直接调用类成员函数地址 （你不知道的事）

void GetMemberFuncAddr_VC6(DWORD& addr,Fun f)
{
union
{
Fun _f;
DWORD   _t;
}ut;

ut._f = f;

addr = ut._t;
}
//调用
DWORD dwAddrPtr;GetMemberFuncAddr_VC6(dwAddrPtr, &CInstall_mfcDlg::ContinueExe );
//反汇编代码Release版
//函数首地址
00401570   $  83EC 08       sub esp,0x8
00401573   .  53            push ebx
00401574   .  56            push esi
00401575   .  57            push edi
00401576   .  8D4424 10     lea eax,dword ptr ss:[esp+0x10]
0040157A   .  68 70154000   push server.00401570                                       ;  入口地址
0040157F   .  50            push eax
00401580   .  8BF9          mov edi,ecx
00401582   .  E8 D9FFFFFF   call server.00401560

//反汇编代码Debug版
//函数首地址
004E2F49   $ /E9 D2180100   jmp install_.CInstall_mfcDlg::ContinueExeafileleControlSit>（相比release版多了一个jmp）

004F4820 > > \55            push ebp
004F4821   .  8BEC          mov ebp,esp
004F4823   .  81EC 98010000 sub esp,0x198
004F4829   .  53            push ebx
004F482A   .  56            push esi
004F482B   .  57            push edi
004F482C   .  51            push ecx
004F482D   .  8DBD 68FEFFFF lea edi,dword ptr ss:[ebp-0x198]
004F4833   .  B9 66000000   mov ecx,0x66
004F4838   .  B8 CCCCCCCC   mov eax,0xCCCCCCCC
004F483D   .  F3:AB         rep stos dword ptr es:[edi]
004F483F   .  59            pop ecx
004F4840   .  894D F8       mov dword ptr ss:[ebp-0x8],ecx
004F4843   .  C745 EC 492F4>mov dword ptr ss:[ebp-0x14],install_.004E2F49                 ;  入口地址
004F484A   .  C745 E0 00000>mov dword ptr ss:[ebp-0x20],0x0
004F4851   ?  68 492F4E00   push install_.004E2F49      (这个地址变了)                    ;  入口地址
004F4856   ?  8D45 D4       lea eax,dword ptr ss:[ebp-0x2C]
004F4859   ?  50            push eax
004F485A   ?  E8 9EECFEFF   call install_.004E34FD

//原文地址： http://www.vckbase.com/document/viewdoc/?id=1818