CComObjectBase 和IUnknown 接口
2016-12-17 21:56
253 查看
CComObjectBase 和IUnknown
接口
`vftable'{for`Windows::COM::CComObjectBase'}
比 `vftable'{for`IUnknown'}
多一个函数:`vector deleting destructor'(unsignedint),且排在最前面。
那么,是否可以推定:Windows::COM::CComObjectBase
是继承了 IUnknown
接口,亦或 CComObjectBase
接口只有一个函数,即后面的三个实际上是下一组的虚函数。
当我们把能找到的虚函数组的地址排列在一起时,就会发现:虚函数组的地址从10003878
处开始向后连续存储,那么,判断一组虚函数到底有多少个虚函数,就可以用下一组虚函数的地址减去当前组虚函数的地址。
CComObjectBase 的
10006FC4,IUnknown
的地址是 10006FC8,两者的差为
4,即为一个字段的大小,因此,可以推断,CComObjectBase
接口只有一个函数。
同时,我们知道 IUnknown
接口有三个函数,那么,下一组虚函数的起始地址就应该是10006FC8 + 12,即
10006FD4。是这样吗?
是的,后面的两组虚函数就是这样。
但是,到 10006FE4
这里,出现的一些问题, 不再是 1、3、1、3…了。
10006FE4 的下一组是
1000700C,两者相差10
个字段的大小,那就说明有 10
个函数。是这样吗?
10006FE4 处是
Windows::ServicingAPI::CCSITransaction_ICSITransaction2,果然是有10
个函数。
因此,CComObjectBase
接口只有一个函数,即后面的三个实际上是下一组的虚函数。
//----- (10257DA4) --------------------------------------------------------
_DWORD *__thiscall Windows::Auto<Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>
*>::Allocate(_DWORD
*this)
{
v1 =this;
result =RtlAllocateHeap(*(HANDLE
*)(__readfsdword(48)
+
24), 0, 0x10u);
if (result
)
{
result[1]
=
0;
result[3]
=
0;
*result=
&Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vftable'{for`Windows::COM::CComObjectBase'};
result[2]
=
&Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vftable'{for`IUnknown'};
}
else
{
result =0;
}
*v1= result;
return result;
}
// 10006FC4: using guessed type int (__thiscall*Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vftable'{for`Windows::COM::CComObjectBase'})(Windows::COM::CComObjectBase *this, char);
// 10006FC8: using guessed type int (__stdcall*Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vftable'{for`IUnknown'})(int, struct _GUID *, void **);
//----- (10257DE0)--------------------------------------------------------
_DWORD *__thiscall Windows::Auto<Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>
*>::Allocate(_DWORD
*this)
{
v1 =this;
result =RtlAllocateHeap(*(HANDLE
*)(__readfsdword(48)
+
24), 0, 0x10u);
if (result
)
{
result[1]
=
0;
result[3]
=
0;
*result=
&Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vftable'{for`Windows::COM::CComObjectBase'};
result[2]
=
&Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vftable'{for`IUnknown'};
}
else
{
result =0;
}
*v1= result;
return result;
}
// 10006FD4: using guessed type int (__thiscall*Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vftable'{for`Windows::COM::CComObjectBase'})(Windows::COM::CComObjectBase *this, char);
// 10006FD8: using guessed type int (__stdcall*Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vftable'{for`IUnknown'})(int, struct _GUID *, void **);
接口
`vftable'{for`Windows::COM::CComObjectBase'}
比 `vftable'{for`IUnknown'}
多一个函数:`vector deleting destructor'(unsignedint),且排在最前面。
那么,是否可以推定:Windows::COM::CComObjectBase
是继承了 IUnknown
接口,亦或 CComObjectBase
接口只有一个函数,即后面的三个实际上是下一组的虚函数。
当我们把能找到的虚函数组的地址排列在一起时,就会发现:虚函数组的地址从10003878
处开始向后连续存储,那么,判断一组虚函数到底有多少个虚函数,就可以用下一组虚函数的地址减去当前组虚函数的地址。
CComObjectBase 的
10006FC4,IUnknown
的地址是 10006FC8,两者的差为
4,即为一个字段的大小,因此,可以推断,CComObjectBase
接口只有一个函数。
同时,我们知道 IUnknown
接口有三个函数,那么,下一组虚函数的起始地址就应该是10006FC8 + 12,即
10006FD4。是这样吗?
是的,后面的两组虚函数就是这样。
但是,到 10006FE4
这里,出现的一些问题, 不再是 1、3、1、3…了。
10006FE4 的下一组是
1000700C,两者相差10
个字段的大小,那就说明有 10
个函数。是这样吗?
