I think I was able to find the funtion responsible for changing prepared spells, and there's jump that seem to be triggering the error message during compbat but even bypassing that spells still don't change. There doesn't seem to be any significant change during the rest of the function execution as far as I can tell, and I'm pretty much out of ideas.. Any advice would be appreciated at this point.
Jump responsible for error message:
Code: Select all
bg3.exe+DAA028 - 74 53 - je bg3.exe+DAA07D
The function I found is pretty much the only one still triggered in combat.
Anyway still stuck.
EDIT2. For anyone who wants to find functions which handle spell preparation you can look for a number of prepared spells. There should be 4 of them and one that actually impacts which slot new spell will take. Then you can look for calls which access it, though do check a stacktrace because there might be a generic function that executes actuall access instruction but the funtion itself is call from "event handler" as I understand it.
EDIT3: Welp, looks like Zanzer added "Unlimited prepared spells" script to his table so I guess this is no longer needed.
Full funtion text below, so it's easier to search for AOB for anyone trying to look into it.
Spoiler
Code: Select all
bg3.exe+DA9F20 - 4C 8B DC - mov r11,rsp
bg3.exe+DA9F23 - 55 - push rbp
bg3.exe+DA9F24 - 53 - push rbx
bg3.exe+DA9F25 - 57 - push rdi
bg3.exe+DA9F26 - 41 55 - push r13
bg3.exe+DA9F28 - 48 8D 6C 24 98 - lea rbp,[rsp-68]
bg3.exe+DA9F2D - 48 81 EC 68010000 - sub rsp,00000168 { 360 }
bg3.exe+DA9F34 - 48 8B 05 EDD38704 - mov rax,[bg3.exe+5627328] { (-693681996) }
bg3.exe+DA9F3B - 48 33 C4 - xor rax,rsp
bg3.exe+DA9F3E - 48 89 45 50 - mov [rbp+50],rax
bg3.exe+DA9F42 - 48 8B B9 48030000 - mov rdi,[rcx+00000348]
bg3.exe+DA9F49 - 4C 8B E9 - mov r13,rcx
bg3.exe+DA9F4C - 48 89 54 24 40 - mov [rsp+40],rdx
bg3.exe+DA9F51 - 48 85 FF - test rdi,rdi
bg3.exe+DA9F54 - 0F84 2E040000 - je bg3.exe+DAA388
bg3.exe+DA9F5A - 48 63 81 54030000 - movsxd rax,dword ptr [rcx+00000354]
bg3.exe+DA9F61 - 4D 89 7B D8 - mov [r11-28],r15
bg3.exe+DA9F65 - 4C 6B F8 38 - imul r15,rax,38
bg3.exe+DA9F69 - 4C 03 FF - add r15,rdi
bg3.exe+DA9F6C - 49 3B FF - cmp rdi,r15
bg3.exe+DA9F6F - 0F84 0B040000 - je bg3.exe+DAA380
bg3.exe+DA9F75 - 49 89 73 10 - mov [r11+10],rsi
bg3.exe+DA9F79 - 4D 89 63 18 - mov [r11+18],r12
