Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

0xDEADBEEF

376 views
Skip to first unread message

Chad David

unread,
Jun 13, 1997, 3:00:00 AM6/13/97
to

I am look for some historical information. In the last few years
I have come across the Hex value DEADBEEF in memory dumps and OS
code, I even found it is an Oracle 7 dump this week. I am assuming
that it is used because it is easy to see in a dump, but does
anybody know where it came from, ie. why DEADBEEF??

Thanks.

Chad David
ACNS Inc.
dav...@acns.ab.ca

peter hakanson

unread,
Jun 15, 1997, 3:00:00 AM6/15/97
to

It was present in aix 2 (on PC/RT).

The intention was to fill all non-initialized areas
of a program with a uniq pattern. Any reference to
uninitialized data or jump into would be easily
tracable.(As opposed to leaving it in random state
or zeroed).

The word DEADBEEF was (in my opinion) a good joke.

Another feature that was not present in aix 2 is to
map page zero no-access. With that mechanism every
reference to a pointer with zero value would get
could at once. (first appeared in VMS i think).now
present in bsd and some other.

Peter håkanson

Chad David (dav...@enernet.com) wrote:
: I am look for some historical information. In the last few years

: Thanks.

--
Unsolicited commercial/propaganda email subject to legal action. Under US
Code Title 47, Sec.227(a)(2)(B), Sec.227(b)(1)(C), and Sec.227(b)(3)(C), a
State may impose a fine of not less than $500 per message. Read the full
text of Title 47 Sec 227 at http://www.law.cornell.edu/uscode/47/227.html

<peter....@vtd.volvo.se> (remove ".devnull" before use!)
Peter Håkanson,Volvo Technological Development. Dep 6970,Gothenburg

Eric Levenez

unread,
Jun 15, 1997, 3:00:00 AM6/15/97
to

Chad David <dav...@enernet.com> wrote:
> I am look for some historical information. In the last few years
> I have come across the Hex value DEADBEEF in memory dumps and OS
> code, I even found it is an Oracle 7 dump this week. I am assuming
> that it is used because it is easy to see in a dump, but does
> anybody know where it came from, ie. why DEADBEEF??

Sometime it is better to have a pattern other that 0x00000000 because
it is simpler to track wrong pointers. By default, all memory are
filled with this pattern, so it is simpler to see if someone wrote
in it or not.

The DEADBEEF comes from IBM, the name was given because IBM is in Texas.

--

--------------------------------------------------------------------
Éric Lévénez "Felix qui potuit rerum cognoscere causas"
mailto:lev...@club-internet.fr Publius Vergilius Maro,
(NeXTMail, MIME) Georgica, II-489
--------------------------------------------------------------------

Mark Whetzel

unread,
Jun 19, 1997, 3:00:00 AM6/19/97
to

Eric Levenez <lev...@club-internet.fr> wrote:
: > anybody know where it came from, ie. why DEADBEEF??

The DEADBEEF Hex value did indeed start with AIX Version2 on the RT.
Memory fill of just malloc'ed pages are filled with that pattern.

: Sometime it is better to have a pattern other that 0x00000000 because


: it is simpler to track wrong pointers. By default, all memory are
: filled with this pattern, so it is simpler to see if someone wrote
: in it or not.

Indeed. Tracing down uninitialized pointers is a lot easier.

: The DEADBEEF comes from IBM, the name was given because IBM is in Texas.

ACTUALLY... only the WORKSTATION division was in Austin Texas.. IBM itself
is widely scattered across the US and the world.

Is'nt Armonk, NY. the home of IBM?

--
Mark Whetzel My comments are my own, not my company's.
Western Geophysical - A division of Western Atlas International Inc.,
A Subsidary of Western Atlas Inc. DOMAIN addr: mark.w...@waii.com
VOICE: (713) 963-2544 FAX: (713) 963-2758

mout...@ferrum.metalmat.ufrj.br

unread,
Jun 20, 1997, 3:00:00 AM6/20/97
to

On Fri, 13 Jun 1997, Chad David wrote:

> I am look for some historical information. In the last few years
> I have come across the Hex value DEADBEEF in memory dumps and OS
> code, I even found it is an Oracle 7 dump this week. I am assuming
> that it is used because it is easy to see in a dump, but does

> anybody know where it came from, ie. why DEADBEEF??

From the AIX-FAQ:

----------------------------------------------------------------------

2.16: What is deadbeef?

When running the debugger (dbx), you may have wondered what the
'deadbeef' is you occasionally see in registers. Do note, that
0xdeadbeef is a hexadecimal number that also happens to be some kind
of word (the RS/6000 was built in Texas!), and this hexadecimal number
is simply put into unused registers at some time, probably during
program startup.

