Delphi的Anymouse方法探秘

转自我的旧博客

这段时间换工作.加之身体不太好.总是感冒和喉咙发炎.就整天躺在家里等待面试电话.刚好有了点时间能看看Delphi的一些新东西

自从Delphi2009以后增加了一种匿名方法.

通过反汇编跟踪发现是编译器利用插入接口,类,对象来实现的.

Delphi2010刚好有RTTI的增强.我们就可以还原这个接口和类.至于RTTI的用法可以参看我前面的文章.

说干就干,挽袖子操刀

多余的话不多说.

procedure Test(Strs : TStrings);
type
TProc = reference to function () : TObject;
var
p : TProc;
R : TRttiContext;
RT : TRttiType;
Fs : TArray<TRttiField>;
MS : TArray<TRttiMethod>;
I : Integer;
Obj : TObject;
Interfaces : string;
begin
Strs.Clear;
p := function () : TObject
begin
//
asm
mov Result, eax //如果这个Anymouse方法被编译成成员方法的话,因为Delphi默认的Register调用约定,EAX中方的肯定是Self.
end;
//其实这句汇编代码不加应该也可以.因为固然Self在EAX中,Result也是EAX.所以写成空函数也没问题.这里这样写是为了更好读
end;

Obj := p();
R := TRttiContext.Create;
RT := R.GetType(Obj.ClassType);
FS := RT.GetFields();
MS := RT.GetMethods();

Strs.Add(‘======================================================’);
Strs.Add(Format(‘Obj[%0.8x],ClassName[%s],InstanceSize[%d],UnitName[%s]‘,[Integer(Obj), obj.ClassName, Obj.InstanceSize, obj.UnitName]));
Strs.Add(‘编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec’);
Strs.Add(‘临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的’);
Strs.Add(‘但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的’);
Strs.Add(‘======================================================’);
Strs.Add(‘类的形式如下:’);
for I := 0 to Obj.GetInterfaceTable()^.EntryCount – 1 do
if I = 0 then
Interfaces := Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)])
else
Interfaces := Interfaces + ‘,’+ Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)]);
Strs.Add(‘Type’);
Strs.Add(format(‘Class %s = class(%s,%s) //如果GUID全零,说明绑定的该接口没有GUID’,[obj.ClassName, obj.ClassParent.ClassName, Interfaces]));
for I := 0 to Length(FS) – 1 do
Strs.Add(Format(‘? %s : %s;//继承自%s’,[FS[i].Name, FS[i].FieldType.Name ,Fs[i].Parent.Name]));
for I := 0 to Length(MS) – 1 do
Strs.Add(Format(‘? %s;//继承自%s’,[MS[i].ToString(), MS[i].Parent.Name]));
Strs.Add(‘end;’);

R.Free;

end;

procedure TForm2.btn1Click(Sender: TObject);
begin
Test(memo1.Lines);
end;

那么点击Form上的按钮以后Memo1的内容就是:

