Methods for accelerated code injection detection using operating system controlled memory attributes are performed by systems and apparatuses. The methods optimize search operations for memory segments in system and virtual memories by searching for segment attributes. A set of memory segments is determined wherein each memory segment in the set includes specific attributes. The memory segments in the set are ranked for a threat level based on segment attribute. The threat level is used to determine subsequent actions including providing indications of the memory segments in the set and initiating execution of an anti-malware application. Relevant segment attributes used for the segment search can be dynamically updated in an attribute list. Segment attributes of a segment can be determined by accessing a memory manager of an operating system via an API.