Untitled
unknown
c_cpp
2 months ago
65 kB
4
Indexable
namespace offsets {
static uintptr_t refdef = 0x13A939F0;
static uintptr_t name_array = 0x13C52F08;
static uintptr_t name_array_pos = 0x1838;
static uintptr_t name_size = 0xC8;
static uintptr_t loot_ptr = 0xE3EBC00;
static uintptr_t camera_base = 0x13C0E3B0;
static uintptr_t camera_pos = 0x1F4;
static uintptr_t local_index = 0xEB0E0;
static uintptr_t local_index_pos = 0x344;
static uintptr_t recoil = 0x0;
static uintptr_t game_mode = 0xD050898;
static uintptr_t weapon_definitions = 0x13AEC5B0;
static uintptr_t distribute = 0x104BFB58;
static uintptr_t visible = 0x3224C;
static uintptr_t scoreboard = 0x2B160;
static uintptr_t scoreboard_size = 0x90;
namespace bone {
static uintptr_t base_pos = 0x12118;
};
namespace player {
static uintptr_t valid = 0x895;
static uintptr_t pos = 0x190;
static uintptr_t team = 0x1DB0;
static uintptr_t stance = 0x13E3;
static uintptr_t weapon_index = 0xA78;
static uintptr_t dead_1 = 0x0;
static uintptr_t dead_2 = 0x0;
}
};
extern "C" auto BNETdecrypt_client_info(uint64_t baseAddr, uint64_t peb) -> uint64_t
{
const uint64_t mb = baseAddr;
uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb;
rbx = driver::read<uint64_t>(baseAddr + 0x139BE938);
if (!rbx)
return rbx;
rcx = peb; //mov rcx, gs:[rax]
//failed to trace. base: 00007FF60F390000 It's possibly wrong rdx = 0000000000000000
rbx += 0xFFFFFFFFFFFF9357; //add rbx, 0xFFFFFFFFFFFF9357
rcx -= rdx; //sub rcx, rdx
rcx += rbx; //add rcx, rbx
rax = rcx; //mov rax, rcx
rax >>= 0x1D; //shr rax, 0x1D
rcx ^= rax; //xor rcx, rax
rbx = rcx; //mov rbx, rcx
rax = 0; //and rax, 0xFFFFFFFFC0000000
rbx >>= 0x3A; //shr rbx, 0x3A
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rbx ^= rcx; //xor rbx, rcx
rax ^= driver::read<uint64_t>(baseAddr + 0xCD7772C); //xor rax, [0x0000000005F1BB13]
rax = _byteswap_uint64(rax); //bswap rax
rbx *= driver::read<uint64_t>(rax + 0x15); //imul rbx, [rax+0x15]
rax = 0xD67810518E7F25DD; //mov rax, 0xD67810518E7F25DD
rbx *= rax; //imul rbx, rax
rax = rbx; //mov rax, rbx
rax >>= 0x5; //shr rax, 0x05
rbx ^= rax; //xor rbx, rax
rax = rbx; //mov rax, rbx
rax >>= 0xA; //shr rax, 0x0A
rbx ^= rax; //xor rbx, rax
rax = rbx; //mov rax, rbx
rax >>= 0x14; //shr rax, 0x14
rbx ^= rax; //xor rbx, rax
rax = rbx; //mov rax, rbx
rax >>= 0x28; //shr rax, 0x28
rbx ^= rax; //xor rbx, rax
return rbx;
}
extern "C" auto BNETdecrypt_client_base(uint64_t client_info, uint64_t baseAddr, uint64_t peb) -> uint64_t
{
const uint64_t mb = baseAddr;
uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb;
rax = driver::read<uint64_t>(client_info + 0x1d3660);
if (!rax)
return rax;
r11 = ~peb; //mov r11, gs:[rcx]
rcx = r11; //mov rcx, r11
//failed to translate: mov [rsp+0x3E0], r13
rcx = _rotl64(rcx, 0x34); //rol rcx, 0x34
rcx &= 0xF;
switch (rcx) {
case 0:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C35E35]
r13 = baseAddr + 0x16CBED5E; //lea r13, [0x0000000013B7D3DB]
rdx = baseAddr + 0x33D36DEA; //lea rdx, [0x0000000030BF5409]
rax ^= r11; //xor rax, r11
rax ^= rdx; //xor rax, rdx
rcx = r11; //mov rcx, r11
rcx *= r13; //imul rcx, r13
rax -= rcx; //sub rax, rcx
rcx = 0x2F44AFC8DA410289; //mov rcx, 0x2F44AFC8DA410289
rax *= rcx; //imul rax, rcx
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r10; //xor rcx, r10
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
rcx = 0x31EA6C7327F2F48F; //mov rcx, 0x31EA6C7327F2F48F
rax *= rcx; //imul rax, rcx
rcx = r11; //mov rcx, r11
rcx = ~rcx; //not rcx
uintptr_t RSP_0xFFFFFFFFFFFFFF90;
RSP_0xFFFFFFFFFFFFFF90 = baseAddr + 0xDD05; //lea rcx, [0xFFFFFFFFFCECC39E] : RBP+0xFFFFFFFFFFFFFF90
rcx ^= RSP_0xFFFFFFFFFFFFFF90; //xor rcx, [rbp-0x70]
rax -= rcx; //sub rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0xF; //shr rcx, 0x0F
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x1E; //shr rcx, 0x1E
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x3C; //shr rcx, 0x3C
rax ^= rcx; //xor rax, rcx
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBE441]
rax -= rcx; //sub rax, rcx
return rax;
}
case 1:
{
r9 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r9, [0x0000000009C35953]
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBDD7B]
rcx += 0x4C577047; //add rcx, 0x4C577047
rcx += r11; //add rcx, r11
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x16; //shr rcx, 0x16
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x2C; //shr rcx, 0x2C
rax ^= rcx; //xor rax, rcx
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBDE81]
rax ^= rcx; //xor rax, rcx
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBDF4C]
rcx += 0x673BCC74; //add rcx, 0x673BCC74
rcx += r11; //add rcx, r11
rax ^= rcx; //xor rax, rcx
rcx = 0x14CEC15D15237845; //mov rcx, 0x14CEC15D15237845
rax *= rcx; //imul rax, rcx
rcx = 0xC6C8F26557A42C57; //mov rcx, 0xC6C8F26557A42C57
rax *= rcx; //imul rax, rcx
