Delphi的Anymouse方法探秘

转自我的旧博客

这段时间换工作.加之身体不太好.总是感冒和喉咙发炎.就整天躺在家里等待面试电话.刚好有了点时间能看看Delphi的一些新东西

自从Delphi2009以后增加了一种匿名方法.

通过反汇编跟踪发现是编译器利用插入接口,类,对象来实现的.

Delphi2010刚好有RTTI的增强.我们就可以还原这个接口和类.至于RTTI的用法可以参看我前面的文章.

说干就干,挽袖子操刀

多余的话不多说.

procedure Test(Strs : TStrings);
type
TProc = reference to function () : TObject;
var
p : TProc;
R : TRttiContext;
RT : TRttiType;
Fs : TArray<TRttiField>;
MS : TArray<TRttiMethod>;
I : Integer;
Obj : TObject;
Interfaces : string;
begin
Strs.Clear;
p := function () : TObject
begin
//
asm
mov Result, eax //如果这个Anymouse方法被编译成成员方法的话,因为Delphi默认的Register调用约定,EAX中方的肯定是Self.
end;
//其实这句汇编代码不加应该也可以.因为固然Self在EAX中,Result也是EAX.所以写成空函数也没问题.这里这样写是为了更好读
end;

Obj := p();
R := TRttiContext.Create;
RT := R.GetType(Obj.ClassType);
FS := RT.GetFields();
MS := RT.GetMethods();

Strs.Add(‘======================================================’);
Strs.Add(Format(‘Obj[%0.8x],ClassName[%s],InstanceSize[%d],UnitName[%s]‘,[Integer(Obj), obj.ClassName, Obj.InstanceSize, obj.UnitName]));
Strs.Add(‘编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec’);
Strs.Add(‘临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的’);
Strs.Add(‘但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的’);
Strs.Add(‘======================================================’);
Strs.Add(‘类的形式如下:’);
for I := 0 to Obj.GetInterfaceTable()^.EntryCount – 1 do
if I = 0 then
Interfaces := Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)])
else
Interfaces := Interfaces + ‘,’+ Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)]);
Strs.Add(‘Type’);
Strs.Add(format(‘Class %s = class(%s,%s) //如果GUID全零,说明绑定的该接口没有GUID’,[obj.ClassName, obj.ClassParent.ClassName, Interfaces]));
for I := 0 to Length(FS) – 1 do
Strs.Add(Format(‘? %s : %s;//继承自%s’,[FS[i].Name, FS[i].FieldType.Name ,Fs[i].Parent.Name]));
for I := 0 to Length(MS) – 1 do
Strs.Add(Format(‘? %s;//继承自%s’,[MS[i].ToString(), MS[i].Parent.Name]));
Strs.Add(‘end;’);

R.Free;

end;

procedure TForm2.btn1Click(Sender: TObject);
begin
Test(memo1.Lines);
end;

那么点击Form上的按钮以后Memo1的内容就是:

======================================================
Obj[00AEA330],ClassName[Test$ActRec],InstanceSize[20],UnitName[Unit2]
编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec
临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的
但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的
======================================================
类的形式如下:
Type
Class Test$ActRec = class(TInterfacedObject,[{00000000-0000-0000-0000-000000000000}]) //如果GUID全零,说明绑定的该接口没有GUID
FRefCount : Integer;//继承自TInterfacedObject
procedure AfterConstruction;//继承自TInterfacedObject
procedure BeforeDestruction;//继承自TInterfacedObject
class function NewInstance: TObject;//继承自TInterfacedObject
constructor Create;//继承自TObject
procedure Free;//继承自TObject
class function InitInstance(Instance: Pointer): TObject;//继承自TObject
procedure CleanupInstance;//继承自TObject
function ClassType: TClass;//继承自TObject
class function ClassName: string;//继承自TObject
class function ClassNameIs(const Name: string): Boolean;//继承自TObject
class function ClassParent: TClass;//继承自TObject
class function ClassInfo: Pointer;//继承自TObject
class function InstanceSize: Integer;//继承自TObject
class function InheritsFrom(AClass: TClass): Boolean;//继承自TObject
class function MethodAddress(const Name: ShortString): Pointer;//继承自TObject
class function MethodAddress(const Name: string): Pointer;//继承自TObject
class function MethodName(Address: Pointer): string;//继承自TObject
function FieldAddress(const Name: ShortString): Pointer;//继承自TObject
function FieldAddress(const Name: string): Pointer;//继承自TObject
function GetInterface(const IID: TGUID; out Obj): Boolean;//继承自TObject
class function GetInterfaceEntry(const IID: TGUID): PInterfaceEntry;//继承自TObject
class function GetInterfaceTable: PInterfaceTable;//继承自TObject
class function UnitName: string;//继承自TObject
function Equals(Obj: TObject): Boolean;//继承自TObject
function GetHashCode: Integer;//继承自TObject
function ToString: string;//继承自TObject
function SafeCallException(ExceptObject: TObject; ExceptAddr: Pointer): HRESULT;//继承自TObject
procedure AfterConstruction;//继承自TObject
procedure BeforeDestruction;//继承自TObject
procedure Dispatch(var Message);//继承自TObject
procedure DefaultHandler(var Message);//继承自TObject
class function NewInstance: TObject;//继承自TObject
procedure FreeInstance;//继承自TObject
class destructor Destroy;//继承自TObject
end;

我们再看如果有多个Anymouse方法的话是怎样处理的.

procedure Test(Strs : TStrings);
type
TProc = reference to function () : TObject;
var
p : TProc;
R : TRttiContext;
RT : TRttiType;
Fs : TArray<TRttiField>;
MS : TArray<TRttiMethod>;
I : Integer;
Obj : TObject;
Interfaces : string;
begin
Strs.Clear;
p := function () : TObject
begin
//
asm
mov Result, eax //如果这个Anymouse方法被编译成成员方法的话,因为Delphi默认的Register调用约定,EAX中方的肯定是Self.
end;
//其实这句汇编代码不加应该也可以.因为固然Self在EAX中,Result也是EAX.所以写成空函数也没问题.这里这样写是为了更好读
end;

Obj := p();
R := TRttiContext.Create;
RT := R.GetType(Obj.ClassType);
FS := RT.GetFields();
MS := RT.GetMethods();

Strs.Add(‘======================================================’);
Strs.Add(Format(‘Obj[%0.8x],ClassName[%s],InstanceSize[%d],UnitName[%s]‘,[Integer(Obj), obj.ClassName, Obj.InstanceSize, obj.UnitName]));
Strs.Add(‘编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec’);
Strs.Add(‘临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的’);
Strs.Add(‘但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的’);
Strs.Add(‘======================================================’);
Strs.Add(‘类的形式如下:’);
for I := 0 to Obj.GetInterfaceTable()^.EntryCount – 1 do
if I = 0 then
Interfaces := Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)])
else
Interfaces := Interfaces + ‘,’+ Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)]);
Strs.Add(‘Type’);
Strs.Add(format(‘Class %s = class(%s,%s) //如果GUID全零,说明绑定的该接口没有GUID’,[obj.ClassName, obj.ClassParent.ClassName, Interfaces]));
for I := 0 to Length(FS) – 1 do
Strs.Add(Format(‘? %s : %s;//继承自%s’,[FS[i].Name, FS[i].FieldType.Name ,Fs[i].Parent.Name]));
for I := 0 to Length(MS) – 1 do
Strs.Add(Format(‘? %s;//继承自%s’,[MS[i].ToString(), MS[i].Parent.Name]));
Strs.Add(‘end;’);

R.Free;

//===========================================================================
p := function () : TObject
begin

asm
mov Result, eax
end;
GetTickcount(); //稍加变化
end;

