mirror of
https://github.com/uberhalit/SekiroFpsUnlockAndMore.git
synced 2026-06-13 01:47:54 +00:00
updated to game version 1.3.0.0
improved speed of pattern scan
This commit is contained in:
uberhalit
parent
0e884dfb64
commit
3d2b894f90
4 changed files with 144 additions and 100 deletions
|
|
@ -7,13 +7,19 @@ namespace SekiroFpsUnlockAndMore
|
|||
internal const string PROCESS_NAME = "sekiro";
|
||||
internal const string PROCESS_TITLE = "Sekiro";
|
||||
internal const string PROCESS_DESCRIPTION = "Shadows Die Twice";
|
||||
internal const string PROCESS_EXE_VERSION = "1.2.0.0";
|
||||
internal const string PROCESS_EXE_VERSION = "1.3.0.0";
|
||||
internal static readonly string[] PROCESS_EXE_VERSION_SUPPORTED = new string[1]
|
||||
{
|
||||
"1.2.0.0"
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
<float>fFrameTick determines default frame rate limit in seconds.
|
||||
000000014116168D | C743 18 8988883C | mov dword ptr ds:[rbx+18],3C888889 | fFrameTick
|
||||
0000000141161694 | 4C:89AB 70020000 | mov qword ptr ds:[rbx+270],r13 |
|
||||
0000000141161FCD | C743 18 8988883C | mov dword ptr ds:[rbx+18],3C888889 | fFrameTick
|
||||
0000000141161FD4 | 4C:89AB 70020000 | mov qword ptr ds:[rbx+270],r13 |
|
||||
|
||||
0000000141161694 (Version 1.2.0.0)
|
||||
*/
|
||||
internal const string PATTERN_FRAMELOCK = "88 88 3C 4C 89 AB"; // first byte can can be 88/90 instead of 89 due to precision loss on floating point numbers
|
||||
internal const int PATTERN_FRAMELOCK_OFFSET = -1; // offset to byte array from found position
|
||||
|
|
@ -25,11 +31,13 @@ namespace SekiroFpsUnlockAndMore
|
|||
Reference pointer pFrametimeRunningSpeed to speed table entry that gets used in calculations.
|
||||
Add or remove multiplications of 4bytes to pFrametimeRunningSpeed address to use a higher or lower <float>fFrametimeCriticalRunningSpeed from table.
|
||||
fFrametimeCriticalRunningSpeed should be roughly half the frame rate: 30 @ 60FPS limit, 50 @ 100FPS limit...
|
||||
00000001407D4DFD | F3:0F58D0 | addss xmm2,xmm0 |
|
||||
00000001407D4E01 | 0FC6D2 00 | shufps xmm2,xmm2,0 |
|
||||
00000001407D4E05 | 0F51C2 | sqrtps xmm0,xmm2 |
|
||||
00000001407D4E08 | F3:0F5905 90309202 | mulss xmm0,dword ptr ds:[1430F7EA0] | pFrametimeRunningSpeed->fFrametimeCriticalRunningSpeed
|
||||
00000001407D4E10 | 0F2FF8 | comiss xmm7,xmm0 |
|
||||
00000001407D4F3D | F3:0F58D0 | addss xmm2,xmm0 |
|
||||
00000001407D4F41 | 0FC6D2 00 | shufps xmm2,xmm2,0 |
|
||||
00000001407D4F45 | 0F51C2 | sqrtps xmm0,xmm2 |
|
||||
00000001407D4F48 | F3:0F5905 E8409202 | mulss xmm0,dword ptr ds:[1430F9038] | pFrametimeRunningSpeed->fFrametimeCriticalRunningSpeed
|
||||
00000001407D4F50 | 0F2FF8 | comiss xmm7,xmm0 |
|
||||
|
||||
00000001407D4E08 (Version 1.2.0.0)
|
||||
*/
|
||||
internal const string PATTERN_FRAMELOCK_SPEED_FIX = "F3 0F 58 ?? 0F C6 ?? 00 0F 51 ?? F3 0F 59 ?? ?? ?? ?? ?? 0F 2F";
|
||||
internal const int PATTERN_FRAMELOCK_SPEED_FIX_OFFSET = 15;
|
||||
|
|
@ -97,10 +105,12 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
/**
|
||||
Reference pointer pCurrentResolutionWidth to <int>iInternalGameWidth (and <int>iInternalGameHeight which is +4 bytes).
