├── bnet ├── steam └── xbox /bnet: -------------------------------------------------------------------------------- 1 | uintptr_t decrypt_client_info() 2 | { 3 | const uint64_t mb = base; 4 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 5 | rbx = IO_READ_MEM(base + 0x1399D728); 6 | if(!rbx) 7 | return rbx; 8 | rcx = peb; //mov rcx, gs:[rax] 9 | //rdx = 000001B4DEB500E8//failed to trace. base: 00007FF6147D0000 It's possibly wrong 10 | rbx += 0xFFFFFFFFFFFF9357; //add rbx, 0xFFFFFFFFFFFF9357 11 | rcx -= rdx; //sub rcx, rdx 12 | rcx += rbx; //add rcx, rbx 13 | rax = rcx; //mov rax, rcx 14 | rax >>= 0x1D; //shr rax, 0x1D 15 | rcx ^= rax; //xor rcx, rax 16 | rbx = rcx; //mov rbx, rcx 17 | rax = 0; //and rax, 0xFFFFFFFFC0000000 18 | rbx >>= 0x3A; //shr rbx, 0x3A 19 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 20 | rbx ^= rcx; //xor rbx, rcx 21 | rax ^= IO_READ_MEM(base + 0xCD5980C); //xor rax, [0x000000000A1C5338] 22 | rax = _byteswap_uint64(rax); //bswap rax 23 | rbx *= IO_READ_MEM(rax + 0x15); //imul rbx, [rax+0x15] 24 | rax = 0xD67810518E7F25DD; //mov rax, 0xD67810518E7F25DD 25 | rbx *= rax; //imul rbx, rax 26 | rax = rbx; //mov rax, rbx 27 | rax >>= 0x5; //shr rax, 0x05 28 | rbx ^= rax; //xor rbx, rax 29 | rax = rbx; //mov rax, rbx 30 | rax >>= 0xA; //shr rax, 0x0A 31 | rbx ^= rax; //xor rbx, rax 32 | rax = rbx; //mov rax, rbx 33 | rax >>= 0x14; //shr rax, 0x14 34 | rbx ^= rax; //xor rbx, rax 35 | rax = rbx; //mov rax, rbx 36 | rax >>= 0x28; //shr rax, 0x28 37 | rbx ^= rax; //xor rbx, rax 38 | return rbx; 39 | } 40 | uintptr_t decrypt_client_base() 41 | { 42 | const uint64_t mb = base; 43 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 44 | rax = IO_READ_MEM(client_info + 0x1d3650); 45 | if(!rax) 46 | return rax; 47 | r11= ~peb; //mov r11, gs:[rcx] 48 | rcx = r11; //mov rcx, r11 49 | //failed to translate: mov [rsp+0x3E0], r13 50 | rcx = _rotl64(rcx, 0x34); //rol rcx, 0x34 51 | rcx &= 0xF; 52 | switch(rcx) { 53 | case 0: 54 | { 55 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C512F5] 56 | r13 = base + 0x16CBED5E; //lea r13, [0x0000000013B76FFB] 57 | rdx = base + 0x33D36DEA; //lea rdx, [0x0000000030BEF029] 58 | rax ^= r11; //xor rax, r11 59 | rax ^= rdx; //xor rax, rdx 60 | rcx = r11; //mov rcx, r11 61 | rcx *= r13; //imul rcx, r13 62 | rax -= rcx; //sub rax, rcx 63 | rcx = 0x2F44AFC8DA410289; //mov rcx, 0x2F44AFC8DA410289 64 | rax *= rcx; //imul rax, rcx 65 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 66 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 67 | rcx ^= r10; //xor rcx, r10 68 | rcx = ~rcx; //not rcx 69 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 70 | rcx = 0x31EA6C7327F2F48F; //mov rcx, 0x31EA6C7327F2F48F 71 | rax *= rcx; //imul rax, rcx 72 | rcx = r11; //mov rcx, r11 73 | rcx = ~rcx; //not rcx 74 | uintptr_t RSP_0xFFFFFFFFFFFFFF90; 75 | RSP_0xFFFFFFFFFFFFFF90 = base + 0xDD05; //lea rcx, [0xFFFFFFFFFCEC5FBE] : RBP+0xFFFFFFFFFFFFFF90 76 | rcx ^= RSP_0xFFFFFFFFFFFFFF90; //xor rcx, [rbp-0x70] 77 | rax -= rcx; //sub rax, rcx 78 | rcx = rax; //mov rcx, rax 79 | rcx >>= 0xF; //shr rcx, 0x0F 80 | rax ^= rcx; //xor rax, rcx 81 | rcx = rax; //mov rcx, rax 82 | rcx >>= 0x1E; //shr rcx, 0x1E 83 | rax ^= rcx; //xor rax, rcx 84 | rcx = rax; //mov rcx, rax 85 | rcx >>= 0x3C; //shr rcx, 0x3C 86 | rax ^= rcx; //xor rax, rcx 87 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB8061] 88 | rax -= rcx; //sub rax, rcx 89 | return rax; 90 | } 91 | case 1: 92 | { 93 | r9 = IO_READ_MEM(base + 0xCD59875); //mov r9, [0x0000000009C50E13] 94 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB799B] 95 | rcx += 0x4C577047; //add rcx, 0x4C577047 96 | rcx += r11; //add rcx, r11 97 | rax ^= rcx; //xor rax, rcx 98 | rcx = rax; //mov rcx, rax 99 | rcx >>= 0x16; //shr rcx, 0x16 100 | rax ^= rcx; //xor rax, rcx 101 | rcx = rax; //mov rcx, rax 102 | rcx >>= 0x2C; //shr rcx, 0x2C 103 | rax ^= rcx; //xor rax, rcx 104 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB7AA1] 105 | rax ^= rcx; //xor rax, rcx 106 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB7B6C] 107 | rcx += 0x673BCC74; //add rcx, 0x673BCC74 108 | rcx += r11; //add rcx, r11 109 | rax ^= rcx; //xor rax, rcx 110 | rcx = 0x14CEC15D15237845; //mov rcx, 0x14CEC15D15237845 111 | rax *= rcx; //imul rax, rcx 112 | rcx = 0xC6C8F26557A42C57; //mov rcx, 0xC6C8F26557A42C57 113 | rax *= rcx; //imul rax, rcx 114 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 115 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 116 | rcx ^= r9; //xor rcx, r9 117 | rcx = ~rcx; //not rcx 118 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 119 | return rax; 120 | } 121 | case 2: 122 | { 123 | r9 = IO_READ_MEM(base + 0xCD59875); //mov r9, [0x0000000009C5099D] 124 | rcx = rax; //mov rcx, rax 125 | rcx >>= 0xC; //shr rcx, 0x0C 126 | rax ^= rcx; //xor rax, rcx 127 | rcx = rax; //mov rcx, rax 128 | rcx >>= 0x18; //shr rcx, 0x18 129 | rax ^= rcx; //xor rax, rcx 130 | rcx = rax; //mov rcx, rax 131 | rcx >>= 0x30; //shr rcx, 0x30 132 | rax ^= rcx; //xor rax, rcx 133 | rax -= r11; //sub rax, r11 134 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 135 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 136 | rcx ^= r9; //xor rcx, r9 137 | rcx = ~rcx; //not rcx 138 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 139 | rcx = base + 0x40BA9587; //lea rcx, [0x000000003DA60D89] 140 | rax += r11; //add rax, r11 141 | rax += rcx; //add rax, rcx 142 | rcx = 0xB820512AEEAE20F1; //mov rcx, 0xB820512AEEAE20F1 143 | rax *= rcx; //imul rax, rcx 144 | rcx = 0x5B4702F448FEE148; //mov rcx, 0x5B4702F448FEE148 145 | rax ^= rcx; //xor rax, rcx 146 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB77DA] 147 | rax += rcx; //add rax, rcx 148 | rcx = rax; //mov rcx, rax 149 | rcx >>= 0x12; //shr rcx, 0x12 150 | rax ^= rcx; //xor rax, rcx 151 | rcx = rax; //mov rcx, rax 152 | rcx >>= 0x24; //shr rcx, 0x24 153 | rax ^= rcx; //xor rax, rcx 154 | return rax; 155 | } 156 | case 3: 157 | { 158 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C50451] 159 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB712E] 160 | rax -= rcx; //sub rax, rcx 161 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB6FAF] 162 | rax ^= rcx; //xor rax, rcx 163 | rcx = rax; //mov rcx, rax 164 | rcx >>= 0x13; //shr rcx, 0x13 165 | rax ^= rcx; //xor rax, rcx 166 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 167 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 168 | rcx = rax; //mov rcx, rax 169 | rdx ^= r10; //xor rdx, r10 170 | rcx >>= 0x26; //shr rcx, 0x26 171 | rdx = ~rdx; //not rdx 172 | rax ^= rcx; //xor rax, rcx 173 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 174 | rcx = r11; //mov rcx, r11 175 | rcx = ~rcx; //not rcx 176 | uintptr_t RSP_0xFFFFFFFFFFFFFF88; 177 | RSP_0xFFFFFFFFFFFFFF88 = base + 0x639AA956; //lea rcx, [0x0000000060861D26] : RBP+0xFFFFFFFFFFFFFF88 178 | rcx += RSP_0xFFFFFFFFFFFFFF88; //add rcx, [rbp-0x78] 179 | rax ^= rcx; //xor rax, rcx 180 | rcx = 0xEF7AA6541B0960DD; //mov rcx, 0xEF7AA6541B0960DD 181 | rax ^= rcx; //xor rax, rcx 182 | rcx = 0xAC44478E4E7E319F; //mov rcx, 0xAC44478E4E7E319F 183 | rax *= rcx; //imul rax, rcx 184 | rcx = 0x69DF0E377EDBC9BB; //mov rcx, 0x69DF0E377EDBC9BB 185 | rax ^= rcx; //xor rax, rcx 186 | return rax; 187 | } 188 | case 4: 189 | { 190 | r9 = IO_READ_MEM(base + 0xCD59875); //mov r9, [0x0000000009C4FFD5] 191 | rcx = 0x6B6B6FEB24A18CBC; //mov rcx, 0x6B6B6FEB24A18CBC 192 | rax ^= rcx; //xor rax, rcx 193 | rcx = 0xE26425F12DE4CEB; //mov rcx, 0xE26425F12DE4CEB 194 | rax ^= rcx; //xor rax, rcx 195 | rcx = rax; //mov rcx, rax 196 | rcx >>= 0x15; //shr rcx, 0x15 197 | rax ^= rcx; //xor rax, rcx 198 | rcx = rax; //mov rcx, rax 199 | rcx >>= 0x2A; //shr rcx, 0x2A 200 | rax ^= rcx; //xor rax, rcx 201 | rax += r11; //add rax, r11 202 | rcx = 0xC6BD746DB1DF1B31; //mov rcx, 0xC6BD746DB1DF1B31 203 | rax *= rcx; //imul rax, rcx 204 | rax -= base; //sub rax, [rbp-0x70] -- didn't find trace -> use base 205 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 206 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 207 | rcx ^= r9; //xor rcx, r9 208 | rcx = ~rcx; //not rcx 209 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 210 | rcx = rax; //mov rcx, rax 211 | rcx >>= 0x1; //shr rcx, 0x01 212 | rax ^= rcx; //xor rax, rcx 213 | rcx = rax; //mov rcx, rax 214 | rcx >>= 0x2; //shr rcx, 0x02 215 | rax ^= rcx; //xor rax, rcx 216 | rcx = rax; //mov rcx, rax 217 | rcx >>= 0x4; //shr rcx, 0x04 218 | rax ^= rcx; //xor rax, rcx 219 | rcx = rax; //mov rcx, rax 220 | rcx >>= 0x8; //shr rcx, 0x08 221 | rax ^= rcx; //xor rax, rcx 222 | rcx = rax; //mov rcx, rax 223 | rcx >>= 0x10; //shr rcx, 0x10 224 | rax ^= rcx; //xor rax, rcx 225 | rcx = rax; //mov rcx, rax 226 | rcx >>= 0x20; //shr rcx, 0x20 227 | rax ^= rcx; //xor rax, rcx 228 | return rax; 229 | } 230 | case 5: 231 | { 232 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C4F8CF] 233 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 234 | rcx = r11 * 0xFFFFFFFFFFFFFFFE; //imul rcx, r11, 0xFFFFFFFFFFFFFFFE 235 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 236 | rax += rcx; //add rax, rcx 237 | rdx ^= r10; //xor rdx, r10 238 | rcx = base + 0x5F737FAA; //lea rcx, [0x000000005C5EE5B8] 239 | rdx = ~rdx; //not rdx 240 | rax += rcx; //add rax, rcx 241 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 242 | rcx = rax; //mov rcx, rax 243 | rcx >>= 0x19; //shr rcx, 0x19 244 | rax ^= rcx; //xor rax, rcx 245 | rcx = rax; //mov rcx, rax 246 | rcx >>= 0x32; //shr rcx, 0x32 247 | rax ^= rcx; //xor rax, rcx 248 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB6490] 249 | rcx += 0x6987CC3C; //add rcx, 0x6987CC3C 250 | rcx += r11; //add rcx, r11 251 | rax += rcx; //add rax, rcx 252 | rcx = 0xBEC2B746A9461603; //mov rcx, 0xBEC2B746A9461603 253 | rax *= rcx; //imul rax, rcx 254 | rcx = 0x7D25D991052F24B5; //mov rcx, 0x7D25D991052F24B5 255 | rax += rcx; //add rax, rcx 256 | rcx = 0x6B9AD86F193C7172; //mov rcx, 0x6B9AD86F193C7172 257 | rax += rcx; //add rax, rcx 258 | return rax; 259 | } 260 | case 6: 261 | { 262 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C4F463] 263 | rdx = base + 0x50AF1F4F; //lea rdx, [0x000000004D9A82F5] 264 | rax += r11; //add rax, r11 265 | rcx = r11; //mov rcx, r11 266 | rcx ^= rdx; //xor rcx, rdx 267 | rax -= rcx; //sub rax, rcx 268 | rcx = 0xFA37AFACEF63040B; //mov rcx, 0xFA37AFACEF63040B 269 | rax ^= rcx; //xor rax, rcx 270 | rcx = 0xE15A50F0F0B4D5D9; //mov rcx, 0xE15A50F0F0B4D5D9 271 | rax *= rcx; //imul rax, rcx 272 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 273 | rcx = base + 0xEE8B; //lea rcx, [0xFFFFFFFFFCEC4E9B] 274 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 275 | rcx -= r11; //sub rcx, r11 276 | rax ^= rcx; //xor rax, rcx 277 | rdx ^= r10; //xor rdx, r10 278 | rdx = ~rdx; //not rdx 279 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 280 | rcx = 0x61E687AD8B6807D4; //mov rcx, 0x61E687AD8B6807D4 281 | rax += rcx; //add rax, rcx 282 | rcx = rax; //mov rcx, rax 283 | rcx >>= 0x15; //shr rcx, 0x15 284 | rax ^= rcx; //xor rax, rcx 285 | rcx = rax; //mov rcx, rax 286 | rcx >>= 0x2A; //shr rcx, 0x2A 287 | rax ^= rcx; //xor rax, rcx 288 | return rax; 289 | } 290 | case 7: 291 | { 292 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C4EF4D] 293 | r13 = base + 0xBEE4; //lea r13, [0xFFFFFFFFFCEC1DE4] 294 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB5B9A] 295 | rax ^= rcx; //xor rax, rcx 296 | rcx = 0x8DB3E6B3BD449D8; //mov rcx, 0x8DB3E6B3BD449D8 297 | rax += rcx; //add rax, rcx 298 | rcx = 0x7CFD8CC5318E532F; //mov rcx, 0x7CFD8CC5318E532F 299 | rax *= rcx; //imul rax, rcx 300 | rcx = rax; //mov rcx, rax 301 | rcx >>= 0x7; //shr rcx, 0x07 302 | rax ^= rcx; //xor rax, rcx 303 | rcx = rax; //mov rcx, rax 304 | rcx >>= 0xE; //shr rcx, 0x0E 305 | rax ^= rcx; //xor rax, rcx 306 | rcx = rax; //mov rcx, rax 307 | rcx >>= 0x1C; //shr rcx, 0x1C 308 | rax ^= rcx; //xor rax, rcx 309 | rcx = rax; //mov rcx, rax 310 | rcx >>= 0x38; //shr rcx, 0x38 311 | rax ^= rcx; //xor rax, rcx 312 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 313 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 314 | rcx = 0x6DE6E637B4DB68F1; //mov rcx, 0x6DE6E637B4DB68F1 315 | rdx ^= r10; //xor rdx, r10 316 | rdx = ~rdx; //not rdx 317 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 318 | rax *= rcx; //imul rax, rcx 319 | rcx = r11; //mov rcx, r11 320 | rcx -= r13; //sub rcx, r13 321 | rax ^= rcx; //xor rax, rcx 322 | rax -= r11; //sub rax, r11 323 | return rax; 324 | } 325 | case 8: 326 | { 327 | r9 = IO_READ_MEM(base + 0xCD59875); //mov r9, [0x0000000009C4EAFE] 328 | rcx = rax; //mov rcx, rax 329 | rcx >>= 0x1E; //shr rcx, 0x1E 330 | rax ^= rcx; //xor rax, rcx 331 | rcx = rax; //mov rcx, rax 332 | rcx >>= 0x3C; //shr rcx, 0x3C 333 | rax ^= rcx; //xor rax, rcx 334 | rcx = 0xD16E8EE163C9A6B; //mov rcx, 0xD16E8EE163C9A6B 335 | rax *= rcx; //imul rax, rcx 336 | rcx = rax; //mov rcx, rax 337 | rcx >>= 0xE; //shr rcx, 0x0E 338 | rax ^= rcx; //xor rax, rcx 339 | rcx = rax; //mov rcx, rax 340 | rcx >>= 0x1C; //shr rcx, 0x1C 341 | rax ^= rcx; //xor rax, rcx 342 | rcx = rax; //mov rcx, rax 343 | rcx >>= 0x38; //shr rcx, 0x38 344 | rax ^= rcx; //xor rax, rcx 345 | rcx = 0xA9C58221B90E7C46; //mov rcx, 0xA9C58221B90E7C46 346 | rax ^= rcx; //xor rax, rcx 347 | rcx = 0x55F6ED3AB42B87A0; //mov rcx, 0x55F6ED3AB42B87A0 348 | rax -= rcx; //sub rax, rcx 349 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 350 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 351 | rcx ^= r9; //xor rcx, r9 352 | rcx = ~rcx; //not rcx 353 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 354 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB55E3] 355 | rax += rcx; //add rax, rcx 356 | rcx = rax; //mov rcx, rax 357 | rcx >>= 0x14; //shr rcx, 0x14 358 | rax ^= rcx; //xor rax, rcx 359 | rcx = rax; //mov rcx, rax 360 | rcx >>= 0x28; //shr rcx, 0x28 361 | rax ^= rcx; //xor rax, rcx 362 | return rax; 363 | } 364 | case 9: 365 | { 366 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C4E43B] 367 | rdx = r11; //mov rdx, r11 368 | rcx = base + 0xFCE2; //lea rcx, [0xFFFFFFFFFCEC4F2E] 369 | rdx *= rcx; //imul rdx, rcx 370 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB5241] 371 | rdx -= rcx; //sub rdx, rcx 372 | rcx = r11; //mov rcx, r11 373 | rax += rdx; //add rax, rdx 374 | rcx = ~rcx; //not rcx 375 | rax ^= rcx; //xor rax, rcx 376 | rdx = base + 0x6EC75C18; //lea rdx, [0x000000006BB2AE43] 377 | rax ^= rdx; //xor rax, rdx 378 | rcx = rax; //mov rcx, rax 379 | rcx >>= 0x7; //shr rcx, 0x07 380 | rax ^= rcx; //xor rax, rcx 381 | rcx = rax; //mov rcx, rax 382 | rcx >>= 0xE; //shr rcx, 0x0E 383 | rax ^= rcx; //xor rax, rcx 384 | rcx = rax; //mov rcx, rax 385 | rcx >>= 0x1C; //shr rcx, 0x1C 386 | rax ^= rcx; //xor rax, rcx 387 | rcx = rax; //mov rcx, rax 388 | rcx >>= 0x38; //shr rcx, 0x38 389 | rax ^= rcx; //xor rax, rcx 390 | r13 = 0xB691FFD9C9D61B2E; //mov r13, 0xB691FFD9C9D61B2E 391 | rax += r13; //add rax, r13 392 | r13 = 0x89C1B16D1EAC4B85; //mov r13, 0x89C1B16D1EAC4B85 393 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 394 | rax ^= r13; //xor rax, r13 395 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 396 | rcx ^= r10; //xor rcx, r10 397 | rcx = ~rcx; //not rcx 398 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 399 | rcx = 0x272542A0099256AB; //mov rcx, 0x272542A0099256AB 400 | rax *= rcx; //imul rax, rcx 401 | return rax; 402 | } 403 | case 10: 404 | { 405 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C4DF09] 406 | rcx = base + 0x240D8AB0; //lea rcx, [0x0000000020F8D81B] 407 | rcx += r11; //add rcx, r11 408 | rax ^= rcx; //xor rax, rcx 409 | rdx = base + 0x3B21; //lea rdx, [0xFFFFFFFFFCEB863E] 410 | rcx = r11; //mov rcx, r11 411 | rdx *= r11; //imul rdx, r11 412 | rcx = ~rcx; //not rcx 413 | rdx += rax; //add rdx, rax 414 | rax = base + 0x24E689C1; //lea rax, [0x0000000021D1D4BA] 415 | rcx += rax; //add rcx, rax 416 | rax = rdx; //mov rax, rdx 417 | rax ^= rcx; //xor rax, rcx 418 | rcx = 0x489A1BC87CDCD670; //mov rcx, 0x489A1BC87CDCD670 419 | rax ^= rcx; //xor rax, rcx 420 | rcx = 0xA00242052F60AE53; //mov rcx, 0xA00242052F60AE53 421 | rax ^= rcx; //xor rax, rcx 422 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 423 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 424 | rcx ^= r10; //xor rcx, r10 425 | rcx = ~rcx; //not rcx 426 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 427 | rcx = 0xBDB64B81FECB6E7D; //mov rcx, 0xBDB64B81FECB6E7D 428 | rax *= rcx; //imul rax, rcx 429 | rcx = rax; //mov rcx, rax 430 | rcx >>= 0x28; //shr rcx, 0x28 431 | rax ^= rcx; //xor rax, rcx 432 | return rax; 433 | } 434 | case 11: 435 | { 436 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C4DA22] 437 | rcx = rax; //mov rcx, rax 438 | rcx >>= 0x15; //shr rcx, 0x15 439 | rax ^= rcx; //xor rax, rcx 440 | rcx = rax; //mov rcx, rax 441 | rcx >>= 0x2A; //shr rcx, 0x2A 442 | rax ^= rcx; //xor rax, rcx 443 | rcx = 0xD3A53D9499733245; //mov rcx, 0xD3A53D9499733245 444 | rax *= rcx; //imul rax, rcx 445 | rcx = 0x72C2AC821062ABD1; //mov rcx, 0x72C2AC821062ABD1 446 | rax ^= rcx; //xor rax, rcx 447 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB44D6] 448 | rax -= rcx; //sub rax, rcx 449 | rax += 0xFFFFFFFFFFFF4954; //add rax, 0xFFFFFFFFFFFF4954 450 | rax += r11; //add rax, r11 451 | rcx = rax; //mov rcx, rax 452 | rcx >>= 0x1; //shr rcx, 0x01 453 | rax ^= rcx; //xor rax, rcx 454 | rcx = rax; //mov rcx, rax 455 | rcx >>= 0x2; //shr rcx, 0x02 456 | rax ^= rcx; //xor rax, rcx 457 | rcx = rax; //mov rcx, rax 458 | rcx >>= 0x4; //shr rcx, 0x04 459 | rax ^= rcx; //xor rax, rcx 460 | rcx = rax; //mov rcx, rax 461 | rcx >>= 0x8; //shr rcx, 0x08 462 | rax ^= rcx; //xor rax, rcx 463 | rcx = rax; //mov rcx, rax 464 | rcx >>= 0x10; //shr rcx, 0x10 465 | rax ^= rcx; //xor rax, rcx 466 | rcx = rax; //mov rcx, rax 467 | rcx >>= 0x20; //shr rcx, 0x20 468 | rax ^= rcx; //xor rax, rcx 469 