[TUTORIAL]Making your own structure!

[spike2147]

Hello people,

I am going to show you how to write your own structures.

What is a structure?
A structure is nothing more then a collection of offsets.
Every structure has its own size.
For example, the current cPlayerInfo structure has a size that cannot be modified, 0x1CF8.

Values
By most things, the standard value of a item in a structure is 4.
This value can be modified by using different types.
Here is a list:

Code:

DWORD = 4
char[x] = filled in at x
WORD = 2
__int32 = 4
BYTE = 1
float = 4

Creating a GAP
A GAP will be used to go to a specific offset. Note that a gap cannot be a negative value so everything needs to be in order!

Example of a gap:

Code:

struct CPlayerInfo
{
/* 7416 in heximal = 1CF8. This gap will fill up the whole cPlayerInfo structure.*/
char xUnknown[7416]; //0x00
}; //size = 0x1CF8 (7416)

The real work
We are going to make a cPlayer structure for example.
We have the following offsets:

Code:

#define OFS_Y                0x102E4
#define OFS_X                0x102EC
#define OFS_Z                0x102F4
#define OFS_AUTOPLANT        0x10358
#define OFS_AUTODEFUSE       0x1035C

To start, we need to jump directly to 0x102E4.
Grab calc.exe, set it on programmer mode (for windows 7) and tick Hex. Type in 102E4 and then tick Dec. Your answer will be 66276.
So we create a GAP to 0x102E4.

Code:

struct CPlayer
{
char xUnknown1[66276]; //0x00
/*value here will be 0x102E4. since Y is a float, we define it as a float.*/
float Y; //0x102E4
};

but wait! how do we continue!?
With a little bit of calculating.
Your next value will be 0x102E4 + 4 (size of float) = 0x102E8. This value is not enough to reach .102EC so we will create another, and another, and so on.

Code:

struct CPlayer
{
char xUnknown1[66276]; //0x00
/*value here will be 0x102E4. since Y is a float, we define it as a float.*/
float Y; //0x102E4
/*102E4 + 4 = 102E8. 102EC - 102E8 = 4, so we need 4 more*/
char xUnknown2[4]; //0x102E8
/*Here will be 102EC*/
float X; //0x102EC
/*the last one*/
char xUnknown3[4]; //0x102F0
float Z; //0x102F4
};

Now we create another gap to 10358.
Calc -> 102F4 + 4 = 102F8. 10358 -102F8 = 60

Code:

struct CPlayer
{
char xUnknown1[66276]; //0x00
/*value here will be 0x102E4. since Y is a float, we define it as a float.*/
float Y; //0x102E4
/*102E4 + 4 = 102E8. 102EC - 102E8 = 4, so we need 4 more*/
char xUnknown2[4]; //0x102E8
/*Here will be 102EC*/
float X; //0x102EC
/*the last one*/
char xUnknown3[4]; //0x102F0
float Z; //0x102F4
char xUnknown4[60] //0x102F8
DWORD AutoPlant; //0x10358
/*DWORD = 4 bytes, 10358 + 4 = 1035C, so we don't need a gap*/
DWORD AutoDefuse; //0x1035C
};

The size of the structure is the last offset you used. In this case it will be 1035C (201534 bytes)

Finalize

Now we clean up our code if you don't need the explaination anymore, put the size after the breakpoint and it will look like this:

Code:

struct CPlayer
{
char xUnknown1[66276]; //0x00
float Y; //0x102E4
char xUnknown2[4]; //0x102E8
float X; //0x102EC
char xUnknown3[4]; //0x102F0
float Z; //0x102F4
char xUnknown4[60] //0x102F8
DWORD AutoPlant; //0x10358
DWORD AutoDefuse; //0x1035C
}; //size = 0x1035C (201534)

And there it is! your own structure!

Credits
Spike2147 -> Writing this tutorial
_BuRn3R_ -> Sample structure

If you have questions, I will try to answer them!

Spike2147

[DELUXEOWN]

ich habe leider von anfang nicht verstanden was eine structure denn genau ist bzw was ich damit anfangen kann.

I didnt get what a structure exactly is !

[Raz9r]

Why don't you just do it this way?

Based on:

Code:

#define OFS_Y                0x102E4
#define OFS_X                0x102EC
#define OFS_Z                0x102F4
#define OFS_AUTOPLANT        0x10358
#define OFS_AUTODEFUSE       0x1035C

Code:

struct {
#if (OFS_Y) > 0
BYTE padding1[OFS_Y];
#endif
float y;
#if (OFS_X - OFS_Y - sizeof(y)) > 0
BYTE padding2[OFS_X - OFS_Y - sizeof(y)];
#endif
float x;
#if (OFS_Z - OFS_X - sizeof(x)) > 0
BYTE padding3[OFS_Z - OFS_X - sizeof(x)];
#endif
float z;
#if (OFS_AUTOPLANT - OFS_Z - sizeof(z)) > 0
BYTE padding4[OFS_AUTOPLANT - OFS_Z - sizeof(z)];
#endif
DWORD autoplant;
#if (OFS_AUTODEFUSE - OFS_AUTOPLANT - sizeof(autoplant)) > 0
BYTE padding5[OFS_AUTODEFUSE - OFS_AUTOPLANT - sizeof(autoplant)];
#endif
DWORD autodefuse;
// and so on...
}

e/ /btw, what you're calling a "gap" is padding.