10006FE4 处是
Windows::ServicingAPI::CCSITransaction_ICSITransaction2,果然是有10
个函数。
因此,CComObjectBase
接口只有一个函数,即后面的三个实际上是下一组的虚函数。
//----- (10257DA4) --------------------------------------------------------
_DWORD *__thiscall Windows::Auto<Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>
*>::Allocate(_DWORD
*this)
{
v1 =this;
result =RtlAllocateHeap(*(HANDLE
*)(__readfsdword(48)
+
24), 0, 0x10u);
if (result
)
{
result[1]
=
0;
result[3]
=
0;
*result=
&Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vftable'{for`Windows::COM::CComObjectBase'};
result[2]
=
&Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vftable'{for`IUnknown'};
}
else
{
result =0;
}
*v1= result;
return result;
}
// 10006FC4: using guessed type int (__thiscall*Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vftable'{for`Windows::COM::CComObjectBase'})(Windows::COM::CComObjectBase *this, char);
// 10006FC8: using guessed type int (__stdcall*Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vftable'{for`IUnknown'})(int, struct _GUID *, void **);
| 0x10006FC4 | {wcp.dll!const Windows::COM::CComObject<class Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vftable'{for `Windows::COM::CComObjectBase'}} {...} |
| 0x5be47cb0 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vector deleting destructor'(unsigned int)} |
| 0x5be48520 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::QueryInterface(struct _GUID const &,void * *)} |
| 0x5bca5f10 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CCDFEnumeratorHelper<struct IEnumCDF_APPID_TABLE_ITEM,class Windows::Cdf::Rtl::IRtlCdfAppIdTableEnumerator,class Windows::Cdf::Rtl::IRtlCdfAppIdTable,struct _CDF_APPID_TABLE_ITEM,8> >::AddRef(void)} |
| 0x5bc886e0 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CCDFEnumeratorHelper<struct IEnumCDF_APPID_TABLE_ITEM,class Windows::Cdf::Rtl::IRtlCdfAppIdTableEnumerator,class Windows::Cdf::Rtl::IRtlCdfAppIdTable,struct _CDF_APPID_TABLE_ITEM,8> >::Release(void)} |
| 0x10006FC8 | {wcp.dll!const Windows::COM::CComObject<class Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::`vftable'{for `IUnknown'}} {...} |
| 0x5be48520 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION2>::QueryInterface(struct _GUID const &,void * *)} |
| 0x5bca5f10 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CCDFEnumeratorHelper<struct IEnumCDF_APPID_TABLE_ITEM,class Windows::Cdf::Rtl::IRtlCdfAppIdTableEnumerator,class Windows::Cdf::Rtl::IRtlCdfAppIdTable,struct _CDF_APPID_TABLE_ITEM,8> >::AddRef(void)} |
| 0x5bc886e0 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CCDFEnumeratorHelper<struct IEnumCDF_APPID_TABLE_ITEM,class Windows::Cdf::Rtl::IRtlCdfAppIdTableEnumerator,class Windows::Cdf::Rtl::IRtlCdfAppIdTable,struct _CDF_APPID_TABLE_ITEM,8> >::Release(void)} |
_DWORD *__thiscall Windows::Auto<Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>
*>::Allocate(_DWORD
*this)
{
v1 =this;
result =RtlAllocateHeap(*(HANDLE
*)(__readfsdword(48)
+
24), 0, 0x10u);
if (result
)
{
result[1]
=
0;
result[3]
=
0;
*result=
&Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vftable'{for`Windows::COM::CComObjectBase'};
result[2]
=
&Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vftable'{for`IUnknown'};
}
else
{
result =0;
}
*v1= result;
return result;
}
// 10006FD4: using guessed type int (__thiscall*Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vftable'{for`Windows::COM::CComObjectBase'})(Windows::COM::CComObjectBase *this, char);
// 10006FD8: using guessed type int (__stdcall*Windows::COM::CComObject<Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vftable'{for`IUnknown'})(int, struct _GUID *, void **);
| 0x10006FD4 | {wcp.dll!const Windows::COM::CComObject<class Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vftable'{for `Windows::COM::CComObjectBase'}} {...} |
| 0x5be47d30 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vector deleting destructor'(unsigned int)} |
| 0x10006FD8 | {wcp.dll!const Windows::COM::CComObject<class Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::`vftable'{for `IUnknown'}} {...} |
| 0x5be48550 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CEnumCSI_PENDING_TRANSACTION>::QueryInterface(struct _GUID const &,void * *)} |
