-
Feb 24th, 2016, 12:45 PM
#1
[vb6] AddressOf for Class, Form, UC methods
This will be of little use to the masses, but can be of good use for thunk creators/users and the curious.
VB gives us the AddressOf function which can return the function address of any method within a bas module. We have no such function to return addresses within non-module code pages like classes, forms, usercontrols, etc. This can be a suitable substitute.
Why would you even need these addresses? Normally, you wouldn't. The most obvious case would be if you wanted to call a class function, particularly a private one, from a thunk. Can apply if wanting to do same thing from a bas module, but there are easier workarounds for calling private class methods from a module.
CODE REMOVED. I could not get a reliable function address of a specific private nor public method other than the final private method in all VB code pages.
I concede and tip my hat to Paul Caton whose method seems to be the most reliable. At this point, I cannot top it, except for one specific case: classes. Unfortunately, my logic will not work reliably in any other code page that is built on other interfaces: form, usercontrol, property page, etc.
If interested in Paul Caton's method, it is a matter of googling for "self-subclasser Paul Caton".
I'll ask the moderators to remove this thread.
Last edited by LaVolpe; Feb 24th, 2016 at 08:45 PM.
Reason: added caveats
-
Feb 24th, 2016, 02:31 PM
#2
Re: [vb6] AddressOf for Class, Form, UC methods
Have you looked at how setting Ordinal's manually in the object browser affect this?
-
Feb 24th, 2016, 03:34 PM
#3
Re: [vb6] AddressOf for Class, Form, UC methods
Originally Posted by DEXWERX
Have you looked at how setting Ordinal's manually in the object browser affect this?
Wasn't aware you can change the ordinals via the object browser, don't see such an option. But you did make me think of a scenario I haven't tested: the hidden attribute of a public method and how that might mess with the ordinals...
-
Feb 24th, 2016, 04:03 PM
#4
Re: [vb6] AddressOf for Class, Form, UC methods
I think I'm confusing ProcedureID/DispatchID with Ordinal. Are they possibly related?
I htought they were related, but it's possible the DispatchID is independant of the Ordinal / VTable.
I think I'm just used to seeing DispatchIDs that are kind of sorted the same as the Interface definition.
Last edited by DEXWERX; Feb 24th, 2016 at 04:07 PM.
-
Feb 24th, 2016, 05:11 PM
#5
Re: [vb6] AddressOf for Class, Form, UC methods
I htought they were related, but it's possible the DispatchID is independant of the Ordinal / VTable.
They are independent. The DISPID or MEMBERID of the function doesn't appear to have any effect on the order that VB adds them to the vTable. I did play with hidden attributes for public methods & no harm, no foul, works ok.
However, where my logic does break is if adding WithEvents to a class. The code fails to find the final private method. This is something I will try to figure out and adjust the code or comments as needed.
Follow up: I was able to get it working perfectly for classes, but not for forms, usercontrols and property pages.
Last edited by LaVolpe; Feb 24th, 2016 at 08:46 PM.
-
Feb 28th, 2016, 11:35 AM
#6
Re: [vb6] AddressOf for Class, Form, UC methods
Last edited by dz32; Apr 26th, 2019 at 12:07 PM.
-
Mar 29th, 2016, 11:24 AM
#7
Junior Member
Re: [vb6] AddressOf for Class, Form, UC methods
I was interested in this addressOf for Class etc, I think we need to use GetTypeInfo, call GetFuncDesc on ITypeInfo and then look for pfuncdesc->oVft, there is vtable pointer. For performance save pointers to collection after you get it for first time.
-
Apr 1st, 2016, 03:03 PM
#8
Re: [vb6] AddressOf for Class, Form, UC methods
Last edited by dz32; Apr 26th, 2019 at 12:03 PM.
-
Apr 2nd, 2016, 01:00 AM
#9
Re: [vb6] AddressOf for Class, Form, UC methods
My couple thoughts.
I think you can obtain an address of method in any module.
In IDE you can get ITypeLib information about project using EbGetExecutingProj function that returns a IVBAProject that supports ITypeLib interface. This information contains everything about modules even private methods. For instance:
It shows information about itself project. As you can see it shows private methods Form_Load etc.
In the compiled form you can't obtain the information about a private method by the name but you can get VTable of interface parsing the VBHeader and the children structures of a VB project.
Take a look about the public methods that is public variables in an object module. These variables actually are the methods too and the information about they can be obtained by DISPID.
I've explained about compiled form from my memory, i can be wrong. I can't find out the project where i did it.
@dz32, yes when you call a function from a standard module it actually jump to the 0x001F8282 label, when you use AddressOf it returns the 0xAB0C74 address which check the mode (run/pause/stop), therefore if you change code of 0xAB0C74 label it won't affect to simple call. There is no verifications in the compiled form. You can obtain both 0x001F8282 and 0xAB0C74 address programmatically.
