返回目录
网上资料比较少,ms还是有研究的价值 ^_^
相关资源:
Reversing Microsoft Visual C++ Part II: Classes, Methods and RTTI
Reversing C++
C++的RTTI一旦遇上了多重和虚继承,简直就是噩梦 -.-
这里介绍一下VC中用来表示RTTI的内部数据结构(具体可以参考《Reversing C++》里的描述)。利用下面的程序可以察看多态类的RTTI信息,我们可以借此熟悉一下RTTI到底长什么样子 :-)
#include <windows.h>
#include <iostream>
using namespace std;
#include <typeinfo>
using std::type_info;
typedef type_info TypeDescriptor;
struct PMD
{
ptrdiff_t mdisp; //vftable offset
ptrdiff_t pdisp; //vbtable offset
ptrdiff_t vdisp; //vftable offset (for virtual base class)
void Output();
};
struct _s_RTTICompleteObjectLocator;
struct _s_RTTIClassHierarchyDescriptor;
struct _s_RTTIBaseClassDescriptor;
struct _s_RTTICompleteObjectLocator
{
DWORD signature;
DWORD offset; //vftable offset to this
DWORD cdOffset;
TypeDescriptor *pTypeDescriptor;
_s_RTTIClassHierarchyDescriptor *pClassHierarchyDescriptor;
void Output(size_t tabs);
};
struct _s_RTTIClassHierarchyDescriptor
{
DWORD signature;
DWORD attributes; //bit 0 multiple inheritance, bit 1 virtual inheritance
size_t numBaseClasses; //at least 1 (all base classes, including itself)
_s_RTTIBaseClassDescriptor **pBaseClassArray;
void Output(size_t tabs);
};
struct _s_RTTIBaseClassDescriptor
{
TypeDescriptor *pTypeDescriptor;
size_t numBaseClasses; //direct base classes
PMD pmd; //Len=0xC
DWORD attributes;
_s_RTTIClassHierarchyDescriptor *pClassHierarchyDescriptor; //of this base class
void Output(size_t tabs);
};
void PMD::Ou
网上资料比较少,ms还是有研究的价值 ^_^
相关资源:
Reversing Microsoft Visual C++ Part II: Classes, Methods and RTTI
Reversing C++
C++的RTTI一旦遇上了多重和虚继承,简直就是噩梦 -.-
这里介绍一下VC中用来表示RTTI的内部数据结构(具体可以参考《Reversing C++》里的描述)。利用下面的程序可以察看多态类的RTTI信息,我们可以借此熟悉一下RTTI到底长什么样子 :-)
#include <windows.h>
#include <iostream>
using namespace std;
#include <typeinfo>
using std::type_info;
typedef type_info TypeDescriptor;
struct PMD
{
ptrdiff_t mdisp; //vftable offset
ptrdiff_t pdisp; //vbtable offset
ptrdiff_t vdisp; //vftable offset (for virtual base class)
void Output();
};
struct _s_RTTICompleteObjectLocator;
struct _s_RTTIClassHierarchyDescriptor;
struct _s_RTTIBaseClassDescriptor;
struct _s_RTTICompleteObjectLocator
{
DWORD signature;
DWORD offset; //vftable offset to this
DWORD cdOffset;
TypeDescriptor *pTypeDescriptor;
_s_RTTIClassHierarchyDescriptor *pClassHierarchyDescriptor;
void Output(size_t tabs);
};
struct _s_RTTIClassHierarchyDescriptor
{
DWORD signature;
DWORD attributes; //bit 0 multiple inheritance, bit 1 virtual inheritance
size_t numBaseClasses; //at least 1 (all base classes, including itself)
_s_RTTIBaseClassDescriptor **pBaseClassArray;
void Output(size_t tabs);
};
struct _s_RTTIBaseClassDescriptor
{
TypeDescriptor *pTypeDescriptor;
size_t numBaseClasses; //direct base classes
PMD pmd; //Len=0xC
DWORD attributes;
_s_RTTIClassHierarchyDescriptor *pClassHierarchyDescriptor; //of this base class
void Output(size_t tabs);
};
void PMD::Ou