{"id":411,"date":"2011-02-09T02:16:06","date_gmt":"2011-02-09T09:16:06","guid":{"rendered":"http:\/\/www.cchsu.com\/arthur\/?p=411"},"modified":"2011-02-09T13:28:52","modified_gmt":"2011-02-09T20:28:52","slug":"%e8%ae%80%e6%9b%b8%e7%ad%86%e8%a8%98-inside-the-c-object-model-1","status":"publish","type":"post","link":"http:\/\/www.cchsu.com\/arthur\/2011\/02\/09\/411\/","title":{"rendered":"\u8b80\u66f8\u7b46\u8a18: Inside the C++ Object Model (1)"},"content":{"rendered":"<p>\u6700\u8fd1\u91cd\u8b80\u4e86\u4e00\u4e0b Stanley Lippman \u7684 Inside the C++ Object Model (\u6709\u4e2d\u8b6f\u672c\uff0c\u4faf\u4fca\u5091\u8b6f\u7684 C++ \u5c0d\u8c61\u6a21\u578b)\uff0c\u9019\u66f8\u6709\u9ede\u6b77\u53f2\u4e86\uff0c\u6240\u4ee5\u88e1\u982d\u5f88\u591a\u6771\u897f\u5176\u5be6\u4e0d\u80fd\u5168\u4fe1\uff0c\u8981\u505a\u904e\u5be6\u9a57\u624d\u77e5\u9053\u3002\u9019\u4e9b\u5be6\u9a57\u9084\u883b\u6709\u50f9\u503c\u7684\uff0c\u6211\u6703\u628a\u6211\u505a\u7684\u5be6\u9a57\u6574\u7406\u4e00\u4e0b\u8cbc\u4e0a\u4f86\uff0c\u4ee5\u514d\u5fd8\u8a18 \ud83d\ude00 (<del>\u9019\u662f\u4e2d\u5e74\u5927\u53d4\u7684\u901a\u75c5<\/del>) \u9019\u4e00\u7cfb\u5217\u7684\u6587\u7ae0\u90fd\u662f\u4ee5 Microsoft Visual C++ 2010 \u548c Debugging Tools for Windows x86 \u505a\u51fa\u4f86\u7684\u3002<\/p>\n<p>\u9996\u5148\u662f\u5c0d\u539f\u66f8\u5716 1.3 \u7684\u5be6\u9a57\uff0c\u7a0b\u5f0f\u78bc\u5982\u4e0b<br \/>\n<span class=\"collapseomatic \" id=\"id69d57dd425994\"  tabindex=\"0\" title=\"point.h\"    >point.h<\/span><div id=\"target-id69d57dd425994\" class=\"collapseomatic_content \">\n<pre lang=\"cpp\" line=\"1\">\r\n\/\/ point.h\r\n#include <iostream>\r\n\r\nclass Point\r\n{\r\npublic:\r\n    Point(float xval);\r\n    virtual ~Point();\r\n    \r\n    float x() const;\r\n    static int PointCount();\r\n    \r\nprotected:\r\n    virtual std::ostream& print(std::ostream& os) const;   \r\n\r\n    float _x;\r\n    static int _point_count;\r\n};\r\n\r\n<\/pre>\n<\/div>\n<span class=\"collapseomatic \" id=\"id69d57dd425a8e\"  tabindex=\"0\" title=\"point.cpp\"    >point.cpp<\/span><div id=\"target-id69d57dd425a8e\" class=\"collapseomatic_content \">\n<pre lang=\"cpp\" line=\"1\">\r\n\/\/ point.cpp\r\n#include \"point.h\"\r\n\r\nPoint::Point(float xval) : _x(xval)\r\n{\r\n    ++_point_count;\r\n}\r\n\r\nPoint::~Point()\r\n{\r\n    --_point_count;\r\n}\r\n\r\nfloat Point::x() const\r\n{\r\n    return _x;\r\n}\r\n\r\nint Point::PointCount()\r\n{\r\n    return _point_count;\r\n}\r\n\r\nstd::ostream& Point::print(std::ostream& os) const\r\n{\r\n    os << _x;\r\n    return os;\r\n}\r\n<\/pre>\n<\/div>\n<span class=\"collapseomatic \" id=\"id69d57dd425ac5\"  tabindex=\"0\" title=\"test1.cpp\"    >test1.cpp<\/span><div