PVOID BaseAddress;ULONG_PTR ZeroBits;SIZE_T RegionSize = 1;NTSTATUS status;

1. PVOID BaseAddress;
2. ULONG_PTR ZeroBits;
3. SIZE_T RegionSize = 1;
4. NTSTATUS status;
5.  
6. for (ZeroBits = 0xFFFFFFFFFFFFFFFF;;)
7. {
8. if (0 <= (status = NtAllocateVirtualMemory(NtCurrentProcess(), &(BaseAddress = 0),
9. ZeroBits, &RegionSize, MEM_RESERVE|MEM_TOP_DOWN, PAGE_NOACCESS)))
10. {
11. DbgPrint("%p:%pn", ZeroBits, BaseAddress);
12. NtFreeVirtualMemory(NtCurrentProcess(), &BaseAddress, &RegionSize, MEM_RELEASE);
13.  
14. ZeroBits >>= 1;
15. }
16. else
17. {
18. DbgPrint("%xn", status);
19. break;
20. }
21. }
22.  
23. for(ZeroBits = 0;;)
24. {
25. if (0 <= (status = NtAllocateVirtualMemory(NtCurrentProcess(), &(BaseAddress = 0),
26. ZeroBits, &RegionSize, MEM_RESERVE|MEM_TOP_DOWN, PAGE_NOACCESS)))
27. {
28. DbgPrint("%x:%pn", ZeroBits++, BaseAddress);
29. NtFreeVirtualMemory(NtCurrentProcess(), &BaseAddress, &RegionSize, MEM_RELEASE);
30. }
31. else
32. {
33. DbgPrint("%xn", status);
34. break;
35. }
36. }
37.  
38. FFFFFFFFFFFFFFFF:00007FF735B40000
39. 7FFFFFFFFFFFFFFF:00007FF735B40000
40. 3FFFFFFFFFFFFFFF:00007FF735B40000
41. 1FFFFFFFFFFFFFFF:00007FF735B40000
42. 0FFFFFFFFFFFFFFF:00007FF735B40000
43. 07FFFFFFFFFFFFFF:00007FF735B40000
44. 03FFFFFFFFFFFFFF:00007FF735B40000
45. 01FFFFFFFFFFFFFF:00007FF735B40000
46. 00FFFFFFFFFFFFFF:00007FF735B40000
47. 007FFFFFFFFFFFFF:00007FF735B40000
48. 003FFFFFFFFFFFFF:00007FF735B40000
49. 001FFFFFFFFFFFFF:00007FF735B40000
50. 000FFFFFFFFFFFFF:00007FF735B40000
51. 0007FFFFFFFFFFFF:00007FF735B40000
52. 0003FFFFFFFFFFFF:00007FF735B40000
53. 0001FFFFFFFFFFFF:00007FF735B40000
54. 0000FFFFFFFFFFFF:00007FF735B40000
55. 00007FFFFFFFFFFF:00007FF735B40000
56. 00003FFFFFFFFFFF:00003FFFFFFF0000
57. 00001FFFFFFFFFFF:00001FFFFFFF0000
58. 00000FFFFFFFFFFF:00000FFFFFFF0000
59. 000007FFFFFFFFFF:000007FFFFFF0000
60. 000003FFFFFFFFFF:000003FFFFFF0000
61. 000001FFFFFFFFFF:000001FFFFFF0000
62. 000000FFFFFFFFFF:000000FFFFFF0000
63. 0000007FFFFFFFFF:0000007FFFFF0000
64. 0000003FFFFFFFFF:0000003FFFFF0000
65. 0000001FFFFFFFFF:0000001FFFFF0000
66. 0000000FFFFFFFFF:0000000FFFFF0000
67. 00000007FFFFFFFF:00000007FFFF0000
68. 00000003FFFFFFFF:00000003FFFF0000
69. 00000001FFFFFFFF:00000001FFFF0000
70. 00000000FFFFFFFF:00000000FFFF0000
71. 000000007FFFFFFF:000000007FFF0000
72. 000000003FFFFFFF:000000003FFF0000
73. 000000001FFFFFFF:000000001FFF0000
74. 000000000FFFFFFF:000000000FFF0000
75. 0000000007FFFFFF:0000000007FF0000
76. 0000000003FFFFFF:0000000003FF0000
77. 0000000001FFFFFF:0000000001FF0000
78. 0000000000FFFFFF:0000000000FF0000
79. 00000000007FFFFF:00000000007F0000
80. 00000000003FFFFF:00000000003F0000
81. 00000000001FFFFF:00000000001F0000
82. 00000000000FFFFF:00000000000F0000
83. 000000000007FFFF:0000000000070000
84. 000000000003FFFF:0000000000030000
85. 000000000001FFFF:0000000000010000
86. c0000017
87. 0:00007FF735B40000
88. 1:000000007FFF0000
89. 2:000000003FFF0000
90. 3:000000001FFF0000
91. 4:000000000FFF0000
92. 5:0000000007FF0000
93. 6:0000000003FF0000
94. 7:0000000001FF0000
95. 8:0000000000FF0000
96. 9:00000000007F0000
97. a:00000000003F0000
98. b:00000000001F0000
99. c:00000000000F0000
100. d:0000000000070000
101. e:0000000000030000
102. f:0000000000010000
103. c0000017