======================================================
Obj[00AEA330],ClassName[Test$ActRec],InstanceSize[20],UnitName[Unit2]
编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec
临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的
但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的
======================================================
类的形式如下:
Type
Class Test$ActRec = class(TInterfacedObject,[{00000000-0000-0000-0000-000000000000}]) //如果GUID全零,说明绑定的该接口没有GUID
FRefCount : Integer;//继承自TInterfacedObject
procedure AfterConstruction;//继承自TInterfacedObject
procedure BeforeDestruction;//继承自TInterfacedObject
class function NewInstance: TObject;//继承自TInterfacedObject
constructor Create;//继承自TObject
procedure Free;//继承自TObject
class function InitInstance(Instance: Pointer): TObject;//继承自TObject
procedure CleanupInstance;//继承自TObject
function ClassType: TClass;//继承自TObject
class function ClassName: string;//继承自TObject
class function ClassNameIs(const Name: string): Boolean;//继承自TObject
class function ClassParent: TClass;//继承自TObject
class function ClassInfo: Pointer;//继承自TObject
class function InstanceSize: Integer;//继承自TObject
class function InheritsFrom(AClass: TClass): Boolean;//继承自TObject
class function MethodAddress(const Name: ShortString): Pointer;//继承自TObject
class function MethodAddress(const Name: string): Pointer;//继承自TObject
class function MethodName(Address: Pointer): string;//继承自TObject
function FieldAddress(const Name: ShortString): Pointer;//继承自TObject
function FieldAddress(const Name: string): Pointer;//继承自TObject
function GetInterface(const IID: TGUID; out Obj): Boolean;//继承自TObject
class function GetInterfaceEntry(const IID: TGUID): PInterfaceEntry;//继承自TObject
class function GetInterfaceTable: PInterfaceTable;//继承自TObject
class function UnitName: string;//继承自TObject
function Equals(Obj: TObject): Boolean;//继承自TObject
function GetHashCode: Integer;//继承自TObject
function ToString: string;//继承自TObject
function SafeCallException(ExceptObject: TObject; ExceptAddr: Pointer): HRESULT;//继承自TObject
procedure AfterConstruction;//继承自TObject
procedure BeforeDestruction;//继承自TObject
procedure Dispatch(var Message);//继承自TObject
procedure DefaultHandler(var Message);//继承自TObject
class function NewInstance: TObject;//继承自TObject
procedure FreeInstance;//继承自TObject
class destructor Destroy;//继承自TObject
end;

我们再看如果有多个Anymouse方法的话是怎样处理的.

procedure Test(Strs : TStrings);
type
TProc = reference to function () : TObject;
var
p : TProc;
R : TRttiContext;
RT : TRttiType;
Fs : TArray<TRttiField>;
MS : TArray<TRttiMethod>;
I : Integer;
Obj : TObject;
Interfaces : string;
begin
Strs.Clear;
p := function () : TObject
begin
//
asm
mov Result, eax //如果这个Anymouse方法被编译成成员方法的话,因为Delphi默认的Register调用约定,EAX中方的肯定是Self.
end;
//其实这句汇编代码不加应该也可以.因为固然Self在EAX中,Result也是EAX.所以写成空函数也没问题.这里这样写是为了更好读
end;

Obj := p();
R := TRttiContext.Create;
RT := R.GetType(Obj.ClassType);
FS := RT.GetFields();
MS := RT.GetMethods();

Strs.Add(‘======================================================’);
Strs.Add(Format(‘Obj[%0.8x],ClassName[%s],InstanceSize[%d],UnitName[%s]‘,[Integer(Obj), obj.ClassName, Obj.InstanceSize, obj.UnitName]));
Strs.Add(‘编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec’);
Strs.Add(‘临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的’);
Strs.Add(‘但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的’);
Strs.Add(‘======================================================’);
Strs.Add(‘类的形式如下:’);
for I := 0 to Obj.GetInterfaceTable()^.EntryCount – 1 do
if I = 0 then
Interfaces := Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)])
else
Interfaces := Interfaces + ‘,’+ Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)]);
Strs.Add(‘Type’);
Strs.Add(format(‘Class %s = class(%s,%s) //如果GUID全零,说明绑定的该接口没有GUID’,[obj.ClassName, obj.ClassParent.ClassName, Interfaces]));
for I := 0 to Length(FS) – 1 do
Strs.Add(Format(‘? %s : %s;//继承自%s’,[FS[i].Name, FS[i].FieldType.Name ,Fs[i].Parent.Name]));
for I := 0 to Length(MS) – 1 do
Strs.Add(Format(‘? %s;//继承自%s’,[MS[i].ToString(), MS[i].Parent.Name]));
Strs.Add(‘end;’);

R.Free;

//===========================================================================
p := function () : TObject
begin

asm
mov Result, eax
end;
GetTickcount(); //稍加变化
end;

