不注册调用ActiveX Dll(续)
不注册调用ActiveX Dll(续)
(by lingll 完成于2006-2-8 17:24)
那本书(Advanced Visual Basic)中让vb能够函数指针的方法不错,但是要添加类型库,还要自己创建轻量com对象显得颇为麻烦.我想,不如直接利用vb自己建对象算了.
代码如下:
'建一class,如下
'---------------------------------------------------------------------------------------
' Module : cFucPtr
' DateTime : 2006-2-7 17:36
' Author : Lingll
' Email : lingll_xl@163.com
' HomePage : http://lingll.yeah.net/
' Purpose :
'---------------------------------------------------------------------------------------
Option Explicit
'存储加载dll后获得的函数地址
Private m_NewFucPtr As Long
Public Function DllGetClassObject( _
ByRef rclsid As UUID, ByRef riid As UUID, ByRef ppv As IClassFactory) As Long
End Function
Public Sub SetFunctionPtr(newptr&)
m_NewFucPtr = newptr
End Sub
'再建一module
Option Explicit
Public Declare Function LoadLibrary Lib "kernel32.dll" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Public Declare Function FreeLibrary Lib "kernel32.dll" (ByVal hLibModule As Long) As Long
Public Declare Function GetProcAddress Lib "kernel32.dll" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Public Declare Sub CopyMemory Lib "kernel32.dll" Alias "RtlMoveMemory" (ByRef Destination As Any, ByRef Source As Any, ByVal Length As Long)
Public Type typAsm
code(1) As Long
End Type
Public asm As typAsm
'然后,初始化时,让asm为如下值,
asm.code(0) = &HFF515859
asm.code(1) = &H90003460
'这个是汇编代码,具体是
'pop ecx
'pop eax
'push ecx
'jmp DWORD PTR [eax + 52]
'这是抄回来的,具体原理我不太清楚,如下是原注释
'Here's the magic asm for doing the function pointer call.
'The stack comes in with the following:
'esp: return address
'esp + 4: this pointer for FunctionDelegator
'All that we need to do is remove the this pointer from the
'stack, replace it with the return address, then jmp to the
'correct function. In other words, we're just squeezing the
'this pointer completely out of the picture.
'The code is:
'pop ecx (stores return address)
'pop eax (gets the this pointer)
'push ecx (restores the return address)
'jmp DWORD PTR [eax + 4] (jump to address at this + 4, 3 byte instruction)
'The corresponding byte stream for this is: 59 58 51 FF 60 04
'We pad these six bytes with two int 3 commands (CC CC) to get eight
'bytes, which can be stored in a Currency constant.
'Note that the memory location of this constant is not executable, so
'it must be copied into a currency variable. The address of the variable
'is then used as the forwarding function.
'下面是调用代码:
Dim tadd As Long, vTab&
Dim tobj As cFucPtr
Dim tLib&
Dim tUn As olelib.IUnknown
Dim tDem As dllDemo.IDemo
Dim tFac As olelib.IClassFactory
Set tobj = New cFucPtr
'加载dll
tLib = LoadLibrary(App.Path & "\dllDemo.dll")
If tLib <> 0 Then
tadd = GetProcAddress(tLib, "DllGetClassObject")
End If
Dim asmadd&
If tadd <> 0 Then
'获取vtable地址
CopyMemory vTab, ByVal ObjPtr(tobj), 4
asmadd = VarPtr(asm)
'替换掉cFucPtr.DllGetClassObject地址
CopyMemory ByVal (vTab + (8 - 1) * 4), asmadd, 4
'设置函数地址
tobj.SetFunctionPtr tadd
tobj.DllGetClassObject ClsId_Obj, iid_iclassfactory, tFac
If Not tFac Is Nothing Then
tFac.CreateInstance Nothing, iid_iunknow, tUn
Set tFac = Nothing
Set tDem = tUn
Set tUn = Nothing
tDem.test
End If
End If
Set tDem = Nothing
If tLib <> 0 Then FreeLibrary tLib
'一定要在所有对象都释放掉了才能使用FreeLibrary,不然会出错
将上面的代码修改一下,就可以很方便的在vb中使用函数指针了,hoho,vb可以用函数指针咯,不写了.
lingll
2006-2-8