0

I'm writing a 64-bit Windows DLL using MSVS that is loaded by a 3rd party executable. The 3rd party exe has an API that includes some classes with pure virtual functions. Example:

//3rdPartyAPI.h
class foo
{
    virtual void doWork() = 0;
};
 __declspec(dllimport) foo* GetFOO(); //returns an instance of foo created by the executable that I can access

Once my DLL is loaded, I can call doWork from my own code like so:

GetFOO()->doWork();

However I want to use Microsoft's detours library to intercept calls to doWork and call my own function "doMyWork". So far, by manually stepping through the vtable of "foo" at runtime I've been able to find the vtable index of doWork (just through trial and error), then from there I can get its address and use that address in a call to DetourAttach and the detour works as intended.

But I would like to know: is there a way to programmatically (at runtime) find the vtable index/address of a pure virtual function?

Ðаn
  • 10,934
  • 11
  • 59
  • 95
Tyson
  • 1,226
  • 1
  • 10
  • 33
  • 3
    vtable is an implementation detail (compiler might even use other way). – Jarod42 Feb 11 '20 at 20:10
  • Can't you use member function pointer (`void (foo::*)()`? – Jarod42 Feb 11 '20 at 20:11
  • @Jarod42 Do you mean in my call to DetourAttach? When I attach a member function pointer, the detour doesn't work. Unfortunately I don't know enough about this stuff to understand why, all I know is that using the vtable address works. – Tyson Feb 11 '20 at 20:18
  • 1
    For reference, the detours docs specify the following: "If X::Target is a virtual function, the following code [detouring member functions] will *NOT* work because &X::Target is the address of a thunk that does a virtual call, not the real address of the X::Target. You can get the real address of X::Target by looking directly in the VTBL for class X" – Tyson Feb 11 '20 at 20:20
  • You can still add extra layer, if applicable... `void doWork(foo& f) {f.foo(); }`. – Jarod42 Feb 11 '20 at 20:30

0 Answers0