Obj := p();
R := TRttiContext.Create;
RT := R.GetType(Obj.ClassType);
FS := RT.GetFields();
MS := RT.GetMethods();

Strs.Add(‘======================================================’);
Strs.Add(Format(‘Obj[%0.8x],ClassName[%s],InstanceSize[%d],UnitName[%s]‘,[Integer(Obj), obj.ClassName, Obj.InstanceSize, obj.UnitName]));
Strs.Add(‘编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec’);
Strs.Add(‘临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的’);
Strs.Add(‘但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的’);
Strs.Add(‘======================================================’);
Strs.Add(‘类的形式如下:’);
for I := 0 to Obj.GetInterfaceTable()^.EntryCount – 1 do
if I = 0 then
Interfaces := Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)])
else
Interfaces := Interfaces + ‘,’+ Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)]);
Strs.Add(‘Type’);
Strs.Add(format(‘Class %s = class(%s,%s) //如果GUID全零,说明绑定的该接口没有GUID’,[obj.ClassName, obj.ClassParent.ClassName, Interfaces]));
for I := 0 to Length(FS) – 1 do
Strs.Add(Format(‘? %s : %s;//继承自%s’,[FS[i].Name, FS[i].FieldType.Name ,Fs[i].Parent.Name]));
for I := 0 to Length(MS) – 1 do
Strs.Add(Format(‘? %s;//继承自%s’,[MS[i].ToString(), MS[i].Parent.Name]));
Strs.Add(‘end;’);

R.Free;
Strs.Add(‘以上重复两次,发现对象地址都是一样的.说明临时类和临时对象都只创建一份.’);
Strs.Add(‘但是临时类绑定了两个接口.说明每个Anymouse方法都绑定到一个独立的Interface上.’);

end;

把Anymouse方法和对象解析部分在复制一遍.

执行后memo1的内容就是:

======================================================
Obj[00AE2960],ClassName[Test$ActRec],InstanceSize[24],UnitName[Unit2]
编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec
临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的
但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的
======================================================
类的形式如下:
Type
Class Test$ActRec = class(TInterfacedObject,[{00000000-0000-0000-0000-000000000000}],[{00000000-0000-0000-0000-000000000000}]) //如果GUID全零,说明绑定的该接口没有GUID
FRefCount : Integer;//继承自TInterfacedObject
procedure AfterConstruction;//继承自TInterfacedObject
procedure BeforeDestruction;//继承自TInterfacedObject
class function NewInstance: TObject;//继承自TInterfacedObject
constructor Create;//继承自TObject
procedure Free;//继承自TObject
class function InitInstance(Instance: Pointer): TObject;//继承自TObject
procedure CleanupInstance;//继承自TObject
function ClassType: TClass;//继承自TObject
class function ClassName: string;//继承自TObject
class function ClassNameIs(const Name: string): Boolean;//继承自TObject
class function ClassParent: TClass;//继承自TObject
class function ClassInfo: Pointer;//继承自TObject
class function InstanceSize: Integer;//继承自TObject
class function InheritsFrom(AClass: TClass): Boolean;//继承自TObject
class function MethodAddress(const Name: ShortString): Pointer;//继承自TObject
class function MethodAddress(const Name: string): Pointer;//继承自TObject
class function MethodName(Address: Pointer): string;//继承自TObject
function FieldAddress(const Name: ShortString): Pointer;//继承自TObject
function FieldAddress(const Name: string): Pointer;//继承自TObject
function GetInterface(const IID: TGUID; out Obj): Boolean;//继承自TObject
class function GetInterfaceEntry(const IID: TGUID): PInterfaceEntry;//继承自TObject
class function GetInterfaceTable: PInterfaceTable;//继承自TObject
class function UnitName: string;//继承自TObject
function Equals(Obj: TObject): Boolean;//继承自TObject
function GetHashCode: Integer;//继承自TObject
function ToString: string;//继承自TObject
function SafeCallException(ExceptObject: TObject; ExceptAddr: Pointer): HRESULT;//继承自TObject
procedure AfterConstruction;//继承自TObject
procedure BeforeDestruction;//继承自TObject
procedure Dispatch(var Message);//继承自TObject
procedure DefaultHandler(var Message);//继承自TObject
class function NewInstance: TObject;//继承自TObject
procedure FreeInstance;//继承自TObject
class destructor Destroy;//继承自TObject
end;
======================================================
Obj[00AE2960],ClassName[Test$ActRec],InstanceSize[24],UnitName[Unit2]
编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec
临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的
但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的
======================================================
类的形式如下:
Type
Class Test$ActRec = class(TInterfacedObject,[{00000000-0000-0000-0000-000000000000}],[{00000000-0000-0000-0000-000000000000}]) //如果GUID全零,说明绑定的该接口没有GUID
FRefCount : Integer;//继承自TInterfacedObject
procedure AfterConstruction;//继承自TInterfacedObject
procedure BeforeDestruction;//继承自TInterfacedObject
class function NewInstance: TObject;//继承自TInterfacedObject
constructor Create;//继承自TObject
procedure Free;//继承自TObject
class function InitInstance(Instance: Pointer): TObject;//继承自TObject
procedure CleanupInstance;//继承自TObject
function ClassType: TClass;//继承自TObject
class function ClassName: string;//继承自TObject
class function ClassNameIs(const Name: string): Boolean;//继承自TObject
class function ClassParent: TClass;//继承自TObject
class function ClassInfo: Pointer;//继承自TObject
class function InstanceSize: Integer;//继承自TObject
class function InheritsFrom(AClass: TClass): Boolean;//继承自TObject
class function MethodAddress(const Name: ShortString): Pointer;//继承自TObject
class function MethodAddress(const Name: string): Pointer;//继承自TObject
class function MethodName(Address: Pointer): string;//继承自TObject
function FieldAddress(const Name: ShortString): Pointer;//继承自TObject
function FieldAddress(const Name: string): Pointer;//继承自TObject
function GetInterface(const IID: TGUID; out Obj): Boolean;//继承自TObject
class function GetInterfaceEntry(const IID: TGUID): PInterfaceEntry;//继承自TObject
class function GetInterfaceTable: PInterfaceTable;//继承自TObject
class function UnitName: string;//继承自TObject
function Equals(Obj: TObject): Boolean;//继承自TObject
function GetHashCode: Integer;//继承自TObject
function ToString: string;//继承自TObject
function SafeCallException(ExceptObject: TObject; ExceptAddr: Pointer): HRESULT;//继承自TObject
procedure AfterConstruction;//继承自TObject
procedure BeforeDestruction;//继承自TObject
procedure Dispatch(var Message);//继承自TObject
procedure DefaultHandler(var Message);//继承自TObject
class function NewInstance: TObject;//继承自TObject
procedure FreeInstance;//继承自TObject
class destructor Destroy;//继承自TObject
end;
以上重复两次,发现对象地址都是一样的.说明临时类和临时对象都只创建一份.
但是临时类绑定了两个接口.说明每个Anymouse方法都绑定到一个独立的Interface上.