|
||||
000000014114AC85 | 0F57D2 | xorps xmm2,xmm2 |
|
||||
000000014114AC88 | 890D 92147D02 | mov dword ptr ds:[14391C120],ecx | pCurrentResolutionWidth->iInternalGameWidth
|
||||
000000014114AC8E | 0F57C9 | xorps xmm1,xmm1 |
|
||||
000000014114AC91 | 8915 8D147D02 | mov dword ptr ds:[14391C124],edx | pCurrentResolutionHeight->iInternalGameHeight
|
||||
000000014114B5C5 | 0F57D2 | xorps xmm2,xmm2 |
|
||||
000000014114B5C8 | 890D 521B7D02 | mov dword ptr ds:[14391D120],ecx |
|
||||
000000014114B5CE | 0F57C9 | xorps xmm1,xmm1 |
|
||||
000000014114B5D1 | 8915 4D1B7D02 | mov dword ptr ds:[14391D124],edx |
|
||||
|
||||
000000014114AC88 (Version 1.2.0.0)
|
||||
*/
|
||||
internal const string PATTERN_RESOLUTION_POINTER = "0F 57 D2 89 0D ?? ?? ?? ?? 0F 57 C9";
|
||||
internal const int PATTERN_RESOLUTION_POINTER_OFFSET = 3;
|
||||
|
|
@ -119,11 +129,11 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
/**
|
||||
Conditional jump instruction that determines if 16/9 scaling for game is enforced or not, overwrite with non conditional JMP so widescreen won't get clinched.
|
||||
0000000140129678 | 85C9 | test ecx,ecx |
|
||||
000000014012967A | 74 47 | je sekiro.1401296C3 | calculation for screen scaling
|
||||
000000014012967C | 47:8B94C7 1C020000 | mov r10d,dword ptr ds:[r15+r8*8+21C] | resolution scaling calculation method within jump...
|
||||
0000000140129684 | 45:85D2 | test r10d,r10d |
|
||||
0000000140129687 | 74 3A | je sekiro.1401296C3 |
|
||||
0000000140129678 | 85C9 | test ecx,ecx |
|
||||
000000014012967A | 74 47 | je sekiro.1401296C3 | calculation for screen scaling
|
||||
000000014012967C | 47:8B94C7 1C020000 | mov r10d,dword ptr ds:[r15+r8*8+21C] | resolution scaling calculation method within jump...
|
||||
0000000140129684 | 45:85D2 | test r10d,r10d |
|
||||
0000000140129687 | 74 3A | je sekiro.1401296C3 |
|
||||
*/
|
||||
internal const string PATTERN_RESOLUTION_SCALING_FIX = "85 C9 74 ?? 47 8B ?? ?? ?? ?? ?? ?? 45 ?? ?? 74";
|
||||
internal static readonly byte[] PATCH_RESOLUTION_SCALING_FIX_ENABLE = new byte[3] { 0x90, 0x90, 0xEB }; // nop; jmp
|
||||
|
|
@ -133,9 +143,11 @@ namespace SekiroFpsUnlockAndMore
|
|||
/**
|
||||
Reference pointer pFovTableEntry to FOV entry in game FOV table that gets used in FOV calculations. Overwrite pFovTableEntry address to use a higher or lower <float>fFOV from table.
|
||||
FOV is in radians while default is 1.0deg (0.0174533rad), to increase by 25% you'd write 1.25deg (0.0218166rad) as fFov.
|
||||
0000000140739548 | F3:0F1008 | movss xmm1,dword ptr ds:[rax] |
|
||||
000000014073954C | F3:0F590D 0CE79B02 | mulss xmm1,dword ptr ds:[1430F7C60] | pFovTableEntry->fFov
|
||||
0000000140739554 | F3:0F5C4E 50 | subss xmm1,dword ptr ds:[rsi+50] |
|
||||
00000001407395A8 | F3:0F1008 | movss xmm1,dword ptr ds:[rax] |
|
||||
00000001407395AC | F3:0F590D 44F89B02 | mulss xmm1,dword ptr ds:[1430F8DF8] | pFovTableEntry->fFov
|
||||
00000001407395B4 | F3:0F5C4E 50 | subss xmm1,dword ptr ds:[rsi+50] |
|
||||
|
||||
000000014073954C (Version 1.2.0.0)
|
||||
*/
|
||||
// credits to 'jackfuste' for original offset
|
||||
internal const string PATTERN_FOVSETTING = "F3 0F 10 08 F3 0F 59 0D ?? ?? ?? ?? F3 0F 5C 4E";
|
||||
|
|
@ -145,13 +157,15 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
/**
|
||||
Reference pointer pPlayerStatsRelated to PlayerStats pointer, offset in struct to <int>iPlayerDeaths.
