0041502E mov eax,dword ptr [ebp-140h]
00415034 mov edx,dword ptr [eax]
00415036 mov esi,esp
00415038 mov ecx,dword ptr [ebp-140h]
0041503E mov eax,dword ptr [edx]
00415040 call eax
Let's take a look at this assembly. At the beginning of the assembly, the pointer itself is stored within eax. The pointer to the class, the object.
So the next dereferences that pointer and stores it in edx. So it dereferences and stores a 4-byte value in edx. What's the first 4 bytes in a class? The vtable!
The next line is irrelevant.
But the next tells me that the compiler stores the class pointer in ecx, which is basically the "this" register. The register where the "this" pointer is stored.
Moving on, we see that the code dereferences edx, which previously held the value of the dereferenced class pointer, the vtable pointer. And then it calls this address, entering the virtual function.
So that tells me the class looks something like:
Code:
class D
{
VTablePtr* ptr;
// ...
};
And I have a pointer to the class object, pD. So the code is essentially, (*pD->ptr)();
I already did. Look up and see the code I used both in C++ and assembly plus the class definition.