程序博客网 > 枪林弹雨刷枪软件视频

cpp反汇编之菱形继承

来源:互联网 发布:枪林弹雨刷枪软件视频 编辑:程序博客网 时间:2024/05/17 07:52

先分析一个例子

#include<stdio.h>class CFurniture{public:CFurniture(){m_nPrice = 0;}virtual ~CFurniture(){printf("virtual ~CFurniture()\n");}virtual int GetPrice(){return m_nPrice;}public:int m_nPrice;};class CSofa : virtual public CFurniture{public:CSofa(){m_nPrice = 1;m_nColor = 2;}virtual ~CSofa(){printf("virtual ~CSofa()\n");}virtual int GeyColor(){return m_nColor;}virtual int SitDown(){return printf("Sit down and rest your legs\n");}public:int m_nColor;};class CBed : virtual public CFurniture{public:CBed(){m_nPrice = 3;m_nLength = 2;m_nWidth = 1;}~CBed(){printf("virtual ~CBed()\n");}virtual int GetArea(){return m_nLength * m_nWidth;}virtual int Sleep(){return printf("go to sleep!\n");}public:int m_nLength;int m_nWidth;};class CSofaBed : public CSofa , public CBed{public:CSofaBed(){m_nHeight = 6;}virtual ~CSofaBed(){printf("virtual ~CSofaBed\n");}virtual int SitDown(){return printf("Sit Down on the sofa bed\n");}virtual int Sleep(){return printf("go to sleep on the sofa bed\n");}virtual int GetHeight(){return m_nHeight;}virtual void Show(){printf("CSofaBed Show()\n");}public:int m_nHeight;};int main(){CSofaBed SofaBed;CFurniture * pFurniture = &SofaBed;CSofa * pSofa = &SofaBed;CBed * pBed = &SofaBed;pFurniture->m_nPrice = 88;pSofa->m_nColor = 8;pSofa->m_nPrice = 90;pBed->m_nLength = 13;pBed->m_nWidth = 66;SofaBed.m_nHeight = 45;SofaBed.Show();return 0;}

