为什么堆栈充满0xCCCCCCCC [英] Why is the stack filled with 0xCCCCCCCC

问题描述

目前，我正在拆卸在Visual Studio 2012中前preSS做了一些小的C程序，我已经注意到了二进制文件之间的一个趋势。

I'm currently disassembling some small C programs made in Visual Studio 2012 Express, and i've noticed a trend amongst the binaries.

第一组在主函数中执行的指令总是：

The first set of instructions executed in the main function are always:

SUB ESP,154                       ; Doesn't have to be 0x154.
.....
.....
.....
LEA EDI,DWORD PTR SS:[EBP-154]
MOV ECX,55                        ; Also doesn't have to be 0x55.
MOV EAX,CCCCCCCC
REP STOS DWORD PTR ES:[EDI]

那么，为什么该机填补这个0xCCCCCCCC堆栈？我读过它是由VC ++，或使用的东西，作为未初始化空间的标志？

So, why does the machine fill the stack with this 0xCCCCCCCC? I've read that it is used by VC++, or something, as a mark for uninitialized space?

然后让我们说，我要放东西我的缓冲内...编译器或处理器决定把它在这个空间内的一些随机点，但是我看不到的为什么它会把它放在那里......

Then let's say I am going to put something inside my buffer... The compiler or processor decides to put it at some random point inside this space, but I can't see why it would put it there...

EBP-90   > CCCCCCCC  ÌÌÌÌ
EBP-8C   > CCCCCCCC  ÌÌÌÌ
EBP-88   > CCCCCCCC  ÌÌÌÌ
EBP-84   > 00000001  ...  ; Why this place?
EBP-80   > CCCCCCCC  ÌÌÌÌ
EBP-7C   > CCCCCCCC  ÌÌÌÌ
EBP-78   > 41414141  AAAA ; Why this far from both the top and bottom of the stack?
EBP-74   > CCCCCC00  .ÌÌÌ
EBP-70   > CCCCCCCC  ÌÌÌÌ
EBP-6C   > CCCCCCCC  ÌÌÌÌ

和...

EBP-14   > CCCCCCCC  ÌÌÌÌ
EBP-10   > CCCCCCCC  ÌÌÌÌ
EBP-C    > 00000000  ....  ; Why here?
EBP-8    > CCCCCCCC  ÌÌÌÌ
EBP-4    > 7EA7D069  iЧ~  ; I think this is some stack cookie stuff.
EBP ==>  >/0017FEA8  ¨þ.   ; Saved EBP.

授予的1和0的DWORD都存储在这里是因为一些if语句，但我只是想知道他们为什么都放在他们在哪里。如果有它背后的任何逻辑。

Granted the 1 and 0 dwords are stored here is because of some if statements, but i'm simply wondering why they are placed where they are. If there is any logic behind it.

感谢您。

推荐答案

您只是看到的由MSVC编译时使用/ RTC选项生成的code。这使得运行时检查，在调试版本默认开启。该值0xcccccccc是神奇的，它的非常的擅长，当你使用未初始化的指针崩溃程序。或者产生一个奇怪的 INT 的值。或崩溃的code当它香蕉开始，就好像它是code来执行数据。的0xCC是INT 3 x86指令，它会调用一个调试器休息。

You are just seeing the code that's generated by the MSVC compiler when you use the /RTC option. Which enables runtime checks, turned on by default in the debug build. The value 0xcccccccc is magical, it is very good at crashing your program when you use an uninitialized pointer. Or generate a weird int value. Or crash your code when it goes bananas and start to execute data as though it is code. 0xcc is the x86 instruction for INT 3, it invokes a debugger break.

在为什么这个地方是你/ RTC得到诊断的一部分。它使编译器分配局部变量用的额外的的空间，它们之间。通过神奇的价值填补。这使得它非常简单的诊断造成缓冲区溢出堆栈损坏，它只是需要检查魔法值仍然存在，当函数返回。

The "why this place" is part of the diagnostics you get from /RTC. It make the compiler allocate local variables with extra space between them. Filled by that magical value. Which makes it very simple to diagnose stack corruption caused by buffer overruns, it just needs to check if the magic values are still there when the function returns.

这篇关于为什么堆栈充满0xCCCCCCCC的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！