C# - Reading process memory

[Trixiap]

Hi,
I'm trying to read whole memory of single process and after many trials and errors I ended with this solution

Code:

SYTEM_INFO info = systemInfo(); //GetSystemInfo
            Int64 min_address = (Int64)info.minimumApplicationAddress;
            Int64 max_address = (Int64)info.maximumApplicationAddress;
            IntPtr procHandle = ProcToolbox.openProcess(id);
            MEMORY_BASIC_INFORMATION memInfo = new MEMORY_BASIC_INFORMATION();
            while (min_address < max_address)
            {
                int memDump = VirtualQueryEx(procHandle, info.minimumApplicationAddress, out memInfo, Marshal.SizeOf(memInfo));
                if (memDump == 0)
                {
                    int error = Marshal.GetLastWin32Error();
                }
                if (memInfo.Protect == PAGE_READWRITE && memInfo.State == MEM_COMMIT)
                {
                    byte[] buffer = ReadProcessMemory(procHandle, memInfo.BaseAddress, memInfo.RegionSize.ToInt64());
                }
                min_address += memInfo.RegionSize.ToInt64();
                info.minimumApplicationAddress = (IntPtr)min_address;
            }

But problem is, that on 64bit machine is maximumAppliactionAddress 8TB so this solution takes very long time to execute. My question is, isn't there some more better solution that don't read whole memory, but only pages that belong to targeted process? Or is there anyway how to obtain list of pages that belong to that process and their addresses?

[Torpedoes]

Wouldn't VirtualQueryEx fail when there are no more pages to read? That or VirtualQueryEx will just return a size spanning the rest of the 8TB, unreadable of course.

I'm implementing a similar function right now but haven't gotten around to testing it yet.

[Trixiap]

How could I miss that!

So if I'm correct, simple break inside that error IF solve problem, right?

EDIT: It is probably working (at least for small testing app that I made). VirtualQuaryEx will fail and return error code 84 (I don´t know what it is, but based on error at address 2147418112 it is probably some kind of "out of memory space for 32bit app" error)

[Torpedoes]

Try calling GetLastError and see what error it gives you. But yeah that's what I've seen other's do, so I'm assuming it works.