下面是反汇编分析包括内存截取

1:    #include<stdio.h>2:    class CFurniture3:    {4:    public:5:        CFurniture()004021D0   push        ebp004021D1   mov         ebp,esp004021D3   sub         esp,44h004021D6   push        ebx004021D7   push        esi004021D8   push        edi004021D9   push        ecx004021DA   lea         edi,[ebp-44h]004021DD   mov         ecx,11h004021E2   mov         eax,0CCCCCCCCh004021E7   rep stos    dword ptr [edi]004021E9   pop         ecx004021EA   mov         dword ptr [ebp-4],ecx004021ED   mov         eax,dword ptr [ebp-4]004021F0   mov         dword ptr [eax],offset CFurniture::`vftable' (0042611c)6:        {7:            m_nPrice = 0;004021F6   mov         ecx,dword ptr [ebp-4]004021F9   mov         dword ptr [ecx+4],08:        }00402200   mov         eax,dword ptr [ebp-4]00402203   pop         edi00402204   pop         esi00402205   pop         ebx00402206   mov         esp,ebp00402208   pop         ebp00402209   ret9:        virtual ~CFurniture()10:       {00402220   push        ebp00402221   mov         ebp,esp00402223   sub         esp,44h00402226   push        ebx00402227   push        esi00402228   push        edi00402229   push        ecx0040222A   lea         edi,[ebp-44h]0040222D   mov         ecx,11h00402232   mov         eax,0CCCCCCCCh00402237   rep stos    dword ptr [edi]00402239   pop         ecx0040223A   mov         dword ptr [ebp-4],ecx0040223D   mov         eax,dword ptr [ebp-4]00402240   mov         dword ptr [eax],offset CFurniture::`vftable' (0042611c)11:           printf("virtual ~CFurniture()\n");00402246   push        offset string "virtual ~CFurniture()\n" (00426128)0040224B   call        printf (00403020)00402250   add         esp,412:       }00402253   pop         edi00402254   pop         esi00402255   pop         ebx00402256   add         esp,44h00402259   cmp         ebp,esp0040225B   call        __chkesp (00402ef0)00402260   mov         esp,ebp00402262   pop         ebp00402263   ret13:       virtual int GetPrice()14:       {00402280   push        ebp00402281   mov         ebp,esp00402283   sub         esp,44h00402286   push        ebx00402287   push        esi00402288   push        edi00402289   push        ecx0040228A   lea         edi,[ebp-44h]0040228D   mov         ecx,11h00402292   mov         eax,0CCCCCCCCh00402297   rep stos    dword ptr [edi]00402299   pop         ecx0040229A   mov         dword ptr [ebp-4],ecx15:           return m_nPrice;0040229D   mov         eax,dword ptr [ebp-4]004022A0   mov         eax,dword ptr [eax+4]16:       }004022A3   pop         edi004022A4   pop         esi004022A5   pop         ebx004022A6   mov         esp,ebp004022A8   pop         ebp004022A9   ret17:   protected:18:       int m_nPrice;19:   };20:   class CSofa : virtual public CFurniture21:   {22:   public:23:       CSofa()00402330   push        ebp00402331   mov         ebp,esp00402333   sub         esp,48h00402336   push        ebx00402337   push        esi00402338   push        edi00402339   push        ecx0040233A   lea         edi,[ebp-48h]0040233D   mov         ecx,12h00402342   mov         eax,0CCCCCCCCh00402347   rep stos    dword ptr [edi]00402349   pop         ecx0040234A   mov         dword ptr [ebp-4],ecx0040234D   mov         dword ptr [ebp-8],000402354   cmp         dword ptr [ebp+8],000402358   je          CSofa::CSofa+48h (00402378)0040235A   mov         eax,dword ptr [ebp-4]0040235D   mov         dword ptr [eax+4],offset CSofa::`vbtable' (0042615c)00402364   mov         ecx,dword ptr [ebp-4]00402367   add         ecx,0Ch0040236A   call        @ILT+120(CFurniture::CFurniture) (0040107d)跳过调用父类构造函数0040236F   mov         ecx,dword ptr [ebp-8]00402372   or          ecx,100402375   mov         dword ptr [ebp-8],ecx00402378   mov         edx,dword ptr [ebp-4]0040237B   mov         dword ptr [edx],offset CSofa::`vftable' (00426150)00402381   mov         eax,dword ptr [ebp-4]00402384   mov         ecx,dword ptr [eax+4]00402387   mov         edx,dword ptr [ecx+4]0040238A   mov         eax,dword ptr [ebp-4]0040238D   mov         dword ptr [eax+edx+4],offset CSofa::`vftable' (00426144)24:       {25:           m_nPrice = 1;00402395   mov         ecx,dword ptr [ebp-4]00402398   mov         edx,dword ptr [ecx+4]0040239B   mov         eax,dword ptr [edx+4]0040239E   mov         ecx,dword ptr [ebp-4]004023A1   mov         dword ptr [ecx+eax+8],126:           m_nColor = 2;004023A9   mov         edx,dword ptr [ebp-4]004023AC   mov         dword ptr [edx+8],227:       }004023B3   mov         eax,dword ptr [ebp-4]004023B6   pop         edi004023B7   pop         esi004023B8   pop         ebx004023B9   add         esp,48h004023BC   cmp         ebp,esp004023BE   call        __chkesp (00402ef0)004023C3   mov         esp,ebp004023C5   pop         ebp004023C6   ret         428:       virtual ~CSofa()29:       {004023F0   push        ebp004023F1   mov         ebp,esp004023F3   sub         esp,44h004023F6   push        ebx004023F7   push        esi004023F8   push        edi004023F9   push        ecx004023FA   lea         edi,[ebp-44h]004023FD   mov         ecx,11h00402402   mov         eax,0CCCCCCCCh00402407   rep stos    dword ptr [edi]00402409   pop         ecx0040240A   mov         dword ptr [ebp-4],ecx0040240D   mov         eax,dword ptr [ebp-4]00402410   mov         dword ptr [eax-0Ch],offset CSofa::`vftable' (00426150)00402417   mov         ecx,dword ptr [ebp-4]0040241A   mov         edx,dword ptr [ecx-8]0040241D   mov         eax,dword ptr [edx+4]00402420   mov         ecx,dword ptr [ebp-4]00402423   mov         dword ptr [ecx+eax-8],offset CSofa::`vftable' (00426144)30:           printf("virtual ~CSofa()\n");0040242B   push        offset string "virtual ~CSofa()\n" (00426168)00402430   call        printf (00403020)00402435   add         esp,431:       }00402438   pop         edi00402439   pop         esi0040243A   pop         ebx0040243B   add         esp,44h0040243E   cmp         ebp,esp00402440   call        __chkesp (00402ef0)00402445   mov         esp,ebp00402447   pop         ebp00402448   ret32:       virtual int GeyColor()33:       {00402460   push        ebp00402461   mov         ebp,esp00402463   sub         esp,44h00402466   push        ebx00402467   push        esi00402468   push        edi00402469   push        ecx0040246A   lea         edi,[ebp-44h]0040246D   mov         ecx,11h00402472   mov         eax,0CCCCCCCCh00402477   rep stos    dword ptr [edi]00402479   pop         ecx0040247A   mov         dword ptr [ebp-4],ecx34:           return m_nColor;0040247D   mov         eax,dword ptr [ebp-4]00402480   mov         eax,dword ptr [eax+8]35:       }00402483   pop         edi00402484   pop         esi00402485   pop         ebx00402486   mov         esp,ebp00402488   pop         ebp00402489   ret36:       virtual int SitDown()37:       {004024A0   push        ebp004024A1   mov         ebp,esp004024A3   sub         esp,44h004024A6   push        ebx004024A7   push        esi004024A8   push        edi004024A9   push        ecx004024AA   lea         edi,[ebp-44h]004024AD   mov         ecx,11h004024B2   mov         eax,0CCCCCCCCh004024B7   rep stos    dword ptr [edi]004024B9   pop         ecx004024BA   mov         dword ptr [ebp-4],ecx38:           return printf("Sit down and rest your legs\n");004024BD   push        offset string "Sit down and rest your legs\n" (00426180)004024C2   call        printf (00403020)004024C7   add         esp,439:       }004024CA   pop         edi004024CB   pop         esi004024CC   pop         ebx004024CD   add         esp,44h004024D0   cmp         ebp,esp004024D2   call        __chkesp (00402ef0)004024D7   mov         esp,ebp004024D9   pop         ebp004024DA   ret40:   protected:41:       int m_nColor;42:   };43:   class CBed : virtual public CFurniture44:   {45:   public:46:       CBed()004025C0   push        ebp004025C1   mov         ebp,esp004025C3   sub         esp,48h004025C6   push        ebx004025C7   push        esi004025C8   push        edi004025C9   push        ecx004025CA   lea         edi,[ebp-48h]004025CD   mov         ecx,12h004025D2   mov         eax,0CCCCCCCCh004025D7   rep stos    dword ptr [edi]004025D9   pop         ecx004025DA   