Code: Select all
{======================
Author : aanpsx
Date : 2021-02-09
Game : nioh2.exe
Version : 1.0.0.0
Date : 2021-02-22
Author : SinGul4ritY
- Zero Onmyo Magic Cost
- Zero Jutsu Cost (display)
======================}
define(bytes_GetMagCost,db 0F B7 87 B0 00 00 00)
define(fmax,(float)999999999)
define(imax,#999999999)
define(fmin,(float)0)
define(mov1,mov byte ptr)
define(cmp1,cmp byte ptr)
define(bit,byte ptr)
define(8b,dq 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0)
// 0 81018202830384048505860687078808890
[ENABLE]
{$lua}
if syntaxcheck then return end
-----------------------
memrec.Color=0x000080ff
-------------- A.B.G.R
{$asm}
aobscanmodule(PSX_GetMagCost,nioh2.exe,0F B7 87 B0 00 00 00 66 0F)
alloc(newmem_GetMagCost,$1000,PSX_GetMagCost)
aobscanmodule(hookOmyoMagicCost,nioh2.exe+D1DCC2,0fb7xxxxxxxxxx66xxxxxx0fb7xx0f5bxx66xxxxxxb8xxxxxxxxf3xxxxxx0f5bxxf3xxxxxxf3xxxxxxf3xxxxxxxx83xxxxf7xxc1xxxx41xxxxxxxxxxxx48)
alloc(newmemhookOmyoMagicCost,64,hookOmyoMagicCost)
aobscanmodule(hookJutsuCost,nioh2.exe+1328774,f3xxxxxxxxxxxxxxf3xxxxxxxxxxxxxxf3xxxxxxf3xxxxxxxx83xxxxf7xxc1xxxx89)
alloc(newmemhookJutsuCost,64,hookJutsuCost)
label(_GetMagCost)
label(code_GetMagCost)
label(originalcode_hookOmyoMagicCost)
label(returnOmyoMagicCost)
label(returnhookJutsuCost)
label(originalcode_hookJutsuCost)
registersymbol(_GetMagCost)
registersymbol(PSX_GetMagCost)
registersymbol(code_GetMagCost)
registersymbol(hookOmyoMagicCost)
registersymbol(originalcode_hookOmyoMagicCost)
registersymbol(hookJutsuCost)
registersymbol(originalcode_hookJutsuCost)
newmem_GetMagCost:
mov [_GetMagCost],rdi //main pointer
xor eax,eax
mov [rdi+000000B0],ax
jmp return_GetMagCost
code_GetMagCost:
readmem(PSX_GetMagCost,7)
jmp return_GetMagCost
_GetMagCost:
8b
PSX_GetMagCost:
jmp newmem_GetMagCost
nop 2
return_GetMagCost:
newmemhookOmyoMagicCost:
xor eax, eax
mov [rsi+000000B0], eax
originalcode_hookOmyoMagicCost:
readmem(hookOmyoMagicCost, 7)
jmp returnOmyoMagicCost
hookOmyoMagicCost:
jmp newmemhookOmyoMagicCost
nop
nop
returnOmyoMagicCost:
newmemhookJutsuCost:
xorps xmm1,xmm1
originalcode_hookJutsuCost:
readmem(hookJutsuCost, 8)
jmp returnhookJutsuCost
hookJutsuCost:
jmp newmemhookJutsuCost
db 90 90 90
returnhookJutsuCost:
[DISABLE]
PSX_GetMagCost:
readmem(code_GetMagCost,7)
//Alt: movzx eax,word ptr [rdi+000000B0]
hookOmyoMagicCost:
readmem(originalcode_hookOmyoMagicCost, 7)
hookJutsuCost:
readmem(originalcode_hookJutsuCost, 8)
unregistersymbol(*)//unreg all
dealloc(*)//dealoc all
//unregistersymbol(_GetMagCost)
//unregistersymbol(PSX_GetMagCost)
