?
Solved

VTABLE Hacking

Posted on 2006-05-18
5
Medium Priority
?
557 Views
Last Modified: 2012-06-21
When we have a class having a virtual function, it creates a VFPTR for every object of that class which is the first four bytes of the object memory(for VC++ compiler). Now my question is, is it possible to memcpy that memory area with some other function pointer so that instead of calling the virtual function it will call our own function?
0
Comment
Question by:som_mukhopadhyay
5 Comments
 
LVL 5

Expert Comment

by:dennis_george
ID: 16708787
AFAIK you can't change that location because it is a read-only memory... any write on that memory will result in a access violation....
0
 
LVL 20

Expert Comment

by:ikework
ID: 16711212
hi som_mukhopadhyay,

what are you trying to do excectly? do you try to implement late binding? this can be done via (member-)function-pointer ...


ike
0
 

Author Comment

by:som_mukhopadhyay
ID: 16719150
hi dennis_george ,
To test it I had written the following code. But it is giving access violation at 3rd line (x->vfunc()) of main().
#include <iostream.h>
#include <memory.h>

void __cdecl func(void){cout << "Inside my function"<<endl;}

class X
{
public:
      virtual void vfunc() {cout<<"Inside virtual function"<<endl;}

      void (*funcpointer)(void);

      X(){funcpointer = func; }
      
};
void main()
{
      X* x = new X();
      memcpy((void*)x, (x->funcpointer), 4);
      x->vfunc();
}

please explain me in a little more detail.
0
 
LVL 11

Accepted Solution

by:
Deepu Abraham earned 80 total points
ID: 16741467
The vritual function in C++ is primarily used for dynamic binding. Whenever we declare a class with a virtual function then the complier will add a member variable (hidden member variable) which is a vptr to the virtual table. A virtual table is nothing but an array of pointers to the virtual functions. The entries in the virtual table are changed at run time to point to the correct function based on the object creation.


The memory lay out of your classes object, first four bytes are pointer to the virtual table.


#include <iostream>
#include <memory.h>

using namespace std;

void __cdecl func(void){cout << "Inside my function"<<endl;}

typedef void (*funcpointer)(void);

typedef struct
{
    funcpointer   fn; //Dummy pointer to function (virtual)
} _VTable;  //Dummy Virtual Table


class X
{
public:
      virtual void vfunc() {cout<<"Inside virtual function"<<endl;}
      
      funcpointer fn1;
      X(){fn1=func;}

};
void main()
{
      X* x = new X();
      _VTable myVtable;
      myVtable.fn=func;
      x->vfunc();
      _VTable* pmyVtable=&myVtable;
      memcpy(x, &pmyVtable,sizeof(long)); //Copy to object memory layout
      x->vfunc();
}

Hope I get across.

Best regards,
Deepu
0
 
LVL 11

Expert Comment

by:Deepu Abraham
ID: 16741493
you can ignore the following statements from the above posting

................................
funcpointer fn1;
 X(){fn1=func;}
...............................

Sorry if it is misleading..

Best Regards,
DeepuAbrahamK
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by John Humphreys C++ Threading and the POSIX Library This article will cover the basic information that you need to know in order to make use of the POSIX threading library available for C and C++ on UNIX and most Linux systems.   [s…
  Included as part of the C++ Standard Template Library (STL) is a collection of generic containers. Each of these containers serves a different purpose and has different pros and cons. It is often difficult to decide which container to use and …
The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question