C++虚函数表分析
2014-10-13 13:52
211 查看
在<<逆向C++>>一文中提到 VC6.0 以上的编译器支持一个d1reportAllClassLayout的开关, 可以输出所有对象的内存布局信息, 我自己常用vs2005来开发,所以这里我就以vs2005为例讲怎么设置d1reportAllClassLayout。
右键项目属性(Properties)—》配制属性(Configuration Properties)—》C/C++--》命令行(Command Line)的框里输入/d1reportAllClassLayout,即可看类的对象布局,如下图:(当然也可以使用命令行:cl –d1reportSingleClassLayout[classname] test.cpp)
测试代码:
总结:
继承方式:非virtual继承:导入各个父类的结构(按照父类声明的顺序,从上到下),自身member在最后
重写virtual方法:更新该方法最早定义的类的vftable
新的virtual方法:在最左父类的vftable增加
继承方式:有virtual继承:在自身member后增加virtual父类的结构(按照子类继承的顺序从左到右),同时在最前面增加vbtable(如果没有的话),增加一项指向父类结构
重写virtual方法:更新该方法的最早定义的类的vftable
新的virtual方法:在自身最前面增加vftable(如果没有的话),在自己的vftable增加
附 所有源码:
右键项目属性(Properties)—》配制属性(Configuration Properties)—》C/C++--》命令行(Command Line)的框里输入/d1reportAllClassLayout,即可看类的对象布局,如下图:(当然也可以使用命令行:cl –d1reportSingleClassLayout[classname] test.cpp)
测试代码:
class CBase
{
public:
virtual void fun(void) {}
private:
int m_valuable;
};输出结果:class CBase size(8):
+---
0 | {vfptr}
4 | m_valuable
+---
CBase::$vftable@:
| &CBase_meta
| 0
0 | &CBase::fun
CBase::fun this adjustor: 0CDerived:非virtual继承CBase,持有一个virtual重写方法和一个virtual新方法,一个成员变量
class CDerived: public CBase
{
public:
void fun(void) { }
virtual void vfun(void) { }
public:
int m_derived;
};
编译后输出结果:
class CDerived size(12):
+---
| +--- (base class CBase)
0 | | {vfptr}
4 | | m_valuable
| +---
8 | m_derived
+---
CDerived::$vftable@:
| &CDerived_meta
| 0
0 | &CDerived::fun
1 | &CDerived::vfun
CDerived::fun this adjustor: 0
CDerived::vfun this adjustor: 0
其中vftable@CBase的CBase::fun项在这里更新为CDerived::fun,同时增加了一项CDerived::vfun。
CDerived2:virtual继承CBase,持有一个virtual重写方法和一个virtual新方法,一个成员变量,因此结构为vftable@自身,vbtable@自身,member@自身,以及CBase结构。
总结:
class CDerived2: virtual public CBase
{
public:
void fun(void) { }
virtual void vfun(void) { }
public:
int m_derived;
};
结果输出:
class CDerived2 size(20):
+---
0 | {vfptr}
4 | {vbptr}
8 | m_derived
+---
+--- (virtual base CBase)
12 | {vfptr}
16 | m_valuable
+---
CDerived2::$vftable@CDerived2@:
| &CDerived2_meta
| 0
0 | &CDerived2::vfun
CDerived2::$vbtable@:
0 | -4
1 | 8 (CDerived2d(CDerived2+4)CBase)
CDerived2::$vftable@CBase@:
| -12
0 | &CDerived2::fun
CDerived2::fun this adjustor: 12
CDerived2::vfun this adjustor: 0
vbi: class offset o.vbptr o.vbte fVtorDisp
CBase 12 4 4 0
其中vftable@自身只有一项:CDerived2::vfun(),vbtable@自身只有一项:它virtual继承的父类CBase,而vftable@CBase原来的CBase::fun更新为CDerived2::fun。
CDerived3:virtual继承CBase,因此结构为vbtable@自身,member@自身,CBase结构
class CDerived3: virtual public CBase
{
public:
void fun(void) { }
public:
int m_derived3;
};
结果输出:
class CDerived3 size(16):
+---
0 | {vbptr}