id=\"target-id69d57dd425ac5\" class=\"collapseomatic_content \">\n<pre lang=\"cpp\" line=\"1\">\r\n#include <iostream>\r\n#include \"point.h\"\r\n\r\nusing namespace std;\r\n\r\n\/\/ instantiate the global static var\r\nint Point::_point_count;\r\n    \r\nint main()\r\n{\r\n    Point* pPoint = new Point(2);\r\n    cout << Point::PointCount() << endl;\r\n    cout << sizeof(Point) << endl;\r\n    cout << pPoint->x() << endl;\r\n    delete pPoint;\r\n    return 0;\r\n}\r\n<\/pre>\n<\/div>\n<p>\u4e0d\u60f3\u592a\u9ebb\u7169\u6240\u4ee5\u76f4\u63a5\u7528\u547d\u4ee4\u5217\u4f86\u7de8\u8b6f\uff0c\u6211\u7684\u74b0\u5883\u53ef\u4ee5\u76f4\u63a5\u8abf\u7528 cl \u548c windbg<\/p>\n<pre lang=\"dos\">\r\ncl \/EHsc \/Zi \/Fd test1.cpp point.cpp\r\nwindbg test1.exe\r\n<\/pre>\n<p>\u5728 windbg \u4e0b\u53ef\u4ee5\u76f4\u63a5\u6253\u958b test1.cpp\uff0c\u5728\u7b2c 12 \u884c\u8a2d\u4e2d\u65b7\u9ede\uff0c\u7136\u5f8c\u57f7\u884c\u9019\u500b\u7a0b\u5f0f\u3002\u505c\u4e0b\u4f86\u6642\u6211\u5011\u5c31\u53ef\u4ee5\u597d\u597d\u89c0\u5bdf\u4e00\u4e0b pPoint \u7684\u7d50\u69cb\u4e86<\/p>\n<pre lang=\"dos\">\r\n0:000> dt pPoint\r\nLocal var @ 0x3cfe28 Type Point*\r\n0x00112008 \r\n   +0x000 __VFN_table : 0x012a84f4 \r\n   +0x004 _x               : 2 \r\n   =012b1e00 Point::_point_count : 1\r\n<\/pre>\n<p>\u548c\u539f\u6587\u5716 1.3 \u4e0d\u540c\u7684\u662f\uff0cvtable \u662f\u7b2c\u4e00\u500b\u800c\u4e0d\u662f\u6700\u5f8c\u4e00\u500b\uff0c\u9019\u662f Microsoft \u767c\u660e\u7684\u505a\u6cd5\uff0c\u6709\u8208\u8da3\u53ef\u89c0\u5bdf\u4e00\u4e0b\uff0c\u4f3c\u4e4e gcc \u4e5f\u662f\u9019\u9ebc\u505a\u7684\u3002\u63a5\u4e0b\u4f86\u770b\u770b vtable \u88e1\u6709\u4ec0\u9ebc<\/p>\n<pre lang=\"dos\">\r\n0:000> dds 0x012a84f4 \r\n012a84f4  012710f5 test1!ILT+240(??_GPointUAEPAXIZ)\r\n012a84f8  01271258 test1!ILT+595(?printPointMBEAAV?$basic_ostreamDU?$char_traitsDstdstdAAV23Z)\r\n012a84fc  00000000\r\n...\r\n<\/pre>\n<p>ILT? \u9019\u662f\u4ec0\u9ebc\u6771\u897f\u5462\uff1f\u5176\u5be6\u662f Incremental Link Table \u7684\u7e2e\u5beb\uff0c\u5b83\u52a0\u4e86\u4e00\u5c64 indirection \u628a\u771f\u6b63\u7684 function \u653e\u5230 ILT \u53bb\uff0c\u9019\u6a23 linker \u5c31\u4e0d\u5fc5\u6bcf\u6b21\u90fd\u91cd\u65b0\u5b89\u6392\u51fd\u6578\u7684\u4f4d\u7f6e\uff0c\u4f46\u9019\u5c0d\u6211\u5011\u505a\u5be6\u9a57\u662f\u5f88\u4e0d\u5229\u7684\u3002\u6240\u4ee5\u5462\uff0c\u9084\u662f\u5f97\u4e56\u4e56\u7684\u7528 make file \u6216 vcproj\u3002\u8eab\u70ba\u8001\u6d3e\u786c\u6f22\uff0c\u7576\u7136\u8981\u7528\u786c\u6f22\u7528\u7684 nmake<br \/>\n<span class=\"collapseomatic \" id=\"id69d57dd425af2\"  tabindex=\"0\" title=\"cppom.mak\"    >cppom.mak<\/span><div id=\"target-id69d57dd425af2\" class=\"collapseomatic_content \">\n<pre