0xBAADF00D 값은 뭐? ㅋㅋ

Inside CRT: Debug Heap Management

참고 : http://www.codeguru.com/cpp/w-p/win32/tutorials/article.php/c9535

디버깅을 하다가 0xBAADF00D를 보게되었는데,
악성코드 제작자가 나름 의미를 부여해서 이용하는 값으로 생각했다.
그런데, 구글님께 물어보니 이런 정보가 나오네.

RtlHeapAllocate() 함수와 관련된 것으로 보인다.
0xBAADF00D는 아래에 나와있는 것처럼 Alloc 함수(LMEM_FIXED)를 통해 Heap을 생성한 경우에 기본적으로 메모리에 Assign 되어있는 값이다.

아래는 RtlAllocateHeap 을 통해 생성된 메모리 공간이다.

00AB36BC  0D F0 AD BA 0D F0 AD BA 0D F0 AD BA >.............>
00AB36CC  0D F0 AD BA 0D F0 AD BA 0D F0 AD BA >.............>
00AB36DC  0D F0 AD BA 0D F0 AD BA 0D F0 AD BA >.............>
00AB36EC  0D F0 AD BA 0D F0 AD BA 0D F0 AD BA >.............>
00AB36FC  0D F0 AD BA 0D F0 AD BA 0D F0 AD BA >.............>
00AB370C  0D F0 AD BA 0D F0 AD BA 0D F0 AD BA >............ >

아래의 표처럼 어떤 방식으로 메모리가 생성되었는지에 따라 버퍼(Heap)의 기본 값이 정해진다. 스택에 대해서는 해당되지 않을 것으로 추정된다.

---

When you compile a debug build of your program with Visual Studio and run it in debugger, you can see that the memory allocated or deallocated has funny values, such as 0xCDCDCDCD or 0xDDDDDDDD. This is the result of the work Microsoft has put in to detect memory corruption and leaks in the Win32 platform. In this article, I will explain how memory allocation/deallocation is done via new/delete or malloc/free.

First, I will explain what all these values that you see, like CD, DD, and so forth, mean.

Value	Name	Description
0xCD	Clean Memory	Allocated memory via malloc or new but never written by the application.
0xDD	Dead Memory	Memory that has been released with delete or free. It is used to detect writing through dangling pointers.
0xFD	Fence Memory	Also known as "no mans land." This is used to wrap the allocated memory (like surrounding it with fences) and is used to detect indexing arrays out of bounds.
0xAB	(Allocated Block?)	Memory allocated by LocalAlloc().
0xBAADF00D	Bad Food	Memory allocated by LocalAlloc() with LMEM_FIXED, but not yet written to.
0xCC		When the code is compiled with the /GZ option, uninitialized variables are automatically assigned to this value (at byte level).

If you take a look at DBGHEAP.C, you can see how some of these values are defined:

static unsigned char _bNoMansLandFill = 0xFD;   /* fill no-man's land with this */

static unsigned char _bDeadLandFill   = 0xDD;   /* fill free objects with this */

static unsigned char _bCleanLandFill  = 0xCD;   /* fill new objects with this */