4 | m_derived3
+---
+--- (virtual base CBase)
8 | {vfptr}
12 | m_valuable
+---
CDerived3::$vbtable@:
0 | 0
1 | 8 (CDerived3d(CDerived3+0)CBase)
CDerived3::$vftable@:
| -8
0 | &CDerived3::fun
CDerived3::fun this adjustor: 8
vbi: class offset o.vbptr o.vbte fVtorDisp
CBase 8 0 4 0
CGDerived:继承CDerived2、CDerived3
class CGDerived: public CDerived2, public CDerived3
{
public:
void vfun() { }
virtual void vgfun() { }
public:
int m_gd;
};
输出:
class CGDerived size(32):
+---
| +--- (base class CDerived2)
0 | | {vfptr}
4 | | {vbptr}
8 | | m_derived
| +---
| +--- (base class CDerived3)
12 | | {vbptr}
16 | | m_derived3
| +---
20 | m_gd
+---
+--- (virtual base CBase)
24 | {vfptr}
28 | m_valuable
+---
CGDerived::$vftable@CDerived2@:
| &CGDerived_meta
| 0
0 | &CGDerived::vfun
1 | &CGDerived::vgfun
CGDerived::$vbtable@CDerived2@:
0 | -4
1 | 20 (CGDerivedd(CDerived2+4)CBase)
CGDerived::$vbtable@CDerived3@:
0 | 0
1 | 12 (CGDerivedd(CDerived3+0)CBase)
CGDerived::$vftable@CBase@:
| -24
0 | &thunk: this-=12; goto CDerived2::fun
CGDerived::vfun this adjustor: 0
CGDerived::vgfun this adjustor: 0
vbi: class offset o.vbptr o.vbte fVtorDisp
CBase 24 4 4 0
因此首先是CDerived2的结构和CDerived3的结构,自己的新virtual方法vgfun则添加在最左父类CDerived2的虚函数表中。然后是自己的成员。最后,CDerived2和CDerived3的父类CBase结构也带入其中。它的fun默认指向CGDerived的最左父类CDerived2::fun。
CGG:继承CGDerived
class CGG: public CGDerived
{
public:
int m_kc;
};
输出:
class CGG size(36):
+---
| +--- (base class CGDerived)
| | +--- (base class CDerived2)
0 | | | {vfptr}
4 | | | {vbptr}
8 | | | m_derived
| | +---
| | +--- (base class CDerived3)
12 | | | {vbptr}
16 | | | m_derived3
| | +---
20 | | m_gd
| +---
24 | m_kc
+---
+--- (virtual base CBase)
28 | {vfptr}
32 | m_valuable
+---
CGG::$vftable@CDerived2@:
| &CGG_meta
| 0
0 | &CGDerived::vfun
1 | &CGDerived::vgfun
CGG::$vbtable@CDerived2@:
0 | -4
1 | 24 (CGGd(CDerived2+4)CBase)
CGG::$vbtable@CDerived3@:
0 | 0
1 | 16 (CGGd(CDerived3+0)CBase)
CGG::$vftable@CBase@:
| -28
0 | &thunk: this-=16; goto CDerived2::fun
vbi: class offset o.vbptr o.vbte fVtorDisp
CBase 28 4 4 0
增加一个变量,基本只是把CGDerived的结构再套一层,最后加上自己的成员变量。vbtable所指向的父类结构依然在最后。
空类
class CBase2
{
};
输出:
class CBase2 size(1):
+---
+---
CD2:virtual继承则一定会创建vbtable,用vbptr指针指向,因此size为4
class CD2: virtual public CBase2
{
};
输出:
class CD2 size(4):
+---
0 | {vbptr}
+---
+--- (virtual base CBase2)
+---
CD2::$vbtable@:
0 | 0
1 | 4 (CD2d(CD2+0)CBase2)
vbi: class offset o.vbptr o.vbte fVtorDisp
CBase2 4 0 4 0
CE:非virtual继承CD2和CDerived2,于是按照类的声明顺序,先带入CDerived2的结构,再带入CD2的结构(而不是按继承顺序)
class CE: public CD2, public CDerived2
{
};
输出:
class CE size(24):
+---
