API tools faq
paste
Guest User

Steam

a guest
Oct 23rd, 2024
407
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 70.73 KB | None | 0 0
raw download clone embed print report
  1. uintptr_t decrypt_client_info(const Driver& driver)
  2. {
  3. const uint64_t mb = driver.base_addr;
  4. uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb;
  5. rbx = driver.Read<uintptr_t>(driver.base_addr + 0x14CEFCD8);
  6. if(!rbx)
  7. return rbx;
  8. rdx = driver.target_peb; //mov rdx, gs:[rax]
  9. r8 = 00000044F314F108//failed to trace. base: 00007FF73CB60000 It's possibly wrong
  10. rcx = rbx + r8 * 1; //lea rcx, [rbx+r8*1]
  11. rax = 0; //and rax, 0xFFFFFFFFC0000000
  12. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  13. rax ^= driver.Read<uintptr_t>(driver.base_addr + 0xB1EF0E5); //xor rax, [0x0000000008969A7C]
  14. rax = _byteswap_uint64(rax); //bswap rax
  15. rcx *= driver.Read<uintptr_t>(rax + 0x5); //imul rcx, [rax+0x05]
  16. rax = driver.base_addr + 0x37489F9E; //lea rax, [0x0000000034C04926]
  17. rdx ^= rax; //xor rdx, rax
  18. rcx += rdx; //add rcx, rdx
  19. rax = rcx; //mov rax, rcx
  20. rax >>= 0x13; //shr rax, 0x13
  21. rcx ^= rax; //xor rcx, rax
  22. rax = 0xF7B4615B6CAAA4C7; //mov rax, 0xF7B4615B6CAAA4C7
  23. rbx = rcx; //mov rbx, rcx
  24. rbx >>= 0x26; //shr rbx, 0x26
  25. rbx ^= rcx; //xor rbx, rcx
  26. rbx ^= rax; //xor rbx, rax
  27. rax = 0x4FBE922616062817; //mov rax, 0x4FBE922616062817
  28. rbx *= rax; //imul rbx, rax
  29. return rbx;
  30. }
  31. uintptr_t decrypt_client_base(const Driver& driver, uintptr_t client_info)
  32. {
  33. const uint64_t mb = driver.base_addr;
  34. uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb;
  35. rax = driver.Read<uintptr_t>(client_info + 0x199748);
  36. if(!rax)
  37. return rax;
  38. r11= ~driver.target_peb; //mov r11, gs:[rcx]
  39. rcx = r11; //mov rcx, r11
  40. //failed to translate: mov [rsp+0x90], r12
  41. rcx <<= 0x23; //shl rcx, 0x23
  42. rcx = _byteswap_uint64(rcx); //bswap rcx
  43. rcx &= 0xF;
  44. switch(rcx) {
  45. case 0:
  46. {
  47. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x0000000008389943]
  48. r15 = driver.base_addr + 0x736B1CC9; //lea r15, [0x000000007084C4D9]
  49. rcx = rax; //mov rcx, rax
  50. rcx >>= 0x4; //shr rcx, 0x04
  51. rax ^= rcx; //xor rax, rcx
  52. rcx = rax; //mov rcx, rax
  53. rcx >>= 0x8; //shr rcx, 0x08
  54. rax ^= rcx; //xor rax, rcx
  55. rcx = rax; //mov rcx, rax
  56. rcx >>= 0x10; //shr rcx, 0x10
  57. rax ^= rcx; //xor rax, rcx
  58. rcx = rax; //mov rcx, rax
  59. rcx >>= 0x20; //shr rcx, 0x20
  60. rax ^= rcx; //xor rax, rcx
  61. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  62. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  63. rcx ^= r10; //xor rcx, r10
  64. rcx = ~rcx; //not rcx
  65. rcx = driver.Read<uintptr_t>(rcx + 0x9); //mov rcx, [rcx+0x09]
  66. uintptr_t RSP_0xFFFFFFFFFFFFFFDF;
  67. RSP_0xFFFFFFFFFFFFFFDF = 0xEDD02482923403CB; //mov rcx, 0xEDD02482923403CB : RBP+0xFFFFFFFFFFFFFFDF
  68. rcx *= RSP_0xFFFFFFFFFFFFFFDF; //imul rcx, [rbp-0x21]
  69. rax *= rcx; //imul rax, rcx
  70. rcx = r11; //mov rcx, r11
  71. rcx -= driver.base_addr; //sub rcx, [rbp+0x77] -- didn't find trace -> use base
  72. rcx += 0xFFFFFFFFC99E5582; //add rcx, 0xFFFFFFFFC99E5582
  73. rax += rcx; //add rax, rcx
  74. rcx = driver.base_addr; //lea rcx, [0xFFFFFFFFFD19A665]
  75. rax ^= rcx; //xor rax, rcx
  76. rcx = 0x26A471A9EFBC14B9; //mov rcx, 0x26A471A9EFBC14B9
  77. rax *= rcx; //imul rax, rcx
  78. rcx = r11; //mov rcx, r11
  79. rcx = ~rcx; //not rcx
  80. rcx ^= r15; //xor rcx, r15
  81. rax -= rcx; //sub rax, rcx
  82. rcx = 0x4E231C434132699A; //mov rcx, 0x4E231C434132699A
  83. rax += rcx; //add rax, rcx
  84. return rax;
  85. }
  86. case 1:
  87. {
  88. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r9, [0x000000000838946F]
  89. r14 = driver.base_addr + 0x2239B1C1; //lea r14, [0x000000001F5354E6]
  90. rcx = rax; //mov rcx, rax
  91. rcx >>= 0x15; //shr rcx, 0x15
  92. rax ^= rcx; //xor rax, rcx
  93. rcx = rax; //mov rcx, rax
  94. rcx >>= 0x2A; //shr rcx, 0x2A
  95. rax ^= rcx; //xor rax, rcx
  96. rcx = rax; //mov rcx, rax
  97. rcx >>= 0xA; //shr rcx, 0x0A
  98. rax ^= rcx; //xor rax, rcx
  99. rcx = rax; //mov rcx, rax
  100. rcx >>= 0x14; //shr rcx, 0x14
  101. rax ^= rcx; //xor rax, rcx
  102. rcx = rax; //mov rcx, rax
  103. rcx >>= 0x28; //shr rcx, 0x28
  104. rax ^= rcx; //xor rax, rcx
  105. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  106. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  107. rcx ^= r9; //xor rcx, r9
  108. rcx = ~rcx; //not rcx
  109. rax *= driver.Read<uintptr_t>(rcx + 0x9); //imul rax, [rcx+0x09]
  110. rcx = 0x3E63A253C6775D5; //mov rcx, 0x3E63A253C6775D5
  111. rax ^= rcx; //xor rax, rcx
  112. rcx = 0xC1F5691FD75F11C7; //mov rcx, 0xC1F5691FD75F11C7
  113. rax *= rcx; //imul rax, rcx
  114. rax += 0xFFFFFFFFDA4F9118; //add rax, 0xFFFFFFFFDA4F9118
  115. rax += r11; //add rax, r11
  116. rcx = r14; //mov rcx, r14
  117. rcx = ~rcx; //not rcx
  118. rcx ^= r11; //xor rcx, r11
  119. rax += rcx; //add rax, rcx
  120. return rax;
  121. }
  122. case 2:
  123. {
  124. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x0000000008388FB7]
  125. rcx = 0x43AE441D8481DD04; //mov rcx, 0x43AE441D8481DD04
  126. rax -= rcx; //sub rax, rcx
  127. rcx = rax; //mov rcx, rax
  128. rcx >>= 0x26; //shr rcx, 0x26
  129. rax ^= rcx; //xor rax, rcx
  130. rcx = rax; //mov rcx, rax
  131. rcx >>= 0x9; //shr rcx, 0x09
  132. rax ^= rcx; //xor rax, rcx
  133. rcx = rax; //mov rcx, rax
  134. rcx >>= 0x12; //shr rcx, 0x12
  135. rax ^= rcx; //xor rax, rcx
  136. rdx = rax; //mov rdx, rax
  137. rdx >>= 0x24; //shr rdx, 0x24
  138. rdx ^= rax; //xor rdx, rax
  139. rcx = r11; //mov rcx, r11
  140. rax = driver.base_addr + 0x424950C8; //lea rax, [0x000000003F62ED04]
  141. rcx = ~rcx; //not rcx
  142. rax *= rcx; //imul rax, rcx
  143. rax += rdx; //add rax, rdx
  144. rcx = 0x1EB0B3B479EF017; //mov rcx, 0x1EB0B3B479EF017
  145. rax *= rcx; //imul rax, rcx
  146. rcx = 0xF4FDCF8C05766D07; //mov rcx, 0xF4FDCF8C05766D07
  147. rax ^= rcx; //xor rax, rcx
