Have you ever seen the value 0xbad0b0b0 before? If you're analyzing kernel objects, you certainly will. Here is some information about this special value.
Regardless whether you use WinDbg or one of my Volatility plugins, sooner or later you will spot a strange pointer to a kernel object that reads 0xbad0b0b0. If you try to dereference it, you're extremely likely to fail. Though it looks like a legitimate kernel address, this value is a magic number.
Whenever the kernel destroys an object, it calls ObpFreeObject in order to deallocate the various parts of the _OBJECT_HEADER and its associated structures:
Whenever you come across that special value, you should assume that the object has been deallocated. But don't take anything for granted when dealing with malicious software. An adversary might have chosen 0xbad0b0b0 over of null bytes to wipe some information. The special value found in an uncommon location may give you a lead for your investigation. Seemingly destructed objects that still are in use should raise your suspicion, too.
