Re: vtable issue
- From: "Doug Harrison [MVP]" <dsh@xxxxxxxx>
- Date: Thu, 18 Sep 2008 20:54:03 -0500
On Thu, 18 Sep 2008 04:46:01 -0700, George
<George@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Two more comments,
1.
In the code below, why there are 3 times of indirection (indirection I mean
get the content pointed to by something, like indirect content access in
C/C++ using pointer), means p-->eax-->edx-->eax, how vtable is organized in
such way... :-)
00411D9D mov eax,dword ptr [p]
00411DA0 mov edx,dword ptr [eax]
00411DA2 mov esi,esp
00411DA4 mov ecx,dword ptr [p]
00411DA7 mov eax,dword ptr [edx]
00411DA9 call eax
2.
Why we need to call mov ecx,dword ptr [p], I find it is not very useful here.
IIRC, ecx holds the "this" pointer when calling a non-static member
function. See __thiscall for more.
These articles may help you decipher assembly:
http://www.microsoft.com/msj/0298/hood0298.aspx
http://www.microsoft.com/msj/0698/hood0698.aspx
If you get any deeper into how the compiler implements vtbls and whatnot,
see:
http://www.openrce.org/articles/files/jangrayhood.pdf
The last one used to be on MSDN, but I can't find it right now.
--
Doug Harrison
Visual C++ MVP
.
- Follow-Ups:
- Re: vtable issue
- From: Alex Blekhman
- Re: vtable issue
- From: Alex Blekhman
- Re: vtable issue
- From: George
- Re: vtable issue
- References:
- vtable issue
- From: George
- Re: vtable issue
- From: dertopper
- Re: vtable issue
- From: George
- Re: vtable issue
- From: Manish Agarwal
- Re: vtable issue
- From: George
- Re: vtable issue
- From: Manish Agarwal
- Re: vtable issue
- From: George
- vtable issue
- Prev by Date: Re: Security related problems using the Outlook object model
- Next by Date: Re: WinInet issue
- Previous by thread: Re: vtable issue
- Next by thread: Re: vtable issue
- Index(es):
Relevant Pages
|