  148. rcx = rax; //mov rcx, rax
  149. rcx >>= 0x17; //shr rcx, 0x17
  150. rax ^= rcx; //xor rax, rcx
  151. rdx = 0; //and rdx, 0xFFFFFFFFC0000000
  152. rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10
  153. rcx = rax; //mov rcx, rax
  154. rdx ^= r10; //xor rdx, r10
  155. rcx >>= 0x2E; //shr rcx, 0x2E
  156. rdx = ~rdx; //not rdx
  157. rax ^= rcx; //xor rax, rcx
  158. rax *= driver.Read<uintptr_t>(rdx + 0x9); //imul rax, [rdx+0x09]
  159. return rax;
  160. }
  161. case 3:
  162. {
  163. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x0000000008388A7D]
  164. r15 = driver.base_addr + 0x8952; //lea r15, [0xFFFFFFFFFD1A2290]
  165. r14 = driver.base_addr + 0x1488BAD0; //lea r14, [0x0000000011A25403]
  166. rdx = r11; //mov rdx, r11
  167. rdx = ~rdx; //not rdx
  168. rcx = r15; //mov rcx, r15
  169. rcx = ~rcx; //not rcx
  170. rdx *= rcx; //imul rdx, rcx
  171. rcx = 0x920D8D54066C3BC8; //mov rcx, 0x920D8D54066C3BC8
  172. rax ^= rdx; //xor rax, rdx
  173. rax ^= rcx; //xor rax, rcx
  174. rcx = 0x71B6A01168176A5F; //mov rcx, 0x71B6A01168176A5F
  175. rax *= rcx; //imul rax, rcx
  176. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  177. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  178. rcx ^= r10; //xor rcx, r10
  179. rcx = ~rcx; //not rcx
  180. rax *= driver.Read<uintptr_t>(rcx + 0x9); //imul rax, [rcx+0x09]
  181. rcx = rax; //mov rcx, rax
  182. rcx >>= 0xB; //shr rcx, 0x0B
  183. rax ^= rcx; //xor rax, rcx
  184. rcx = rax; //mov rcx, rax
  185. rcx >>= 0x16; //shr rcx, 0x16
  186. rax ^= rcx; //xor rax, rcx
  187. rcx = rax; //mov rcx, rax
  188. rcx >>= 0x2C; //shr rcx, 0x2C
  189. rax ^= rcx; //xor rax, rcx
  190. rcx = 0x28C4EBE07CC779E5; //mov rcx, 0x28C4EBE07CC779E5
  191. rax ^= rcx; //xor rax, rcx
  192. rcx = r11; //mov rcx, r11
  193. rcx *= r14; //imul rcx, r14
  194. rax -= rcx; //sub rax, rcx
  195. rax += r11; //add rax, r11
  196. return rax;
  197. }
  198. case 4:
  199. {
  200. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x00000000083885AD]
  201. r14 = driver.base_addr + 0x71CF; //lea r14, [0xFFFFFFFFFD1A063D]
  202. rcx = 0x7BD4F3C29580BB87; //mov rcx, 0x7BD4F3C29580BB87
  203. rax *= rcx; //imul rax, rcx
  204. rcx = 0x646EC108C275FCD7; //mov rcx, 0x646EC108C275FCD7
  205. rax -= r11; //sub rax, r11
  206. rax -= rcx; //sub rax, rcx
  207. rcx = rax; //mov rcx, rax
  208. rcx >>= 0x1B; //shr rcx, 0x1B
  209. rax ^= rcx; //xor rax, rcx
  210. rcx = rax; //mov rcx, rax
  211. rcx >>= 0x36; //shr rcx, 0x36
  212. rax ^= rcx; //xor rax, rcx
  213. rcx = 0x142843BCE5FD72BB; //mov rcx, 0x142843BCE5FD72BB
  214. rdx = 0; //and rdx, 0xFFFFFFFFC0000000
  215. rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10
  216. rax *= rcx; //imul rax, rcx
  217. rdx ^= r10; //xor rdx, r10
  218. rdx = ~rdx; //not rdx
  219. rax += r11; //add rax, r11
  220. rax *= driver.Read<uintptr_t>(rdx + 0x9); //imul rax, [rdx+0x09]
  221. rcx = r11; //mov rcx, r11
  222. rcx = ~rcx; //not rcx
  223. rcx ^= r14; //xor rcx, r14
  224. rax -= rcx; //sub rax, rcx
  225. return rax;
  226. }
  227. case 5:
  228. {
  229. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x00000000083881F1]
  230. rcx = rax; //mov rcx, rax
  231. rcx >>= 0x9; //shr rcx, 0x09
  232. rax ^= rcx; //xor rax, rcx
  233. rcx = rax; //mov rcx, rax
  234. rcx >>= 0x12; //shr rcx, 0x12
  235. rax ^= rcx; //xor rax, rcx
  236. rcx = rax; //mov rcx, rax
  237. rcx >>= 0x24; //shr rcx, 0x24
  238. rax ^= rcx; //xor rax, rcx
  239. rcx = driver.base_addr; //lea rcx, [0xFFFFFFFFFD198B2B]
  240. rcx += 0x111FC085; //add rcx, 0x111FC085
  241. rcx += r11; //add rcx, r11
  242. rax += rcx; //add rax, rcx
  243. rcx = 0xF8D94370868AB99; //mov rcx, 0xF8D94370868AB99
  244. rax *= rcx; //imul rax, rcx
  245. rcx = 0xB026072E428E1D57; //mov rcx, 0xB026072E428E1D57
  246. rax *= rcx; //imul rax, rcx
  247. rcx = driver.base_addr; //lea rcx, [0xFFFFFFFFFD198CF2]
  248. rcx += 0x19F5; //add rcx, 0x19F5
  249. rcx += r11; //add rcx, r11
  250. rax += rcx; //add rax, rcx
  251. rcx = rax; //mov rcx, rax
  252. rcx >>= 0x23; //shr rcx, 0x23
  253. rax ^= rcx; //xor rax, rcx
  254. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  255. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  256. rcx ^= r10; //xor rcx, r10
  257. rcx = ~rcx; //not rcx
  258. rcx = driver.Read<uintptr_t>(rcx + 0x9); //mov rcx, [rcx+0x09]
  259. uintptr_t RSP_0x6F;
  260. RSP_0x6F = 0x5F23D3FEF0707261; //mov rcx, 0x5F23D3FEF0707261 : RBP+0x6F
  261. rcx *= RSP_0x6F; //imul rcx, [rbp+0x6F]
  262. rax *= rcx; //imul rax, rcx
  263. return rax;
  264. }
  265. case 6:
  266. {
  267. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r9, [0x0000000008387C31]
  268. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  269. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  270. rcx ^= r9; //xor rcx, r9
  271. rcx = ~rcx; //not rcx
  272. rax *= driver.Read<uintptr_t>(rcx + 0x9); //imul rax, [rcx+0x09]
  273. rax -= r11; //sub rax, r11
  274. rcx = driver.base_addr + 0x43B5; //lea rcx, [0xFFFFFFFFFD19CD3D]
  275. rcx -= r11; //sub rcx, r11
  276. rax += rcx; //add rax, rcx
  277. rcx = 0x35284D873B9851A9; //mov rcx, 0x35284D873B9851A9
  278. rax ^= rcx; //xor rax, rcx
  279. rcx = 0xF62B33C5DDB521B5; //mov rcx, 0xF62B33C5DDB521B5
  280. rax *= rcx; //imul rax, rcx
  281. rcx = 0xE5B0BD16F00B9D46; //mov rcx, 0xE5B0BD16F00B9D46
  282. rax ^= rcx; //xor rax, rcx
  283. rcx = rax; //mov rcx, rax
  284. rcx >>= 0xA; //shr rcx, 0x0A
  285. rax ^= rcx; //xor rax, rcx
  286. rcx = rax; //mov rcx, rax
  287. rcx >>= 0x14; //shr rcx, 0x14
  288. rax ^= rcx; //xor rax, rcx
  289. rcx = rax; //mov rcx, rax
  290. rcx >>= 0x28; //shr rcx, 0x28
  291. rax ^= rcx; //xor rax, rcx
  292. rcx = rax; //mov rcx, rax
  293. rcx >>= 0x19; //shr rcx, 0x19
  294. rax ^= rcx; //xor rax, rcx
  295. rcx = rax; //mov rcx, rax
  296. rcx >>= 0x32; //shr rcx, 0x32
  297. rax ^= rcx; //xor rax, rcx
  298. return rax;
  299. }
  300. case 7:
  301. {
  302. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x00000000083877C6]
  303. r15 = driver.base_addr + 0x8CB4; //lea r15, [0xFFFFFFFFFD1A133B]
