Alright. Here goes another nice tutorial
![Smile :)](./images/smilies/icon_e_smile.gif)
Changing weapon's
WeaponTypeAttackDamageModifier in the
WeaponTypeAttackDamageModifierList. Also known as
One Hit Kill
I studied a bit the behavior of the One Hit Kill developer debug menu option in
Syndicate, but I could not find the same relationship in Origins or Odyssey. Simply because some objects/structures are missing (or were removed from being compiled in these games). What happened in Syndicate is once enabling this feature, this path was queried and toggled: GamePlaySettings -> FightSettings -> ACVIFightSettings -> ACVIFightDebugSettings + 0x7C == 1. This lil' bool then allowed setting another bool in NPC's health structure which instructed the engine to "kill" the target when a
hit event occurred. That being said, target could also die from bumping a moving object (chariot, horse, etc.)
Now.. I followed somewhat the same logic in Odyssey. I got as far as: GamePlaySettings -> FightSettings -> ACEFightSettings. There's no ACEFightDebugSettings in this one to be able to toggle that bool. At first I was like "well, can't do anything about this, won't be able to come up with a clean, nice
one hit kill". Didn't abandon the fight though, so I started to poke around ACEFightSettings, using exception breakpoints across the entire structure (well, a wide range of it) and found a list of instructions being triggered on access/write.
First-up, this is my structure and its address/hash/etc.:
Code: Select all
IStruct: 0x7AADB9D0
IName: 0x144F2AB10
ObjStr: ACEFightSettings
ObjHash: 0xB523F455
Then this is the debug list I got:
Starting from the instruction accessed 7 times going down are the instructions being run
when I hit something ![Wink ;)](./images/smilies/icon_e_wink.gif)
So I studied each and every one of them till I got to that CMP. Which I manually traced and found this:
Traced from that CMP all the way down till the CALL. Went in (RCX == 0x7AADB9D0, my ACEFightSettings) and found this function:
All good and dandy, but..
- you will notice the JE after "cmp [rbx+20],r9d" is never taken; what if we force it?
- you will notice the CALL before "test al,al" always returns 1; what if we NOP the JNE so [rbx+24] is always put in xmm0?
- you will notice [rbx+24] holds 1.0 as float; what if we make it 100.0?
Regarding the 3rd observation above -- I believe this is a multiplier, because when function exits, this happens:
Code: Select all
ACOdyssey.exe+1EF990E - E8 FD363D00 - call ACOdyssey.exe+22CD010 <-- our function
ACOdyssey.exe+1EF9913 - F3 0F59 F0 - mulss xmm6,xmm0 <-- multiplication
So.. that being said.. patching those spots and changing float to 100.0 from 1.0 will give you
damage x 100 when you start an attack
![Very Happy :D](./images/smilies/icon_e_biggrin.gif)
of course, you can skip patching inside the function and change xmm0 to whatever amount past the call above
![Razz :P](./images/smilies/icon_razz.gif)
Easier to hook.
This is one good spot to hook:
Code: Select all
ACOdyssey.exe+1EF9927 - F3 0F10 85 D8000000 - movss xmm0,[rbp+000000D8]
JMP to your cave and "movss xmm6,[your_multiplier]".
Before:
After:
Enjoy
BR,
Sun
P.S.#1: Note that even Ikraos can now do 1 hit kills when engaging soldiers
![Very Happy :D](./images/smilies/icon_e_biggrin.gif)
That dead soldier on the right was killed instantly right as I was trying to get the screenshot done
P.S.#2: This CALL here:
Code: Select all
ACOdyssey.exe+1EF991E - E8 5DC88700 - call ACOdyssey.exe+2776180 <--
ACOdyssey.exe+1EF9923 - 8B 4C 24 38 - mov ecx,[rsp+38]
What it does is to check your CharacterAI structure for Poison/Fire effects. If any of the two stats are active (as in, your player is on fire or poisoned), then the damage you deal is reduced through this function:
Code: Select all
ACOdyssey.exe+217784C - 80 7B 28 00 - cmp byte ptr [rbx+28],00 // is on fire or poisoned? (!= 0)
ACOdyssey.exe+2177850 - 45 0F57 C0 - xorps xmm8,xmm8
ACOdyssey.exe+2177854 - 74 27 - je ACOdyssey.exe+217787D
ACOdyssey.exe+2177856 - F3 0F10 8F E0010000 - movss xmm1,[rdi+000001E0] // [PlayerProgressionManager + 1E0] == 0.3
ACOdyssey.exe+217785E - 41 0F2F C8 - comiss xmm1,xmm8
ACOdyssey.exe+2177862 - 73 06 - jae ACOdyssey.exe+217786A
ACOdyssey.exe+2177864 - 41 0F28 C8 - movaps xmm1,xmm8
ACOdyssey.exe+2177868 - EB 08 - jmp ACOdyssey.exe+2177872
ACOdyssey.exe+217786A - 0F2F CF - comiss xmm1,xmm7
ACOdyssey.exe+217786D - 76 03 - jna ACOdyssey.exe+2177872
ACOdyssey.exe+217786F - 0F28 CF - movaps xmm1,xmm7
ACOdyssey.exe+2177872 - 0F28 C7 - movaps xmm0,xmm7
ACOdyssey.exe+2177875 - F3 0F5C C1 - subss xmm0,xmm1 // damage multiplier reduced from normal 1.0 to 0.7
ACOdyssey.exe+2177879 - F3 0F59 F0 - mulss xmm6,xmm0
P.S.#3: And no, you don't have to re-equip a weapon/item to apply the effect. Just hook the spot and you're set.