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r9; //xor rcx, r9
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
return rax;
}
case 2:
{
r9 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r9, [0x0000000009C354DD]
rcx = rax; //mov rcx, rax
rcx >>= 0xC; //shr rcx, 0x0C
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x18; //shr rcx, 0x18
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x30; //shr rcx, 0x30
rax ^= rcx; //xor rax, rcx
rax -= r11; //sub rax, r11
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r9; //xor rcx, r9
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
rcx = baseAddr + 0x40BA9587; //lea rcx, [0x000000003DA67169]
rax += r11; //add rax, r11
rax += rcx; //add rax, rcx
rcx = 0xB820512AEEAE20F1; //mov rcx, 0xB820512AEEAE20F1
rax *= rcx; //imul rax, rcx
rcx = 0x5B4702F448FEE148; //mov rcx, 0x5B4702F448FEE148
rax ^= rcx; //xor rax, rcx
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBDBBA]
rax += rcx; //add rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x12; //shr rcx, 0x12
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x24; //shr rcx, 0x24
rax ^= rcx; //xor rax, rcx
return rax;
}
case 3:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C34F91]
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBD50E]
rax -= rcx; //sub rax, rcx
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBD38F]
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x13; //shr rcx, 0x13
rax ^= rcx; //xor rax, rcx
rdx = 0; //and rdx, 0xFFFFFFFFC0000000
rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10
rcx = rax; //mov rcx, rax
rdx ^= r10; //xor rdx, r10
rcx >>= 0x26; //shr rcx, 0x26
rdx = ~rdx; //not rdx
rax ^= rcx; //xor rax, rcx
rax *= driver::read<uint64_t>(rdx + 0x7); //imul rax, [rdx+0x07]
rcx = r11; //mov rcx, r11
rcx = ~rcx; //not rcx
uintptr_t RSP_0xFFFFFFFFFFFFFF88;
RSP_0xFFFFFFFFFFFFFF88 = baseAddr + 0x639AA956; //lea rcx, [0x0000000060868106] : RBP+0xFFFFFFFFFFFFFF88
rcx += RSP_0xFFFFFFFFFFFFFF88; //add rcx, [rbp-0x78]
rax ^= rcx; //xor rax, rcx
rcx = 0xEF7AA6541B0960DD; //mov rcx, 0xEF7AA6541B0960DD
rax ^= rcx; //xor rax, rcx
rcx = 0xAC44478E4E7E319F; //mov rcx, 0xAC44478E4E7E319F
rax *= rcx; //imul rax, rcx
rcx = 0x69DF0E377EDBC9BB; //mov rcx, 0x69DF0E377EDBC9BB
rax ^= rcx; //xor rax, rcx
return rax;
}
case 4:
{
r9 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r9, [0x0000000009C34B15]
rcx = 0x6B6B6FEB24A18CBC; //mov rcx, 0x6B6B6FEB24A18CBC
rax ^= rcx; //xor rax, rcx
rcx = 0xE26425F12DE4CEB; //mov rcx, 0xE26425F12DE4CEB
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x15; //shr rcx, 0x15
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x2A; //shr rcx, 0x2A
rax ^= rcx; //xor rax, rcx
rax += r11; //add rax, r11
rcx = 0xC6BD746DB1DF1B31; //mov rcx, 0xC6BD746DB1DF1B31
rax *= rcx; //imul rax, rcx
rax -= baseAddr; //sub rax, [rbp-0x70] -- didn't find trace -> use base
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r9; //xor rcx, r9
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
rcx = rax; //mov rcx, rax
rcx >>= 0x1; //shr rcx, 0x01
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x2; //shr rcx, 0x02
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x4; //shr rcx, 0x04
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x8; //shr rcx, 0x08
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x10; //shr rcx, 0x10
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x20; //shr rcx, 0x20
rax ^= rcx; //xor rax, rcx
return rax;
}
case 5:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C3440F]
rdx = 0; //and rdx, 0xFFFFFFFFC0000000
rcx = r11 * 0xFFFFFFFFFFFFFFFE; //imul rcx, r11, 0xFFFFFFFFFFFFFFFE
rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10
rax += rcx; //add rax, rcx
rdx ^= r10; //xor rdx, r10
rcx = baseAddr + 0x5F737FAA; //lea rcx, [0x000000005C5F4998]
rdx = ~rdx; //not rdx
rax += rcx; //add rax, rcx
rax *= driver::read<uint64_t>(rdx + 0x7); //imul rax, [rdx+0x07]
rcx = rax; //mov rcx, rax
rcx >>= 0x19; //shr rcx, 0x19
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x32; //shr rcx, 0x32
rax ^= rcx; //xor rax, rcx
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBC870]
rcx += 0x6987CC3C; //add rcx, 0x6987CC3C
rcx += r11; //add rcx, r11
rax += rcx; //add rax, rcx
rcx = 0xBEC2B746A9461603; //mov rcx, 0xBEC2B746A9461603
rax *= rcx; //imul rax, rcx
rcx = 0x7D25D991052F24B5; //mov rcx, 0x7D25D991052F24B5
rax += rcx; //add rax, rcx
rcx = 0x6B9AD86F193C7172; //mov rcx, 0x6B9AD86F193C7172
rax += rcx; //add rax, rcx
return rax;
}
case 6:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C33FA3]
rdx = baseAddr + 0x50AF1F4F; //lea rdx, [0x000000004D9AE6D5]
rax += r11; //add rax, r11
rcx = r11; //mov rcx, r11
rcx ^= rdx; //xor rcx, rdx
rax -= rcx; //sub rax, rcx
rcx = 0xFA37AFACEF63040B; //mov rcx, 0xFA37AFACEF63040B
rax ^= rcx; //xor rax, rcx
rcx = 0xE15A50F0F0B4D5D9; //mov rcx, 0xE15A50F0F0B4D5D9
rax *= rcx; //imul rax, rcx
