First, BTW, thanks for discussing and chatting (and for making the initial tutorial) - I feel like no one ever responds to replies on this forum for some reason, especially if someone actually offers some feedback. This has been interesting!
Ok, I went WAY down the rabbit hole, much further than I probably should have haha.
The only game I own that you developed a fly hack for was Assassin's Creed 2, which I must say is a terrible game for finding cheats since there is no window mode and the game minimizes every time you alt-tab out. How on earth did you do any searching for this game??
Using your cheat table as a base, I found the base pointer for the camera module, which is at AssassinsCreedIIGame.exe+01E111B4 using the current version of the game.
[AssassinsCreedIIGame.exe+01E111B4]+30 = Camera X
[AssassinsCreedIIGame.exe+01E111B4]+34 = Camera Y
[AssassinsCreedIIGame.exe+01E111B4]+38 = Camera Z
[AssassinsCreedIIGame.exe+01E111B4]+10 = The base value for what your script calls Yaw 1, is sin(yaw)
[AssassinsCreedIIGame.exe+01E111B4]+14 = The base value for what your script calls Yaw 2, is cos(yaw)
[AssassinsCreedIIGame.exe+01E111B4]+18 = The base value for what your script calls Pitch, is -sin(pitch)
[AssassinsCreedIIGame.exe+01E111B4]+1C = ??
[AssassinsCreedIIGame.exe+01E111B4]+20 = Rotation around the Y axis (some mathematical combination of +10/+18)
[AssassinsCreedIIGame.exe+01E111B4]+24 = Rotation around the X axis (some mathematical combination of +14/+18)
[AssassinsCreedIIGame.exe+01E111B4]+28 = cos(pitch)
[AssassinsCreedIIGame.exe+01E111B4]+2C = ??
If you NOP this instruction:
AssassinsCreedIIGame.exe+11883F3 - 0F29 41 30 - movaps [ecx+30],xmm0
Then you can put the camera anywhere you want, as that single instruction writes to +30/+34/+38/+3C.
Similarly, knocking out these instructions:
AssassinsCreedIIGame.exe+11883E3 - 0F29 41 10 - movaps [ecx+10],xmm0
AssassinsCreedIIGame.exe+11883EB - 0F 29 41 20 - movaps [ecx+20],xmm0
will allow you to directly manipulate camera rotation, but not correctly if you only edit +10/+14/+18, because they are not truly yaw and pitch. Your script works just fine despite thinking of +10/+14/+18 as an XYZ vector (combo of yaw and pitch) because you're not trying to move the camera at all, you're just letting the game engine do it for you. After all, you can get yaw from sin(yaw) and cos(yaw) using arctangent2, and you can get pitch from -sin(pitch) by using arcsine, which you referenced in a link listed in your pdf.* Treating +10/+14/+18 as an XYZ vector doesn't let you directly manipulate the camera angles, unfortunately, only the location of the camera and/or player, because the matrix does not fix itself (+20/+24/+28/+2C remain unchanged as you manually change +10/+14/+18/+1C, even if you knock out only the first instruction).
That's fine for this particular game engine because once you block writes to camera XYZ, you essentially have free-look because the engine doesn't enforce the view to the player; most games I've worked on force the camera to stare at the player however. What to do if the camera forces view? Breaking writes to +10/+14/+18/+1C/+20/+24/+28/+2C would allow you to edit the rotation numbers directly, but we'd have to figure out all the numbers of the matrix, which is kind of beyond me. Or we backtrace until we find the true tilt and pan, because usually these numbers do exist in memory somewhere. If you can take control of those, you can free rotation, which will allow you to look away from the player. In this game you don't need to do it for that reason, but it still may be worthwhile to find/free the true tilt and pan so that manipulate them even during times when the player doesn't have tilt/pan control (for example during cutscenes), and you can bypass the tilt locks (AC2 only lets you look down to 70 degrees, and up to 45 degrees).
EDIT: Since the mouse can look freely when the camera XYZ is detached, I realized that I had all I needed to implement a basic free camera, so I went ahead and did so, just so you can compare your approach to mine!
Code: Select all
Free Camera Controls:
Hotkey : Num 0 (Toggle On/Off)
Num 8 : Forward
Num 5 : Backward
Num 4 : Left
Num 6 : Right
Num - : Up
Num + : Down
Mouse control for tilt/pan. (Make sure to use keyboard/mouse controls.)
F1 : Decrease Camera Speed (Press and Hold)
F2 : Double Camera Speed (Press and Hold)
F3 : Quadruple Camera Speed (Press and Hold)
Note: My approach is to move the camera instead of the character, in which I discovered something very strange about this engine - it doesn't really properly render objects not in view of the player (and things get... weird). Also, if you code inject instead of NOP, you could copy ecx into a memory address and that would point to the coordinates as well, but I used a static pointer, because why not.
Anyway, here are all the camera scripts I've done:
Trails of Cold Steel 1,
Trails of Cold Steel 2,
Trails of Cold Steel 3,
Hajimari no Kiseki CLE,
Kuro no Kiseki CLE,
Tokyo Xanadu eX+,
Atelier Ryza,
Atelier Ryza 2. Clearly we have pretty different tastes in games haha.
Oh, and culling is when the game engine removes an object from the render pipeline because it is not visible, which improves frame rates by reducing the number of calculations. I've never actually tried to force culling a visible object using CE though, but I suppose it should be possible. I've found the clipping variable a few times, usually by standing next to a wall and moving the camera so that the player keeps appearing and disappearing.