When you call a method of object module it actually call MethCallEngine function in IDE.
Last edited by The trick; Apr 2nd, 2016 at 01:04 AM.
-
Apr 4th, 2016, 08:46 AM
#10
Junior Member
Re: [vb6] AddressOf for Class, Form, UC methods
In compiled version - what if we will use call to initialization method, that loads asm thunk that looks for procedure start address in stack? This call would be the first in method/function, e.g. right below form_load and could be used for private method also.
-
Apr 4th, 2016, 12:59 PM
#11
Re: [vb6] AddressOf for Class, Form, UC methods
-
Apr 4th, 2016, 01:32 PM
#12
Junior Member
Re: [vb6] AddressOf for Class, Form, UC methods
I mean something like this:
Public colAddressess as Collection
Sub SomeMethod()
Call initMethod() 'first call in method we want use as callback
End Sub
Sub initMethod()
asm thunk to look on callstack and get address to SomeMethod, save it to colAddressess
End Sub
But I am not sure if this is possible in VB, I din't play with olly, it's only idea, maybe it's easier to populate some quick implemenation of collection by reading VBHeader to achieve speed required for callbacks.
-
Apr 4th, 2016, 02:07 PM
#13
Re: [vb6] AddressOf for Class, Form, UC methods
I think it won't work.
Firstly, why do you want to use the asm thunk? You can get address of a variable in the stack through VB.
Secondly, when a method is being called it puts some data on the stack (an error handler, temporary variables ect.). You can't know the address of the SomeMethod from the initMethod because you exactly don't know the number of variables on stack.
-
Apr 4th, 2016, 03:57 PM
#14
Junior Member
Re: [vb6] AddressOf for Class, Form, UC methods
Address of variable is not around method entry address. If you call initMethod() as the first call right below sub declaration, then you will have only few adresses in callstack and one of this is entry point of your method (few call address back). But as I said, I am not sure how VB uses callstack, it's only idea.
-
Apr 4th, 2016, 04:04 PM
#15
Re: [vb6] AddressOf for Class, Form, UC methods
Originally Posted by izero76
Address of variable is not around method entry address.
You can pass a parameter to Init, and get its address. You can move relatively this address in order to get other data from the stack.
Originally Posted by izero76
If you call initMethod() as the first call right below sub declaration, then you will have only few adresses in callstack and one of this is entry point of your method (few call address back).
Look here:
This is Form_Load handler. You can change something and it will be affected on the Form_Load code. Same for any other method.
-
Apr 4th, 2016, 04:43 PM
#16
Junior Member
Re: [vb6] AddressOf for Class, Form, UC methods
Sure, you are right, my mistake. And few bytes back from passed parameter's address we (probably) have entry point.
-
Apr 9th, 2016, 05:47 AM
#17
Re: [vb6] AddressOf for Class, Form, UC methods
Last edited by dz32; Apr 26th, 2019 at 12:02 PM.
-
May 31st, 2017, 10:11 PM
#18
Hyperactive Member
Re: [vb6] AddressOf for Class, Form, UC methods
-
Jul 15th, 2017, 04:27 AM
#19
Hyperactive Member
Re: [vb6] AddressOf for Class, Form, UC methods
Originally Posted by The trick
My couple thoughts.
I think you can obtain an address of method in any module.
In IDE you can get ITypeLib information about project using EbGetExecutingProj function that returns a IVBAProject that supports ITypeLib interface. This information contains everything about modules even private methods. For instance:
It shows information about itself project. As you can see it shows private methods Form_Load etc.
In the compiled form you can't obtain the information about a private method by the name but you can get VTable of interface parsing the VBHeader and the children structures of a VB project.
Take a look about the public methods that is public variables in an object module. These variables actually are the methods too and the information about they can be obtained by DISPID.
I've explained about compiled form from my memory, i can be wrong. I can't find out the project where i did it.
@dz32, yes when you call a function from a standard module it actually jump to the 0x001F8282 label, when you use AddressOf it returns the 0xAB0C74 address which check the mode (run/pause/stop), therefore if you change code of 0xAB0C74 label it won't affect to simple call. There is no verifications in the compiled form. You can obtain both 0x001F8282 and 0xAB0C74 address programmatically.
When you call a method of object module it actually call MethCallEngine function in IDE.
can u add a demo of which you show in this picture please?
-
Jul 15th, 2017, 02:22 PM
#20
Re: [vb6] AddressOf for Class, Form, UC methods
-
Jul 16th, 2017, 10:09 PM
#21
Hyperactive Member
Re: [vb6] AddressOf for Class, Form, UC methods
Thanks the trick, really wonderful demo
i have translate all Russia words to English by google
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|