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB4874] 470 | rax ^= rcx; //xor rax, rcx 471 | rcx = base + 0x5B0222F4; //lea rcx, [0x0000000057ED6775] 472 | rcx *= r11; //imul rcx, r11 473 | rax += rcx; //add rax, rcx 474 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 475 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 476 | rcx ^= r10; //xor rcx, r10 477 | rcx = ~rcx; //not rcx 478 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 479 | return rax; 480 | } 481 | case 12: 482 | { 483 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C4D4A3] 484 | r13 = base + 0x852; //lea r13, [0xFFFFFFFFFCEB4CAD] 485 | rcx = 0xF7D4FABCE6FC022; //mov rcx, 0xF7D4FABCE6FC022 486 | rax += rcx; //add rax, rcx 487 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 488 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 489 | rcx ^= r10; //xor rcx, r10 490 | rcx = ~rcx; //not rcx 491 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 492 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB4206] 493 | rax ^= rcx; //xor rax, rcx 494 | rax -= rcx; //sub rax, rcx 495 | rcx = 0x5C9D9DBA026E85B7; //mov rcx, 0x5C9D9DBA026E85B7 496 | rax *= rcx; //imul rax, rcx 497 | rcx = rax; //mov rcx, rax 498 | rdx = r11; //mov rdx, r11 499 | rcx >>= 0x21; //shr rcx, 0x21 500 | rdx = ~rdx; //not rdx 501 | rdx *= r13; //imul rdx, r13 502 | rdx ^= rcx; //xor rdx, rcx 503 | rax ^= rdx; //xor rax, rdx 504 | rax += r11; //add rax, r11 505 | return rax; 506 | } 507 | case 13: 508 | { 509 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C4D0D3] 510 | r13 = base + 0x12585A59; //lea r13, [0x000000000F439AE4] 511 | rcx = r11; //mov rcx, r11 512 | rcx = ~rcx; //not rcx 513 | rcx ^= r13; //xor rcx, r13 514 | rax += rcx; //add rax, rcx 515 | rcx = rax; //mov rcx, rax 516 | rcx >>= 0x8; //shr rcx, 0x08 517 | rax ^= rcx; //xor rax, rcx 518 | rcx = rax; //mov rcx, rax 519 | rcx >>= 0x10; //shr rcx, 0x10 520 | rax ^= rcx; //xor rax, rcx 521 | rcx = rax; //mov rcx, rax 522 | rcx >>= 0x20; //shr rcx, 0x20 523 | rax ^= rcx; //xor rax, rcx 524 | rcx = rax; //mov rcx, rax 525 | rcx >>= 0x11; //shr rcx, 0x11 526 | rax ^= rcx; //xor rax, rcx 527 | rcx = rax; //mov rcx, rax 528 | rcx >>= 0x22; //shr rcx, 0x22 529 | rax ^= rcx; //xor rax, rcx 530 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 531 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 532 | rcx ^= r10; //xor rcx, r10 533 | rcx = ~rcx; //not rcx 534 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 535 | rcx = 0xA4979265BBC7E3D5; //mov rcx, 0xA4979265BBC7E3D5 536 | rax *= rcx; //imul rax, rcx 537 | rcx = r11; //mov rcx, r11 538 | rcx = ~rcx; //not rcx 539 | rcx -= base; //sub rcx, [rbp-0x70] -- didn't find trace -> use base 540 | rcx -= 0x756FAD6E; //sub rcx, 0x756FAD6E 541 | rcx ^= rax; //xor rcx, rax 542 | rax = base + 0x78217335; //lea rax, [0x00000000750CB1E2] 543 | rcx += r11; //add rcx, r11 544 | rax += rcx; //add rax, rcx 545 | rcx = 0xC20F4E2AD24BC517; //mov rcx, 0xC20F4E2AD24BC517 546 | rax ^= rcx; //xor rax, rcx 547 | return rax; 548 | } 549 | case 14: 550 | { 551 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C4CB55] 552 | r13 = base + 0x3CF1; //lea r13, [0xFFFFFFFFFCEB77FE] 553 | rcx = rax; //mov rcx, rax 554 | rcx >>= 0x16; //shr rcx, 0x16 555 | rax ^= rcx; //xor rax, rcx 556 | rcx = rax; //mov rcx, rax 557 | rcx >>= 0x2C; //shr rcx, 0x2C 558 | rax ^= rcx; //xor rax, rcx 559 | rcx = 0xAF96B7C88EDF2B75; //mov rcx, 0xAF96B7C88EDF2B75 560 | rax *= rcx; //imul rax, rcx 561 | rax ^= r11; //xor rax, r11 562 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 563 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 564 | rdx ^= r10; //xor rdx, r10 565 | rcx = r11 + r13 * 1; //lea rcx, [r11+r13*1] 566 | rax += rcx; //add rax, rcx 567 | rdx = ~rdx; //not rdx 568 | rcx = 0x7B695E53D3CD7B7F; //mov rcx, 0x7B695E53D3CD7B7F 569 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 570 | rax *= rcx; //imul rax, rcx 571 | rcx = 0x56A40B352BF2FDB7; //mov rcx, 0x56A40B352BF2FDB7 572 | rax -= rcx; //sub rax, rcx 573 | rcx = base + 0x32FFEB8B; //lea rcx, [0x000000002FEB25B1] 574 | rcx = ~rcx; //not rcx 575 | rcx *= r11; //imul rcx, r11 576 | rax += rcx; //add rax, rcx 577 | return rax; 578 | } 579 | case 15: 580 | { 581 | r10 = IO_READ_MEM(base + 0xCD59875); //mov r10, [0x0000000009C4C5FC] 582 | rdx = base + 0x23AC2B6F; //lea rdx, [0x000000002097607C] 583 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB3386] 584 | rax -= rcx; //sub rax, rcx 585 | rax += r11; //add rax, r11 586 | rdx = ~rdx; //not rdx 587 | rdx ^= r11; //xor rdx, r11 588 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 589 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 590 | rcx ^= r10; //xor rcx, r10 591 | rcx = ~rcx; //not rcx 592 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 593 | rcx = rax; //mov rcx, rax 594 | rcx >>= 0x17; //shr rcx, 0x17 595 | rax ^= rcx; //xor rax, rcx 596 | rcx = rax; //mov rcx, rax 597 | rcx >>= 0x2E; //shr rcx, 0x2E 598 | rax ^= rcx; //xor rax, rcx 599 | rax -= rdx; //sub rax, rdx 600 | rcx = 0xAE9091426078C4DF; //mov rcx, 0xAE9091426078C4DF 601 | rax *= rcx; //imul rax, rcx 602 | rcx = 0x2E839B5F3DB76D2B; //mov rcx, 0x2E839B5F3DB76D2B 603 | rax += rcx; //add rax, rcx 604 | rcx = 0x632E9341FBDD9A7C; //mov rcx, 0x632E9341FBDD9A7C 605 | rax -= rcx; //sub rax, rcx 606 | return rax; 607 | } 608 | } 609 | } 610 | uintptr_t decrypt_bone_base() 611 | { 612 | const uint64_t mb = base; 613 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 614 | rdx = IO_READ_MEM(base + 0x11698E78); 615 | if(!rdx) 616 | return rdx; 617 | r11 = peb; //mov r11, gs:[rax] 618 | rax = r11; //mov rax, r11 619 | rax <<= 0x22; //shl rax, 0x22 620 | rax = _byteswap_uint64(rax); //bswap rax 621 | rax &= 0xF; 622 | switch(rax) { 623 | case 0: 624 | { 625 | r9 = IO_READ_MEM(base + 0xCD59949); //mov r9, [0x000000000A2D34A4] 626 | rax = 0; //and rax, 0xFFFFFFFFC0000000 627 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 628 | rax ^= r9; //xor rax, r9 629 | rax = _byteswap_uint64(rax); //bswap rax 630 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 631 | rax = base; //lea rax, [0xFFFFFFFFFD53A0A6] 632 | rdx -= rax; //sub rdx, rax 633 | rax = 0xC98EF2FFB1E013D2; //mov rax, 0xC98EF2FFB1E013D2 634 | rdx += 0xFFFFFFFFFFFFC795; //add rdx, 0xFFFFFFFFFFFFC795 635 | rdx += r11; //add rdx, r11 636 | rdx ^= rax; //xor rdx, rax 637 | rdx ^= r11; //xor rdx, r11 638 | rax = 0x1AE0F1058D3590F1; //mov rax, 0x1AE0F1058D3590F1 639 | rdx *= rax; //imul rdx, rax 640 | rax = 0x1EAC0325CBA779BC; //mov rax, 0x1EAC0325CBA779BC 641 | rdx ^= rax; //xor rdx, rax 642 | rax = rdx; //mov rax, rdx 643 | rax >>= 0x1F; //shr rax, 0x1F 644 | rdx ^= rax; //xor rdx, rax 645 | rax = rdx; //mov rax, rdx 646 | rax >>= 0x3E; //shr rax, 0x3E 647 | rdx ^= rax; //xor rdx, rax 648 | rdx ^= r11; //xor rdx, r11 649 | return rdx; 650 | } 651 | case 1: 652 | { 653 | r10 = IO_READ_MEM(base + 0xCD59949); //mov r10, [0x000000000A2D2FA8] 654 | rax = 0x311E3C7DD1297B69; //mov rax, 0x311E3C7DD1297B69 655 | rdx *= rax; //imul rdx, rax 656 | rcx = r11; //mov rcx, r11 657 | rcx = ~rcx; //not rcx 658 | rax = 0; //and rax, 0xFFFFFFFFC0000000 659 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 660 | rax ^= r10; //xor rax, r10 661 | rax = _byteswap_uint64(rax); //bswap rax 662 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 663 | rax = base + 0x437D3D7F; //lea rax, [0x0000000040D0DA51] 664 | rax = ~rax; //not rax 665 | rcx += rax; //add rcx, rax 666 | rdx ^= rcx; //xor rdx, rcx 667 | rax = rdx; //mov rax, rdx 668 | rax >>= 0x28; //shr rax, 0x28 669 | rdx ^= rax; //xor rdx, rax 670 | rax = rdx; //mov rax, rdx 671 | rax >>= 0x13; //shr rax, 0x13 672 | rdx ^= rax; //xor rdx, rax 673 | rax = rdx; //mov rax, rdx 674 | rax >>= 0x26; //shr rax, 0x26 675 | rdx ^= rax; //xor rdx, rax 676 | rax = base; //lea rax, [0xFFFFFFFFFD539C9C] 677 | rax += 0x3B261317; //add rax, 0x3B261317 678 | rax += r11; //add rax, r11 679 | rdx += rax; //add rdx, rax 680 | rax = 0x85B82AEE944DCF96; //mov rax, 0x85B82AEE944DCF96 681 | rdx ^= rax; //xor rdx, rax 682 | rax = base; //lea rax, [0xFFFFFFFFFD539DA9] 683 | rdx += rax; //add rdx, rax 684 | return rdx; 685 | } 686 | case 2: 687 | { 688 | r9 = IO_READ_MEM(base + 0xCD59949); //mov r9, [0x000000000A2D2ACF] 689 | rax = rdx; //mov rax, rdx 690 | rax >>= 0x25; //shr rax, 0x25 691 | rdx ^= rax; //xor rdx, rax 692 | rax = rdx; //mov rax, rdx 693 | rax >>= 0xC; //shr rax, 0x0C 694 | rdx ^= rax; //xor rdx, rax 695 | rax = rdx; //mov rax, rdx 696 | rax >>= 0x18; //shr rax, 0x18 697 | rdx ^= rax; //xor rdx, rax 698 | rax = rdx; //mov rax, rdx 699 | rax >>= 0x30; //shr rax, 0x30 700 | rdx ^= rax; //xor rdx, rax 701 | rdx += r11; //add rdx, r11 702 | rax = 0; //and rax, 0xFFFFFFFFC0000000 703 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 704 | rax ^= r9; //xor rax, r9 705 | rax = _byteswap_uint64(rax); //bswap rax 706 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 707 | rdx ^= r11; //xor rdx, r11 708 | rax = 0x6B65DF2C3A88AE69; //mov rax, 0x6B65DF2C3A88AE69 709 | rdx -= rax; //sub rdx, rax 710 | rax = 0xA4B331303E4E7A67; //mov rax, 0xA4B331303E4E7A67 711 | rdx *= rax; //imul rdx, rax 712 | rax = 0x6A137DDDFCE4C0D7; //mov rax, 0x6A137DDDFCE4C0D7 713 | rdx -= rax; //sub rdx, rax 714 | return rdx; 715 | } 716 | case 3: 717 | { 718 | r9 = IO_READ_MEM(base + 0xCD59949); //mov r9, [0x000000000A2D2679] 719 | r10 = base + 0x1314A155; //lea r10, [0x00000000106836AD] 720 | rax = 0; //and rax, 0xFFFFFFFFC0000000 721 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 722 | rax ^= r9; //xor rax, r9 723 | rax = _byteswap_uint64(rax); //bswap rax 724 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 725 | rax = base; //lea rax, [0xFFFFFFFFFD53946F] 726 | rdx -= rax; //sub rdx, rax 727 | rax = rdx; //mov rax, rdx 728 | rax >>= 0x1F; //shr rax, 0x1F 729 | rdx ^= rax; //xor rdx, rax 730 | rax = rdx; //mov rax, rdx 731 | rax >>= 0x3E; //shr rax, 0x3E 732 | rdx ^= rax; //xor rdx, rax 733 | rdx ^= r11; //xor rdx, r11 734 | rax = r10; //mov rax, r10 735 | rax -= r11; //sub rax, r11 736 | rdx ^= rax; //xor rdx, rax 737 | rax = 0xD5A4D08183955257; //mov rax, 0xD5A4D08183955257 738 | rdx *= rax; //imul rdx, rax 739 | rax = 0x8DC8AE43913090FA; //mov rax, 0x8DC8AE43913090FA 740 | rdx ^= rax; //xor rdx, rax 741 | return rdx; 742 | } 743 | case 4: 744 | { 745 | r10 = IO_READ_MEM(base + 0xCD59949); //mov r10, [0x000000000A2D2370] 746 | rax = 0xF7A45523CB2EF07F; //mov rax, 0xF7A45523CB2EF07F 747 | rdx ^= rax; //xor rdx, rax 748 | rdx -= r11; //sub rdx, r11 749 | rdx -= r11; //sub rdx, r11 750 | rdx -= r11; //sub rdx, r11 751 | rax = rdx; //mov rax, rdx 752 | rax >>= 0x14; //shr rax, 0x14 753 | rdx ^= rax; //xor rdx, rax 754 | rax = rdx; //mov rax, rdx 755 | rax >>= 0x28; //shr rax, 0x28 756 | rdx ^= rax; //xor rdx, rax 757 | rax = 0; //and rax, 0xFFFFFFFFC0000000 758 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 759 | rax ^= r10; //xor rax, r10 760 | rax = _byteswap_uint64(rax); //bswap rax 761 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 762 | rax = base; //lea rax, [0xFFFFFFFFFD538EA4] 763 | rax += 0x8F29; //add rax, 0x8F29 764 | rax += r11; //add rax, r11 765 | rdx ^= rax; //xor rdx, rax 766 | rax = 0xD43375ADC5407E51; //mov rax, 0xD43375ADC5407E51 767 | rdx *= rax; //imul rdx, rax 768 | return rdx; 769 | } 770 | case 5: 771 | { 772 | r9 = IO_READ_MEM(base + 0xCD59949); //mov r9, [0x000000000A2D1EB7] 773 | rax = 0x7C5DF0A12057BE6; //mov rax, 0x7C5DF0A12057BE6 774 | rdx -= rax; //sub rdx, rax 775 | rax = 0x83F8FC0408B5D1AB; //mov rax, 0x83F8FC0408B5D1AB 776 | rdx ^= rax; //xor rdx, rax 777 | rax = base + 0x158DE932; //lea rax, [0x0000000012E1752A] 778 | rax = ~rax; //not rax 779 | rax *= r11; //imul rax, r11 780 | rdx += rax; //add rdx, rax 781 | rax = r11; //mov rax, r11 782 | uintptr_t RSP_0x98; 783 | RSP_0x98 = base + 0x12426297; //lea rax, [0x000000000F95F02B] : RSP+0x98 784 | rax *= RSP_0x98; //imul rax, [rsp+0x98] 785 | rdx ^= rax; //xor rdx, rax 786 | rax = base; //lea rax, [0xFFFFFFFFFD538B37] 787 | rax += 0x5541; //add rax, 0x5541 788 | rax += r11; //add rax, r11 789 | rdx += rax; //add rdx, rax 790 | rax = rdx; //mov rax, rdx 791 | rax >>= 0x5; //shr rax, 0x05 792 | rdx ^= rax; //xor rdx, rax 793 | rax = rdx; //mov rax, rdx 794 | rax >>= 0xA; //shr rax, 0x0A 795 | rdx ^= rax; //xor rdx, rax 796 | rax = rdx; //mov rax, rdx 797 | rax >>= 0x14; //shr rax, 0x14 798 | rdx ^= rax; //xor rdx, rax 799 | rax = rdx; //mov rax, rdx 800 | rax >>= 0x28; //shr rax, 0x28 801 | rdx ^= rax; //xor rdx, rax 802 | rax = 0; //and rax, 0xFFFFFFFFC0000000 803 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 804 | rax ^= r9; //xor rax, r9 805 | rax = _byteswap_uint64(rax); //bswap rax 806 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 807 | rax = 0x3F31D045C89ED8C5; //mov rax, 0x3F31D045C89ED8C5 808 | rdx *= rax; //imul rdx, rax 809 | return rdx; 810 | } 811 | case 6: 812 | { 813 | r10 = IO_READ_MEM(base + 0xCD59949); //mov r10, [0x000000000A2D1914] 814 | rax = rdx; //mov rax, rdx 815 | rax >>= 0x6; //shr rax, 0x06 816 | rdx ^= rax; //xor rdx, rax 817 | rax = rdx; //mov rax, rdx 818 | rax >>= 0xC; //shr rax, 0x0C 819 | rdx ^= rax; //xor rdx, rax 820 | rax = rdx; //mov rax, rdx 821 | rax >>= 0x18; //shr rax, 0x18 822 | rdx ^= rax; //xor rdx, rax 823 | rax = rdx; //mov rax, rdx 824 | rax >>= 0x30; //shr rax, 0x30 825 | rdx ^= rax; //xor rdx, rax 826 | rax = 0x7564570D161CA18D; //mov rax, 0x7564570D161CA18D 827 | rdx *= rax; //imul rdx, rax 828 | rax = rdx; //mov rax, rdx 829 | rax >>= 0x26; //shr rax, 0x26 830 | rdx ^= rax; //xor rdx, rax 831 | rax = base; //lea rax, [0xFFFFFFFFFD53857B] 832 | rax += 0x144205B7; //add rax, 0x144205B7 833 | rax += r11; //add rax, r11 834 | rdx ^= rax; //xor rdx, rax 835 | rax = 0x80C6B6FC948F6729; //mov rax, 0x80C6B6FC948F6729 836 | rdx *= rax; //imul rdx, rax 837 | rax = 0x31DF20582505A415; //mov rax, 0x31DF20582505A415 838 | rdx += rax; //add rdx, rax 839 | rax = 0; //and rax, 0xFFFFFFFFC0000000 840 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 841 | rax ^= r10; //xor rax, r10 842 | rax = _byteswap_uint64(rax); //bswap rax 843 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 844 | rax = base + 0x6DA9DAD4; //lea rax, [0x000000006AFD6203] 845 | rdx += rax; //add rdx, rax 846 | rcx = r11; //mov rcx, r11 847 | rcx = ~rcx; //not rcx 848 | rdx += rcx; //add rdx, rcx 849 | return rdx; 850 | } 851 | case 7: 852 | { 853 | r10 = IO_READ_MEM(base + 0xCD59949); //mov r10, [0x000000000A2D150F] 854 | rdx ^= r11; //xor rdx, r11 855 | rax = rdx; //mov rax, rdx 856 | rax >>= 0xD; //shr rax, 0x0D 857 | rdx ^= rax; //xor rdx, rax 858 | rax = rdx; //mov rax, rdx 859 | rax >>= 0x1A; //shr rax, 0x1A 860 | rdx ^= rax; //xor rdx, rax 861 | rax = rdx; //mov rax, rdx 862 | rax >>= 0x34; //shr rax, 0x34 863 | rdx ^= rax; //xor rdx, rax 864 | rax = rdx; //mov rax, rdx 865 | rax >>= 0x7; //shr rax, 0x07 866 | rdx ^= rax; //xor rdx, rax 867 | rax = rdx; //mov rax, rdx 868 | rax >>= 0xE; //shr rax, 0x0E 869 | rdx ^= rax; //xor rdx, rax 870 | rax = rdx; //mov rax, rdx 871 | rax >>= 0x1C; //shr rax, 0x1C 872 | rdx ^= rax; //xor rdx, rax 873 | rax = rdx; //mov rax, rdx 874 | rax >>= 0x38; //shr rax, 0x38 875 | rdx ^= rax; //xor rdx, rax 876 | rax = 0xCCB3012D7BB7524F; //mov rax, 0xCCB3012D7BB7524F 877 | rdx *= rax; //imul rdx, rax 878 | rax = 0x11516F5E5F563F90; //mov rax, 0x11516F5E5F563F90 879 | rdx -= rax; //sub rdx, rax 880 | rax = r11; //mov rax, r11 881 | rax = ~rax; //not rax 882 | uintptr_t RSP_0x68; 883 | RSP_0x68 = base + 0x4354; //lea rax, [0xFFFFFFFFFD53C753] : RSP+0x68 884 | rax *= RSP_0x68; //imul rax, [rsp+0x68] 885 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 886 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 887 | rdx += rax; //add rdx, rax 888 | rcx ^= r10; //xor rcx, r10 889 | rcx = _byteswap_uint64(rcx); //bswap rcx 890 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 891 | return rdx; 892 | } 893 | case 8: 894 | { 895 | r10 = IO_READ_MEM(base + 0xCD59949); //mov r10, [0x000000000A2D1068] 896 | rdx -= r11; //sub rdx, r11 897 | rax = 0xEDC13D6B57B6E285; //mov rax, 0xEDC13D6B57B6E285 898 | rdx *= rax; //imul rdx, rax 899 | rax = r11; //mov rax, r11 900 | uintptr_t RSP_0x98; 901 | RSP_0x98 = base + 0x7D814959; //lea rax, [0x000000007AD4C88C] : RSP+0x98 902 | rax ^= RSP_0x98; //xor rax, [rsp+0x98] 903 | rax += r11; //add rax, r11 904 | rdx += rax; //add rdx, rax 905 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 906 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 907 | rcx ^= r10; //xor rcx, r10 908 | rcx = _byteswap_uint64(rcx); //bswap rcx 909 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 910 | rax = rdx; //mov rax, rdx 911 | rax >>= 0x21; //shr rax, 0x21 912 | rdx ^= rax; //xor rdx, rax 913 | rdx += r11; //add rdx, r11 914 | rax = base; //lea rax, [0xFFFFFFFFFD537DE8] 915 | rdx ^= rax; //xor rdx, rax 916 | return rdx; 917 | } 918 | case 9: 919 | { 920 | r9 = IO_READ_MEM(base + 0xCD59949); //mov r9, [0x000000000A2D0D18] 921 | rax = rdx; //mov rax, rdx 922 | rax >>= 0xB; //shr rax, 0x0B 923 | rdx ^= rax; //xor rdx, rax 924 | rax = rdx; //mov rax, rdx 925 | rax >>= 0x16; //shr rax, 0x16 926 | rdx ^= rax; //xor rdx, rax 927 | rax = rdx; //mov rax, rdx 928 | rax >>= 0x2C; //shr rax, 0x2C 929 | rdx ^= rax; //xor rdx, rax 930 | rax = base; //lea rax, [0xFFFFFFFFFD5377CA] 931 | rdx ^= rax; //xor rdx, rax 932 | rax = 0; //and rax, 0xFFFFFFFFC0000000 933 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 934 | rax ^= r9; //xor rax, r9 935 | rax = _byteswap_uint64(rax); //bswap rax 936 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 937 | rax = rdx; //mov rax, rdx 938 | rax >>= 0xB; //shr rax, 0x0B 939 | rdx ^= rax; //xor rdx, rax 940 | rax = rdx; //mov rax, rdx 941 | rax >>= 0x16; //shr rax, 0x16 942 | rdx ^= rax; //xor rdx, rax 943 | rax = rdx; //mov rax, rdx 944 | rax >>= 0x2C; //shr rax, 0x2C 945 | rdx ^= rax; //xor