|
||||
00000001407AAC92 | 0FB648 7A | movzx ecx,byte ptr ds:[rax+7A] |
|
||||
00000001407AAC96 | 888B F7000000 | mov byte ptr ds:[rbx+F7],cl |
|
||||
00000001407AAC9C | 48:8B05 4DD03903 | mov rax,qword ptr ds:[143B47CF0] |
|
||||
00000001407AACA3 | 8B88 8C000000 | mov ecx,dword ptr ds:[rax+8C] |
|
||||
00000001407AACA9 | 898B F8000000 | mov dword ptr ds:[rbx+F8],ecx |
|
||||
00000001407AACAF | 48:8B05 3AD03903 | mov rax,qword ptr ds:[143B47CF0] | pPlayerStatsRelated->[PlayerStats+0x90]->iPlayerDeaths
|
||||
00000001407AACB6 | 8B88 90000000 | mov ecx,dword ptr ds:[rax+90] | offset pPlayerStats->iPlayerDeaths
|
||||
00000001407AAD51 | 0FB648 7A | movzx ecx,byte ptr ds:[rax+7A] |
|
||||
00000001407AAD55 | 888B F7000000 | mov byte ptr ds:[rbx+F7],cl |
|
||||
00000001407AAD5B | 48:8B05 CEDF3903 | mov rax,qword ptr ds:[143B48D30] |
|
||||
00000001407AAD62 | 8B88 8C000000 | mov ecx,dword ptr ds:[rax+8C] |
|
||||
00000001407AAD68 | 898B F8000000 | mov dword ptr ds:[rbx+F8],ecx |
|
||||
00000001407AAD6E | 48:8B05 BBDF3903 | mov rax,qword ptr ds:[143B48D30] | pPlayerStatsRelated->[PlayerStats+0x90]->iPlayerDeaths
|
||||
00000001407AAD75 | 8B88 90000000 | mov ecx,dword ptr ds:[rax+90] | offset pPlayerStats->iPlayerDeaths
|
||||
|
||||
00000001407AACAF (Version 1.2.0.0)
|
||||
*/
|
||||
// credits to 'Me_TheCat' for original offset
|
||||
internal const string PATTERN_PLAYER_DEATHS = "0F B6 48 ?? 88 8B ?? ?? 00 00 48 8B 05 ?? ?? ?? ?? 8B 88 ?? ?? 00 00 89 8B ?? ?? 00 00 48 8B 05 ?? ?? ?? ?? 8B 88 ?? ?? 00 00";
|
||||
|
|
@ -162,9 +176,11 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
/**
|
||||
Reference pointer pTotalKills to <int>iTotalKills, does not get updated on every kill but mostly on every 2nd, includes own player deaths...
|
||||
0000000141151838 | 48:8D0D A9A5B302 | lea rcx,qword ptr ds:[143C8BDE8] | pTotalKills->iTotalKills
|
||||
000000014115183F | 891481 | mov dword ptr ds:[rcx+rax*4],edx |
|
||||
0000000141151842 | C3 | ret |
|
||||
0000000141152178 | 48:8D0D A9ACB302 | lea rcx,qword ptr ds:[143C8CE28] | pTotalKills->iTotalKills
|
||||
000000014115217F | 891481 | mov dword ptr ds:[rcx+rax*4],edx |
|
||||
0000000141152182 | C3 | ret |
|
||||
|
||||
0000000141151838 (Version 1.2.0.0)
|
||||
*/
|
||||
// credits to 'Me_TheCat' for original offset
|
||||
internal const string PATTERN_TOTAL_KILLS = "48 8D 0D ?? ?? ?? ?? 89 14 81 C3";
|
||||
|
|
@ -173,11 +189,13 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
/**
|
||||
Controls camera pitch. xmm4 holds new pitch from a calculation while rps+170 holds current one from mouse so we overwrite xmm4 with the old pitch value.
|
||||
000000014073AF26 | 0F29A5 70080000 | movaps xmmword ptr ss:[rbp+870],xmm4 | code inject overwrite from here
|
||||
000000014073AF2D | 0F29A5 80080000 | movaps xmmword ptr ss:[rbp+880],xmm4 | jump back here from code inject
|
||||
000000014073AF34 | 0F29A6 70010000 | movaps xmmword ptr ds:[rsi+170],xmm4 | camPitch, newCamPitch
|
||||
000000014073AF3B | EB 1C | jmp sekiro.14073AF59 |
|
||||
000000014073AF3D | F3:0F108E 74010000 | movss xmm1,dword ptr ds:[rsi+174] |
|
||||
000000014073AF86 | 0F29A5 70080000 | movaps xmmword ptr ss:[rbp+870],xmm4 | code inject overwrite from here
|
||||
000000014073AF8D | 0F29A5 80080000 | movaps xmmword ptr ss:[rbp+880],xmm4 | jump back here from code inject
|
||||
000000014073AF94 | 0F29A6 70010000 | movaps xmmword ptr ds:[rsi+170],xmm4 | camPitch, newCamPitch
|
||||
000000014073AF9B | EB 1C | jmp sekiro.14073AFB9 |
|
||||
000000014073AF9D | F3:0F108E 74010000 | movss xmm1,dword ptr ds:[rsi+174] |
|
||||
|
||||
000000014073AF26 (Version 1.2.0.0)
|
||||
*/
|
||||
internal const string PATTERN_CAMADJUST_PITCH = "0F 29 ?? ?? ?? 00 00 0F 29 ?? ?? ?? 00 00 0F 29 ?? ?? ?? 00 00 EB ?? F3";
|
||||
internal const int INJECT_CAMADJUST_PITCH_OVERWRITE_LENGTH = 7;
|
||||
|
|
@ -188,10 +206,12 @@ namespace SekiroFpsUnlockAndMore
|
|||
};
|
||||
/**
|
||||
Controls automatic camera yaw adjust on move on Z-axis. xmm0 holds new yaw while rsi+174 holds current one prior movement so we overwrite xmm0 with the old yaw value.
