C + + disassembly first, recognize constructors, destructors, and member functions

C + + disassembly first, recognize constructors, destructors, and member functions

Previously said in the C Series under the assembly, how to recognize the function. So now it's C + +, with the implication of a constructor and destructor

I. Understanding the constructor function

Advanced Code:

　　

classmytest{ Public: MyTest (); ~MyTest (); Public: DWORD m_dwtest;}; Mytest::mytest () {printf ("1111\r\n"); When constructing the first print} MyTest::~MyTest () {printf ("2222\r\n"); When the destructor is printed}intMainintargcChar*argv[])　　　　　　　　　　　　　　{MyTest Test;    Create a local object GetChar (); return 0;}

The class in C + + constructs the Ancestor class first, then the parent class, the last friend class, and then constructs itself. The time of the destruction of the first self after friends then the parent class and then the ancestor class, (understand the order)

Assembly code under Debug

　　

This is the inside of the main function, when the object is created, the construction is called first, and then the destructor is called when the exit is made (I changed the name above)

Now we have a few prerequisites for understanding the structure.

1.ecx,this arguments because the objects under C + + are thiscall, similar to Fastcall, ThisCall is passed through the register. and fastcall the last two parameters are passed through the register.

The identification is the ecx of the function, and the function is used internally.

The ecx is stored inside the function, and this memory space is called this, which is why the syntax can be written like this: This.xxxx = 1. MyTest ();

When the memory address of the ECX is highlighted, it will be used in many places.

2. The construct invokes the object when it is created

3. The return value of the constructor is the this pointer.

How to view constructors

1. It is the ECX to determine a condition, the remaining two conditions are not satisfied

2. The function internally uses ECX, and assigns a value to the this pointer, and returns the This pointer

The returned assembly:

3. The function is the first call under the current stack scope

　　

The main function initializes the member variable to CCC after the first call.

PS: Additional conditions When we click ECX, the local variable (this) will be used in multiple places.

In general, the above three points can be determined to be a constructor. The above three are necessary.

And after sufficient conditions to learn the virtual table when you know, the structure will initialize the virtual table, and is the first, so you can directly determine the constructor is.

Said to have heard, in fact, look at the disassembly code is 3-4 seconds of things.

Release under the assembly

Based on the above code, you can determine

1. First function to call first

2.ecx. and internal use of the ECX, assigned to the this pointer, and the this pointer back

Note: constructors, destructors can only be thiscall, even if you add the calling convention yourself, the compilation is also prompted by the invalid calling convention, and the disassembly code will not make any changes.

Summarize:

1. constructor-First Call

2.ECX, and the inside of the function assigns the ECX to this, which may be a memory space, or a register variable, and returns the This pointer

3. You can click the this pointer and there may be multiple calls

Note: Tectonic destruction is thiscall and cannot be modified

Second, the identification of the destructor function

Identify destructors and constructors like

1.thiscall, and the Last Call

2. No return value

Look at the destructor

1. The Last Call

　　

2.thiscall, no return value, the interior uses ECX to assign a value to this

　　

Release under the assembly and debug under the same, there is optimization, you may not use this will not give this assignment. But there is no return value.

Summarize:

1. Destruction of the Last call

2.thiscall Transfer Parameters

3. No return value

Third, identify member functions (c call thiscall fastcall stdcall)

Advanced Code:

　　

classmytest{ Public: MyTest (); ~MyTest (); voidsettest (DWORD dwtest); DWORD gettest (); Public: DWORD m_dwtest;}; Mytest::mytest () {printf ("1111\r\n"); } MyTest::~MyTest () {printf ("2222\r\n"); }voidmytest::settest (DWORD dwtest) { This->m_dwtest =dwtest; }dword mytest::gettest () {return  This-m_dwtest;}intMainintargcChar*argv[])    {MyTest Test; Test.settest (1); intNumber =test.gettest ();    Added the Set,get method, and called GetChar (); return 0;}

Look at the above, we can see the default thiscall, look at the disassembly code (see the various calling convention will produce what kind of result)

1. The default thiscall representation in the assembly

Disassembly under Debug

The tail is the structure and the destruction, in the middle is our setget method, can see, if is thiscall, then is the ECX to pass the parameter, and inside ECX will give the this pointer assigns the value, and returns this pointer

Release and debug similar, there may be a little optimization, for space reasons, not.

2.Stdcall member function representation

Look at the assembly code above.

The 1.this pointer is EBP + VAR_10,

2. Under StdCall, the this pointer is given to the register and then push in

Summarize:

1.stdcall will use the this pointer as a parameter push in.

2. Push in the this pointer, will be on the call above the first push, that is to say this pointer is the first parameter

3. Flat stack or flat stack in the form of stdcall

assembly representations under 3.C call

　　

The this pointer is also passed as a parameter by means of push

Then the c calling convention is outside the flat stack

Assembly representation of 4.fastCall

The register is passed, and then ECX is an external change, used internally

The final big summary:

　　　　1). Identify the construction

1. constructor-First Call

2.ECX, and the inside of the function assigns the ECX to this, which may be a memory space, or a register variable, and returns the This pointer

3. You can click the this pointer and there may be multiple calls

Note: Tectonic destruction is thiscall and cannot be modified

　　　　2). Identifying the destructor

1. Destruction of the Last call

2.thiscall Transfer Parameters

3. No return value

　　

　　　　3). Identify member functions for various calling conventions

1.C calling convention, the this pointer is pushed in, and the flat stack is flattened according to the C calling convention

2.stdcall, the this pointer will push in, the internal flat stack

3.thiscall will default to use ECX, external changes, internal use, flat stack and stdcall.

4.fastcall, two register parameters will be used, and ECX will be changed externally, and used internally.

5.C Convention, STD Convention, Push is the this pointer, and is the first parameter (that is, call above the most recent push, must be the this pointer)

　　　

C + + disassembly first, recognize constructors, destructors, and member functions