How to build class.object references - XCOM:EU 2012
Contents
Overview
I've been mucking about with the hex code enough that some of it is starting to make sense.
Even the constructions that look something like : m_kSoldier.m_kSoldier.kClass.eType
They actually follow some pretty straightforward rules which I thought I'd share.
Programs and Tools
See these articles:
Details
There are two types of "dot" constructions, class/object and struct.
- Class/object uses the 0x19 context token
- Struct uses the 0x35 struct token
the 0x19 context token
Suppose I wanted to build something that looked like:
<object1>.<object2>
The breakdown looks like so:
- 19 -- context token
- ## ... ## -- reference to <object1>
- ## ## -- two bytes (little endian order) representing the virtual size of <object2>
- ## ## ## ## -- the return value of <object2)
- 00 -- this is always zero ... not sure if it can fill any other role
- ## ... ## -- reference to <object2>
Each object can be either a class variable or a class function.
- A class variable has the structure : 01 ## ## ## ##
- A class function usually has the structure : 1B ## ## ## ## 00 00 00 00 <parameters> 16
Sometimes a function may be a "final" function: then it has the structure 1C ## ## ## ## <parameters> 16
For a class variable, the return value is the same as the object reference itself.
For a class function, the return value is ... the return value. If the value has no return value it is set to 00 00 00 00
Example1:
- m_iFoo : 01 44 32 00 00
- m_iBar : 01 87 21 00 00
- m_iFoo.m_iBar
- 19 -- context token
- 01 44 32 00 00 -- reference to class variable m_iFoo
- 09 00 -- virtual size of m_iBar (5 file + 4 additional virtual bytes)
- 87 21 00 00 -- return value of m_iBar (the base reference without 01 class var token)
- 00 -- just a zero
- 01 87 21 00 -- reference to class variable m_iBar
Example2:
- m_iFoo : 01 44 32 00 00
- Bar( ) : 1B 99 25 00 00 00 00 00 00 16
- Bar ReturnValue : 3E 77 00 00
- iSnafu : 00 D4 AA 00 00
- m_iFoo.Bar(iSnafu)
- 19 -- context token
- 01 44 32 00 00 -- class variable m_iFoo
- 13 00 -- size of Bar(iSnafu)
- 3E 77 00 00 -- return value Bar
- 00 -- just a zero
- 1B 99 25 00 00 00 00 00 00 00 D4 AA 00 00 16
Larger Constructs
Larger constructs are daisy-chained together in a similar manner.
<object1>.<object2>.<object3> has the form:
- 19 -- context token
- 19 -- context token
- ## ... ## -- reference to <object1>
- ## ## -- size of <object2>
- ## ## ## ## -- return value of <object2>
- 00
- ## ... ## -- reference to <object2>
- ## ## -- size of <object3>
- ## ## ## ## -- return value of <object3>
- 00
- ## ... ## -- reference to <object3>
All of the context tokens go at the beginning of the construction. There will be 1 0x19 token for each "dot" in the construction (if all members are CLASS objects -- structs follow different rules.
The return values and reference can be looked up in various places within UE explorer without having to dig through the hex viewer.
Notes:
- If the virtual size is incorrect UE Explorer will decompile the object correctly but the program will crash upon execution. I often use the token view in UE Explorer to help find and correct the virtual sizes in these contexts
- If the Return Value is incorrect the program may crash or simply not return the correct value depending on where in the construction the incorrect value is located.
References
Referred to by this article:
That refer to this article:
- <none as yet>