bg3.exe+DA9F7D - 4D 89 73 20 - mov [r11+20],r14
bg3.exe+DA9F81 - 0F1F 40 00 - nop dword ptr [rax+00]
bg3.exe+DA9F85 - 66 66 66 0F1F 84 00 00000000 - nop word ptr [rax+rax+00000000]
bg3.exe+DA9F90 - 48 8B 07 - mov rax,[rdi]
bg3.exe+DA9F93 - 48 8D 4C 24 30 - lea rcx,[rsp+30]
bg3.exe+DA9F98 - 48 89 44 24 30 - mov [rsp+30],rax
bg3.exe+DA9F9D - 48 8B 02 - mov rax,[rdx]
bg3.exe+DA9FA0 - 48 89 44 24 38 - mov [rsp+38],rax
bg3.exe+DA9FA5 - E8 A6C88902 - call bg3.exe+3646850
bg3.exe+DA9FAA - 0FB6 D8 - movzx ebx,al
bg3.exe+DA9FAD - 84 C0 - test al,al
bg3.exe+DA9FAF - 74 1F - je bg3.exe+DA9FD0
bg3.exe+DA9FB1 - 48 8B 4C 24 30 - mov rcx,[rsp+30]
bg3.exe+DA9FB6 - 4C 8D 44 24 28 - lea r8,[rsp+28]
bg3.exe+DA9FBB - 48 89 4C 24 28 - mov [rsp+28],rcx
bg3.exe+DA9FC0 - 48 8D 55 D0 - lea rdx,[rbp-30]
bg3.exe+DA9FC4 - 48 8B 4C 24 38 - mov rcx,[rsp+38]
bg3.exe+DA9FC9 - E8 92E5FFFF - call bg3.exe+DA8560
bg3.exe+DA9FCE - EB 1C - jmp bg3.exe+DA9FEC
bg3.exe+DA9FD0 - 0F57 C0 - xorps xmm0,xmm0
bg3.exe+DA9FD3 - C7 44 24 70 FFFFFFFF - mov [rsp+70],FFFFFFFF { -1 }
bg3.exe+DA9FDB - 66 0F7F 44 24 50 - movdqa [rsp+50],xmm0
bg3.exe+DA9FE1 - 48 8D 44 24 50 - lea rax,[rsp+50]
bg3.exe+DA9FE6 - 66 0F7F 44 24 60 - movdqa [rsp+60],xmm0
bg3.exe+DA9FEC - 0F10 44 24 30 - movups xmm0,[rsp+30]
bg3.exe+DA9FF1 - 48 8D 4D 80 - lea rcx,[rbp-80]
bg3.exe+DA9FF5 - 88 5D C0 - mov [rbp-40],bl
bg3.exe+DA9FF8 - 0F10 08 - movups xmm1,[rax]
bg3.exe+DA9FFB - 0F29 45 80 - movaps [rbp-80],xmm0
bg3.exe+DA9FFF - 0F10 40 10 - movups xmm0,[rax+10]
bg3.exe+DAA003 - 8B 40 20 - mov eax,[rax+20]
bg3.exe+DAA006 - 0F29 4D 90 - movaps [rbp-70],xmm1
bg3.exe+DAA00A - 0F29 45 A0 - movaps [rbp-60],xmm0
bg3.exe+DAA00E - 89 45 B0 - mov [rbp-50],eax
bg3.exe+DAA011 - E8 9AE0FFFF - call bg3.exe+DA80B0
bg3.exe+DAA016 - 48 8B C8 - mov rcx,rax
bg3.exe+DAA019 - 48 89 44 24 28 - mov [rsp+28],rax
bg3.exe+DAA01E - 48 8B D8 - mov rbx,rax
bg3.exe+DAA021 - E8 BA07B3FF - call bg3.exe+8DA7E0
bg3.exe+DAA026 - 84 C0 - test al,al
bg3.exe+DAA028 - 74 53 - je bg3.exe+DAA07D
bg3.exe+DAA02A - B2 01 - mov dl,01 { 1 }
bg3.exe+DAA02C - 48 8B CB - mov rcx,rbx
bg3.exe+DAA02F - E8 3CECB2FF - call bg3.exe+8D8C70
bg3.exe+DAA034 - 49 8B 9D 90000000 - mov rbx,[r13+00000090]
bg3.exe+DAA03B - 66 89 44 24 20 - mov [rsp+20],ax
bg3.exe+DAA040 - 48 85 DB - test rbx,rbx
bg3.exe+DAA043 - 0F84 0D030000 - je bg3.exe+DAA356