  304. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  305. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  306. rcx ^= r10; //xor rcx, r10
  307. rcx = ~rcx; //not rcx
  308. rax *= driver.Read<uintptr_t>(rcx + 0x9); //imul rax, [rcx+0x09]
  309. rcx = driver.base_addr; //lea rcx, [0xFFFFFFFFFD1982B8]
  310. rax -= rcx; //sub rax, rcx
  311. rcx = 0x9A8F75E5FE8A18B5; //mov rcx, 0x9A8F75E5FE8A18B5
  312. rax *= rcx; //imul rax, rcx
  313. rcx = rax; //mov rcx, rax
  314. rcx >>= 0x26; //shr rcx, 0x26
  315. rax ^= rcx; //xor rax, rcx
  316. rax += r11; //add rax, r11
  317. rcx = 0xDC35AEB9AD64C433; //mov rcx, 0xDC35AEB9AD64C433
  318. rax *= rcx; //imul rax, rcx
  319. rcx = rax; //mov rcx, rax
  320. rcx >>= 0x2; //shr rcx, 0x02
  321. rax ^= rcx; //xor rax, rcx
  322. rcx = rax; //mov rcx, rax
  323. rcx >>= 0x4; //shr rcx, 0x04
  324. rax ^= rcx; //xor rax, rcx
  325. rcx = rax; //mov rcx, rax
  326. rcx >>= 0x8; //shr rcx, 0x08
  327. rax ^= rcx; //xor rax, rcx
  328. rcx = rax; //mov rcx, rax
  329. rcx >>= 0x10; //shr rcx, 0x10
  330. rax ^= rcx; //xor rax, rcx
  331. rcx = rax; //mov rcx, rax
  332. rcx >>= 0x20; //shr rcx, 0x20
  333. rax ^= rcx; //xor rax, rcx
  334. rcx = r11 + 0x1; //lea rcx, [r11+0x01]
  335. rcx *= r15; //imul rcx, r15
  336. rax += rcx; //add rax, rcx
  337. return rax;
  338. }
  339. case 8:
  340. {
  341. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r9, [0x0000000008387345]
  342. rcx = 0x4F7CA4829AB6D5E8; //mov rcx, 0x4F7CA4829AB6D5E8
  343. rax ^= rcx; //xor rax, rcx
  344. rax += r11; //add rax, r11
  345. rcx = rax; //mov rcx, rax
  346. rcx >>= 0x24; //shr rcx, 0x24
  347. rax ^= rcx; //xor rax, rcx
  348. rcx = 0x5178F05F16D45A5B; //mov rcx, 0x5178F05F16D45A5B
  349. rax *= rcx; //imul rax, rcx
  350. rcx = 0x2ED8CECF4C40E0F3; //mov rcx, 0x2ED8CECF4C40E0F3
  351. rax ^= r11; //xor rax, r11
  352. rax ^= rcx; //xor rax, rcx
  353. rax ^= r11; //xor rax, r11
  354. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  355. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  356. rcx ^= r9; //xor rcx, r9
  357. rcx = ~rcx; //not rcx
  358. rax *= driver.Read<uintptr_t>(rcx + 0x9); //imul rax, [rcx+0x09]
  359. return rax;
  360. }
  361. case 9:
  362. {
  363. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x0000000008386F58]
  364. r15 = driver.base_addr + 0xDD4D; //lea r15, [0xFFFFFFFFFD1A5B66]
  365. r12 = driver.base_addr + 0x66BC28B6; //lea r12, [0x0000000063D5A6C4]
  366. rcx = r15; //mov rcx, r15
  367. rcx ^= r11; //xor rcx, r11
  368. rax += rcx; //add rax, rcx
  369. rcx = 0x8BE287ECF689749; //mov rcx, 0x8BE287ECF689749
  370. rax *= rcx; //imul rax, rcx
  371. rax ^= r11; //xor rax, r11
  372. rcx = 0x9933D7378FE6958F; //mov rcx, 0x9933D7378FE6958F
  373. rax *= rcx; //imul rax, rcx
  374. rdx = 0; //and rdx, 0xFFFFFFFFC0000000
  375. rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10
  376. rdx ^= r10; //xor rdx, r10
  377. rcx = r12; //mov rcx, r12
  378. rcx = ~rcx; //not rcx
  379. rdx = ~rdx; //not rdx
  380. rcx ^= r11; //xor rcx, r11
  381. rax += rcx; //add rax, rcx
  382. rax *= driver.Read<uintptr_t>(rdx + 0x9); //imul rax, [rdx+0x09]
  383. rcx = rax; //mov rcx, rax
  384. rcx >>= 0x20; //shr rcx, 0x20
  385. rax ^= rcx; //xor rax, rcx
  386. rcx = rax; //mov rcx, rax
  387. rcx >>= 0x18; //shr rcx, 0x18
  388. rax ^= rcx; //xor rax, rcx
  389. rcx = rax; //mov rcx, rax
  390. rcx >>= 0x30; //shr rcx, 0x30
  391. rax ^= rcx; //xor rax, rcx
  392. return rax;
  393. }
  394. case 10:
  395. {
  396. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x0000000008386B35]
  397. r15 = driver.base_addr + 0x1C730DA6; //lea r15, [0x00000000198C879C]
  398. rcx = rax; //mov rcx, rax
  399. rcx >>= 0xD; //shr rcx, 0x0D
  400. rax ^= rcx; //xor rax, rcx
  401. rcx = rax; //mov rcx, rax
  402. rcx >>= 0x1A; //shr rcx, 0x1A
  403. rax ^= rcx; //xor rax, rcx
  404. rcx = rax; //mov rcx, rax
  405. rcx >>= 0x34; //shr rcx, 0x34
  406. rax ^= rcx; //xor rax, rcx
  407. rcx = rax; //mov rcx, rax
  408. rcx >>= 0x13; //shr rcx, 0x13
  409. rax ^= rcx; //xor rax, rcx
  410. rdx = rax; //mov rdx, rax
  411. rdx >>= 0x26; //shr rdx, 0x26
  412. rax ^= rdx; //xor rax, rdx
  413. rcx = r15; //mov rcx, r15
  414. rcx *= r11; //imul rcx, r11
  415. rax -= rcx; //sub rax, rcx
  416. rcx = 0x4D5CFB5CBF920449; //mov rcx, 0x4D5CFB5CBF920449
  417. rax ^= rcx; //xor rax, rcx
  418. rcx = 0xDF1CB3CC3968ECE9; //mov rcx, 0xDF1CB3CC3968ECE9
  419. rax *= rcx; //imul rax, rcx
  420. rax ^= r11; //xor rax, r11
  421. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  422. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  423. rcx ^= r10; //xor rcx, r10
  424. rcx = ~rcx; //not rcx
  425. rax *= driver.Read<uintptr_t>(rcx + 0x9); //imul rax, [rcx+0x09]
  426. return rax;
  427. }
  428. case 11:
  429. {
  430. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x00000000083865B2]
  431. rcx = driver.base_addr + 0xE27A; //lea rcx, [0xFFFFFFFFFD1A5485]
  432. rcx -= r11; //sub rcx, r11
  433. rdx = 0; //and rdx, 0xFFFFFFFFC0000000
  434. rax += rcx; //add rax, rcx
  435. rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10
  436. rdx ^= r10; //xor rdx, r10
  437. rdx = ~rdx; //not rdx
  438. rax *= driver.Read<uintptr_t>(rdx + 0x9); //imul rax, [rdx+0x09]
  439. rcx = r11; //mov rcx, r11
  440. rcx -= driver.base_addr; //sub rcx, [rbp+0x77] -- didn't find trace -> use base
  441. rcx += 0xFFFFFFFFBE05F030; //add rcx, 0xFFFFFFFFBE05F030
  442. rax += rcx; //add rax, rcx
  443. rcx = 0x8407AE81269A5D57; //mov rcx, 0x8407AE81269A5D57
  444. rax *= rcx; //imul rax, rcx
  445. rax -= r11; //sub rax, r11
  446. rcx = rax; //mov rcx, rax
  447. rcx >>= 0x25; //shr rcx, 0x25
  448. rax ^= rcx; //xor rax, rcx
  449. rcx = 0x4D58E84452B3B2CD; //mov rcx, 0x4D58E84452B3B2CD
  450. rax += rcx; //add rax, rcx
  451. return rax;
  452. }
  453. case 12:
  454. {
  455. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x0000000008386069]
  456. r15 = driver.base_addr + 0x2A01C819; //lea r15, [0x00000000271B3743]
  457. rcx = rax; //mov rcx, rax
  458. rcx >>= 0xE; //shr rcx, 0x0E
  459. rax ^= rcx; //xor rax, rcx
  460. rcx = rax; //mov rcx, rax