mov         dword ptr [ebp-4],ecx004025DD   mov         dword ptr [ebp-8],0004025E4   cmp         dword ptr [ebp+8],0004025E8   je          CBed::CBed+48h (00402608)004025EA   mov         eax,dword ptr [ebp-4]004025ED   mov         dword ptr [eax+4],offset CBed::`vbtable' (004261bc)004025F4   mov         ecx,dword ptr [ebp-4]004025F7   add         ecx,10h004025FA   call        @ILT+120(CFurniture::CFurniture) (0040107d)004025FF   mov         ecx,dword ptr [ebp-8]00402602   or          ecx,100402605   mov         dword ptr [ebp-8],ecx00402608   mov         edx,dword ptr [ebp-4]0040260B   mov         dword ptr [edx],offset CBed::`vftable' (004261b0)00402611   mov         eax,dword ptr [ebp-4]00402614   mov         ecx,dword ptr [eax+4]00402617   mov         edx,dword ptr [ecx+4]0040261A   mov         eax,dword ptr [ebp-4]0040261D   mov         dword ptr [eax+edx+4],offset CBed::`vftable' (004261a4)47:       {48:           m_nPrice = 3;00402625   mov         ecx,dword ptr [ebp-4]00402628   mov         edx,dword ptr [ecx+4]0040262B   mov         eax,dword ptr [edx+4]0040262E   mov         ecx,dword ptr [ebp-4]00402631   mov         dword ptr [ecx+eax+8],349:           m_nLength = 2;00402639   mov         edx,dword ptr [ebp-4]0040263C   mov         dword ptr [edx+8],250:           m_nWidth = 1;00402643   mov         eax,dword ptr [ebp-4]00402646   mov         dword ptr [eax+0Ch],151:       }0040264D   mov         eax,dword ptr [ebp-4]00402650   pop         edi00402651   pop         esi00402652   pop         ebx00402653   add         esp,48h00402656   cmp         ebp,esp00402658   call        __chkesp (00402ef0)0040265D   mov         esp,ebp0040265F   pop         ebp00402660   ret         452:       ~CBed()53:       {004027F0   push        ebp004027F1   mov         ebp,esp004027F3   sub         esp,44h004027F6   push        ebx004027F7   push        esi004027F8   push        edi004027F9   push        ecx004027FA   lea         edi,[ebp-44h]004027FD   mov         ecx,11h00402802   mov         eax,0CCCCCCCCh00402807   rep stos    dword ptr [edi]00402809   pop         ecx0040280A   mov         dword ptr [ebp-4],ecx0040280D   mov         eax,dword ptr [ebp-4]00402810   mov         dword ptr [eax-10h],offset CBed::`vftable' (004261b0)00402817   mov         ecx,dword ptr [ebp-4]0040281A   mov         edx,dword ptr [ecx-0Ch]0040281D   mov         eax,dword ptr [edx+4]00402820   mov         ecx,dword ptr [ebp-4]00402823   mov         dword ptr [ecx+eax-0Ch],offset CBed::`vftable' (004261a4)54:           printf("virtual ~CBed()\n");0040282B   push        offset string "virtual ~CBed()\n" (004261d8)00402830   call        printf (00403020)00402835   add         esp,455:       }00402838   pop         edi00402839   pop         esi0040283A   pop         ebx0040283B   add         esp,44h0040283E   cmp         ebp,esp00402840   call        __chkesp (00402ef0)00402845   mov         esp,ebp00402847   pop         ebp00402848   ret64:   protected:65:       int m_nLength;66:       int m_nWidth;67:   };68:   class CSofaBed : public CSofa , public CBed69:   {70:   public:71:       CSofaBed()004020B0   push        ebp004020B1   mov         ebp,esp004020B3   push        0FFh004020B5   push        offset __ehhandler$??0CSofaBed@@QAE@XZ (00414d86)004020BA   mov         eax,fs:[00000000]004020C0   push        eax004020C1   mov         dword ptr fs:[0],esp004020C8   sub         esp,48h004020CB   push        ebx004020CC   push        esi004020CD   push        edi004020CE   push        ecx004020CF   lea         edi,[ebp-54h]004020D2   mov         ecx,12h004020D7   mov         eax,0CCCCCCCCh004020DC   rep stos    dword ptr [edi]004020DE   pop         ecx004020DF   mov         dword ptr [ebp-10h],ecx004020E2   mov         dword ptr [ebp-14h],0004020E9   cmp         dword ptr [ebp+8],0004020ED   je          CSofaBed::CSofaBed+6Eh (0040211e)004020EF   mov         eax,dword ptr [ebp-10h]004020F2   mov         dword ptr [eax+4],offset CSofaBed::`vbtable' (00426110)004020F9   mov         ecx,dword ptr [ebp-10h]004020FC   mov         dword ptr [ecx+10h],offset CSofaBed::`vbtable' (00426104)00402103   mov         ecx,dword ptr [ebp-10h]00402106   add         ecx,20h00402109   call        @ILT+120(CFurniture::CFurniture) (0040107d)0040210E   mov         edx,dword ptr [ebp-14h]00402111   or          edx,100402114   mov         dword ptr [ebp-14h],edx00402117   mov         dword ptr [ebp-4],00040211E   push        000402120   mov         ecx,dword ptr [ebp-10h]00402123   call        @ILT+245(CSofa::CSofa) (004010fa)00402128   mov         dword ptr [ebp-4],10040212F   push        000402131   mov         ecx,dword ptr [ebp-10h]00402134   add         ecx,0Ch00402137   call        @ILT+285(CBed::CBed) (00401122)0040213C   mov         eax,dword ptr [ebp-10h]0040213F   mov         dword ptr [eax],offset CSofaBed::`vftable' (004260f4)00402145   mov         ecx,dword ptr [ebp-10h]00402148   mov         dword ptr [ecx+0Ch],offset CSofaBed::`vftable' (004260e8)0040214F   mov         edx,dword ptr [ebp-10h]00402152   mov         eax,dword ptr [edx+4]00402155   mov         ecx,dword ptr [eax+4]00402158   mov         edx,dword ptr [ebp-10h]0040215B   mov         dword ptr [edx+ecx+4],offset CSofaBed::`vftable' (004260dc)72:       {73:           m_nHeight = 6;00402163   mov         eax,dword ptr [ebp-10h]00402166   mov         dword ptr [eax+1Ch],674:       }0040216D   mov         dword ptr [ebp-4],0FFFFFFFFh00402174   mov         eax,dword ptr [ebp-10h]00402177   mov         ecx,dword ptr [ebp-0Ch]0040217A   mov         dword ptr fs:[0],ecx00402181   pop         edi00402182   pop         esi00402183   pop         ebx00402184   add         esp,54h00402187   cmp         ebp,esp00402189   call        __chkesp (00402ef0)0040218E   mov         esp,ebp00402190   pop         ebp00402191   ret         475:       virtual ~CSofaBed()76:       {00402A10   push        ebp00402A11   mov         ebp,esp00402A13   push        0FFh00402A15   push        offset __ehhandler$??1CSofaBed@@UAE@XZ (00414dac)00402A1A   mov         eax,fs:[00000000]00402A20   push        eax00402A21   mov         dword ptr fs:[0],esp00402A28   sub         esp,48h00402A2B   push        ebx00402A2C   push        esi00402A2D   push        edi00402A2E   push        ecx00402A2F   lea         edi,[ebp-54h]00402A32   mov         ecx,12h00402A37   mov         eax,0CCCCCCCCh00402A3C   rep stos    dword ptr [edi]00402A3E   pop         ecx00402A3F   mov         dword ptr [ebp-10h],ecx00402A42   mov         eax,dword ptr [ebp-10h]00402A45   mov         dword ptr [eax-20h],offset CSofaBed::`vftable' (004260f4)00402A4C   mov         ecx,dword ptr [ebp-10h]00402A4F   mov         dword ptr [ecx-14h],offset CSofaBed::`vftable' (004260e8)00402A56   mov         edx,dword ptr [ebp-10h]00402A59   mov         eax,dword ptr [edx-1Ch]00402A5C   mov         ecx,dword ptr [eax+4]00402A5F   mov         edx,dword ptr [ebp-10h]00402A62   mov         dword ptr [edx+ecx-1Ch],offset CSofaBed::`vftable' (004260dc)00402A6A   mov         dword ptr [ebp-4],077:           printf("virtual ~CSofaBed\n");00402A71   push        offset string "virtual ~CSofaBed\n" (00426230)00402A76   call        printf (00403020)00402A7B   add         esp,478:       }00402A7E   mov         eax,dword ptr [ebp-10h]00402A81   sub         eax,20h00402A84   test        eax,eax00402A86   je          CSofaBed::~CSofaBed+83h (00402a93)00402A88   mov         ecx,dword ptr [ebp-10h]00402A8B   sub         ecx,14h00402A8E   mov         dword ptr [ebp-14h],ecx00402A91   jmp         CSofaBed::~CSofaBed+8Ah (00402a9a)00402A93   mov         dword ptr [ebp-14h],000402A9A   mov         ecx,dword ptr [ebp-14h]00402A9D   add         ecx,10h00402AA0   call        @ILT+205(CBed::~CBed) (004010d2)00402AA5   mov         dword ptr [ebp-4],0FFFFFFFFh00402AAC   mov         ecx,dword ptr [ebp-10h]00402AAF   sub         ecx,14h00402AB2   call        @ILT+280(CSofa::~CSofa) (0040111d)00402AB7   mov         ecx,dword ptr [ebp-0Ch]00402ABA   mov         dword ptr fs:[0],ecx00402AC1   pop         edi00402AC2   pop         esi00402AC3   pop         ebx00402AC4   add         esp,54h00402AC7   cmp         ebp,esp00402AC9   