|
||||
000000014073AF4C | E8 6F60FFFF | call sekiro.140730FC0 |
|
||||
000000014073AF51 | F3:0F1186 74010000 | movss dword ptr ds:[rsi+174],xmm0 | camYaw, newCamYaw | code inject overwrite from here
|
||||
000000014073AF59 | 80BE A3020000 00 | cmp byte ptr ds:[rsi+2A3],0 | jump back here from code inject
|
||||
000000014073AF60 | 0F84 2F020000 | je sekiro.14073B195 |
|
||||
000000014073AFAC | E8 6F60FFFF | call sekiro.140731020 |
|
||||
000000014073AFB1 | F3:0F1186 74010000 | movss dword ptr ds:[rsi+174],xmm0 | camYaw, newCamYaw | code inject overwrite from here
|
||||
000000014073AFB9 | 80BE A3020000 00 | cmp byte ptr ds:[rsi+2A3],0 | jump back here from code inject
|
||||
000000014073AFC0 | 0F84 2F020000 | je sekiro.14073B1F5 |
|
||||
|
||||
000000014073AF51 (Version 1.2.0.0)
|
||||
*/
|
||||
internal const string PATTERN_CAMADJUST_YAW_Z = "E8 ?? ?? ?? ?? F3 ?? ?? ?? ?? ?? 00 00 80 ?? ?? ?? 00 00 00 0F 84";
|
||||
internal const int PATTERN_CAMADJUST_YAW_Z_OFFSET = 5;
|
||||
|
|
@ -210,9 +230,17 @@ namespace SekiroFpsUnlockAndMore
|
|||
000000014073B482 | F3:0F1085 E4120000 | movss xmm0,dword ptr ss:[rbp+12E4] | jump back here from code inject
|
||||
000000014073B48A | E8 91BDFFFF | call sekiro.140737220 |
|
||||
000000014073B48F | 0F28D0 | movaps xmm2,xmm0 |
|
||||
|
||||
000000014073B4D6 | F3:0F1000 | movss xmm0,dword ptr ds:[rax] | newCamPitch | code inject overwrite from here
|
||||
000000014073B4DA | F3:0F1186 70010000 | movss dword ptr ds:[rsi+170],xmm0 | camePitch
|
||||
000000014073B4E2 | F3:0F1085 E4120000 | movss xmm0,dword ptr ss:[rbp+12E4] | jump back here from code inject
|
||||
000000014073B4EA | E8 91BDFFFF | call sekiro.140737280 |
|
||||
000000014073B4EF | 0F28D0 | movaps xmm2,xmm0 |
|
||||
|
||||
000000014073B47A (Version 1.2.0.0)
|
||||
*/
|
||||
// thanks to 'Cielos' for original offset
|
||||
internal const string PATTERN_CAMADJUST_PITCH_XY = "F3 ?? ?? ?? F3 ?? ?? ?? ?? ?? 00 00 F3 ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? 0F";
|
||||
internal const string PATTERN_CAMADJUST_PITCH_XY = "F3 ?? ?? ?? F3 ?? ?? ?? 70 01 00 00 F3 ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? 0F";
|
||||
internal const int INJECT_CAMADJUST_PITCH_XY_OVERWRITE_LENGTH = 12;
|
||||
internal static readonly byte[] INJECT_CAMADJUST_PITCH_XY_SHELLCODE = new byte[]
|
||||
{
|
||||
|
|
@ -223,9 +251,11 @@ namespace SekiroFpsUnlockAndMore
|
|||
};
|
||||
/**
|
||||
Controls automatic camera yaw adjust on move on XY-axis. xmm0 new yaw while rsi+174 holds current one prior movement so we overwrite xmm0 with the old yaw value.
|
||||
000000014073B564 | E8 B7BCFFFF | call sekiro.140737220 |
|
||||
000000014073B569 | F3:0F1186 74010000 | movss dword ptr ds:[rsi+174],xmm0 | camYaw, newCamYaw | code inject overwrite from here
|
||||
000000014073B571 | E9 9A020000 | jmp sekiro.14073B810 | jump back here from code inject
|
||||
000000014073B5C4 | E8 B7BCFFFF | call sekiro.140737280 |
|
||||
000000014073B5C9 | F3:0F1186 74010000 | movss dword ptr ds:[rsi+174],xmm0 | camYaw, newCamYaw | code inject overwrite from here
|
||||
000000014073B5D1 | E9 9A020000 | jmp sekiro.14073B870 | jump back here from code inject
|
||||
|
||||
000000014073B569 (Version 1.2.0.0)
|
||||
*/
|
||||
// thanks to 'Cielos' for original offset
|
||||
internal const string PATTERN_CAMADJUST_YAW_XY = "E8 ?? ?? ?? ?? F3 0F 11 86 ?? ?? 00 00 E9";
|
||||
|
|
@ -240,8 +270,10 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
/**
|
||||
When user presses button to lock on target but no target is in range a camera reset is triggered to center cam position. This boolean indicates if we need to reset or not.