| 0x5bca5f10 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CCDFEnumeratorHelper<struct IEnumCDF_APPID_TABLE_ITEM,class Windows::Cdf::Rtl::IRtlCdfAppIdTableEnumerator,class Windows::Cdf::Rtl::IRtlCdfAppIdTable,struct _CDF_APPID_TABLE_ITEM,8> >::AddRef(void)} |
| 0x5bc886e0 | {wcp.dll!Windows::COM::CComObject<class Windows::ServicingAPI::CCDFEnumeratorHelper<struct IEnumCDF_APPID_TABLE_ITEM,class Windows::Cdf::Rtl::IRtlCdfAppIdTableEnumerator,class Windows::Cdf::Rtl::IRtlCdfAppIdTable,struct _CDF_APPID_TABLE_ITEM,8> >::Release(void)} |
| 0x10006fe4 | {const Windows::COM::CComObjectInterfaceTearOff<class Windows::ServicingAPI::CCSITransaction,class Windows::ServicingAPI::CCSITransaction_ICSITransaction2>::`vftable'} |
| 0x5be50960 | {Windows::COM::CComObjectInterfaceTearOff<class Windows::ServicingAPI::CCDFEnumeratorHelper<struct IEnumCDF_APPID_TABLE_ITEM,class Windows::Cdf::Rtl::IRtlCdfAppIdTableEnumerator,class Windows::Cdf::Rtl::IRtlCdfAppIdTable,struct _CDF_APPID_TABLE_ITEM,8>,class Windows::ServicingAPI::CCDFEnumeratorTearOffHelper<class Windows::ServicingAPI::CCDFEnumeratorHelper<struct IEnumCDF_APPID_TABLE_ITEM,class Windows::Cdf::Rtl::IRtlCdfAppIdTableEnumerator,class Windows::Cdf::Rtl::IRtlCdfAppIdTable,struct _CDF_APPID_TABLE_ITEM,8>,struct IEnumCDF_APPID_TABLE_ITEM,struct _CDF_APPID_TABLE_ITEM> >::QueryInterface(struct _GUID const &,void * *)} |
| 0x5bdd4b20 | {Windows::COM::CComObject<class HKCUSmartInstaller>::AddRef(void)} |
| 0x5bca4790 | {Windows::COM::CComObjectInterfaceTearOff<class Windows::ServicingAPI::CCSITransaction,class Windows::ServicingAPI::CCSITransaction_ICSITransaction2>::Release(void)} |
| 0x5be499f0 | {Windows::ServicingAPI::CCSITransaction_ICSITransaction2::AddFiles(unsigned long,unsigned long,struct IDefinitionIdentity * * const,unsigned short const * * const,unsigned short const * * const,unsigned long *,unsigned long *)} |
| 0x5be49410 | {Windows::ServicingAPI::CCSITransaction_ICSITransaction2::AddComponents(unsigned long,unsigned long,struct IDefinitionIdentity * * const,unsigned short const * * const,unsigned long *,unsigned long *)} |
| 0x5be4fc90 | {Windows::ServicingAPI::CCSITransaction_ICSITransaction2::Scavenge(unsigned long,void *,struct IDefinitionIdentity *,unsigned short const *,unsigned short const *,unsigned long *)} |
| 0x5be49f90 | {Windows::ServicingAPI::CCSITransaction_ICSITransaction2::Analyze(unsigned long,struct _GUID const &,struct IUnknown * *,unsigned long *)} |
| 0x5be4fd20 | {Windows::ServicingAPI::CCSITransaction_ICSITransaction2::UnstageDeploymentPayload(unsigned long,struct IDefinitionIdentity *,unsigned short const *,unsigned short const *,unsigned short const *,unsigned long *)} |
| 0x5be4efd0 | {Windows::ServicingAPI::CCSITransaction_ICSITransaction2::MarkDeploymentStaged(unsigned long,struct IDefinitionIdentity *,unsigned short const *,unsigned short const *,unsigned short const *,unsigned long *)} |
| 0x5be4f000 | {Windows::ServicingAPI::CCSITransaction_ICSITransaction2::MarkDeploymentUnstaged(unsigned long,struct IDefinitionIdentity *,unsigned short const *,unsigned short const *,unsigned short const *,unsigned long *)} |
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- guava之Objects和MoreObjects
- Object类equals方法示例
- Object类toString示例
- 【hql】A different object with the same identifier value was already associated with the session
- js用FileSystemObject 对象实现文件控制
- Object-C运行时(RunTime)机制访问隐藏成员变量
- typeof升级版,可以识别出array、object、null、nan、[]、{}
- div 被Object盖住的。解决办法
- Xamarin.Forms bug? System.ObjectDisposedException: Cannot access a disposed object
- 论文笔记《IS object localization for free? Weakly-supervised learning with convolutional neural network》
- java:用CountDownLatch.await替代Object.wait实现线程阻塞/唤醒
- Protect object from accidental deletion
- 实现一个函数clone,可以对JavaScript中的5种主要的数据类型(包括Number、String、Object、Array、Boolean)进行值复制。
- NSCFConstantString countByEate:objects:count:
- ObjectARX编程工具所有版本下载地址(最新含ObjectARX 2017)
- [Javascript] Combine Objects with Object.assign and Lodash merge
- cannot open shared object file: No such file or directory
- NSObject详解
- objc_setAssociatedObject
- building for iOS simulator, but linking in object file built for tvOS, for architecture x86_64