Date: Tue, 16 Apr 2024 23:43:41 +0100
On Tue, Apr 16, 2024 at 9:40 PM Thiago Macieira wrote:
>
> Ok, so maybe the hint is in the vftable instead of the typeinfo. If I force it
> to emit the vftable for Derived (https://msvc.godbolt.org/z/P4cPjE1rq), then
> we can follow:
> * the constructor (?0) loads the vftable (?_7)
> * the vftable has a link to ?_R4 ('RTTI Complete Object Locator')
I think the secret is to be found in disassembling the implementation
of "__RTDynamicCast" which is to be found inside "vcruntime140.dll".
You can see my initial attempt to convert it from x86_64 assembler
into C here:
https://lists.isocpp.org/std-proposals/2024/04/9546.php
> PS: Are those pointers 32-bit on a 64-bit system??
If you use Visual Studio 2022 to build your program as x86_32, then
they are just normal 32-Bit pointers. However if you build your
program as x86_64, then they are 32-Bit offsets which you add to the
return address from "GetModuleHandleA(nullptr)".
>
> Ok, so maybe the hint is in the vftable instead of the typeinfo. If I force it
> to emit the vftable for Derived (https://msvc.godbolt.org/z/P4cPjE1rq), then
> we can follow:
> * the constructor (?0) loads the vftable (?_7)
> * the vftable has a link to ?_R4 ('RTTI Complete Object Locator')
I think the secret is to be found in disassembling the implementation
of "__RTDynamicCast" which is to be found inside "vcruntime140.dll".
You can see my initial attempt to convert it from x86_64 assembler
into C here:
https://lists.isocpp.org/std-proposals/2024/04/9546.php
> PS: Are those pointers 32-bit on a 64-bit system??
If you use Visual Studio 2022 to build your program as x86_32, then
they are just normal 32-Bit pointers. However if you build your
program as x86_64, then they are 32-Bit offsets which you add to the
return address from "GetModuleHandleA(nullptr)".
Received on 2024-04-16 22:43:53