我在阅读源代码时试图理解挂钩。对于来自维基百科的虚拟函数方法表挂钩,我是从这一行开始的。
using VirtualFn1_t = void(__thiscall*)(void* thisptr);
我不知道这是什么意思。它是否将void指针强制转换为调用约定,并将其重新转换为void指针并将其用作VirtualFn1_t别名。我也想了解void (__thiscall*)(void* thisptr)和(__thiscall*)(void* thisptr)的含义。
以下是维基百科的完整来源。
#include <iostream>
#include "windows.h"
using namespace std;
class VirtualClass
{
public:
int number;
virtual void VirtualFn1() //This is the virtual function that will be hooked.
{
cout << "VirtualFn1 called " << number++ << "nn";
}
};
using VirtualFn1_t = void(__thiscall*)(void* thisptr);
VirtualFn1_t orig_VirtualFn1;
void __fastcall hkVirtualFn1(void* thisptr, int edx) //This is our hook function which we will cause the program to call instead of the original VirtualFn1 function after hooking is done.
{
cout << "Hook function called" << "n";
orig_VirtualFn1(thisptr); //Call the original function.
}
int main()
{
VirtualClass* myClass = new VirtualClass(); //Create a pointer to a dynamically allocated instance of VirtualClass.
void** vTablePtr = *reinterpret_cast<void***>(myClass); //Find the address that points to the base of VirtualClass' VMT (which then points to VirtualFn1) and store it in vTablePtr.
DWORD oldProtection;
VirtualProtect(vTablePtr, 4, PAGE_EXECUTE_READWRITE, &oldProtection); //Removes page protection at the start of the VMT so we can overwrite its first pointer.
orig_VirtualFn1 = reinterpret_cast<VirtualFn1_t>(*vTablePtr); //Stores the pointer to VirtualFn1 from the VMT in a global variable so that it can be accessed again later after its entry in the VMT has been
//overwritten with our hook function.
*vTablePtr = &hkVirtualFn1; //Overwrite the pointer to VirtualFn1 within the virtual table to a pointer to our hook function (hkVirtualFn1).
VirtualProtect(vTablePtr, 4, oldProtection, 0); //Restore old page protection.
myClass->VirtualFn1(); //Call the virtual function from our class instance. Because it is now hooked, this will actually call our hook function (hkVirtualFn1).
myClass->VirtualFn1();
myClass->VirtualFn1();
delete myClass;
return 0;
}
自C++11以来,using是创建类型别名的新方法。它与typedef类似(但更灵活(。
这个问题中的using语句:
using VirtualFn1_t = void(__thiscall*)(void* thisptr);
相当于这个typedef:
typedef void (__thiscall *VirtualFn1_t)(void* thisptr);
这两条语句都将VirtualFn1_t定义为一种新类型,它是指向以下函数的指针:
- 将
void*作为输入参数 - 使用
__thiscall调用约定 - 返回CCD_ 10
orig_VirtualFn1被声明为VirtualFn1_t类型的变量(因此orig_VirtualFn1是指针(,并且在VirtualClass类的vtable(虚拟方法表(被修改以使VirtualFn1()的槽改为指向hkVirtualFn1()钩子函数之前,在运行时被指向原始VirtualClass::VirtualFn1()方法的内存地址。
VirtualFn1_t被定义为以下类型的别名:指向函数的指针,该函数使用void*参数,返回void,并使用__thiscall调用约定。