2

Take a look at the following code:

void f()
{
}

I compiled this in Visual Studio 2013, debug, 32-bit mode and looked at the dissassembly.

void f()
{
00304CB0  push        ebp  
00304CB1  mov         ebp,esp  
00304CB3  sub         esp,0C0h  
00304CB9  push        ebx  
00304CBA  push        esi  
00304CBB  push        edi  
00304CBC  lea         edi,[ebp-0C0h]  
00304CC2  mov         ecx,30h  
00304CC7  mov         eax,0CCCCCCCCh  
00304CCC  rep stos    dword ptr es:[edi]  
}
00304CCE  pop         edi  
00304CCF  pop         esi  
00304CD0  pop         ebx  
00304CD1  mov         esp,ebp  
00304CD3  pop         ebp  
00304CD4  ret

What is the purpose of the rep stos instruction?

I'm just curious.

Neil Kirk
  • 21,327
  • 9
  • 53
  • 91
  • 2
    When building debug variants, the VC++ compiler stores 0xcc in all uninitialized data. That is what's being done here. – Some programmer dude Dec 16 '14 at 11:47
  • Does anybody know why the segment ES is used in "rep stos dword ptr es:[edi] " ? I know that it's the same as other segments. – Elliot Mar 16 '18 at 10:53

1 Answers1

8

The rep stos instruction writes the value in eax starting at the address pointed to by edi (your local stack in this case), ecx (0x30) times. The value in eax is 0xcccccccc which is a magic number chosen by microsoft to indicate uninitialized memory. The debugger will catch you if you try and dereference a pointer from this memory. This extra diagnostic checking is enabled by the /RTCu option.

Now you might ask why, with an empty function body, any memory would be reserved on the local stack. This is because you have edit and continue turned on with the /ZI option. The compiler is just setting aside some space in case you decide to use it in a debug session.

jaket
  • 9,140
  • 2
  • 25
  • 44
  • 1
    Reason for filling unitialized memory with 0xCC http://stackoverflow.com/questions/370195/when-and-why-will-an-os-initialise-memory-to-0xcd-0xdd-etc-on-malloc-free-new – phuclv Dec 16 '14 at 12:49