再看看vtbl的其它内容,先写段代码:
class CParent
{
public:
int parent_a;
int parent_b;
public:
virtual void parent_f1() {}
virtual void parent_f2() {}
public:
void parent_f3() {}
void parent_f4() {}
};
class CChild : public CParent
{
public:
int child_a;
int child_b;
public: // 子类的函数
virtual void child_f1() {}
virtual void child_f2() {}
public: // 不可重载的函数
void child_f3() {}
void child_f4() {}
public: // 重载父类的函数
virtual void parent_f2() {}
virtual void parent_f1() {}
};
CChild child, *pchild;
CParent parent, *pparent;
这是一个单继承的关系。
1.1.1 Vtbl的属性
Vtbl应该是在链接时确定,之后就不再改变,那么它应该具有只读的属性,先对此做个验证:
MEMORY_BASIC_INFORMATION mi;
::VirtualQueryEx(::GetCurrentProcess(), (void*)(*(unsigned int*)&parent), &mi, sizeof(mi));
这段代码将查询vtbl所在内存块的属性,返回的mi值如下:
BaseAddress 0x00416000 ___xc_a void *
AllocationBase 0x00400000 void *
AllocationProtect 0x00000080 unsigned long
RegionSize 0x00002000 unsigned long
State 0x00001000 unsigned long
Protect 0x00000002 unsigned long
Type 0x01000000 unsigned long
Protect这个成员的值表明vtbl所在的内存块具有PAGE_READONLY的属性,MSDN这样解释这个属性的意义:
Enables read access to the committed region of pages. An attempt to write to the committed region results in an access violation. If the system differentiates between read-only access and execute access, an attempt to execute code in the committed region results in an access violation.
因而vtbl的内容将不可更改。