>buff2[i] of
true: result:=1;
false: result:=-1
end;
break;
end;
end;
end;

...


I have tried not to show the address but it still take a lot of time..
may I did in a wrong method?
sorry for my bad english,, thanks

[justdream]

Your scan method is so slow and flawed.

1. You'r scanning from 00400000 to 20000000 upgrading in 1000 to 1000.
Like this:

00400000
00401000
00402000
...
20000000

2. If you're using it in a DLL, why are you using ReadProcessMemory API?

3. You're not comparing if the scanned address are readable and writable, so it may crash your target game.

I recommend you use VirtualQuery to get a list of readable memory addresses.

[BlackDeviL13]

ok,
I understand..
I remember what DB said on somewhere in this forum that we must read a page size of byte directly, and not read it one by one, so I read $1000 of memory and compare it..
and I use "If ReadProcessMemory =true then" , I think it should only read the Readable memory and skip Unreadable memory..
CMIIW

so I need to use virtualquery to get the region of readable and writeable memory, write it to buffer and compare it?

other question,, if I use it in DLL, what should I use instead of ReadProcessMemory?
I think ReadProcessMemory is the easiest way to Read a region of byte and write it to a buffer..

and last question,, are there faster methods to scantext instead of do it like this?
1. convert text to AoB,
2. Read the memory to buffer,
3. Compare it.
it takes 3 steps,can you do it in one/two steps??

btw, thanks for reply