bg3.exe+DAA049 - 49 63 85 9C000000 - movsxd rax,dword ptr [r13+0000009C]
bg3.exe+DAA050 - 48 8D 0C C0 - lea rcx,[rax+rax*8]
bg3.exe+DAA054 - 48 8D 34 CB - lea rsi,[rbx+rcx*8]
bg3.exe+DAA058 - 48 3B DE - cmp rbx,rsi
bg3.exe+DAA05B - 0F84 F5020000 - je bg3.exe+DAA356
bg3.exe+DAA061 - 48 8B 03 - mov rax,[rbx]
bg3.exe+DAA064 - 48 8D 4B 08 - lea rcx,[rbx+08]
bg3.exe+DAA068 - 48 8D 54 24 20 - lea rdx,[rsp+20]
bg3.exe+DAA06D - FF 10 - call qword ptr [rax]
bg3.exe+DAA06F - 48 83 C3 48 - add rbx,48 { 72 }
bg3.exe+DAA073 - 48 3B DE - cmp rbx,rsi
bg3.exe+DAA076 - 75 E9 - jne bg3.exe+DAA061
bg3.exe+DAA078 - E9 D9020000 - jmp bg3.exe+DAA356
bg3.exe+DAA07D - 80 7F 30 00 - cmp byte ptr [rdi+30],00 { 0 }
bg3.exe+DAA081 - 0F84 A2020000 - je bg3.exe+DAA329
bg3.exe+DAA087 - 48 8D 4D 80 - lea rcx,[rbp-80]
bg3.exe+DAA08B - E8 60DEFFFF - call bg3.exe+DA7EF0
bg3.exe+DAA090 - 80 7F 10 01 - cmp byte ptr [rdi+10],01 { 1 }
bg3.exe+DAA094 - 48 8B D8 - mov rbx,rax
bg3.exe+DAA097 - 0F10 47 18 - movups xmm0,[rdi+18]
bg3.exe+DAA09B - 0F11 45 00 - movups [rbp+00],xmm0
bg3.exe+DAA09F - 75 6A - jne bg3.exe+DAA10B
bg3.exe+DAA0A1 - 49 8B B5 C0000000 - mov rsi,[r13+000000C0]
bg3.exe+DAA0A8 - 83 7E 58 00 - cmp dword ptr [rsi+58],00 { 0 }
bg3.exe+DAA0AC - 74 4C - je bg3.exe+DAA0FA
bg3.exe+DAA0AE - 48 8D 4D 00 - lea rcx,[rbp+00]
bg3.exe+DAA0B2 - E8 E9EC9E02 - call bg3.exe+3798DA0
bg3.exe+DAA0B7 - 48 63 4E 58 - movsxd rcx,dword ptr [rsi+58]
bg3.exe+DAA0BB - 33 D2 - xor edx,edx
bg3.exe+DAA0BD - 48 F7 F1 - div rcx
bg3.exe+DAA0C0 - 48 8B 46 50 - mov rax,[rsi+50]
bg3.exe+DAA0C4 - 48 63 CA - movsxd rcx,edx
bg3.exe+DAA0C7 - 8B 14 88 - mov edx,[rax+rcx*4]
bg3.exe+DAA0CA - 85 D2 - test edx,edx
bg3.exe+DAA0CC - 78 2C - js bg3.exe+DAA0FA
bg3.exe+DAA0CE - 66 90 - nop 2
bg3.exe+DAA0D0 - 8B CA - mov ecx,edx
bg3.exe+DAA0D2 - 48 C1 E1 04 - shl rcx,04 { 4 }
bg3.exe+DAA0D6 - 48 03 4E 70 - add rcx,[rsi+70]
bg3.exe+DAA0DA - 44 8B F2 - mov r14d,edx
bg3.exe+DAA0DD - 48 8D 55 00 - lea rdx,[rbp+00]
bg3.exe+DAA0E1 - E8 FA71A000 - call bg3.exe+17B12E0
bg3.exe+DAA0E6 - 84 C0 - test al,al
bg3.exe+DAA0E8 - 0F85 6C010000 - jne bg3.exe+DAA25A
bg3.exe+DAA0EE - 48 8B 46 60 - mov rax,[rsi+60]
bg3.exe+DAA0F2 - 42 8B 14 B0 - mov edx,[rax+r14*4]
bg3.exe+DAA0F6 - 85 D2 - test edx,edx
bg3.exe+DAA0F8 - 79 D6 - jns bg3.exe+DAA0D0
bg3.exe+DAA0FA - 0F57 C0 - xorps xmm0,xmm0
bg3.exe+DAA0FD - 33 C0 - xor eax,eax
bg3.exe+DAA0FF - 0F11 45 20 - movups [rbp+20],xmm0