此条目发表在Delphi, 未分类分类目录。将固定链接加入收藏夹。

Delphi的Anymouse方法探秘》有 79 条评论

  1. Pingback引用通告: psixolog

  2. Pingback引用通告: psyhelp_on_line

  3. Pingback引用通告: coronavirus

  4. Pingback引用通告: PSYCHOSOCIAL

  5. Pingback引用通告: rasstanovka hellinger

  6. Pingback引用通告: Cherekasi film 2020

  7. Pingback引用通告: Film Doktor Liza (2020)

  8. Pingback引用通告: djoker film

  9. Pingback引用通告: viagra

  10. Pingback引用通告: t.me/psyhell

  11. Pingback引用通告: Îíëàéí Ïñèõîëîã

  12. Pingback引用通告: bitly.com

  13. Pingback引用通告: viagra 100mg

  14. Pingback引用通告: viagra price

  15. Pingback引用通告: viagra generic

  16. Pingback引用通告: viagra coupon

  17. Pingback引用通告: cheap viagra

  18. Pingback引用通告: cialis

  19. Pingback引用通告: cialis coupon

  20. Pingback引用通告: canadian pharmacy cialis

  21. Pingback引用通告: cialis 5mg

  22. Pingback引用通告: rlowcostmd.com

  23. Pingback引用通告: bitly

  24. Pingback引用通告: movies-tekstmovies-tekst

  25. Pingback引用通告: Zemlyane 2005 smotret onlajn

  26. Pingback引用通告: smotret onlajn besplatno v kachestve hd 1080

  27. Pingback引用通告: movies-unhinged-film

  28. Pingback引用通告: malenkie-zhenshhiny-2020

  29. Pingback引用通告: dom 2

  30. Pingback引用通告: zoom-psykholog

  31. Pingback引用通告: zoom-viber-skype

  32. Pingback引用通告: Vratar Galaktiki Film, 2020

  33. Pingback引用通告: Vratar

  34. Pingback引用通告: Cherkassy 2020

  35. Pingback引用通告: chernobyl-hbo-2019-1-sezon

  36. Pingback引用通告: moskva-psiholog

  37. Pingback引用通告: batmanapollo.ru

  38. Pingback引用通告: 323

  39. Pingback引用通告: 525

  40. Pingback引用通告: dom2-ru

  41. Pingback引用通告: Tenet Online

  42. Pingback引用通告: psy psy psy psy

  43. Pingback引用通告: krsmi.ru

  44. Pingback引用通告: like-v.ru

  45. Pingback引用通告: CFOSPUK

  46. Pingback引用通告: MAMprEj

  47. Pingback引用通告: fgu0ygW

  48. Pingback引用通告: batmanapollo

  49. Pingback引用通告: tsoy

  50. Pingback引用通告: 44548

  51. Pingback引用通告: 44549

  52. Pingback引用通告: hod-korolevy-2020

  53. Pingback引用通告: HD

  54. Pingback引用通告: 158444

  55. Pingback引用通告: groznyy-serial-2020

  56. Pingback引用通告: 38QvPmk

  57. Pingback引用通告: bitly.com/doctor-strange-hd

  58. Pingback引用通告: bitly.com/eternals-online

  59. Pingback引用通告: bitly.com/maior-grom

  60. Pingback引用通告: matrica-film

  61. Pingback引用通告: dzhonuikfilm4

  62. Pingback引用通告: bitly.com/batman20212022

  63. Pingback引用通告: bitly.com/venom-2-smotret-onlajn

  64. Pingback引用通告: bitly.com/nevremyaumirat

  65. Pingback引用通告: bitly.com/kingsmankingsman

  66. Pingback引用通告: bitly.com/3zaklyatie3

  67. Pingback引用通告: bitly.com/1dreykfilm

  68. Pingback引用通告: bitly.com/topgunmavericktopgun

  69. Pingback引用通告: bitly.com/flash2022

  70. Pingback引用通告: bitly.com/fantasticheskietvari3

  71. Pingback引用通告: Human design

  72. Pingback引用通告: 1444

  73. Pingback引用通告: cleantalkorg2.ru

  74. Pingback引用通告: cleantalkorg2.ru/sitemap.xml

  75. Pingback引用通告: join vk

  76. Pingback引用通告: vk login

  77. Pingback引用通告: svaty—7—sezon

  78. Pingback引用通告: svaty 7 sezon

  79. Pingback引用通告: svaty 7

发表评论

电子邮件地址不会被公开。

您可以使用这些HTML标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

你必须启用JavaScript