> The C++ standard does not specify how virtual functions should be implemented. In practice, however, compilers generate a virtual function table and place a pointer to it as the first member of a class.<p>wishful thinking: <a href="https://gcc.godbolt.org/z/qWEe9r" rel="nofollow">https://gcc.godbolt.org/z/qWEe9r</a>
We were overriding non-virtual functions at run time in the 8-bit days. Even in the feature article's case it would be easier and more reliable to patch the GOT (since he's using ELF on Linux).<p>It's hardly news but I guess it makes this common cracking technique more accessible.
As you might imagine, overwriting vtables in memory is a common technique to hijack control flow and making your program execute attacker's code in an exploit.
In Objective-C, that’s called “method swizzling”, and better supported by the runtime. See <a href="https://nshipster.com/method-swizzling/" rel="nofollow">https://nshipster.com/method-swizzling/</a><p>And of course, Common Lisp has “change-class” (<a href="https://www.snellman.net/blog/archive/2015-07-27-use-cases-for-change-class-in-common-lisp/" rel="nofollow">https://www.snellman.net/blog/archive/2015-07-27-use-cases-f...</a>, discussed at <a href="https://news.ycombinator.com/item?id=734025" rel="nofollow">https://news.ycombinator.com/item?id=734025</a>) and Smalltalk has “become:” (<a href="https://gbracha.blogspot.com/2009/07/miracle-of-become.html" rel="nofollow">https://gbracha.blogspot.com/2009/07/miracle-of-become.html</a>. Short discussion at <a href="https://news.ycombinator.com/item?id=734025" rel="nofollow">https://news.ycombinator.com/item?id=734025</a>)
Had to go a step further in a project and patch static functions in a codebase with no source. It’s certainly enlightening how much you can do with just a symbol map and type info.<p>I don’t think the articles vtable layout is entirely accurate for gcc though - usually you’ll get 2 destructors at the start of the vtable (assuming the first virtual func declared is the destructor).
I was wondering whether such a thing is possible for JVM based languages and it turns out it is:
<a href="https://stackoverflow.com/questions/8273685/is-it-possible-to-override-a-method-at-runtime" rel="nofollow">https://stackoverflow.com/questions/8273685/is-it-possible-t...</a>
AutoCad does this in their ObjectARX technology, with a fixed compiler version, to support user or vendor provided plugins to extend classes. At runtime. For decades.