FransBouma · August 9, 2017 20:18 · FransBouma · Aug 9, 2017 · FransBouma · Aug 9, 2017
diff --git a/address.txt b/address.txt
 // Camera x/y/z/rotation writes: Disable to unlock free movement. Central copy constructor of UE camera manager.
 // Used in-game and in photomode
 // UE uses angles for rotation. In UE3 it uses packed 16 bit ints, in UE4 it uses floats, in degrees (0-360.0)
 HellbladeGame-Win64-Shipping.exe+1940B77 - F2 0F11 87 80040000   - movsd [rdi+00000480],xmm0    // Write X & Y
 HellbladeGame-Win64-Shipping.exe+1940B7F - F2 0F10 44 24 5C      - movsd xmm0,[rsp+5C]
 HellbladeGame-Win64-Shipping.exe+1940B85 - F2 0F11 87 8C040000   - movsd [rdi+0000048C],xmm0    // Write Rotation around X/ around Z
 HellbladeGame-Win64-Shipping.exe+1940B8D - 0F10 44 24 68         - movups xmm0,[rsp+68]
 HellbladeGame-Win64-Shipping.exe+1940B92 - 89 87 88040000        - mov [rdi+00000488],eax       // Write Z (UP)
 HellbladeGame-Win64-Shipping.exe+1940B98 - 8B 44 24 64           - mov eax,[rsp+64]
 HellbladeGame-Win64-Shipping.exe+1940B9C - 89 87 94040000        - mov [rdi+00000494],eax       // Write Rotation around Y (into the screen)
 HellbladeGame-Win64-Shipping.exe+1940BA2 - 8B 44 24 7C           - mov eax,[rsp+7C]
 HellbladeGame-Win64-Shipping.exe+1940BA6 - 0F11 87 98040000      - movups [rdi+00000498],xmm0   // Write FOV
 HellbladeGame-Win64-Shipping.exe+1940BAD - 83 E0 03              - and eax,03 { 3 }
 HellbladeGame-Win64-Shipping.exe+1940BB0 - F3 0F10 44 24 78      - movss xmm0,[rsp+78]
 HellbladeGame-Win64-Shipping.exe+1940BB6 - 09 87 AC040000        - or [rdi+000004AC],eax
 HellbladeGame-Win64-Shipping.exe+1940BBC - 0FB6 45 80            - movzx eax,byte ptr [rbp-80]
 HellbladeGame-Win64-Shipping.exe+1940BC0 - F3 0F11 87 A8040000   - movss [rdi+000004A8],xmm0

 // Camera x/y/z/rotation writes for pause camera. Same structure. as above
 HellbladeGame-Win64-Shipping.exe+195920A - 83 A3 AC040000 FC     - and dword ptr [rbx+000004AC],-04 { 252 }
 HellbladeGame-Win64-Shipping.exe+1959211 - F2 0F11 83 80040000   - movsd [rbx+00000480],xmm0
 HellbladeGame-Win64-Shipping.exe+1959219 - F2 0F10 44 24 2C      - movsd xmm0,[rsp+2C]
 HellbladeGame-Win64-Shipping.exe+195921F - F2 0F11 83 8C040000   - movsd [rbx+0000048C],xmm0
 HellbladeGame-Win64-Shipping.exe+1959227 - 0F10 44 24 38         - movups xmm0,[rsp+38]
 HellbladeGame-Win64-Shipping.exe+195922C - 89 83 88040000        - mov [rbx+00000488],eax
 HellbladeGame-Win64-Shipping.exe+1959232 - 8B 44 24 34           - mov eax,[rsp+34]
 HellbladeGame-Win64-Shipping.exe+1959236 - 89 83 94040000        - mov [rbx+00000494],eax
 HellbladeGame-Win64-Shipping.exe+195923C - 8B 44 24 4C           - mov eax,[rsp+4C]
 HellbladeGame-Win64-Shipping.exe+1959240 - 0F11 83 98040000      - movups [rbx+00000498],xmm0
 HellbladeGame-Win64-Shipping.exe+1959247 - 83 E0 03              - and eax,03 { 3 }
 HellbladeGame-Win64-Shipping.exe+195924A - F3 0F10 44 24 48      - movss xmm0,[rsp+48]
 HellbladeGame-Win64-Shipping.exe+1959250 - 09 83 AC040000        - or [rbx+000004AC],eax
 HellbladeGame-Win64-Shipping.exe+1959256 - 0FB6 44 24 50         - movzx eax,byte ptr [rsp+50]