  461. rcx >>= 0x1C; //shr rcx, 0x1C
  462. rax ^= rcx; //xor rax, rcx
  463. rcx = rax; //mov rcx, rax
  464. rcx >>= 0x38; //shr rcx, 0x38
  465. rax ^= rcx; //xor rax, rcx
  466. rcx = rax; //mov rcx, rax
  467. rcx >>= 0x21; //shr rcx, 0x21
  468. rax ^= rcx; //xor rax, rcx
  469. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  470. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  471. rcx ^= r10; //xor rcx, r10
  472. rcx = ~rcx; //not rcx
  473. rax *= driver.Read<uintptr_t>(rcx + 0x9); //imul rax, [rcx+0x09]
  474. rcx = 0x12FD53752A15F441; //mov rcx, 0x12FD53752A15F441
  475. rax *= rcx; //imul rax, rcx
  476. rcx = r15; //mov rcx, r15
  477. rcx *= r11; //imul rcx, r11
  478. rax ^= rcx; //xor rax, rcx
  479. rcx = rax; //mov rcx, rax
  480. rcx >>= 0x2; //shr rcx, 0x02
  481. rax ^= rcx; //xor rax, rcx
  482. rcx = rax; //mov rcx, rax
  483. rcx >>= 0x4; //shr rcx, 0x04
  484. rax ^= rcx; //xor rax, rcx
  485. rcx = rax; //mov rcx, rax
  486. rcx >>= 0x8; //shr rcx, 0x08
  487. rax ^= rcx; //xor rax, rcx
  488. rcx = rax; //mov rcx, rax
  489. rcx >>= 0x10; //shr rcx, 0x10
  490. rax ^= rcx; //xor rax, rcx
  491. rcx = rax; //mov rcx, rax
  492. rcx >>= 0x20; //shr rcx, 0x20
  493. rax ^= rcx; //xor rax, rcx
  494. rcx = 0x438F040A11D1F693; //mov rcx, 0x438F040A11D1F693
  495. rax *= rcx; //imul rax, rcx
  496. rcx = 0x76A8417B55AEC887; //mov rcx, 0x76A8417B55AEC887
  497. rax += rcx; //add rax, rcx
  498. return rax;
  499. }
  500. case 13:
  501. {
  502. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r9, [0x0000000008385B2B]
  503. rsi = driver.base_addr + 0xB0AA; //lea rsi, [0xFFFFFFFFFD1A1A96]
  504. rcx = rsi; //mov rcx, rsi
  505. rcx = ~rcx; //not rcx
  506. rcx ^= r11; //xor rcx, r11
  507. rax ^= rcx; //xor rax, rcx
  508. rcx = rax; //mov rcx, rax
  509. rcx >>= 0x18; //shr rcx, 0x18
  510. rax ^= rcx; //xor rax, rcx
  511. rcx = rax; //mov rcx, rax
  512. rcx >>= 0x30; //shr rcx, 0x30
  513. rax ^= rcx; //xor rax, rcx
  514. rcx = 0xC32A740461B9FDC7; //mov rcx, 0xC32A740461B9FDC7
  515. rax *= rcx; //imul rax, rcx
  516. rcx = 0x9439B00A1FEFA912; //mov rcx, 0x9439B00A1FEFA912
  517. rax ^= rcx; //xor rax, rcx
  518. rcx = 0x2B3AD1E7D117AD86; //mov rcx, 0x2B3AD1E7D117AD86
  519. rax ^= rcx; //xor rax, rcx
  520. rcx = rax; //mov rcx, rax
  521. rcx >>= 0x27; //shr rcx, 0x27
  522. rax ^= rcx; //xor rax, rcx
  523. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  524. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  525. rcx ^= r9; //xor rcx, r9
  526. rcx = ~rcx; //not rcx
  527. rax *= driver.Read<uintptr_t>(rcx + 0x9); //imul rax, [rcx+0x09]
  528. rcx = driver.base_addr; //lea rcx, [0xFFFFFFFFFD19652A]
  529. rax ^= rcx; //xor rax, rcx
  530. return rax;
  531. }
  532. case 14:
  533. {
  534. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x000000000838563A]
  535. r14 = driver.base_addr + 0x6A35; //lea r14, [0xFFFFFFFFFD19CF2B]
  536. r15 = driver.base_addr + 0x913D; //lea r15, [0xFFFFFFFFFD19F628]
  537. rax -= r11; //sub rax, r11
  538. rcx = 0xEEEEF35687DD1DF7; //mov rcx, 0xEEEEF35687DD1DF7
  539. rax *= rcx; //imul rax, rcx
  540. rcx = r15; //mov rcx, r15
  541. rcx *= r11; //imul rcx, r11
  542. rax ^= rcx; //xor rax, rcx
  543. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  544. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  545. rcx ^= r10; //xor rcx, r10
  546. rcx = ~rcx; //not rcx
  547. rcx = driver.Read<uintptr_t>(rcx + 0x9); //mov rcx, [rcx+0x09]
  548. uintptr_t RSP_0x6F;
  549. RSP_0x6F = 0x571AF583F00DB5E9; //mov rcx, 0x571AF583F00DB5E9 : RBP+0x6F
  550. rcx *= RSP_0x6F; //imul rcx, [rbp+0x6F]
  551. rax *= rcx; //imul rax, rcx
  552. rcx = rax; //mov rcx, rax
  553. rdx = r14; //mov rdx, r14
  554. rcx >>= 0x21; //shr rcx, 0x21
  555. rdx -= r11; //sub rdx, r11
  556. rdx ^= rcx; //xor rdx, rcx
  557. rax ^= rdx; //xor rax, rdx
  558. rcx = rax; //mov rcx, rax
  559. rcx >>= 0x24; //shr rcx, 0x24
  560. rax ^= rcx; //xor rax, rcx
  561. return rax;
  562. }
  563. case 15:
  564. {
  565. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF12C); //mov r10, [0x00000000083850EC]
  566. r15 = driver.base_addr + 0x2941AF47; //lea r15, [0x00000000265B0EF4]
  567. rcx = 0x586536E499271C5; //mov rcx, 0x586536E499271C5
  568. rax *= rcx; //imul rax, rcx
  569. rcx = driver.base_addr + 0xB0F6; //lea rcx, [0xFFFFFFFFFD1A0CF9]
  570. rdx = r11; //mov rdx, r11
  571. rdx -= rcx; //sub rdx, rcx
  572. rcx = r15; //mov rcx, r15
  573. rcx *= r11; //imul rcx, r11
  574. rax ^= rdx; //xor rax, rdx
  575. rax -= rcx; //sub rax, rcx
  576. uintptr_t RSP_0xFFFFFFFFFFFFFFCF;
  577. RSP_0xFFFFFFFFFFFFFFCF = 0xF66CBDFA6519136F; //mov rcx, 0xF66CBDFA6519136F : RBP+0xFFFFFFFFFFFFFFCF
  578. rax ^= RSP_0xFFFFFFFFFFFFFFCF; //xor rax, [rbp-0x31]
  579. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  580. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  581. rcx ^= r10; //xor rcx, r10
  582. rcx = ~rcx; //not rcx
  583. rax *= driver.Read<uintptr_t>(rcx + 0x9); //imul rax, [rcx+0x09]
  584. rax ^= r11; //xor rax, r11
  585. rcx = driver.base_addr; //lea rcx, [0xFFFFFFFFFD195D6F]
  586. rax -= rcx; //sub rax, rcx
  587. rcx = rax; //mov rcx, rax
  588. rcx >>= 0x1E; //shr rcx, 0x1E
  589. rax ^= rcx; //xor rax, rcx
  590. rcx = rax; //mov rcx, rax
  591. rcx >>= 0x3C; //shr rcx, 0x3C
  592. rax ^= rcx; //xor rax, rcx
  593. return rax;
  594. }
  595. }
  596. }
  597. uintptr_t decrypt_bone_base(const Driver& driver)
  598. {
  599. const uint64_t mb = driver.base_addr;
  600. uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb;
  601. rdx = driver.Read<uintptr_t>(driver.base_addr + 0xF7BA648);
  602. if(!rdx)
  603. return rdx;
  604. r11 = driver.target_peb; //mov r11, gs:[rax]
  605. rax = r11; //mov rax, r11
  606. rax = _rotr64(rax, 0x1A); //ror rax, 0x1A
  607. rax &= 0xF;
  608. switch(rax) {
  609. case 0:
  610. {
  611. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r9, [0x000000000863264C]
  612. r14 = driver.base_addr + 0x9280; //lea r14, [0xFFFFFFFFFD44C69C]
  613. rax = rdx; //mov rax, rdx
  614. rax >>= 0x26; //shr rax, 0x26
  615. rdx ^= rax; //xor rdx, rax
