It is in the controller; that's how I tell them apart in that mission. And has become the basis for my main hook:
Code: Select all
[ENABLE]
aobscanmodule( GetPlayer, DevilMayCry5.exe, 83B8????????0148897424??0F94D00F297424??84C00F )
registersymbol( GetPlayer )
label( GetPlayer_o )
registersymbol( GetPlayer_o )
alloc( Hook, 0x1000, DevilMayCry5.exe )
label( g_Player )
registersymbol( g_Player )
label( g_PlayerLookAtController )
registersymbol( g_PlayerLookAtController )
Hook:
cmp byte ptr [rdx+60],1
jne short @f
mov [g_PlayerLookAtController],rdx
mov [g_Player],rax
GetPlayer_o:
readmem( GetPlayer, 7 )
jmp GetPlayer+7
align 10 CC
g_PlayerLookAtController:
dq 0
g_Player:
dq 0
GetPlayer:
jmp Hook
db 90 90
[DISABLE]
GetPlayer:
readmem( GetPlayer_o, 7 )
unregistersymbol( g_PlayerLookAtController )
unregistersymbol( g_Player )
dealloc( Hook )
unregistersymbol( GetPlayer_o )
unregistersymbol( GetPlayer )
Run that, regardless of your .exe
Oh, and there's also this; not sure if entirely for V.. but the below leads to the Servants and perhaps a way to determine if enemy or player:
Code: Select all
DevilMayCry5.exe+134C2220 - 48 89 5C 24 08 - mov [rsp+08],rbx
DevilMayCry5.exe+134C2225 - 57 - push rdi
DevilMayCry5.exe+134C2226 - 48 83 EC 20 - sub rsp,20 { 32 }
DevilMayCry5.exe+134C222A - 48 8B 41 50 - mov rax,[rcx+50]
DevilMayCry5.exe+134C222E - 48 89 D7 - mov rdi,rdx
DevilMayCry5.exe+134C2231 - 48 89 CB - mov rbx,rcx
DevilMayCry5.exe+134C2234 - 48 83 78 18 00 - cmp qword ptr [rax+18],00 { 0 }
DevilMayCry5.exe+134C2239 - 75 3C - jne DevilMayCry5.exe+134C2277
DevilMayCry5.exe+134C223B - 48 8B 92 60180000 - mov rdx,[rdx+00001860] // rdx == app.PlayerV; [rdx+1860] == app.enemy.em5802.Em5802
DevilMayCry5.exe+134C2242 - 45 31 C0 - xor r8d,r8d
DevilMayCry5.exe+134C2245 - E8 06DF5DEE - call DevilMayCry5.exe+1AA0150
DevilMayCry5.exe+134C224A - 0FB6 C8 - movzx ecx,al
DevilMayCry5.exe+134C224D - 48 8B 43 50 - mov rax,[rbx+50]
DevilMayCry5.exe+134C2251 - 48 83 78 18 00 - cmp qword ptr [rax+18],00 { 0 }
DevilMayCry5.exe+134C2256 - 75 1F - jne DevilMayCry5.exe+134C2277
DevilMayCry5.exe+134C2258 - 85 C9 - test ecx,ecx
DevilMayCry5.exe+134C225A - 74 1B - je DevilMayCry5.exe+134C2277
DevilMayCry5.exe+134C225C - 48 8B 87 60180000 - mov rax,[rdi+00001860] // app.enemy.em5802.Em5802
DevilMayCry5.exe+134C2263 - 48 85 C0 - test rax,rax
DevilMayCry5.exe+134C2266 - 75 1C - jne DevilMayCry5.exe+134C2284
DevilMayCry5.exe+134C2268 - 45 31 C0 - xor r8d,r8d
DevilMayCry5.exe+134C226B - 48 89 D9 - mov rcx,rbx
DevilMayCry5.exe+134C226E - 41 8D 50 38 - lea edx,[r8+38]
DevilMayCry5.exe+134C2272 - E8 D9B2F1EE - call DevilMayCry5.exe+23DD550
DevilMayCry5.exe+134C2277 - 30 C0 - xor al,al
DevilMayCry5.exe+134C2279 - 48 8B 5C 24 30 - mov rbx,[rsp+30]
DevilMayCry5.exe+134C227E - 48 83 C4 20 - add rsp,20 { 32 }
DevilMayCry5.exe+134C2282 - 5F - pop rdi
DevilMayCry5.exe+134C2283 - C3 - ret
DevilMayCry5.exe+134C2284 - 48 8B 80 200B0000 - mov rax,[rax+00000B20] // app.Em5802ServantController
DevilMayCry5.exe+134C228B - 48 85 C0 - test rax,rax
DevilMayCry5.exe+134C228E - 74 D8 - je DevilMayCry5.exe+134C2268
DevilMayCry5.exe+134C2290 - 83 78 64 01 - cmp dword ptr [rax+64],01 { 1 } // this?
DevilMayCry5.exe+134C2294 - 48 8B 5C 24 30 - mov rbx,[rsp+30]
DevilMayCry5.exe+134C2299 - 0F94 D0 - sete al
DevilMayCry5.exe+134C229C - 48 83 C4 20 - add rsp,20 { 32 }
DevilMayCry5.exe+134C22A0 - 5F - pop rdi
DevilMayCry5.exe+134C22A1 - C3 - ret
But mainly, head to Jessie's hook and check rdx and rsi, if I recall; those are the HitControllers for the entities doing and receiving the damage. Offset 0xA0 in the controllers leads to the Player. You can then compare human Player vs. enemy Player structures and find a bool or something that'd tell you what you're looking for.