rdx, rax 946 | rax = 0x53198E81F809E193; //mov rax, 0x53198E81F809E193 947 | rax -= r11; //sub rax, r11 948 | rax -= base; //sub rax, [rsp+0xD0] -- didn't find trace -> use base 949 | rdx += rax; //add rdx, rax 950 | rax = 0x5E76F88978AFE528; //mov rax, 0x5E76F88978AFE528 951 | rdx += rax; //add rdx, rax 952 | rax = 0x33557C5CEFBE234B; //mov rax, 0x33557C5CEFBE234B 953 | rdx *= rax; //imul rdx, rax 954 | return rdx; 955 | } 956 | case 10: 957 | { 958 | r10 = IO_READ_MEM(base + 0xCD59949); //mov r10, [0x000000000A2D07FD] 959 | rax = base; //lea rax, [0xFFFFFFFFFD53756B] 960 | rdx -= rax; //sub rdx, rax 961 | rcx = rdx; //mov rcx, rdx 962 | rcx >>= 0x27; //shr rcx, 0x27 963 | rcx ^= rdx; //xor rcx, rdx 964 | rdx = base + 0x9688; //lea rdx, [0xFFFFFFFFFD540AE5] 965 | rdx *= r11; //imul rdx, r11 966 | rdx += rcx; //add rdx, rcx 967 | rax = rdx; //mov rax, rdx 968 | rax >>= 0x13; //shr rax, 0x13 969 | rdx ^= rax; //xor rdx, rax 970 | rax = rdx; //mov rax, rdx 971 | rax >>= 0x26; //shr rax, 0x26 972 | rdx ^= rax; //xor rdx, rax 973 | rax = 0; //and rax, 0xFFFFFFFFC0000000 974 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 975 | rax ^= r10; //xor rax, r10 976 | rax = _byteswap_uint64(rax); //bswap rax 977 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 978 | rax = 0x3331EF2FFF7DD801; //mov rax, 0x3331EF2FFF7DD801 979 | rdx *= rax; //imul rdx, rax 980 | rax = 0x2130706D6228E017; //mov rax, 0x2130706D6228E017 981 | rdx ^= rax; //xor rdx, rax 982 | return rdx; 983 | } 984 | case 11: 985 | { 986 | r10 = IO_READ_MEM(base + 0xCD59949); //mov r10, [0x000000000A2D030A] 987 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 988 | rax = base + 0x1E13DCA3; //lea rax, [0x000000001B674AD7] 989 | rax = ~rax; //not rax 990 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 991 | rax += r11; //add rax, r11 992 | rcx ^= r10; //xor rcx, r10 993 | rdx += rax; //add rdx, rax 994 | rcx = _byteswap_uint64(rcx); //bswap rcx 995 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 996 | rax = base; //lea rax, [0xFFFFFFFFFD536E06] 997 | rax += 0x9D9E; //add rax, 0x9D9E 998 | rax += r11; //add rax, r11 999 | rdx += rax; //add rdx, rax 1000 | rax = r11; //mov rax, r11 1001 | rax -= base; //sub rax, [rsp+0xD0] -- didn't find trace -> use base 1002 | rdx += rax; //add rdx, rax 1003 | rax = 0x10CE41F37EB30D3D; //mov rax, 0x10CE41F37EB30D3D 1004 | rdx *= rax; //imul rdx, rax 1005 | rax = 0x3078E9571E8D51B0; //mov rax, 0x3078E9571E8D51B0 1006 | rdx -= rax; //sub rdx, rax 1007 | rax = 0x13796DAAB7614CCB; //mov rax, 0x13796DAAB7614CCB 1008 | rdx += rax; //add rdx, rax 1009 | rax = rdx; //mov rax, rdx 1010 | rax >>= 0x11; //shr rax, 0x11 1011 | rdx ^= rax; //xor rdx, rax 1012 | rcx = base + 0x7C2A0085; //lea rcx, [0x00000000797D6F4F] 1013 | rcx = ~rcx; //not rcx 1014 | rcx *= r11; //imul rcx, r11 1015 | rax = rdx; //mov rax, rdx 1016 | rax >>= 0x22; //shr rax, 0x22 1017 | rcx ^= rax; //xor rcx, rax 1018 | rdx ^= rcx; //xor rdx, rcx 1019 | return rdx; 1020 | } 1021 | case 12: 1022 | { 1023 | r9 = IO_READ_MEM(base + 0xCD59949); //mov r9, [0x000000000A2CFEAF] 1024 | rax = 0; //and rax, 0xFFFFFFFFC0000000 1025 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 1026 | rax ^= r9; //xor rax, r9 1027 | rax = _byteswap_uint64(rax); //bswap rax 1028 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 1029 | rdx -= r11; //sub rdx, r11 1030 | rax = 0x509EB372CDB3AEF3; //mov rax, 0x509EB372CDB3AEF3 1031 | rdx *= rax; //imul rdx, rax 1032 | rax = 0x3978478545AD0B0E; //mov rax, 0x3978478545AD0B0E 1033 | rdx += rax; //add rdx, rax 1034 | rax = rdx; //mov rax, rdx 1035 | rax >>= 0x11; //shr rax, 0x11 1036 | rdx ^= rax; //xor rdx, rax 1037 | rax = rdx; //mov rax, rdx 1038 | rax >>= 0x22; //shr rax, 0x22 1039 | rdx ^= rax; //xor rdx, rax 1040 | rax = 0xF1F3C3AA4D6D1089; //mov rax, 0xF1F3C3AA4D6D1089 1041 | rdx *= rax; //imul rdx, rax 1042 | return rdx; 1043 | } 1044 | case 13: 1045 | { 1046 | r10 = IO_READ_MEM(base + 0xCD59949); //mov r10, [0x000000000A2CFA18] 1047 | rax = rdx; //mov rax, rdx 1048 | rax >>= 0xE; //shr rax, 0x0E 1049 | rdx ^= rax; //xor rdx, rax 1050 | rax = rdx; //mov rax, rdx 1051 | rax >>= 0x1C; //shr rax, 0x1C 1052 | rdx ^= rax; //xor rdx, rax 1053 | rax = rdx; //mov rax, rdx 1054 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 1055 | rax >>= 0x38; //shr rax, 0x38 1056 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 1057 | rdx ^= rax; //xor rdx, rax 1058 | rcx ^= r10; //xor rcx, r10 1059 | rdx += r11; //add rdx, r11 1060 | rcx = _byteswap_uint64(rcx); //bswap rcx 1061 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 1062 | rax = 0xEA5C4AF83EEC98D; //mov rax, 0xEA5C4AF83EEC98D 1063 | rdx += rax; //add rdx, rax 1064 | rax = base + 0x7FFA; //lea rax, [0xFFFFFFFFFD53E72B] 1065 | rax = ~rax; //not rax 1066 | rax ^= r11; //xor rax, r11 1067 | rdx ^= rax; //xor rdx, rax 1068 | rax = 0x58CCD785809FBA65; //mov rax, 0x58CCD785809FBA65 1069 | rdx *= rax; //imul rdx, rax 1070 | rax = 0xCB1252FFDD097729; //mov rax, 0xCB1252FFDD097729 1071 | rdx *= rax; //imul rdx, rax 1072 | rax = base; //lea rax, [0xFFFFFFFFFD5364C7] 1073 | rax += 0x1CFB; //add rax, 0x1CFB 1074 | rax += r11; //add rax, r11 1075 | rdx += rax; //add rdx, rax 1076 | return rdx; 1077 | } 1078 | case 14: 1079 | { 1080 | r10 = IO_READ_MEM(base + 0xCD59949); //mov r10, [0x000000000A2CF45F] 1081 | rax = rdx; //mov rax, rdx 1082 | rax >>= 0x1C; //shr rax, 0x1C 1083 | rdx ^= rax; //xor rdx, rax 1084 | rax = rdx; //mov rax, rdx 1085 | rax >>= 0x38; //shr rax, 0x38 1086 | rax ^= rdx; //xor rax, rdx 1087 | rdx = base; //lea rdx, [0xFFFFFFFFFD535FE9] 1088 | rax -= rdx; //sub rax, rdx 1089 | rdx = r11 + 0xffffffffd3bc8867; //lea rdx, [r11-0x2C437799] 1090 | rdx += rax; //add rdx, rax 1091 | rax = 0; //and rax, 0xFFFFFFFFC0000000 1092 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 1093 | rax ^= r10; //xor rax, r10 1094 | rax = _byteswap_uint64(rax); //bswap rax 1095 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 1096 | rax = base; //lea rax, [0xFFFFFFFFFD535EFA] 1097 | rdx -= rax; //sub rdx, rax 1098 | rax = 0x311461FA31B150C8; //mov rax, 0x311461FA31B150C8 1099 | rdx ^= rax; //xor rdx, rax 1100 | rax = 0x3D057F65AC2E944D; //mov rax, 0x3D057F65AC2E944D 1101 | rdx += rax; //add rdx, rax 1102 | rax = 0x3EA61F392134306F; //mov rax, 0x3EA61F392134306F 1103 | rdx *= rax; //imul rdx, rax 1104 | rax = rdx; //mov rax, rdx 1105 | rax >>= 0x16; //shr rax, 0x16 1106 | rdx ^= rax; //xor rdx, rax 1107 | rax = rdx; //mov rax, rdx 1108 | rax >>= 0x2C; //shr rax, 0x2C 1109 | rdx ^= rax; //xor rdx, rax 1110 | return rdx; 1111 | } 1112 | case 15: 1113 | { 1114 | r10 = IO_READ_MEM(base + 0xCD59949); //mov r10, [0x000000000A2CEFCD] 1115 | rax = rdx; //mov rax, rdx 1116 | rax >>= 0x25; //shr rax, 0x25 1117 | rdx ^= rax; //xor rdx, rax 1118 | rdx -= r11; //sub rdx, r11 1119 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 1120 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 1121 | rcx ^= r10; //xor rcx, r10 1122 | rax = base; //lea rax, [0xFFFFFFFFFD535C52] 1123 | rax += 0x953; //add rax, 0x953 1124 | rax += r11; //add rax, r11 1125 | rcx = _byteswap_uint64(rcx); //bswap rcx 1126 | rdx ^= rax; //xor rdx, rax 1127 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 1128 | rax = 0xEDC186E4F45D82CF; //mov rax, 0xEDC186E4F45D82CF 1129 | rdx *= rax; //imul rdx, rax 1130 | rdx -= r11; //sub rdx, r11 1131 | rax = base; //lea rax, [0xFFFFFFFFFD535B5A] 1132 | rdx -= rax; //sub rdx, rax 1133 | rax = 0x579691DADE4159FD; //mov rax, 0x579691DADE4159FD 1134 | rdx *= rax; //imul rdx, rax 1135 | rax = 0x20B206512FA8AEE; //mov rax, 0x20B206512FA8AEE 1136 | rdx -= rax; //sub rdx, rax 1137 | rax = 0x804CFF40F9D9BEBF; //mov rax, 0x804CFF40F9D9BEBF 1138 | rdx *= rax; //imul rdx, rax 1139 | return rdx; 1140 | } 1141 | } 1142 | } 1143 | uint16_t get_bone_index(uint32_t bone_index) 1144 | { 1145 | const uint64_t mb = base; 1146 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 1147 | rsi = bone_index; 1148 | rcx = rsi * 0x13C8; 1149 | rax = 0xD8CE01BF28E39A45; //mov rax, 0xD8CE01BF28E39A45 1150 | rax = _umul128(rax, rcx, (uintptr_t*)&rdx); //mul rcx 1151 | rdi = base; //lea rdi, [0xFFFFFFFFFD4C3F5A] 1152 | r10 = 0xB225E47EA96E19B5; //mov r10, 0xB225E47EA96E19B5 1153 | rdx >>= 0xD; //shr rdx, 0x0D 1154 | rax = rdx * 0x25C9; //imul rax, rdx, 0x25C9 1155 | rcx -= rax; //sub rcx, rax 1156 | rax = 0xCEA41D97BF6494DF; //mov rax, 0xCEA41D97BF6494DF 1157 | r8 = rcx * 0x25C9; //imul r8, rcx, 0x25C9 1158 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1159 | rax = r8; //mov rax, r8 1160 | rax -= rdx; //sub rax, rdx 1161 | rax >>= 0x1; //shr rax, 0x01 1162 | rax += rdx; //add rax, rdx 1163 | rax >>= 0xE; //shr rax, 0x0E 1164 | rax = rax * 0x46D4; //imul rax, rax, 0x46D4 1165 | r8 -= rax; //sub r8, rax 1166 | rax = 0x526226F064679F75; //mov rax, 0x526226F064679F75 1167 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1168 | rax = 0xD79435E50D79435F; //mov rax, 0xD79435E50D79435F 1169 | rdx >>= 0x9; //shr rdx, 0x09 1170 | rcx = rdx * 0x637; //imul rcx, rdx, 0x637 1171 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1172 | rdx >>= 0x4; //shr rdx, 0x04 1173 | rcx += rdx; //add rcx, rdx 1174 | rax = rcx * 0x26; //imul rax, rcx, 0x26 1175 | rcx = r8 + r8 * 4; //lea rcx, [r8+r8*4] 1176 | rcx <<= 0x3; //shl rcx, 0x03 1177 | rcx -= rax; //sub rcx, rax 1178 | rax = IO_READ_MEM(rcx + rdi * 1 + 0xBCD3250); //movzx eax, word ptr [rcx+rdi*1+0xBD077E0] 1179 | r8 = rax * 0x13C8; //imul r8, rax, 0x13C8 1180 | rax = r10; //mov rax, r10 1181 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1182 | rcx = r8; //mov rcx, r8 1183 | rax = r10; //mov rax, r10 1184 | rcx -= rdx; //sub rcx, rdx 1185 | rcx >>= 0x1; //shr rcx, 0x01 1186 | rcx += rdx; //add rcx, rdx 1187 | rcx >>= 0xD; //shr rcx, 0x0D 1188 | rcx = rcx * 0x25BD; //imul rcx, rcx, 0x25BD 1189 | r8 -= rcx; //sub r8, rcx 1190 | r9 = r8 * 0x319C; //imul r9, r8, 0x319C 1191 | rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9 1192 | rax = r9; //mov rax, r9 1193 | rax -= rdx; //sub rax, rdx 1194 | rax >>= 0x1; //shr rax, 0x01 1195 | rax += rdx; //add rax, rdx 1196 | rax >>= 0xD; //shr rax, 0x0D 1197 | rax = rax * 0x25BD; //imul rax, rax, 0x25BD 1198 | r9 -= rax; //sub r9, rax 1199 | rax = 0x842108421084211; //mov rax, 0x842108421084211 1200 | rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9 1201 | rax = r9; //mov rax, r9 1202 | rax -= rdx; //sub rax, rdx 1203 | rax >>= 0x1; //shr rax, 0x01 1204 | rax += rdx; //add rax, rdx 1205 | rax >>= 0xA; //shr rax, 0x0A 1206 | rcx = rax * 0x7C0; //imul rcx, rax, 0x7C0 1207 | rax = 0xE38E38E38E38E38F; //mov rax, 0xE38E38E38E38E38F 1208 | rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9 1209 | rdx >>= 0x3; //shr rdx, 0x03 1210 | rcx += rdx; //add rcx, rdx 1211 | rax = rcx + rcx * 8; //lea rax, [rcx+rcx*8] 1212 | rax += rax; //add rax, rax 1213 | rcx = r9 + r9 * 4; //lea rcx, [r9+r9*4] 1214 | rcx <<= 0x2; //shl rcx, 0x02 1215 | rcx -= rax; //sub rcx, rax 1216 | r12 = IO_READ_MEM(rcx + rdi * 1 + 0xBCE1E80); //movsx r12d, word ptr [rcx+rdi*1+0xBD16410] 1217 | return r12; 1218 | } 1219 | 1220 | constexpr auto ref_def_ptr = 0x13A727E0; 1221 | constexpr auto name_array = 0x13C30528; 1222 | constexpr auto loot_ptr = 0xE3CB3A0; 1223 | constexpr auto camera_base = 0x13BEC9A0; 1224 | constexpr auto local_index = 0x76310; 1225 | constexpr auto game_mode = 0xD0311E8; 1226 | constexpr auto weapon_definitions = 0x13ACAB70; 1227 | constexpr auto distribute = 0x1049EFB0; 1228 | constexpr auto visible_bit = 0x12BE14; 1229 | 1230 | constexpr auto size = 0x1E68; 1231 | constexpr auto valid = 0xFA9; 1232 | constexpr auto pos = 0x1620; 1233 | constexpr auto team = 0x568; 1234 | constexpr auto stance = 0x6A0; 1235 | constexpr auto weapon_index = 0x1ABC; 1236 | constexpr auto dead_1 = 0x19F4; 1237 | constexpr auto dead_2 = 0xDC0; 1238 | 1239 | constexpr auto bone_base = 0x126948; 1240 | -------------------------------------------------------------------------------- /steam: -------------------------------------------------------------------------------- 1 | uintptr_t decrypt_client_info() 2 | { 3 | const uint64_t mb = base; 4 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 5 | rbx = IO_READ_MEM(base + 0x1364DF78); 6 | if(!rbx) 7 | return rbx; 8 | rcx = peb; //mov rcx, gs:[rax] 9 | //rdx = 000001B4DEB500E8//failed to trace. base: 00007FF6147D0000 It's possibly wrong 10 | rbx += 0xFFFFFFFFFFFF9357; //add rbx, 0xFFFFFFFFFFFF9357 11 | rcx -= rdx; //sub rcx, rdx 12 | rcx += rbx; //add rcx, rbx 13 | rax = rcx; //mov rax, rcx 14 | rax >>= 0x1D; //shr rax, 0x1D 15 | rcx ^= rax; //xor rcx, rax 16 | rbx = rcx; //mov rbx, rcx 17 | rax = 0; //and rax, 0xFFFFFFFFC0000000 18 | rbx >>= 0x3A; //shr rbx, 0x3A 19 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 20 | rbx ^= rcx; //xor rbx, rcx 21 | rax ^= IO_READ_MEM(base + 0xC9FD4FC); //xor rax, [0x000000000A1C5338] 22 | rax = _byteswap_uint64(rax); //bswap rax 23 | rbx *= IO_READ_MEM(rax + 0x15); //imul rbx, [rax+0x15] 24 | rax = 0xD67810518E7F25DD; //mov rax, 0xD67810518E7F25DD 25 | rbx *= rax; //imul rbx, rax 26 | rax = rbx; //mov rax, rbx 27 | rax >>= 0x5; //shr rax, 0x05 28 | rbx ^= rax; //xor rbx, rax 29 | rax = rbx; //mov rax, rbx 30 | rax >>= 0xA; //shr rax, 0x0A 31 | rbx ^= rax; //xor rbx, rax 32 | rax = rbx; //mov rax, rbx 33 | rax >>= 0x14; //shr rax, 0x14 34 | rbx ^= rax; //xor rbx, rax 35 | rax = rbx; //mov rax, rbx 36 | rax >>= 0x28; //shr rax, 0x28 37 | rbx ^= rax; //xor rbx, rax 38 | return rbx; 39 | } 40 | uintptr_t decrypt_client_base() 41 | { 42 | const uint64_t mb = base; 43 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 44 | rax = IO_READ_MEM(client_info + 0x1d3630); 45 | if(!rax) 46 | return rax; 47 | r11= ~peb; //mov r11, gs:[rcx] 48 | rcx = r11; //mov rcx, r11 49 | //failed to translate: mov [rsp+0x3E0], r13 50 | rcx = _rotl64(rcx, 0x34); //rol rcx, 0x34 51 | rcx &= 0xF; 52 | switch(rcx) { 53 | case 0: 54 | { 55 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C512F5] 56 | r13 = base + 0x16CBED5E; //lea r13, [0x0000000013B76FFB] 57 | rdx = base + 0x33D36DEA; //lea rdx, [0x0000000030BEF029] 58 | rax ^= r11; //xor rax, r11 59 | rax ^= rdx; //xor rax, rdx 60 | rcx = r11; //mov rcx, r11 61 | rcx *= r13; //imul rcx, r13 62 | rax -= rcx; //sub rax, rcx 63 | rcx = 0x2F44AFC8DA410289; //mov rcx, 0x2F44AFC8DA410289 64 | rax *= rcx; //imul rax, rcx 65 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 66 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 67 | rcx ^= r10; //xor rcx, r10 68 | rcx = ~rcx; //not rcx 69 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 70 | rcx = 0x31EA6C7327F2F48F; //mov rcx, 0x31EA6C7327F2F48F 71 | rax *= rcx; //imul rax, rcx 72 | rcx = r11; //mov rcx, r11 73 | rcx = ~rcx; //not rcx 74 | uintptr_t RSP_0xFFFFFFFFFFFFFF90; 75 | RSP_0xFFFFFFFFFFFFFF90 = base + 0xDD05; //lea rcx, [0xFFFFFFFFFCEC5FBE] : RBP+0xFFFFFFFFFFFFFF90 76 | rcx ^= RSP_0xFFFFFFFFFFFFFF90; //xor rcx, [rbp-0x70] 77 | rax -= rcx; //sub rax, rcx 78 | rcx = rax; //mov rcx, rax 79 | rcx >>= 0xF; //shr rcx, 0x0F 80 | rax ^= rcx; //xor rax, rcx 81 | rcx = rax; //mov rcx, rax 82 | rcx >>= 0x1E; //shr rcx, 0x1E 83 | rax ^= rcx; //xor rax, rcx 84 | rcx = rax; //mov rcx, rax 85 | rcx >>= 0x3C; //shr rcx, 0x3C 86 | rax ^= rcx; //xor rax, rcx 87 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB8061] 88 | rax -= rcx; //sub rax, rcx 89 | return rax; 90 | } 91 | case 1: 92 | { 93 | r9 = IO_READ_MEM(base + 0xC9FD565); //mov r9, [0x0000000009C50E13] 94 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB799B] 95 | rcx += 0x4C577047; //add rcx, 0x4C577047 96 | rcx += r11; //add rcx, r11 97 | rax ^= rcx; //xor rax, rcx 98 | rcx = rax; //mov rcx, rax 99 | rcx >>= 0x16; //shr rcx, 0x16 100 | rax ^= rcx; //xor rax, rcx 101 | rcx = rax; //mov rcx, rax 102 | rcx >>= 0x2C; //shr rcx, 0x2C 103 | rax ^= rcx; //xor rax, rcx 104 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB7AA1] 105 | rax ^= rcx; //xor rax, rcx 106 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB7B6C] 107 | rcx += 0x673BCC74; //add rcx, 0x673BCC74 108 | rcx += r11; //add rcx, r11 109 | rax ^= rcx; //xor rax, rcx 110 | rcx = 0x14CEC15D15237845; //mov rcx, 0x14CEC15D15237845 111 | rax *= rcx; //imul rax, rcx 112 | rcx = 0xC6C8F26557A42C57; //mov rcx, 0xC6C8F26557A42C57 113 | rax *= rcx; //imul rax, rcx 114 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 115 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 116 | rcx ^= r9; //xor rcx, r9 117 | rcx = ~rcx; //not rcx 118 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 119 | return rax; 120 | } 121 | case 2: 122 | { 123 | r9 = IO_READ_MEM(base + 0xC9FD565); //mov r9, [0x0000000009C5099D] 124 | rcx = rax; //mov rcx, rax 125 | rcx >>= 0xC; //shr rcx, 0x0C 126 | rax ^= rcx; //xor rax, rcx 127 | rcx = rax; //mov rcx, rax 128 | rcx >>= 0x18; //shr rcx, 0x18 129 | rax ^= rcx; //xor rax, rcx 130 | rcx = rax; //mov rcx, rax 131 | rcx >>= 0x30; //shr rcx, 0x30 132 | rax ^= rcx; //xor rax, rcx 133 | rax -= r11; //sub rax, r11 134 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 135 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 136 | rcx ^= r9; //xor rcx, r9 137 | rcx = ~rcx; //not rcx 138 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 139 | rcx = base + 0x40BA9587; //lea rcx, [0x000000003DA60D89] 140 | rax += r11; //add rax, r11 141 | rax += rcx; //add rax, rcx 142 | rcx = 0xB820512AEEAE20F1; //mov rcx, 0xB820512AEEAE20F1 143 | rax *= rcx; //imul rax, rcx 144 | rcx = 0x5B4702F448FEE148; //mov rcx, 0x5B4702F448FEE148 145 | rax ^= rcx; //xor rax, rcx 146 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB77DA] 147 | rax += rcx; //add rax, rcx 148 | rcx = rax; //mov rcx, rax 149 | rcx >>= 0x12; //shr rcx, 0x12 150 | rax ^= rcx; //xor rax, rcx 151 | rcx = rax; //mov rcx, rax 152 | rcx >>= 0x24; //shr rcx, 0x24 153 | rax ^= rcx; //xor rax, rcx 154 | return rax; 155 | } 156 | case 3: 157 | { 158 