bg3.exe+DAA103 - C6 45 28 01 - mov byte ptr [rbp+28],01 { 1 }
bg3.exe+DAA107 - 66 89 45 20 - mov [rbp+20],ax
bg3.exe+DAA10B - 83 7B 18 00 - cmp dword ptr [rbx+18],00 { 0 }
bg3.exe+DAA10F - 74 57 - je bg3.exe+DAA168
bg3.exe+DAA111 - 48 8D 4D 00 - lea rcx,[rbp+00]
bg3.exe+DAA115 - E8 86EC9E02 - call bg3.exe+3798DA0
bg3.exe+DAA11A - 48 63 4B 18 - movsxd rcx,dword ptr [rbx+18]
bg3.exe+DAA11E - 33 D2 - xor edx,edx
bg3.exe+DAA120 - 48 F7 F1 - div rcx
bg3.exe+DAA123 - 48 8B 43 10 - mov rax,[rbx+10]
bg3.exe+DAA127 - 48 63 CA - movsxd rcx,edx
bg3.exe+DAA12A - 8B 14 88 - mov edx,[rax+rcx*4]
bg3.exe+DAA12D - 85 D2 - test edx,edx
bg3.exe+DAA12F - 78 37 - js bg3.exe+DAA168
bg3.exe+DAA131 - 0F1F 40 00 - nop dword ptr [rax+00]
bg3.exe+DAA135 - 66 66 66 0F1F 84 00 00000000 - nop word ptr [rax+rax+00000000]
bg3.exe+DAA140 - 8B CA - mov ecx,edx
bg3.exe+DAA142 - 48 C1 E1 04 - shl rcx,04 { 4 }
bg3.exe+DAA146 - 48 03 4B 30 - add rcx,[rbx+30]
bg3.exe+DAA14A - 8B F2 - mov esi,edx
bg3.exe+DAA14C - 48 8D 55 00 - lea rdx,[rbp+00]
bg3.exe+DAA150 - E8 8B71A000 - call bg3.exe+17B12E0
bg3.exe+DAA155 - 84 C0 - test al,al
bg3.exe+DAA157 - 0F85 29010000 - jne bg3.exe+DAA286
bg3.exe+DAA15D - 48 8B 43 20 - mov rax,[rbx+20]
bg3.exe+DAA161 - 8B 14 B0 - mov edx,[rax+rsi*4]
bg3.exe+DAA164 - 85 D2 - test edx,edx
bg3.exe+DAA166 - 79 D8 - jns bg3.exe+DAA140
bg3.exe+DAA168 - 33 C0 - xor eax,eax
bg3.exe+DAA16A - 0F57 C0 - xorps xmm0,xmm0
bg3.exe+DAA16D - 0F11 45 10 - movups [rbp+10],xmm0
bg3.exe+DAA171 - 66 89 45 10 - mov [rbp+10],ax
bg3.exe+DAA175 - 41 B4 01 - mov r12b,01 { 1 }
bg3.exe+DAA178 - 48 8B 45 10 - mov rax,[rbp+10]
bg3.exe+DAA17C - 83 7B 58 00 - cmp dword ptr [rbx+58],00 { 0 }
bg3.exe+DAA180 - 41 BE FFFFFFFF - mov r14d,FFFFFFFF { -1 }
bg3.exe+DAA186 - 48 89 45 10 - mov [rbp+10],rax
bg3.exe+DAA18A - 74 4C - je bg3.exe+DAA1D8
bg3.exe+DAA18C - 48 8D 4D 00 - lea rcx,[rbp+00]
bg3.exe+DAA190 - E8 0BEC9E02 - call bg3.exe+3798DA0
bg3.exe+DAA195 - 48 63 4B 58 - movsxd rcx,dword ptr [rbx+58]
bg3.exe+DAA199 - 33 D2 - xor edx,edx
bg3.exe+DAA19B - 48 F7 F1 - div rcx
bg3.exe+DAA19E - 48 8B 43 50 - mov rax,[rbx+50]
bg3.exe+DAA1A2 - 48 63 CA - movsxd rcx,edx
bg3.exe+DAA1A5 - 8B 14 88 - mov edx,[rax+rcx*4]
bg3.exe+DAA1A8 - 85 D2 - test edx,edx
bg3.exe+DAA1AA - 78 2C - js bg3.exe+DAA1D8
bg3.exe+DAA1AC - 0F1F 40 00 - nop dword ptr [rax+00]
bg3.exe+DAA1B0 - 8B CA - mov ecx,edx
