I'm doing something a bit tricky here with a running exe which I know has its MAP file embedded by madExcept.
I'm calling methods whose address I have found thanks to madMAPFile, this way:
Code: Select all
SomeMethodPtr := GetMapFileAddress(GetModuleName(0), 'SomeUnit', 'TSomeClass.SomeMethod');
Code: Select all
SomeMethodPtr(ObjectAddress, Param1, Param2, Param3);
However, if SomeMethod is virtual and the object is an instance of a derived class that overrides SomeMethod, then only the "root" method is called, not the derived one.
This is completely expected because I'm only ever retrieving the address of the base class method and not doing any VMT walkthrough.
Fortunately for me, in my case, there are only a few classes derived from TSomeClass, I know them in advance and know if they have overridden SomeMethod. So I can call GetClassName and find the appropriate entry point to call.
But if as I'm trying to be "future proof", I'm wondering if there was a way to "walk the VMT" of the given object to find the effective address.
Would you have any suggestions?