Inspecting memory values

I have source code for a project that inspects a game's memory values. The thing I don't understand is this: How did the a开发者_如何学运维uthor so precisely determined the type and location of these values? For example, here's a struct he defined:

typedef struct {
    UInt16 times_used; // 0x0
    UInt16 token; // 0x2
    SInt16 previous_id; // 0x4
    SInt16 next_id; // 0x6
    SInt32 model; // 0x8
    char unknown00[0x1B]; // 0xC
    UInt8 player_owner; // 0x27
    char unknown01[0x18]; // 0x28
    UInt32 position_x; // 0x40
    UInt32 position_y; // 0x44
    char unknown02[0x1F]; // 0x48
    UInt32 death_type; // 0x69
    char unknown03[0x7]; // 0x6D
    UInt32 destination_x; // 0x74
    UInt32 destination_y; // 0x78
    char unknown04[0x84]; // 0x7C
    UInt32 health_damage; // 0x100
    UInt32 shield_damage; // 0x104
    UInt32 energy_damage; // 0x108
    char unknown05[0x74]; // 0x10C
} Unit;

He looks for it at this address 0x3BC2060 and it's size is 0x8B8. I ran the program and watch the memory at this location, and sure, I could identify some things like the name property, but how did he find this out so precisely?

Thanks.

I hope I get this straight:

You look at 0x3bc2060 and the next 0x8b8 bytes/octets. To reverse engineer a struct like this it is crucial to observe the program using this struct by filling it with values for the different fields in it.

Then you can deduce from many dumps starting at 0x3bc2060 and the following 0x8b8 bytes what is happening.

But it is not so precise as you might expect, because some fields are apparently not assignable. These are the char unknown[].

Doing a struct reverse is a very tedious task and you need much patience with your debugger ;)

Hope this helps to understand how it works in principle