  616. rax = 0x1409F0CD847A37CE; //mov rax, 0x1409F0CD847A37CE
  617. rdx ^= rax; //xor rdx, rax
  618. rax = r11; //mov rax, r11
  619. rax = ~rax; //not rax
  620. rax ^= r14; //xor rax, r14
  621. rdx += rax; //add rdx, rax
  622. rax = 0x3C34D747DB7928EE; //mov rax, 0x3C34D747DB7928EE
  623. rdx -= rax; //sub rdx, rax
  624. rax = driver.base_addr + 0xDB7F; //lea rax, [0xFFFFFFFFFD450DA7]
  625. rax = ~rax; //not rax
  626. rax -= r11; //sub rax, r11
  627. rdx ^= rax; //xor rdx, rax
  628. rax = 0xC029A5A1D42718DD; //mov rax, 0xC029A5A1D42718DD
  629. rdx *= rax; //imul rdx, rax
  630. rax = 0; //and rax, 0xFFFFFFFFC0000000
  631. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  632. rax ^= r9; //xor rax, r9
  633. rax = ~rax; //not rax
  634. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  635. rax = rdx; //mov rax, rdx
  636. rax >>= 0x7; //shr rax, 0x07
  637. rdx ^= rax; //xor rdx, rax
  638. rax = rdx; //mov rax, rdx
  639. rax >>= 0xE; //shr rax, 0x0E
  640. rdx ^= rax; //xor rdx, rax
  641. rax = rdx; //mov rax, rdx
  642. rax >>= 0x1C; //shr rax, 0x1C
  643. rdx ^= rax; //xor rdx, rax
  644. rax = rdx; //mov rax, rdx
  645. rax >>= 0x38; //shr rax, 0x38
  646. rdx ^= rax; //xor rdx, rax
  647. return rdx;
  648. }
  649. case 1:
  650. {
  651. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r9, [0x00000000086320A8]
  652. r14 = driver.base_addr + 0x54CA1D31; //lea r14, [0x00000000520E4BA9]
  653. rdx += r11; //add rdx, r11
  654. rax = driver.base_addr; //lea rax, [0xFFFFFFFFFD442D73]
  655. rdx += rax; //add rdx, rax
  656. rax = 0; //and rax, 0xFFFFFFFFC0000000
  657. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  658. rax ^= r9; //xor rax, r9
  659. rax = ~rax; //not rax
  660. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  661. rax = 0x48462EAD4F11FD6D; //mov rax, 0x48462EAD4F11FD6D
  662. rdx *= rax; //imul rdx, rax
  663. rax = r11; //mov rax, r11
  664. rax ^= r14; //xor rax, r14
  665. rdx -= rax; //sub rdx, rax
  666. rax = 0x83B3774C1397A303; //mov rax, 0x83B3774C1397A303
  667. rdx ^= rax; //xor rdx, rax
  668. rax = rdx; //mov rax, rdx
  669. rax >>= 0x26; //shr rax, 0x26
  670. rdx ^= rax; //xor rdx, rax
  671. rax = 0x829707C28057B2BC; //mov rax, 0x829707C28057B2BC
  672. rdx ^= rax; //xor rdx, rax
  673. return rdx;
  674. }
  675. case 2:
  676. {
  677. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r9, [0x0000000008631BC7]
  678. rax = rdx; //mov rax, rdx
  679. rax >>= 0x20; //shr rax, 0x20
  680. rdx ^= rax; //xor rdx, rax
  681. rax = driver.base_addr; //lea rax, [0xFFFFFFFFFD4425EB]
  682. rdx ^= rax; //xor rdx, rax
  683. rax = 0; //and rax, 0xFFFFFFFFC0000000
  684. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  685. rax ^= r9; //xor rax, r9
  686. rax = ~rax; //not rax
  687. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  688. rax = r11; //mov rax, r11
  689. uintptr_t RSP_0x40;
  690. RSP_0x40 = driver.base_addr + 0x3A246E06; //lea rax, [0x00000000376897A9] : RSP+0x40
  691. rax ^= RSP_0x40; //xor rax, [rsp+0x40]
  692. rdx += rax; //add rdx, rax
  693. rax = 0xC391B266D5217A5F; //mov rax, 0xC391B266D5217A5F
  694. rdx ^= rax; //xor rdx, rax
  695. rax = 0x5B7F3E818AF67A35; //mov rax, 0x5B7F3E818AF67A35
  696. rdx ^= rax; //xor rdx, rax
  697. rax = rdx; //mov rax, rdx
  698. rax >>= 0x1A; //shr rax, 0x1A
  699. rdx ^= rax; //xor rdx, rax
  700. rax = rdx; //mov rax, rdx
  701. rax >>= 0x34; //shr rax, 0x34
  702. rdx ^= rax; //xor rdx, rax
  703. rax = 0x19C8F1552DE67BBF; //mov rax, 0x19C8F1552DE67BBF
  704. rdx *= rax; //imul rdx, rax
  705. return rdx;
  706. }
  707. case 3:
  708. {
  709. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r9, [0x00000000086316DF]
  710. rax = driver.base_addr + 0xBD6; //lea rax, [0xFFFFFFFFFD442EA3]
  711. rax -= r11; //sub rax, r11
  712. rax ^= r11; //xor rax, r11
  713. rdx ^= rax; //xor rdx, rax
  714. rax = 0xAA6F288FD0E3CBF; //mov rax, 0xAA6F288FD0E3CBF
  715. rdx *= rax; //imul rdx, rax
  716. r15 = 0x702F07A4D309E97C; //mov r15, 0x702F07A4D309E97C
  717. rdx += r15; //add rdx, r15
  718. rax = 0; //and rax, 0xFFFFFFFFC0000000
  719. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  720. rax ^= r9; //xor rax, r9
  721. rax = ~rax; //not rax
  722. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  723. rdx ^= r11; //xor rdx, r11
  724. rax = 0x65D0349BA5FED43B; //mov rax, 0x65D0349BA5FED43B
  725. rdx *= rax; //imul rdx, rax
  726. rax = rdx; //mov rax, rdx
  727. rax >>= 0x12; //shr rax, 0x12
  728. rdx ^= rax; //xor rdx, rax
  729. rax = rdx; //mov rax, rdx
  730. rax >>= 0x24; //shr rax, 0x24
  731. rdx ^= rax; //xor rdx, rax
  732. return rdx;
  733. }
  734. case 4:
  735. {
  736. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r10, [0x00000000086312F0]
  737. r15 = driver.base_addr + 0x8817; //lea r15, [0xFFFFFFFFFD44A8D7]
  738. rdx ^= r11; //xor rdx, r11
  739. rax = driver.base_addr; //lea rax, [0xFFFFFFFFFD441F27]
  740. rdx -= rax; //sub rdx, rax
  741. rax = 0; //and rax, 0xFFFFFFFFC0000000
  742. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  743. rax ^= r10; //xor rax, r10
  744. rax = ~rax; //not rax
  745. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  746. rax = 0x647DC95B2924B45D; //mov rax, 0x647DC95B2924B45D
  747. rdx *= rax; //imul rdx, rax
  748. rax = rdx; //mov rax, rdx
  749. rax >>= 0xF; //shr rax, 0x0F
  750. rdx ^= rax; //xor rdx, rax
  751. rax = rdx; //mov rax, rdx
  752. rax >>= 0x1E; //shr rax, 0x1E
  753. rdx ^= rax; //xor rdx, rax
  754. rax = rdx; //mov rax, rdx
  755. rax >>= 0x3C; //shr rax, 0x3C
  756. rdx ^= rax; //xor rdx, rax
  757. rax = r11; //mov rax, r11
  758. rax ^= r15; //xor rax, r15
  759. rdx += rax; //add rdx, rax
  760. rax = 0x66F54217655405BD; //mov rax, 0x66F54217655405BD
  761. rdx *= rax; //imul rdx, rax
  762. return rdx;
  763. }
  764. case 5:
  765. {
  766. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r9, [0x0000000008630DCE]
  767. rax = r11; //mov rax, r11
  768. rax -= driver.base_addr; //sub rax, [rsp+0xC8] -- didn't find trace -> use base
  769. rax += 0xFFFFFFFFDA207ED1; //add rax, 0xFFFFFFFFDA207ED1
  770. rdx += rax; //add rdx, rax
