C++中vritual虚函数漏洞,通过指针(利用虚表,调用函数)任然可以访问到基类中虚函数。
#include <iostream>
using namespace std;
typedef void (*Fun)();
class Base
{
private:
virtual void fun1()
{
cout<<"Base fun1"<<endl;
}
virtual void fun2()
{
cout<<"Base fun2"<<endl;
}
};
class Base1
{
private:
virtual void fun3()
{
cout<<"Base1 fun3"<<endl;
}
virtual void fun4()
{
cout<<"Base1 fun4"<<endl;
}
};
class Child:public Base,public Base1
{
virtual void fun1()
{
cout<<"child fun1"<<endl;
}
virtual void fun5()
{
cout<<"child fun5"<<endl;
}
};
int main()
{
//利用虚表,调用函数
Child c1;
Fun f1= (Fun)((int*)*((int*)(*(int*)&c1)));
f1();
f1= (Fun)((int*)*(((int*)*(int*)&c1)+1));
f1();
Fun f2= (Fun)((int*)*((int*)*((int*)&c1+1)));
f2();
f2= (Fun)((int*)*((int*)*((int*)&c1+1)+1));
f2();
f1= (Fun)((int*)*(((int*)*(int*)&c1)+2));
f1();
}