//unregistersymbol(code_GetMagCost)
//dealloc(newmem_GetMagCost)
{dealloc(newmemhookOmyoMagicCost)
dealloc(newmemhookJutsuCost)
unregistersymbol(hookOmyoMagicCost)
unregistersymbol(originalcode_hookOmyoMagicCost)
unregistersymbol(hookJutsuCost)
unregistersymbol(originalcode_hookJutsuCost)
}
{$lua}
if syntaxcheck then return end
-----------------------
memrec.Color=0x00008000
-------------- A.B.G.R
{$asm}
{
// ORIGINAL CODE - INJECTION POINT: nioh2.exe+D1D5F7
nioh2.exe+D1D5AD: 48 85 C9 - test rcx,rcx
nioh2.exe+D1D5B0: 74 05 - je nioh2.exe+D1D5B7
nioh2.exe+D1D5B2: 0F B7 01 - movzx eax,word ptr [rcx]
nioh2.exe+D1D5B5: EB 05 - jmp nioh2.exe+D1D5BC
nioh2.exe+D1D5B7: B8 01 00 00 00 - mov eax,00000001
nioh2.exe+D1D5BC: 66 FF C8 - dec ax
nioh2.exe+D1D5BF: 66 83 F8 03 - cmp ax,03
nioh2.exe+D1D5C3: 73 0B - jae nioh2.exe+D1D5D0
nioh2.exe+D1D5C5: 0F B7 C0 - movzx eax,ax
nioh2.exe+D1D5C8: 48 8D 0C 40 - lea rcx,[rax+rax*2]
nioh2.exe+D1D5CC: 48 8D 3C 4F - lea rdi,[rdi+rcx*2]
nioh2.exe+D1D5D0: 0F B7 13 - movzx edx,word ptr [rbx]
nioh2.exe+D1D5D3: 4C 8D 87 AE 00 00 00 - lea r8,[rdi+000000AE]
nioh2.exe+D1D5DA: 66 3B 97 AC 00 00 00 - cmp dx,[rdi+000000AC]
nioh2.exe+D1D5E1: 73 09 - jae nioh2.exe+D1D5EC
nioh2.exe+D1D5E3: 48 8D 8F AC 00 00 00 - lea rcx,[rdi+000000AC]
nioh2.exe+D1D5EA: EB 0B - jmp nioh2.exe+D1D5F7
nioh2.exe+D1D5EC: 66 41 39 10 - cmp [r8],dx
nioh2.exe+D1D5F0: 48 8B CB - mov rcx,rbx
nioh2.exe+D1D5F3: 49 0F 42 C8 - cmovb rcx,r8
// ---------- INJECTING HERE ----------
nioh2.exe+D1D5F7: 0F B7 87 B0 00 00 00 - movzx eax,word ptr [rdi+000000B0]
// ---------- DONE INJECTING ----------
nioh2.exe+D1D5FE: 66 0F 6E C8 - movd xmm1,eax
nioh2.exe+D1D602: 0F B7 01 - movzx eax,word ptr [rcx]
nioh2.exe+D1D605: 0F 5B C9 - cvtdq2ps xmm1,xmm1
nioh2.exe+D1D608: 66 0F 6E C0 - movd xmm0,eax
nioh2.exe+D1D60C: B8 CD CC CC CC - mov eax,CCCCCCCD
nioh2.exe+D1D611: F3 0F 59 CE - mulss xmm1,xmm6
nioh2.exe+D1D615: 0F 5B C0 - cvtdq2ps xmm0,xmm0
nioh2.exe+D1D618: F3 0F 59 CF - mulss xmm1,xmm7
nioh2.exe+D1D61C: F3 0F 59 C8 - mulss xmm1,xmm0
nioh2.exe+D1D620: F3 48 0F 2C C9 - cvttss2si rcx,xmm1
nioh2.exe+D1D625: 83 C1 09 - add ecx,09
nioh2.exe+D1D628: F7 E1 - mul ecx
nioh2.exe+D1D62A: C1 EA 03 - shr edx,03
nioh2.exe+D1D62D: 41 01 96 30 C1 1C 00 - add [r14+001CC130],edx
nioh2.exe+D1D634: 0F B7 BB 3E 01 00 00 - movzx edi,word ptr [rbx+0000013E]
nioh2.exe+D1D63B: 66 85 FF - test di,di
nioh2.exe+D1D63E: 0F 84 FB 00 00 00 - je nioh2.exe+D1D73F
nioh2.exe+D1D644: 48 8B 05 0D 6B 9A 01 - mov rax,[nioh2.exe+26C4158]
nioh2.exe+D1D64B: 41 83 C8 FF - or r8d,-01
nioh2.exe+D1D64F: 0F B7 D7 - movzx edx,di
}