|
||||
000000014073AD97 | C686 A3020000 01 | mov byte ptr ds:[rsi+2A3],1 | Sets bool to indicate we need to reset camera and block user input til cam is reset
|
||||
000000014073AD9E | F3:0F108E B4020000 | movss xmm1,dword ptr ds:[rsi+2B4] |
|
||||
000000014073ADF7 | C686 A3020000 01 | mov byte ptr ds:[rsi+2A3],1 | Sets bool to indicate we need to reset camera and block user input til cam is reset
|
||||
000000014073ADFE | F3:0F108E B4020000 | movss xmm1,dword ptr ds:[rsi+2B4] |
|
||||
|
||||
000000014073AD97 (Version 1.2.0.0)
|
||||
*/
|
||||
internal const string PATTERN_CAMRESET_LOCKON = "C6 86 ?? ?? 00 00 ?? F3 0F 10 8E ?? ?? 00 00";
|
||||
internal const int PATTERN_CAMRESET_LOCKON_OFFSET = 6;
|
||||
|
|
@ -252,29 +284,31 @@ namespace SekiroFpsUnlockAndMore
|
|||
/**
|
||||
Whole dragonrot routine upon death is guarded by a conditional jump, there may be some events in the game where a true death shall not increase the disease so it's skippable as a whole.
|
||||
We replace conditional jump with non-conditional one.
|
||||
00000001411891E8 | 45:33C0 | xor r8d,r8d |
|
||||
00000001411891EB | BA 27250000 | mov edx,2527 |
|
||||
00000001411891F0 | E8 AB8353FF | call sekiro.1406C15A0 |
|
||||
00000001411891F5 | 84C0 | test al,al |
|
||||
00000001411891F7 | 0F85 E6010000 | jne sekiro.1411893E3 | handle dragonrot?
|
||||
00000001411891FD | 48:8B0D 44A09B02 | mov rcx,qword ptr ds:[143B43248] | dragonrot routine...
|
||||
0000000141189204 | 48:85C9 | test rcx,rcx |
|
||||
0000000141189207 | 75 2E | jne sekiro.141189237 |
|
||||
0000000141189209 | 48:8D0D 19929B02 | lea rcx,qword ptr ds:[143B42429] |
|
||||
0000000141189210 | E8 5B178100 | call sekiro.14199A970 |
|
||||
0000000141189215 | 4C:8BC8 | mov r9,rax |
|
||||
0000000141189218 | 4C:8D05 510EF601 | lea r8,qword ptr ds:[1430EA070] |
|
||||
000000014118921F | BA B1000000 | mov edx,B1 |
|
||||
0000000141189224 | 48:8D0D 85216601 | lea rcx,qword ptr ds:[1427EB3B0] |
|
||||
000000014118922B | E8 808F8000 | call sekiro.1419921B0 |
|
||||
0000000141189230 | 48:8B0D 11A09B02 | mov rcx,qword ptr ds:[143B43248] |
|
||||
0000000141189237 | 45:33C0 | xor r8d,r8d |
|
||||
000000014118923A | BA 28250000 | mov edx,2528 |
|
||||
000000014118923F | E8 5C8353FF | call sekiro.1406C15A0 |
|
||||
0000000141189244 | 84C0 | test al,al |
|
||||
0000000141189246 | 0F84 B2000000 | je sekiro.1411892FE | increase dragonrot level on NPCs?
|
||||
000000014118924C | 48:8D8424 90000000 | lea rax,qword ptr ss:[rsp+90] | executes after a certain deaths threshold has been reached...
|
||||
*/
|
||||
0000000141189D18 | 45:33C0 | xor r8d,r8d |
|
||||
0000000141189D1B | BA 27250000 | mov edx,2527 |
|
||||
0000000141189D20 | E8 DB7853FF | call sekiro.1406C1600 |
|
||||
0000000141189D25 | 84C0 | test al,al |
|
||||
0000000141189D27 | 0F85 E6010000 | jne sekiro.141189F13 | handle dragonrot?
|
||||
0000000141189D2D | 48:8B0D 54A59B02 | mov rcx,qword ptr ds:[143B44288] | dragonrot routine...
