Skill information seems to move around in memory constantly - not entirely sure why. At any rate, magic skill updates appear to run through Last.Data.User.OwnedAbility.set_SkillLevel, with rdx containing the new value and rax (plus 18) pointing to the current/old one.
Edit: looks like hooking set_SkillLevel isn't wise, as that avoids the 'level up' logic. Something along these lines seems to work well though.
4x magic speed increase from casts in menu:
Code: Select all
define(address,"GameAssembly.dll"+139F8CF)
define(bytes,8D 4F 02 E8 E9 BD A6 FF)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"GameAssembly.dll"+139F8CF)
label(code)
label(return)
newmem:
code:
lea ecx,[rdi+08] // Was 2, change to whatever increase rate
call UnityEngine.Mathf.Min
jmp return
address:
jmp newmem
nop 3
return:
[DISABLE]
address:
db bytes
// lea ecx,[rdi+02]
// call UnityEngine.Mathf.Min
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+139F8CF
GameAssembly.dll+139F8A4: 85 C0 - test eax,eax
GameAssembly.dll+139F8A6: 0F 8E E4 05 00 00 - jng GameAssembly.dll+139FE90
GameAssembly.dll+139F8AC: 48 8B 0D 0D 69 95 00 - mov rcx,[GameAssembly.dll+1CF61C0]
GameAssembly.dll+139F8B3: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+139F8BA: 74 0E - je GameAssembly.dll+139F8CA
GameAssembly.dll+139F8BC: 44 39 B1 E0 00 00 00 - cmp [rcx+000000E0],r14d
GameAssembly.dll+139F8C3: 75 05 - jne GameAssembly.dll+139F8CA
GameAssembly.dll+139F8C5: E8 A6 CC D7 FE - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+139F8CA: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+139F8CD: 8B D3 - mov edx,ebx
// ---------- INJECTING HERE ----------
GameAssembly.dll+139F8CF: 8D 4F 02 - lea ecx,[rdi+02]
// ---------- DONE INJECTING ----------
GameAssembly.dll+139F8D2: E8 E9 BD A6 FF - call UnityEngine.Mathf.Min
GameAssembly.dll+139F8D7: 8B F8 - mov edi,eax
GameAssembly.dll+139F8D9: 89 85 88 00 00 00 - mov [rbp+00000088],eax
GameAssembly.dll+139F8DF: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+139F8E2: 8B D0 - mov edx,eax
GameAssembly.dll+139F8E4: 49 8B CD - mov rcx,r13
GameAssembly.dll+139F8E7: E8 74 B3 23 FF - call Last.Data.User.OwnedAbility.set_SkillLevel
GameAssembly.dll+139F8EC: 3B FB - cmp edi,ebx
GameAssembly.dll+139F8EE: 0F 8C 9C 05 00 00 - jl GameAssembly.dll+139FE90
GameAssembly.dll+139F8F4: 48 8B 0D 2D 0B 9A 00 - mov rcx,[GameAssembly.dll+1D40428]
}
4x magic speed increase from casts in battle:
Code: Select all
define(address,"GameAssembly.dll"+139DF40)
define(bytes,E8 7B D7 A6 FF)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"GameAssembly.dll"+139DF40)
label(code)
label(return)
newmem:
code:
push rax
mov rax,[r13+20] // rax now points to 'current' skill details
sub rcx,[rax+18]
shl rcx,2 // increase growth by 4x
add rcx,[rax+18]
pop rax
call UnityEngine.Mathf.Min
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// call UnityEngine.Mathf.Min
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+139DF40
GameAssembly.dll+139DF1D: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+139DF24: 75 05 - jne GameAssembly.dll+139DF2B
GameAssembly.dll+139DF26: E8 45 E6 D7 FE - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+139DF2B: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+139DF2E: 33 D2 - xor edx,edx
GameAssembly.dll+139DF30: 8D 4F 02 - lea ecx,[rdi+02]
GameAssembly.dll+139DF33: E8 78 D7 A6 FF - call UnityEngine.Mathf.Max
GameAssembly.dll+139DF38: 8D 0C 30 - lea ecx,[rax+rsi]
GameAssembly.dll+139DF3B: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+139DF3E: 8B D3 - mov edx,ebx
// ---------- INJECTING HERE ----------
GameAssembly.dll+139DF40: E8 7B D7 A6 FF - call UnityEngine.Mathf.Min
// ---------- DONE INJECTING ----------
GameAssembly.dll+139DF45: 44 8B E0 - mov r12d,eax
GameAssembly.dll+139DF48: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+139DF4B: 8B D0 - mov edx,eax
GameAssembly.dll+139DF4D: 49 8B CD - mov rcx,r13
GameAssembly.dll+139DF50: E8 0B CD 23 FF - call Last.Data.User.OwnedAbility.set_SkillLevel
GameAssembly.dll+139DF55: 44 3B E3 - cmp r12d,ebx
GameAssembly.dll+139DF58: 8B 9D 10 01 00 00 - mov ebx,[rbp+00000110]
GameAssembly.dll+139DF5E: 0F 8C 59 FE FF FF - jl GameAssembly.dll+139DDBD
GameAssembly.dll+139DF64: 48 8B 0D 7D 33 98 00 - mov rcx,[GameAssembly.dll+1D212E8]
GameAssembly.dll+139DF6B: E8 A0 F2 DE FE - call GameAssembly.dll+18D210
}