Can I access private members from outside the class without using friends?

Question

Disclaimer

Yes, I am fully aware that what I am asking about is totally stupid and that anyone who would wish to try such a thing in production code should be fired and/or shot. I'm mainly looking to see if can be done.

Now that that's out of the way, is there any way to access private class members in C++ from outside the class? For example, is there any way to do this with pointer offsets?

(Naive and otherwise non-production-ready techniques welcome)

Update

As noted in the comments, I asked this question because I wanted to write a blog post on over-encapsulation (and how it affects TDD). I wanted to see if there was a way to say "using private variables isn't a 100% reliable way to enforce encapsulation, even in C++." At the end, I decided to focus more on how to solve the problem rather than why it's a problem, so I didn't feature some of the stuff brought up here as prominently as I had planned, but I still left a link.

At any rate, if anyone's interested in how it came out, here it is: Enemies of Test Driven Development part I: encapsulation (I suggest reading it before you decide that I'm crazy).

Answer 1

If you know how your C++ compiler mangles names, yes.

Unless, I suppose, it's a virtual function. But then, if you know how your C++ compiler builds the VTABLE ...

Edit: looking at the other responses, I realize that I misread the question and thought it was about member functions, not member data. However, the point still stands: if you know how your compiler lays out data, then you can access that data.

Answer 2

The following is sneaky, illegal, compiler-dependent, and may not work depending on various implementation details.

#define private public
#define class struct

But it is an answer to your OP, in which you explicitly invite a technique which, and I quote, is "totally stupid and that anyone who would wish to try such a thing in production code should be fired and/or shot".

---

Anothr technique is to access private member data, by contructing pointers using hard-coded/hand-coded offsets from the begining of the object.

Answer 3

Beside #define private public you can also #define private protected and then define some foo class as descendant of wanted class to have access to it's (now protected) methods via type casting.

Answer 4

Hmmm, don't know if this would work, but might be worth a try. Create another class with the same layout as the object with private members but with private changed to public. Create a variable of pointer to this class. Use a simple cast to point this to your object with private members and try calling a private function.

Expect sparks and maybe a crash ;)

Answer 5

just create your own access member function to extend the class.

Answer 6

It's definately possible to access private members with a pointer offset in C++. Lets assume i had the following type definition that I wanted access to.

class Bar {
  SomeOtherType _m1;
  int _m2;
};

Assuming there are no virtual methods in Bar, The easy case is _m1. Members in C++ are stored as offsets of the memory location of the object. The first object is at offset 0, the second object at offset of sizeof(first member), etc ...

So here is a way to access _m1.

SomeOtherType& GetM1(Bar* pBar) {
  return*(reinterpret_cast<SomeOtherType*>(pBar)); 
}

Now _m2 is a bit more difficult. We need to move the original pointer sizeof(SomeOtherType) bytes from the original. The cast to char is to ensure that I am incrementing in a byte offset

int& GetM2(Bar* pBar) {
  char* p = reinterpret_cast<char*>(pBar);
  p += sizeof(SomeOtherType);
  return *(reinterpret_cast<int*>(p));
}

Answer 7

To all the people suggesting "#define private public":

This kind of thing is illegal. The standard forbids defining/undef-ing macros that are lexically equivalent to reserved language keywords. While your compiler probably won't complain (I've yet to see a compiler that does), it isn't something that's a "Good Thing" to do.

Answer 8

It's actually quite easy:

class jail {
    int inmate;
public:
    int& escape() { return inmate; }
};

Answer 9

If the class contains any template member functions you can specialize that member function to suit your needs. Even if the original developer didn't think of it.

safe.h

class safe
{
    int money;

public:
    safe()
     : money(1000000)
    {
    }

    template <typename T>
    void backdoor()
    {
        // Do some stuff.
    }
};

main.cpp:

#include <safe.h>
#include <iostream>

class key;

template <>
void safe::backdoor<key>()
{
    // My specialization.
    money -= 100000;
    std::cout << money << "\n";
}

int main()
{
    safe s;
    s.backdoor<key>();
    s.backdoor<key>();
}

Output:

900000
800000

Answer 10

If you can get a pointer to a member of a class you can use the pointer no matter what the access specifiers are (even methods).

class X;
typedef void (X::*METHOD)(int);

class X
{
    private:
       void test(int) {}
    public:
       METHOD getMethod() { return &X::test;}
};

int main()
{
     X      x;
     METHOD m = x.getMethod();

     X     y;
     (y.*m)(5);
}

Of course my favorite little hack is the friend template back door.

class Z
{
    public:
        template<typename X>
        void backDoor(X const& p);
    private:
        int x;
        int y;
};

Assuming the creator of the above has defined backDoor for his normal uses. But you want to access the object and look at the private member variables. Even if the above class has been compiled into a static library you can add your own template specialization for backDoor and thus access the members.

namespace
{
    // Make this inside an anonymous namespace so
    // that it does not clash with any real types.
    class Y{};
}
// Now do a template specialization for the method.
template<>
void Z::backDoor<Y>(Y const& p)
{
     // I now have access to the private members of Z
}

int main()
{
    Z  z;   // Your object Z

    // Use the Y object to carry the payload into the method.
    z.backDoor(Y());
}

Answer 11

class A 
{ 
   int a; 
}
class B
{
   public: 
   int b;
}

union 
{ 
    A a; 
    B b; 
};

That should do it.

ETA: It will work for this sort of trivial class, but as a general thing it won't. TC++PL Section C.8.3 says "A class with a constructor, destructor, or copy operation cannot be the type of a union member ... because the compiler would not know which member to destroy."

So we're left with the best bet being to declare class B to match A's layout, then using B * b = reinterpret_cast<B*>(&a); as the "best" "peeping tom" hack to look at a class's privates.

Answer 12

since you have an object of required class I am guessing that you have declaration of class. Now what you can do is declare another class with same members but keep all of there access specifiers as public. For example previous class is: class Iamcompprivate {

private:

Type1 privateelement1;
Typ2 privateelement2;

...........

public:

somefunctions

}

you can declare a class as class NowIampublic {

public:

Type1 privateelement1;
Type2 privateelement2;

. .

somefunctions

}

Now all you need to do is cast pointer of class Iamcompprivate into an pointer of class NowIampublic and use them as U wish. Example:

NowIampublic * changetopublic(Iamcompprivate *A) {

NowIampublic * B=(NowIampublic *)A;

return B;

}

Answer 13

I've just added an entry to my blog that shows how it can be done. Here is an example on how you use it for the following class

struct A {
private:
  int member;
};

Just declare a tag name and instantiate a robber like the following example shows (my post shows the implementation of the robber). You can then access that member using a member pointer

struct Amem { typedef int type; };
template class rob<Amem, &A::member>;

int main() {
  A a;
  a.*result<Amem>::ptr = 42; // Doh!
}

But actually, this doesn't show that c++'s access rules aren't reliable. The language rules are designed to protect against accidental mistakes - if you try to rob data of an object, the language by-design does not take long ways to prevent you.