Cheat Engine

Slugsnack · Posted: Sat Jul 05, 2008 5:04 am Post subject: Memory Scanner

I have coded a memory scanner in the form of an injectable DLL but have a question or two on making it more efficient and more functionable:

1) Is it faster to read and compare dwords (assuming they are at 4 byte alignments) or is it faster to read and compare bytes ?

eg. which one would be faster:

Dark Byte · Posted: Sat Jul 05, 2008 10:21 am Post subject:

1: Comparing dwords is faster, if you're looking for a dword. If you're looking for a single byte, use byte.
As a rule of thumb, always pick the biggest possible type, the less instructions, the better

also, since the 0x386 architecture, you can do:

Slugsnack · Posted: Sun Jul 06, 2008 11:01 am Post subject:

First correction is just me being stupid haha Embarassed

I will try to use the method you describe in terms of getting allocated memory regions, thanks Wink

//edit :

I would now love some advice about storing "matches" for some sort of "next scan function".

I initially thought of having an array but I realised this is actually impossible considering that array is in the memory space of the memory you are potentially scanning so you can never match the size of the entire memory space (potentially 0x7FFFFFFF).

So instead of an array in terms of boolean bytes, I thought why not boolean nibbles. eg. first nibble would correspond to like 0x00000000 and next nibble would correspond to 0x00000001.

Then I thought, why not take this even further and to the extreme and use "boolean bits" ? I could store the "state" (in terms of match/non-match) of 8 virtual addresses in each byte of my array.

However, bit manipulation does not seem to be best option. I would potentially still have a lot of addresses to read but this would be still faster than my last option..

My last option I could think of was to write to disk. Disk access is unarguably slower than memory access but this would leave me no problems with bulking up a load of memory. However if I were to use this method, I would need to investigate a bit more on what sort of APIs to use, etc.

Another noob idea I had was to write out all matches to a console then re-read it. Probably slow, but not memory consuming.

Does anyone have any advice on what to do ? I don't care about how easy/hard it may be, that is NP. I have all the time and patience in the world. I would love to know the most EFFICIENT method. Or maybe there is another better method I have not mentioned. I am not overly satisfied with any of the ideas I came up with.