|
||||
0000000141189D34 | 48:85C9 | test rcx,rcx |
|
||||
0000000141189D37 | 75 2E | jne sekiro.141189D67 |
|
||||
0000000141189D39 | 48:8D0D 29979B02 | lea rcx,qword ptr ds:[143B43469] |
|
||||
0000000141189D40 | E8 5B178100 | call sekiro.14199B4A0 |
|
||||
0000000141189D45 | 4C:8BC8 | mov r9,rax |
|
||||
0000000141189D48 | 4C:8D05 5914F601 | lea r8,qword ptr ds:[1430EB1A8] |
|
||||
0000000141189D4F | BA B1000000 | mov edx,B1 |
|
||||
0000000141189D54 | 48:8D0D 55266601 | lea rcx,qword ptr ds:[1427EC3B0] |
|
||||
0000000141189D5B | E8 808F8000 | call sekiro.141992CE0 |
|
||||
0000000141189D60 | 48:8B0D 21A59B02 | mov rcx,qword ptr ds:[143B44288] |
|
||||
0000000141189D67 | 45:33C0 | xor r8d,r8d |
|
||||
0000000141189D6A | BA 28250000 | mov edx,2528 |
|
||||
0000000141189D6F | E8 8C7853FF | call sekiro.1406C1600 |
|
||||
0000000141189D74 | 84C0 | test al,al |
|
||||
0000000141189D76 | 0F84 B2000000 | je sekiro.141189E2E | increase dragonrot level on NPCs?
|
||||
0000000141189D7C | 48:8D8424 90000000 | lea rax,qword ptr ss:[rsp+90] | executes after a certain deaths threshold has been reached...
|
||||
|
||||
00000001411891F7 (Version 1.2.0.0)
|
||||
*/
|
||||
internal const string PATTERN_DRAGONROT_EFFECT = "45 ?? ?? BA ?? ?? ?? ?? E8 ?? ?? ?? ?? 84 C0 0F 85 ?? ?? ?? ?? 48 8B 0D ?? ?? ?? ?? 48 85 C9 75 ?? 48 8D 0D ?? ?? ?? ?? E8 ?? ?? ?? ?? 4C ?? ?? 4C ?? ?? ?? ?? ?? ?? BA ?? ?? ?? ?? 48 8D 0D ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 8B 0D ?? ?? ?? ?? 45 ?? ?? BA ?? ?? ?? ?? E8 ?? ?? ?? ?? 84 C0 0F 84 ?? ?? ?? ?? 48 8D";
|
||||
internal const int PATTERN_DRAGONROT_EFFECT_OFFSET = 13;
|
||||
internal static readonly byte[] PATCH_DRAGONROT_EFFECT_DISABLE = new byte[4] { 0x90, 0x90, 0x90, 0xE9 }; // nop; jmp
|
||||
|
|
@ -283,11 +317,13 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
/**
|
||||
sekiro.14066B520 is used to increase and decrease various player values, in this case it's used to decrease Sen so we skip the call.
|
||||
0000000141189044 | F344:0F2CE9 | cvttss2si r13d,xmm1 |
|
||||
0000000141189049 | 41:8BD5 | mov edx,r13d |
|
||||
000000014118904C | 48:8BCB | mov rcx,rbx |
|
||||
000000014118904F | E8 CC244EFF | call sekiro.14066B520 | -> ManipulatePlayerValues()
|
||||
0000000141189054 | 8BAB 60010000 | mov ebp,dword ptr ds:[rbx+160] |
|
||||
0000000141189B74 | F344:0F2CE9 | cvttss2si r13d,xmm1 |
|
||||
0000000141189B79 | 41:8BD5 | mov edx,r13d |
|
||||
0000000141189B7C | 48:8BCB | mov rcx,rbx |
|
||||
0000000141189B7F | E8 FC194EFF | call sekiro.14066B580 | -> ManipulatePlayerValues()
|
||||
0000000141189B84 | 8BAB 60010000 | mov ebp,dword ptr ds:[rbx+160] |
|
||||
|
||||
000000014118904F (Version 1.2.0.0)
|
||||
*/
|
||||
internal const string PATTERN_DEATHPENALTIES1 = "F3 ?? 0F 2C ?? 41 ?? ?? 48 ?? ?? E8 ?? ?? ?? ?? 8B";
|
||||
internal const int PATTERN_DEATHPENALTIES1_OFFSET = 11;
|
||||
|
|
@ -295,13 +331,15 @@ namespace SekiroFpsUnlockAndMore
|
|||
internal static readonly byte[] PATCH_DEATHPENALTIES1_DISABLE = new byte[5] { 0x90, 0x90, 0x90, 0x90, 0x90 }; // nop
|
||||
/**
|
||||
Here ability points (AP) are decreased and virtual Sen & AP decrease is set. The later 2 values will be shown after death as an indicator on how much of each has been lost.
