[Object] Struct off of a unit w/16 floats - what is it?

[Tanaris4]

So I'm still trying to reverse CWorldMap::QueryOutdoors(int baseAddressPlusC to determine if a node is underground (OOP) and I was hoping that maybe someone had an idea what the struct of floats was.

Basically if you look at [[baseAddress+0xC8] + 0x3C] you'll find about 16 floats. The object's current location is in the last 3 (minus one). Anyone know what this is representing? It reminded me of a the camera struct, but it's definitely not that. The example is a node:



And for those that would like it, here is the entire function reversed (yay IDA 6.1!):

Code:

signed int __cdecl CWorldMap::QueryOutdoors(int baseAddressPlusC8)
{
  int v1; // ecx@2
  __m128 v2; // xmm0@2
  signed int v3; // esi@2
  __m128 v4; // xmm0@2
  signed int v5; // ebx@2
  int v6; // eax@3
  int v7; // eax@5
  int *v8; // ecx@5
  int v9; // edx@5
  int v10; // eax@5
  int v11; // eax@7
  int v12; // eax@8
  signed int v15; // edx@16
  int v16; // eax@18
  int v17; // ebx@22
  int v18; // eax@24
  int v19; // eax@25
  char v20; // [sp+40h] [bp-28h]@1
  int v21; // [sp+44h] [bp-24h]@1
  int v22; // [sp+48h] [bp-20h]@1
  int v23; // [sp+4Ch] [bp-1Ch]@1

  v23 = 0;
  if ( !sub_AEF570(baseAddressPlusC8, &v22, &v21, &v20, &v23, 0) )
  {
    v1 = *(_DWORD *)(baseAddressPlusC8 + 0x10);
    v2 = (__m128)*(_DWORD *)(baseAddressPlusC8 + 0x74);
    v2.m128_f32[0] = v2.m128_f32[0] - 17066.666;
    v3 = (signed int)ffloor(COERCE_FLOAT(*(_OWORD *)&_mm_xor_ps(v2, (__m128)(unsigned int)dword_D775E0)) * 0.0018750001);
    v4 = (__m128)*(_DWORD *)(baseAddressPlusC8 + 0x70);
    v4.m128_f32[0] = v4.m128_f32[0] - 17066.666;
    v5 = (signed int)ffloor(COERCE_FLOAT(*(_OWORD *)&_mm_xor_ps(v4, (__m128)(unsigned int)dword_D775E0)) * 0.0018750001);
    if ( *(_DWORD *)(v1 + 4) )
    {
      v6 = *(_DWORD *)(v1 + 12);
    }
    else
    {
      if ( !*(_DWORD *)(v1 + 76)
        || !*(_DWORD *)(v1 + 80)
        || v3 < *(_DWORD *)(v1 + 64)
        || v3 > *(_DWORD *)(v1 + 72)
        || (v15 = *(_DWORD *)(v1 + 60), v5 < v15)
        || v5 > *(_DWORD *)(v1 + 68)
        || (v16 = *(_DWORD *)(v1 + 0x5C) + 2 * (v3 - *(_DWORD *)(v1 + 64) + *(_DWORD *)(v1 + 76) * (v5 - v15))) == 0
        || !(*(_BYTE *)v16 & 1) )
        goto LABEL_21;
      v6 = *(_DWORD *)(v1 + 4 * *(_BYTE *)(v16 + 1) + 12);
    }
    if ( v6 )
    {
      v7 = sub_B1B2C0(v6, baseAddressPlusC8 + 112);
      v8 = &dword_F85A94;
      v9 = v7;
      v10 = *(&dword_F85A94 + 3);
      if ( v9 >= v10 )
      {
LABEL_6:
        if ( v9 <= v8[2] )
        {
          v11 = *(_DWORD *)(v8[6] + 4 * (v9 - v10));
          if ( v11 )
          {
            v12 = *(_DWORD *)(v11 + 16);
            if ( !(v12 & 0x4000000) )
            {
              if ( v12 & 0x2000000 )
                return 0;
            }
          }
        }
      }
      return 1;
    }
LABEL_21:
    v8 = &dword_F85A94;
    v9 = 0;
    v10 = *(&dword_F85A94 + 3);
    if ( v10 <= 0 )
      goto LABEL_6;
    return 1;
  }
  v17 = (*(_DWORD *)(v23 + 96) >> 3) & 1;
  v18 = sub_2541B0(*(_DWORD *)(*(_DWORD *)(v21 + 2396) + 32), *(_DWORD *)(v22 + 276), *(_DWORD *)(v23 + 112));
  if ( !v18 )
    return v17;
  v19 = *(_DWORD *)(v18 + 36);
  if ( v19 & 4 )
    return 1;
  if ( v19 & 2 )
    return 0;
  return v17;
}

Note: This is from the mac build 13623 binary.

[XTZGZoReX]

16 floats smells like a 4x4 matrix. No idea what it is specifically, though.

[jjaa]

They look like positions. So my guess would be a bounding box.

[Tanaris4]

Thanks all, sad I didn't think of that, always nice to have another look :-) :: continues reversing ::

[XTZGZoReX]

A bounding box would normally consist of two 3D vectors, thus 24 bytes. That doesn't add up with 16 floats.