[Reversing] 생성 방식에 따른 메모리 기본값

[Reversing] 메모리 생성 방식에 따라 버퍼 기본값 변화

참조

> https://www.codeguru.com/cpp/w-p/win32/tutorials/article.php/c9535/Inside-CRT-Debug-Heap-Management.htm

CVE-2017-8291 취약점에서의 Postscript aload 연산자를 살펴보던 중 0x020EADBA or 0x0DF0ADBA 같은 값이 있어 찾아본다.

메모리 생성 방식에 따라 버퍼의 기본 값이 정해진다.

HeapAlloc() 호출 후 메모리를 보면 아래와 같다.

ex) 주소 HeapAlloc () 이후 00320FD8 09 00 09 01 00320FDC E8 07 18 00 00320FE0 0D F0 AD BA 00320FE4 0D F0 AD BA 00320FE8 0D F0 AD BA 00320FEC 0D F0 AD BA 00320FF0 0D F0 AD BA 00320FF4 0D F0 AD BA 00320FF8 0D F0 AD BA

Value Name Description 0xCD Clean Memory Allocated memory via malloc or new but never written by the application. 0xDD Dead Memory Memory that has been released with delete or free. It is used to detect writing through dangling pointers. 0xFD Fence Memory Also known as "no mans land." This is used to wrap the allocated memory (like surrounding it with fences) and is used to detect indexing arrays out of bounds. 0xAB (Allocated Block?) Memory allocated by LocalAlloc(). 0xBAADF00D Bad Food Memory allocated by LocalAlloc() with LMEM_FIXED, but not yet written to. 0xCC   When the code is compiled with the /GZ option, uninitialized variables are automatically assigned to this value (at byte level).