rdx = 0; //and rdx, 0xFFFFFFFFC0000000
rcx = baseAddr + 0xEE8B; //lea rcx, [0xFFFFFFFFFCECB27B]
rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10
rcx -= r11; //sub rcx, r11
rax ^= rcx; //xor rax, rcx
rdx ^= r10; //xor rdx, r10
rdx = ~rdx; //not rdx
rax *= driver::read<uint64_t>(rdx + 0x7); //imul rax, [rdx+0x07]
rcx = 0x61E687AD8B6807D4; //mov rcx, 0x61E687AD8B6807D4
rax += rcx; //add rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x15; //shr rcx, 0x15
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x2A; //shr rcx, 0x2A
rax ^= rcx; //xor rax, rcx
return rax;
}
case 7:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C33A8D]
r13 = baseAddr + 0xBEE4; //lea r13, [0xFFFFFFFFFCEC81C4]
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBBF7A]
rax ^= rcx; //xor rax, rcx
rcx = 0x8DB3E6B3BD449D8; //mov rcx, 0x8DB3E6B3BD449D8
rax += rcx; //add rax, rcx
rcx = 0x7CFD8CC5318E532F; //mov rcx, 0x7CFD8CC5318E532F
rax *= rcx; //imul rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x7; //shr rcx, 0x07
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0xE; //shr rcx, 0x0E
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x1C; //shr rcx, 0x1C
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x38; //shr rcx, 0x38
rax ^= rcx; //xor rax, rcx
rdx = 0; //and rdx, 0xFFFFFFFFC0000000
rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10
rcx = 0x6DE6E637B4DB68F1; //mov rcx, 0x6DE6E637B4DB68F1
rdx ^= r10; //xor rdx, r10
rdx = ~rdx; //not rdx
rax *= driver::read<uint64_t>(rdx + 0x7); //imul rax, [rdx+0x07]
rax *= rcx; //imul rax, rcx
rcx = r11; //mov rcx, r11
rcx -= r13; //sub rcx, r13
rax ^= rcx; //xor rax, rcx
rax -= r11; //sub rax, r11
return rax;
}
case 8:
{
r9 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r9, [0x0000000009C3363E]
rcx = rax; //mov rcx, rax
rcx >>= 0x1E; //shr rcx, 0x1E
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x3C; //shr rcx, 0x3C
rax ^= rcx; //xor rax, rcx
rcx = 0xD16E8EE163C9A6B; //mov rcx, 0xD16E8EE163C9A6B
rax *= rcx; //imul rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0xE; //shr rcx, 0x0E
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x1C; //shr rcx, 0x1C
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x38; //shr rcx, 0x38
rax ^= rcx; //xor rax, rcx
rcx = 0xA9C58221B90E7C46; //mov rcx, 0xA9C58221B90E7C46
rax ^= rcx; //xor rax, rcx
rcx = 0x55F6ED3AB42B87A0; //mov rcx, 0x55F6ED3AB42B87A0
rax -= rcx; //sub rax, rcx
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r9; //xor rcx, r9
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBB9C3]
rax += rcx; //add rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x14; //shr rcx, 0x14
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x28; //shr rcx, 0x28
rax ^= rcx; //xor rax, rcx
return rax;
}
case 9:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C32F7B]
rdx = r11; //mov rdx, r11
rcx = baseAddr + 0xFCE2; //lea rcx, [0xFFFFFFFFFCECB30E]
rdx *= rcx; //imul rdx, rcx
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBB621]
rdx -= rcx; //sub rdx, rcx
rcx = r11; //mov rcx, r11
rax += rdx; //add rax, rdx
rcx = ~rcx; //not rcx
rax ^= rcx; //xor rax, rcx
rdx = baseAddr + 0x6EC75C18; //lea rdx, [0x000000006BB31223]
rax ^= rdx; //xor rax, rdx
rcx = rax; //mov rcx, rax
rcx >>= 0x7; //shr rcx, 0x07
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0xE; //shr rcx, 0x0E
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x1C; //shr rcx, 0x1C
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x38; //shr rcx, 0x38
rax ^= rcx; //xor rax, rcx
r13 = 0xB691FFD9C9D61B2E; //mov r13, 0xB691FFD9C9D61B2E
rax += r13; //add rax, r13
r13 = 0x89C1B16D1EAC4B85; //mov r13, 0x89C1B16D1EAC4B85
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rax ^= r13; //xor rax, r13
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r10; //xor rcx, r10
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
rcx = 0x272542A0099256AB; //mov rcx, 0x272542A0099256AB
rax *= rcx; //imul rax, rcx
return rax;
}
case 10:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C32A49]
rcx = baseAddr + 0x240D8AB0; //lea rcx, [0x0000000020F93BFB]
rcx += r11; //add rcx, r11
rax ^= rcx; //xor rax, rcx
rdx = baseAddr + 0x3B21; //lea rdx, [0xFFFFFFFFFCEBEA1E]
rcx = r11; //mov rcx, r11
rdx *= r11; //imul rdx, r11
rcx = ~rcx; //not rcx
rdx += rax; //add rdx, rax
rax = baseAddr + 0x24E689C1; //lea rax, [0x0000000021D2389A]
rcx += rax; //add rcx, rax
rax = rdx; //mov rax, rdx
rax ^= rcx; //xor rax, rcx
rcx = 0x489A1BC87CDCD670; //mov rcx, 0x489A1BC87CDCD670
rax ^= rcx; //xor rax, rcx
rcx = 0xA00242052F60AE53; //mov rcx, 0xA00242052F60AE53
rax ^= rcx; //xor rax, rcx
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r10; //xor rcx, r10
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
rcx = 0xBDB64B81FECB6E7D; //mov rcx, 0xBDB64B81FECB6E7D
rax *= rcx; //imul rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x28; //shr rcx, 0x28
