hi all,
i just went back to modding, now that i have some free time for some code hunting and bashing, anyhow... ever since i started learning to code edit, i am always having a trouble defining members of data structures, i tried searching through the internet but somehow could not find what i am looking for
how does one define the members of a data structure without using trial and error?
thank you in advanced
[ASM and C++] defining the members of an unknown data structure
Moderators: Nefarius, Havvoric
- weapon-x
- Arch-Angel
- Posts: 1047
- Joined: Wed Mar 18, 2009 4:52 am
- Location: Mindanao, Philippines
- Contact:
[ASM and C++] defining the members of an unknown data structure
" It's not the size of the dog in the fight, it's the size of the fight in the dog. "
~Mark Twain
~Mark Twain
- kidpaddle94
- Principality
- Posts: 2057
- Joined: Thu Aug 13, 2009 2:54 pm
- Location: localhost
Re: [ASM and C++] defining the members of an unknown data structure
It's rarely ever about trial and error, but sometimes you get lucky by changing values of things and noticing in-game what it does. But most of the time it's mostly from looking at the code that uses this struct, the code that allocates this struct, etc.
Say I have an unknown struct member, and looking at the code using it, I see it's being set using bitwise and / bitwise or operations, then I can already tell it's a bitflag field. Then I look into another member and, looking at the code using it, I see it just keeps incrementing, then I can tell it's some kind of counter. Your ability to analyze this stuff also increases exponentially as you map out more code. For example, given that I see a piece of code using my unknown struct member in a call to D2Common.GetStat, then I can easily tell it's a stat Id. You'll also reach a point eventually where you start recognizing some structures in memory without even analyzing them, for example I get to recognize pUnit structs in memory pretty quickly nowadays, so it's really easy to tell which members of other structs are pUnit pointers.
Long story short, there's no precise and defined technique to do this, it's reverse engineering.
Say I have an unknown struct member, and looking at the code using it, I see it's being set using bitwise and / bitwise or operations, then I can already tell it's a bitflag field. Then I look into another member and, looking at the code using it, I see it just keeps incrementing, then I can tell it's some kind of counter. Your ability to analyze this stuff also increases exponentially as you map out more code. For example, given that I see a piece of code using my unknown struct member in a call to D2Common.GetStat, then I can easily tell it's a stat Id. You'll also reach a point eventually where you start recognizing some structures in memory without even analyzing them, for example I get to recognize pUnit structs in memory pretty quickly nowadays, so it's really easy to tell which members of other structs are pUnit pointers.
Long story short, there's no precise and defined technique to do this, it's reverse engineering.
- weapon-x
- Arch-Angel
- Posts: 1047
- Joined: Wed Mar 18, 2009 4:52 am
- Location: Mindanao, Philippines
- Contact:
Re: [ASM and C++] defining the members of an unknown data structure
ah, experience is indeed the key...
thanks for the insight bro... i think its time to brush-up my RE know-how again
thanks for the insight bro... i think its time to brush-up my RE know-how again
" It's not the size of the dog in the fight, it's the size of the fight in the dog. "
~Mark Twain
~Mark Twain