bg3.exe+DAA1B2 - 48 C1 E1 04 - shl rcx,04 { 4 }
bg3.exe+DAA1B6 - 48 03 4B 70 - add rcx,[rbx+70]
bg3.exe+DAA1BA - 8B F2 - mov esi,edx
bg3.exe+DAA1BC - 48 8D 55 00 - lea rdx,[rbp+00]
bg3.exe+DAA1C0 - E8 1B71A000 - call bg3.exe+17B12E0
bg3.exe+DAA1C5 - 84 C0 - test al,al
bg3.exe+DAA1C7 - 0F85 C9000000 - jne bg3.exe+DAA296
bg3.exe+DAA1CD - 48 8B 43 60 - mov rax,[rbx+60]
bg3.exe+DAA1D1 - 8B 14 B0 - mov edx,[rax+rsi*4]
bg3.exe+DAA1D4 - 85 D2 - test edx,edx
bg3.exe+DAA1D6 - 79 D8 - jns bg3.exe+DAA1B0
bg3.exe+DAA1D8 - 33 C0 - xor eax,eax
bg3.exe+DAA1DA - 0F57 C0 - xorps xmm0,xmm0
bg3.exe+DAA1DD - 0F11 45 30 - movups [rbp+30],xmm0
bg3.exe+DAA1E1 - C6 45 38 01 - mov byte ptr [rbp+38],01 { 1 }
bg3.exe+DAA1E5 - 66 89 45 30 - mov [rbp+30],ax
bg3.exe+DAA1E9 - 39 43 58 - cmp [rbx+58],eax
bg3.exe+DAA1EC - 74 4E - je bg3.exe+DAA23C
bg3.exe+DAA1EE - 48 8D 0D 3BE0A004 - lea rcx,[bg3.exe+57B8230] { (0) }
bg3.exe+DAA1F5 - E8 A6EB9E02 - call bg3.exe+3798DA0
bg3.exe+DAA1FA - 48 63 4B 58 - movsxd rcx,dword ptr [rbx+58]
bg3.exe+DAA1FE - 33 D2 - xor edx,edx
bg3.exe+DAA200 - 48 F7 F1 - div rcx
bg3.exe+DAA203 - 48 8B 43 50 - mov rax,[rbx+50]
bg3.exe+DAA207 - 48 63 CA - movsxd rcx,edx
bg3.exe+DAA20A - 8B 14 88 - mov edx,[rax+rcx*4]
bg3.exe+DAA20D - 85 D2 - test edx,edx
bg3.exe+DAA20F - 78 2B - js bg3.exe+DAA23C
bg3.exe+DAA211 - 8B CA - mov ecx,edx
bg3.exe+DAA213 - 48 C1 E1 04 - shl rcx,04 { 4 }
bg3.exe+DAA217 - 48 03 4B 70 - add rcx,[rbx+70]
bg3.exe+DAA21B - 8B F2 - mov esi,edx
bg3.exe+DAA21D - 48 8D 15 0CE0A004 - lea rdx,[bg3.exe+57B8230] { (0) }
bg3.exe+DAA224 - E8 B770A000 - call bg3.exe+17B12E0
bg3.exe+DAA229 - 84 C0 - test al,al
bg3.exe+DAA22B - 0F85 80000000 - jne bg3.exe+DAA2B1
bg3.exe+DAA231 - 48 8B 43 60 - mov rax,[rbx+60]
bg3.exe+DAA235 - 8B 14 B0 - mov edx,[rax+rsi*4]
bg3.exe+DAA238 - 85 D2 - test edx,edx
bg3.exe+DAA23A - 79 D5 - jns bg3.exe+DAA211
bg3.exe+DAA23C - 0F57 C0 - xorps xmm0,xmm0
bg3.exe+DAA23F - 33 C0 - xor eax,eax
bg3.exe+DAA241 - 0F11 45 40 - movups [rbp+40],xmm0
bg3.exe+DAA245 - C6 45 48 01 - mov byte ptr [rbp+48],01 { 1 }
bg3.exe+DAA249 - 66 89 45 40 - mov [rbp+40],ax
bg3.exe+DAA24D - 45 84 E4 - test r12b,r12b
bg3.exe+DAA250 - 75 7A - jne bg3.exe+DAA2CC
bg3.exe+DAA252 - 48 8B 45 10 - mov rax,[rbp+10]
bg3.exe+DAA256 - 8B 00 - mov eax,[rax]
bg3.exe+DAA258 - EB 74 - jmp bg3.exe+DAA2CE
bg3.exe+DAA25A - 49 69 CE E0000000 - imul rcx,r14,000000E0 { 224 }