call        __chkesp (00402ef0)00402ACE   mov         esp,ebp00402AD0   pop         ebp00402AD1   ret79:       virtual int SitDown()80:       {00402860   push        ebp00402861   mov         ebp,esp00402863   sub         esp,44h00402866   push        ebx00402867   push        esi00402868   push        edi00402869   push        ecx0040286A   lea         edi,[ebp-44h]0040286D   mov         ecx,11h00402872   mov         eax,0CCCCCCCCh00402877   rep stos    dword ptr [edi]00402879   pop         ecx0040287A   mov         dword ptr [ebp-4],ecx81:           return printf("Sit Down on the sofa bed\n");0040287D   push        offset string "Sit Down on the sofa bed\n" (004261ec)00402882   call        printf (00403020)00402887   add         esp,482:       }0040288A   pop         edi0040288B   pop         esi0040288C   pop         ebx0040288D   add         esp,44h00402890   cmp         ebp,esp00402892   call        __chkesp (00402ef0)00402897   mov         esp,ebp00402899   pop         ebp0040289A   ret83:       virtual int Sleep()84:       {004028B0   push        ebp004028B1   mov         ebp,esp004028B3   sub         esp,44h004028B6   push        ebx004028B7   push        esi004028B8   push        edi004028B9   push        ecx004028BA   lea         edi,[ebp-44h]004028BD   mov         ecx,11h004028C2   mov         eax,0CCCCCCCCh004028C7   rep stos    dword ptr [edi]004028C9   pop         ecx004028CA   mov         dword ptr [ebp-4],ecx85:           return printf("go to sleep on the sofa bed\n");004028CD   push        offset string "go to sleep on the sofa bed\n" (0042620c)004028D2   call        printf (00403020)004028D7   add         esp,486:       }004028DA   pop         edi004028DB   pop         esi004028DC   pop         ebx004028DD   add         esp,44h004028E0   cmp         ebp,esp004028E2   call        __chkesp (00402ef0)004028E7   mov         esp,ebp004028E9   pop         ebp004028EA   ret87:       virtual int GetHeight()88:       {00402900   push        ebp00402901   mov         ebp,esp00402903   sub         esp,44h00402906   push        ebx00402907   push        esi00402908   push        edi00402909   push        ecx0040290A   lea         edi,[ebp-44h]0040290D   mov         ecx,11h00402912   mov         eax,0CCCCCCCCh00402917   rep stos    dword ptr [edi]00402919   pop         ecx0040291A   mov         dword ptr [ebp-4],ecx89:           return m_nHeight;0040291D   mov         eax,dword ptr [ebp-4]00402920   mov         eax,dword ptr [eax+1Ch]90:       }00402923   pop         edi00402924   pop         esi00402925   pop         ebx00402926   mov         esp,ebp00402928   pop         ebp00402929   ret91:   protected:92:       int m_nHeight;93:   };94:95:   int main()96:   {004105F0   push        ebp004105F1   mov         ebp,esp004105F3   sub         esp,80h004105F9   push        ebx004105FA   push        esi004105FB   push        edi004105FC   lea         edi,[ebp-80h]004105FF   mov         ecx,20h00410604   mov         eax,0CCCCCCCCh00410609   rep stos    dword ptr [edi]97:       CSofaBed SofaBed;0041060B   push        1构造标志,构造祖父类0041060D   lea         ecx,[ebp-28h]00410610   call        @ILT+25(CSofaBed::CSofaBed) (0040101e)98:       CFurniture * pFurniture = &SofaBed;00410615   lea         eax,[ebp-28h] EAX = 0018FF2000410618   test        eax,eax0041061A   jne         main+35h (00410625)0041061C   mov         dword ptr [ebp-3Ch],000410623   jmp         main+42h (00410632)00410625   mov         ecx,dword ptr [ebp-24h] ECX = 0042611000410628   mov         edx,dword ptr [ecx+4][ecx+4] = 20041062B   lea         eax,[ebp+edx-24h]0041062F   mov         dword ptr [ebp-3Ch],eax00410632   mov         ecx,dword ptr [ebp-3Ch]00410635   mov         dword ptr [ebp-2Ch],ecx99:       CSofa * pSofa = &SofaBed;00410638   lea         edx,[ebp-28h]0041063B   mov         dword ptr [ebp-30h],edx100:      CBed * pBed = &SofaBed;0041063E   lea         eax,[ebp-28h]00410641   test        eax,eax00410643   je          main+5Dh (0041064d)00410645   lea         ecx,[ebp-1Ch]ECX = 0018FF2C 00410648   mov         dword ptr [ebp-40h],ecx0041064B   jmp         main+64h (00410654)0041064D   mov         dword ptr [ebp-40h],000410654   mov         edx,dword ptr [ebp-40h]EDX = 0018FF2C00410657   mov         dword ptr [ebp-34h],edxE8 60 42 00101:      return 0;0041065A   mov         dword ptr [ebp-38h],000410661   lea         ecx,[ebp-28h]00410664   call        @ILT+40(CSofaBed::`vbase destructor') (0040102d)00410669   mov         eax,dword ptr [ebp-38h]102:  }0041066C   pop         edi0041066D   pop         esi0041066E   pop         ebx0041066F   add         esp,80h00410675   cmp         ebp,esp00410677   call        __chkesp (00402ef0)0041067C   mov         esp,ebp0041067E   pop         ebp0041067F   retCSof<pre name="code" class="plain">下面是内存结构分析  对应一条或几条汇编代码 EAX = 0018FF200018FF20  F4 60 42 00 10 61 42 00 02 00 00  鬬B..aB....0018FF2B  00 E8 60 42 00 04 61 42 00 02 00  .鑐B..aB...0018FF36  00 00 01 00 00 00 06 00 00 00 DC  ...........00410625   mov         ecx,dword ptr [ebp-24h] ECX = 0042611000426105  FF FF FF 10 00 00 00 00 00 00 00  ...........00426110  FC FF FF FF 1C 00 00 00 00 00 00  ...........0042611B  00 EB 10 40 00 F0 10 40 00 00 00  ...@...@...00426126  00 00 76 69 72 74 75 61 6C 20 7E  ..virtual ~00426131  43 46 75 72 6E 69 74 75 72 65 28  CFurniture(0042613C  29 0A 00 00 00 00 00 00 9B 10 40  ).........@00426147  00 F0 10 40 00 00 00 00 00 8C 10  ...@.......00426152  40 00 41 10 40 00 00 00 00 00 FC  @.A.@......0042615D  FF FF FF 08 00 00 00 00 00 00 00  ...........00426168  76 69 72 74 75 61 6C 20 7E 43 53  virtual ~CS00426173  6F 66 61 28 29 0A 00 00 00 00 00  ofa()......0042617E  00 00 53 69 74 20 64 6F 77 6E 20  ..Sit down 00426189  61 6E 64 20 72 65 73 74 20 79 6F  and rest yo00426194  75 72 20 6C 65 67 73 0A 00 00 00  ur legs....0042619F  00 00 00 00 00 0E 11 40 00 F0 10  .......@...004261AA  40 00 00 00 00 00 CD 10 40 00 D7  @.......@..004261B5  10 40 00 00 00 00 00 FC FF FF FF  .@.........004261C0  0C 00 00 00 00 00 00 00 67 6F 20  ........go 004261CB  74 6F 20 73 6C 65 65 70 21 0A 00  to sleep!..004261D6  00 00 76 69 72 74 75 61 6C 20 7E  ..virtual ~004261E1  43 42 65 64 28 29 0A 00 00 00 00  CBed().....004261EC  53 69 74 20 44 6F 77 6E 20 6F 6E  Sit Down on004261F7  20 74 68 65 20 73 6F 66 61 20 62   the sofa b00426202  65 64 0A 00 00 00 00 00 00 00 67  ed........g0042620D  6F 20 74 6F 20 73 6C 65 65 70 20  o to sleep 00426218  6F 6E 20 74 68 65 20 73 6F 66 61  on the sofa00426223  20 62 65 64 0A 00 00 00 00 00 00   bed.......0042622E  00 00 76 69 72 74 75 61 6C 20 7E  ..virtual ~00426239  43 53 6F 66 61 42 65 64 0A 00 00  CSofaBed...00426244  00 00 00 00 69 33 38 36 5C 63 68  ....i386\ch0042624F  6B 65 73 70 2E 63 00 00 00 00 00  kesp.c.....0042625A  00 00 54 68 65 20 76 61 6C 75 65  ..The value00426265  20 6F 66 20 45 53 50 20 77 61 73   of ESP was00426270  20 6E 6F 74 20 70 72 6F 70 65 72   not proper0042627B  6C 79 20 73 61 76 65 64 20 61 63  ly saved ac00426286  72 6F 73 73 20 61 20 66 75 6E 63  ross a func00426291  74 69 6F 6E 20 63 61 6C 6C 2E 20  tion call. 0042629C  20 54 68 69 73 20 69 73 20 75 73   This is us004262A7  75 61 6C 6C 79 20 61 20 72 65 73  ually a res004262B2  75 6C 74 20 6F 66 20 63 61 6C 6C  ult of call004262BD  69 6E 67 20 61 20 66 75 6E 63 74  ing a funct004262C8  69 6F 6E 20 64 65 63 6C 61 72 65  ion declare004262D3  64 20 77 69 74 68 20 6F 6E 65 20  d with one 004262DE  63 61 6C 6C 69 6E 67 20 63 6F 6E  calling con004262E9  76 65 6E 74 69 6F 6E 20 77 69 74  vention wit004262F4  68 20 61 20 66 75 6E 63 74 69 6F  h a functio004262FF  6E 20 70 6F 69 6E 74 65 72 20 64  n pointer d0042630A  65 63 6C 61 72 65 64 20 77 69 74  eclared wit00426315  68 20 61 20 64 69 66 66 65 72 65  h a differe00426320  6E 74 20 63 61 6C 6C 69 6E 67 20  nt calling 0042632B  63 6F 6E 76 65 6E 74 69 6F 6E 2E  convention.00426336  20 00 70 72 69 6E 74 66 2E 63 00   .printf.c.00426341  00 00 00 66 6F 72 6D 61 74 20 21  ...format !0042634C  3D 20 4E 55 4C 4C 00 00 64 62 67  = NULL..dbg00426357  64 65 6C 2E 63 70 70 00 00 5F 42  del.cpp.._B00426362  4C 4F 43 4B 5F 54 59 50 45 5F 49  LOCK_TYPE_I0042636D  53 5F 56 41 4C 49 44 28 70 48 65  S_VALID(pHe00426378  61 64 2D 3E 6E 42 6C 6F 63 6B 55  ad->nBlockU00426383  73 65 29 00 00 FF FF FF FF 38 32  se)......820042638E  40 00 53 32 40 00 00 00 00 00 FF  @.S2@......00426399  FF FF FF D9 38 40 00 E6 38 40 00  ....8@..8@.004263A4  00 00 00 00 FF FF FF FF 00 00 00  ...........004263AF  00 03 3B 40 00 00 00 00 00 C4 3A  ..;@......:004263BA  40 00 D1 3A 40 00 FF FF FF FF 2C  @..:@.....,004263C5  3E 40 00 32 3E 40 00 00 00 00 00  >@.2>@.....004263D0  FF FF FF FF AE 3E 40 00 BD 3E 40  .....