Server Development 2007. 11. 23. 00:27

WFC Technical Note 006 - Funny Memory Values

Introduction

Microsoft has put quite a lot of memory leak detection helpers in Windows NT. They have not done a good job of advertising it. This document describes some of the things I've deciphered while debugging code.

Funny Memory Values

Many times while debugging programs, I will come across memory that is filled with "funny" values. After some playing around (i.e. hacking) with the Win32 API, I was able to figure out what they meant. Some of these values have been documented in places but never all together. The values for the tags presented here are hexadecimal because that's the way Developer's Studio presents them in the memory window.

 Value  Meaning
 0xAB
or
 0xABAB 
or
 0xABABABAB 
 Memory following a block allocated by LocalAlloc().
 0xBAADF00D  Bad Food. Get it? This is memory allocated via LocalAlloc( LMEM_FIXED, ... ). It is memory that has been allocated but not yet written to.
 0xFEEE
 0xFEEEFEEE
 This seems to be memory that has been dedicated to a heap but not yet allocated by HeapAlloc() or LocalAlloc().
 0xCC
or
 0xCCCC
or
 0xCCCCCCCC
 Microsoft Visual C++ compiled code with the /GZ is automatically initialized the uninitialized variable with this value.
 0xCD
or
 0xCDCD
or
 0xCDCDCDCD
 Microsoft Visual C++ compiled code with memory leak detection turned on. Usually, DEBUG_NEW was defined. Memory with this tag signifies memory that has been allocated (by malloc() or new) but never written to the application.
 0xDD
or
 0xDDDD
or
 0xDDDDDDDD
 Microsoft Visual C++ compiled code with memory leak detection turned on. Usually, DEBUG_NEW was defined. Memory with this tag signifies memory that has been freed (by free() or delete) by the application. It is how you can detect writing to memory that has already been freed. For example, if you look at an allocated memory structure (or C++ class) and most of the members contain this tag value, you are probably writing to a structure that has been freed.
 0xFD
or
 0xFDFD
or
 0xFDFDFDFD
 Microsoft Visual C++ compiled code with memory leak detection turned on. Usually, DEBUG_NEW was defined. Memory with this tag signifies memory that is in "no-mans-land." These are bytes just before and just after an allocated block. They are used to detect array-out-of-bounds errors. This is great for detecting off-by-one errors.

디버그 힙 사용시일 때 표가 의미가 있다. 물론 스택은 관계없다. 아래 값 상태를 알아두면 좋다.

메모리값 의미
0xCDCDCDCD 힙에 할당된 메모리다.그러나 초기화 되지 않았다.
0xDDDDDDDD 힙에서 Free된 메모리이다.
0xFDFDFDFD "NoMansLand?"(아무도 여기에 있어서는 안된다. 즉 자동적으로 할당된 힙 메모리 바운더리에 놓여지는 값이다. 결고 overwrite되선 안되고, 만약 이 값이 변경되면 할당된 영역이상 쓰여진 것이다. 이럴 경우 VC에서 경고를 내준다.
0xCCCCCCCC 스택에 할당된 메모리이다. 그러나 초기화 되지 않았다.

여기서 특히나 0xCCCCCCCC 는 특별한 의미인데. 이것은 어셈블리어로 따지자면 __asm int 3 이다. 이것은 브레이크포인터와 같다. 따라서 프로그래머가 이 영역을 초기화 없이 접근하여 사용시에는 user break point를 내준다.(메세지도 이렇게 나오는 것을 한번쯤 봤을 것이다.) 이것은 VC가 디버그 모드에서는 이런식으로 할당된 변수 값들을 채워줌으로써 프로그래머의 실수를 최대한 막아준다. 이런 값들은 포인터 변수값이 초기화 상태가 아닐 때 값을 보면 디버그 모드에서는 항상 이런 값임을 확인해 볼 수 있다.



출처 : http://www.samblackburn.com/wfc/technotes/WTN006.htm
posted by choiwonwoo

댓글을 달아 주세요