问题
Say you need to hook/detour a function that is the __thiscall type on x86 Windows and in order to do that, you need to pass a void* to the shim function. Yes this is technically "horrible abuse" of C++, but this is function hooking, not an exercise in coding a portable application.
For example, say you need to hook a function such as this:
void __thiscall SomeClass::MemberFunction(int b) { this->somevar = b; }
Obviously it's well known that you can just create a __fastcall function that uses an extra arg to dispose of EDX, but that's a bit... lame.
So the question is: What trickery can you think of to be able to convert the type of a non-static C++ class member function to a void* variable?
回答1:
I have a couple of solutions already for this, so here we go:
the first is arguably the quickest:
__declspec(naked) __cdecl void* MemberFuncToPtr(...) {
__asm {
mov eax, [esp+4]
retn
}
}
void* ptr = MemberFuncToPtr(&MyClass::TheMemberFunction);
And an alternative that's asm-free but requires an unused argument:
void* MemberFuncToPtr(char i, ...) {
va_list v;
va_start(v,i);
void* ret = va_arg(v, void*);
va_end(v);
return ret;
}
void* ptr = MemberFuncToPtr(0, &MyClass::TheMemberFunction);
来源:https://stackoverflow.com/questions/21636482/hooking-thiscall-without-using-fastcall