lang=\"make\" line=\"1\">\r\nCC      = cl\r\nCFLAGS\t= \/EHsc \/Zi \/Fd \/c\r\nLD      = link\r\nLDARGS  = \/INCREMENTAL:NO \/DEBUG\r\nRM\t    = del \/q\r\n\r\n.cpp.obj::\r\n    $(CC) $(CFLAGS) $<\r\n\r\ntest1.exe: test1.obj point.obj\r\n\t$(LD) test1.obj point.obj $(LDARGS) \/PDB:test1.pdb\r\n\r\nclean:\r\n\t$(RM) *.exe *.obj *.pdb *.idb *.ilk *.bak\r\n\r\nall: test1.exe\r\n<\/pre>\n<\/div>\n<p>\u7528 nmake \u9020\u51fa\u65b0\u7684 test1.exe \u4e4b\u5f8c\uff0c\u91cd\u8907\u4ee5\u4e0a\u7684\u6b65\u9a5f\uff0c\u518d\u4f86\u770b\u770b\u6211\u5011\u7684 vtable<\/p>\n<pre lang=\"dos\">\r\n0:000> dt pPoint\r\nLocal var @ 0x37fef0 Type Point*\r\n0x001e2008 \r\n   +0x000 __VFN_table : 0x00dd95c8 \r\n   +0x004 _x               : 2 \r\n   =00de0820 Point::_point_count : 1\r\n\r\n0:000> dds 0x00dd95c8\r\n00dd95c8  00db5a50 test1!Point::`scalar deleting destructor'\r\n00dd95cc  00db5a20 test1!Point::print [c:\\users\\arthur\\desktop\\research\\point.cpp @ 24]\r\n...\r\n<\/pre>\n<p>\u770b\u8d77\u4f86\u9806\u773c\u591a\u4e86\uff0c\u4e0d\u904e\u5565\u662f `scalar deleting destructor' \u554a\uff1f\u5176\u5be6\u9019\u662f VC \u81ea\u52d5\u5e6b\u6211\u5011\u7684 destructor \u5305\u7684\u4e00\u5c64\u6bbc\u3002<br \/>\n<span class=\"collapseomatic \" id=\"id69d57dd425b1c\"  tabindex=\"0\" title=\"\u53cd\u7d44\u8b6f\u5be6\u9a57\"    >\u53cd\u7d44\u8b6f\u5be6\u9a57<\/span><div id=\"target-id69d57dd425b1c\" class=\"collapseomatic_content \">\n<pre lang=\"dos\">\r\n0:000> ln 00db5a50 \r\n(00db5a50)   test1!Point::`scalar deleting destructor'   |  (00db5a7c)   test1!std::_Iterator_base0::_Adopt\r\nExact matches:\r\n    test1!Point::`scalar deleting destructor' (void)\r\n0:000> u 00db5a50 00db5a7b\r\ntest1!Point::`scalar deleting destructor':\r\n00db5a50 55              push    ebp\r\n00db5a51 8bec            mov     ebp,esp\r\n00db5a53 51              push    ecx\r\n00db5a54 894dfc          mov     dword ptr [ebp-4],ecx\r\n00db5a57 8b4dfc          mov     ecx,dword ptr [ebp-4]\r\n00db5a5a e861ffffff      call    test1!Point::~Point (00db59c0)\r\n00db5a5f 8b4508          mov     eax,dword ptr [ebp+8]\r\n00db5a62 83e001          and     eax,1\r\n00db5a65 740c            je      test1!Point::`scalar deleting destructor'+0x23 (00db5a73)\r\n00db5a67 8b4dfc          mov     ecx,dword ptr [ebp-4]\r\n00db5a6a 51              push    ecx\r\n00db5a6b e854290000      call    test1!operator delete (00db83c4)\r\n00db5a70 83c404          add     esp,4\r\n00db5a73 8b45fc          mov     eax,dword ptr [ebp-4]\r\n00db5a76 8be5            mov     esp,ebp\r\n00db5a78 5d              pop     ebp\r\n00db5a79 c20400          ret     4\r\n<\/pre>\n<\/div>\n<p>\u5716 1.3 \u4e2d\u63d0\u5230\uff0cvtable \u7684\u7b2c 0 \u500b entry \u61c9\u6307\u5411 