rax ^= rcx; //xor rax, rcx
return rax;
}
case 11:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C32562]
rcx = rax; //mov rcx, rax
rcx >>= 0x15; //shr rcx, 0x15
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x2A; //shr rcx, 0x2A
rax ^= rcx; //xor rax, rcx
rcx = 0xD3A53D9499733245; //mov rcx, 0xD3A53D9499733245
rax *= rcx; //imul rax, rcx
rcx = 0x72C2AC821062ABD1; //mov rcx, 0x72C2AC821062ABD1
rax ^= rcx; //xor rax, rcx
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBA8B6]
rax -= rcx; //sub rax, rcx
rax += 0xFFFFFFFFFFFF4954; //add rax, 0xFFFFFFFFFFFF4954
rax += r11; //add rax, r11
rcx = rax; //mov rcx, rax
rcx >>= 0x1; //shr rcx, 0x01
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x2; //shr rcx, 0x02
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x4; //shr rcx, 0x04
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x8; //shr rcx, 0x08
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x10; //shr rcx, 0x10
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x20; //shr rcx, 0x20
rax ^= rcx; //xor rax, rcx
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBAC54]
rax ^= rcx; //xor rax, rcx
rcx = baseAddr + 0x5B0222F4; //lea rcx, [0x0000000057EDCB55]
rcx *= r11; //imul rcx, r11
rax += rcx; //add rax, rcx
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r10; //xor rcx, r10
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
return rax;
}
case 12:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C31FE3]
r13 = baseAddr + 0x852; //lea r13, [0xFFFFFFFFFCEBB08D]
rcx = 0xF7D4FABCE6FC022; //mov rcx, 0xF7D4FABCE6FC022
rax += rcx; //add rax, rcx
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r10; //xor rcx, r10
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEBA5E6]
rax ^= rcx; //xor rax, rcx
rax -= rcx; //sub rax, rcx
rcx = 0x5C9D9DBA026E85B7; //mov rcx, 0x5C9D9DBA026E85B7
rax *= rcx; //imul rax, rcx
rcx = rax; //mov rcx, rax
rdx = r11; //mov rdx, r11
rcx >>= 0x21; //shr rcx, 0x21
rdx = ~rdx; //not rdx
rdx *= r13; //imul rdx, r13
rdx ^= rcx; //xor rdx, rcx
rax ^= rdx; //xor rax, rdx
rax += r11; //add rax, r11
return rax;
}
case 13:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C31C13]
r13 = baseAddr + 0x12585A59; //lea r13, [0x000000000F43FEC4]
rcx = r11; //mov rcx, r11
rcx = ~rcx; //not rcx
rcx ^= r13; //xor rcx, r13
rax += rcx; //add rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x8; //shr rcx, 0x08
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x10; //shr rcx, 0x10
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x20; //shr rcx, 0x20
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x11; //shr rcx, 0x11
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x22; //shr rcx, 0x22
rax ^= rcx; //xor rax, rcx
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r10; //xor rcx, r10
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
rcx = 0xA4979265BBC7E3D5; //mov rcx, 0xA4979265BBC7E3D5
rax *= rcx; //imul rax, rcx
rcx = r11; //mov rcx, r11
rcx = ~rcx; //not rcx
rcx -= baseAddr; //sub rcx, [rbp-0x70] -- didn't find trace -> use base
rcx -= 0x756FAD6E; //sub rcx, 0x756FAD6E
rcx ^= rax; //xor rcx, rax
rax = baseAddr + 0x78217335; //lea rax, [0x00000000750D15C2]
rcx += r11; //add rcx, r11
rax += rcx; //add rax, rcx
rcx = 0xC20F4E2AD24BC517; //mov rcx, 0xC20F4E2AD24BC517
rax ^= rcx; //xor rax, rcx
return rax;
}
case 14:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C31695]
r13 = baseAddr + 0x3CF1; //lea r13, [0xFFFFFFFFFCEBDBDE]
rcx = rax; //mov rcx, rax
rcx >>= 0x16; //shr rcx, 0x16
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x2C; //shr rcx, 0x2C
rax ^= rcx; //xor rax, rcx
rcx = 0xAF96B7C88EDF2B75; //mov rcx, 0xAF96B7C88EDF2B75
rax *= rcx; //imul rax, rcx
rax ^= r11; //xor rax, r11
rdx = 0; //and rdx, 0xFFFFFFFFC0000000
rdx = _rotl64(rdx, 0x10); //rol rdx, 0x10
rdx ^= r10; //xor rdx, r10
rcx = r11 + r13 * 1; //lea rcx, [r11+r13*1]
rax += rcx; //add rax, rcx
rdx = ~rdx; //not rdx
rcx = 0x7B695E53D3CD7B7F; //mov rcx, 0x7B695E53D3CD7B7F
rax *= driver::read<uint64_t>(rdx + 0x7); //imul rax, [rdx+0x07]
rax *= rcx; //imul rax, rcx
rcx = 0x56A40B352BF2FDB7; //mov rcx, 0x56A40B352BF2FDB7
rax -= rcx; //sub rax, rcx
rcx = baseAddr + 0x32FFEB8B; //lea rcx, [0x000000002FEB8991]
rcx = ~rcx; //not rcx
rcx *= r11; //imul rcx, r11
rax += rcx; //add rax, rcx
return rax;
}
case 15:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77795); //mov r10, [0x0000000009C3113C]
rdx = baseAddr + 0x23AC2B6F; //lea rdx, [0x000000002097C45C]
rcx = baseAddr; //lea rcx, [0xFFFFFFFFFCEB9766]
rax -= rcx; //sub rax, rcx
rax += r11; //add rax, r11
rdx = ~rdx; //not rdx
rdx ^= r11; //xor rdx, r11
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r10; //xor rcx, r10
rcx = ~rcx; //not rcx
rax *= driver::read<uint64_t>(rcx + 0x7); //imul rax, [rcx+0x07]
rcx = rax; //mov rcx, rax
rcx >>= 0x17; //shr rcx, 0x17