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C50451] 159 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB712E] 160 | rax -= rcx; //sub rax, rcx 161 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB6FAF] 162 | rax ^= rcx; //xor rax, rcx 163 | rcx = rax; //mov rcx, rax 164 | rcx >>= 0x13; //shr rcx, 0x13 165 | rax ^= rcx; //xor rax, rcx 166 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 167 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 168 | rcx = rax; //mov rcx, rax 169 | rdx ^= r10; //xor rdx, r10 170 | rcx >>= 0x26; //shr rcx, 0x26 171 | rdx = ~rdx; //not rdx 172 | rax ^= rcx; //xor rax, rcx 173 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 174 | rcx = r11; //mov rcx, r11 175 | rcx = ~rcx; //not rcx 176 | uintptr_t RSP_0xFFFFFFFFFFFFFF88; 177 | RSP_0xFFFFFFFFFFFFFF88 = base + 0x639AA956; //lea rcx, [0x0000000060861D26] : RBP+0xFFFFFFFFFFFFFF88 178 | rcx += RSP_0xFFFFFFFFFFFFFF88; //add rcx, [rbp-0x78] 179 | rax ^= rcx; //xor rax, rcx 180 | rcx = 0xEF7AA6541B0960DD; //mov rcx, 0xEF7AA6541B0960DD 181 | rax ^= rcx; //xor rax, rcx 182 | rcx = 0xAC44478E4E7E319F; //mov rcx, 0xAC44478E4E7E319F 183 | rax *= rcx; //imul rax, rcx 184 | rcx = 0x69DF0E377EDBC9BB; //mov rcx, 0x69DF0E377EDBC9BB 185 | rax ^= rcx; //xor rax, rcx 186 | return rax; 187 | } 188 | case 4: 189 | { 190 | r9 = IO_READ_MEM(base + 0xC9FD565); //mov r9, [0x0000000009C4FFD5] 191 | rcx = 0x6B6B6FEB24A18CBC; //mov rcx, 0x6B6B6FEB24A18CBC 192 | rax ^= rcx; //xor rax, rcx 193 | rcx = 0xE26425F12DE4CEB; //mov rcx, 0xE26425F12DE4CEB 194 | rax ^= rcx; //xor rax, rcx 195 | rcx = rax; //mov rcx, rax 196 | rcx >>= 0x15; //shr rcx, 0x15 197 | rax ^= rcx; //xor rax, rcx 198 | rcx = rax; //mov rcx, rax 199 | rcx >>= 0x2A; //shr rcx, 0x2A 200 | rax ^= rcx; //xor rax, rcx 201 | rax += r11; //add rax, r11 202 | rcx = 0xC6BD746DB1DF1B31; //mov rcx, 0xC6BD746DB1DF1B31 203 | rax *= rcx; //imul rax, rcx 204 | rax -= base; //sub rax, [rbp-0x70] -- didn't find trace -> use base 205 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 206 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 207 | rcx ^= r9; //xor rcx, r9 208 | rcx = ~rcx; //not rcx 209 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 210 | rcx = rax; //mov rcx, rax 211 | rcx >>= 0x1; //shr rcx, 0x01 212 | rax ^= rcx; //xor rax, rcx 213 | rcx = rax; //mov rcx, rax 214 | rcx >>= 0x2; //shr rcx, 0x02 215 | rax ^= rcx; //xor rax, rcx 216 | rcx = rax; //mov rcx, rax 217 | rcx >>= 0x4; //shr rcx, 0x04 218 | rax ^= rcx; //xor rax, rcx 219 | rcx = rax; //mov rcx, rax 220 | rcx >>= 0x8; //shr rcx, 0x08 221 | rax ^= rcx; //xor rax, rcx 222 | rcx = rax; //mov rcx, rax 223 | rcx >>= 0x10; //shr rcx, 0x10 224 | rax ^= rcx; //xor rax, rcx 225 | rcx = rax; //mov rcx, rax 226 | rcx >>= 0x20; //shr rcx, 0x20 227 | rax ^= rcx; //xor rax, rcx 228 | return rax; 229 | } 230 | case 5: 231 | { 232 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C4F8CF] 233 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 234 | rcx = r11 * 0xFFFFFFFFFFFFFFFE; //imul rcx, r11, 0xFFFFFFFFFFFFFFFE 235 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 236 | rax += rcx; //add rax, rcx 237 | rdx ^= r10; //xor rdx, r10 238 | rcx = base + 0x5F737FAA; //lea rcx, [0x000000005C5EE5B8] 239 | rdx = ~rdx; //not rdx 240 | rax += rcx; //add rax, rcx 241 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 242 | rcx = rax; //mov rcx, rax 243 | rcx >>= 0x19; //shr rcx, 0x19 244 | rax ^= rcx; //xor rax, rcx 245 | rcx = rax; //mov rcx, rax 246 | rcx >>= 0x32; //shr rcx, 0x32 247 | rax ^= rcx; //xor rax, rcx 248 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB6490] 249 | rcx += 0x6987CC3C; //add rcx, 0x6987CC3C 250 | rcx += r11; //add rcx, r11 251 | rax += rcx; //add rax, rcx 252 | rcx = 0xBEC2B746A9461603; //mov rcx, 0xBEC2B746A9461603 253 | rax *= rcx; //imul rax, rcx 254 | rcx = 0x7D25D991052F24B5; //mov rcx, 0x7D25D991052F24B5 255 | rax += rcx; //add rax, rcx 256 | rcx = 0x6B9AD86F193C7172; //mov rcx, 0x6B9AD86F193C7172 257 | rax += rcx; //add rax, rcx 258 | return rax; 259 | } 260 | case 6: 261 | { 262 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C4F463] 263 | rdx = base + 0x50AF1F4F; //lea rdx, [0x000000004D9A82F5] 264 | rax += r11; //add rax, r11 265 | rcx = r11; //mov rcx, r11 266 | rcx ^= rdx; //xor rcx, rdx 267 | rax -= rcx; //sub rax, rcx 268 | rcx = 0xFA37AFACEF63040B; //mov rcx, 0xFA37AFACEF63040B 269 | rax ^= rcx; //xor rax, rcx 270 | rcx = 0xE15A50F0F0B4D5D9; //mov rcx, 0xE15A50F0F0B4D5D9 271 | rax *= rcx; //imul rax, rcx 272 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 273 | rcx = base + 0xEE8B; //lea rcx, [0xFFFFFFFFFCEC4E9B] 274 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 275 | rcx -= r11; //sub rcx, r11 276 | rax ^= rcx; //xor rax, rcx 277 | rdx ^= r10; //xor rdx, r10 278 | rdx = ~rdx; //not rdx 279 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 280 | rcx = 0x61E687AD8B6807D4; //mov rcx, 0x61E687AD8B6807D4 281 | rax += rcx; //add rax, rcx 282 | rcx = rax; //mov rcx, rax 283 | rcx >>= 0x15; //shr rcx, 0x15 284 | rax ^= rcx; //xor rax, rcx 285 | rcx = rax; //mov rcx, rax 286 | rcx >>= 0x2A; //shr rcx, 0x2A 287 | rax ^= rcx; //xor rax, rcx 288 | return rax; 289 | } 290 | case 7: 291 | { 292 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C4EF4D] 293 | r13 = base + 0xBEE4; //lea r13, [0xFFFFFFFFFCEC1DE4] 294 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB5B9A] 295 | rax ^= rcx; //xor rax, rcx 296 | rcx = 0x8DB3E6B3BD449D8; //mov rcx, 0x8DB3E6B3BD449D8 297 | rax += rcx; //add rax, rcx 298 | rcx = 0x7CFD8CC5318E532F; //mov rcx, 0x7CFD8CC5318E532F 299 | rax *= rcx; //imul rax, rcx 300 | rcx = rax; //mov rcx, rax 301 | rcx >>= 0x7; //shr rcx, 0x07 302 | rax ^= rcx; //xor rax, rcx 303 | rcx = rax; //mov rcx, rax 304 | rcx >>= 0xE; //shr rcx, 0x0E 305 | rax ^= rcx; //xor rax, rcx 306 | rcx = rax; //mov rcx, rax 307 | rcx >>= 0x1C; //shr rcx, 0x1C 308 | rax ^= rcx; //xor rax, rcx 309 | rcx = rax; //mov rcx, rax 310 | rcx >>= 0x38; //shr rcx, 0x38 311 | rax ^= rcx; //xor rax, rcx 312 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 313 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 314 | rcx = 0x6DE6E637B4DB68F1; //mov rcx, 0x6DE6E637B4DB68F1 315 | rdx ^= r10; //xor rdx, r10 316 | rdx = ~rdx; //not rdx 317 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 318 | rax *= rcx; //imul rax, rcx 319 | rcx = r11; //mov rcx, r11 320 | rcx -= r13; //sub rcx, r13 321 | rax ^= rcx; //xor rax, rcx 322 | rax -= r11; //sub rax, r11 323 | return rax; 324 | } 325 | case 8: 326 | { 327 | r9 = IO_READ_MEM(base + 0xC9FD565); //mov r9, [0x0000000009C4EAFE] 328 | rcx = rax; //mov rcx, rax 329 | rcx >>= 0x1E; //shr rcx, 0x1E 330 | rax ^= rcx; //xor rax, rcx 331 | rcx = rax; //mov rcx, rax 332 | rcx >>= 0x3C; //shr rcx, 0x3C 333 | rax ^= rcx; //xor rax, rcx 334 | rcx = 0xD16E8EE163C9A6B; //mov rcx, 0xD16E8EE163C9A6B 335 | rax *= rcx; //imul rax, rcx 336 | rcx = rax; //mov rcx, rax 337 | rcx >>= 0xE; //shr rcx, 0x0E 338 | rax ^= rcx; //xor rax, rcx 339 | rcx = rax; //mov rcx, rax 340 | rcx >>= 0x1C; //shr rcx, 0x1C 341 | rax ^= rcx; //xor rax, rcx 342 | rcx = rax; //mov rcx, rax 343 | rcx >>= 0x38; //shr rcx, 0x38 344 | rax ^= rcx; //xor rax, rcx 345 | rcx = 0xA9C58221B90E7C46; //mov rcx, 0xA9C58221B90E7C46 346 | rax ^= rcx; //xor rax, rcx 347 | rcx = 0x55F6ED3AB42B87A0; //mov rcx, 0x55F6ED3AB42B87A0 348 | rax -= rcx; //sub rax, rcx 349 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 350 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 351 | rcx ^= r9; //xor rcx, r9 352 | rcx = ~rcx; //not rcx 353 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 354 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB55E3] 355 | rax += rcx; //add rax, rcx 356 | rcx = rax; //mov rcx, rax 357 | rcx >>= 0x14; //shr rcx, 0x14 358 | rax ^= rcx; //xor rax, rcx 359 | rcx = rax; //mov rcx, rax 360 | rcx >>= 0x28; //shr rcx, 0x28 361 | rax ^= rcx; //xor rax, rcx 362 | return rax; 363 | } 364 | case 9: 365 | { 366 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C4E43B] 367 | rdx = r11; //mov rdx, r11 368 | rcx = base + 0xFCE2; //lea rcx, [0xFFFFFFFFFCEC4F2E] 369 | rdx *= rcx; //imul rdx, rcx 370 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB5241] 371 | rdx -= rcx; //sub rdx, rcx 372 | rcx = r11; //mov rcx, r11 373 | rax += rdx; //add rax, rdx 374 | rcx = ~rcx; //not rcx 375 | rax ^= rcx; //xor rax, rcx 376 | rdx = base + 0x6EC75C18; //lea rdx, [0x000000006BB2AE43] 377 | rax ^= rdx; //xor rax, rdx 378 | rcx = rax; //mov rcx, rax 379 | rcx >>= 0x7; //shr rcx, 0x07 380 | rax ^= rcx; //xor rax, rcx 381 | rcx = rax; //mov rcx, rax 382 | rcx >>= 0xE; //shr rcx, 0x0E 383 | rax ^= rcx; //xor rax, rcx 384 | rcx = rax; //mov rcx, rax 385 | rcx >>= 0x1C; //shr rcx, 0x1C 386 | rax ^= rcx; //xor rax, rcx 387 | rcx = rax; //mov rcx, rax 388 | rcx >>= 0x38; //shr rcx, 0x38 389 | rax ^= rcx; //xor rax, rcx 390 | r13 = 0xB691FFD9C9D61B2E; //mov r13, 0xB691FFD9C9D61B2E 391 | rax += r13; //add rax, r13 392 | r13 = 0x89C1B16D1EAC4B85; //mov r13, 0x89C1B16D1EAC4B85 393 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 394 | rax ^= r13; //xor rax, r13 395 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 396 | rcx ^= r10; //xor rcx, r10 397 | rcx = ~rcx; //not rcx 398 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 399 | rcx = 0x272542A0099256AB; //mov rcx, 0x272542A0099256AB 400 | rax *= rcx; //imul rax, rcx 401 | return rax; 402 | } 403 | case 10: 404 | { 405 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C4DF09] 406 | rcx = base + 0x240D8AB0; //lea rcx, [0x0000000020F8D81B] 407 | rcx += r11; //add rcx, r11 408 | rax ^= rcx; //xor rax, rcx 409 | rdx = base + 0x3B21; //lea rdx, [0xFFFFFFFFFCEB863E] 410 | rcx = r11; //mov rcx, r11 411 | rdx *= r11; //imul rdx, r11 412 | rcx = ~rcx; //not rcx 413 | rdx += rax; //add rdx, rax 414 | rax = base + 0x24E689C1; //lea rax, [0x0000000021D1D4BA] 415 | rcx += rax; //add rcx, rax 416 | rax = rdx; //mov rax, rdx 417 | rax ^= rcx; //xor rax, rcx 418 | rcx = 0x489A1BC87CDCD670; //mov rcx, 0x489A1BC87CDCD670 419 | rax ^= rcx; //xor rax, rcx 420 | rcx = 0xA00242052F60AE53; //mov rcx, 0xA00242052F60AE53 421 | rax ^= rcx; //xor rax, rcx 422 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 423 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 424 | rcx ^= r10; //xor rcx, r10 425 | rcx = ~rcx; //not rcx 426 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 427 | rcx = 0xBDB64B81FECB6E7D; //mov rcx, 0xBDB64B81FECB6E7D 428 | rax *= rcx; //imul rax, rcx 429 | rcx = rax; //mov rcx, rax 430 | rcx >>= 0x28; //shr rcx, 0x28 431 | rax ^= rcx; //xor rax, rcx 432 | return rax; 433 | } 434 | case 11: 435 | { 436 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C4DA22] 437 | rcx = rax; //mov rcx, rax 438 | rcx >>= 0x15; //shr rcx, 0x15 439 | rax ^= rcx; //xor rax, rcx 440 | rcx = rax; //mov rcx, rax 441 | rcx >>= 0x2A; //shr rcx, 0x2A 442 | rax ^= rcx; //xor rax, rcx 443 | rcx = 0xD3A53D9499733245; //mov rcx, 0xD3A53D9499733245 444 | rax *= rcx; //imul rax, rcx 445 | rcx = 0x72C2AC821062ABD1; //mov rcx, 0x72C2AC821062ABD1 446 | rax ^= rcx; //xor rax, rcx 447 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB44D6] 448 | rax -= rcx; //sub rax, rcx 449 | rax += 0xFFFFFFFFFFFF4954; //add rax, 0xFFFFFFFFFFFF4954 450 | rax += r11; //add rax, r11 451 | rcx = rax; //mov rcx, rax 452 | rcx >>= 0x1; //shr rcx, 0x01 453 | rax ^= rcx; //xor rax, rcx 454 | rcx = rax; //mov rcx, rax 455 | rcx >>= 0x2; //shr rcx, 0x02 456 | rax ^= rcx; //xor rax, rcx 457 | rcx = rax; //mov rcx, rax 458 | rcx >>= 0x4; //shr rcx, 0x04 459 | rax ^= rcx; //xor rax, rcx 460 | rcx = rax; //mov rcx, rax 461 | rcx >>= 0x8; //shr rcx, 0x08 462 | rax ^= rcx; //xor rax, rcx 463 | rcx = rax; //mov rcx, rax 464 | rcx >>= 0x10; //shr rcx, 0x10 465 | rax ^= rcx; //xor rax, rcx 466 | rcx = rax; //mov rcx, rax 467 | rcx >>= 0x20; //shr rcx, 0x20 468 | rax ^= rcx; //xor rax, rcx 469 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB4874] 470 | rax ^= rcx; //xor rax, rcx 471 | rcx = base + 0x5B0222F4; //lea rcx, [0x0000000057ED6775] 472 | rcx *= r11; //imul rcx, r11 473 | rax += rcx; //add rax, rcx 474 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 475 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 476 | rcx ^= r10; //xor rcx, r10 477 | rcx = ~rcx; //not rcx 478 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 479 | return rax; 480 | } 481 | case 12: 482 | { 483 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C4D4A3] 484 | r13 = base + 0x852; //lea r13, [0xFFFFFFFFFCEB4CAD] 485 | rcx = 0xF7D4FABCE6FC022; //mov rcx, 0xF7D4FABCE6FC022 486 | rax += rcx; //add rax, rcx 487 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 488 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 489 | rcx ^= r10; //xor rcx, r10 490 | rcx = ~rcx; //not rcx 491 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 492 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB4206] 493 | rax ^= rcx; //xor rax, rcx 494 | rax -= rcx; //sub rax, rcx 495 | rcx = 0x5C9D9DBA026E85B7; //mov rcx, 0x5C9D9DBA026E85B7 496 | rax *= rcx; //imul rax, rcx 497 | rcx = rax; //mov rcx, rax 498 | rdx = r11; //mov rdx, r11 499 | rcx >>= 0x21; //shr rcx, 0x21 500 | rdx = ~rdx; //not rdx 501 | rdx *= r13; //imul rdx, r13 502 | rdx ^= rcx; //xor rdx, rcx 503 | rax ^= rdx; //xor rax, rdx 504 | rax += r11; //add rax, r11 505 | return rax; 506 | } 507 | case 13: 508 | { 509 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C4D0D3] 510 | r13 = base + 0x12585A59; //lea r13, [0x000000000F439AE4] 511 | rcx = r11; //mov rcx, r11 512 | rcx = ~rcx; //not rcx 513 | rcx ^= r13; //xor rcx, r13 514 | rax += rcx; //add rax, rcx 515 | rcx = rax; //mov rcx, rax 516 | rcx >>= 0x8; //shr rcx, 0x08 517 | rax ^= rcx; //xor rax, rcx 518 | rcx = rax; //mov rcx, rax 519 | rcx >>= 0x10; //shr rcx, 0x10 520 | rax ^= rcx; //xor rax, rcx 521 | rcx = rax; //mov rcx, rax 522 | rcx >>= 0x20; //shr rcx, 0x20 523 | rax ^= rcx; //xor rax, rcx 524 | rcx = rax; //mov rcx, rax 525 | rcx >>= 0x11; //shr rcx, 0x11 526 | rax ^= rcx; //xor rax, rcx 527 | rcx = rax; //mov rcx, rax 528 | rcx >>= 0x22; //shr rcx, 0x22 529 | rax ^= rcx; //xor rax, rcx 530 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 531 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 532 | rcx ^= r10; //xor rcx, r10 533 | rcx = ~rcx; //not rcx 534 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 535 | rcx = 0xA4979265BBC7E3D5; //mov rcx, 0xA4979265BBC7E3D5 536 | rax *= rcx; //imul rax, rcx 537 | rcx = r11; //mov rcx, r11 538 | rcx = ~rcx; //not rcx 539 | rcx -= base; //sub rcx, [rbp-0x70] -- didn't find trace -> use base 540 | rcx -= 0x756FAD6E; //sub rcx, 0x756FAD6E 541 | rcx ^= rax; //xor rcx, rax 542 | rax = base + 0x78217335; //lea rax, [0x00000000750CB1E2] 543 | rcx += r11; //add rcx, r11 544 | rax += rcx; //add rax, rcx 545 | rcx = 0xC20F4E2AD24BC517; //mov rcx, 0xC20F4E2AD24BC517 546 | rax ^= rcx; //xor rax, rcx 547 | return rax; 548 | } 549 | case 14: 550 | { 551 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C4CB55] 552 | r13 = base + 0x3CF1; //lea r13, [0xFFFFFFFFFCEB77FE] 553 | rcx = rax; //mov rcx, rax 554 | rcx >>= 0x16; //shr rcx, 0x16 555 | rax ^= rcx; //xor rax, rcx 556 | rcx = rax; //mov rcx, rax 557 | rcx >>= 0x2C; //shr rcx, 0x2C 558 | rax ^= rcx; //xor rax, rcx 559 | rcx = 0xAF96B7C88EDF2B75; //mov rcx, 0xAF96B7C88EDF2B75 560 | rax *= rcx; //imul rax, rcx 561 | rax ^= r11; //xor rax, r11 562 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 563 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 564 | rdx ^= r10; //xor rdx, r10 565 | rcx = r11 + r13 * 1; //lea rcx, [r11+r13*1] 566 | rax += rcx; //add rax, rcx 567 | rdx = ~rdx; //not rdx 568 | rcx = 0x7B695E53D3CD7B7F; //mov rcx, 0x7B695E53D3CD7B7F 569 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 570 | rax *= rcx; //imul rax, rcx 571 | rcx = 0x56A40B352BF2FDB7; //mov rcx, 0x56A40B352BF2FDB7 572 | rax -= rcx; //sub rax, rcx 573 | rcx = base + 0x32FFEB8B; //lea rcx, [0x000000002FEB25B1] 574 | rcx = ~rcx; //not rcx 575 | rcx *= r11; //imul rcx, r11 576 | rax += rcx; //add rax, rcx 577 | return rax; 578 | } 579 | case 15: 580 | { 581 | r10 = IO_READ_MEM(base + 0xC9FD565); //mov r10, [0x0000000009C4C5FC] 582 | rdx = base + 0x23AC2B6F; //lea rdx, [0x000000002097607C] 583 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB3386] 584 | rax -= rcx; //sub rax, rcx 585 | rax += r11; //add rax, r11 586 | rdx = ~rdx; //not rdx 587 | rdx ^= r11; //xor rdx, r11 588 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 589 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 590 | rcx ^= r10; //xor rcx, r10 591 | rcx = ~rcx; //not rcx 592 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 593 | rcx = rax; //mov rcx, rax 594 | rcx >>= 0x17; //shr rcx, 0x17 595 | rax ^= rcx; //xor rax, rcx 596 | rcx = rax; //mov rcx, rax 597 | rcx >>= 0x2E; //shr rcx, 0x2E 598 | rax ^= rcx; //xor rax, rcx 599 | rax -= rdx; //sub rax, rdx 600 | rcx = 0xAE9091426078C4DF; //mov rcx, 0xAE9091426078C4DF 601 | rax *= rcx; //imul rax, rcx 602 | rcx = 0x2E839B5F3DB76D2B; //mov rcx, 0x2E839B5F3DB76D2B 603 | rax += rcx; //add rax, rcx 604 | rcx = 0x632E9341FBDD9A7C; //mov rcx, 0x632E9341FBDD9A7C 605 | rax -= rcx; //sub rax, rcx 606 | return rax; 607 | } 608 | } 609 | } 610 | uintptr_t decrypt_bone_base() 611 | { 612 | const uint64_t mb = base; 613 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 614 | rdx = IO_READ_MEM(base + 0x1134E6B8); 615 | if(!rdx) 616 | return rdx; 617 | r11 = peb; //mov r11, gs:[rax] 618 | rax = r11; //mov rax, r11 619 | rax <<= 0x22; //shl rax, 0x22 620 | rax = _byteswap_uint64(rax); //bswap rax 621 | rax &= 0xF; 622 | switch(rax) { 623 | case 0: 624 | { 625 | r9 = IO_READ_MEM(base + 0xC9FD639); //mov r9, [0x000000000A2D34A4] 626 | rax = 0; //and rax, 0xFFFFFFFFC0000000 627 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 628 | rax ^= r9; //xor