----------------------------------------------------------------------


All the best,

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Renato Moutinho Silva - mout...@metalmat.ufrj.br
Universidade Federal do Rio de Janeiro
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

" The software said it requires Windows 95 or better, so I installed Linux "


Michael Wojcik

unread,
Jun 25, 1997, 3:00:00 AM6/25/97
to

In article <5oc2d0$1flg$1...@mail1.wg.waii.com> Mark Whetzel <ma...@zeus.wg.waii.com> writes:
>Eric Levenez <lev...@club-internet.fr> wrote:
>: > anybody know where it came from, ie. why DEADBEEF??
>
>The DEADBEEF Hex value did indeed start with AIX Version2 on the RT.
>Memory fill of just malloc'ed pages are filled with that pattern.
>
>: Sometime it is better to have a pattern other that 0x00000000 because
>: it is simpler to track wrong pointers. By default, all memory are
>: filled with this pattern, so it is simpler to see if someone wrote
>: in it or not.
>
>Indeed. Tracing down uninitialized pointers is a lot easier.
>
>: The DEADBEEF comes from IBM, the name was given because IBM is in Texas.
>
>ACTUALLY... only the WORKSTATION division was in Austin Texas.. IBM itself
>is widely scattered across the US and the world.
>
>Is'nt Armonk, NY. the home of IBM?

Ah, the perennial "deadbeef" thread... this *is* in the AIX FAQ, by
the way. (Item 2.16, which is in Part 4 of the FAQ in the version
I currently have.)

As I recall from my IBM days (in Cambridge, MA), either early RTs
or early RS/6Ks (possibly both -- can't remember for sure) had in
place of the IBM logo a little badge with a guy in a cowboy hat
and a couple of stars -- a sort of internal logo for the Austin
group.

But deadbeef is there as much because it's a word that can be
"spelled" in hex as for any other reason. AIX also sports the
"0xbadca11" for invalid code addresses and "0xdeadc0de" for
some other condition (I don't believe those are in the FAQ).

There are, of course, many English words that can more-or-less
be spelled out in hex; I posted a list when this subject came up
a couple of years ago. For example:

------ from <3vj1a6$j...@hyperion.mfltd.co.uk>, 95/07/31 ------

When you start using 1 as "l" and 0 as "o", and allowing shorter words
by omitting leading 0s (as in 0xbadca11), possibilites abound:

- 0xacc01ade, which you might initialize memory to if you want to
reward your out-of-bounds checking code
- 0xb01dface to make those memory errors stand out
- 0xaffab1e if it's not really an important memory error
- 0xdebac1e if it is
- 0xa1fa1fa to 0xfeed all that 0xbeef before it dies
- 0xfa110ff when you trace the stack back a little too far...
- 0x0ff10ad if you're using an ICE
- 0xbabb1e because "GIGO" is tough to represent in hex
- 0xc0ffee when it's time for an extra cup (try the 0xcafe)
- 0xc0bb1e, which is how you put your code together, unless
- 0xd00d1e and 0xdabb1e is
- 0xdec0de, since you didn't 0xc0de right in the first place
- 0xfacade and 0xfeeb1e -- more trenchant analysis

The end result, of course, is that you're going to 0xcedeface if
these show up in your code.

------ end quote ------

I found most of these just by grep'ing through /usr/dict/words
with the appropriate substitutions. And people complain that
there aren't enough games for Unix...

Some languages are tougher, even allowing Romanization and
omitting diacritical marks. Take Japanese, for example. If
we use a *very* liberal and nonstandard Romanization, we might
allow the following "hex romaji":

- a and e are taken directly from hex
- use 1 for "i" and 0 for "o"
- use c for "ka", etc. -- except that no Romanization would
pronounce "ce" and "ci" correctly, which leaves us with just
"ca" and "c0" in ka-gyoo
- use 6 for "ga", etc., treating 6 as a capital G
- use b for "ba", etc.
- use d for "da", etc.
- use 1 for "ra", etc., transliterating Japanese ra-gyoo with
an "l" instead of an "r", though this makes "ri" almost
unrecognizable (it comes out as "11")
- use 5 for "sa", etc., though this is a real stretch
- transliterate phonemes like "shi" without the English double
consonant: "si", etc. This lets us use "51" for "shi" (sort
of) and "c1" for "chi".
- we might, in some circumstances, allow eliding a final "u"
sound, as is often done in spoken Japanese

This gives us Japanese phonemes: a, i, e, o, ka, ko, ga, gi, ge,
go, ba, bi, be, bo, da, de, do, ra, ri, re, ro, sa, si, se, so, chi,
and at the end of a word ku, gu, fu, ru, su

So, for example, we might have:

- 0xEE500DA ("ee, soo da" -- "yes, that's right")
- 0xBE1C0C ("beikoku" -- one of the words for the US)

Other words (and languages) are left as an exercise for the reader.

Michael Wojcik m...@microfocus.com
AAI Development, Micro Focus Inc.
Department of English, Miami University

0 new messages