Hellblade: Senua's Sacrifice WIP

address.txt

// Camera x/y/z/rotation writes: Disable to unlock free movement. Central copy constructor of UE camera manager.
// Used in-game and in photomode
// UE uses angles for rotation. In UE3 it uses packed 16 bit ints, in UE4 it uses floats, in degrees (0-360.0)
HellbladeGame-Win64-Shipping.exe+1940B77 - F2 0F11 87 80040000   - movsd [rdi+00000480],xmm0    // Write X & Y
HellbladeGame-Win64-Shipping.exe+1940B7F - F2 0F10 44 24 5C      - movsd xmm0,[rsp+5C]
HellbladeGame-Win64-Shipping.exe+1940B85 - F2 0F11 87 8C040000   - movsd [rdi+0000048C],xmm0    // Write Rotation around X/ around Z
HellbladeGame-Win64-Shipping.exe+1940B8D - 0F10 44 24 68         - movups xmm0,[rsp+68]
HellbladeGame-Win64-Shipping.exe+1940B92 - 89 87 88040000        - mov [rdi+00000488],eax       // Write Z (UP)
HellbladeGame-Win64-Shipping.exe+1940B98 - 8B 44 24 64           - mov eax,[rsp+64]
HellbladeGame-Win64-Shipping.exe+1940B9C - 89 87 94040000        - mov [rdi+00000494],eax       // Write Rotation around Y (into the screen)
HellbladeGame-Win64-Shipping.exe+1940BA2 - 8B 44 24 7C           - mov eax,[rsp+7C]
HellbladeGame-Win64-Shipping.exe+1940BA6 - 0F11 87 98040000      - movups [rdi+00000498],xmm0   // Write FOV
HellbladeGame-Win64-Shipping.exe+1940BAD - 83 E0 03              - and eax,03 { 3 }
HellbladeGame-Win64-Shipping.exe+1940BB0 - F3 0F10 44 24 78      - movss xmm0,[rsp+78]
HellbladeGame-Win64-Shipping.exe+1940BB6 - 09 87 AC040000        - or [rdi+000004AC],eax
HellbladeGame-Win64-Shipping.exe+1940BBC - 0FB6 45 80            - movzx eax,byte ptr [rbp-80]
HellbladeGame-Win64-Shipping.exe+1940BC0 - F3 0F11 87 A8040000   - movss [rdi+000004A8],xmm0

// Camera x/y/z/rotation writes for pause camera. Same structure. as above
HellbladeGame-Win64-Shipping.exe+195920A - 83 A3 AC040000 FC     - and dword ptr [rbx+000004AC],-04 { 252 }
HellbladeGame-Win64-Shipping.exe+1959211 - F2 0F11 83 80040000   - movsd [rbx+00000480],xmm0
HellbladeGame-Win64-Shipping.exe+1959219 - F2 0F10 44 24 2C      - movsd xmm0,[rsp+2C]
HellbladeGame-Win64-Shipping.exe+195921F - F2 0F11 83 8C040000   - movsd [rbx+0000048C],xmm0
HellbladeGame-Win64-Shipping.exe+1959227 - 0F10 44 24 38         - movups xmm0,[rsp+38]
HellbladeGame-Win64-Shipping.exe+195922C - 89 83 88040000        - mov [rbx+00000488],eax
HellbladeGame-Win64-Shipping.exe+1959232 - 8B 44 24 34           - mov eax,[rsp+34]
HellbladeGame-Win64-Shipping.exe+1959236 - 89 83 94040000        - mov [rbx+00000494],eax
HellbladeGame-Win64-Shipping.exe+195923C - 8B 44 24 4C           - mov eax,[rsp+4C]
HellbladeGame-Win64-Shipping.exe+1959240 - 0F11 83 98040000      - movups [rbx+00000498],xmm0
HellbladeGame-Win64-Shipping.exe+1959247 - 83 E0 03              - and eax,03 { 3 }
HellbladeGame-Win64-Shipping.exe+195924A - F3 0F10 44 24 48      - movss xmm0,[rsp+48]
HellbladeGame-Win64-Shipping.exe+1959250 - 09 83 AC040000        - or [rbx+000004AC],eax
HellbladeGame-Win64-Shipping.exe+1959256 - 0FB6 44 24 50         - movzx eax,byte ptr [rsp+50]

// FOV read: (no write-per-frame, can be overwritten at will)
HellbladeGame-Win64-Shipping.exe+1944DD0 - F3 0F10 81 14040000   - movss xmm0,[rcx+00000414]
HellbladeGame-Win64-Shipping.exe+1944DD8 - 0F57 C9               - xorps xmm1,xmm1
HellbladeGame-Win64-Shipping.exe+1944DDB - 0F2F C1               - comiss xmm0,xmm1
HellbladeGame-Win64-Shipping.exe+1944DDE - 77 08                 - ja HellbladeGame-Win64-Shipping.exe+1944DE8
HellbladeGame-Win64-Shipping.exe+1944DE0 - F3 0F10 81 98040000   - movss xmm0,[rcx+00000498]         // FOV READ
HellbladeGame-Win64-Shipping.exe+1944DE8 - C3                    - ret 
HellbladeGame-Win64-Shipping.exe+1944DE9 - CC                    - int 3 

Overlay working now. Window title has a trailing space so the code didn't find it initially. Should make this perhaps a bit more flexible. Oh who cares, as long as it works ;) :D

Everything works except FOV. FOV is stored in the original struct, AND in the struct used by the photomode. Have to find a way to write to both or write to the active one. Silly thing is: the fov in the photomode struct isn't used in the photomode, but the code does read from it.

Camera done: https://github.com/FransBouma/InjectableGenericCameraSystem/tree/master/Cameras/Hellblade