CHAPTER 51. C++ CHAPTER 51. C++
A pointer to thedump()function is taken somewhere from the object. Where could we store the address of the new method?
Only somewhere in the constructors: there is no other place since nothing else is called in themain()function.^5
Let’s see the code of the constructor of theboxclass:
??_R0?AVbox@@@8 DD FLAT:??_7type_info@@6B@ ; box `RTTI Type Descriptor'
DD 00H
DB '.?AVbox@@', 00H
??_R1A@?0A@EA@box@@8 DD FLAT:??_R0?AVbox@@@8 ; box::`RTTI Base Class Descriptor at (0,-1,0,64)'
DD 01H
DD 00H
DD 0ffffffffH
DD 00H
DD 040H
DD FLAT:??_R3box@@8
??_R2box@@8 DD FLAT:??_R1A@?0A@EA@box@@8 ; box::`RTTI Base Class Array'
DD FLAT:??_R1A@?0A@EA@object@@8
??_R3box@@8 DD 00H ; box::`RTTI Class Hierarchy Descriptor'
DD 00H
DD 02H
DD FLAT:??_R2box@@8
??_R4box@@6B@ DD 00H ; box::`RTTI Complete Object Locator'
DD 00H
DD 00H
DD FLAT:??_R0?AVbox@@@8
DD FLAT:??_R3box@@8
??_7box@@6B@ DD FLAT:??_R4box@@6B@ ; box::`vftable'
DD FLAT:?dump@box@@UAEXXZ
_color$ = 8 ; size = 4
_width$ = 12 ; size = 4
_height$ = 16 ; size = 4
_depth$ = 20 ; size = 4
??0box@@QAE@HHHH@Z PROC ; box::box, COMDAT
; _this$ = ecx
push esi
mov esi, ecx
call ??0object@@QAE@XZ ; object::object
mov eax, DWORD PTR _color$[esp]
mov ecx, DWORD PTR _width$[esp]
mov edx, DWORD PTR _height$[esp]
mov DWORD PTR [esi+4], eax
mov eax, DWORD PTR _depth$[esp]
mov DWORD PTR [esi+16], eax
mov DWORD PTR [esi], OFFSET ??_7box@@6B@
mov DWORD PTR [esi+8], ecx
mov DWORD PTR [esi+12], edx
mov eax, esi
pop esi
ret 16
??0box@@QAE@HHHH@Z ENDP ; box::box
Here we see a slightly different memory layout: the first field is a pointer to some tablebox::`vftable'(the name was
set by the MSVC compiler).
In this table we see a link to a table namedbox::`RTTI Complete Object Locator'and also a link to thebox::dump()
method. These are called virtual methods table andRTTI^6. The table of virtual methods contains the addresses of methods
and theRTTItable contains information about types. By the way, theRTTItables are used while callingdynamic_castand
typeidin C++. You can also see here the class name as a plain text string. Thus, a method of the baseobjectclass may call
the virtual methodobject::dump(), which in turn will call a method of an inherited class, since that information is present
right in the object’s structure.
(^5) You can read more about pointers to functions in the relevant section:(23 on page 367)
(^6) Run-time type information