>@..>@0018FF1C  CC CC CC CC F4 60 42 00 10 61 42  烫烫鬬B..aBebp-24h  004261100018FF27  00 02 00 00 00 E8 60 42 00 04 61  .....鑐B..a0018FF32  42 00 02 00 00 00 01 00 00 00 06  B..........0018FF3D  00 00 00 DC 60 42 00 03 00 00 00  ...躟B.....0018FF48  88 FF 18 00 29 32 40 00 01 00 00  ....)2@....0018FF53  00 A8 19 52 00 20 1A 52 00 00 00  ...R. .R...0018FF5E  00 00 00 00 00 00 00 E0 FD 7E 00  .......帻~.0018FF69  00 00 00 00 00 00 00 5C FF 18 00  .......\...0018FF74  00 00 00 00 C4 FF 18 00 70 8E 40  ........p嶡0018FF7F  00 88 63 42 00 00 00 00 00 94 FF  .坈B.......0018FF8A  18 00 CA 33 3E 75 00 E0 FD 7E D4  ...3>u.帻~.0018FF95  FF 18 00 D2 9E 4E 77 00 E0 FD 7E  ...覟Nw.帻~0018FFA0  0E 75 4A 77 00 00 00 00 00 00 00  .uJw.......0018FFAB  00 00 E0 FD 7E 00 00 00 00 00 00  ..帻~......0018FFB6  00 00 00 00 00 00 A0 FF 18 00 00  ...........0018FFC1  00 00 00 FF FF FF FF CD 1E 52 77  .........Rw0018FFCC  FA 4F 1F 00 00 00 00 00 EC FF 18  鶲.........0018FFD7  00 A5 9E 4E 77 40 31 40 00 00 E0  .Nw@1@...0018FFE2  FD 7E 00 00 00 00 00 00 00 00 00  齸.........0018FFED  00 00 00 00 00 00 00 40 31 40 00  .......@1@.0018FFF8  00 E0 FD 7E 00 00 00 00 41 63 74  .帻~....Act00190003  78 20 00 00 00 01 00 00 00 0C 33  x ........30019000E  00 00 DC 00 00 00 00 00 00 00 20  .......... 00426109  00 00 00 00 00 00 00 FC FF FF FF  ...........00426114  1C 00 00 00 00 00 00 00 EB 10 40  ..........@0042611F  00 F0 10 40 00 00 00 00 00 76 69  ...@.....vi00410625   mov         ecx,dword ptr [ebp-24h]00410628   mov         edx,dword ptr [ecx+4]edx = 1ch  [ecx+4]是取其中内容0018FF24  10 61 42 00 02 00 00 00 E8 60 42  .aB.....鑐B0018FF2F  00 04 61 42 00 02 00 00 00 01 00  ..aB.......0018FF3A  00 00 06 00 00 00 DC 60 42 00 03  ......躟B..祖父类首地址004260dc0018FF45  00 00 00 88 FF 18 00 29 32 40 00  .......)2@.0018FF50  01 00 00 00 A8 19 52 00 20 1A 52  ......R. .R0041062B   lea         eax,[ebp+edx-24h] EAX = 0018FF40是取[ebp+edx-24h]内容所在地址,即是??_7CSofaBed@@6BCFurniture@@@:004260DC   xor         dl,byte ptr [eax]004260DE   inc         eax004260DF   add         al,dh004260E1   adc         byte ptr [eax],al004260E4   add         byte ptr [eax],al004260E6   add         byte ptr [eax],alebp+edx-24h的值??_7CSofaBed@@6BCBed@@@:004260E8   int         10hCBed虚函数表地址004260EA   inc         eax004260EB   add         byte ptr [eax+10h],bh004260EE   inc         eax004260EF   add         byte ptr [eax],al004260F1   add         byte ptr [eax],al004260F3   add         byte ptr [eax+edx+10050040h],cl004260FA   inc         eax004260FB   add         ah,bl004260FD   adc         byte ptr [eax],al00426100   add         byte ptr [eax],al00426102   add         byte ptr [eax],al??_8CSofaBed@@7BCSofa@@@:Sofa父类00426110   cld00426111   ???00426112   ???00426113   call        fword ptr [eax+eax]00426116   add         byte ptr [eax],al00426118   add         byte ptr [eax],al0042611A   add         byte ptr [eax],al??_8CSofaBed@@7BCBed@@@:00426104   cld00426105   ???00426106   ???00426107   call        dword ptr [eax]00426109   add         byte ptr [eax],al0042610B   add         byte ptr [eax],al0042610D   add         byte ptr [eax],al0042610F   add         ah,bh00426111   ???00426112   ???00426113   call        fword ptr [eax+eax]00426116   add         byte ptr [eax],al00426118   add         byte ptr [eax],al0042611A   add         byte ptr [eax],al0018FF03  CC CC CC CC CC CC CC CC CC 40 FF  烫烫烫烫藹.0018FF0E  18 00 CC CC CC CC CC CC CC CC CC  ..烫烫烫烫.0018FF19  CC CC CC CC CC CC CC F4 60 42 00  烫烫烫挑`B.0018FF24  10 61 42 00 02 00 00 00 E8 60 42  .aB.....鑐B0018FF2F  00 04 61 42 00 02 00 00 00 01 00  ..aB.......00410635   mov         dword ptr [ebp-2Ch],ecx0018FF19  CC CC CC 40 FF 18 00 F4 60 42 00  烫藹...鬬B.0018FF24  10 61 42 00 02 00 00 00 E8 60 42  .aB.....鑐B??_7CSofaBed@@6BCSofa@@@:CSofa虚函数基地址004260F4   mov         word ptr [eax],ss004260F6   inc         eax004260F7   add         byte ptr ds:[0DC004010h],al004260FD   adc         byte ptr [eax],al00426100   add         byte ptr [eax],al00426102   add         byte ptr [eax],al0041063B   mov         dword ptr [ebp-30h],edx100:      CBed * pBed = &SofaBed;0041063E   lea         eax,[ebp-28h]0018FF0E  18 00 CC CC CC CC CC CC CC CC 20  ..烫烫烫烫 0018FF19  FF 18 00 40 FF 18 00 F4 60 42 00  ...@...鬬B.0018FF24  10 61 42 00 02 00 00 00 E8 60 42  .aB.....鑐B00410645   lea         ecx,[ebp-1Ch] ECX = 0018FF2C ebp-24h ebp-1ch  8byte0041064D   mov         dword ptr [ebp-40h],000410654   mov         edx,dword ptr [ebp-40h]EDX = 0018FF2C101:      pFurniture->m_nPrice = 88;0041065A   mov         eax,dword ptr [ebp-2Ch]0041065D   mov         dword ptr [eax+4],58h102:      pSofa->m_nColor = 8;00410664   mov         ecx,dword ptr [ebp-30h]00410667   mov         dword ptr [ecx+8],8103:      pSofa->m_nPrice = 90;0041066E   mov         edx,dword ptr [ebp-30h]00410671   mov         eax,dword ptr [edx+4]00410674   mov         ecx,dword ptr [eax+4]00410677   mov         edx,dword ptr [ebp-30h]0041067A   mov         dword ptr [edx+ecx+8],5Ah104:      pBed->m_nLength = 13;00410682   mov         eax,dword ptr [ebp-34h]00410685   mov         dword ptr [eax+8],0Dh105:      pBed->m_nWidth = 66;0041068C   mov         ecx,dword ptr [ebp-34h]0041068F   mov         dword ptr [ecx+0Ch],42h106:      SofaBed.m_nHeight = 45;00410696   mov         dword ptr [ebp-0Ch],2Dh107:      return 0;0041069D   mov         dword ptr [ebp-38h],0004106A4   lea         ecx,[ebp-28h]004106A7   call        @ILT+40(CSofaBed::`vbase destructor') (0040102d)004106AC   mov         eax,dword ptr [ebp-38h]108:  } EBP = 0018FF48ebp-2ch0x18ff1c EAX = 0018FF40 0041065D   mov         dword ptr [eax+4],58h0018FF1C  40 FF 18 00 F4 60 42 00 10 61 42  @...鬬B..aB0018FF27  00 02 00 00 00 E8 60 42 00 04 61  .....鑐B..a0018FF32  42 00 02 00 00 00 01 00 00 00 06  B..........0018FF3D  00 00 00 DC 60 42 00 58 00 00 00  ...躟B.X...0x580018FF48  88 FF 18 00 29 32 40 00 01 00 00  ....)2@....0018FF53  00 B8 19 87 00 30 1A 87 00 00 00  .....0.....00410664   mov         ecx,dword ptr [ebp-30h]ECX = 0018FF2000410667   mov         dword ptr [ecx+8],80018FF11  CC CC CC 2C FF 18 00 20 FF 18 00  烫.,... ...0018FF1C  40 FF 18 00 F4 60 42 00 10 61 42  @...鬬B..aB0018FF27  00 08 00 00 00 E8 60 42 00 04 61  .....鑐B..a0x080018FF32  42 00 02 00 00 00 01 00 00 00 06  B..........0018FF3D  00 00 00 DC 60 42 00 58 00 00 00  ...躟B.X...0018FF48  88 FF 18 00 29 32 40 00 01 00 00  ....)2@....0018FF53  00 B8 19 87 00 30 1A 87 00 00 00  .....0.....0041066E   mov         edx,dword ptr [ebp-30h]EDX = 0018FF2000410671   mov         eax,dword ptr [edx+4]EAX = 0042611000410674   mov         ecx,dword ptr [eax+4] ECX = 0000001C 0041067A   mov         dword ptr [edx+ecx+8],5Ah0018FF11  CC CC CC 2C FF 18 00 20 FF 18 00  烫.,... ...0018FF1C  40 FF 18 00 F4 60 42 00 10 61 42  @...鬬B..aB0018FF27  00 08 00 00 00 E8 60 42 00 04 61  .....鑐B..a0018FF32  42 00 02 00 00 00 01 00 00 00 06  B..........0018FF3D  00 00 00 DC 60 42 00 5A 00 00 00  ...躟B.Z...0x5a 900018FF48  88 FF 18 00 29 32 40 00 01 00 00  ....)2@....0018FF53  00 B8 19 87 00 30 1A 87 00 00 00  .....0..... EAX = 00426110 EBX = 7EFDE000 ECX = 0000001C EDX = 0018FF20 ESI = 00000000 EDI = 0018FF48 EIP = 00410682 ESP = 0018FEBC EBP = 0018FF48 EFL = 0000020200410682   mov         eax,dword ptr [ebp-34h]00410685   mov         dword ptr [eax+8],0Dh0018FF1C  40 FF 18 00 F4 60 42 00 10 61 42  @...鬬B..aB0018FF27  00 08 00 00 00 E8 60 42 00 04 61  .....鑐B..a0018FF32  42 00 0D 00 00 00 01 00 00 00 06  B..........0018FF3D  00 00 00 DC 60 42 00 5A 00 00 00  ...躟B.Z...0018FF48  88 FF 18 00 29 32 40 00 01 00 00  ....)2@....0018FF53  00 B8 19 87 00 30 1A 87 00 00 00  .....0.....0018FF5E  00 00 00 00 00 00 00 E0 FD 7E 00  .......