[英]How to read this C++ function
Maybe someone here could help me to understand more about C++也许这里有人可以帮助我更多地了解 C++
While reading about Unreal Engine 4, I came across this function which is used as the following在阅读有关虚幻引擎 4 的信息时,我遇到了这个函数,它被用作以下内容
class ClassSample1
{
public:
Babu* pBabu; //0x022C
};
void SetFuncton(Babu* param1, bool param2)
{
(*(int(__fastcall**)(Babu*, bool))(*(DWORD64*)param1 + 0x38))(param1, param2);
}
What I want to know.我想知道什么。
Thank you.谢谢你。
What I want to know.
我想知道什么。
- What will this function produce?
这个函数会产生什么?
That's the fun part, from what you've shown, nobody knows!这是有趣的部分,从你展示的内容来看,没有人知道!
- What datatype will this function produce?
这个函数会产生什么数据类型?
I guess the answer is "nothing", SetFunction()
returns void, but this appears to be calling some kind of class parameter setter so it will probably have side effects.我猜答案是“什么都没有”,
SetFunction()
返回 void,但这似乎是在调用某种类参数设置器,所以它可能会产生副作用。
Let's break this down a bit:让我们分解一下:
(int(__fastcall**)(Babu*, bool))
This declares a pointer to a pointer to a function, where the function returns int
and has two parameters, one of type pointer to Babu
, and one of type bool
.这声明了一个指向函数指针的指针,其中函数返回
int
并具有两个参数,一个是指向Babu
的指针类型,另一个是bool
类型。 This function should also use the__fastcall calling convention.此函数还应使用__fastcall调用约定。
*(DWORD64*)param1 + 0x38
This is a compound statement which casts param1
to a pointer to DWORD64
and then reads the DWORD64
value at that address and adds 0x38 to it.这是一个复合语句,它将
param1
转换为指向DWORD64
的指针,然后读取该地址处的DWORD64
值并将 0x38 添加到它。 Note that in the MSVC ABI, the vtable pointer is the first element of a class, so if param1
is a pointer to an instance of Babu
this statement is reading the vtable pointer of Babu
, and adding 0x38 to it.请注意,在 MSVC ABI 中,vtable 指针是类的第一个元素,因此如果
param1
是指向Babu
实例的指针,则此语句正在读取Babu
的 vtable 指针,并向其添加 0x38。
Putting these together:把这些放在一起:
*(int(__fastcall**)(Babu*, bool))(*(DWORD64*)param1 + 0x38)
This says: take whatever is stored at memory address param1
(which is probably the vtable pointer), add 0x38 to it, cast this to a pointer to a pointer to a function, read this resulting address to produce a pointer to a function of the type described above.这表示:获取存储在内存地址
param1
(可能是 vtable 指针)的任何内容,向其中添加 0x38,将其转换为指向函数指针的指针,读取此结果地址以生成指向函数的指针上述类型。 As @HolyBlackCat mentioned in the comments, this is most likely a virtual method lookup on the class Babu
.正如评论中提到的@HolyBlackCat,这很可能是对
Babu
类的虚拟方法查找。
The last little bit: (param1, param2)
, is just the actual call to the function with param1
and param2
as arguments.最后一点:
(param1, param2)
只是以param1
和param2
作为参数的函数的实际调用。 Note that in any class method call, there is an implicit this
pointer which gets passed as the first argument.请注意,在任何类方法调用中,都有一个隐式
this
指针作为第一个参数传递。
From all of this it's fair to deduce that class Babu
has some set of virtual methods, and there's one at offset 0x38 which takes bool
as its one non-implicit parameter.从所有这些中可以公平地推断出
Babu
类具有一组虚拟方法,并且在偏移量 0x38 处有一个将bool
作为其一个非隐式参数。 What happens after this is anybody's guess.这之后会发生什么是任何人的猜测。 At the risk of being dismissive I would consider it somewhat miraculous if it returns with your machine intact at all.
冒着被轻视的风险,如果它完好无损地返回您的机器,我会认为这有点神奇。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.