So I noticed that weapons in this game were extremely underpowered, especially one of my favorites, the RPG that fires 4 missiles (what a joke).. I wanted to make it a little more destructive, make it shoot 30 missiles each shot perhaps. But how would you go about that??
Let's start with taking a look at the instruction that writes your ammo value:
Code: Select all
JustCause4.exe+6CA28D - mov [rcx+0000053C],edx
A simple instruction, every time you shoot, the value in EDX gets moved into your current ammo value. If you have 80 bullets in your clip and take a shot, EDX which now contains a value of 79 gets moved into your ammo value. Well, lets backtrace EDX and see what happens with it in this calculation.
[Link]
As you can see here, nothing is directly modifying EDX, so let's trace back farther up the call tree.
[Link]
This Call:
Code: Select all
JustCause4.exe+694F34 - call qword ptr [r8+00000208]
is what is responsible for writing your ammo value every time you shoot. Two instructions above that, you'll see that EDX gets its value from R14. Nothing interesting about it, but now we want to pay attention to R14. Right above that, R14 gets modified by EAX. Again, nothing special about it, but we now follow EAX. A bit farther up, you finally see where the subtraction takes place:
Code: Select all
JustCause4.exe+694F1F - sub eax,r12d
This is what is responsible for decreasing your ammo value. So using the example above, you have 80 bullets in your clip and you take a shot. EAX which holds the value of 80, gets subtracted by R12d, which holds a value of 1. EAX then gets moved into R14, R14 gets moved into EDX, which ends up getting moved into your ammo address. Blah blah blah..
Anyways, right above the sub instruction there is another Call. For the sake of saving some time here, tracing that Call led nowhere interesting. So continuing on, still following EAX since it holds our ammo value, I see this instruction:
Code: Select all
JustCause4.exe+694F10 - mov eax,[rax+70]
Something we can use! Right-click on the instruction>'Find out what addresses this instruction accesses'. Take a few shots with the machine gun and I see one address populate with a static value of 80, max clip size perhaps?! Switching over to the RPG, I take another shot, and a static value of 1 pops up.
[Link]
Using the RPG value, we can open it in Dissect Data to make things a bit easier. As we've found out above, offset +70 holds max clip size, changing that value and reloading confirms it.
[Link]
But what the hell else are we looking at?! Well, any modder worth a damn that has modded this game before could probably tell you that you're looking at Weapon Data! It's the same exact layout of data in the files they change to make their fancy mods.
Now this is where the fun part comes in, start messing around with different values and see how the behavior of the weapon changes. Notice offsets +88 and +8C. I was immediately drawn to these since at +88, 0.1 was an obvious fire rate value, and at +8C there was a value of 4, the amount of rockets fired by the RPG. So I changed those values to 0 and 30 respectively. Sure as shit, I fired off 30 rockets in rapid succession!
After testing out different weapons, I came to the conclusion that offset +8C fell along the lines of # of weapon fire iterations rather than # of projectiles per shot, big difference between the two. Making a script for that value would likely cause unexpected behavior in other weapons, but I tested it out anyways. Long story short, it did. So I ditched that idea.
What else could I do? Then an idea came to me. What if I changed the fire mode from semi-auto to full-auto?! So I started digging around. I brought up the machine gun along side the RPG in Dissect Data and looked for differences. Changed a couple of 0's and 1's, but no change at all. Now take a look at offset +94. It just doesn't make a whole lot of sense, looks more like byte values to me.
[Link]
So I changed the value type to byte and saw this sneaky little fucker
[Link]
Changed offset +95 from a 0 to 1 on the RPG and proceeded to fire it. I held down the mouse button and it fired off rockets indefinitely, well until my clip ran out or until I let go. But that was it, the flag for 'Is Automatic'. Even better right!!
EDIT - One thing I forgot to include in the pictures was offset +90, time in between shots, to use in conjunction with Is Automatic/Fire Rate.
I still kept looking around and stumbled upon this offset here, +B8. This is an important one! Take a look.
Before:
[Link]
And after:
[Link]
That would be the flag for 'Is Inf Ammo'! There is a lot more in this structure by the way, velocity, deviation and such. But I did what I came here to do, and that was to make one badass rocket launcher!! Using all of this together and you get this:
[Link]
[Link]
Who needs mods when you have Cheat Engine lol.
What can you do with this info? Well, you can mess around with these values yourself in the meantime, I'll come up with pointers to everything later. If you like to take the modding route, you can use some of the offsets you find as reference to mod the weapon files easily. You can also apply this method in other games as well to go about finding fire rate and such, as this is a more proper way to do so.
Hope this helps!