  771. rax = rdx; //mov rax, rdx
  772. rax >>= 0x12; //shr rax, 0x12
  773. rdx ^= rax; //xor rdx, rax
  774. rax = rdx; //mov rax, rdx
  775. rax >>= 0x24; //shr rax, 0x24
  776. rdx ^= rax; //xor rdx, rax
  777. rax = r11; //mov rax, r11
  778. rax -= driver.base_addr; //sub rax, [rsp+0xC8] -- didn't find trace -> use base
  779. rax -= 0x39EDAA32; //sub rax, 0x39EDAA32
  780. rdx ^= rax; //xor rdx, rax
  781. rax = 0x24AC8C57718FF261; //mov rax, 0x24AC8C57718FF261
  782. rdx *= rax; //imul rdx, rax
  783. rax = 0x5997D68B6A65573B; //mov rax, 0x5997D68B6A65573B
  784. rdx *= rax; //imul rdx, rax
  785. rax = 0x5FD1C67422180770; //mov rax, 0x5FD1C67422180770
  786. rdx -= rax; //sub rdx, rax
  787. rax = 0; //and rax, 0xFFFFFFFFC0000000
  788. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  789. rax ^= r9; //xor rax, r9
  790. rax = ~rax; //not rax
  791. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  792. rax = r11; //mov rax, r11
  793. rax -= driver.base_addr; //sub rax, [rsp+0xC8] -- didn't find trace -> use base
  794. rax += 0xFFFFFFFFE77DFE7B; //add rax, 0xFFFFFFFFE77DFE7B
  795. rdx += rax; //add rdx, rax
  796. return rdx;
  797. }
  798. case 6:
  799. {
  800. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r9, [0x00000000086308CF]
  801. rax = 0; //and rax, 0xFFFFFFFFC0000000
  802. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  803. rax ^= r9; //xor rax, r9
  804. rax = ~rax; //not rax
  805. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  806. rax = 0x53AAB2A28C6F8FF0; //mov rax, 0x53AAB2A28C6F8FF0
  807. rdx ^= rax; //xor rdx, rax
  808. rdx -= r11; //sub rdx, r11
  809. rax = rdx; //mov rax, rdx
  810. rax >>= 0x12; //shr rax, 0x12
  811. rdx ^= rax; //xor rdx, rax
  812. rax = rdx; //mov rax, rdx
  813. rax >>= 0x24; //shr rax, 0x24
  814. rax ^= r11; //xor rax, r11
  815. rdx ^= rax; //xor rdx, rax
  816. rax = driver.base_addr; //lea rax, [0xFFFFFFFFFD4414E1]
  817. rdx += rax; //add rdx, rax
  818. rdx += r11; //add rdx, r11
  819. rax = 0x3EACC212565A3D5; //mov rax, 0x3EACC212565A3D5
  820. rdx *= rax; //imul rdx, rax
  821. return rdx;
  822. }
  823. case 7:
  824. {
  825. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r10, [0x0000000008630442]
  826. r14 = driver.base_addr + 0x8FBF; //lea r14, [0xFFFFFFFFFD44A1CC]
  827. rax = driver.base_addr + 0xD9BA; //lea rax, [0xFFFFFFFFFD44E99E]
  828. rax = ~rax; //not rax
  829. rax += r11; //add rax, r11
  830. rdx += rax; //add rdx, rax
  831. rax = rdx; //mov rax, rdx
  832. rax >>= 0x1B; //shr rax, 0x1B
  833. rdx ^= rax; //xor rdx, rax
  834. rax = rdx; //mov rax, rdx
  835. rax >>= 0x36; //shr rax, 0x36
  836. rdx ^= rax; //xor rdx, rax
  837. rax = 0xC097FE30215EF7B; //mov rax, 0xC097FE30215EF7B
  838. rdx -= rax; //sub rdx, rax
  839. rdx += r11; //add rdx, r11
  840. rax = 0x27217EED83C00465; //mov rax, 0x27217EED83C00465
  841. rdx *= rax; //imul rdx, rax
  842. rax = 0; //and rax, 0xFFFFFFFFC0000000
  843. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  844. rax ^= r10; //xor rax, r10
  845. rax = ~rax; //not rax
  846. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  847. rcx = rdx; //mov rcx, rdx
  848. rdx = r11; //mov rdx, r11
  849. rdx ^= rcx; //xor rdx, rcx
  850. rdx ^= r14; //xor rdx, r14
  851. rax = 0x40FC9A08434EAB8; //mov rax, 0x40FC9A08434EAB8
  852. rdx ^= rax; //xor rdx, rax
  853. return rdx;
  854. }
  855. case 8:
  856. {
  857. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r9, [0x0000000008630031]
  858. rax = 0xC640566C96CFB225; //mov rax, 0xC640566C96CFB225
  859. rdx *= rax; //imul rdx, rax
  860. rdx ^= driver.base_addr; //xor rdx, [rsp+0xC8] -- didn't find trace -> use base
  861. rax = 0; //and rax, 0xFFFFFFFFC0000000
  862. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  863. rax ^= r9; //xor rax, r9
  864. rax = ~rax; //not rax
  865. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  866. rdx -= r11; //sub rdx, r11
  867. rax = rdx; //mov rax, rdx
  868. rax >>= 0x4; //shr rax, 0x04
  869. rdx ^= rax; //xor rdx, rax
  870. rax = rdx; //mov rax, rdx
  871. rax >>= 0x8; //shr rax, 0x08
  872. rdx ^= rax; //xor rdx, rax
  873. rax = rdx; //mov rax, rdx
  874. rax >>= 0x10; //shr rax, 0x10
  875. rdx ^= rax; //xor rdx, rax
  876. rax = rdx; //mov rax, rdx
  877. rax >>= 0x20; //shr rax, 0x20
  878. rdx ^= rax; //xor rdx, rax
  879. rdx += r11; //add rdx, r11
  880. rax = 0x36BE6884C47C6D33; //mov rax, 0x36BE6884C47C6D33
  881. rdx *= rax; //imul rdx, rax
  882. rax = r11; //mov rax, r11
  883. rax = ~rax; //not rax
  884. rax -= driver.base_addr; //sub rax, [rsp+0xC8] -- didn't find trace -> use base
  885. rax -= 0x736A3793; //sub rax, 0x736A3793
  886. rdx ^= rax; //xor rdx, rax
  887. return rdx;
  888. }
  889. case 9:
  890. {
  891. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r10, [0x000000000862FB3D]
  892. r15 = driver.base_addr + 0x56B5; //lea r15, [0xFFFFFFFFFD445FC2]
  893. rax = r11; //mov rax, r11
  894. rax = ~rax; //not rax
  895. rax ^= r15; //xor rax, r15
  896. rdx -= rax; //sub rdx, rax
  897. rax = 0x617EE6B8548ACFF8; //mov rax, 0x617EE6B8548ACFF8
  898. rdx ^= rax; //xor rdx, rax
  899. rdx += r11; //add rdx, r11
  900. rax = 0x44AC3A1174A702A7; //mov rax, 0x44AC3A1174A702A7
  901. rdx *= rax; //imul rdx, rax
  902. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  903. rdx ^= r11; //xor rdx, r11
  904. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  905. rax = rdx; //mov rax, rdx
  906. rcx ^= r10; //xor rcx, r10
  907. rdx >>= 0x27; //shr rdx, 0x27
  908. rcx = ~rcx; //not rcx
  909. rdx ^= rax; //xor rdx, rax
  910. rdx *= driver.Read<uintptr_t>(rcx + 0x15); //imul rdx, [rcx+0x15]
  911. rax = 0x7915D47D16706192; //mov rax, 0x7915D47D16706192
  912. rdx -= rax; //sub rdx, rax
  913. return rdx;
  914. }
  915. case 10:
  916. {
  917. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r9, [0x000000000862F6FC]
  918. r15 = driver.base_addr + 0x5A848877; //lea r15, [0x0000000057C88D43]
  919. rax = r15; //mov rax, r15
  920. rax = ~rax; //not rax
  921. rax ^= r11; //xor rax, r11
  922. rdx -= rax; //sub rdx, rax
  923. rax = driver.base_addr; //lea rax, [0xFFFFFFFFFD4403DB]
  924. rdx ^= rax; //xor rdx, rax
  925. rax = 0x21F6FDA360F3B27; //mov rax, 0x21F6FDA360F3B27
  926. rdx *= rax; //imul rdx, rax
  927. rdx -= r11; //sub rdx, r11
  928. rax = rdx; //mov rax, rdx
  929. rax >>= 0x6; //shr rax, 0x06
  930. rdx ^= rax; //xor rdx, rax
  931. rax = rdx; //mov rax, rdx
  932. rax >>= 0xC; //shr rax, 0x0C
  933. rdx ^= rax; //xor rdx, rax
  934. rax = rdx; //mov rax, rdx
  935. rax >>= 0x18; //shr rax, 0x18
  936. rdx ^= rax; //xor rdx, rax
  937. rax = rdx; //mov rax, rdx
  938. rax >>= 0x30; //shr rax, 0x30
  939. rdx ^= rax; //xor rdx, rax
  940. rax = 0x3B33D31E5AB12803; //mov rax, 0x3B33D31E5AB12803
  941. rdx += rax; //add rdx, rax
  942. rax = 0; //and rax, 0xFFFFFFFFC0000000
  943. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  944. rax ^= r9; //xor rax, r9
  945. rax = ~rax; //not rax
  946. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  947. rax = rdx; //mov rax, rdx
  948. rax >>= 0x26; //shr rax, 0x26
  949. rdx ^= rax; //xor rdx, rax
  950. return rdx;
  951. }
  952. case 11:
  953. {
  954. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r10, [0x000000000862F224]
  955. rcx = r11; //mov rcx, r11
  956. rcx = ~rcx; //not rcx
  957. rax = driver.base_addr + 0x28691EFC; //lea rax, [0x0000000025AD1C2E]
  958. rax = ~rax; //not rax
  959. rcx += rax; //add rcx, rax
  960. rdx ^= rcx; //xor rdx, rcx
  961. rax = 0x4F163BACB48EBF73; //mov rax, 0x4F163BACB48EBF73
  962. rdx += rax; //add rdx, rax
  963. rax = rdx; //mov rax, rdx
  964. rax >>= 0x14; //shr rax, 0x14
  965. rdx ^= rax; //xor rdx, rax
  966. rax = rdx; //mov rax, rdx
  967. rax >>= 0x28; //shr rax, 0x28
  968. rdx ^= rax; //xor rdx, rax
  969. rax = 0x4127EEFEDE5B92FD; //mov rax, 0x4127EEFEDE5B92FD
  970. rdx += rax; //add rdx, rax
  971. rax = rdx; //mov rax, rdx
  972. rax >>= 0x21; //shr rax, 0x21
  973. rdx ^= rax; //xor rdx, rax
  974. rax = 0; //and rax, 0xFFFFFFFFC0000000
  975. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  976. rax ^= r10; //xor rax, r10
  977. rax = ~rax; //not rax
  978. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  979. rax = rdx; //mov rax, rdx
  980. rax >>= 0x4; //shr rax, 0x04
  981. rdx ^= rax; //xor rdx, rax
  982. rax = rdx; //mov rax, rdx
  983. rax >>= 0x8; //shr rax, 0x08
  984. rdx ^= rax; //xor rdx, rax
  985. rax = rdx; //mov rax, rdx
  986. rax >>= 0x10; //shr rax, 0x10
  987. rdx ^= rax; //xor rdx, rax
  988. rax = rdx; //mov rax, rdx
  989. rax >>= 0x20; //shr rax, 0x20
  990. rdx ^= rax; //xor rdx, rax
  991. rax = 0x397EFF255639273F; //mov rax, 0x397EFF255639273F
  992. rdx *= rax; //imul rdx, rax
  993. return rdx;
  994. }
  995. case 12:
  996. {
  997. r9 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r9, [0x000000000862ECBC]
  998. r15 = driver.base_addr + 0x41C6E8B9; //lea r15, [0x000000003F0AE345]
  999. rdx += r11; //add rdx, r11
  1000. rax = rdx; //mov rax, rdx
  1001. rax >>= 0x22; //shr rax, 0x22
  1002. rdx ^= rax; //xor rdx, rax
  1003. rax = 0x233E216C40FA2CDF; //mov rax, 0x233E216C40FA2CDF
  1004. rdx ^= rax; //xor rdx, rax
  1005. rax = rdx; //mov rax, rdx
  1006. rax >>= 0x18; //shr rax, 0x18
  1007. rdx ^= rax; //xor rdx, rax
  1008. rax = rdx; //mov rax, rdx
  1009. rax >>= 0x30; //shr rax, 0x30
  1010. rdx ^= rax; //xor rdx, rax
  1011. rax = r11; //mov rax, r11
  1012. rax ^= r15; //xor rax, r15
  1013. rdx ^= rax; //xor rdx, rax
  1014. rax = 0x6773B66CDA475049; //mov rax, 0x6773B66CDA475049
  1015. rdx *= rax; //imul rdx, rax
  1016. uintptr_t RSP_0x80;
  1017. RSP_0x80 = 0xF154E6D1B3660D73; //mov rax, 0xF154E6D1B3660D73 : RSP+0x80
  1018. rdx ^= RSP_0x80; //xor rdx, [rsp+0x80]
  1019. rax = 0; //and rax, 0xFFFFFFFFC0000000
  1020. rax = _rotl64(rax, 0x10); //rol rax, 0x10
  1021. rax ^= r9; //xor rax, r9
  1022. rax = ~rax; //not rax
  1023. rdx *= driver.Read<uintptr_t>(rax + 0x15); //imul rdx, [rax+0x15]
  1024. return rdx;
  1025. }
  1026. case 13:
  1027. {
  1028. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r10, [0x000000000862E7A9]
  1029. r15 = driver.base_addr + 0x102B1DCA; //lea r15, [0x000000000D6F1343]
  1030. rax = driver.base_addr; //lea rax, [0xFFFFFFFFFD43F4C4]
  1031. rax += 0xBA17; //add rax, 0xBA17
  1032. rax += r11; //add rax, r11
  1033. rdx += rax; //add rdx, rax
  1034. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  1035. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  1036. rax = driver.base_addr + 0x9610; //lea rax, [0xFFFFFFFFFD448819]
  1037. rax = ~rax; //not rax
  1038. rcx ^= r10; //xor rcx, r10
  1039. rax -= r11; //sub rax, r11
  1040. rcx = ~rcx; //not rcx
  1041. rdx += rax; //add rdx, rax
  1042. rdx *= driver.Read<uintptr_t>(rcx + 0x15); //imul rdx, [rcx+0x15]
  1043. rax = rdx; //mov rax, rdx
  1044. rax >>= 0x15; //shr rax, 0x15
  1045. rdx ^= rax; //xor rdx, rax
  1046. rax = rdx; //mov rax, rdx
  1047. rax >>= 0x2A; //shr rax, 0x2A
  1048. rdx ^= rax; //xor rdx, rax
  1049. rax = 0x6A8B294107CC0501; //mov rax, 0x6A8B294107CC0501
  1050. rdx ^= rax; //xor rdx, rax
  1051. rax = 0x2EA5061AACD42452; //mov rax, 0x2EA5061AACD42452
  1052. rdx -= rax; //sub rdx, rax
  1053. rax = r11; //mov rax, r11
  1054. rax = ~rax; //not rax
  1055. rax ^= r15; //xor rax, r15
  1056. rdx += rax; //add rdx, rax
  1057. rax = 0x4EB7AE4244212391; //mov rax, 0x4EB7AE4244212391
  1058. rdx *= rax; //imul rdx, rax
  1059. return rdx;
  1060. }
  1061. case 14:
  1062. {
  1063. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r10, [0x000000000862E372]
  1064. rax = driver.base_addr; //lea rax, [0xFFFFFFFFFD43F06C]
  1065. rdx ^= rax; //xor rdx, rax
  1066. rax = 0xC752E26BA360D032; //mov rax, 0xC752E26BA360D032
  1067. rdx ^= rax; //xor rdx, rax
  1068. rax = rdx; //mov rax, rdx
  1069. rax >>= 0x19; //shr rax, 0x19
  1070. rdx ^= rax; //xor rdx, rax
  1071. rax = rdx; //mov rax, rdx
  1072. rax >>= 0x32; //shr rax, 0x32
  1073. rdx ^= rax; //xor rdx, rax
  1074. rax = rdx; //mov rax, rdx
  1075. rax >>= 0xD; //shr rax, 0x0D
  1076. rdx ^= rax; //xor rdx, rax
  1077. rax = rdx; //mov rax, rdx
  1078. rax >>= 0x1A; //shr rax, 0x1A
  1079. rdx ^= rax; //xor rdx, rax
  1080. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  1081. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  1082. rax = rdx; //mov rax, rdx
  1083. rcx ^= r10; //xor rcx, r10
  1084. rax >>= 0x34; //shr rax, 0x34
  1085. rcx = ~rcx; //not rcx
  1086. rdx ^= rax; //xor rdx, rax
  1087. rdx *= driver.Read<uintptr_t>(rcx + 0x15); //imul rdx, [rcx+0x15]
  1088. rax = driver.base_addr; //lea rax, [0xFFFFFFFFFD43ED12]
  1089. rdx ^= rax; //xor rdx, rax
  1090. rax = 0x5436A045E6437655; //mov rax, 0x5436A045E6437655
  1091. rdx *= rax; //imul rdx, rax
  1092. return rdx;
  1093. }
  1094. case 15:
  1095. {
  1096. r10 = driver.Read<uintptr_t>(driver.base_addr + 0xB1EF21D); //mov r10, [0x000000000862DED7]
  1097. rax = rdx; //mov rax, rdx
  1098. rax >>= 0x6; //shr rax, 0x06
  1099. rdx ^= rax; //xor rdx, rax
  1100. rax = rdx; //mov rax, rdx
  1101. rax >>= 0xC; //shr rax, 0x0C
  1102. rdx ^= rax; //xor rdx, rax
  1103. rax = rdx; //mov rax, rdx
  1104. rax >>= 0x18; //shr rax, 0x18
  1105. rdx ^= rax; //xor rdx, rax
  1106. rcx = 0; //and rcx, 0xFFFFFFFFC0000000
  1107. rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
  1108. rcx ^= r10; //xor rcx, r10
  1109. rax = rdx; //mov rax, rdx
  1110. rcx = ~rcx; //not rcx
  1111. rax >>= 0x30; //shr rax, 0x30
  1112. rdx ^= rax; //xor rdx, rax
  1113. rdx *= driver.Read<uintptr_t>(rcx + 0x15); //imul rdx, [rcx+0x15]
  1114. rax = driver.base_addr; //lea rax, [0xFFFFFFFFFD43EA41]
  1115. rdx += rax; //add rdx, rax
  1116. rax = rdx; //mov rax, rdx
  1117. rax >>= 0x24; //shr rax, 0x24
  1118. rdx ^= rax; //xor rdx, rax
  1119. rax = 0xB6C3A6FE99C92A23; //mov rax, 0xB6C3A6FE99C92A23
  1120. rdx *= rax; //imul rdx, rax
  1121. rax = rdx; //mov rax, rdx
  1122. rax >>= 0x9; //shr rax, 0x09
  1123. rdx ^= rax; //xor rdx, rax
  1124. rax = rdx; //mov rax, rdx
  1125. rax >>= 0x12; //shr rax, 0x12
  1126. rdx ^= rax; //xor rdx, rax
  1127. rax = rdx; //mov rax, rdx
  1128. rax >>= 0x24; //shr rax, 0x24
  1129. rdx ^= rax; //xor rdx, rax
  1130. rax = 0xD7420EB04571AACF; //mov rax, 0xD7420EB04571AACF
  1131. rdx *= rax; //imul rdx, rax
  1132. rax = 0x578A3A3D4AF2D633; //mov rax, 0x578A3A3D4AF2D633
  1133. rdx += rax; //add rdx, rax
  1134. return rdx;
  1135. }
  1136. }
  1137. }
  1138. uint16_t get_bone_index(const Driver& driver, uint32_t bone_index)
  1139. {
  1140. const uint64_t mb = driver.base_addr;
  1141. uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb;
  1142. rdi = bone_index;
  1143. rcx = rdi * 0x13C8;
  1144. rax = 0xCC70CD3D3E0A7B49; //mov rax, 0xCC70CD3D3E0A7B49
  1145. rax = _umul128(rax, rcx, (uintptr_t*)&rdx); //mul rcx
  1146. r11 = driver.base_addr; //lea r11, [0xFFFFFFFFFD7A8B35]
  1147. r10 = 0x45F86A52798F52B7; //mov r10, 0x45F86A52798F52B7
  1148. rdx >>= 0xC; //shr rdx, 0x0C
  1149. rax = rdx * 0x1409; //imul rax, rdx, 0x1409
  1150. rcx -= rax; //sub rcx, rax
  1151. rax = 0xDC9D0ECFCB6E9379; //mov rax, 0xDC9D0ECFCB6E9379
  1152. r8 = rcx * 0x1409; //imul r8, rcx, 0x1409
  1153. rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8
  1154. rdx >>= 0xD; //shr rdx, 0x0D
  1155. rax = rdx * 0x2522; //imul rax, rdx, 0x2522
  1156. r8 -= rax; //sub r8, rax
  1157. rax = 0x49539E3B2D066EA3; //mov rax, 0x49539E3B2D066EA3
  1158. rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8
  1159. rax = r8; //mov rax, r8
  1160. rax -= rdx; //sub rax, rdx
  1161. rax >>= 0x1; //shr rax, 0x01
  1162. rax += rdx; //add rax, rdx
  1163. rax >>= 0x9; //shr rax, 0x09
  1164. rcx = rax * 0x31C; //imul rcx, rax, 0x31C
  1165. rax = 0xD79435E50D79435F; //mov rax, 0xD79435E50D79435F
  1166. rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8
  1167. rdx >>= 0x4; //shr rdx, 0x04
  1168. rcx += rdx; //add rcx, rdx
  1169. rax = rcx * 0x26; //imul rax, rcx, 0x26
  1170. rcx = r8 + r8 * 4; //lea rcx, [r8+r8*4]
  1171. rcx <<= 0x3; //shl rcx, 0x03
  1172. rcx -= rax; //sub rcx, rax
  1173. rax = driver.Read<uint16_t>(rcx + r11 * 1 + 0xB2AB190); //movzx eax, word ptr [rcx+r11*1+0xB2AB190]
  1174. r8 = rax * 0x13C8; //imul r8, rax, 0x13C8
  1175. rax = r10; //mov rax, r10
  1176. rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8
  1177. rax = r10; //mov rax, r10
  1178. rdx >>= 0xB; //shr rdx, 0x0B
  1179. rcx = rdx * 0x1D45; //imul rcx, rdx, 0x1D45
  1180. r8 -= rcx; //sub r8, rcx
  1181. r9 = r8 * 0x39A6; //imul r9, r8, 0x39A6
  1182. rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9
  1183. rdx >>= 0xB; //shr rdx, 0x0B
  1184. rax = rdx * 0x1D45; //imul rax, rdx, 0x1D45
  1185. r9 -= rax; //sub r9, rax
  1186. rax = 0x88ECF206D1CD0DD7; //mov rax, 0x88ECF206D1CD0DD7
  1187. rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9
  1188. rax = 0xAAAAAAAAAAAAAAAB; //mov rax, 0xAAAAAAAAAAAAAAAB
  1189. rdx >>= 0xB; //shr rdx, 0x0B
  1190. rcx = rdx * 0xEF5; //imul rcx, rdx, 0xEF5
  1191. rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9
  1192. rdx >>= 0x1; //shr rdx, 0x01
  1193. rcx += rdx; //add rcx, rdx
  1194. rax = rcx + rcx * 2; //lea rax, [rcx+rcx*2]
  1195. rax += rax; //add rax, rax
  1196. rcx = r9 * 8 + 0x0; //lea rcx, [r9*8]
  1197. rcx -= rax; //sub rcx, rax
  1198. r15 = driver.Read<uint16_t>(rcx + r11 * 1 + 0xB2B27C0); //movsx r15d, word ptr [rcx+r11*1+0xB2B27C0]
  1199. return r15;
  1200. }
  1201. constexpr auto ref_def_ptr = 0x14ECDE38;
  1202. constexpr auto name_array = 0x14ECD628;
  1203. constexpr auto name_array_pos = 0x2C80;
  1204. constexpr auto name_array_size = 0xC0;
  1205. constexpr auto camera_base = 0x15756530;
  1206. constexpr auto camera_pos = 0x204;
  1207. constexpr auto local_index = 0x1789A8;
  1208. constexpr auto local_index_pos = 0x2F0;
  1209. constexpr auto game_mode = 0x11A83A90;
  1210. constexpr auto distribute = 0xD21EF78;
  1211.  
  1212. namespace bone {
  1213. constexpr auto bone_base = 0x42CB0;
  1214. constexpr auto offset = 0x188;
  1215. };
  1216.  
  1217. namespace player {
  1218. constexpr auto size = 0x13DC0;
  1219. constexpr auto valid = 0x139E0;
  1220. constexpr auto pos = 0x13AB8;
  1221. constexpr auto team = 0x1374C;
  1222. constexpr auto weapon_index = 0x12AC0;
  1223. };
  1224.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!