帻~.104:      pBed->m_nLength = 13;00410682   mov         eax,dword ptr [ebp-34h]00410685   mov         dword ptr [eax+8],0Dh105:      pBed->m_nWidth = 66;0041068C   mov         ecx,dword ptr [ebp-34h]0041068F   mov         dword ptr [ecx+0Ch],42h106:      SofaBed.m_nHeight = 45;00410696   mov         dword ptr [ebp-0Ch],2Dh107:      return 0;0041069D   mov         dword ptr [ebp-38h],0 EAX = 0018FF2C EBX = 7EFDE000 ECX = 0018FF2C EDX = 0018FF20 ESI = 00000000 EDI = 0018FF48 EIP = 004106A4 ESP = 0018FEBC EBP = 0018FF48 EFL = 000002020018FF06  CC CC 2C FF 18 00 40 FF 18 00 00  烫,...@....0018FF11  00 00 00 2C FF 18 00 20 FF 18 00  ...,... ...0018FF1C  40 FF 18 00 F4 60 42 00 10 61 42  @...鬬B..aB0018FF27  00 08 00 00 00 E8 60 42 00 04 61  .....鑐B..a0018FF32  42 00 0D 00 00 00 42 00 00 00 2D  B.....B...-m_nHeight = 45;0018FF3D  00 00 00 DC 60 42 00 5A 00 00 00  ...躟B.Z...0018FF48  88 FF 18 00 29 32 40 00 01 00 00  ....)2@....0018FF06  CC CC 2C FF 18 00 40 FF 18 00 00 00 00 00 烫,...@....2C FF 18 00 20 FF 18 00  ...,... ...0018FF1C  40 FF 18 00 F4 60 42 00 this指针 ebp-28hebp xx48010 61 42 00 @...鬬B..aB 08 00 00 00 pSofa->m_nColor = 8;E8 60 42 00 04 61 42 00   .....鑐B..a0D 00 00 00 pBed->m_nLength = 13;42 00 00 00 pBed->m_nWidth = 66;2D 00 00 00  B.....B...-SofaBed.m_nHeight = 45;DC 60 42 00 5A 00 00 00  ...躟B.Z...pSofa->m_nPrice = 90;覆盖880018FF48  88 FF 18 00 29 32 40 00 01 00 00  ....)2@....class CSofaBed : public CSofa , public CBed{public:class CFurniture{public:int m_nPrice;};class CSofa : virtual public CFurniture{public:int m_nColor;};class CBed : virtual public CFurniture{public:int m_nLength;int m_nWidth;};public:int m_nHeight;};F4 60 42 00 this指针 ebp-28hebp xx48h第一个基类以定义的虚函数10 61 42 00 @...鬬B..aB CSofa数据区域08 00 00 00 pSofa->m_nColor = 8;E8 60 42 00第二个父类以定义的虚函数 04 61 42 00   .....鑐B..a第二个父类区域0D 00 00 00 pBed->m_nLength = 13;42 00 00 00 pBed->m_nWidth = 66;2D 00 00 00  B.....B...-SofaBed.m_nHeight = 45;本类成员变量区域DC 60 42 00 祖父类数据区域5A 00 00 00  ...躟B.Z...pSofa->m_nPrice = 90;覆盖88004260E4  00000000  004010CD  00401078  00000000  004260F4  0040108C  00401005  004010DC  00000000  所有虚函数地址,以0结束。00426104  FFFFFFFC  00000010  00000000  FFFFFFFC  00426114  0000001C  00000000  004010EB  004010F0  00426124  00000000  74726976  206C6175  7546437E00410615   lea         eax,[ebp-28h]@ILT+135(?GeyColor@CSofa@@UAEHXZ):0040108C   jmp         CSofa::GeyColor (00402460)   虚函数表地址0018FF20  004260F4  00426110  00000002  004260E8  0018FF30  00426104  00000002  00000001  00000006  0018FF40  004260DC  00000003  0018FF88  00403229  0018FF50  00000001  001F19B8  001F1A30  00000000  @ILT+200(?GetArea@CBed@@UAEHXZ):004010CD   jmp         CBed::GetArea (00402690)004260C4  206C6175  6C696863  00000A64  00000000  004260D4  00401118  00403130  00401032  004010F0  004260E4  00000000  004010CD  00401078  00000000  004260F4  0040108C  00401005  004010DC  00000000  00426104  FFFFFFFC  00000010  00000000  FFFFFFFC  00426114  0000001C  00000000  004010EB  004010F0  00426124  00000000  74726976  206C6175  7546437EFFFFFFFC  00000010  00000000表示没有。空表。虚表地址都一样,static存储结构。同类对象共享一个虚表。004020F2   mov         dword ptr [eax+4],offset CSofaBed::`vbtable' (00426110)004020F9   mov         ecx,dword ptr [ebp-10h]0018FF20  CCCCCCCC  00426110  CCCCCCCC  CCCCCCCC  0018FF30  CCCCCCCC  CCCCCCCC  CCCCCCCC  CCCCCCCC  0018FF40  CCCCCCCC  CCCCCCCC  0018FF88  00403229  0018FF50  00000001  002819B8  00281A30  000000000018FF60  00000000  7EFDE000  00000000  0000000000426100  0040114A  FFFFFFFC  00000010  00000000  00426110  FFFFFFFC  0000001C  00000000  004010EB  00426120  004010F0  00000000  74726976  206C61750018FF20  CCCCCCCC  00426110  CCCCCCCC  CCCCCCCC  0018FF30  00426104  CCCCCCCC  CCCCCCCC  CCCCCCCC  0018FF40  CCCCCCCC  CCCCCCCC  0018FF88  00403229  0018FF50  00000001  002819B8  00281A30  00000000004020FC   mov         dword ptr [ecx+10h],offset CSofaBed::`vbtable' (00426104)004260F4  0040108C  00401005  004010DC  0040114A  00426104  FFFFFFFC  00000010  00000000  FFFFFFFC  00426114  0000001C  00000000  004010EB  004010F05:        CFurniture()004021D0   push        ebp004021D1   mov         ebp,esp004021D3   sub         esp,44h004021D6   push        ebx004021D7   push        esi004021D8   push        edi004021D9   push        ecx004021DA   lea         edi,[ebp-44h]004021DD   mov         ecx,11h004021E2   mov         eax,0CCCCCCCCh004021E7   rep stos    dword ptr [edi]004021E9   pop         ecx004021EA   mov         dword ptr [ebp-4],ecx004021ED   mov         eax,dword ptr [ebp-4]004021F0   mov         dword ptr [eax],offset CFurniture::`vftable' (0042611c)0018FF400018FF20  CCCCCCCC  00426110  CCCCCCCC  CCCCCCCC  0018FF30  00426104  CCCCCCCC  CCCCCCCC  CCCCCCCC  0018FF40  0042611C  CCCCCCCC  0018FF88  004032290042611C  004010EB  004010F0  00000000  74726976  0042612C  206C6175  7546437E  74696E72  2865727500402378   mov         edx,dword ptr [ebp-4]0040237B   mov         dword ptr [edx],offset CSofa::`vftable' (00426150) EAX = CCCCCCCC EBX = 7EFDE000 ECX = 0018FF20 EDX = 0018FF20 ESI = 00000000 EDI = 0018FE44 EIP = 0040237B ESP = 0018FDF0 EBP = 0018FE44 EFL = 000002460018FF20  00426150  00426110  CCCCCCCC  CCCCCCCC  0018FF30  00426104  CCCCCCCC  CCCCCCCC  CCCCCCCC  0018FF40  0042611C  00000000  0018FF88  00403229  0018FF50  00000001  002819B8  00281A30  000000000040238A   mov         eax,dword ptr [ebp-4]0040238D   mov         dword ptr [eax+edx+4],offset CSofa::`vftable' (00426144)0018FF20  00426150  00426110  CCCCCCCC  CCCCCCCC  0018FF30  00426104  CCCCCCCC  CCCCCCCC  CCCCCCCC  0018FF40  00426144  00000000  0018FF88  00403229  0018FF50  00000001  002819B8  00281A30  0000000000402608   mov         edx,dword ptr [ebp-4]0040260B   mov         dword ptr [edx],offset CBed::`vftable' (004261b0) EAX = CCCCCCCC EBX = 7EFDE000 ECX = 0018FF2C EDX = 0018FF2C ESI = 00000000 EDI = 0018FE44 EIP = 00402611 ESP = 0018FDF0 EBP = 0018FE44 EFL = 000002460018FF20  00426150  00426110  00000002  004261B0  0018FF30  00426104  CCCCCCCC  CCCCCCCC  CCCCCCCC  0018FF40  00426144  00000001  0018FF88  00403229  0018FF50  00000001  002819B8  00281A30  0000000000402617   mov         edx,dword ptr [ecx+4]0040261A   mov         eax,dword ptr [ebp-4]0040261D   mov         dword ptr [eax+edx+4],offset CBed::`vftable' (004261a4)0018FF20  00426150  00426110  00000002  004261B0  0018FF30  00426104  CCCCCCCC  CCCCCCCC  CCCCCCCC  0018FF40  004261A4  00000001  0018FF88  00403229  0018FF50  00000001  002819B8  00281A30  000000000040213C   mov         eax,dword ptr [ebp-10h]0040213F   mov         dword ptr [eax],offset CSofaBed::`vftable' (004260f4)0018FF20  004260F4  00426110  00000002  004261B0  0018FF30  00426104  00000002  00000001  CCCCCCCC  0018FF40  004261A4  00000003  0018FF88  00403229  0018FF50  00000001  002819B8  00281A30  0000000000402145   mov         ecx,dword ptr [ebp-10h]00402148   mov         dword ptr [ecx+0Ch],offset CSofaBed::`vftable' (004260e8)0018FF20  004260F4  00426110  00000002  004260E8  0018FF30  00426104  00000002  00000001  CCCCCCCC  0018FF40  004261A4  00000003  0018FF88  00403229  0018FF50  00000001  002819B8  00281A30  0000000000402155   mov         ecx,dword ptr [eax+4]00402158   mov         edx,dword ptr [ebp-10h]0040215B   mov         dword ptr [edx+ecx+4],offset CSofaBed::`vftable' (004260dc)0018FF20  004260F4  00426110  00000002  004260E8  0018FF30  00426104  00000002  00000001  CCCCCCCC  0018FF40  004260DC  00000003  0018FF88  00403229  0018FF50  00000001  002819B8  00281A30  0000000000426084  00000000  0040100F  0040105F  004010C8  00426094  00000000  656D4143  61636972  0000006E  004260A4  00401091  0040105F  00401037  00000000  004260B4  72654743  006E616D  00000000  74726976  004260C4  206C6175  6C696863  00000A64  00000000  004260D4  00401118  00403130  00401032  004010F0祖父类  004260E4  00000000  004010CD  00401078  00000000  ~CBed004260F4  0040108C  00401005  004010DC  0040114A  ~CSofa00426104  FFFFFFFC  00000010  00000000  FFFFFFFC  CBed , CSofa00426114  0000001C  00000000  004010EB  004010F0  00426124  00000000  74726976  206C6175  7546437E  00426134  74696E72  28657275  00000A29  00000000  00426144  0040109B  004010F0  00000000  0040108C  00426154  00401041  00000000  FFFFFFFC  00000008  00426164  00000000  74726976  206C6175  6F53437E  00426174  29286166  0000000A  00000000  20746953  00426184  6E776F64  646E6120  73657220  6F792074  00426194  6C207275  0A736765  00000000  00000000  004261A4  0040110E  004010F0  00000000  004010CD  004261B4  004010D7  00000000  FFFFFFFC  0000000C  004261C4  00000000  74206F67  6C73206F  21706565  004261D4  0000000A  74726976  206C6175  6542437E  004261E4  0A292864  00000000  20746953  6E776F44  004261F4  206E6F20  20656874  61666F73  64656220  00426204  0000000A  00000000  74206F67  6C73206F  00426214  20706565  74206E6F  73206568  2061666FF4 60 42 00 this指针 ebp-28hebp xx48h第一个基类未定义的虚函数10 61 42 00 @...