So maybe we could use 'std::dethunk' to de-thunk the function pointer.

    q = std::dethunk( p );

    if ( q == p )  cout << "It wasn't a thunk\n";

    else cout << "Actual function address: 0x" << hex << (void*)q << endl;

So then the question is how do we identify thunks at runtime? Well we could binary-search for the address in a global constexpr array of thunk addresses. Or alternatively we could precede every thunk with 8 identifying bytes something like:

    't' 'h' 'u' 'n' 'k' '\0' '\0' '\0'

Or maybe just identify the machine code of a thunk generated from the following assembler:

    add rdi, 8

    jmp ActualFunction

If it adds a constant to RDI and immediately jumps to a constant address then assume it to be a thunk (although this could be problematic if a non-thunk function which begins with a loop (and is misidentified as a thunk)).

I would really like to see a function to retrieve the function pointer from the vtable:

    class MyClass {  . . . };

    MyClass myobj;

    void (*p)(void) = std::devirtualise( &MyClass::SomeMethod, &myobj );

so then you could chain them:

    void (*p)(void) = std::dethunk( std::devirtualise( &MyClass::SomeMethod, &myobj ) );

On computers that don't use thunks, "std::dethunk" shall be optimised away to a nop.