StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow to obtain a pointer out of a C++ vtable?
primarykey
Id
5099967
data
AcceptedAnswerId
5100049
AnswerCount
5
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2011-02-24T03:12:42.453
FavoriteCount
7
LastActivityDate
2015-09-26T15:39:18.537
LastEditDate
2015-09-26T15:39:18.537
LastEditorUserId
1196279
OwnerUserId
77070
ParentId
0
PostTypeId
1
Score
11
ViewCount
7706
LastEditorDisplayName
text
Body
Say you have a C++ class like: <pre><code>class Foo { public: virtual ~Foo() {} virtual DoSomething() = 0; }; </code></pre> The C++ compiler translates a call into a vtable lookup: <pre><code>Foo* foo; // Translated by C++ to: // foo->vtable->DoSomething(foo); foo->DoSomething(); </code></pre> Suppose I was writing a JIT compiler and I wanted to obtain the address of the DoSomething() function for a particular instance of class Foo, so I can generate code that jumps to it directly instead of doing a table lookup and an indirect branch. My questions are: <ol> <li>Is there any standard C++ way to do this (I'm almost sure the answer is no, but wanted to ask for the sake of completeness).</li> <li>Is there any remotely compiler-independent way of doing this, like a library someone has implemented that provides an API for accessing a vtable?</li> </ol> I'm open completely to hacks, if they will work. For example, if I created my own derived class and could determine the address of its DoSomething method, I could assume that the vtable is the first (hidden) member of Foo and search through its vtable until I find my pointer value. However, I don't know a way of getting this address: if I write <code>&DerivedFoo::DoSomething</code> I get a pointer-to-member, which is something totally different. Maybe I could turn the pointer-to-member into the vtable offset. When I compile the following: <pre><code>class Foo { public: virtual ~Foo() {} virtual void DoSomething() = 0; }; void foo(Foo *f, void (Foo::*member)()) { (f->*member)(); } </code></pre> On GCC/x86-64, I get this assembly output: <pre><code>Disassembly of section .text: 0000000000000000 <_Z3fooP3FooMS_FvvE>: 0: 40 f6 c6 01 test sil,0x1 4: 48 89 74 24 e8 mov QWORD PTR [rsp-0x18],rsi 9: 48 89 54 24 f0 mov QWORD PTR [rsp-0x10],rdx e: 74 10 je 20 <_Z3fooP3FooMS_FvvE+0x20> 10: 48 01 d7 add rdi,rdx 13: 48 8b 07 mov rax,QWORD PTR [rdi] 16: 48 8b 74 30 ff mov rsi,QWORD PTR [rax+rsi*1-0x1] 1b: ff e6 jmp rsi 1d: 0f 1f 00 nop DWORD PTR [rax] 20: 48 01 d7 add rdi,rdx 23: ff e6 jmp rsi </code></pre> I don't fully understand what's going on here, but if I could reverse-engineer this or use an ABI spec I could generate a fragment like the above for each separate platform, as a way of obtaining a pointer out of a vtable.
Tags
<c++><cross-platform>
Title
How to obtain a pointer out of a C++ vtable?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USBrad
UserOwnerUserId
1. USJosh Haberman
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
3. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POHow to obtain a pointer out of a C++ vtable?
 UserUserId
 USzwol
 VoteTypeVoteTypeId
 VTFavorite
2. VO
 singulars
 PostPostId
 POHow to obtain a pointer out of a C++ vtable?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POHow to obtain a pointer out of a C++ vtable?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COThis is not really an answer, but you should read http://codesourcery.com/cxx-abi/. Ignore mentions of Itanium; GCC uses that ABI (with appropriate processor-specific tweaks) universally, and so do pretty much all other compilers for \*nix nowadays. MSVC is of course different, but probably not *that* different -- there are only so many ways to do it.
 singulars
 PostPostId
 POHow to obtain a pointer out of a C++ vtable?
 UserUserId
 USzwol
2. COYou should look into how to use debug symbols. This sort of thing is quite easy if symbols are available. I answered this question http://stackoverflow.com/questions/5740155/access-v-table-at-run-time/5740839#5740839 with references for how to access vtable pointer's, their layout, where they are derived from etc... Check out my reference to wikipedia's page on C++ RTT information, this may help you out http://en.wikipedia.org/wiki/Run-time_type_information
 singulars
 PostPostId
 POHow to obtain a pointer out of a C++ vtable?
 UserUserId
 USRandomNickName42

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.