> Your reasoning is right, but you have to remember that memory protection cannot
> usually happen at a byte-sized granularity, so you'll often be able to overwrite
> a few extra bytes without anyone complaining, and that's not good.
>
> Memory protection will typically take place on page-sized (4KB) or greater
> intervals. X86 has a lot of crazy MMU features but I think Windows probably just
> uses paging for the most part.
>
> I think you were compiling in debug mode which means MSVC uses code that
> initializes uninitialized memory regions with a certain magic number (0xFD?) and
> at the end, checks to see if you have written out of bounds by seeing if
> everything is 0xFD where it should be. I could be wrong, but I think I've heard
> this somewhere and it seems consistent with what's happening to you.

I asked google "debug build 0xFD memory" and google said:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore98/HTML/_core_memory_management_and_the_debug_heap.asp

Things one doesn't know without looking around :P