bg3.exe+DAA261 - 0F57 C0 - xorps xmm0,xmm0
bg3.exe+DAA264 - 0F11 45 20 - movups [rbp+20],xmm0
bg3.exe+DAA268 - 48 03 8E 80000000 - add rcx,[rsi+00000080]
bg3.exe+DAA26F - 48 89 4D 20 - mov [rbp+20],rcx
bg3.exe+DAA273 - 0F84 92FEFFFF - je bg3.exe+DAA10B
bg3.exe+DAA279 - 0F10 41 18 - movups xmm0,[rcx+18]
bg3.exe+DAA27D - 0F11 45 00 - movups [rbp+00],xmm0
bg3.exe+DAA281 - E9 85FEFFFF - jmp bg3.exe+DAA10B
bg3.exe+DAA286 - 48 8B 43 40 - mov rax,[rbx+40]
bg3.exe+DAA28A - 45 32 E4 - xor r12b,r12b
bg3.exe+DAA28D - 48 8D 04 B0 - lea rax,[rax+rsi*4]
bg3.exe+DAA291 - E9 E6FEFFFF - jmp bg3.exe+DAA17C
bg3.exe+DAA296 - 48 8B 83 80000000 - mov rax,[rbx+00000080]
bg3.exe+DAA29D - 0F57 C0 - xorps xmm0,xmm0
bg3.exe+DAA2A0 - 48 8D 14 B0 - lea rdx,[rax+rsi*4]
bg3.exe+DAA2A4 - 0F11 45 30 - movups [rbp+30],xmm0
bg3.exe+DAA2A8 - 48 89 55 30 - mov [rbp+30],rdx
bg3.exe+DAA2AC - 44 8B 32 - mov r14d,[rdx]
bg3.exe+DAA2AF - EB 9C - jmp bg3.exe+DAA24D
bg3.exe+DAA2B1 - 48 8B 83 80000000 - mov rax,[rbx+00000080]
bg3.exe+DAA2B8 - 0F57 C0 - xorps xmm0,xmm0
bg3.exe+DAA2BB - 48 8D 14 B0 - lea rdx,[rax+rsi*4]
bg3.exe+DAA2BF - 0F11 45 40 - movups [rbp+40],xmm0
bg3.exe+DAA2C3 - 48 89 55 40 - mov [rbp+40],rdx
bg3.exe+DAA2C7 - 44 8B 32 - mov r14d,[rdx]
bg3.exe+DAA2CA - EB 81 - jmp bg3.exe+DAA24D
bg3.exe+DAA2CC - 33 C0 - xor eax,eax
bg3.exe+DAA2CE - 41 3B C6 - cmp eax,r14d
bg3.exe+DAA2D1 - 7C 56 - jl bg3.exe+DAA329
bg3.exe+DAA2D3 - 48 8B 4C 24 28 - mov rcx,[rsp+28]
bg3.exe+DAA2D8 - B2 01 - mov dl,01 { 1 }
bg3.exe+DAA2DA - E8 91E9B2FF - call bg3.exe+8D8C70
bg3.exe+DAA2DF - 49 8B 9D A8000000 - mov rbx,[r13+000000A8]
bg3.exe+DAA2E6 - 66 89 44 24 22 - mov [rsp+22],ax
bg3.exe+DAA2EB - 48 85 DB - test rbx,rbx
bg3.exe+DAA2EE - 74 66 - je bg3.exe+DAA356
bg3.exe+DAA2F0 - 49 63 85 B4000000 - movsxd rax,dword ptr [r13+000000B4]
bg3.exe+DAA2F7 - 48 8D 0C C0 - lea rcx,[rax+rax*8]
bg3.exe+DAA2FB - 48 8D 34 CB - lea rsi,[rbx+rcx*8]
bg3.exe+DAA2FF - 48 3B DE - cmp rbx,rsi
bg3.exe+DAA302 - 74 52 - je bg3.exe+DAA356
bg3.exe+DAA304 - 0F1F 40 00 - nop dword ptr [rax+00]
bg3.exe+DAA308 - 0F1F 84 00 00000000 - nop dword ptr [rax+rax+00000000]
bg3.exe+DAA310 - 48 8B 03 - mov rax,[rbx]
bg3.exe+DAA313 - 48 8D 4B 08 - lea rcx,[rbx+08]
bg3.exe+DAA317 - 48 8D 54 24 22 - lea rdx,[rsp+22]
bg3.exe+DAA31C - FF 10 - call qword ptr [rax]
bg3.exe+DAA31E - 48 83 C3 48 - add rbx,48 { 72 }