Obj := p();
R := TRttiContext.Create;
RT := R.GetType(Obj.ClassType);
FS := RT.GetFields();
MS := RT.GetMethods();

Strs.Add(‘======================================================’);
Strs.Add(Format(‘Obj[%0.8x],ClassName[%s],InstanceSize[%d],UnitName[%s]‘,[Integer(Obj), obj.ClassName, Obj.InstanceSize, obj.UnitName]));
Strs.Add(‘编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec’);
Strs.Add(‘临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的’);
Strs.Add(‘但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的’);
Strs.Add(‘======================================================’);
Strs.Add(‘类的形式如下:’);
for I := 0 to Obj.GetInterfaceTable()^.EntryCount – 1 do
if I = 0 then
Interfaces := Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)])
else
Interfaces := Interfaces + ‘,’+ Format(‘[%s]‘,[GUIDToString(Obj.GetInterfaceTable()^.Entries[i].IID)]);
Strs.Add(‘Type’);
Strs.Add(format(‘Class %s = class(%s,%s) //如果GUID全零,说明绑定的该接口没有GUID’,[obj.ClassName, obj.ClassParent.ClassName, Interfaces]));
for I := 0 to Length(FS) – 1 do
Strs.Add(Format(‘? %s : %s;//继承自%s’,[FS[i].Name, FS[i].FieldType.Name ,Fs[i].Parent.Name]));
for I := 0 to Length(MS) – 1 do
Strs.Add(Format(‘? %s;//继承自%s’,[MS[i].ToString(), MS[i].Parent.Name]));
Strs.Add(‘end;’);

R.Free;
Strs.Add(‘以上重复两次,发现对象地址都是一样的.说明临时类和临时对象都只创建一份.’);
Strs.Add(‘但是临时类绑定了两个接口.说明每个Anymouse方法都绑定到一个独立的Interface上.’);

end;

把Anymouse方法和对象解析部分在复制一遍.

执行后memo1的内容就是:

======================================================
Obj[00AE2960],ClassName[Test$ActRec],InstanceSize[24],UnitName[Unit2]
编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec
临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的
但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的
======================================================
类的形式如下:
Type
Class Test$ActRec = class(TInterfacedObject,[{00000000-0000-0000-0000-000000000000}],[{00000000-0000-0000-0000-000000000000}]) //如果GUID全零,说明绑定的该接口没有GUID
FRefCount : Integer;//继承自TInterfacedObject
procedure AfterConstruction;//继承自TInterfacedObject
procedure BeforeDestruction;//继承自TInterfacedObject
class function NewInstance: TObject;//继承自TInterfacedObject
constructor Create;//继承自TObject
procedure Free;//继承自TObject
class function InitInstance(Instance: Pointer): TObject;//继承自TObject
procedure CleanupInstance;//继承自TObject
function ClassType: TClass;//继承自TObject
class function ClassName: string;//继承自TObject
class function ClassNameIs(const Name: string): Boolean;//继承自TObject
class function ClassParent: TClass;//继承自TObject
class function ClassInfo: Pointer;//继承自TObject
class function InstanceSize: Integer;//继承自TObject
class function InheritsFrom(AClass: TClass): Boolean;//继承自TObject
class function MethodAddress(const Name: ShortString): Pointer;//继承自TObject
class function MethodAddress(const Name: string): Pointer;//继承自TObject
class function MethodName(Address: Pointer): string;//继承自TObject
function FieldAddress(const Name: ShortString): Pointer;//继承自TObject
function FieldAddress(const Name: string): Pointer;//继承自TObject
function GetInterface(const IID: TGUID; out Obj): Boolean;//继承自TObject
class function GetInterfaceEntry(const IID: TGUID): PInterfaceEntry;//继承自TObject
class function GetInterfaceTable: PInterfaceTable;//继承自TObject
class function UnitName: string;//继承自TObject
function Equals(Obj: TObject): Boolean;//继承自TObject
function GetHashCode: Integer;//继承自TObject
function ToString: string;//继承自TObject
function SafeCallException(ExceptObject: TObject; ExceptAddr: Pointer): HRESULT;//继承自TObject
procedure AfterConstruction;//继承自TObject
procedure BeforeDestruction;//继承自TObject
procedure Dispatch(var Message);//继承自TObject
procedure DefaultHandler(var Message);//继承自TObject
class function NewInstance: TObject;//继承自TObject
procedure FreeInstance;//继承自TObject
class destructor Destroy;//继承自TObject
end;
======================================================
Obj[00AE2960],ClassName[Test$ActRec],InstanceSize[24],UnitName[Unit2]
编译器会生成一个临时类,绑定一个临时接口的.类名规则是:Anymouse方法所在函数名+$ActRec,所以这里就是Test$ActRec
临时接口至少有一个方法是Anymouse方法.但是通过RTTI我们未必能获取这个方法.因为尽管接口中的方法一定是Public的
但是临时类的实现中该方法完全可能是Private或者Protected的.这样RTTI是取不到这些方法的
======================================================
类的形式如下:
Type
Class Test$ActRec = class(TInterfacedObject,[{00000000-0000-0000-0000-000000000000}],[{00000000-0000-0000-0000-000000000000}]) //如果GUID全零,说明绑定的该接口没有GUID
FRefCount : Integer;//继承自TInterfacedObject
procedure AfterConstruction;//继承自TInterfacedObject
procedure BeforeDestruction;//继承自TInterfacedObject
class function NewInstance: TObject;//继承自TInterfacedObject
constructor Create;//继承自TObject
procedure Free;//继承自TObject
class function InitInstance(Instance: Pointer): TObject;//继承自TObject
procedure CleanupInstance;//继承自TObject
function ClassType: TClass;//继承自TObject
class function ClassName: string;//继承自TObject
class function ClassNameIs(const Name: string): Boolean;//继承自TObject
class function ClassParent: TClass;//继承自TObject
class function ClassInfo: Pointer;//继承自TObject
class function InstanceSize: Integer;//继承自TObject
class function InheritsFrom(AClass: TClass): Boolean;//继承自TObject
class function MethodAddress(const Name: ShortString): Pointer;//继承自TObject
class function MethodAddress(const Name: string): Pointer;//继承自TObject
class function MethodName(Address: Pointer): string;//继承自TObject
function FieldAddress(const Name: ShortString): Pointer;//继承自TObject
function FieldAddress(const Name: string): Pointer;//继承自TObject
function GetInterface(const IID: TGUID; out Obj): Boolean;//继承自TObject
class function GetInterfaceEntry(const IID: TGUID): PInterfaceEntry;//继承自TObject
class function GetInterfaceTable: PInterfaceTable;//继承自TObject
class function UnitName: string;//继承自TObject
function Equals(Obj: TObject): Boolean;//继承自TObject
function GetHashCode: Integer;//继承自TObject
function ToString: string;//继承自TObject
function SafeCallException(ExceptObject: TObject; ExceptAddr: Pointer): HRESULT;//继承自TObject
procedure AfterConstruction;//继承自TObject
procedure BeforeDestruction;//继承自TObject
procedure Dispatch(var Message);//继承自TObject
procedure DefaultHandler(var Message);//继承自TObject
class function NewInstance: TObject;//继承自TObject
procedure FreeInstance;//继承自TObject
class destructor Destroy;//继承自TObject
end;
以上重复两次,发现对象地址都是一样的.说明临时类和临时对象都只创建一份.
但是临时类绑定了两个接口.说明每个Anymouse方法都绑定到一个独立的Interface上.

此条目发表在Delphi, 未分类分类目录。将固定链接加入收藏夹。

发表评论

电子邮件地址不会被公开。

您可以使用这些HTML标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

你必须启用JavaScript