rax ^= rcx; //xor rax, rcx
rcx = rax; //mov rcx, rax
rcx >>= 0x2E; //shr rcx, 0x2E
rax ^= rcx; //xor rax, rcx
rax -= rdx; //sub rax, rdx
rcx = 0xAE9091426078C4DF; //mov rcx, 0xAE9091426078C4DF
rax *= rcx; //imul rax, rcx
rcx = 0x2E839B5F3DB76D2B; //mov rcx, 0x2E839B5F3DB76D2B
rax += rcx; //add rax, rcx
rcx = 0x632E9341FBDD9A7C; //mov rcx, 0x632E9341FBDD9A7C
rax -= rcx; //sub rax, rcx
return rax;
}
}
}
extern "C" auto BNETdecrypt_bone_base(uint64_t baseAddr, uint64_t peb) -> uint64_t
{
const uint64_t mb = baseAddr;
uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb;
rdx = driver::read<uint64_t>(baseAddr + 0x116B9DD0);
if (!rdx)
return rdx;
r11 = peb; //mov r11, gs:[rax]
rax = r11; //mov rax, r11
rax <<= 0x22; //shl rax, 0x22
rax = _byteswap_uint64(rax); //bswap rax
rax &= 0xF;
switch (rax) {
case 0:
{
r9 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r9, [0x0000000009C6D402]
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r9; //xor rax, r9
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF58AB]
rdx -= rax; //sub rdx, rax
rax = 0xC98EF2FFB1E013D2; //mov rax, 0xC98EF2FFB1E013D2
rdx += 0xFFFFFFFFFFFFC795; //add rdx, 0xFFFFFFFFFFFFC795
rdx += r11; //add rdx, r11
rdx ^= rax; //xor rdx, rax
rdx ^= r11; //xor rdx, r11
rax = 0x1AE0F1058D3590F1; //mov rax, 0x1AE0F1058D3590F1
rdx *= rax; //imul rdx, rax
rax = 0x1EAC0325CBA779BC; //mov rax, 0x1EAC0325CBA779BC
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x1F; //shr rax, 0x1F
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x3E; //shr rax, 0x3E
rdx ^= rax; //xor rdx, rax
rdx ^= r11; //xor rdx, r11
return rdx;
}
case 1:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r10, [0x0000000009C6CEFD]
rax = 0x311E3C7DD1297B69; //mov rax, 0x311E3C7DD1297B69
rdx *= rax; //imul rdx, rax
rcx = r11; //mov rcx, r11
rcx = ~rcx; //not rcx
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r10; //xor rax, r10
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rax = baseAddr + 0x437D3D7F; //lea rax, [0x00000000406C9253]
rax = ~rax; //not rax
rcx += rax; //add rcx, rax
rdx ^= rcx; //xor rdx, rcx
rax = rdx; //mov rax, rdx
rax >>= 0x28; //shr rax, 0x28
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x13; //shr rax, 0x13
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x26; //shr rax, 0x26
rdx ^= rax; //xor rdx, rax
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF549E]
rax += 0x3B261317; //add rax, 0x3B261317
rax += r11; //add rax, r11
rdx += rax; //add rdx, rax
rax = 0x85B82AEE944DCF96; //mov rax, 0x85B82AEE944DCF96
rdx ^= rax; //xor rdx, rax
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF55AB]
rdx += rax; //add rdx, rax
return rdx;
}
case 2:
{
r9 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r9, [0x0000000009C6CA33]
rax = rdx; //mov rax, rdx
rax >>= 0x25; //shr rax, 0x25
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0xC; //shr rax, 0x0C
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x18; //shr rax, 0x18
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x30; //shr rax, 0x30
rdx ^= rax; //xor rdx, rax
rdx += r11; //add rdx, r11
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r9; //xor rax, r9
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rdx ^= r11; //xor rdx, r11
rax = 0x6B65DF2C3A88AE69; //mov rax, 0x6B65DF2C3A88AE69
rdx -= rax; //sub rdx, rax
rax = 0xA4B331303E4E7A67; //mov rax, 0xA4B331303E4E7A67
rdx *= rax; //imul rdx, rax
rax = 0x6A137DDDFCE4C0D7; //mov rax, 0x6A137DDDFCE4C0D7
rdx -= rax; //sub rdx, rax
return rdx;
}
case 3:
{
r9 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r9, [0x0000000009C6C5F0]
r10 = baseAddr + 0x1314A155; //lea r10, [0x000000001003EEC4]
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r9; //xor rax, r9
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF4C8F]
rdx -= rax; //sub rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x1F; //shr rax, 0x1F
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x3E; //shr rax, 0x3E
rdx ^= rax; //xor rdx, rax
rdx ^= r11; //xor rdx, r11
rax = r10; //mov rax, r10
rax -= r11; //sub rax, r11
rdx ^= rax; //xor rdx, rax
rax = 0xD5A4D08183955257; //mov rax, 0xD5A4D08183955257
rdx *= rax; //imul rdx, rax
rax = 0x8DC8AE43913090FA; //mov rax, 0x8DC8AE43913090FA
rdx ^= rax; //xor rdx, rax
return rdx;
}
case 4:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r10, [0x0000000009C6C2F1]
rax = 0xF7A45523CB2EF07F; //mov rax, 0xF7A45523CB2EF07F
rdx ^= rax; //xor rdx, rax
rdx -= r11; //sub rdx, r11
rdx -= r11; //sub rdx, r11
rdx -= r11; //sub rdx, r11
rax = rdx; //mov rax, rdx
rax >>= 0x14; //shr rax, 0x14
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x28; //shr rax, 0x28
rdx ^= rax; //xor rdx, rax
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r10; //xor rax, r10
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF46D3]
rax += 0x8F29; //add rax, 0x8F29
rax += r11; //add rax, r11
rdx ^= rax; //xor rdx, rax
