#include <cstdio>

class Thing
{
private:
int x;
int y;
virtual int foo()
{
return x+y;
}
virtual int bar()
{
return x*y;
}
public:
Thing(){
x = 2;
y = 10;
}
};

int extract_x(void *thing)
{

// --- Begin your code ---

return *((char*) thing + 8);

// --- End your code ---
}

int extract_y(void *thing)
{
// --- Begin your code ---

return *((char*)thing + 12);
// --- End your code ---
}

int call_foo(void* thing)
{
// --- Begin your code ---
//point to virtual table in class Thing
char (**vt)(Thing*) = (char (**)(Thing*)) *((void**) thing);
//reference foo 0 in virtual table
char (*ff)(Thing*) = vt[0];
//return function pointer foo
return (*ff)((Thing*)thing);
// --- End your code ---
}

int call_bar(void* thing)
{
// --- Begin your code ---
char (**vt)(Thing*) = (char (**)(Thing*)) *((void**) thing);
char (*sf)(Thing*) = vt[1];
return (*sf)((Thing*)thing);
// --- End your code ---
}

int main()
{
Thing thing;
std::printf("%d %d %d %d\n",
extract_x(&thing),
extract_y(&thing),
call_foo(&thing),
call_bar(&thing));
return 0;
}

Basically need help with how call_foo and call_bar code works

Man, there seems to be a lot of people playing with obfuscated code these days. I'm not sure what the benefit is of playing with code like this (maybe you're learning how to write a compiler or debugger?), but here goes.

Looking at call_foo. Call_bar is similar.

char (**vt)(Thing*) = (char (**)(Thing*)) *((void**) thing);

You declare a variable vt which is a pointer to a pointer to a function which takes a Thing* as an argument and returns a char.

The void* argument passed in (thing) is cast to a pointer to a pointer to void. When it is dereferenced, thing (the object whose address is passed into call_foo) is treated as a void*.

Call_foo assumes that the pointer passed in is a pointer to a Thing-compatible object, and that the first data within the object is a virtual table (a pointer to an array of function pointers). With the proper cast, the data pointed to by the thing becomes a pointer to a virtual table. Hence, the variable name vt. Incidentally, the function type char(**)(Thing*) is added here to make calling the function easier. Functions in the virtual table obviously do not need to have the same signature.

char (*ff)(Thing*) = vt[0];

The first element in the array of function pointers is simply a function pointer. So, the variable ff (first function) is a pointer to a function taking a Thing* as an argument and returning a char.

return (*ff)((Thing*)thing);

The function call_foo casts the argument thing to a Thing* (which was assumed above anyway) and passes it to ff. The (*ff) executes the function pointed to by ff.

Note that foo returns an int, but ff returns a char, so foo's return value will be demoted to a char. Then, call_foo returns an int, so the value returned by ff will be promoted to an int (although values returned by foo that are larger than in will be theoretically lost). This works in this specific case because the values in Thing are hard coded to small enough to not cause problems.

Thanks man this helped so much! I honestly just got lucky when putting this code together ha.