鬬B..aB CSofa数据区域08 00 00 00 pSofa->m_nColor = 8;E8 60 42 00第二个父类未定义的虚函数 04 61 42 00   .....鑐B..a第二个父类区域0D 00 00 00 pBed->m_nLength = 13;42 00 00 00 pBed->m_nWidth = 66;2D 00 00 00  B.....B...-SofaBed.m_nHeight = 45;本类成员变量区域DC 60 42 00 祖父类数据区域5A 00 00 00  ...躟B.Z...pSofa->m_nPrice = 90;覆盖880018FF20  004260F4  00426110  00000002  004260E8  0018FF30  00426104  00000002  00000001  00000006  0018FF40  004260DC  00000003  0018FF88  00403229  0018FF50  00000001  002819B8  00281A30  0000000000401005@ILT+0(?SitDown@CSofaBed@@UAEHXZ):00401005   jmp         CSofaBed::SitDown (00402860)0040114A   jmp         CSofaBed::Show (00402940)@ILT+0(?SitDown@CSofaBed@@UAEHXZ):00401005   jmp         CSofaBed::SitDown (00402860)@ILT+5(??_ECGerman@@UAEPAXI@Z):0040100A   jmp         CGerman::`scalar deleting destructor' (00401e80)@ILT+10(??_ECAmerican@@UAEPAXI@Z):0040100F   jmp         CAmerican::`scalar deleting destructor' (00401c90)@ILT+15(?SetNumber@CBase@@QAEXH@Z):00401014   jmp         CBase::SetNumber (004013c0)@ILT+20(?GetClassName@CChinese@@UAEPADXZ):00401019   jmp         CChinese::GetClassName (00401a60)@ILT+25(??0CSofaBed@@QAE@XZ):0040101E   jmp         CSofaBed::CSofaBed (004020b0)@ILT+30(??0CVirtualBase@@QAE@XZ):00401023   jmp         CVirtualBase::CVirtualBase (00402010)@ILT+35(??1CBase@@QAE@XZ):00401028   jmp         CBase::~CBase (00401530)@ILT+40(??_DCSofaBed@@QAEXXZ):0040102D   jmp         CSofaBed::`vbase destructor' (00402a10)@ILT+45(??_GCSofaBed@@UAEPAXI@Z):00401032   jmp         CSofaBed::`scalar deleting destructor' (004029b0)@ILT+50(?GetClassName@CGerman@@UAEPADXZ):00401037   jmp         CGerman::GetClassName (00401e40)@ILT+55(?ShowNumber@CDerive@@QAEXH@Z):0040103C   jmp         CDerive::ShowNumber (00401330)@ILT+60(?SitDown@CSofa@@UAEHXZ):00401041   jmp         CSofa::SitDown (004024a0)@ILT+65(??_DCSofa@@QAEXXZ):00401046   jmp         CSofa::`vbase destructor' (00402560)@ILT+70(??0CGerman@@QAE@XZ):0040104B   jmp         CGerman::CGerman (00401d00)@ILT+75(??0CAmerican@@QAE@XZ):00401050   jmp         CAmerican::CAmerican (00401b10)@ILT+80(??0CChinese@@QAE@XZ):00401055   jmp         CChinese::CChinese (00401750)@ILT+85(??_DCBed@@QAEXXZ):0040105A   jmp         CBed::`vbase destructor' (00402790)@ILT+90(?ShowSpeak@CPerson@@UAEXXZ):0040105F   jmp         CPerson::ShowSpeak (004018a0)@ILT+95(??_GCPerson@@UAEPAXI@Z):00401064   jmp         CPerson::`scalar deleting destructor' (00401950)@ILT+100(??1CPerson@@UAE@XZ):00401069   jmp         CPerson::~CPerson (00401850)@ILT+105(?GetNumber@CBase@@QAEHXZ):0040106E   jmp         CBase::GetNumber (00401400)@ILT+110(??0CDerive@@QAE@XZ):00401073   jmp         CDerive::CDerive (00401440)@ILT+115(?Sleep@CSofaBed@@UAEHXZ):00401078   jmp         CSofaBed::Sleep (004028b0)@ILT+120(??0CFurniture@@QAE@XZ):0040107D   jmp         CFurniture::CFurniture (004021d0)@ILT+125(?main4@@YAHXZ):00401082   jmp         main4 (00401690)@ILT+130(??1CGerman@@UAE@XZ):00401087   jmp         CGerman::~CGerman (00401da0)@ILT+135(?GeyColor@CSofa@@UAEHXZ):0040108C   jmp         CSofa::GeyColor (00402460)@ILT+140(??_ECGerman@@UAEPAXI@Z):00401091   jmp         CGerman::`scalar deleting destructor' (00401e80)@ILT+145(??1CDerive@@QAE@XZ):00401096   jmp         CDerive::~CDerive (004014e0)@ILT+150(??_ECSofa@@UAEPAXI@Z):0040109B   jmp         CSofa::`scalar deleting destructor' (004024f0)@ILT+155(??0CPerson@@QAE@XZ):004010A0   jmp         CPerson::CPerson (004017f0)@ILT+160(??_GCChinese@@UAEPAXI@Z):004010A5   jmp         CChinese::`scalar deleting destructor' (00401aa0)@ILT+165(??1CAmerican@@UAE@XZ):004010AA   jmp         CAmerican::~CAmerican (00401bb0)@ILT+170(?main2@@YAHXZ):004010AF   jmp         main2 (00401600)@ILT+175(??1CFurniture@@UAE@XZ):004010B4   jmp         CFurniture::~CFurniture (00402220)@ILT+180(?GetClassName@CPerson@@UAEPADXZ):004010B9   jmp         CPerson::GetClassName (00401910)@ILT+185(??1CChinese@@UAE@XZ):004010BE   jmp         CChinese::~CChinese (004019c0)@ILT+190(??_ECBed@@UAEPAXI@Z):004010C3   jmp         CBed::`scalar deleting destructor' (00402720)@ILT+195(?GetClassName@CAmerican@@UAEPADXZ):004010C8   jmp         CAmerican::GetClassName (00401c50)@ILT+200(?GetArea@CBed@@UAEHXZ):004010CD   jmp         CBed::GetArea (00402690)@ILT+205(??1CBed@@UAE@XZ):004010D2   jmp         CBed::~CBed (004027f0)@ILT+210(?Sleep@CBed@@UAEHXZ):004010D7   jmp         CBed::Sleep (004026d0)@ILT+215(?GetHeight@CSofaBed@@UAEHXZ):004010DC   jmp         CSofaBed::GetHeight (00402900)@ILT+220(??1CSofaBed@@UAE@XZ):004010E1   jmp         CSofaBed::~CSofaBed (004106d0)@ILT+225(_main):004010E6   jmp         main (004105f0)@ILT+230(??_GCFurniture@@UAEPAXI@Z):004010EB   jmp         CFurniture::`scalar deleting destructor' (004022c0)@ILT+235(?GetPrice@CFurniture@@UAEHXZ):004010F0   jmp         CFurniture::GetPrice (00402280)@ILT+240(??0CBase@@QAE@XZ):004010F5   jmp         CBase::CBase (00401490)@ILT+245(??0CSofa@@QAE@XZ):004010FA   jmp         CSofa::CSofa (00402330)@ILT+250(?main6@@YAHXZ):004010FF   jmp         main6 (00401ef0)@ILT+255(?main3@@YAHXZ):00401104   jmp         main3 (00401580)@ILT+260(??_ECSofa@@UAEPAXI@Z):00401109   jmp         CSofa::`scalar deleting destructor' (004024f0)@ILT+265(??_ECBed@@UAEPAXI@Z):0040110E   jmp         CBed::`scalar deleting destructor' (00402720)@ILT+270(?main1@@YAHHQAPAD@Z):00401113   jmp         main1 (00401290)@ILT+275(?show@CVirtualChild@@UAEXXZ):00401118   jmp         CVirtualChild::show (00401f60)@ILT+280(??1CSofa@@UAE@XZ):0040111D   jmp         CSofa::~CSofa (004023f0)@ILT+285(??0CBed@@QAE@XZ):00401122   jmp         CBed::CBed (004025c0)@ILT+290(??_ECAmerican@@UAEPAXI@Z):00401127   jmp         CAmerican::`scalar deleting destructor' (00401c90)@ILT+295(?speak@@YAXPAVCPerson@@@Z):0040112C   jmp         speak (00401640)@ILT+300(??_GCFurniture@@UAEPAXI@Z):00401131   jmp         CFurniture::`scalar deleting destructor' (004022c0)@ILT+305(??_GCPerson@@UAEPAXI@Z):00401136   jmp         CPerson::`scalar deleting destructor' (00401950)@ILT+310(??_GCSofaBed@@UAEPAXI@Z):0040113B   jmp         CSofaBed::`scalar deleting destructor' (004029b0)@ILT+315(??0CVirtualChild@@QAE@XZ):00401140   jmp         CVirtualChild::CVirtualChild (00401fb0)@ILT+320(??_GCChinese@@UAEPAXI@Z):00401145   jmp         CChinese::`scalar deleting destructor' (00401aa0)0040114A   jmp         CSofaBed::Show (00402940)@ILT+135(?GeyColor@CSofa@@UAEHXZ):0040108C   jmp         CSofa::GeyColor (00402460)@ILT+215(?GetHeight@CSofaBed@@UAEHXZ):004010DC   jmp         CSofaBed::GetHeight (00402900)0018FF0C  CCCCCCCC  CCCCCCCC  CCCCCCCC  0018FF18  00426110  CCCCCCCC  CCCCCCCC  00426110 00426104Sofa类虚表0018FF24  00426104  CCCCCCCC  CCCCCCCC  0018FF30  CCCCCCCC  0042611C  00000000  0042611c祖父类虚表0018FF3C  0018FF78  00414D69  FFFFFFFF  0018FF48  0018FF88  00403229  000000010018FF0C  CCCCCCCC  CCCCCCCC  00426150  004261500018FF18  00426110  CCCCCCCC  CCCCCCCC  0018FF24  00426104  CCCCCCCC  CCCCCCCC  0018FF30  CCCCCCCC  00426144  00000000  00426144 CSofa0018FF3C  0018FF78  00414D69  FFFFFFFF  0018FF48  0018FF88  00403229  000000010018FF0C  CCCCCCCC  CCCCCCCC  00426150  0018FF18  00426110  00000002  004261B0    004261b0 004261a4 CBed类虚函数表0018FF24  00426104  CCCCCCCC  CCCCCCCC  0018FF30  CCCCCCCC  004261A4  00000001  0018FF3C  0018FF78  00414D69  FFFFFFFF  0018FF48  0018FF88  00403229  000000010018FF0C  CCCCCCCC  CCCCCCCC  004260F4  004260F4 E8 DC CSofaBed类虚表0018FF18  00426110  00000002  004260E8  0018FF24  00426104  00000002  00000001  0018FF30  CCCCCCCC  004260DC  00000003  0018FF3C  0018FF78  00414D69  FFFFFFFF  0018FF48  0018FF88  00403229  00000001