rax = 0xD43375ADC5407E51; //mov rax, 0xD43375ADC5407E51
rdx *= rax; //imul rdx, rax
return rdx;
}
case 5:
{
r9 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r9, [0x0000000009C6BE43]
r12 = baseAddr + 0x12426297; //lea r12, [0x000000000F31A84F]
rax = 0x7C5DF0A12057BE6; //mov rax, 0x7C5DF0A12057BE6
rdx -= rax; //sub rdx, rax
rax = 0x83F8FC0408B5D1AB; //mov rax, 0x83F8FC0408B5D1AB
rdx ^= rax; //xor rdx, rax
rax = baseAddr + 0x158DE932; //lea rax, [0x00000000127D2D4D]
rax = ~rax; //not rax
rax *= r11; //imul rax, r11
rdx += rax; //add rdx, rax
rax = r11; //mov rax, r11
rax *= r12; //imul rax, r12
rdx ^= rax; //xor rdx, rax
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF4364]
rax += 0x5541; //add rax, 0x5541
rax += r11; //add rax, r11
rdx += rax; //add rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x5; //shr rax, 0x05
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0xA; //shr rax, 0x0A
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x14; //shr rax, 0x14
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x28; //shr rax, 0x28
rdx ^= rax; //xor rdx, rax
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r9; //xor rax, r9
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rax = 0x3F31D045C89ED8C5; //mov rax, 0x3F31D045C89ED8C5
rdx *= rax; //imul rdx, rax
return rdx;
}
case 6:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r10, [0x0000000009C6B8A6]
r12 = baseAddr + 0x6DA9DAD4; //lea r12, [0x000000006A991AF9]
rax = rdx; //mov rax, rdx
rax >>= 0x6; //shr rax, 0x06
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0xC; //shr rax, 0x0C
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x18; //shr rax, 0x18
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x30; //shr rax, 0x30
rdx ^= rax; //xor rdx, rax
rax = 0x7564570D161CA18D; //mov rax, 0x7564570D161CA18D
rdx *= rax; //imul rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x26; //shr rax, 0x26
rdx ^= rax; //xor rdx, rax
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF3DC1]
rax += 0x144205B7; //add rax, 0x144205B7
rax += r11; //add rax, r11
rdx ^= rax; //xor rdx, rax
rax = 0x80C6B6FC948F6729; //mov rax, 0x80C6B6FC948F6729
rdx *= rax; //imul rdx, rax
rax = 0x31DF20582505A415; //mov rax, 0x31DF20582505A415
rdx += rax; //add rdx, rax
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r10; //xor rax, r10
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rdx += r12; //add rdx, r12
rcx = r11; //mov rcx, r11
rcx = ~rcx; //not rcx
rdx += rcx; //add rdx, rcx
return rdx;
}
case 7:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r10, [0x0000000009C6B4B8]
r13 = baseAddr + 0x4354; //lea r13, [0xFFFFFFFFFCEF7F90]
rdx ^= r11; //xor rdx, r11
rax = rdx; //mov rax, rdx
rax >>= 0xD; //shr rax, 0x0D
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x1A; //shr rax, 0x1A
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x34; //shr rax, 0x34
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x7; //shr rax, 0x07
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0xE; //shr rax, 0x0E
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x1C; //shr rax, 0x1C
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x38; //shr rax, 0x38
rdx ^= rax; //xor rdx, rax
rax = 0xCCB3012D7BB7524F; //mov rax, 0xCCB3012D7BB7524F
rdx *= rax; //imul rdx, rax
rax = 0x11516F5E5F563F90; //mov rax, 0x11516F5E5F563F90
rdx -= rax; //sub rdx, rax
rax = r11; //mov rax, r11
rax = ~rax; //not rax
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rax *= r13; //imul rax, r13
rcx ^= r10; //xor rcx, r10
rcx = _byteswap_uint64(rcx); //bswap rcx
rdx += rax; //add rdx, rax
rdx *= driver::read<uint64_t>(rcx + 0x11); //imul rdx, [rcx+0x11]
return rdx;
}
case 8:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r10, [0x0000000009C6B01B]
r12 = baseAddr + 0x7D814959; //lea r12, [0x000000007A7080F8]
rdx -= r11; //sub rdx, r11
rax = 0xEDC13D6B57B6E285; //mov rax, 0xEDC13D6B57B6E285
rdx *= rax; //imul rdx, rax
rax = r11; //mov rax, r11
rax ^= r12; //xor rax, r12
rax += r11; //add rax, r11
rdx += rax; //add rdx, rax
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r10; //xor rcx, r10
rcx = _byteswap_uint64(rcx); //bswap rcx
rdx *= driver::read<uint64_t>(rcx + 0x11); //imul rdx, [rcx+0x11]
rax = rdx; //mov rax, rdx
rax >>= 0x21; //shr rax, 0x21
rdx ^= rax; //xor rdx, rax
rdx += r11; //add rdx, r11
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF3642]
rdx ^= rax; //xor rdx, rax
return rdx;
}
case 9:
{
r9 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r9, [0x0000000009C6ACD9]
rax = rdx; //mov rax, rdx
rax >>= 0xB; //shr rax, 0x0B
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x16; //shr rax, 0x16
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x2C; //shr rax, 0x2C
rdx ^= rax; //xor rdx, rax
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF3020]
rdx ^= rax; //xor rdx, rax
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r9; //xor rax, r9
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rax = rdx; //mov rax, rdx
rax >>= 0xB; //shr rax, 0x0B
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x16; //shr rax, 0x16
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x2C; //shr rax, 0x2C
rdx ^= rax; //xor rdx, rax
rax = 0x53198E81F809E193; //mov rax, 0x53198E81F809E193
rax -= r11; //sub rax, r11
rax -= baseAddr; //sub rax, [rsp+0xD8] -- didn't find trace -> use base
rdx += rax; //add rdx, rax
rax = 0x5E76F88978AFE528; //mov rax, 0x5E76F88978AFE528
rdx += rax; //add rdx, rax
rax = 0x33557C5CEFBE234B; //mov rax, 0x33557C5CEFBE234B
rdx *= rax; //imul rdx, rax
return rdx;
}
case 10:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r10, [0x0000000009C6A7B3]
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF2DD7]
rdx -= rax; //sub rdx, rax
rcx = rdx; //mov rcx, rdx
rcx >>= 0x27; //shr rcx, 0x27
rcx ^= rdx; //xor rcx, rdx
rdx = baseAddr + 0x9688; //lea rdx, [0xFFFFFFFFFCEFC353]
rdx *= r11; //imul rdx, r11
rdx += rcx; //add rdx, rcx
rax = rdx; //mov rax, rdx
rax >>= 0x13; //shr rax, 0x13
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x26; //shr rax, 0x26
rdx ^= rax; //xor rdx, rax
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r10; //xor rax, r10
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rax = 0x3331EF2FFF7DD801; //mov rax, 0x3331EF2FFF7DD801
rdx *= rax; //imul rdx, rax
rax = 0x2130706D6228E017; //mov rax, 0x2130706D6228E017
rdx ^= rax; //xor rdx, rax
return rdx;
}
case 11:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r10, [0x0000000009C6A2D8]
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rax = baseAddr + 0x1E13DCA3; //lea rax, [0x000000001B03034B]
rax = ~rax; //not rax
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rax += r11; //add rax, r11
rcx ^= r10; //xor rcx, r10
rdx += rax; //add rdx, rax
rcx = _byteswap_uint64(rcx); //bswap rcx
rdx *= driver::read<uint64_t>(rcx + 0x11); //imul rdx, [rcx+0x11]
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF267A]
rax += 0x9D9E; //add rax, 0x9D9E
rax += r11; //add rax, r11
rdx += rax; //add rdx, rax
rax = r11; //mov rax, r11
rax -= baseAddr; //sub rax, [rsp+0xD8] -- didn't find trace -> use base
rdx += rax; //add rdx, rax
rax = 0x10CE41F37EB30D3D; //mov rax, 0x10CE41F37EB30D3D
rdx *= rax; //imul rdx, rax
rax = 0x3078E9571E8D51B0; //mov rax, 0x3078E9571E8D51B0
rdx -= rax; //sub rdx, rax
rax = 0x13796DAAB7614CCB; //mov rax, 0x13796DAAB7614CCB
rdx += rax; //add rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x11; //shr rax, 0x11
rdx ^= rax; //xor rdx, rax
rcx = baseAddr + 0x7C2A0085; //lea rcx, [0x00000000791927C3]
rcx = ~rcx; //not rcx
rcx *= r11; //imul rcx, r11
rax = rdx; //mov rax, rdx
rax >>= 0x22; //shr rax, 0x22
rcx ^= rax; //xor rcx, rax
rdx ^= rcx; //xor rdx, rcx
return rdx;
}
case 12:
{
r9 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r9, [0x0000000009C69E83]
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r9; //xor rax, r9
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rdx -= r11; //sub rdx, r11
rax = 0x509EB372CDB3AEF3; //mov rax, 0x509EB372CDB3AEF3
rdx *= rax; //imul rdx, rax
rax = 0x3978478545AD0B0E; //mov rax, 0x3978478545AD0B0E
rdx += rax; //add rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x11; //shr rax, 0x11
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x22; //shr rax, 0x22
rdx ^= rax; //xor rdx, rax
rax = 0xF1F3C3AA4D6D1089; //mov rax, 0xF1F3C3AA4D6D1089
rdx *= rax; //imul rdx, rax
return rdx;
}
case 13:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r10, [0x0000000009C699EC]
rax = rdx; //mov rax, rdx
rax >>= 0xE; //shr rax, 0x0E
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x1C; //shr rax, 0x1C
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rax >>= 0x38; //shr rax, 0x38
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rdx ^= rax; //xor rdx, rax
rcx ^= r10; //xor rcx, r10
rdx += r11; //add rdx, r11
rcx = _byteswap_uint64(rcx); //bswap rcx
rdx *= driver::read<uint64_t>(rcx + 0x11); //imul rdx, [rcx+0x11]
rcx = baseAddr + 0x7FFA; //lea rcx, [0xFFFFFFFFFCEFA0CF]
rax = 0xEA5C4AF83EEC98D; //mov rax, 0xEA5C4AF83EEC98D
rdx += rax; //add rdx, rax
rax = rcx; //mov rax, rcx
rax = ~rax; //not rax
rax ^= r11; //xor rax, r11
rdx ^= rax; //xor rdx, rax
rax = 0x58CCD785809FBA65; //mov rax, 0x58CCD785809FBA65
rdx *= rax; //imul rdx, rax
rax = 0xCB1252FFDD097729; //mov rax, 0xCB1252FFDD097729
rdx *= rax; //imul rdx, rax
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF1D3F]
rax += 0x1CFB; //add rax, 0x1CFB
rax += r11; //add rax, r11
rdx += rax; //add rdx, rax
return rdx;
}
case 14:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r10, [0x0000000009C69434]
rax = rdx; //mov rax, rdx
rax >>= 0x1C; //shr rax, 0x1C
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x38; //shr rax, 0x38
rax ^= rdx; //xor rax, rdx
rdx = baseAddr; //lea rdx, [0xFFFFFFFFFCEF1872]
rax -= rdx; //sub rax, rdx
rdx = r11 + 0xffffffffd3bc8867; //lea rdx, [r11-0x2C437799]
rdx += rax; //add rdx, rax
rax = 0; //and rax, 0xFFFFFFFFC0000000
rax = _rotl64(rax, 0x10); //rol rax, 0x10
rax ^= r10; //xor rax, r10
rax = _byteswap_uint64(rax); //bswap rax
rdx *= driver::read<uint64_t>(rax + 0x11); //imul rdx, [rax+0x11]
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF1780]
rdx -= rax; //sub rdx, rax
rax = 0x311461FA31B150C8; //mov rax, 0x311461FA31B150C8
rdx ^= rax; //xor rdx, rax
rax = 0x3D057F65AC2E944D; //mov rax, 0x3D057F65AC2E944D
rdx += rax; //add rdx, rax
rax = 0x3EA61F392134306F; //mov rax, 0x3EA61F392134306F
rdx *= rax; //imul rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x16; //shr rax, 0x16
rdx ^= rax; //xor rdx, rax
rax = rdx; //mov rax, rdx
rax >>= 0x2C; //shr rax, 0x2C
rdx ^= rax; //xor rdx, rax
return rdx;
}
case 15:
{
r10 = driver::read<uint64_t>(baseAddr + 0xCD77869); //mov r10, [0x0000000009C68FB3]
rax = rdx; //mov rax, rdx
rax >>= 0x25; //shr rax, 0x25
rdx ^= rax; //xor rdx, rax
rdx -= r11; //sub rdx, r11
rcx = 0; //and rcx, 0xFFFFFFFFC0000000
rcx = _rotl64(rcx, 0x10); //rol rcx, 0x10
rcx ^= r10; //xor rcx, r10
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF14CD]
rax += 0x953; //add rax, 0x953
rax += r11; //add rax, r11
rcx = _byteswap_uint64(rcx); //bswap rcx
rdx ^= rax; //xor rdx, rax
rdx *= driver::read<uint64_t>(rcx + 0x11); //imul rdx, [rcx+0x11]
rax = 0xEDC186E4F45D82CF; //mov rax, 0xEDC186E4F45D82CF
rdx *= rax; //imul rdx, rax
rdx -= r11; //sub rdx, r11
rax = baseAddr; //lea rax, [0xFFFFFFFFFCEF13CC]
rdx -= rax; //sub rdx, rax
rax = 0x579691DADE4159FD; //mov rax, 0x579691DADE4159FD
rdx *= rax; //imul rdx, rax
rax = 0x20B206512FA8AEE; //mov rax, 0x20B206512FA8AEE
rdx -= rax; //sub rdx, rax
rax = 0x804CFF40F9D9BEBF; //mov rax, 0x804CFF40F9D9BEBF
rdx *= rax; //imul rdx, rax
return rdx;
}
}
}
extern "C" auto BNETget_bone_index(uint32_t bone_index, uint64_t baseAddr) -> uint64_t
{
const uint64_t mb = baseAddr;
uint64_t rax = mb, rbx = mb, rcx = mb, rdx = mb, rdi = mb, rsi = mb, r8 = mb, r9 = mb, r10 = mb, r11 = mb, r12 = mb, r13 = mb, r14 = mb, r15 = mb;
rsi = bone_index;
rcx = rsi * 0x13C8;
rax = 0xD8CE01BF28E39A45; //mov rax, 0xD8CE01BF28E39A45
rax = _umul128(rax, rcx, (uintptr_t*)&rdx); //mul rcx
rdi = baseAddr; //lea rdi, [0xFFFFFFFFFD4CEE8A]
r10 = 0xB225E47EA96E19B5; //mov r10, 0xB225E47EA96E19B5
rdx >>= 0xD; //shr rdx, 0x0D
rax = rdx * 0x25C9; //imul rax, rdx, 0x25C9
rcx -= rax; //sub rcx, rax
rax = 0xCEA41D97BF6494DF; //mov rax, 0xCEA41D97BF6494DF
r8 = rcx * 0x25C9; //imul r8, rcx, 0x25C9
rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8
rax = r8; //mov rax, r8
rax -= rdx; //sub rax, rdx
rax >>= 0x1; //shr rax, 0x01
rax += rdx; //add rax, rdx
rax >>= 0xE; //shr rax, 0x0E
rax = rax * 0x46D4; //imul rax, rax, 0x46D4
r8 -= rax; //sub r8, rax
rax = 0x526226F064679F75; //mov rax, 0x526226F064679F75
rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8
rax = 0xD79435E50D79435F; //mov rax, 0xD79435E50D79435F
rdx >>= 0x9; //shr rdx, 0x09
rcx = rdx * 0x637; //imul rcx, rdx, 0x637
rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8
rdx >>= 0x4; //shr rdx, 0x04
rcx += rdx; //add rcx, rdx
rax = rcx * 0x26; //imul rax, rcx, 0x26
rcx = r8 + r8 * 4; //lea rcx, [r8+r8*4]
rcx <<= 0x3; //shl rcx, 0x03
rcx -= rax; //sub rcx, rax
rax = driver::read<uint16_t>(rcx + rdi * 1 + 0xBCEE470); //movzx eax, word ptr [rcx+rdi*1+0xBCEE470]
r8 = rax * 0x13C8; //imul r8, rax, 0x13C8
rax = r10; //mov rax, r10
rax = _umul128(rax, r8, (uintptr_t*)&rdx); //mul r8
rcx = r8; //mov rcx, r8
rax = r10; //mov rax, r10
rcx -= rdx; //sub rcx, rdx
rcx >>= 0x1; //shr rcx, 0x01
rcx += rdx; //add rcx, rdx
rcx >>= 0xD; //shr rcx, 0x0D
rcx = rcx * 0x25BD; //imul rcx, rcx, 0x25BD
r8 -= rcx; //sub r8, rcx
r9 = r8 * 0x319C; //imul r9, r8, 0x319C
rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9
rax = r9; //mov rax, r9
rax -= rdx; //sub rax, rdx
rax >>= 0x1; //shr rax, 0x01
rax += rdx; //add rax, rdx
rax >>= 0xD; //shr rax, 0x0D
rax = rax * 0x25BD; //imul rax, rax, 0x25BD
r9 -= rax; //sub r9, rax
rax = 0x842108421084211; //mov rax, 0x842108421084211
rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9
rax = r9; //mov rax, r9
rax -= rdx; //sub rax, rdx
rax >>= 0x1; //shr rax, 0x01
rax += rdx; //add rax, rdx
rax >>= 0xA; //shr rax, 0x0A
rcx = rax * 0x7C0; //imul rcx, rax, 0x7C0
rax = 0xE38E38E38E38E38F; //mov rax, 0xE38E38E38E38E38F
rax = _umul128(rax, r9, (uintptr_t*)&rdx); //mul r9
rdx >>= 0x3; //shr rdx, 0x03
rcx += rdx; //add rcx, rdx
rax = rcx + rcx * 8; //lea rax, [rcx+rcx*8]
rax += rax; //add rax, rax
rcx = r9 + r9 * 4; //lea rcx, [r9+r9*4]
rcx <<= 0x2; //shl rcx, 0x02
rcx -= rax; //sub rcx, rax
r12 = driver::read<uint16_t>(rcx + rdi * 1 + 0xBCFD0A0); //movsx r12d, word ptr [rcx+rdi*1+0xBCFD0A0]
return r12;
}Editor is loading...
Leave a Comment