type info\uff0c\u4f46\u6211\u5011\u770b\u7684\u7d50\u679c\u4f3c\u4e4e\u4e0d\u662f\u5982\u6b64\uff0c\u5982\u679c\u5f80\u4e0a\u6372\u500b 4 byte \u6703\u5982\u4f55\u5462\uff1f<\/p>\n<pre lang=\"dos\">\r\n0:000> dds 0x00dd95c4\r\n00dd95c4  00ddcadc test1!Point::`RTTI Complete Object Locator'\r\n00dd95c8  00db5a50 test1!Point::`scalar deleting destructor'\r\n00dd95cc  00db5a20 test1!Point::print [c:\\users\\arthur\\desktop\\research\\point.cpp @ 24]\r\n...\r\n<\/pre>\n<p>`RTTI Complete Object Locator' \u61c9\u662f\u6211\u5011\u8981\u627e\u7684\u6771\u897f\uff0c\u90a3\u53c8\u662f\u53e6\u4e00\u500b\u6545\u4e8b\u4e86\uff0c\u62dc\u4e86\u4e00\u4e0b\u5495\u72d7\u5927\u795e\uff0c<a href=\"http:\/\/www.blackhat.com\/presentations\/bh-dc-07\/Sabanal_Yason\/Paper\/bh-dc-07-Sabanal_Yason-WP.pdf\">07 \u5e74\u7684\u9ed1\u5e3d\u6709\u5c08\u6587\u8a0e\u8ad6<\/a>\uff0c\u9019\u88e1\u5c31\u4e0d\u5695\u56cc\u3002\u6240\u4ee5\u5230\u76ee\u524d\u70ba\u6b62\uff0c\u6211\u5011\u7684\u5be6\u9a57\u8b49\u660e\u4e86\u5e7e\u4ef6\u4e8b\u5be6:<\/p>\n<ul>\n<li>VC \u5c31\u5982\u5716 1.3 \u4e2d\u6240\u756b\u7684\uff0c\u6703\u81ea\u5df1\u5b89\u6392 static variable, static member function \u4ee5\u53ca non-virtual member function \u7684\u4f4d\u7f6e<\/li>\n<li>\u6bcf\u500b object instance \u90fd\u5167\u542b\u6307\u5411 vtable \u7684\u6307\u6a19 (\u5982\u679c\u6709 vtable \u7684\u8a71)<\/li>\n<li>vtable \u7684\u4f4d\u7f6e\u901a\u5e38\u8207\u5716 1.3 \u4e2d\u756b\u7684\u76f8\u53cd\uff0c\u5b83\u5728\u6700\u958b\u59cb\u7684\u4f4d\u7f6e\u3002RTTI \u8cc7\u8a0a\u4e8b\u5be6\u4e0a\u4e5f\u4e0d\u4e00\u5b9a\u653e\u5728 vtable \u7684\u7b2c\u4e00\u500b\u6307\u5411\u4f4d\u7f6e\uff0c\u53ea\u8981 compiler \u63a8\u7684\u51fa\u4f86\u5c31\u53ef\u4ee5<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u706b\u661f\u4eba\u7684\u8b80\u66f8\u5fc3\u5f97\uff0c\u5730\u7403\u7684\u5c0f\u670b\u53cb\uff0c\u706b\u661f\u5f88\u5371\u96aa\u7684\uff0c\u8d95\u5feb\u56de\u5bb6\u5427 &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,2],"tags":[],"_links":{"self":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/posts\/411"}],"collection":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/comments?post=411"}],"version-history":[{"count":19,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/posts\/411\/revisions"}],"predecessor-version":[{"id":430,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/posts\/411\/revisions\/430"}],"wp:attachment":[{"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/media?parent=411"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/categories?post=411"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.cchsu.com\/arthur\/wp-json\/wp\/v2\/tags?post=411"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}