Vector Deleting Destructor

Today one guy in my team asked a question regarding the behavior of delete[] operator in C++ – how does the program know it needs to call CBar::~CBar instead of CFoo::~CFoo? Note that the vector deleting destructor is a feature in Microsoft C++ Compiler, not required by the C++ standard. #define _CRTDBG_MAP_ALLOC #include <malloc.h> #include <crtdbg.h> class CFoo { public:   virtual ~CFoo() = 0; }; class CBar…

0

A Note for Binary Hooking and Instrumentation

One intern in my team has been working on a utility, which makes use of binary instrumentation. So I think it’s time to recap on that. Understand the Fundamentals As we mentioned in Microsoft Binary Technologies and Debugging, there are many binary technologies. Most of these technologies can be used either statically (patch and write back to the disk) or…

0

CRT Startup

In my previous blog Early Debugging, we’ve demonstrated how early can you get using a user mode debugger. Normally we don’t want to be such early, there are some other places we would want to start with: OEP (Original Entry Point) of the EXE module. WinDBG has a predefined Pseudo-Register called $exentry which makes it a lot…

0

The Main Thread Problem

Every few months I heard people asking the same question: Given a process ID (or handle), how can I get its main thread ID (or handle)? Normally that would raise another question: What is the definition of a main thread? While the Windows operating system doesn’t have a concept called main thread, and threads donnot…

1

MACRO Revisited

Macro is powerful, but few people understand how it works. In theory, syntax highlighting for C/C++ is impossible due to the presence of Preprocessing Directives FDIS N3290 16 . Sometimes I do feel that C++ is a mixture of three languages instead of a single language, I have to keep in mind that there are…

2