I was reading some articles on net regarding Vtable thunks and I read somewhere that thunks can be used to hook /chain procedures calls.
Is it achievable?
Does anyone know how that works , also I am not able to find good resource explaining thunks. Any suggestions for that?
Implementing a raw thunk in the style of v-table thunks is a last resort. Whatever you need to accomplish can most likely be achieved with a wrapper function, and it will be much less painful.
In general, a thunk does the following:
To see an example of how it works, let's turn to our good friend Raymond Chen and his discussion of adjuster thunks:
http://blogs.msdn.com/oldnewthing/archive/2004/02/06/68695.aspx
The thunk he used was as follows:
[thunk]:CSample::QueryInterface`adjustor{4}':
sub DWORD PTR [esp+4], 4 ; this -= sizeof(lpVtbl)
jmp CSample::QueryInterface
As he describes, you have a class that implements the same methods through multiple interfaces, so it has multiple v-tables. (If you don't know COM, all you need to know is that it works with v-tables directly, so a pointer to a specific interface must contain function pointers to all the methods of that interface in order.)
If you implement two interfaces with different methods in a particular slot, you need multiple v-tables. But, you only write the overlapping methods once, so that method needs to be able to work with both "this" pointers. To do that, the compiler generates a method that does the fixup necessary and calls the original implementation.
So, this thunk does the following steps:
This is where the jmp
instruction comes in. Normally, if you were to call the function using call
, it would return to you, and you'd have to ret
back to your caller. Since there is no cleanup to do, the compiler does an optimization where it moves execution straight to the real implementation and let's the real implementation's return statement return to your caller. This is only an optimization, not a fundamental part of thunking. For example, 16/32-bit thunks will convert the input / output parameters between 16 and 32 bits as necessary, so it can't skip the cleanup step; it has to call
, not jmp
.
The moral of the story is: if you need to do something, such as the jmp
optimization, that you can't write directly in C++ or your other high level language of choice, go ahead and write an assembly language thunk. Otherwise, just write a wrapper and be done with it.
Honestly, it sounds like you're asking for the performance optimization, and most of the time (1) the compiler is better at optimizing than we think and (2) it's not going to give you as big of an improvement as you think.