rax, r9 629 | rax = _byteswap_uint64(rax); //bswap rax 630 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 631 | rax = base; //lea rax, [0xFFFFFFFFFD53A0A6] 632 | rdx -= rax; //sub rdx, rax 633 | rax = 0xC98EF2FFB1E013D2; //mov rax, 0xC98EF2FFB1E013D2 634 | rdx += 0xFFFFFFFFFFFFC795; //add rdx, 0xFFFFFFFFFFFFC795 635 | rdx += r11; //add rdx, r11 636 | rdx ^= rax; //xor rdx, rax 637 | rdx ^= r11; //xor rdx, r11 638 | rax = 0x1AE0F1058D3590F1; //mov rax, 0x1AE0F1058D3590F1 639 | rdx *= rax; //imul rdx, rax 640 | rax = 0x1EAC0325CBA779BC; //mov rax, 0x1EAC0325CBA779BC 641 | rdx ^= rax; //xor rdx, rax 642 | rax = rdx; //mov rax, rdx 643 | rax >>= 0x1F; //shr rax, 0x1F 644 | rdx ^= rax; //xor rdx, rax 645 | rax = rdx; //mov rax, rdx 646 | rax >>= 0x3E; //shr rax, 0x3E 647 | rdx ^= rax; //xor rdx, rax 648 | rdx ^= r11; //xor rdx, r11 649 | return rdx; 650 | } 651 | case 1: 652 | { 653 | r10 = IO_READ_MEM(base + 0xC9FD639); //mov r10, [0x000000000A2D2FA8] 654 | rax = 0x311E3C7DD1297B69; //mov rax, 0x311E3C7DD1297B69 655 | rdx *= rax; //imul rdx, rax 656 | rcx = r11; //mov rcx, r11 657 | rcx = ~rcx; //not rcx 658 | rax = 0; //and rax, 0xFFFFFFFFC0000000 659 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 660 | rax ^= r10; //xor rax, r10 661 | rax = _byteswap_uint64(rax); //bswap rax 662 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 663 | rax = base + 0x437D3D7F; //lea rax, [0x0000000040D0DA51] 664 | rax = ~rax; //not rax 665 | rcx += rax; //add rcx, rax 666 | rdx ^= rcx; //xor rdx, rcx 667 | rax = rdx; //mov rax, rdx 668 | rax >>= 0x28; //shr rax, 0x28 669 | rdx ^= rax; //xor rdx, rax 670 | rax = rdx; //mov rax, rdx 671 | rax >>= 0x13; //shr rax, 0x13 672 | rdx ^= rax; //xor rdx, rax 673 | rax = rdx; //mov rax, rdx 674 | rax >>= 0x26; //shr rax, 0x26 675 | rdx ^= rax; //xor rdx, rax 676 | rax = base; //lea rax, [0xFFFFFFFFFD539C9C] 677 | rax += 0x3B261317; //add rax, 0x3B261317 678 | rax += r11; //add rax, r11 679 | rdx += rax; //add rdx, rax 680 | rax = 0x85B82AEE944DCF96; //mov rax, 0x85B82AEE944DCF96 681 | rdx ^= rax; //xor rdx, rax 682 | rax = base; //lea rax, [0xFFFFFFFFFD539DA9] 683 | rdx += rax; //add rdx, rax 684 | return rdx; 685 | } 686 | case 2: 687 | { 688 | r9 = IO_READ_MEM(base + 0xC9FD639); //mov r9, [0x000000000A2D2ACF] 689 | rax = rdx; //mov rax, rdx 690 | rax >>= 0x25; //shr rax, 0x25 691 | rdx ^= rax; //xor rdx, rax 692 | rax = rdx; //mov rax, rdx 693 | rax >>= 0xC; //shr rax, 0x0C 694 | rdx ^= rax; //xor rdx, rax 695 | rax = rdx; //mov rax, rdx 696 | rax >>= 0x18; //shr rax, 0x18 697 | rdx ^= rax; //xor rdx, rax 698 | rax = rdx; //mov rax, rdx 699 | rax >>= 0x30; //shr rax, 0x30 700 | rdx ^= rax; //xor rdx, rax 701 | rdx += r11; //add rdx, r11 702 | rax = 0; //and rax, 0xFFFFFFFFC0000000 703 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 704 | rax ^= r9; //xor rax, r9 705 | rax = _byteswap_uint64(rax); //bswap rax 706 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 707 | rdx ^= r11; //xor rdx, r11 708 | rax = 0x6B65DF2C3A88AE69; //mov rax, 0x6B65DF2C3A88AE69 709 | rdx -= rax; //sub rdx, rax 710 | rax = 0xA4B331303E4E7A67; //mov rax, 0xA4B331303E4E7A67 711 | rdx *= rax; //imul rdx, rax 712 | rax = 0x6A137DDDFCE4C0D7; //mov rax, 0x6A137DDDFCE4C0D7 713 | rdx -= rax; //sub rdx, rax 714 | return rdx; 715 | } 716 | case 3: 717 | { 718 | r9 = IO_READ_MEM(base + 0xC9FD639); //mov r9, [0x000000000A2D2679] 719 | r10 = base + 0x1314A155; //lea r10, [0x00000000106836AD] 720 | rax = 0; //and rax, 0xFFFFFFFFC0000000 721 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 722 | rax ^= r9; //xor rax, r9 723 | rax = _byteswap_uint64(rax); //bswap rax 724 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 725 | rax = base; //lea rax, [0xFFFFFFFFFD53946F] 726 | rdx -= rax; //sub rdx, rax 727 | rax = rdx; //mov rax, rdx 728 | rax >>= 0x1F; //shr rax, 0x1F 729 | rdx ^= rax; //xor rdx, rax 730 | rax = rdx; //mov rax, rdx 731 | rax >>= 0x3E; //shr rax, 0x3E 732 | rdx ^= rax; //xor rdx, rax 733 | rdx ^= r11; //xor rdx, r11 734 | rax = r10; //mov rax, r10 735 | rax -= r11; //sub rax, r11 736 | rdx ^= rax; //xor rdx, rax 737 | rax = 0xD5A4D08183955257; //mov rax, 0xD5A4D08183955257 738 | rdx *= rax; //imul rdx, rax 739 | rax = 0x8DC8AE43913090FA; //mov rax, 0x8DC8AE43913090FA 740 | rdx ^= rax; //xor rdx, rax 741 | return rdx; 742 | } 743 | case 4: 744 | { 745 | r10 = IO_READ_MEM(base + 0xC9FD639); //mov r10, [0x000000000A2D2370] 746 | rax = 0xF7A45523CB2EF07F; //mov rax, 0xF7A45523CB2EF07F 747 | rdx ^= rax; //xor rdx, rax 748 | rdx -= r11; //sub rdx, r11 749 | rdx -= r11; //sub rdx, r11 750 | rdx -= r11; //sub rdx, r11 751 | rax = rdx; //mov rax, rdx 752 | rax >>= 0x14; //shr rax, 0x14 753 | rdx ^= rax; //xor rdx, rax 754 | rax = rdx; //mov rax, rdx 755 | rax >>= 0x28; //shr rax, 0x28 756 | rdx ^= rax; //xor rdx, rax 757 | rax = 0; //and rax, 0xFFFFFFFFC0000000 758 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 759 | rax ^= r10; //xor rax, r10 760 | rax = _byteswap_uint64(rax); //bswap rax 761 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 762 | rax = base; //lea rax, [0xFFFFFFFFFD538EA4] 763 | rax += 0x8F29; //add rax, 0x8F29 764 | rax += r11; //add rax, r11 765 | rdx ^= rax; //xor rdx, rax 766 | rax = 0xD43375ADC5407E51; //mov rax, 0xD43375ADC5407E51 767 | rdx *= rax; //imul rdx, rax 768 | return rdx; 769 | } 770 | case 5: 771 | { 772 | r9 = IO_READ_MEM(base + 0xC9FD639); //mov r9, [0x000000000A2D1EB7] 773 | rax = 0x7C5DF0A12057BE6; //mov rax, 0x7C5DF0A12057BE6 774 | rdx -= rax; //sub rdx, rax 775 | rax = 0x83F8FC0408B5D1AB; //mov rax, 0x83F8FC0408B5D1AB 776 | rdx ^= rax; //xor rdx, rax 777 | rax = base + 0x158DE932; //lea rax, [0x0000000012E1752A] 778 | rax = ~rax; //not rax 779 | rax *= r11; //imul rax, r11 780 | rdx += rax; //add rdx, rax 781 | rax = r11; //mov rax, r11 782 | uintptr_t RSP_0x98; 783 | RSP_0x98 = base + 0x12426297; //lea rax, [0x000000000F95F02B] : RSP+0x98 784 | rax *= RSP_0x98; //imul rax, [rsp+0x98] 785 | rdx ^= rax; //xor rdx, rax 786 | rax = base; //lea rax, [0xFFFFFFFFFD538B37] 787 | rax += 0x5541; //add rax, 0x5541 788 | rax += r11; //add rax, r11 789 | rdx += rax; //add rdx, rax 790 | rax = rdx; //mov rax, rdx 791 | rax >>= 0x5; //shr rax, 0x05 792 | rdx ^= rax; //xor rdx, rax 793 | rax = rdx; //mov rax, rdx 794 | rax >>= 0xA; //shr rax, 0x0A 795 | rdx ^= rax; //xor rdx, rax 796 | rax = rdx; //mov rax, rdx 797 | rax >>= 0x14; //shr rax, 0x14 798 | rdx ^= rax; //xor rdx, rax 799 | rax = rdx; //mov rax, rdx 800 | rax >>= 0x28; //shr rax, 0x28 801 | rdx ^= rax; //xor rdx, rax 802 | rax = 0; //and rax, 0xFFFFFFFFC0000000 803 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 804 | rax ^= r9; //xor rax, r9 805 | rax = _byteswap_uint64(rax); //bswap rax 806 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 807 | rax = 0x3F31D045C89ED8C5; //mov rax, 0x3F31D045C89ED8C5 808 | rdx *= rax; //imul rdx, rax 809 | return rdx; 810 | } 811 | case 6: 812 | { 813 | r10 = IO_READ_MEM(base + 0xC9FD639); //mov r10, [0x000000000A2D1914] 814 | rax = rdx; //mov rax, rdx 815 | rax >>= 0x6; //shr rax, 0x06 816 | rdx ^= rax; //xor rdx, rax 817 | rax = rdx; //mov rax, rdx 818 | rax >>= 0xC; //shr rax, 0x0C 819 | rdx ^= rax; //xor rdx, rax 820 | rax = rdx; //mov rax, rdx 821 | rax >>= 0x18; //shr rax, 0x18 822 | rdx ^= rax; //xor rdx, rax 823 | rax = rdx; //mov rax, rdx 824 | rax >>= 0x30; //shr rax, 0x30 825 | rdx ^= rax; //xor rdx, rax 826 | rax = 0x7564570D161CA18D; //mov rax, 0x7564570D161CA18D 827 | rdx *= rax; //imul rdx, rax 828 | rax = rdx; //mov rax, rdx 829 | rax >>= 0x26; //shr rax, 0x26 830 | rdx ^= rax; //xor rdx, rax 831 | rax = base; //lea rax, [0xFFFFFFFFFD53857B] 832 | rax += 0x144205B7; //add rax, 0x144205B7 833 | rax += r11; //add rax, r11 834 | rdx ^= rax; //xor rdx, rax 835 | rax = 0x80C6B6FC948F6729; //mov rax, 0x80C6B6FC948F6729 836 | rdx *= rax; //imul rdx, rax 837 | rax = 0x31DF20582505A415; //mov rax, 0x31DF20582505A415 838 | rdx += rax; //add rdx, rax 839 | rax = 0; //and rax, 0xFFFFFFFFC0000000 840 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 841 | rax ^= r10; //xor rax, r10 842 | rax = _byteswap_uint64(rax); //bswap rax 843 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 844 | rax = base + 0x6DA9DAD4; //lea rax, [0x000000006AFD6203] 845 | rdx += rax; //add rdx, rax 846 | rcx = r11; //mov rcx, r11 847 | rcx = ~rcx; //not rcx 848 | rdx += rcx; //add rdx, rcx 849 | return rdx; 850 | } 851 | case 7: 852 | { 853 | r10 = IO_READ_MEM(base + 0xC9FD639); //mov r10, [0x000000000A2D150F] 854 | rdx ^= r11; //xor rdx, r11 855 | rax = rdx; //mov rax, rdx 856 | rax >>= 0xD; //shr rax, 0x0D 857 | rdx ^= rax; //xor rdx, rax 858 | rax = rdx; //mov rax, rdx 859 | rax >>= 0x1A; //shr rax, 0x1A 860 | rdx ^= rax; //xor rdx, rax 861 | rax = rdx; //mov rax, rdx 862 | rax >>= 0x34; //shr rax, 0x34 863 | rdx ^= rax; //xor rdx, rax 864 | rax = rdx; //mov rax, rdx 865 | rax >>= 0x7; //shr rax, 0x07 866 | rdx ^= rax; //xor rdx, rax 867 | rax = rdx; //mov rax, rdx 868 | rax >>= 0xE; //shr rax, 0x0E 869 | rdx ^= rax; //xor rdx, rax 870 | rax = rdx; //mov rax, rdx 871 | rax >>= 0x1C; //shr rax, 0x1C 872 | rdx ^= rax; //xor rdx, rax 873 | rax = rdx; //mov rax, rdx 874 | rax >>= 0x38; //shr rax, 0x38 875 | rdx ^= rax; //xor rdx, rax 876 | rax = 0xCCB3012D7BB7524F; //mov rax, 0xCCB3012D7BB7524F 877 | rdx *= rax; //imul rdx, rax 878 | rax = 0x11516F5E5F563F90; //mov rax, 0x11516F5E5F563F90 879 | rdx -= rax; //sub rdx, rax 880 | rax = r11; //mov rax, r11 881 | rax = ~rax; //not rax 882 | uintptr_t RSP_0x68; 883 | RSP_0x68 = base + 0x4354; //lea rax, [0xFFFFFFFFFD53C753] : RSP+0x68 884 | rax *= RSP_0x68; //imul rax, [rsp+0x68] 885 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 886 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 887 | rdx += rax; //add rdx, rax 888 | rcx ^= r10; //xor rcx, r10 889 | rcx = _byteswap_uint64(rcx); //bswap rcx 890 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 891 | return rdx; 892 | } 893 | case 8: 894 | { 895 | r10 = IO_READ_MEM(base + 0xC9FD639); //mov r10, [0x000000000A2D1068] 896 | rdx -= r11; //sub rdx, r11 897 | rax = 0xEDC13D6B57B6E285; //mov rax, 0xEDC13D6B57B6E285 898 | rdx *= rax; //imul rdx, rax 899 | rax = r11; //mov rax, r11 900 | uintptr_t RSP_0x98; 901 | RSP_0x98 = base + 0x7D814959; //lea rax, [0x000000007AD4C88C] : RSP+0x98 902 | rax ^= RSP_0x98; //xor rax, [rsp+0x98] 903 | rax += r11; //add rax, r11 904 | rdx += rax; //add rdx, rax 905 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 906 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 907 | rcx ^= r10; //xor rcx, r10 908 | rcx = _byteswap_uint64(rcx); //bswap rcx 909 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 910 | rax = rdx; //mov rax, rdx 911 | rax >>= 0x21; //shr rax, 0x21 912 | rdx ^= rax; //xor rdx, rax 913 | rdx += r11; //add rdx, r11 914 | rax = base; //lea rax, [0xFFFFFFFFFD537DE8] 915 | rdx ^= rax; //xor rdx, rax 916 | return rdx; 917 | } 918 | case 9: 919 | { 920 | r9 = IO_READ_MEM(base + 0xC9FD639); //mov r9, [0x000000000A2D0D18] 921 | rax = rdx; //mov rax, rdx 922 | rax >>= 0xB; //shr rax, 0x0B 923 | rdx ^= rax; //xor rdx, rax 924 | rax = rdx; //mov rax, rdx 925 | rax >>= 0x16; //shr rax, 0x16 926 | rdx ^= rax; //xor rdx, rax 927 | rax = rdx; //mov rax, rdx 928 | rax >>= 0x2C; //shr rax, 0x2C 929 | rdx ^= rax; //xor rdx, rax 930 | rax = base; //lea rax, [0xFFFFFFFFFD5377CA] 931 | rdx ^= rax; //xor rdx, rax 932 | rax = 0; //and rax, 0xFFFFFFFFC0000000 933 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 934 | rax ^= r9; //xor rax, r9 935 | rax = _byteswap_uint64(rax); //bswap rax 936 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 937 | rax = rdx; //mov rax, rdx 938 | rax >>= 0xB; //shr rax, 0x0B 939 | rdx ^= rax; //xor rdx, rax 940 | rax = rdx; //mov rax, rdx 941 | rax >>= 0x16; //shr rax, 0x16 942 | rdx ^= rax; //xor rdx, rax 943 | rax = rdx; //mov rax, rdx 944 | rax >>= 0x2C; //shr rax, 0x2C 945 | rdx ^= rax; //xor rdx, rax 946 | rax = 0x53198E81F809E193; //mov rax, 0x53198E81F809E193 947 | rax -= r11; //sub rax, r11 948 | rax -= base; //sub rax, [rsp+0xD0] -- didn't find trace -> use base 949 | rdx += rax; //add rdx, rax 950 | rax = 0x5E76F88978AFE528; //mov rax, 0x5E76F88978AFE528 951 | rdx += rax; //add rdx, rax 952 | rax = 0x33557C5CEFBE234B; //mov rax, 0x33557C5CEFBE234B 953 | rdx *= rax; //imul rdx, rax 954 | return rdx; 955 | } 956 | case 10: 957 | { 958 | r10 = IO_READ_MEM(base + 0xC9FD639); //mov r10, [0x000000000A2D07FD] 959 | rax = base; //lea rax, [0xFFFFFFFFFD53756B] 960 | rdx -= rax; //sub rdx, rax 961 | rcx = rdx; //mov rcx, rdx 962 | rcx >>= 0x27; //shr rcx, 0x27 963 | rcx ^= rdx; //xor rcx, rdx 964 | rdx = base + 0x9688; //lea rdx, [0xFFFFFFFFFD540AE5] 965 | rdx *= r11; //imul rdx, r11 966 | rdx += rcx; //add rdx, rcx 967 | rax = rdx; //mov rax, rdx 968 | rax >>= 0x13; //shr rax, 0x13 969 | rdx ^= rax; //xor rdx, rax 970 | rax = rdx; //mov rax, rdx 971 | rax >>= 0x26; //shr rax, 0x26 972 | rdx ^= rax; //xor rdx, rax 973 | rax = 0; //and rax, 0xFFFFFFFFC0000000 974 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 975 | rax ^= r10; //xor rax, r10 976 | rax = _byteswap_uint64(rax); //bswap rax 977 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 978 | rax = 0x3331EF2FFF7DD801; //mov rax, 0x3331EF2FFF7DD801 979 | rdx *= rax; //imul rdx, rax 980 | rax = 0x2130706D6228E017; //mov rax, 0x2130706D6228E017 981 | rdx ^= rax; //xor rdx, rax 982 | return rdx; 983 | } 984 | case 11: 985 | { 986 | r10 = IO_READ_MEM(base + 0xC9FD639); //mov r10, [0x000000000A2D030A] 987 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 988 | rax = base + 0x1E13DCA3; //lea rax, [0x000000001B674AD7] 989 | rax = ~rax; //not rax 990 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 991 | rax += r11; //add rax, r11 992 | rcx ^= r10; //xor rcx, r10 993 | rdx += rax; //add rdx, rax 994 | rcx = _byteswap_uint64(rcx); //bswap rcx 995 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 996 | rax = base; //lea rax, [0xFFFFFFFFFD536E06] 997 | rax += 0x9D9E; //add rax, 0x9D9E 998 | rax += r11; //add rax, r11 999 | rdx += rax; //add rdx, rax 1000 | rax = r11; //mov rax, r11 1001 | rax -= base; //sub rax, [rsp+0xD0] -- didn't find trace -> use base 1002 | rdx += rax; //add rdx, rax 1003 | rax = 0x10CE41F37EB30D3D; //mov rax, 0x10CE41F37EB30D3D 1004 | rdx *= rax; //imul rdx, rax 1005 | rax = 0x3078E9571E8D51B0; //mov rax, 0x3078E9571E8D51B0 1006 | rdx -= rax; //sub rdx, rax 1007 | rax = 0x13796DAAB7614CCB; //mov rax, 0x13796DAAB7614CCB 1008 | rdx += rax; //add rdx, rax 1009 | rax = rdx; //mov rax, rdx 1010 | rax >>= 0x11; //shr rax, 0x11 1011 | rdx ^= rax; //xor rdx, rax 1012 | rcx = base + 0x7C2A0085; //lea rcx, [0x00000000797D6F4F] 1013 | rcx = ~rcx; //not rcx 1014 | rcx *= r11; //imul rcx, r11 1015 | rax = rdx; //mov rax, rdx 1016 | rax >>= 0x22; //shr rax, 0x22 1017 | rcx ^= rax; //xor rcx, rax 1018 | rdx ^= rcx; //xor rdx, rcx 1019 | return rdx; 1020 | } 1021 | case 12: 1022 | { 1023 | r9 = IO_READ_MEM(base + 0xC9FD639); //mov r9, [0x000000000A2CFEAF] 1024 | rax = 0; //and rax, 0xFFFFFFFFC0000000 1025 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 1026 | rax ^= r9; //xor rax, r9 1027 | rax = _byteswap_uint64(rax); //bswap rax 1028 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 1029 | rdx -= r11; //sub rdx, r11 1030 | rax = 0x509EB372CDB3AEF3; //mov rax, 0x509EB372CDB3AEF3 1031 | rdx *= rax; //imul rdx, rax 1032 | rax = 0x3978478545AD0B0E; //mov rax, 0x3978478545AD0B0E 1033 | rdx += rax; //add rdx, rax 1034 | rax = rdx; //mov rax, rdx 1035 | rax >>= 0x11; //shr rax, 0x11 1036 | rdx ^= rax; //xor rdx, rax 1037 | rax = rdx; //mov rax, rdx 1038 | rax >>= 0x22; //shr rax, 0x22 1039 | rdx ^= rax; //xor rdx, rax 1040 | rax = 0xF1F3C3AA4D6D1089; //mov rax, 0xF1F3C3AA4D6D1089 1041 | rdx *= rax; //imul rdx, rax 1042 | return rdx; 1043 | } 1044 | case 13: 1045 | { 1046 | r10 = IO_READ_MEM(base + 0xC9FD639); //mov r10, [0x000000000A2CFA18] 1047 | rax = rdx; //mov rax, rdx 1048 | rax >>= 0xE; //shr rax, 0x0E 1049 | rdx ^= rax; //xor rdx, rax 1050 | rax = rdx; //mov rax, rdx 1051 | rax >>= 0x1C; //shr rax, 0x1C 1052 | rdx ^= rax; //xor rdx, rax 1053 | rax = rdx; //mov rax, rdx 1054 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 1055 | rax >>= 0x38; //shr rax, 0x38 1056 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 1057 | rdx ^= rax; //xor rdx, rax 1058 | rcx ^= r10; //xor rcx, r10 1059 | rdx += r11; //add rdx, r11 1060 | rcx = _byteswap_uint64(rcx); //bswap rcx 1061 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 1062 | rax = 0xEA5C4AF83EEC98D; //mov rax, 0xEA5C4AF83EEC98D 1063 | rdx += rax; //add rdx, rax 1064 | rax = base + 0x7FFA; //lea rax, [0xFFFFFFFFFD53E72B] 1065 | rax = ~rax; //not rax 1066 | rax ^= r11; //xor rax, r11 1067 | rdx ^= rax; //xor rdx, rax 1068 | rax = 0x58CCD785809FBA65; //mov rax, 0x58CCD785809FBA65 1069 | rdx *= rax; //imul rdx, rax 1070 | rax = 0xCB1252FFDD097729; //mov rax, 0xCB1252FFDD097729 1071 | rdx *= rax; //imul rdx, rax 1072 | rax = base; //lea rax, [0xFFFFFFFFFD5364C7] 1073 | rax += 0x1CFB; //add rax, 0x1CFB 1074 | rax += r11; //add rax, r11 1075 | rdx += rax; //add rdx, rax 1076 | return rdx; 1077 | } 1078 | case 14: 1079 | { 1080 | r10 = IO_READ_MEM(base + 0xC9FD639); //mov r10, [0x000000000A2CF45F] 1081 | rax = rdx; //mov rax, rdx 1082 | rax >>= 0x1C; //shr rax, 0x1C 1083 | rdx ^= rax; //xor rdx, rax 1084 | rax = rdx; //mov rax, rdx 1085 | rax >>= 0x38; //shr rax, 0x38 1086 | rax ^= rdx; //xor rax, rdx 1087 | rdx = base; //lea rdx, [0xFFFFFFFFFD535FE9] 1088 | rax -= rdx; //sub rax, rdx 1089 | rdx = r11 + 0xffffffffd3bc8867; //lea rdx, [r11-0x2C437799] 1090 | rdx += rax; //add rdx, rax 1091 | rax = 0; //and rax, 0xFFFFFFFFC0000000 1092 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 1093 | rax ^= r10; //xor rax, r10 1094 | rax = _byteswap_uint64(rax); //bswap rax 1095 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 1096 | rax = base; //lea rax, [0xFFFFFFFFFD535EFA] 1097 | rdx -= rax; //sub rdx, rax 1098 | rax = 0x311461FA31B150C8; //mov rax, 0x311461FA31B150C8 1099 | rdx ^= rax; //xor rdx, rax 1100 | rax = 0x3D057F65AC2E944D; //mov rax, 0x3D057F65AC2E944D 1101 | rdx += rax; //add rdx, rax 1102 | rax = 0x3EA61F392134306F; //mov rax, 0x3EA61F392134306F 1103 | rdx *= rax; //imul rdx, rax 1104 | rax = rdx; //mov rax, rdx 1105 | rax >>= 0x16; //shr rax, 0x16 1106 | rdx ^= rax; //xor rdx, rax 1107 | rax = rdx; //mov rax, rdx 1108 | rax >>= 0x2C; //shr rax, 0x2C 1109 | rdx ^= rax; //xor rdx, rax 1110 | return rdx; 1111 | } 1112 | case 15: 1113 | { 1114 | r10 = IO_READ_MEM(base + 0xC9FD639); //mov r10, [0x000000000A2CEFCD] 1115 | rax = rdx; //mov rax, rdx 1116 | rax >>= 0x25; //shr rax, 0x25 1117 | rdx ^= rax; //xor rdx, rax 1118 | rdx -= r11; //sub rdx, r11 1119 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 1120 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 1121 | rcx ^= r10; //xor rcx, r10 1122 | rax = base; //lea rax, [0xFFFFFFFFFD535C52] 1123 | rax += 0x953; //add rax, 0x953 1124 | rax += r11; //add rax, r11 1125 | rcx = _byteswap_uint64(rcx); //bswap rcx 1126 | rdx ^= rax; //xor rdx, rax 1127 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 1128 | rax = 0xEDC186E4F45D82CF; //mov rax, 0xEDC186E4F45D82CF 1129 | rdx *= rax; //imul rdx, rax 1130 | rdx -= r11; //sub rdx, r11 1131 | rax = base; //lea rax, [0xFFFFFFFFFD535B5A] 1132 | rdx -= rax; //sub rdx, rax 1133 | rax = 0x579691DADE4159FD; //mov rax, 0x579691DADE4159FD 1134 | rdx *= rax; //imul rdx, rax 1135 | rax = 0x20B206512FA8AEE; //mov rax, 0x20B206512FA8AEE 1136 | rdx -= rax; //sub rdx, rax 1137 | rax = 0x804CFF40F9D9BEBF; //mov rax, 0x804CFF40F9D9BEBF 1138 | rdx *= rax; //imul rdx, rax 1139 | return rdx; 1140 | } 1141 | } 1142 | } 1143 | uint16_t get_bone_index(uint32_t bone_index) 1144 | { 1145 | const uint64_t mb = base; 1146 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 1147 | rsi = bone_index; 1148 | rcx = rsi * 0x13C8; 1149 | rax = 0xD8CE01BF28E39A45; //mov rax, 0xD8CE01BF28E39A45 1150 | rax = _umul128(rax, rcx, (uintptr_t*)&rdx); //mul rcx 1151 | rdi = base; //lea rdi, [0xFFFFFFFFFD4C3F5A] 1152 | r10 = 0xB225E47EA96E19B5; //mov r10, 0xB225E47EA96E19B5 1153 | rdx >>= 0xD; //shr rdx, 0x0D 1154 | rax = rdx * 0x25C9; //imul rax, rdx, 0x25C9 1155 | rcx -= rax; //sub rcx, rax 1156 | rax = 0xCEA41D97BF6494DF; //mov rax, 0xCEA41D97BF6494DF 1157 | r8 = rcx * 0x25C9; //imul r8, rcx, 0x25C9 1158 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1159 | rax = r8; //mov rax, r8 1160 | rax -= rdx; //sub rax, rdx 1161 | rax >>= 0x1; //shr rax, 0x01 1162 | rax += rdx; //add rax, rdx 1163 | rax >>= 0xE; //shr rax, 0x0E 1164 | rax = rax * 0x46D4; //imul rax, rax, 0x46D4 1165 | r8 -= rax; //sub r8, rax 1166 | rax = 0x526226F064679F75; //mov rax, 0x526226F064679F75 1167 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1168 | rax = 0xD79435E50D79435F; //mov rax, 0xD79435E50D79435F 1169 | rdx >>= 0x9; //shr rdx, 0x09 1170 | rcx = rdx * 0x637; //imul rcx, rdx, 0x637 1171 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1172 | rdx >>= 0x4; //shr rdx, 0x04 1173 | rcx += rdx; //add rcx, rdx 1174 | rax = rcx * 0x26; //imul rax, rcx, 0x26 1175 | rcx = r8 + r8 * 4; //lea rcx, [r8+r8*4] 1176 | rcx <<= 0x3; //shl rcx, 0x03 1177 | rcx -= rax; //sub rcx, rax 1178 | rax = IO_READ_MEM(rcx + rdi * 1 + 0xB92F220); //movzx eax, word ptr [rcx+rdi*1+0xBD077E0] 1179 | r8 = rax * 0x13C8; //imul r8, rax, 0x13C8 1180 | rax = r10; //mov rax, r10 1181 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1182 | rcx = r8; //mov rcx, r8 1183 | rax = r10; //mov rax, r10 1184 | rcx -= rdx; //sub rcx, rdx 1185 | rcx >>= 0x1; //shr rcx, 0x01 1186 | rcx += rdx; //add rcx, rdx 1187 | rcx >>= 0xD; //shr rcx, 0x0D 1188 | rcx = rcx * 0x25BD; //imul rcx, rcx, 0x25BD 1189 | r8 -= rcx; //sub r8, rcx 1190 | r9 = r8 * 0x319C; //imul r9, r8, 0x319C 1191 | rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9 1192 | rax = r9; //mov rax, r9 1193 | rax -= rdx; //sub rax, rdx 1194 | rax >>= 0x1; //shr rax, 0x01 1195 | rax += rdx; //add rax, rdx 1196 | rax >>= 0xD; //shr rax, 0x0D 1197 | rax = rax * 0x25BD; //imul rax, rax, 0x25BD 1198 | r9 -= rax; //sub r9, rax 1199 | rax = 0x842108421084211; //mov rax, 0x842108421084211 1200 | rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9 1201 | rax = r9; //mov rax, r9 1202 | rax -= rdx; //sub rax, rdx 1203 | rax >>= 0x1; //shr rax, 0x01 1204 | rax += rdx; //add rax, rdx 1205 | rax >>= 0xA; //shr rax, 0x0A 1206 | rcx = rax * 0x7C0; //imul rcx, rax, 0x7C0 1207 | rax = 0xE38E38E38E38E38F; //mov rax, 0xE38E38E38E38E38F 1208 | rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9 1209 | rdx >>= 0x3; //shr rdx, 0x03 1210 | rcx += rdx; //add rcx, rdx 1211 | rax = rcx + rcx * 8; //lea rax, [rcx+rcx*8] 1212 | rax += rax; //add rax, rax 1213 | rcx = r9 + r9 * 4; //lea rcx, [r9+r9*4] 1214 | rcx <<= 0x2; //shl rcx, 0x02 1215 | rcx -= rax; //sub rcx, rax 1216 | r12 = IO_READ_MEM(rcx + rdi * 1 + 0xB93DE50); //movsx r12d, word ptr [rcx+rdi*1+0xBD16410] 1217 | return r12; 1218 | } 1219 | 1220 | constexpr auto ref_def_ptr = 0x13721A98; 1221 | constexpr auto name_array = 0x138E0D98; 1222 | constexpr auto loot_ptr = 0xE002600; 1223 | constexpr auto camera_base = 0x1389D1A0; 1224 | constexpr auto local_index = 0x1B5C0; 1225 | constexpr auto game_mode = 0xCC6ACB8; 1226 | constexpr auto weapon_definitions = 0x1377B370; 1227 | constexpr auto distribute = 0x100D7470; 1228 | constexpr auto visible_bit = 0x101E68; 1229 | 1230 | constexpr auto size = 0x1E68; 1231 | constexpr auto valid = 0x1124; 1232 | constexpr auto pos = 0x12C0; 1233 | constexpr auto team = 0x1D80; 1234 | constexpr auto stance = 0x1409; 1235 | constexpr auto weapon_index = 0x5D0; 1236 | constexpr auto dead_1 = 0x12FC; 1237 | constexpr auto dead_2 = 0x5C0; 1238 | 1239 | constexpr auto bone_base = 0x8B640; 1240 | -------------------------------------------------------------------------------- /xbox: -------------------------------------------------------------------------------- 1 | uintptr_t decrypt_client_info() 2 | { 3 | const uint64_t mb = base; 4 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 5 | rbx = IO_READ_MEM(base + 0x133053A8); 6 | if(!rbx) 7 | return rbx; 8 | rcx = peb; //mov rcx, gs:[rax] 9 | //rdx = 000001B4DEB500E8//failed to trace. base: 00007FF6147D0000 It's possibly wrong 10 | rbx += 0xFFFFFFFFFFFF9357; //add rbx, 0xFFFFFFFFFFFF9357 11 | rcx -= rdx; //sub rcx, rdx 12 | rcx += rbx; //add rcx, rbx 13 | rax = rcx; //mov rax, rcx 14 | rax >>= 0x1D; //shr rax, 0x1D 15 | rcx ^= rax; //xor rcx, rax 16 | rbx = rcx; //mov rbx, rcx 17 | rax = 0; //and rax, 0xFFFFFFFFC0000000 18 | rbx >>= 0x3A; //shr rbx, 0x3A 19 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 20 | rbx ^= rcx; //xor rbx, rcx 21 | rax ^= IO_READ_MEM(base + 0xC977A8C); //xor rax, [0x000000000A1C5338] 22 | rax = _byteswap_uint64(rax); //bswap rax 23 | rbx *= IO_READ_MEM(rax + 0x15); //imul rbx, [rax+0x15] 24 | rax = 0xD67810518E7F25DD; //mov rax, 0xD67810518E7F25DD 25 | rbx *= rax; //imul rbx, rax 26 | rax = rbx; //mov rax, rbx 27 | rax >>= 0x5; //shr rax, 0x05 28 | rbx ^= rax; //xor rbx, rax 29 | rax = rbx; //mov rax, rbx 30 | rax >>= 0xA; //shr rax, 0x0A 31 | rbx ^= rax; //xor rbx, rax 32 | rax = rbx; //mov rax, rbx 33 | rax >>= 0x14; //shr rax, 0x14 34 | rbx ^= rax; //xor rbx, rax 35 | rax = rbx; //mov rax, rbx 36 | rax >>= 0x28; //shr rax, 0x28 37 | rbx ^= rax; //xor rbx, rax 38 | return rbx; 39 | } 40 | uintptr_t decrypt_client_base() 41 | { 42 | const uint64_t mb = base; 43 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 44 | rax = IO_READ_MEM(client_info + 0x1d3650); 45 | if(!rax) 46 | return rax; 47 | r11= ~peb; //mov r11, gs:[rcx] 48 | rcx = r11; //mov rcx, r11 49 | //failed to translate: mov [rsp+0x3E0], r13 50 | rcx = _rotl64(rcx, 0x34); //rol rcx, 0x34 51 | rcx &= 0xF; 52 | switch(rcx) { 53 | case 0: 54 | { 55 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C512F5] 56 | r13 = base + 0x16CBED5E; //lea r13, [0x0000000013B76FFB] 57 | rdx = base + 0x33D36DEA; //lea rdx, [0x0000000030BEF029] 58 | rax ^= r11; //xor rax, r11 59 | rax ^= rdx; //xor rax, rdx 60 | rcx = r11; //mov rcx, r11 61 | rcx *= r13; //imul rcx, r13 62 | rax -= rcx; //sub rax, rcx 63 | rcx = 0x2F44AFC8DA410289; //mov rcx, 0x2F44AFC8DA410289 64 | rax *= rcx; //imul rax, rcx 65 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 66 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 67 | rcx ^= r10; //xor rcx, r10 68 | rcx = ~rcx; //not rcx 69 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 70 | rcx = 0x31EA6C7327F2F48F; //mov rcx, 0x31EA6C7327F2F48F 71 | rax *= rcx; //imul rax, rcx 72 | rcx = r11; //mov rcx, r11 73 | rcx = ~rcx; //not rcx 74 | uintptr_t RSP_0xFFFFFFFFFFFFFF90; 75 | RSP_0xFFFFFFFFFFFFFF90 = base + 0xDD05; //lea rcx, [0xFFFFFFFFFCEC5FBE] : RBP+0xFFFFFFFFFFFFFF90 76 | rcx ^= RSP_0xFFFFFFFFFFFFFF90; //xor rcx, [rbp-0x70] 77 | rax -= rcx; //sub rax, rcx 78 | rcx = rax; //mov rcx, rax 79 | rcx >>= 0xF; //shr rcx, 0x0F 80 | rax ^= rcx; //xor rax, rcx 81 | rcx = rax; //mov rcx, rax 82 | rcx >>= 0x1E; //shr rcx, 0x1E 83 | rax ^= rcx; //xor rax, rcx 84 | rcx = rax; //mov rcx, rax 85 | rcx >>= 0x3C; //shr rcx, 0x3C 86 | rax ^= rcx; //xor rax, rcx 87 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB8061] 88 | rax -= rcx; //sub rax, rcx 89 | return rax; 90 | } 91 | case 1: 92 | { 93 | r9 = IO_READ_MEM(base + 0xC977AF5); //mov r9, [0x0000000009C50E13] 94 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB799B] 95 | rcx += 0x4C577047; //add rcx, 0x4C577047 96 | rcx += r11; //add rcx, r11 97 | rax ^= rcx; //xor rax, rcx 98 | rcx = rax; //mov rcx, rax 99 | rcx >>= 0x16; //shr rcx, 0x16 100 | rax ^= rcx; //xor rax, rcx 101 | rcx = rax; //mov rcx, rax 102 | rcx >>= 0x2C; //shr rcx, 0x2C 103 | rax ^= rcx; //xor rax, rcx 104 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB7AA1] 105 | rax ^= rcx; //xor rax, rcx 106 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB7B6C] 107 | rcx += 0x673BCC74; //add rcx, 0x673BCC74 108 | rcx += r11; //add rcx, r11 109 | rax ^= rcx; //xor rax, rcx 110 | rcx = 0x14CEC15D15237845; //mov rcx, 0x14CEC15D15237845 111 | rax *= rcx; //imul rax, rcx 112 | rcx = 0xC6C8F26557A42C57; //mov rcx, 0xC6C8F26557A42C57 113 | rax *= rcx; //imul rax, rcx 114 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 115 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 116 | rcx ^= r9; //xor rcx, r9 117 | rcx = ~rcx; //not rcx 118 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 119 | return rax; 120 | } 121 | case 2: 122 | { 123 | r9 = IO_READ_MEM(base + 0xC977AF5); //mov r9, [0x0000000009C5099D] 124 | rcx = rax; //mov rcx, rax 125 | rcx >>= 0xC; //shr rcx, 0x0C 126 | rax ^= rcx; //xor rax, rcx 127 | rcx = rax; //mov rcx, rax 128 | rcx >>= 0x18; //shr rcx, 0x18 129 | rax ^= rcx; //xor rax, rcx 130 | rcx = rax; //mov rcx, rax 131 | rcx >>= 0x30; //shr rcx, 0x30 132 | rax ^= rcx; //xor rax, rcx 133 | rax -= r11; //sub rax, r11 134 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 135 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 136 | rcx ^= r9; //xor rcx, r9 137 | rcx = ~rcx; //not rcx 138 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 139 | rcx = base + 0x40BA9587; //lea rcx, [0x000000003DA60D89] 140 | rax += r11; //add rax, r11 141 | rax += rcx; //add rax, rcx 142 | rcx = 0xB820512AEEAE20F1; //mov rcx, 0xB820512AEEAE20F1 143 | rax *= rcx; //imul rax, rcx 144 | rcx = 0x5B4702F448FEE148; //mov rcx, 0x5B4702F448FEE148 145 | rax ^= rcx; //xor rax, rcx 146 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB77DA] 147 | rax += rcx; //add rax, rcx 148 | rcx = rax; //mov rcx, rax 149 | rcx >>= 0x12; //shr rcx, 0x12 150 | rax ^= rcx; //xor rax, rcx 151 | rcx = rax; //mov rcx, rax 152 | rcx >>= 0x24; //shr rcx, 0x24 153 | rax ^= rcx; //xor rax, rcx 154 | return rax; 155 | } 156 | case 3: 157 | { 158 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C50451] 159 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB712E] 160 | rax -= rcx; //sub rax, rcx 161 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB6FAF] 162 | rax ^= rcx; //xor rax, rcx 163 | rcx = rax; //mov rcx, rax 164 | rcx >>= 0x13; //shr rcx, 0x13 165 | rax ^= rcx; //xor rax, rcx 166 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 167 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 168 | rcx = rax; //mov rcx, rax 169 | rdx ^= r10; //xor rdx, r10 170 | rcx >>= 0x26; //shr rcx, 0x26 171 | rdx = ~rdx; //not rdx 172 | rax ^= rcx; //xor rax, rcx 173 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 174 | rcx = r11; //mov rcx, r11 175 | rcx = ~rcx; //not rcx 176 | uintptr_t RSP_0xFFFFFFFFFFFFFF88; 177 | RSP_0xFFFFFFFFFFFFFF88 = base + 0x639AA956; //lea rcx, [0x0000000060861D26] : RBP+0xFFFFFFFFFFFFFF88 178 | rcx += RSP_0xFFFFFFFFFFFFFF88; //add rcx, [rbp-0x78] 179 | rax ^= rcx; //xor rax, rcx 180 | rcx = 0xEF7AA6541B0960DD; //mov rcx, 0xEF7AA6541B0960DD 181 | rax ^= rcx; //xor rax, rcx 182 | rcx = 0xAC44478E4E7E319F; //mov rcx, 0xAC44478E4E7E319F 183 | rax *= rcx; //imul rax, rcx 184 | rcx = 0x69DF0E377EDBC9BB; //mov rcx, 0x69DF0E377EDBC9BB 185 | rax ^= rcx; //xor rax, rcx 186 | return rax; 187 | } 188 | case 4: 189 | { 190 | r9 = IO_READ_MEM(base + 0xC977AF5); //mov r9, [0x0000000009C4FFD5] 191 | rcx = 0x6B6B6FEB24A18CBC; //mov rcx, 0x6B6B6FEB24A18CBC 192 | rax ^= rcx; //xor rax, rcx 193 | rcx = 0xE26425F12DE4CEB; //mov rcx, 0xE26425F12DE4CEB 194 | rax ^= rcx; //xor rax, rcx 195 | rcx = rax; //mov rcx, rax 196 | rcx >>= 0x15; //shr rcx, 0x15 197 | rax ^= rcx; //xor rax, rcx 198 | rcx = rax; //mov rcx, rax 199 | rcx >>= 0x2A; //shr rcx, 0x2A 200 | rax ^= rcx; //xor rax, rcx 201 | rax += r11; //add rax, r11 202 | rcx = 0xC6BD746DB1DF1B31; //mov rcx, 0xC6BD746DB1DF1B31 203 | rax *= rcx; //imul rax, rcx 204 | rax -= base; //sub rax, [rbp-0x70] -- didn't find trace -> use base 205 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 206 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 207 | rcx ^= r9; //xor rcx, r9 208 | rcx = ~rcx; //not rcx 209 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 210 | rcx = rax; //mov rcx, rax 211 | rcx >>= 0x1; //shr rcx, 0x01 212 | rax ^= rcx; //xor rax, rcx 213 | rcx = rax; //mov rcx, rax 214 | rcx >>= 0x2; //shr rcx, 0x02 215 | rax ^= rcx; //xor rax, rcx 216 | rcx = rax; //mov rcx, rax 217 | rcx >>= 0x4; //shr rcx, 0x04 218 | rax ^= rcx; //xor rax, rcx 219 | rcx = rax; //mov rcx, rax 220 | rcx >>= 0x8; //shr rcx, 0x08 221 | rax ^= rcx; //xor rax, rcx 222 | rcx = rax; //mov rcx, rax 223 | rcx >>= 0x10; //shr rcx, 0x10 224 | rax ^= rcx; //xor rax, rcx 225 | rcx = rax; //mov rcx, rax 226 | rcx >>= 0x20; //shr rcx, 0x20 227 | rax ^= rcx; //xor rax, rcx 228 | return rax; 229 | } 230 | case 5: 231 | { 232 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C4F8CF] 233 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 234 | rcx = r11 * 0xFFFFFFFFFFFFFFFE; //imul rcx, r11, 0xFFFFFFFFFFFFFFFE 235 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 236 | rax += rcx; //add rax, rcx 237 | rdx ^= r10; //xor rdx, r10 238 | rcx = base + 0x5F737FAA; //lea rcx, [0x000000005C5EE5B8] 239 | rdx = ~rdx; //not rdx 240 | rax += rcx; //add rax, rcx 241 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 242 | rcx = rax; //mov rcx, rax 243 | rcx >>= 0x19; //shr rcx, 0x19 244 | rax ^= rcx; //xor rax, rcx 245 | rcx = rax; //mov rcx, rax 246 | rcx >>= 0x32; //shr rcx, 0x32 247 | rax ^= rcx; //xor rax, rcx 248 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB6490] 249 | rcx += 0x6987CC3C; //add rcx, 0x6987CC3C 250 | rcx += r11; //add rcx, r11 251 | rax += rcx; //add rax, rcx 252 | rcx = 0xBEC2B746A9461603; //mov rcx, 0xBEC2B746A9461603 253 | rax *= rcx; //imul rax, rcx 254 | rcx = 0x7D25D991052F24B5; //mov rcx, 0x7D25D991052F24B5 255 | rax += rcx; //add rax, rcx 256 | rcx = 0x6B9AD86F193C7172; //mov rcx, 0x6B9AD86F193C7172 257 | rax += rcx; //add rax, rcx 258 | return rax; 259 | } 260 | case 6: 261 | { 262 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C4F463] 263 | rdx = base + 0x50AF1F4F; //lea rdx, [0x000000004D9A82F5] 264 | rax += r11; //add rax, r11 265 | rcx = r11; //mov rcx, r11 266 | rcx ^= rdx; //xor rcx, rdx 267 | rax -= rcx; //sub rax, rcx 268 | rcx = 0xFA37AFACEF63040B; //mov rcx, 0xFA37AFACEF63040B 269 | rax ^= rcx; //xor rax, rcx 270 | rcx = 0xE15A50F0F0B4D5D9; //mov rcx, 0xE15A50F0F0B4D5D9 271 | rax *= rcx; //imul rax, rcx 272 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 273 | rcx = base + 0xEE8B; //lea rcx, [0xFFFFFFFFFCEC4E9B] 274 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 275 | rcx -= r11; //sub rcx, r11 276 | rax ^= rcx; //xor rax, rcx 277 | rdx ^= r10; //xor rdx, r10 278 | rdx = ~rdx; //not rdx 279 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 280 | rcx = 0x61E687AD8B6807D4; //mov rcx, 0x61E687AD8B6807D4 281 | rax += rcx; //add rax, rcx 282 | rcx = rax; //mov rcx, rax 283 | rcx >>= 0x15; //shr rcx, 0x15 284 | rax ^= rcx; //xor rax, rcx 285 | rcx = rax; //mov rcx, rax 286 | rcx >>= 0x2A; //shr rcx, 0x2A 287 | rax ^= rcx; //xor rax, rcx 288 | return rax; 289 | } 290 | case 7: 291 | { 292 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C4EF4D] 293 | r13 = base + 0xBEE4; //lea r13, [0xFFFFFFFFFCEC1DE4] 294 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB5B9A] 295 | rax ^= rcx; //xor rax, rcx 296 | rcx = 0x8DB3E6B3BD449D8; //mov rcx, 0x8DB3E6B3BD449D8 297 | rax += rcx; //add rax, rcx 298 | rcx = 0x7CFD8CC5318E532F; //mov rcx, 0x7CFD8CC5318E532F 299 | rax *= rcx; //imul rax, rcx 300 | rcx = rax; //mov rcx, rax 301 | rcx >>= 0x7; //shr rcx, 0x07 302 | rax ^= rcx; //xor rax, rcx 303 | rcx = rax; //mov rcx, rax 304 | rcx >>= 0xE; //shr rcx, 0x0E 305 | rax ^= rcx; //xor rax, rcx 306 | rcx = rax; //mov rcx, rax 307 | rcx >>= 0x1C; //shr rcx, 0x1C 308 | rax ^= rcx; //xor rax, rcx 309 | rcx = rax; //mov rcx, rax 310 | rcx >>= 0x38; //shr rcx, 0x38 311 | rax ^= rcx; //xor rax, rcx 312 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 313 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 314 | rcx = 0x6DE6E637B4DB68F1; //mov rcx, 0x6DE6E637B4DB68F1 315 | rdx ^= r10; //xor rdx, r10 316 | rdx = ~rdx; //not rdx 317 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 318 | rax *= rcx; //imul rax, rcx 319 | rcx = r11; //mov rcx, r11 320 | rcx -= r13; //sub rcx, r13 321 | rax ^= rcx; //xor rax, rcx 322 | rax -= r11; //sub rax, r11 323 | return rax; 324 | } 325 | case 8: 326 | { 327 | r9 = IO_READ_MEM(base + 0xC977AF5); //mov r9, [0x0000000009C4EAFE] 328 | rcx = rax; //mov rcx, rax 329 | rcx >>= 0x1E; //shr rcx, 0x1E 330 | rax ^= rcx; //xor rax, rcx 331 | rcx = rax; //mov rcx, rax 332 | rcx >>= 0x3C; //shr rcx, 0x3C 333 | rax ^= rcx; //xor rax, rcx 334 | rcx = 0xD16E8EE163C9A6B; //mov rcx, 0xD16E8EE163C9A6B 335 | rax *= rcx; //imul rax, rcx 336 | rcx = rax; //mov rcx, rax 337 | rcx >>= 0xE; //shr rcx, 0x0E 338 | rax ^= rcx; //xor rax, rcx 339 | rcx = rax; //mov rcx, rax 340 | rcx >>= 0x1C; //shr rcx, 0x1C 341 | rax ^= rcx; //xor rax, rcx 342 | rcx = rax; //mov rcx, rax 343 | rcx >>= 0x38; //shr rcx, 0x38 344 | rax ^= rcx; //xor rax, rcx 345 | rcx = 0xA9C58221B90E7C46; //mov rcx, 0xA9C58221B90E7C46 346 | rax ^= rcx; //xor rax, rcx 347 | rcx = 0x55F6ED3AB42B87A0; //mov rcx, 0x55F6ED3AB42B87A0 348 | rax -= rcx; //sub rax, rcx 349 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 350 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 351 | rcx ^= r9; //xor rcx, r9 352 | rcx = ~rcx; //not rcx 353 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 354 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB55E3] 355 | rax += rcx; //add rax, rcx 356 | rcx = rax; //mov rcx, rax 357 | rcx >>= 0x14; //shr rcx, 0x14 358 | rax ^= rcx; //xor rax, rcx 359 | rcx = rax; //mov rcx, rax 360 | rcx >>= 0x28; //shr rcx, 0x28 361 | rax ^= rcx; //xor rax, rcx 362 | return rax; 363 | } 364 | case 9: 365 | { 366 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C4E43B] 367 | rdx = r11; //mov rdx, r11 368 | rcx = base + 0xFCE2; //lea rcx, [0xFFFFFFFFFCEC4F2E] 369 | rdx *= rcx; //imul rdx, rcx 370 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB5241] 371 | rdx -= rcx; //sub rdx, rcx 372 | rcx = r11; //mov rcx, r11 373 | rax += rdx; //add rax, rdx 374 | rcx = ~rcx; //not rcx 375 | rax ^= rcx; //xor rax, rcx 376 | rdx = base + 0x6EC75C18; //lea rdx, [0x000000006BB2AE43] 377 | rax ^= rdx; //xor rax, rdx 378 | rcx = rax; //mov rcx, rax 379 | rcx >>= 0x7; //shr rcx, 0x07 380 | rax ^= rcx; //xor rax, rcx 381 | rcx = rax; //mov rcx, rax 382 | rcx >>= 0xE; //shr rcx, 0x0E 383 | rax ^= rcx; //xor rax, rcx 384 | rcx = rax; //mov rcx, rax 385 | rcx >>= 0x1C; //shr rcx, 0x1C 386 | rax ^= rcx; //xor rax, rcx 387 | rcx = rax; //mov rcx, rax 388 | rcx >>= 0x38; //shr rcx, 0x38 389 | rax ^= rcx; //xor rax, rcx 390 | r13 = 0xB691FFD9C9D61B2E; //mov r13, 0xB691FFD9C9D61B2E 391 | rax += r13; //add rax, r13 392 | r13 = 0x89C1B16D1EAC4B85; //mov r13, 0x89C1B16D1EAC4B85 393 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 394 | rax ^= r13; //xor rax, r13 395 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 396 | rcx ^= r10; //xor rcx, r10 397 | rcx = ~rcx; //not rcx 398 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 399 | rcx = 0x272542A0099256AB; //mov rcx, 0x272542A0099256AB 400 | rax *= rcx; //imul rax, rcx 401 | return rax; 402 | } 403 | case 10: 404 | { 405 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C4DF09] 406 | rcx = base + 0x240D8AB0; //lea rcx, [0x0000000020F8D81B] 407 | rcx += r11; //add rcx, r11 408 | rax ^= rcx; //xor rax, rcx 409 | rdx = base + 0x3B21; //lea rdx, [0xFFFFFFFFFCEB863E] 410 | rcx = r11; //mov rcx, r11 411 | rdx *= r11; //imul rdx, r11 412 | rcx = ~rcx; //not rcx 413 | rdx += rax; //add rdx, rax 414 | rax = base + 0x24E689C1; //lea rax, [0x0000000021D1D4BA] 415 | rcx += rax; //add rcx, rax 416 | rax = rdx; //mov rax, rdx 417 | rax ^= rcx; //xor rax, rcx 418 | rcx = 0x489A1BC87CDCD670; //mov rcx, 0x489A1BC87CDCD670 419 | rax ^= rcx; //xor rax, rcx 420 | rcx = 0xA00242052F60AE53; //mov rcx, 0xA00242052F60AE53 421 | rax ^= rcx; //xor rax, rcx 422 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 423 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 424 | rcx ^= r10; //xor rcx, r10 425 | rcx = ~rcx; //not rcx 426 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 427 | rcx = 0xBDB64B81FECB6E7D; //mov rcx, 0xBDB64B81FECB6E7D 428 | rax *= rcx; //imul rax, rcx 429 | rcx = rax; //mov rcx, rax 430 | rcx >>= 0x28; //shr rcx, 0x28 431 | rax ^= rcx; //xor rax, rcx 432 | return rax; 433 | } 434 | case 11: 435 | { 436 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C4DA22] 437 | rcx = rax; //mov rcx, rax 438 | rcx >>= 0x15; //shr rcx, 0x15 439 | rax ^= rcx; //xor rax, rcx 440 | rcx = rax; //mov rcx, rax 441 | rcx >>= 0x2A; //shr rcx, 0x2A 442 | rax ^= rcx; //xor rax, rcx 443 | rcx = 0xD3A53D9499733245; //mov rcx, 0xD3A53D9499733245 444 | rax *= rcx; //imul rax, rcx 445 | rcx = 0x72C2AC821062ABD1; //mov rcx, 0x72C2AC821062ABD1 446 | rax ^= rcx; //xor rax, rcx 447 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB44D6] 448 | rax -= rcx; //sub rax, rcx 449 | rax += 0xFFFFFFFFFFFF4954; //add rax, 0xFFFFFFFFFFFF4954 450 | rax += r11; //add rax, r11 451 | rcx = rax; //mov rcx, rax 452 | rcx >>= 0x1; //shr rcx, 0x01 453 | rax ^= rcx; //xor rax, rcx 454 | rcx = rax; //mov rcx, rax 455 | rcx >>= 0x2; //shr rcx, 0x02 456 | rax ^= rcx; //xor rax, rcx 457 | rcx = rax; //mov rcx, rax 458 | rcx >>= 0x4; //shr rcx, 0x04 459 | rax ^= rcx; //xor rax, rcx 460 | rcx = rax; //mov rcx, rax 461 | rcx >>= 0x8; //shr rcx, 0x08 462 | rax ^= rcx; //xor rax, rcx 463 | rcx = rax; //mov rcx, rax 464 | rcx >>= 0x10; //shr rcx, 0x10 465 | rax ^= rcx; //xor rax, rcx 466 | rcx = rax; //mov rcx, rax 467 | rcx >>= 0x20; //shr rcx, 0x20 468 | rax ^= rcx; //xor rax, rcx 469 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB4874] 470 | rax ^= rcx; //xor rax, rcx 471 | rcx = base + 0x5B0222F4; //lea rcx, [0x0000000057ED6775] 472 | rcx *= r11; //imul rcx, r11 473 | rax += rcx; //add rax, rcx 474 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 475 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 476 | rcx ^= r10; //xor rcx, r10 477 | rcx = ~rcx; //not rcx 478 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 479 | return rax; 480 | } 481 | case 12: 482 | { 483 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C4D4A3] 484 | r13 = base + 0x852; //lea r13, [0xFFFFFFFFFCEB4CAD] 485 | rcx = 0xF7D4FABCE6FC022; //mov rcx, 0xF7D4FABCE6FC022 486 | rax += rcx; //add rax, rcx 487 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 488 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 489 | rcx ^= r10; //xor rcx, r10 490 | rcx = ~rcx; //not rcx 491 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 492 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB4206] 493 | rax ^= rcx; //xor rax, rcx 494 | rax -= rcx; //sub rax, rcx 495 | rcx = 0x5C9D9DBA026E85B7; //mov rcx, 0x5C9D9DBA026E85B7 496 | rax *= rcx; //imul rax, rcx 497 | rcx = rax; //mov rcx, rax 498 | rdx = r11; //mov rdx, r11 499 | rcx >>= 0x21; //shr rcx, 0x21 500 | rdx = ~rdx; //not rdx 501 | rdx *= r13; //imul rdx, r13 502 | rdx ^= rcx; //xor rdx, rcx 503 | rax ^= rdx; //xor rax, rdx 504 | rax += r11; //add rax, r11 505 | return rax; 506 | } 507 | case 13: 508 | { 509 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C4D0D3] 510 | r13 = base + 0x12585A59; //lea r13, [0x000000000F439AE4] 511 | rcx = r11; //mov rcx, r11 512 | rcx = ~rcx; //not rcx 513 | rcx ^= r13; //xor rcx, r13 514 | rax += rcx; //add rax, rcx 515 | rcx = rax; //mov rcx, rax 516 | rcx >>= 0x8; //shr rcx, 0x08 517 | rax ^= rcx; //xor rax, rcx 518 | rcx = rax; //mov rcx, rax 519 | rcx >>= 0x10; //shr rcx, 0x10 520 | rax ^= rcx; //xor rax, rcx 521 | rcx = rax; //mov rcx, rax 522 | rcx >>= 0x20; //shr rcx, 0x20 523 | rax ^= rcx; //xor rax, rcx 524 | rcx = rax; //mov rcx, rax 525 | rcx >>= 0x11; //shr rcx, 0x11 526 | rax ^= rcx; //xor rax, rcx 527 | rcx = rax; //mov rcx, rax 528 | rcx >>= 0x22; //shr rcx, 0x22 529 | rax ^= rcx; //xor rax, rcx 530 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 531 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 532 | rcx ^= r10; //xor rcx, r10 533 | rcx = ~rcx; //not rcx 534 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 535 | rcx = 0xA4979265BBC7E3D5; //mov rcx, 0xA4979265BBC7E3D5 536 | rax *= rcx; //imul rax, rcx 537 | rcx = r11; //mov rcx, r11 538 | rcx = ~rcx; //not rcx 539 | rcx -= base; //sub rcx, [rbp-0x70] -- didn't find trace -> use base 540 | rcx -= 0x756FAD6E; //sub rcx, 0x756FAD6E 541 | rcx ^= rax; //xor rcx, rax 542 | rax = base + 0x78217335; //lea rax, [0x00000000750CB1E2] 543 | rcx += r11; //add rcx, r11 544 | rax += rcx; //add rax, rcx 545 | rcx = 0xC20F4E2AD24BC517; //mov rcx, 0xC20F4E2AD24BC517 546 | rax ^= rcx; //xor rax, rcx 547 | return rax; 548 | } 549 | case 14: 550 | { 551 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C4CB55] 552 | r13 = base + 0x3CF1; //lea r13, [0xFFFFFFFFFCEB77FE] 553 | rcx = rax; //mov rcx, rax 554 | rcx >>= 0x16; //shr rcx, 0x16 555 | rax ^= rcx; //xor rax, rcx 556 | rcx = rax; //mov rcx, rax 557 | rcx >>= 0x2C; //shr rcx, 0x2C 558 | rax ^= rcx; //xor rax, rcx 559 | rcx = 0xAF96B7C88EDF2B75; //mov rcx, 0xAF96B7C88EDF2B75 560 | rax *= rcx; //imul rax, rcx 561 | rax ^= r11; //xor rax, r11 562 | rdx = 0; //and rdx, 0xFFFFFFFFC0000000 563 | rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10 564 | rdx ^= r10; //xor rdx, r10 565 | rcx = r11 + r13 * 1; //lea rcx, [r11+r13*1] 566 | rax += rcx; //add rax, rcx 567 | rdx = ~rdx; //not rdx 568 | rcx = 0x7B695E53D3CD7B7F; //mov rcx, 0x7B695E53D3CD7B7F 569 | rax *= IO_READ_MEM(rdx + 0x7); //imul rax, [rdx+0x07] 570 | rax *= rcx; //imul rax, rcx 571 | rcx = 0x56A40B352BF2FDB7; //mov rcx, 0x56A40B352BF2FDB7 572 | rax -= rcx; //sub rax, rcx 573 | rcx = base + 0x32FFEB8B; //lea rcx, [0x000000002FEB25B1] 574 | rcx = ~rcx; //not rcx 575 | rcx *= r11; //imul rcx, r11 576 | rax += rcx; //add rax, rcx 577 | return rax; 578 | } 579 | case 15: 580 | { 581 | r10 = IO_READ_MEM(base + 0xC977AF5); //mov r10, [0x0000000009C4C5FC] 582 | rdx = base + 0x23AC2B6F; //lea rdx, [0x000000002097607C] 583 | rcx = base; //lea rcx, [0xFFFFFFFFFCEB3386] 584 | rax -= rcx; //sub rax, rcx 585 | rax += r11; //add rax, r11 586 | rdx = ~rdx; //not rdx 587 | rdx ^= r11; //xor rdx, r11 588 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 589 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 590 | rcx ^= r10; //xor rcx, r10 591 | rcx = ~rcx; //not rcx 592 | rax *= IO_READ_MEM(rcx + 0x7); //imul rax, [rcx+0x07] 593 | rcx = rax; //mov rcx, rax 594 | rcx >>= 0x17; //shr rcx, 0x17 595 | rax ^= rcx; //xor rax, rcx 596 | rcx = rax; //mov rcx, rax 597 | rcx >>= 0x2E; //shr rcx, 0x2E 598 | rax ^= rcx; //xor rax, rcx 599 | rax -= rdx; //sub rax, rdx 600 | rcx = 0xAE9091426078C4DF; //mov rcx, 0xAE9091426078C4DF 601 | rax *= rcx; //imul rax, rcx 602 | rcx = 0x2E839B5F3DB76D2B; //mov rcx, 0x2E839B5F3DB76D2B 603 | rax += rcx; //add rax, rcx 604 | rcx = 0x632E9341FBDD9A7C; //mov rcx, 0x632E9341FBDD9A7C 605 | rax -= rcx; //sub rax, rcx 606 | return rax; 607 | } 608 | } 609 | } 610 | uintptr_t decrypt_bone_base() 611 | { 612 | const uint64_t mb = base; 613 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 614 | rdx = IO_READ_MEM(base + 0x110039F8); 615 | if(!rdx) 616 | return rdx; 617 | r11 = peb; //mov r11, gs:[rax] 618 | rax = r11; //mov rax, r11 619 | rax <<= 0x22; //shl rax, 0x22 620 | rax = _byteswap_uint64(rax); //bswap rax 621 | rax &= 0xF; 622 | switch(rax) { 623 | case 0: 624 | { 625 | r9 = IO_READ_MEM(base + 0xC977BC9); //mov r9, [0x000000000A2D34A4] 626 | rax = 0; //and rax, 0xFFFFFFFFC0000000 627 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 628 | rax ^= r9; //xor rax, r9 629 | rax = _byteswap_uint64(rax); //bswap rax 630 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 631 | rax = base; //lea rax, [0xFFFFFFFFFD53A0A6] 632 | rdx -= rax; //sub rdx, rax 633 | rax = 0xC98EF2FFB1E013D2; //mov rax, 0xC98EF2FFB1E013D2 634 | rdx += 0xFFFFFFFFFFFFC795; //add rdx, 0xFFFFFFFFFFFFC795 635 | rdx += r11; //add rdx, r11 636 | rdx ^= rax; //xor rdx, rax 637 | rdx ^= r11; //xor rdx, r11 638 | rax = 0x1AE0F1058D3590F1; //mov rax, 0x1AE0F1058D3590F1 639 | rdx *= rax; //imul rdx, rax 640 | rax = 0x1EAC0325CBA779BC; //mov rax, 0x1EAC0325CBA779BC 641 | rdx ^= rax; //xor rdx, rax 642 | rax = rdx; //mov rax, rdx 643 | rax >>= 0x1F; //shr rax, 0x1F 644 | rdx ^= rax; //xor rdx, rax 645 | rax = rdx; //mov rax, rdx 646 | rax >>= 0x3E; //shr rax, 0x3E 647 | rdx ^= rax; //xor rdx, rax 648 | rdx ^= r11; //xor rdx, r11 649 | return rdx; 650 | } 651 | case 1: 652 | { 653 | r10 = IO_READ_MEM(base + 0xC977BC9); //mov r10, [0x000000000A2D2FA8] 654 | rax = 0x311E3C7DD1297B69; //mov rax, 0x311E3C7DD1297B69 655 | rdx *= rax; //imul rdx, rax 656 | rcx = r11; //mov rcx, r11 657 | rcx = ~rcx; //not rcx 658 | rax = 0; //and rax, 0xFFFFFFFFC0000000 659 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 660 | rax ^= r10; //xor rax, r10 661 | rax = _byteswap_uint64(rax); //bswap rax 662 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 663 | rax = base + 0x437D3D7F; //lea rax, [0x0000000040D0DA51] 664 | rax = ~rax; //not rax 665 | rcx += rax; //add rcx, rax 666 | rdx ^= rcx; //xor rdx, rcx 667 | rax = rdx; //mov rax, rdx 668 | rax >>= 0x28; //shr rax, 0x28 669 | rdx ^= rax; //xor rdx, rax 670 | rax = rdx; //mov rax, rdx 671 | rax >>= 0x13; //shr rax, 0x13 672 | rdx ^= rax; //xor rdx, rax 673 | rax = rdx; //mov rax, rdx 674 | rax >>= 0x26; //shr rax, 0x26 675 | rdx ^= rax; //xor rdx, rax 676 | rax = base; //lea rax, [0xFFFFFFFFFD539C9C] 677 | rax += 0x3B261317; //add rax, 0x3B261317 678 | rax += r11; //add rax, r11 679 | rdx += rax; //add rdx, rax 680 | rax = 0x85B82AEE944DCF96; //mov rax, 0x85B82AEE944DCF96 681 | rdx ^= rax; //xor rdx, rax 682 | rax = base; //lea rax, [0xFFFFFFFFFD539DA9] 683 | rdx += rax; //add rdx, rax 684 | return rdx; 685 | } 686 | case 2: 687 | { 688 | r9 = IO_READ_MEM(base + 0xC977BC9); //mov r9, [0x000000000A2D2ACF] 689 | rax = rdx; //mov rax, rdx 690 | rax >>= 0x25; //shr rax, 0x25 691 | rdx ^= rax; //xor rdx, rax 692 | rax = rdx; //mov rax, rdx 693 | rax >>= 0xC; //shr rax, 0x0C 694 | rdx ^= rax; //xor rdx, rax 695 | rax = rdx; //mov rax, rdx 696 | rax >>= 0x18; //shr rax, 0x18 697 | rdx ^= rax; //xor rdx, rax 698 | rax = rdx; //mov rax, rdx 699 | rax >>= 0x30; //shr rax, 0x30 700 | rdx ^= rax; //xor rdx, rax 701 | rdx += r11; //add rdx, r11 702 | rax = 0; //and rax, 0xFFFFFFFFC0000000 703 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 704 | rax ^= r9; //xor rax, r9 705 | rax = _byteswap_uint64(rax); //bswap rax 706 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 707 | rdx ^= r11; //xor rdx, r11 708 | rax = 0x6B65DF2C3A88AE69; //mov rax, 0x6B65DF2C3A88AE69 709 | rdx -= rax; //sub rdx, rax 710 | rax = 0xA4B331303E4E7A67; //mov rax, 0xA4B331303E4E7A67 711 | rdx *= rax; //imul rdx, rax 712 | rax = 0x6A137DDDFCE4C0D7; //mov rax, 0x6A137DDDFCE4C0D7 713 | rdx -= rax; //sub rdx, rax 714 | return rdx; 715 | } 716 | case 3: 717 | { 718 | r9 = IO_READ_MEM(base + 0xC977BC9); //mov r9, [0x000000000A2D2679] 719 | r10 = base + 0x1314A155; //lea r10, [0x00000000106836AD] 720 | rax = 0; //and rax, 0xFFFFFFFFC0000000 721 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 722 | rax ^= r9; //xor rax, r9 723 | rax = _byteswap_uint64(rax); //bswap rax 724 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 725 | rax = base; //lea rax, [0xFFFFFFFFFD53946F] 726 | rdx -= rax; //sub rdx, rax 727 | rax = rdx; //mov rax, rdx 728 | rax >>= 0x1F; //shr rax, 0x1F 729 | rdx ^= rax; //xor rdx, rax 730 | rax = rdx; //mov rax, rdx 731 | rax >>= 0x3E; //shr rax, 0x3E 732 | rdx ^= rax; //xor rdx, rax 733 | rdx ^= r11; //xor rdx, r11 734 | rax = r10; //mov rax, r10 735 | rax -= r11; //sub rax, r11 736 | rdx ^= rax; //xor rdx, rax 737 | rax = 0xD5A4D08183955257; //mov rax, 0xD5A4D08183955257 738 | rdx *= rax; //imul rdx, rax 739 | rax = 0x8DC8AE43913090FA; //mov rax, 0x8DC8AE43913090FA 740 | rdx ^= rax; //xor rdx, rax 741 | return rdx; 742 | } 743 | case 4: 744 | { 745 | r10 = IO_READ_MEM(base + 0xC977BC9); //mov r10, [0x000000000A2D2370] 746 | rax = 0xF7A45523CB2EF07F; //mov rax, 0xF7A45523CB2EF07F 747 | rdx ^= rax; //xor rdx, rax 748 | rdx -= r11; //sub rdx, r11 749 | rdx -= r11; //sub rdx, r11 750 | rdx -= r11; //sub rdx, r11 751 | rax = rdx; //mov rax, rdx 752 | rax >>= 0x14; //shr rax, 0x14 753 | rdx ^= rax; //xor rdx, rax 754 | rax = rdx; //mov rax, rdx 755 | rax >>= 0x28; //shr rax, 0x28 756 | rdx ^= rax; //xor rdx, rax 757 | rax = 0; //and rax, 0xFFFFFFFFC0000000 758 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 759 | rax ^= r10; //xor rax, r10 760 | rax = _byteswap_uint64(rax); //bswap rax 761 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 762 | rax = base; //lea rax, [0xFFFFFFFFFD538EA4] 763 | rax += 0x8F29; //add rax, 0x8F29 764 | rax += r11; //add rax, r11 765 | rdx ^= rax; //xor rdx, rax 766 | rax = 0xD43375ADC5407E51; //mov rax, 0xD43375ADC5407E51 767 | rdx *= rax; //imul rdx, rax 768 | return rdx; 769 | } 770 | case 5: 771 | { 772 | r9 = IO_READ_MEM(base + 0xC977BC9); //mov r9, [0x000000000A2D1EB7] 773 | rax = 0x7C5DF0A12057BE6; //mov rax, 0x7C5DF0A12057BE6 774 | rdx -= rax; //sub rdx, rax 775 | rax = 0x83F8FC0408B5D1AB; //mov rax, 0x83F8FC0408B5D1AB 776 | rdx ^= rax; //xor rdx, rax 777 | rax = base + 0x158DE932; //lea rax, [0x0000000012E1752A] 778 | rax = ~rax; //not rax 779 | rax *= r11; //imul rax, r11 780 | rdx += rax; //add rdx, rax 781 | rax = r11; //mov rax, r11 782 | uintptr_t RSP_0x98; 783 | RSP_0x98 = base + 0x12426297; //lea rax, [0x000000000F95F02B] : RSP+0x98 784 | rax *= RSP_0x98; //imul rax, [rsp+0x98] 785 | rdx ^= rax; //xor rdx, rax 