描述:
class IUnKown
{
public:
virtual void add(){}
virtual void release(){}
void test(){}
};
class IUnKown2
{
public:
virtual void add2(){}
virtual void release2(){}
virtual void test2(){}
};
class testIunkown : public IUnKown
{
public:
virtual void add(){}
virtual void release(){}
};
class TestInterface : public testIunkown, public IUnKown2
{
public:
virtual void add(){}
virtual void release(){}
virtual void add2(){}
virtual void release2(){}
virtual void test2(){}
};
int main(int argc, char* argv[])
{
TestInterface* ptest = new TestInterface;//1
IUnKown2 *p = (IUnKown2 *)ptest;//2
((IUnKown2*)p)->test2();//3
delete ptest;//4
return 0;//5
}
vc6下运行,通过
反汇编看第3句
43: IUnKown2 *p = (IUnKown2 *)ptest;
0040111E cmp dword ptr [ebp-10h],0
00401122 je main+7Fh (0040112f)
00401124 mov edx,dword ptr [ebp-10h]
00401127 add edx,4
0040112A mov dword ptr [ebp-28h],edx
0040112D jmp main+86h (00401136)
0040112F mov dword ptr [ebp-28h],0//这两
00401136 mov eax,dword ptr [ebp-28h]//句
00401139 mov dword ptr [ebp-14h],eax
以下两句我很奇怪,0给了这个地址,为什么下一句又把内容给eax,这时eax应该是指向IUnKown2的vptr的,而且看寄存器结果也是对的,不应该是0吗?
0040112F mov dword ptr [ebp-28h],0
00401136 mov eax,dword ptr [ebp-28h]
如果我程序是这样写
int main(int argc, char* argv[])
{
TestInterface* ptest = new TestInterface;
void *p = (void *)ptest;
((IUnKown2*)p)->test2();
((IUnKown*)p)->release();
delete ptest;
return 0;
}
查看反汇编
49: ((IUnKown2*)p)->test2();
00401124 mov eax,dword ptr [ebp-14h]
00401127 mov edx,dword ptr [eax]
00401129 mov esi,esp
0040112B mov ecx,dword ptr&nb