I ran apihook command in Volatility with the very fast pyvmi address space. However, I didn't see significant performance improvement in terms of the total runtime as it still ran for 5 mins - 6 mins.

Although I have got profiling report of apihooks by cProfile and have been aware that __read_bytes(), the acquisittion of memory content,  just consumed a very small part, which is 7 secs, of the total 5~6 mins, and that the overhead may be categorized in apihook algorithm, memory acquisition as well as Python runtime, I can hardly go further in figuring out which part of the apihook cost the most.

I attach the profiling report here, and hope anyone help analysis.

Thank you so much.

Guanglin