Skip to content

Latest commit

 

History

History
377 lines (211 loc) · 14.8 KB

special_symbols.md

File metadata and controls

377 lines (211 loc) · 14.8 KB
Raw

Special symbols generated by VC++

vftable

??_7vbase@@6B@

const vbase::`vftable'

??_7three@@6Bone@@@

const three::`vftable'{for `one'}

The virtual function table. The first entry of the table is the RTTI Complete Object Locator, and the rest entries are the addresses of the final overriders of all the virtual functions in the class.

In the situation of multiple inheritance, there may be a need to generate a vftable for each of the bases. There will be a "for" part in this symbol, naming each of the bases in this case.

vbtable

??_8X@@7B@

const X::`vbtable'

??_8three@@7Bone@@@

const three::`vbtable'{for `one'}

The virtual base table, contains informaion for virtual bases.

If there are multiple virtual bases, the vbtable may be generated for each of the virtual bases. It will contain a for part in the "vbtable" in this case.

vcall

??_9vbase@@$B3AE

[thunk]: __thiscall vbase::`vcall'{4,{flat}}' }'

It is a fucntion (thunk) generated for pointer to virtual member function.

In C++, the final overrider is required to be called when the function is virtual. So, pointer to virtual member function is different from pointer to non-virtual member function, as it must find the final overrider first. A vcall thunk is generated to do this.

The number part in the vcall output seems to be an offset in the vftable. The meaning of the flat part is unknown, and no other alternative has been seen.

typeof

Need more information

Haven't found a real piece of code that would generate this symbol.

local static guard

Need more information

Can generate this symbol with local_static_guard.cpp, compiled with /clr:pure compiler flag. However, I am not able to get this symbol with pure C++ code.

vbase destructor

??_DAA@@QAEXXZ

public: void __thiscall AA::`vbase destructor'(void)

Generated destructor wrapper for classes with virtual bases.

For classes which has virtual bases, the "normal" destructor function generated by the compiler will not destruct the virtural base, as the virtual base may be shared along the inheritance chain. Instead, for each most derived class, a vbase destructor is generated, in which the destrutors of the virtural bases are called, along with the normal destructor of the class.

vector deleting destructor

??_Efour@@UAEPAXI@Z

public: virtual void * __thiscall four::`vector deleting destructor'(unsigned int)

??_Efour@@$4PPPPPPPM@A@AEPAXI@Z

[thunk]:public: virtual void * __thiscall four::`vector deleting destructor'`vtordisp{-4,0}' (unsigned int)

Generated function for delete[] expression, and can be put into the vftable if the destructor is virtual. When it is put into the vftable, it may need a thunk to adjust the this pointer. The thunk is the second version of the examples above.

It calls the destructors of every element, then calls operator delete[] or operator delete to release the memory.

The parameter is a flag which determines where to destruct one or all elementer, and whether to call operator delete or operator delete[]. The flag is set according to how the function is called. For example, for delete[], all are deleted and operator delete[] is used. When it is called from the vftable by delete, operator delete is used.

default constructor closure

??_Fvbase@@QAEXXZ

public: void __thiscall vbase::`default constructor closure'(void)

Generated function that takes no parameter, and wraps a default constructor whose paramters all has default value.

The default constructor in C++ does not have any parameters, or all paramter has a default value. In the latter case, when a default constructor with no parameters is needed by the compiler, a default constructor closure is generated to wrap up the original constructor.

scalar deleting destructor

??_Gtwo@@UAEPAXI@Z

public: virtual void * __thiscall two::`scalar deleting destructor'(unsigned int)

Generated wrap function for delete expresion or explicit destructor call, calls destructor and (optionally) operator delete.

The flag parameter controls whether operator delete should be called.

vector constructor iterator

??_H@YGXPAXIIP6EPAX0@Z@Z

void __stdcall `vector constructor iterator'(void *,unsigned int,int,void * (__thiscall*)(void *))

Library function to construct an array of class objects.

parameters:

  1. void *: starting address of the array
  2. unsigned int: size of one object
  3. int: number of objects
  4. void * (__thiscall*)(void *): pointer to the constructor

vector destructor iterator

??_I@YGXPAXIIP6EX0@Z@Z

void __stdcall `vector destructor iterator'(void *,unsigned int,unsigned int,void (__thiscall *)(void *))

Library function to destruct an array of class objects.

paramters:

  1. void *: starting address of the array
  2. unsigned int: size of one object
  3. int: number of objects
  4. void * (__thiscall*)(void *): pointer to the destructor

vector vbase constructor iterator

??_J@YGXPAXIIP6EPAX0@Z@Z

void __stdcall `vector vbase constructor iterator'(void *,unsigned int,unsigned int,void * (__thiscall *)(void *))

Library function to construct an array of class objects with virtual bases. Genterated constructor function for classes with virtual bases has a hidden paramter _$initVBases$, which controls whether the virtual base should be initialized in the contrusctor. So the iterator function is different from vector constructor iterator.

parameters:

  1. void *: starting address of the array
  2. unsigned int: size of one object
  3. unsigned int: number of objects
  4. void * (__thiscall*)(void *): pointer to the constructor

virtual displacement map

??_KB@x@@$CC@1@

x::B::`virtual displacement map'{for x::C}

It is a helper structure which helps casting between pointer to member functions in the two classes. Usually multiple inheritance / virtual function / virtual bases are involved.

eh vector constructor iterator

??_L@YGXPAXIIP6EX0@Z1@Z

void __stdcall `eh vector constructor iterator'(void *,unsigned int,int,void (__thiscall *)(void *),void (__thiscall *)(void *))

Library function to construct an array of class objects, with execption handling. paramters:

  1. void *: starting address of the array
  2. unsigned int: size of one object
  3. int: number of objects
  4. void (__thiscall *)(void *): pointer to the constructor
  5. void (__thiscall *)(void *): pointer to the destructor

eh vector destructor iterator

??_M@YGXPAXIIP6EX0@Z@Z

void __stdcall `eh vector destructor iterator'(void *,unsigned int,int,void (__thiscall *)(void *))

Library function to destruct an array of class objects, with exception handling

paramters:

  1. void *: starting address of the array
  2. unsigned int: size of one object
  3. int: number of objects
  4. void * (__thiscall*)(void *): pointer to the destructor

eh vector vbase constructor iterator

??_N@YGXPAXIIP6EX0@Z1@Z

void __stdcall `eh vector vbase constructor iterator'(void *,unsigned int,int,void (__thiscall*)(void *),void (__thiscall*)(void *))

Library function to construct an array of class objects with virtual bases, with exception handling. Genterated constructor function for classes with virtual bases has a hidden paramter _$initVBases$, which controls where the virtual base should be initialized in the contrusctor. So the iterator function is different from vector constructor iterator.

parameters:

  1. void *: starting address of the array
  2. unsigned int: size of one object
  3. unsigned int: number of objects
  4. void * (__thiscall*)(void *): pointer to the constructor

copy constructor closure

??_OTestClassA@@QAEXAAV0@@Z

public: void __thiscall TestClassA::`copy constructor closure'(class TestClassA &)

Generated copy contructor. It wraps the a copy constructor with more than one parameters, but only the first one does not have default argument.

The copy constructor in C++ has only one parameter, or all but the first parameter have default arguments. In the latter case, when a copy constructor with only one parameter is needed by the compiler, a copy constructor closure is generated to wrap up the original copy constructor.

RTTI Type Descriptor

??_R0?AUbase@@@8

struct base `RTTI Type Descriptor'

A struct (of type std::type_info) that contains the runtime type information.

RTTI Base Class Descriptor

??_R1A@?0A@EA@four@@8

four::`RTTI Base Class Descriptor at (0,-1,0,64)'

A structure that describe a base class object. The data contains RTTI Type Descriptor of the base class, number of bases that base has, offset of the base class object (vftable), an attribute, and the RTTI Class Hierarchy Descriptor.

The numbers mangled in the name is the offset (first three numbers) and attribute.

RTTI Base Class Array

??_R2four@@8

four::`RTTI Base Class Array'

An array of RTTI Base Class Descriptor for all (direct and indirect) base classes. The first entry is the class itself.

RTTI Class Hierarchy Descriptor

??_R3four@@8

four::`RTTI Class Hierarchy Descriptor'

A structure describes class hierarchy. It contains attribute that shows multiple / virtual inheritance, count of bases classes (including self), and RTTI Base Class Array.

RTTI Complete Object Locator

??_R4base@@6B@

const base::`RTTI Complete Object Locator'

??_R4two@@6Bvbase@@@

const two::`RTTI Complete Object Locator'{for `vbase'}

This structure contains information about the offset of the class within the complete class object, and the RTTI Type Descriptor, RTTI Class Hierarchy Descriptor for the compelete object.

local vftable

??_SIMPClass@@6B@

const IMPClass::`local vftable'

Used to replace the vftable for object of dllimported class created by new.

The vector deleting destructor is put into the vftable if the destructor is virtual, and it calls operator delete. However, for dllimported classes, the operator delete inside the DLL (which is called by the vector deleting destructor in the DLL) may not be the same with the one in the exe. It may not match the operator new in the EXE, which may cause problems. To resolve this, for these classes, a local vftable is generated to replace the original vftable in the object, after normal object construct in the EXE. In the local vftable, the destructor calls the operator delete in the EXE.

Details see here.

local vftable constructor closure

??_TIMPClass@@QAEXXZ

public: void __thiscall IMPClass::`local vftable constructor closure'(void)

It is used to wrap up the normal construct steps and the replacement of local vftable.

placement delete closure placement delete[] closure

Need more information.

eh vector copy constructor iterator

??__C@YGXPAX0IIP6EX00@ZP6EX0@Z@Z

void __stdcall `eh vector copy constructor iterator'(void *,void *,unsigned int,unsigned int,void (__thiscall *)(void *,void *),void (__thiscall *)(void *))

Library function to copy construct an array of class objects.

Parameter:

  1. void *: Destination array address
  2. void *: Source array address
  3. unsigned int: size of an object
  4. unsigned int: number of objects in the array
  5. void (__thiscall *)(void *,void *): copy constructor of the class
  6. void (__thiscall *)(void *): destructor of the class

eh vector vbase copy constructor iterator

??__D@YGXPAX0IIP6EX00@ZP6EX0@Z@Z

void __stdcall `eh vector vbase copy constructor iterator'(void *,void *,unsigned int,unsigned int,void (__thiscall *)(void *,void *),void (__thiscall *)(void *))

Library function to copy construct an array of class objects, for class with virtual bases.

Parameter:

  1. void *: Destination array address
  2. void *: Source array address
  3. unsigned int: size of an object
  4. unsigned int: number of objects in the array
  5. void (__thiscall *)(void *,void *): copy constructor of the class
  6. void (__thiscall *)(void *): destructor of the class

dynamic initializer for

??__E?d_c@D@@2VC@@A@@YAXXZ

void __cdecl `dynamic initializer for 'public: static class C D::d_c''(void)

Generated dynamic initialization function for static variables.

dynamic atexit destructor for

??__F?d_c@D@@2VC@@A@@YAXXZ

void __cdecl `dynamic atexit destructor for 'public: static class C D::d_c''(void)

Generated function to be register in at_exit, to destruct a static variable.

vector copy constructor iterator

??__G@YGXPAX0IIP6EPAX00@Z@Z

void __stdcall `vector copy constructor iterator'(void *,void *,unsigned int,unsigned int,void * (__thiscall *)(void *,void *))

Library function to copy construct an array of class objects, without exception handling

Parameter:

  1. void *: Destination array address
  2. void *: Source array address
  3. unsigned int: size of an object
  4. unsigned int: number of objects in the array
  5. void (__thiscall *)(void *,void *): copy constructor of the class

vector vbase copy constructor iterator

??__H@YGXPAX0IIP6EPAX00@Z@Z

void __stdcall `vector vbase copy constructor iterator'(void *,void *,unsigned int,unsigned int,void * (__thiscall *)(void *,void *))

Library function to copy construct an array of class objects, for class with virtual bases, without exception handling.

Parameter:

  1. void *: Destination array address
  2. void *: Source array address
  3. unsigned int: size of an object
  4. unsigned int: number of objects in the array
  5. void (__thiscall *)(void *,void *): copy constructor of the class

dyanmic initializer

??d_c$initializer$@D@@2P6AXXZA@@3P6AXXZA

void (__cdecl * `public: static void (__cdecl * D::d_c$initializer$)(void)')(void)

The demangled name is actually made up by me. The .asm output of the compiler does not have a demangle name. And UndecoratedSymbolNames cannot handle it. The symbol does not follow the rules of the mangling schema, so special treatment is required.

It is used in the CRT$XCU section, where dynamic intializer for static variable is stored. These initializers are automatically executed before main. Check the microsoft documentation for CRT Initialization for more details. It is used in the following asm piece:

CRT$XCU	SEGMENT
??d_c$initializer$@D@@2P6AXXZA@@3P6AXXZA DD FLAT:??__E?d_c@D@@2VC@@A@@YAXXZ ; ??d_c$initializer$@D@@2P6AXXZA@@3P6AXXZA
CRT$XCU	ENDS