Why is the stack filled with 0xCCCCCCCC

Question

I\'m currently disassembling some small C programs made in Visual Studio 2012 Express, and i\'ve noticed a trend amongst the binaries.

The first set of instructions

Answer 1

You are just seeing the code that's generated by the MSVC compiler when you use the /RTC option. Which enables runtime checks, turned on by default in the debug build. The value 0xcccccccc is magical, it is very good at crashing your program when you use an uninitialized pointer. Or generate a weird int value. Or crash your code when it goes bananas and start to execute data as though it is code. 0xcc is the x86 instruction for INT 3, it invokes a debugger break.

The "why this place" is part of the diagnostics you get from /RTC. It make the compiler allocate local variables with extra space between them. Filled by that magical value. Which makes it very simple to diagnose stack corruption caused by buffer overruns, it just needs to check if the magic values are still there when the function returns.

Answer 2

I can not speak for Visual Studio, but some environments in which I've coded have deliberately filled the stack with a predetermined value (such as 0xcccccccc). This was done so that the stack could be scanned (starting from the bottom) to determine how much had not been used. On embedded systems where the amount of memory can be rather limited, this is rather useful during development so that the memory usage can be optimized.

Hope this helps.