如何阅读这个 C++ 函数
[英]How to read this C++ function
问题描述
Maybe someone here could help me to understand more about C++
也许这里有人可以帮助我更多地了解 C++
While reading about Unreal Engine 4, I came across this function which is used as the following在阅读有关虚幻引擎 4 的信息时,我遇到了这个函数,它被用作以下内容
class ClassSample1
{
public:
Babu* pBabu; //0x022C
};
void SetFuncton(Babu* param1, bool param2)
{
(*(int(__fastcall**)(Babu*, bool))(*(DWORD64*)param1 + 0x38))(param1, param2);
}
What I want to know.我想知道什么。
- What will this function produce?这个函数会产生什么?
- What datatype will this function produce?这个函数会产生什么数据类型?
Thank you.谢谢你。
1 个解决方案
解决方案1
3 已采纳 2022-07-12 19:08:23
What I want to know.
- What will this function produce?
That's the fun part, from what you've shown, nobody knows!这是有趣的部分,从你展示的内容来看,没有人知道!
- What datatype will this function produce?
I guess the answer is "nothing", SetFunction() returns void, but this appears to be calling some kind of class parameter setter so it will probably have side effects.我猜答案是“什么都没有”, SetFunction()返回 void,但这似乎是在调用某种类参数设置器,所以它可能会产生副作用。
Let's break this down a bit:让我们分解一下:
(int(__fastcall**)(Babu*, bool))
This declares a pointer to a pointer to a function, where the function returns int and has two parameters, one of type pointer to Babu , and one of type bool .这声明了一个指向函数指针的指针,其中函数返回int并具有两个参数,一个是指向Babu的指针类型,另一个是bool类型。 This function should also use the__fastcall calling convention.此函数还应使用__fastcall调用约定。
*(DWORD64*)param1 + 0x38
This is a compound statement which casts param1 to a pointer to DWORD64 and then reads the DWORD64 value at that address and adds 0x38 to it.这是一个复合语句,它将param1转换为指向DWORD64的指针,然后读取该地址处的DWORD64值并将 0x38 添加到它。 Note that in the MSVC ABI, the vtable pointer is the first element of a class, so if param1 is a pointer to an instance of Babu this statement is reading the vtable pointer of Babu , and adding 0x38 to it.请注意,在 MSVC ABI 中,vtable 指针是类的第一个元素,因此如果param1是指向Babu实例的指针,则此语句正在读取Babu的 vtable 指针,并向其添加 0x38。
Putting these together:把这些放在一起:
*(int(__fastcall**)(Babu*, bool))(*(DWORD64*)param1 + 0x38)
This says: take whatever is stored at memory address param1 (which is probably the vtable pointer), add 0x38 to it, cast this to a pointer to a pointer to a function, read this resulting address to produce a pointer to a function of the type described above.这表示:获取存储在内存地址param1 (可能是 vtable 指针)的任何内容,向其中添加 0x38,将其转换为指向函数指针的指针,读取此结果地址以生成指向函数的指针上述类型。 As @HolyBlackCat mentioned in the comments, this is most likely a virtual method lookup on the class Babu .正如评论中提到的@HolyBlackCat,这很可能是对Babu类的虚拟方法查找。
The last little bit: (param1, param2) , is just the actual call to the function with param1 and param2 as arguments.最后一点: (param1, param2)只是以param1和param2作为参数的函数的实际调用。 Note that in any class method call, there is an implicit this pointer which gets passed as the first argument.请注意,在任何类方法调用中,都有一个隐式this指针作为第一个参数传递。
From all of this it's fair to deduce that class Babu has some set of virtual methods, and there's one at offset 0x38 which takes bool as its one non-implicit parameter.从所有这些中可以公平地推断出Babu类具有一组虚拟方法,并且在偏移量 0x38 处有一个将bool作为其一个非隐式参数。 What happens after this is anybody's guess.这之后会发生什么是任何人的猜测。 At the risk of being dismissive I would consider it somewhat miraculous if it returns with your machine intact at all.冒着被轻视的风险,如果它完好无损地返回您的机器,我会认为这有点神奇。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.