|
||||
0000000141189138 | 8B00 | mov eax,dword ptr ds:[rax] |
|
||||
000000014118913A | 8983 60010000 | mov dword ptr ds:[rbx+160],eax | OnDeath() ability points (AP) decrease
|
||||
0000000141189140 | 45:2BFD | sub r15d,r13d |
|
||||
0000000141189143 | 44:89BC24 90000000 | mov dword ptr ss:[rsp+90],r15d | virtual Sen decrease - shows how many Sen got lost after death
|
||||
000000014118914B | 2BE9 | sub ebp,ecx |
|
||||
000000014118914D | 89AC24 94000000 | mov dword ptr ss:[rsp+94],ebp | virtual AP decrease - shows how many APs got lost after death
|
||||
0000000141189154 | E8 371C73FF | call sekiro.1408BAD90 |
|
||||
0000000141189C68 | 8B00 | mov eax,dword ptr ds:[rax] |
|
||||
0000000141189C6A | 8983 60010000 | mov dword ptr ds:[rbx+160],eax | OnDeath() ability points (AP) decrease
|
||||
0000000141189C70 | 45:2BFD | sub r15d,r13d |
|
||||
0000000141189C73 | 44:89BC24 90000000 | mov dword ptr ss:[rsp+90],r15d | virtual Sen decrease - shows how many Sen got lost after death
|
||||
0000000141189C7B | 2BE9 | sub ebp,ecx |
|
||||
0000000141189C7D | 89AC24 94000000 | mov dword ptr ss:[rsp+94],ebp | virtual AP decrease - shows how many APs got lost after death
|
||||
0000000141189C84 | E8 071673FF | call sekiro.1408BB290 |
|
||||
|
||||
000000014118913A (Version 1.2.0.0)
|
||||
*/
|
||||
internal const string PATTERN_DEATHPENALTIES2 = "8B ?? 89 83 ?? ?? ?? ?? 45 ?? ?? 44 89 ?? 24 ?? ?? 00 00 2B ?? 89 ?? 24 ?? ?? 00 00 E8";
|
||||
internal const int PATTERN_DEATHPENALTIES2_OFFSET = 2;
|
||||
|
|
@ -316,11 +354,13 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
|
||||
/**
|
||||
000000014069AE2E | 0F84 DD000000 | je sekiro.14069AF11 |
|
||||
000000014069AE34 | 84DB | test bl,bl |
|
||||
000000014069AE36 | 0F85 D5000000 | jne sekiro.14069AF11 | handle death increase?
|
||||
000000014069AE3C | 48:8BCF | mov rcx,rdi |
|
||||
000000014069AE3F | E8 BCA9FEFF | call sekiro.140685800 | -> IncreaseDeaths()
|
||||
000000014069AE8E | 0F84 DD000000 | je sekiro.14069AF71 |
|
||||
000000014069AE94 | 84DB | test bl,bl |
|
||||
000000014069AE96 | 0F85 D5000000 | jne sekiro.14069AF71 | handle death increase?
|
||||
000000014069AE9C | 48:8BCF | mov rcx,rdi |
|
||||
000000014069AE9F | E8 BCA9FEFF | call sekiro.140685860 | -> IncreaseDeaths()
|
||||
|
||||
000000014069AE36 (Version 1.2.0.0)
|
||||
*/
|
||||
internal const string PATTERN_DEATHSCOUNTER = "0F 84 ?? ?? ?? ?? 84 DB 0F 85 ?? ?? ?? ?? 48 8B ?? E8";
|
||||
internal const int PATTERN_DEATHSCOUNTER_OFFSET = 6;
|
||||
|
|
@ -330,9 +370,11 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
/**
|
||||
Reference pointer pTimeRelated to TimescaleManager pointer, offset in struct to <float>fTimescale which acts as a global speed scale for almost all ingame calculations.
|
||||
0000000141149E87 | 48:8B05 3A24B402 | mov rax,qword ptr ds:[143C8C2C8] | pTimeRelated->[TimescaleManager+0x360]->fTimescale
|
||||
0000000141149E8E | F3:0F1088 60030000 | movss xmm1,dword ptr ds:[rax+360] | offset TimescaleManager->fTimescale
|
||||
0000000141149E96 | F3:0F5988 68020000 | mulss xmm1,dword ptr ds:[rax+268] |
|
||||
000000014114A7C7 | 48:8B05 3A2BB402 | mov rax,qword ptr ds:[143C8D308] | pTimeRelated->[TimescaleManager+0x360]->fTimescale
|
||||
000000014114A7CE | F3:0F1088 60030000 | movss xmm1,dword ptr ds:[rax+360] | offset TimescaleManager->fTimescale
|
||||
000000014114A7D6 | F3:0F5988 68020000 | mulss xmm1,dword ptr ds:[rax+268] |
|
||||
|
||||
0000000141149E87 (Version 1.2.0.0)
|
||||
*/
|
||||
// credits to 'Zullie the Witch' for original offset
|
||||
internal const string PATTERN_TIMESCALE = "48 8B 05 ?? ?? ?? ?? F3 0F 10 88 ?? ?? ?? ?? F3 0F";
|
||||
|
|
@ -342,11 +384,13 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
/**
|
||||
Reference pointer pPlayerStructRelated1 to 4 more pointers up to player data class, offset in struct to <float>fTimescalePlayer which acts as a speed scale for the player character.
