I'm writing a simple memoryscanner in c, where I'm using VirtualQueryEx to scan an arbitrary process's memory.
VirtualQueryEx (hProc, addr, &meminfo, sizeof(meminfo)
I loop through all of the memory blocks in process like this:
addr = (unsigned char*)meminfo.BaseAddress + meminfo.RegionSize
But the problem is that one block of memory is much larger than the size of SIZE_T and can't fit into meminfo.RegionSize.
This is what it looks like in process hacker:
As you can see it jumps from 0x7ffe2000 to 0x19a1e00000 creates a RegionSize of 0x1921e1e000 which is much larger than an 2^32.
I tested with other processes than notepad.exe and they had that same huge jump after about 3 blocks of memory that are always 4k in size. I tried starting at an address after this huge jump and it worked fine, but the problem is that the jumps are allocated differently for each process so it's not a portable solution to the problem.
I found the answer. I was compiling the c program with mingw which is 32-bit, but I'm using a 64-bit system. That's why the RegionSize couldn't fit in SIZE_T.