-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
speeding up svcscan --verbose mode #46
Comments
The patch is below and you can see that we are utilizing the
|
sounds good to me |
gleeda
added a commit
that referenced
this issue
Jul 11, 2014
gleeda
added a commit
that referenced
this issue
Jul 25, 2014
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
currently the code is not very efficient when printing out service DLLs. This is because we are querying for running services and then querying for their appropriate registry key one at a time (currentcontrolset\services[SERVICE]\Parameters). This is fine if there are only a few services higher up in the alphabet, however since enumerating registry subkeys is an O(N) operation (for each key traversed) we get something like the following when choosing this method:
1 + 2 + 3 + 4 + ... + n
or n(n-1) / 2, which is pretty much n^2/2... (and in this case, because there are other paths that much be traversed, such as the paths to currentcontrolset and the path to services and also the path to parameters (each of which is roughly some m^2/2), so it's more than O(N^2) which is very slow...) You notice this especially when you get to services that start with letters towards the end of the alphabet. You can see this yourself when you run with --verbose that at first it will be very quick and then eventually it will slog down.
A better approach would be to get the service dlls ahead of time in a dictionary or something and then access them as needed.
For one sample you can see the speedup:
Before time (old method):
real 20m50.846s
user 16m38.999s
sys 3m41.336s
After fix:
real 1m28.326s
user 0m51.323s
sys 0m12.399s
I'll test it a bit more before committing
The text was updated successfully, but these errors were encountered: