I've done some research, too.
I used the following code to dump the memory of a variable.
Then I tried dumping pointer-to-member-function varibles using different class inheritance.
#define print_size(a) cout << "sizeof("<< #a << ") = " << sizeof(a) << endl;
#define print_dump(a) cout << "dump of "<< #a << " : "; my_dump(&a,sizeof(a)); cout << endl;
void my_dump(void* var, unsigned size=12)
using namespace std;
unsigned char * data = (unsigned char*) var;
for (unsigned i = 0; i < size; ++i)
cout << hex <<setw(2) << setfill('0') << (int)data[i] << " ";
The first 4 bytes was always 0x00000000 (use unknown).
The next four bytes was always 0xffffffff unless the function was virtual.
The last four bytes was the address to the function (I think).
Pointer-to-member-variable was easier. They contain four bytes wich is the offset of the variable within the class + 1.
The reason why it adds one is because zero is reserved as the null pointer.