提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
前言
c++ 虚函数表是老生常谈的问题,都知道继承中有虚函数的存在,我们是否能通过虚函数地址直接调用相应类的虚函数。
本次验证系统:ubuntu 18.04
gcc版本:7.5.0
一、基类实现
class Base
{
public:
virtual void print(){
cout<<"base print.."<<endl;
}
virtual void print_1(){
cout<<"base print1.."<<endl;
}
};
二、整体代码
#include <iostream>
#include <functional>
using namespace std;
class Base
{
public:
virtual void print(){
cout<<"base print.."<<endl;
}
virtual void print_1(){
cout<<"base print1.."<<endl;
}
};
typedef void (*fun)();
int main()
{
Base b;
cout<<"b addr:"<<(int*)&b<<endl;
cout<<"virtual addr:0x"<<hex<<*(int *)&b<<endl;
cout<<sizeof(b)<<endl;
cout<<sizeof(int*)<<endl;
fun f = (fun)*(int*)(*(int *)(&b));
//f();
//b.print();
f();
}
代码讲解:
(fun)*(int*)(*(int *)(&b)) 为什么这样能求出虚函数表虚函数的首个地址:
首先取b的地址进行int*强转之后的得到虚函数表的地址数值,然后将地址数值强转为int*为指向虚函数表的指针,再取地址*为虚函数表中指向第一个函数的指针,(int*)强转取地址(*)后的到第一个函数的函数指针。
运行结果:
b addr:0x7fffe6896f08
virtual addr:0x40001d48
8
8
Segmentation fault (core dumped)
三、GDB调试
vasn@vasn-PC:~/workspace/reflect$ gdb ./a.out
GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./a.out...done.
(gdb) b 28
Breakpoint 1 at 0xc3c: file virtualFun.cpp, line 28.
(gdb) r
Starting program: /home/vasn/workspace/reflect/a.out
b addr:0x7ffffffed7d8
virtual addr:0x8201d48
8
8
Breakpoint 1, main () at virtualFun.cpp:28
28 f();
(gdb) p f
$1 = (fun) 0x8000dd6 <Base::print()>
(gdb) p b
$2 = {_vptr.Base = 0x8201d48 <vtable for Base+16>}
(gdb)
可以看到我们已经取到了Base::print()的地址,为什么执行还是会报错?
我的理解是gcc高版本之后,禁止直接通过指针的方式访问。
四、声明
以上测试只代表个人理解,并不代表正确答案,有错误的地方,欢迎指正。