I've been hacking an online game client, which usually comsumes 1GB+ memory in runtime.
For example I want to find a specific string in the client's memory, using both cheat engine and the native api ReadProcessMemory().
When using cheat engine, it takes less than one second to find candidate addresses of the string;
However, when using ReadProcessMemory(), it would take more than 60 seconds to traverse all memory regions in the client memory. Even when the code is injected into target process, it takes up to 10 to 20 seconds.
Question is: why can cheat engine scan memory so fast? According to the memory usage of cheat engine it does not read whole one memory region at one time(which often reduces calls to ReadProcessMemory()).
Below is my actual code, basically its purpose is to traverse through the memory and find the python object with type "UIRoot". mrg means memory region (std::pair<uint64_t base,uint64_t size>); The executable is built with -O2 option. It works but runs slowly.
#pragma omp parallel for
for (int i = 0; i < mrgs.size(); i++) {
auto& mrg = mrgs[i];
for (auto o = 8; o < mrg.second; o += 8) {
auto toab = memory_reader_->ReadBytes(mrg.first + o, 8);
if (toab) {
auto toa = Convert::ToInt64(toab->Raw(), 0);
auto tonab = memory_reader_->ReadBytes(toa + 24, 8);
if (tonab) {
auto tona = Convert::ToInt64(tonab->Raw(), 0);
auto ton = ReadNullTerminatedAsciiStringFromAddressUpTo255(tona, 7);
if (ton == "UIRoot") {
//do something
}
}
}
}
}