aBed::`vbase destructor':004029B0 push ebp004029B1 mov ebp,esp004029B3 sub esp,44h004029B6 push ebx004029B7 push esi004029B8 push edi004029B9 push ecx004029BA lea edi,[ebp-44h]004029BD mov ecx,11h004029C2 mov eax,0CCCCCCCCh004029C7 rep stos dword ptr [edi]004029C9 pop ecx004029CA mov dword ptr [ebp-4],ecx004029CD mov ecx,dword ptr [ebp-4]004029D0 add ecx,20h004029D3 call @ILT+220(CSofaBed::~CSofaBed) (004010e1)004029D8 mov ecx,dword ptr [ebp-4]004029DB add ecx,20h004029DE call @ILT+175(CFurniture::~CFurniture) (004010b4)004029E3 pop edi004029E4 pop esi004029E5 pop ebx004029E6 add esp,44h004029E9 cmp ebp,esp004029EB call __chkesp (00402ef0)004029F0 mov esp,ebp004029F2 pop ebp004029F3 ret

                                             
        0        0           
	
				
		









 枪林弹雨刷枪软件视频
    		枪林弹雨刷枪软件视频



原创粉丝点击



		

热门IT博客


淘宝子账号怎么登录淘宝子账号怎么登录




沪江网校雅思 知乎沪江网校雅思 知乎




新疆人口增长表格数据




mac队装备书籍




杭州算法工程师招聘




家用动感单车品牌 知乎




合肥天盛网络怎么样




java 注解 value




苹果手机怎样开4g网络




vscode css智能提示




sql union all 去重




淘宝贷款是什么




豆瓣fm mac版




下载电视剧的软件




linux内核修改cpu频率




淘宝能卖什么东西




战地4同步云数据出错




淘宝买衣服怎么评价




mac桌面软件开发




易游网络验证破解教程



		

热门问题
    老师的惩罚
    人脸识别
    我在镇武司摸鱼那些年
    重生之率土为王
    我在大康的咸鱼生活
    盘龙之生命进化
    天生仙种
    凡人之先天五行
    春回大明朝
    姑娘不必设防,我是瞎子
    东北插班生
    叶辰与夏若雪免费阅读全
    下体
    儒道诸天
    上锁的房间
    我一座恐怖屋
    2019中文字字幕1页乱码
    草草在线草草在线2
    yy4080
    国安vs上港首发
    汽车大全
    日本一本a免费不卡
    a区美图
    91福利福区
    91k大神
    久久
    红旗h5
    5g手机
    声母表
    26个英文字母表
    中文字字幕
    19岁女孩又嫩又紧图片
    13岁小女生可以进去多深
    幼儿13一18处国产
    红旗
    阿拉善
    足球比分
    龙抬头
    蒲公英茶的功效与作用
    脂肪肝
    猛鬼山坟
    将进酒
    西瓜有皮不好吃 拜师九叔
    奥尔良烤鲟鱼堡 重燃
    魔女
    大自然风景
    德鲁纳酒店
    公积金贷款计算器
    黄历
    视力表
    劳斯莱斯


	










程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里