| +--- (base class CDerived2)
0 | | {vfptr}
4 | | {vbptr}
8 | | m_derived
| +---
| +--- (base class CD2)
12 | | {vbptr}
| +---
+---
+--- (virtual base CBase2)
+---
+--- (virtual base CBase)
16 | {vfptr}
20 | m_valuable
+---
CE::$vftable@CDerived2@:
| &CE_meta
| 0
0 | &CDerived2::vfun
CE::$vbtable@CD2@:
0 | 0
1 | 4 (CEd(CD2+0)CBase2)
2 | 4 (CEd(CE+12)CBase)
CE::$vbtable@CDerived2@:
0 | -4
1 | 12 (CEd(CDerived2+4)CBase)
CE::$vftable@CBase@:
| -16
0 | &thunk: this-=4; goto CDerived2::fun
vbi: class offset o.vbptr o.vbte fVtorDisp
CBase2 16 12 4 0
CBase 16 12 8 0
CF:virtual继承CBase和CBase2,vbtable此时的项便有两个,此时按照继承的顺序,而不是按照类的声明顺序
class CF: virtual public CBase2, virtual public CBase
{
};
输出:
class CF size(12):
+---
0 | {vbptr}
+---
+--- (virtual base CBase2)
+---
+--- (virtual base CBase)
4 | {vfptr}
8 | m_valuable
+---
CF::$vbtable@:
0 | 0
1 | 4 (CFd(CF+0)CBase2)
2 | 4 (CFd(CF+0)CBase)
CF::$vftable@:
| -4
0 | &CBase::fun
vbi: class offset o.vbptr o.vbte fVtorDisp
CBase2 4 0 4 0
CBase 4 0 8 0总结:
继承方式:非virtual继承:导入各个父类的结构(按照父类声明的顺序,从上到下),自身member在最后
重写virtual方法:更新该方法最早定义的类的vftable
新的virtual方法:在最左父类的vftable增加
继承方式:有virtual继承:在自身member后增加virtual父类的结构(按照子类继承的顺序从左到右),同时在最前面增加vbtable(如果没有的话),增加一项指向父类结构
重写virtual方法:更新该方法的最早定义的类的vftable
新的virtual方法:在自身最前面增加vftable(如果没有的话),在自己的vftable增加
附 所有源码:
#ifndef TEST_CBASE_H
#define TEST_CBASE_H
class CBase
{
public:
CBase();
explicit CBase(int valuabel);
~CBase();
virtual void fun(void) {}
private:
int m_valuable;
};
class CDerived: public CBase
{
public:
void fun(void) { }
virtual void vfun(void) { }
public:
int m_derived;
};
class CDerived2: virtual public CBase
{
public:
void fun(void) { }
virtual void vfun(void) { }
public:
int m_derived;
};
class CDerived3: virtual public CBase
{
public:
void fun(void) { }
public:
int m_derived3;
};
class CGDerived: public CDerived2, public CDerived3
{
public:
void vfun() { }
virtual void vgfun() { }
public:
int m_gd;
};
class CGG: public CGDerived
{
public:
int m_kc;
};
class CBase2
{
};
class CD2: virtual public CBase2
{
};
class CE: public CD2, public CDerived2
{
};
class CF: virtual public CBase2, virtual public CBase
{
};
#endif//TEST_CBASE_H
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 博客推荐——C++虚函数表解析以及钻石继承分析
- C++虚函数表分析
- [程序员面试]C++虚函数表详细解释及实例分析
- 深入分析c++虚函数表
- 深入分析C++虚函数表
- C++多态性分析之虚函数表
- C++虚函数表分析
- C++对象模型和虚函数表分析以及重载、重写、隐藏的区别
- [程序员面试]C++虚函数表详细解释及实例分析
- C++虚函数表详细解释及实例分析
- C++ sizeof 使用规则及陷阱分析
- CppEval - 一个 C++ 的表达式分析库
- C++中函数中参数和返回值都是用户定义类型(这里主要是类的情况时的分析)
- C++学习重点分析
- C++学习重点分析
- 【分析】C++中通过溢出覆盖虚函数指针列表执行代码
- C++学习重点分析
- C++代码静态分析工具-Prefast
- c++ 的词法分析
- C++中继承的可见性分析