Skip to content

Commit

Permalink
almost there
Browse files Browse the repository at this point in the history
  • Loading branch information
Mr-Auto committed Sep 18, 2023
1 parent b2e26e3 commit baa737f
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion src/game_api/rpc.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1927,10 +1927,10 @@ void patch_olmec_kill_crash()

const auto offset = get_address("olmec_lookup_crash");
constexpr auto code_to_move = 7;
auto memory = Memory::get();
size_t return_addr;
{
// find address to escape to
auto memory = Memory::get();
auto rva = offset - memory.exe_ptr;
// there are two jump that performe long jump, at the end, of it, the is 'mov rax,qword ptr ds:[rdi]', then find jump that's jumps over that code and create sound meta call
// this is actually unique pattern
Expand All @@ -1943,6 +1943,21 @@ void patch_olmec_kill_crash()
auto jump_offset = memory_read<int8_t>(jump_offset_offset);
return_addr = jump_offset_offset + 1 + jump_offset; // +1 to get address after the jump
}
{
// patch the cutscene
const auto function_offset = get_virtual_function_address(VTABLE_OFFSET::THEME_OLMEC, 24); // spawn_effects
auto jump_out_lookup = find_inst(memory.exe(), "\x48\x03\x58\x28"sv, function_offset, std::nullopt, "patch_olmec_kill_crash");
if (jump_out_lookup == 0)
return;

auto end_function = find_inst(memory.exe(), "\x48\x83\xC4\x78"sv, jump_out_lookup, std::nullopt, "patch_olmec_kill_crash");
if (jump_out_lookup == 0)
return;
auto jump_offset_offset = memory.at_exe(jump_out_lookup + 10);
auto addr_to_jump_to = memory.at_exe(end_function);
int32_t rel = static_cast<int32_t>(addr_to_jump_to - (jump_offset_offset + 4));
write_mem_prot(jump_offset_offset, rel, true);
}

std::string_view new_code{
"\x0f\x85\x00\x00\x00\x00"sv // jne (offset needs to be updated after we know the address)
Expand Down

0 comments on commit baa737f

Please sign in to comment.