调用CoCreateInstance后得到了一个DLL(COM)的接口地址.
那然后比如我想调用里面的"speak".
怎么算接口表里函数的偏移?
下面是用eXeScope打开这个DLL的部分内容
Interface ISpVoice; // ISpVoice Interface
GUID={6C44DF74-72B9-4992-A1EC-EF996E0422D4};
function SetOutput(pUnkOutput:IUnknown; fAllowFormatChanges:I4): HResult;
function GetOutputObjectToken(out ppObjectToken:^^ISpObjectToken): HResult;
function GetOutputStream(out ppStream:^^ISpStreamFormat): HResult;
function Pause: HResult;
function Resume: HResult;
function SetVoice(pToken:^ISpObjectToken): HResult;
function GetVoice(out ppToken:^^ISpObjectToken): HResult;
function Speak(pwcs:LPWSTR; dwFlags:UI4; out pulStreamNumber:^UI4): HResult;
function SpeakStream(pStream:^IStream; dwFlags:UI4; out pulStreamNumber:^UI4): HResult;
function GetStatus(out pStatus:^SPVOICESTATUS; out ppszLastBook:^LPWSTR): HResult;
function Skip(pItemType:LPWSTR; lNumItems:I4; out pulNumSkipped:^UI4): HResult;
function SetPriority(ePriority:SPVPRIORITY): HResult;
function GetPriority(out pePriority:^SPVPRIORITY): HResult;
function SetAlertBoundary(eBoundary:SPEVENTENUM): HResult;
function GetAlertBoundary(out peBoundary:^SPEVENTENUM): HResult;
function SetRate(RateAdjust:I4): HResult;
function GetRate(out pRateAdjust:^I4): HResult;
function SetVolume(usVolume:UI2): HResult;
function GetVolume(out pusVolume:^UI2): HResult;
function WaitUntilDone(msTimeout:UI4): HResult;
function SetSyncSpeakTimeout(msTimeout:UI4): HResult;
function GetSyncSpeakTimeout(out pmsTimeout:^UI4): HResult;
function SpeakCompleteEvent: ^void;
function IsUISupported(pszTypeOfUI:^UI2; pvExtraData:^void; cbExtraData:UI4; out pfSupported:^I4): HResult;
function DisplayUI(hWndParent:wireHWND; pszTitle:^UI2; pszTypeOfUI:^UI2; pvExtraData:^void; cbExtraData:UI4): HResult;
那然后比如我想调用里面的"speak".
怎么算接口表里函数的偏移?
下面是用eXeScope打开这个DLL的部分内容
Interface ISpVoice; // ISpVoice Interface
GUID={6C44DF74-72B9-4992-A1EC-EF996E0422D4};
function SetOutput(pUnkOutput:IUnknown; fAllowFormatChanges:I4): HResult;
function GetOutputObjectToken(out ppObjectToken:^^ISpObjectToken): HResult;
function GetOutputStream(out ppStream:^^ISpStreamFormat): HResult;
function Pause: HResult;
function Resume: HResult;
function SetVoice(pToken:^ISpObjectToken): HResult;
function GetVoice(out ppToken:^^ISpObjectToken): HResult;
function Speak(pwcs:LPWSTR; dwFlags:UI4; out pulStreamNumber:^UI4): HResult;
function SpeakStream(pStream:^IStream; dwFlags:UI4; out pulStreamNumber:^UI4): HResult;
function GetStatus(out pStatus:^SPVOICESTATUS; out ppszLastBook:^LPWSTR): HResult;
function Skip(pItemType:LPWSTR; lNumItems:I4; out pulNumSkipped:^UI4): HResult;
function SetPriority(ePriority:SPVPRIORITY): HResult;
function GetPriority(out pePriority:^SPVPRIORITY): HResult;
function SetAlertBoundary(eBoundary:SPEVENTENUM): HResult;
function GetAlertBoundary(out peBoundary:^SPEVENTENUM): HResult;
function SetRate(RateAdjust:I4): HResult;
function GetRate(out pRateAdjust:^I4): HResult;
function SetVolume(usVolume:UI2): HResult;
function GetVolume(out pusVolume:^UI2): HResult;
function WaitUntilDone(msTimeout:UI4): HResult;
function SetSyncSpeakTimeout(msTimeout:UI4): HResult;
function GetSyncSpeakTimeout(out pmsTimeout:^UI4): HResult;
function SpeakCompleteEvent: ^void;
function IsUISupported(pszTypeOfUI:^UI2; pvExtraData:^void; cbExtraData:UI4; out pfSupported:^I4): HResult;
function DisplayUI(hWndParent:wireHWND; pszTitle:^UI2; pszTypeOfUI:^UI2; pvExtraData:^void; cbExtraData:UI4): HResult;
解决方案 »
- 【求助】起动驱动服务时出现 1058 错误
- 下面代码是什么意思呀
- StretchBlt缩小图像失真严重,救命啊!!!
- 不明白是为什么 VC的问题
- 关于radio?(超难,大家帮忙啊!!)
- 怎样画这样的坐标线
- 想使用对象的成员函数作为线程函数,但创建线程时失败,提示线程函数类型不相符,请问能否转化或用其他办法实现
- ****************送分:一个奇怪的ADO问题,巨简单!!*************
- 请问在vc里面怎么禁止鼠标人为移动,但是不禁止程序对鼠标执行SetCursorPos()?
- 如何批量删除//DEL这样子的注释代码?谢谢
- 关于TCP编程中多次发送数据问题
- 如何得到公共的桌面路径
.586
.model flat,stdcall
option casemap:none include windows.inc
include kernel32.inc
include ole32.inc
includelib kernel32.lib
includelib ole32.lib.data
CLSID_SpVoice GUID <096749377h, 03391h, 011D2h, <09Eh, 0E3h, 000h, 0C0h, 04Fh, 079h, 073h, 096h>>
IID_ISpVoice GUID <06C44DF74h, 072B9h, 04992h, <0A1h, 0ECh, 0EFh, 099h, 06Eh, 004h, 022h, 0D4h>>TEXT db 'I',0,' ',0 ,'L',0 ,'o',0 ,'v',0 ,'e',0 ,' ',0 ,'Y',0 ,'o',0 ,'u',0 ,'!',0,0.data?
PCOM dd ?
.code; ---------------------------------------------------------------------------start:
invoke CoInitialize,0
invoke CoCreateInstance,offset CLSID_SpVoice, 0, CLSCTX_INPROC_SERVER, offset IID_ISpVoice,offset PCOM
.if eax == 0
push 0
push 0
push offset TEXT
mov eax,PCOM
push eax
mov eax,[eax]
call DWORD PTR[eax+50h] ;PCOM->Speak(L"I LOVE YOU!", 0, 0);
.endif
invoke ExitProcess,eaxend start
按理说,Speak函数是第7个函数,那么实际函数就是第10个函数(接口最开始的还有3个默认函数)
也就是说,偏移量应该是10*4=40=28h才是,但是现在是50h=80,难道每个函数使用的是8个字节?
ISpvoice <-- ISpEventSource <-- ISpNotifySource <-- IUnknown
你数数里头的接口数目,正好是第21个接口,也就是相对偏移50h
谢谢大家帮忙,感激不尽!