bg3.exe+DAA322 - 48 3B DE - cmp rbx,rsi
bg3.exe+DAA325 - 75 E9 - jne bg3.exe+DAA310
bg3.exe+DAA327 - EB 2D - jmp bg3.exe+DAA356
bg3.exe+DAA329 - 48 8B 4C 24 28 - mov rcx,[rsp+28]
bg3.exe+DAA32E - 48 8D 54 24 48 - lea rdx,[rsp+48]
bg3.exe+DAA333 - 49 8B B5 B8000000 - mov rsi,[r13+000000B8]
bg3.exe+DAA33A - 0FB6 5F 30 - movzx ebx,byte ptr [rdi+30]
bg3.exe+DAA33E - E8 FDDCB2FF - call bg3.exe+8D8040
bg3.exe+DAA343 - 4C 8D 47 08 - lea r8,[rdi+08]
bg3.exe+DAA347 - 44 0FB6 CB - movzx r9d,bl
bg3.exe+DAA34B - 48 8B CE - mov rcx,rsi
bg3.exe+DAA34E - 48 8B 10 - mov rdx,[rax]
bg3.exe+DAA351 - E8 EAE3AEFF - call bg3.exe+898740
bg3.exe+DAA356 - 48 8B 54 24 40 - mov rdx,[rsp+40]
bg3.exe+DAA35B - 48 83 C7 38 - add rdi,38 { 56 }
bg3.exe+DAA35F - 49 3B FF - cmp rdi,r15
bg3.exe+DAA362 - 0F85 28FCFFFF - jne bg3.exe+DA9F90
bg3.exe+DAA368 - 4C 8B B4 24 A8010000 - mov r14,[rsp+000001A8]
bg3.exe+DAA370 - 4C 8B A4 24 A0010000 - mov r12,[rsp+000001A0]
bg3.exe+DAA378 - 48 8B B4 24 98010000 - mov rsi,[rsp+00000198]
bg3.exe+DAA380 - 4C 8B BC 24 60010000 - mov r15,[rsp+00000160]
bg3.exe+DAA388 - 33 FF - xor edi,edi
bg3.exe+DAA38A - 41 39 BD 54030000 - cmp [r13+00000354],edi
bg3.exe+DAA391 - 7E 45 - jle bg3.exe+DAA3D8
bg3.exe+DAA393 - 0F1F 40 00 - nop dword ptr [rax+00]
bg3.exe+DAA397 - 66 0F1F 84 00 00000000 - nop word ptr [rax+rax+00000000]
bg3.exe+DAA3A0 - 48 63 C7 - movsxd rax,edi
bg3.exe+DAA3A3 - 48 6B D8 38 - imul rbx,rax,38
bg3.exe+DAA3A7 - 49 03 9D 48030000 - add rbx,[r13+00000348]
bg3.exe+DAA3AE - 48 8D 4B 28 - lea rcx,[rbx+28]
bg3.exe+DAA3B2 - E8 89059E02 - call bg3.exe+378A940
bg3.exe+DAA3B7 - 48 8D 4B 08 - lea rcx,[rbx+08]
bg3.exe+DAA3BB - E8 80059E02 - call bg3.exe+378A940
bg3.exe+DAA3C0 - FF C7 - inc edi
bg3.exe+DAA3C2 - 41 3B BD 54030000 - cmp edi,[r13+00000354]
bg3.exe+DAA3C9 - 7C D5 - jl bg3.exe+DAA3A0
bg3.exe+DAA3CB - 41 C7 85 54030000 00000000 - mov [r13+00000354],00000000 { 0 }
bg3.exe+DAA3D6 - EB 07 - jmp bg3.exe+DAA3DF
bg3.exe+DAA3D8 - 41 89 BD 54030000 - mov [r13+00000354],edi
bg3.exe+DAA3DF - 48 8B 4D 50 - mov rcx,[rbp+50]
bg3.exe+DAA3E3 - 48 33 CC - xor rcx,rsp
bg3.exe+DAA3E6 - E8 95553303 - call bg3.exe+40DF980
bg3.exe+DAA3EB - 48 81 C4 68010000 - add rsp,00000168 { 360 }
bg3.exe+DAA3F2 - 41 5D - pop r13
bg3.exe+DAA3F4 - 5F - pop rdi
bg3.exe+DAA3F5 - 5B - pop rbx
bg3.exe+DAA3F6 - 5D - pop rbp
bg3.exe+DAA3F7 - C3 - ret