比德文电动车排名:What happened in this code?

代码有点长,如果你没耐心读完,请不要在此发言,谢谢合作!!
请帮我分析一下,下面作了标记的一句代码到底发生了什么事?
里面内容涉及VTABLE,模拟了通过VTABLE来调用指定的成员函数.

//---------------------CODE From HERE--------------------
#include <iostream>
using namespace std;

class C1{
public:
C1(){};

void SetValue(int var1){
mVal=var1;
};

virtual int PrintValue(){
cout<<"In Class C1,Value="<<mVal<<endl;return 0;
};

virtual int PrintHello(){
cout<<"Hello World!!(In C1!)"<<endl;return 0;
};
protected:
int mVal;
};

class C2: public C1{
public:
C2():C1(){};

int PrintValue(){
cout<<"In Class C2,Value="<<mVal<<endl;return 0;
};

int PrintHello(){
cout<<"Hello World!!(In C2!)"<<endl;return 0;
};

};

int main() {
C1 obj1;
C2 obj2;
int (*pfn)(C1 *);//function pointer point to the member function
int **p; //a pointer point to the vtable

//设置初值
obj1.SetValue(999);
obj2.SetValue(888);

cout<<"------------------Obj1----------------"<<endl;
p=(int **) &obj1;

int var1=(int)*(p+1);//如果不要这一句,一切正常,没问题,如果执行了一这句就有问题了.

pfn=(int (*) (C1 *)) **p;
pfn(&obj1);//invoke member function printvalue;

pfn=(int (*) (C1 *)) *(*p+1);
pfn(&obj1);//invoke member function printhello;

cout<<"------------------Obj2----------------"<<endl;
p=(int **) &obj2;

pfn=(int (*) (C1 *)) **p;
pfn(&obj2);

pfn=(int (*) (C1 *)) *(*p+1);
pfn(&obj2);

return 0;
}
//----------------------------End OF THE CODE-----------------------------

有那一句的执行结果(不正确的结果):
------------------Obj1----------------
In Class C1,Value=4198685
Hello World!!(In C1!)
------------------Obj2----------------
In Class C2,Value=4198880
Hello World!!(In C2!)
没有那一句的结果(正确的结果):
------------------Obj1----------------
In Class C1,Value=999
Hello World!!(In C1!)
------------------Obj2----------------
In Class C2,Value=888
Hello World!!(In C2!)

注意,两个类的实例中的数据都发生了变化.经过调试发现实际内存中的数据并未发生变化(是正确的),应该是这个变量的地址出了问题.