|
||||
00000001406BF1D7 | 48:8B1D 128C4A03 | mov rbx,qword ptr ds:[143B67DF0] | pPlayerStructRelated1->[pPlayerStructRelated2+0x88]->[pPlayerStructRelated3+0x1FF8]->[pPlayerStructRelated4+0x28]->[pPlayerStructRelated5+0xD00]->fTimescalePlayer
|
||||
00000001406BF1DE | 48:85DB | test rbx,rbx |
|
||||
00000001406BF1E1 | 74 3C | je sekiro.1406BF21F |
|
||||
00000001406BF1E3 | 8B17 | mov edx,dword ptr ds:[rdi] |
|
||||
00000001406BF1E5 | 81FA 10270000 | cmp edx,2710 |
|
||||
00000001406BF237 | 48:8B1D F29B4A03 | mov rbx,qword ptr ds:[143B68E30] | pPlayerStructRelated1->[pPlayerStructRelated2+0x88]->[pPlayerStructRelated3+0x1FF8]->[pPlayerStructRelated4+0x28]->[pPlayerStructRelated5+0xD00]->fTimescalePlayer
|
||||
00000001406BF23E | 48:85DB | test rbx,rbx |
|
||||
00000001406BF241 | 74 3C | je sekiro.1406BF27F |
|
||||
00000001406BF243 | 8B17 | mov edx,dword ptr ds:[rdi] |
|
||||
00000001406BF245 | 81FA 10270000 | cmp edx,2710 |
|
||||
|
||||
00000001406BF1D7 (Version 1.2.0.0)
|
||||
*/
|
||||
// credits to 'Zullie the Witch' for original offset
|
||||
internal const string PATTERN_TIMESCALE_PLAYER = "48 8B 1D ?? ?? ?? ?? 48 85 DB 74 ?? 8B ?? 81 FA";
|
||||
|
|
|
|||
|
|
@ -314,7 +314,7 @@ namespace SekiroFpsUnlockAndMore
|
|||
}
|
||||
|
||||
string gameFileVersion = FileVersionInfo.GetVersionInfo(procList[0].MainModule.FileName).FileVersion;
|
||||
if (gameFileVersion != GameData.PROCESS_EXE_VERSION && !_settingsService.ApplicationSettings.gameVersionNotify)
|
||||
if (gameFileVersion != GameData.PROCESS_EXE_VERSION && Array.IndexOf(GameData.PROCESS_EXE_VERSION_SUPPORTED, gameFileVersion) < 0 && !_settingsService.ApplicationSettings.gameVersionNotify)
|
||||
{
|
||||
MessageBox.Show(string.Format("Unknown game version '{0}'.\nSome functions might not work properly or even crash the game. " +
|
||||
"Check for updates on this utility regularly following the link at the bottom.", gameFileVersion), "Sekiro FPS Unlocker and more", MessageBoxButton.OK, MessageBoxImage.Warning);
|
||||
|
|
@ -507,6 +507,7 @@ namespace SekiroFpsUnlockAndMore
|
|||
|
||||
long lpPlayerStructRelated1 = patternScan.FindPattern(GameData.PATTERN_TIMESCALE_PLAYER);
|
||||
Debug.WriteLine("lpPlayerStructRelated1 found at: 0x" + lpPlayerStructRelated1.ToString("X"));
|
||||
|
||||
if (IsValidAddress(lpPlayerStructRelated1))
|
||||
{
|
||||
long lpPlayerStructRelated2 = DereferenceStaticX64Pointer(_gameAccessHwndStatic, lpPlayerStructRelated1, GameData.PATTERN_TIMESCALE_PLAYER_INSTRUCTION_LENGTH);
|
||||
|
|
|
|||
|
|
@ -72,13 +72,12 @@ namespace SekiroFpsUnlockAndMore
|
|||
long ix;
|
||||
int iy;
|
||||
bool bFound = false;
|
||||
int patternLength = bPattern.Length;
|
||||
int dataLength = bData.Length - patternLength;
|
||||
int dataLength = bData.Length - bPattern.Length;
|
||||
|
||||
for (ix = 0; ix < dataLength; ix++)
|
||||
{
|
||||
bFound = true;
|
||||
for (iy = 0; iy < patternLength; iy++)
|
||||
for (iy = bPattern.Length - 1; iy > -1; iy--)
|
||||
{
|
||||
if (szMask[iy] != 'x' || bPattern[iy] == bData[ix + iy])
|
||||
continue;
|
||||
|
|
@ -87,7 +86,7 @@ namespace SekiroFpsUnlockAndMore
|
|||
}
|
||||
|
||||
if (bFound)
|
||||
return Convert.ToInt64((long) dwStart + ix);
|
||||
return dwStart + ix;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -18,5 +18,5 @@ using System.Runtime.InteropServices;
|
|||
ResourceDictionaryLocation.SourceAssembly
|
||||
)]
|
||||
|
||||
[assembly: AssemblyVersion("1.2.3.0")]
|
||||
[assembly: AssemblyFileVersion("1.2.3.0")]
|
||||
[assembly: AssemblyVersion("1.2.3.1")]
|
||||
[assembly: AssemblyFileVersion("1.2.3.1")]
|
||||
Loading…
Add table
Add a link
Reference in a new issue