Debug Build and Fuzzing Tip

I always use debug build when i fuzz a product for which i have access to the source code. Yes at few times i used to get bugs in some debug code but most of the time i have triggered few uninitialized variable and other memory related issues quite easily. I usually use the Microsoft Visual Studio Debug option to build the source. The speciality with the Debug build is, compiler emits lot of extra code to initialize the pointers. There are lot of magic values emitted in the debug build.

* 0xABABABAB : Used by Microsoft's HeapAlloc() to mark "no man's land" guard bytes after allocated heap memory
* 0xABADCAFE : A startup to this value to initialize all free memory to catch errant pointers
* 0xBAADF00D : Used by Microsoft's LocalAlloc(LMEM_FIXED) to mark uninitialised allocated heap memory
* 0xBADCAB1E : Error Code returned to the Microsoft eVC debugger when connection is severed to the debugger
* 0xBEEFCACE : Used by Microsoft .NET as a magic number in resource files
* 0xCCCCCCCC : Used by Microsoft's C++ debugging runtime library to mark uninitialised stack memory
* 0xCDCDCDCD : Used by Microsoft's C++ debugging runtime library to mark uninitialised heap memory
* 0xDEADDEAD : A Microsoft Windows STOP Error code used when the user manually initiates the crash.
* 0xFDFDFDFD : Used by Microsoft's C++ debugging heap to mark "no man's land" guard bytes before and after allocated heap memory
* 0xFEEEFEEE : Used by Microsoft's HeapFree() to mark freed heap memory
 

Other interesting links.
    http://stackoverflow.com/questions/127386/in-visual-studio-c-what-are-the-memory-allocation-representations
    http://en.wikipedia.org/wiki/Magic_number_(programming)
    http://www.nobugs.org/developer/win32/debug_crt_heap.html#table
   

 
Advertisements
This entry was posted in C/C++, Code review experiance, Fuzzing and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s