IDC资讯中心
那本书(advanced visual basic)中让vb能够函数指针的方法不错,但是要添加类型库,还要自己创建轻量com对象显得颇为麻烦.我想,不如直接利用vb自己建对象算了.
代码如下:
建一class,如下
—————————————————————————————
module : cfucptr
datetime : 2006-2-7 17:36
author : lingll
email : lingll_xl@163.com
homepage : http://lingll.yeah.net/
purpose :
—————————————————————————————
option explicit
存储加载dll后获得的函数地址
private m_newfucptr as long
public function dllgetclassobject( _
byref rclsid as uuid, byref riid as uuid, byref ppv as iclassfactory) as long
end function
public sub setfunctionptr(newptr&)
m_newfucptr = newptr
end sub
再建一module
option explicit
public declare function loadlibrary lib “kernel32.dll” alias “loadlibrarya” (byval lplibfilename as string) as long
public declare function freelibrary lib “kernel32.dll” (byval hlibmodule as long) as long
public declare function getprocaddress lib “kernel32.dll” (byval hmodule as long, byval lpprocname as string) as long
public declare sub copymemory lib “kernel32.dll” alias “rtlmovememory” (byref destination as any, byref source as any, byval length as long)
public type typasm
code(1) as long
end type
public asm as typasm
然后,初始化时,让asm为如下值,
asm.code(0) = &hff515859
asm.code(1) = &h90003460
这个是汇编代码,具体是
pop ecx
pop eax
push ecx
jmp dword ptr [eax + 52]
这是抄回来的,具体原理我不太清楚,如下是原注释
heres the magic asm for doing the function pointer call.
the stack comes in with the following:
esp: return address
esp + 4: this pointer for functiondelegator
all that we need to do is remove the this pointer from the
stack, replace it with the return address, then jmp to the
correct function. in other words, were just squeezing the
this pointer completely out of the picture.
the code is:
pop ecx (stores return address)
pop eax (gets the this pointer)
push ecx (restores the return address)
jmp dword ptr [eax + 4] (jump to address at this + 4, 3 byte instruction)
the corresponding byte stream for this is: 59 58 51 ff 60 04
we pad these six bytes with two int 3 commands (cc cc) to get eight
bytes, which can be stored in a currency constant.
note that the memory location of this constant is not executable, so
it must be copied into a currency variable. the address of the variable
is then used as the forwarding function.
下面是调用代码:
dim tadd as long, vtab&
dim tobj as cfucptr
dim tlib&
dim tun as olelib.iunknown
dim tdem as dlldemo.idemo
dim tfac as olelib.iclassfactory
set tobj = new cfucptr
加载dll
tlib = loadlibrary(app.path & “\dlldemo.dll”)
if tlib <> 0 then
tadd = getprocaddress(tlib, “dllgetclassobject”)
end if
dim asmadd&
if tadd <> 0 then
获取vtable地址
copymemory vtab, byval objptr(tobj), 4
asmadd = varptr(asm)
替换掉cfucptr.dllgetclassobject地址
copymemory byval (vtab + (8 – 1) * 4), asmadd, 4
设置函数地址
tobj.setfunctionptr tadd
tobj.dllgetclassobject clsid_obj, iid_iclassfactory, tfac
if not tfac is nothing then
tfac.createinstance nothing, iid_iunknow, tun
set tfac = nothing
set tdem = tun
set tun = nothing
tdem.test
end if
end if
set tdem = nothing
if tlib <> 0 then freelibrary tlib
一定要在所有对象都释放掉了才能使用freelibrary,不然会出错
将上面的代码修改一下,就可以很方便的在vb中使用函数指针了,hoho,vb可以用函数指针咯,不写了.