786 | rax = base; //lea rax, [0xFFFFFFFFFD538B37] 787 | rax += 0x5541; //add rax, 0x5541 788 | rax += r11; //add rax, r11 789 | rdx += rax; //add rdx, rax 790 | rax = rdx; //mov rax, rdx 791 | rax >>= 0x5; //shr rax, 0x05 792 | rdx ^= rax; //xor rdx, rax 793 | rax = rdx; //mov rax, rdx 794 | rax >>= 0xA; //shr rax, 0x0A 795 | rdx ^= rax; //xor rdx, rax 796 | rax = rdx; //mov rax, rdx 797 | rax >>= 0x14; //shr rax, 0x14 798 | rdx ^= rax; //xor rdx, rax 799 | rax = rdx; //mov rax, rdx 800 | rax >>= 0x28; //shr rax, 0x28 801 | rdx ^= rax; //xor rdx, rax 802 | rax = 0; //and rax, 0xFFFFFFFFC0000000 803 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 804 | rax ^= r9; //xor rax, r9 805 | rax = _byteswap_uint64(rax); //bswap rax 806 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 807 | rax = 0x3F31D045C89ED8C5; //mov rax, 0x3F31D045C89ED8C5 808 | rdx *= rax; //imul rdx, rax 809 | return rdx; 810 | } 811 | case 6: 812 | { 813 | r10 = IO_READ_MEM(base + 0xC977BC9); //mov r10, [0x000000000A2D1914] 814 | rax = rdx; //mov rax, rdx 815 | rax >>= 0x6; //shr rax, 0x06 816 | rdx ^= rax; //xor rdx, rax 817 | rax = rdx; //mov rax, rdx 818 | rax >>= 0xC; //shr rax, 0x0C 819 | rdx ^= rax; //xor rdx, rax 820 | rax = rdx; //mov rax, rdx 821 | rax >>= 0x18; //shr rax, 0x18 822 | rdx ^= rax; //xor rdx, rax 823 | rax = rdx; //mov rax, rdx 824 | rax >>= 0x30; //shr rax, 0x30 825 | rdx ^= rax; //xor rdx, rax 826 | rax = 0x7564570D161CA18D; //mov rax, 0x7564570D161CA18D 827 | rdx *= rax; //imul rdx, rax 828 | rax = rdx; //mov rax, rdx 829 | rax >>= 0x26; //shr rax, 0x26 830 | rdx ^= rax; //xor rdx, rax 831 | rax = base; //lea rax, [0xFFFFFFFFFD53857B] 832 | rax += 0x144205B7; //add rax, 0x144205B7 833 | rax += r11; //add rax, r11 834 | rdx ^= rax; //xor rdx, rax 835 | rax = 0x80C6B6FC948F6729; //mov rax, 0x80C6B6FC948F6729 836 | rdx *= rax; //imul rdx, rax 837 | rax = 0x31DF20582505A415; //mov rax, 0x31DF20582505A415 838 | rdx += rax; //add rdx, rax 839 | rax = 0; //and rax, 0xFFFFFFFFC0000000 840 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 841 | rax ^= r10; //xor rax, r10 842 | rax = _byteswap_uint64(rax); //bswap rax 843 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 844 | rax = base + 0x6DA9DAD4; //lea rax, [0x000000006AFD6203] 845 | rdx += rax; //add rdx, rax 846 | rcx = r11; //mov rcx, r11 847 | rcx = ~rcx; //not rcx 848 | rdx += rcx; //add rdx, rcx 849 | return rdx; 850 | } 851 | case 7: 852 | { 853 | r10 = IO_READ_MEM(base + 0xC977BC9); //mov r10, [0x000000000A2D150F] 854 | rdx ^= r11; //xor rdx, r11 855 | rax = rdx; //mov rax, rdx 856 | rax >>= 0xD; //shr rax, 0x0D 857 | rdx ^= rax; //xor rdx, rax 858 | rax = rdx; //mov rax, rdx 859 | rax >>= 0x1A; //shr rax, 0x1A 860 | rdx ^= rax; //xor rdx, rax 861 | rax = rdx; //mov rax, rdx 862 | rax >>= 0x34; //shr rax, 0x34 863 | rdx ^= rax; //xor rdx, rax 864 | rax = rdx; //mov rax, rdx 865 | rax >>= 0x7; //shr rax, 0x07 866 | rdx ^= rax; //xor rdx, rax 867 | rax = rdx; //mov rax, rdx 868 | rax >>= 0xE; //shr rax, 0x0E 869 | rdx ^= rax; //xor rdx, rax 870 | rax = rdx; //mov rax, rdx 871 | rax >>= 0x1C; //shr rax, 0x1C 872 | rdx ^= rax; //xor rdx, rax 873 | rax = rdx; //mov rax, rdx 874 | rax >>= 0x38; //shr rax, 0x38 875 | rdx ^= rax; //xor rdx, rax 876 | rax = 0xCCB3012D7BB7524F; //mov rax, 0xCCB3012D7BB7524F 877 | rdx *= rax; //imul rdx, rax 878 | rax = 0x11516F5E5F563F90; //mov rax, 0x11516F5E5F563F90 879 | rdx -= rax; //sub rdx, rax 880 | rax = r11; //mov rax, r11 881 | rax = ~rax; //not rax 882 | uintptr_t RSP_0x68; 883 | RSP_0x68 = base + 0x4354; //lea rax, [0xFFFFFFFFFD53C753] : RSP+0x68 884 | rax *= RSP_0x68; //imul rax, [rsp+0x68] 885 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 886 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 887 | rdx += rax; //add rdx, rax 888 | rcx ^= r10; //xor rcx, r10 889 | rcx = _byteswap_uint64(rcx); //bswap rcx 890 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 891 | return rdx; 892 | } 893 | case 8: 894 | { 895 | r10 = IO_READ_MEM(base + 0xC977BC9); //mov r10, [0x000000000A2D1068] 896 | rdx -= r11; //sub rdx, r11 897 | rax = 0xEDC13D6B57B6E285; //mov rax, 0xEDC13D6B57B6E285 898 | rdx *= rax; //imul rdx, rax 899 | rax = r11; //mov rax, r11 900 | uintptr_t RSP_0x98; 901 | RSP_0x98 = base + 0x7D814959; //lea rax, [0x000000007AD4C88C] : RSP+0x98 902 | rax ^= RSP_0x98; //xor rax, [rsp+0x98] 903 | rax += r11; //add rax, r11 904 | rdx += rax; //add rdx, rax 905 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 906 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 907 | rcx ^= r10; //xor rcx, r10 908 | rcx = _byteswap_uint64(rcx); //bswap rcx 909 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 910 | rax = rdx; //mov rax, rdx 911 | rax >>= 0x21; //shr rax, 0x21 912 | rdx ^= rax; //xor rdx, rax 913 | rdx += r11; //add rdx, r11 914 | rax = base; //lea rax, [0xFFFFFFFFFD537DE8] 915 | rdx ^= rax; //xor rdx, rax 916 | return rdx; 917 | } 918 | case 9: 919 | { 920 | r9 = IO_READ_MEM(base + 0xC977BC9); //mov r9, [0x000000000A2D0D18] 921 | rax = rdx; //mov rax, rdx 922 | rax >>= 0xB; //shr rax, 0x0B 923 | rdx ^= rax; //xor rdx, rax 924 | rax = rdx; //mov rax, rdx 925 | rax >>= 0x16; //shr rax, 0x16 926 | rdx ^= rax; //xor rdx, rax 927 | rax = rdx; //mov rax, rdx 928 | rax >>= 0x2C; //shr rax, 0x2C 929 | rdx ^= rax; //xor rdx, rax 930 | rax = base; //lea rax, [0xFFFFFFFFFD5377CA] 931 | rdx ^= rax; //xor rdx, rax 932 | rax = 0; //and rax, 0xFFFFFFFFC0000000 933 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 934 | rax ^= r9; //xor rax, r9 935 | rax = _byteswap_uint64(rax); //bswap rax 936 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 937 | rax = rdx; //mov rax, rdx 938 | rax >>= 0xB; //shr rax, 0x0B 939 | rdx ^= rax; //xor rdx, rax 940 | rax = rdx; //mov rax, rdx 941 | rax >>= 0x16; //shr rax, 0x16 942 | rdx ^= rax; //xor rdx, rax 943 | rax = rdx; //mov rax, rdx 944 | rax >>= 0x2C; //shr rax, 0x2C 945 | rdx ^= rax; //xor rdx, rax 946 | rax = 0x53198E81F809E193; //mov rax, 0x53198E81F809E193 947 | rax -= r11; //sub rax, r11 948 | rax -= base; //sub rax, [rsp+0xD0] -- didn't find trace -> use base 949 | rdx += rax; //add rdx, rax 950 | rax = 0x5E76F88978AFE528; //mov rax, 0x5E76F88978AFE528 951 | rdx += rax; //add rdx, rax 952 | rax = 0x33557C5CEFBE234B; //mov rax, 0x33557C5CEFBE234B 953 | rdx *= rax; //imul rdx, rax 954 | return rdx; 955 | } 956 | case 10: 957 | { 958 | r10 = IO_READ_MEM(base + 0xC977BC9); //mov r10, [0x000000000A2D07FD] 959 | rax = base; //lea rax, [0xFFFFFFFFFD53756B] 960 | rdx -= rax; //sub rdx, rax 961 | rcx = rdx; //mov rcx, rdx 962 | rcx >>= 0x27; //shr rcx, 0x27 963 | rcx ^= rdx; //xor rcx, rdx 964 | rdx = base + 0x9688; //lea rdx, [0xFFFFFFFFFD540AE5] 965 | rdx *= r11; //imul rdx, r11 966 | rdx += rcx; //add rdx, rcx 967 | rax = rdx; //mov rax, rdx 968 | rax >>= 0x13; //shr rax, 0x13 969 | rdx ^= rax; //xor rdx, rax 970 | rax = rdx; //mov rax, rdx 971 | rax >>= 0x26; //shr rax, 0x26 972 | rdx ^= rax; //xor rdx, rax 973 | rax = 0; //and rax, 0xFFFFFFFFC0000000 974 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 975 | rax ^= r10; //xor rax, r10 976 | rax = _byteswap_uint64(rax); //bswap rax 977 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 978 | rax = 0x3331EF2FFF7DD801; //mov rax, 0x3331EF2FFF7DD801 979 | rdx *= rax; //imul rdx, rax 980 | rax = 0x2130706D6228E017; //mov rax, 0x2130706D6228E017 981 | rdx ^= rax; //xor rdx, rax 982 | return rdx; 983 | } 984 | case 11: 985 | { 986 | r10 = IO_READ_MEM(base + 0xC977BC9); //mov r10, [0x000000000A2D030A] 987 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 988 | rax = base + 0x1E13DCA3; //lea rax, [0x000000001B674AD7] 989 | rax = ~rax; //not rax 990 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 991 | rax += r11; //add rax, r11 992 | rcx ^= r10; //xor rcx, r10 993 | rdx += rax; //add rdx, rax 994 | rcx = _byteswap_uint64(rcx); //bswap rcx 995 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 996 | rax = base; //lea rax, [0xFFFFFFFFFD536E06] 997 | rax += 0x9D9E; //add rax, 0x9D9E 998 | rax += r11; //add rax, r11 999 | rdx += rax; //add rdx, rax 1000 | rax = r11; //mov rax, r11 1001 | rax -= base; //sub rax, [rsp+0xD0] -- didn't find trace -> use base 1002 | rdx += rax; //add rdx, rax 1003 | rax = 0x10CE41F37EB30D3D; //mov rax, 0x10CE41F37EB30D3D 1004 | rdx *= rax; //imul rdx, rax 1005 | rax = 0x3078E9571E8D51B0; //mov rax, 0x3078E9571E8D51B0 1006 | rdx -= rax; //sub rdx, rax 1007 | rax = 0x13796DAAB7614CCB; //mov rax, 0x13796DAAB7614CCB 1008 | rdx += rax; //add rdx, rax 1009 | rax = rdx; //mov rax, rdx 1010 | rax >>= 0x11; //shr rax, 0x11 1011 | rdx ^= rax; //xor rdx, rax 1012 | rcx = base + 0x7C2A0085; //lea rcx, [0x00000000797D6F4F] 1013 | rcx = ~rcx; //not rcx 1014 | rcx *= r11; //imul rcx, r11 1015 | rax = rdx; //mov rax, rdx 1016 | rax >>= 0x22; //shr rax, 0x22 1017 | rcx ^= rax; //xor rcx, rax 1018 | rdx ^= rcx; //xor rdx, rcx 1019 | return rdx; 1020 | } 1021 | case 12: 1022 | { 1023 | r9 = IO_READ_MEM(base + 0xC977BC9); //mov r9, [0x000000000A2CFEAF] 1024 | rax = 0; //and rax, 0xFFFFFFFFC0000000 1025 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 1026 | rax ^= r9; //xor rax, r9 1027 | rax = _byteswap_uint64(rax); //bswap rax 1028 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 1029 | rdx -= r11; //sub rdx, r11 1030 | rax = 0x509EB372CDB3AEF3; //mov rax, 0x509EB372CDB3AEF3 1031 | rdx *= rax; //imul rdx, rax 1032 | rax = 0x3978478545AD0B0E; //mov rax, 0x3978478545AD0B0E 1033 | rdx += rax; //add rdx, rax 1034 | rax = rdx; //mov rax, rdx 1035 | rax >>= 0x11; //shr rax, 0x11 1036 | rdx ^= rax; //xor rdx, rax 1037 | rax = rdx; //mov rax, rdx 1038 | rax >>= 0x22; //shr rax, 0x22 1039 | rdx ^= rax; //xor rdx, rax 1040 | rax = 0xF1F3C3AA4D6D1089; //mov rax, 0xF1F3C3AA4D6D1089 1041 | rdx *= rax; //imul rdx, rax 1042 | return rdx; 1043 | } 1044 | case 13: 1045 | { 1046 | r10 = IO_READ_MEM(base + 0xC977BC9); //mov r10, [0x000000000A2CFA18] 1047 | rax = rdx; //mov rax, rdx 1048 | rax >>= 0xE; //shr rax, 0x0E 1049 | rdx ^= rax; //xor rdx, rax 1050 | rax = rdx; //mov rax, rdx 1051 | rax >>= 0x1C; //shr rax, 0x1C 1052 | rdx ^= rax; //xor rdx, rax 1053 | rax = rdx; //mov rax, rdx 1054 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 1055 | rax >>= 0x38; //shr rax, 0x38 1056 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 1057 | rdx ^= rax; //xor rdx, rax 1058 | rcx ^= r10; //xor rcx, r10 1059 | rdx += r11; //add rdx, r11 1060 | rcx = _byteswap_uint64(rcx); //bswap rcx 1061 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 1062 | rax = 0xEA5C4AF83EEC98D; //mov rax, 0xEA5C4AF83EEC98D 1063 | rdx += rax; //add rdx, rax 1064 | rax = base + 0x7FFA; //lea rax, [0xFFFFFFFFFD53E72B] 1065 | rax = ~rax; //not rax 1066 | rax ^= r11; //xor rax, r11 1067 | rdx ^= rax; //xor rdx, rax 1068 | rax = 0x58CCD785809FBA65; //mov rax, 0x58CCD785809FBA65 1069 | rdx *= rax; //imul rdx, rax 1070 | rax = 0xCB1252FFDD097729; //mov rax, 0xCB1252FFDD097729 1071 | rdx *= rax; //imul rdx, rax 1072 | rax = base; //lea rax, [0xFFFFFFFFFD5364C7] 1073 | rax += 0x1CFB; //add rax, 0x1CFB 1074 | rax += r11; //add rax, r11 1075 | rdx += rax; //add rdx, rax 1076 | return rdx; 1077 | } 1078 | case 14: 1079 | { 1080 | r10 = IO_READ_MEM(base + 0xC977BC9); //mov r10, [0x000000000A2CF45F] 1081 | rax = rdx; //mov rax, rdx 1082 | rax >>= 0x1C; //shr rax, 0x1C 1083 | rdx ^= rax; //xor rdx, rax 1084 | rax = rdx; //mov rax, rdx 1085 | rax >>= 0x38; //shr rax, 0x38 1086 | rax ^= rdx; //xor rax, rdx 1087 | rdx = base; //lea rdx, [0xFFFFFFFFFD535FE9] 1088 | rax -= rdx; //sub rax, rdx 1089 | rdx = r11 + 0xffffffffd3bc8867; //lea rdx, [r11-0x2C437799] 1090 | rdx += rax; //add rdx, rax 1091 | rax = 0; //and rax, 0xFFFFFFFFC0000000 1092 | rax = _rotl64(rax, 0x10); //rol rax, 0x10 1093 | rax ^= r10; //xor rax, r10 1094 | rax = _byteswap_uint64(rax); //bswap rax 1095 | rdx *= IO_READ_MEM(rax + 0x11); //imul rdx, [rax+0x11] 1096 | rax = base; //lea rax, [0xFFFFFFFFFD535EFA] 1097 | rdx -= rax; //sub rdx, rax 1098 | rax = 0x311461FA31B150C8; //mov rax, 0x311461FA31B150C8 1099 | rdx ^= rax; //xor rdx, rax 1100 | rax = 0x3D057F65AC2E944D; //mov rax, 0x3D057F65AC2E944D 1101 | rdx += rax; //add rdx, rax 1102 | rax = 0x3EA61F392134306F; //mov rax, 0x3EA61F392134306F 1103 | rdx *= rax; //imul rdx, rax 1104 | rax = rdx; //mov rax, rdx 1105 | rax >>= 0x16; //shr rax, 0x16 1106 | rdx ^= rax; //xor rdx, rax 1107 | rax = rdx; //mov rax, rdx 1108 | rax >>= 0x2C; //shr rax, 0x2C 1109 | rdx ^= rax; //xor rdx, rax 1110 | return rdx; 1111 | } 1112 | case 15: 1113 | { 1114 | r10 = IO_READ_MEM(base + 0xC977BC9); //mov r10, [0x000000000A2CEFCD] 1115 | rax = rdx; //mov rax, rdx 1116 | rax >>= 0x25; //shr rax, 0x25 1117 | rdx ^= rax; //xor rdx, rax 1118 | rdx -= r11; //sub rdx, r11 1119 | rcx = 0; //and rcx, 0xFFFFFFFFC0000000 1120 | rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10 1121 | rcx ^= r10; //xor rcx, r10 1122 | rax = base; //lea rax, [0xFFFFFFFFFD535C52] 1123 | rax += 0x953; //add rax, 0x953 1124 | rax += r11; //add rax, r11 1125 | rcx = _byteswap_uint64(rcx); //bswap rcx 1126 | rdx ^= rax; //xor rdx, rax 1127 | rdx *= IO_READ_MEM(rcx + 0x11); //imul rdx, [rcx+0x11] 1128 | rax = 0xEDC186E4F45D82CF; //mov rax, 0xEDC186E4F45D82CF 1129 | rdx *= rax; //imul rdx, rax 1130 | rdx -= r11; //sub rdx, r11 1131 | rax = base; //lea rax, [0xFFFFFFFFFD535B5A] 1132 | rdx -= rax; //sub rdx, rax 1133 | rax = 0x579691DADE4159FD; //mov rax, 0x579691DADE4159FD 1134 | rdx *= rax; //imul rdx, rax 1135 | rax = 0x20B206512FA8AEE; //mov rax, 0x20B206512FA8AEE 1136 | rdx -= rax; //sub rdx, rax 1137 | rax = 0x804CFF40F9D9BEBF; //mov rax, 0x804CFF40F9D9BEBF 1138 | rdx *= rax; //imul rdx, rax 1139 | return rdx; 1140 | } 1141 | } 1142 | } 1143 | uint16_t get_bone_index(uint32_t bone_index) 1144 | { 1145 | const uint64_t mb = base; 1146 | uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb; 1147 | rsi = bone_index; 1148 | rcx = rsi * 0x13C8; 1149 | rax = 0xD8CE01BF28E39A45; //mov rax, 0xD8CE01BF28E39A45 1150 | rax = _umul128(rax, rcx, (uintptr_t*)&rdx); //mul rcx 1151 | rdi = base; //lea rdi, [0xFFFFFFFFFD4C3F5A] 1152 | r10 = 0xB225E47EA96E19B5; //mov r10, 0xB225E47EA96E19B5 1153 | rdx >>= 0xD; //shr rdx, 0x0D 1154 | rax = rdx * 0x25C9; //imul rax, rdx, 0x25C9 1155 | rcx -= rax; //sub rcx, rax 1156 | rax = 0xCEA41D97BF6494DF; //mov rax, 0xCEA41D97BF6494DF 1157 | r8 = rcx * 0x25C9; //imul r8, rcx, 0x25C9 1158 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1159 | rax = r8; //mov rax, r8 1160 | rax -= rdx; //sub rax, rdx 1161 | rax >>= 0x1; //shr rax, 0x01 1162 | rax += rdx; //add rax, rdx 1163 | rax >>= 0xE; //shr rax, 0x0E 1164 | rax = rax * 0x46D4; //imul rax, rax, 0x46D4 1165 | r8 -= rax; //sub r8, rax 1166 | rax = 0x526226F064679F75; //mov rax, 0x526226F064679F75 1167 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1168 | rax = 0xD79435E50D79435F; //mov rax, 0xD79435E50D79435F 1169 | rdx >>= 0x9; //shr rdx, 0x09 1170 | rcx = rdx * 0x637; //imul rcx, rdx, 0x637 1171 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1172 | rdx >>= 0x4; //shr rdx, 0x04 1173 | rcx += rdx; //add rcx, rdx 1174 | rax = rcx * 0x26; //imul rax, rcx, 0x26 1175 | rcx = r8 + r8 * 4; //lea rcx, [r8+r8*4] 1176 | rcx <<= 0x3; //shl rcx, 0x03 1177 | rcx -= rax; //sub rcx, rax 1178 | rax = IO_READ_MEM(rcx + rdi * 1 + 0xB9268B0); //movzx eax, word ptr [rcx+rdi*1+0xBD077E0] 1179 | r8 = rax * 0x13C8; //imul r8, rax, 0x13C8 1180 | rax = r10; //mov rax, r10 1181 | rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8 1182 | rcx = r8; //mov rcx, r8 1183 | rax = r10; //mov rax, r10 1184 | rcx -= rdx; //sub rcx, rdx 1185 | rcx >>= 0x1; //shr rcx, 0x01 1186 | rcx += rdx; //add rcx, rdx 1187 | rcx >>= 0xD; //shr rcx, 0x0D 1188 | rcx = rcx * 0x25BD; //imul rcx, rcx, 0x25BD 1189 | r8 -= rcx; //sub r8, rcx 1190 | r9 = r8 * 0x319C; //imul r9, r8, 0x319C 1191 | rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9 1192 | rax = r9; //mov rax, r9 1193 | rax -= rdx; //sub rax, rdx 1194 | rax >>= 0x1; //shr rax, 0x01 1195 | rax += rdx; //add rax, rdx 1196 | rax >>= 0xD; //shr rax, 0x0D 1197 | rax = rax * 0x25BD; //imul rax, rax, 0x25BD 1198 | r9 -= rax; //sub r9, rax 1199 | rax = 0x842108421084211; //mov rax, 0x842108421084211 1200 | rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9 1201 | rax = r9; //mov rax, r9 1202 | rax -= rdx; //sub rax, rdx 1203 | rax >>= 0x1; //shr rax, 0x01 1204 | rax += rdx; //add rax, rdx 1205 | rax >>= 0xA; //shr rax, 0x0A 1206 | rcx = rax * 0x7C0; //imul rcx, rax, 0x7C0 1207 | rax = 0xE38E38E38E38E38F; //mov rax, 0xE38E38E38E38E38F 1208 | rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9 1209 | rdx >>= 0x3; //shr rdx, 0x03 1210 | rcx += rdx; //add rcx, rdx 1211 | rax = rcx + rcx * 8; //lea rax, [rcx+rcx*8] 1212 | rax += rax; //add rax, rax 1213 | rcx = r9 + r9 * 4; //lea rcx, [r9+r9*4] 1214 | rcx <<= 0x2; //shl rcx, 0x02 1215 | rcx -= rax; //sub rcx, rax 1216 | r12 = IO_READ_MEM(rcx + rdi * 1 + 0xB9354E0); //movsx r12d, word ptr [rcx+rdi*1+0xBD16410] 1217 | return r12; 1218 | } 1219 | 1220 | constexpr auto ref_def_ptr = 0x133D9FB8; 1221 | constexpr auto name_array = 0x13598188; 1222 | constexpr auto loot_ptr = 0xDF1F010; 1223 | constexpr auto camera_base = 0x13554580; 1224 | constexpr auto local_index = 0xCA528; 1225 | constexpr auto game_mode = 0xCBDEF28; 1226 | constexpr auto weapon_definitions = 0x13432770; 1227 | constexpr auto distribute = 0xFFFABD0; 1228 | constexpr auto visible_bit = 0xBC4C4; 1229 | 1230 | constexpr auto size = 0x1E70; 1231 | constexpr auto valid = 0xD06; 1232 | constexpr auto pos = 0x1068; 1233 | constexpr auto team = 0x1B02; 1234 | constexpr auto stance = 0x1EE; 1235 | constexpr auto weapon_index = 0x1142; 1236 | constexpr auto dead_1 = 0x9D4; 1237 | constexpr auto dead_2 = 0x1198; 1238 | 1239 | constexpr auto bone_base = 0x1AFDF8; 1240 | --------------------------------------------------------------------------------