 // FOV read: (no write-per-frame, can be overwritten at will)
 HellbladeGame-Win64-Shipping.exe+1944DD0 - F3 0F10 81 14040000   - movss xmm0,[rcx+00000414]
 HellbladeGame-Win64-Shipping.exe+1944DD8 - 0F57 C9               - xorps xmm1,xmm1
 HellbladeGame-Win64-Shipping.exe+1944DDB - 0F2F C1               - comiss xmm0,xmm1
 HellbladeGame-Win64-Shipping.exe+1944DDE - 77 08                 - ja HellbladeGame-Win64-Shipping.exe+1944DE8
 HellbladeGame-Win64-Shipping.exe+1944DE0 - F3 0F10 81 98040000   - movss xmm0,[rcx+00000498]         // FOV READ
 HellbladeGame-Win64-Shipping.exe+1944DE8 - C3                    - ret 
 HellbladeGame-Win64-Shipping.exe+1944DE9 - CC                    - int 3
	// Camera x/y/z/rotation writes: Disable to unlock free movement. Central copy constructor of UE camera manager.
	// Used in-game and in photomode
	// UE uses angles for rotation. In UE3 it uses packed 16 bit ints, in UE4 it uses floats, in degrees (0-360.0)
	HellbladeGame-Win64-Shipping.exe+1940B77 - F2 0F11 87 80040000 - movsd [rdi+00000480],xmm0 // Write X & Y
	HellbladeGame-Win64-Shipping.exe+1940B7F - F2 0F10 44 24 5C - movsd xmm0,[rsp+5C]
	HellbladeGame-Win64-Shipping.exe+1940B85 - F2 0F11 87 8C040000 - movsd [rdi+0000048C],xmm0 // Write Rotation around X/ around Z
	HellbladeGame-Win64-Shipping.exe+1940B8D - 0F10 44 24 68 - movups xmm0,[rsp+68]
	HellbladeGame-Win64-Shipping.exe+1940B92 - 89 87 88040000 - mov [rdi+00000488],eax // Write Z (UP)
	HellbladeGame-Win64-Shipping.exe+1940B98 - 8B 44 24 64 - mov eax,[rsp+64]
	HellbladeGame-Win64-Shipping.exe+1940B9C - 89 87 94040000 - mov [rdi+00000494],eax // Write Rotation around Y (into the screen)
	HellbladeGame-Win64-Shipping.exe+1940BA2 - 8B 44 24 7C - mov eax,[rsp+7C]
	HellbladeGame-Win64-Shipping.exe+1940BA6 - 0F11 87 98040000 - movups [rdi+00000498],xmm0 // Write FOV
	HellbladeGame-Win64-Shipping.exe+1940BAD - 83 E0 03 - and eax,03 { 3 }
	HellbladeGame-Win64-Shipping.exe+1940BB0 - F3 0F10 44 24 78 - movss xmm0,[rsp+78]
	HellbladeGame-Win64-Shipping.exe+1940BB6 - 09 87 AC040000 - or [rdi+000004AC],eax
	HellbladeGame-Win64-Shipping.exe+1940BBC - 0FB6 45 80 - movzx eax,byte ptr [rbp-80]
	HellbladeGame-Win64-Shipping.exe+1940BC0 - F3 0F11 87 A8040000 - movss [rdi+000004A8],xmm0

	// Camera x/y/z/rotation writes for pause camera. Same structure. as above
	HellbladeGame-Win64-Shipping.exe+195920A - 83 A3 AC040000 FC - and dword ptr [rbx+000004AC],-04 { 252 }
	HellbladeGame-Win64-Shipping.exe+1959211 - F2 0F11 83 80040000 - movsd [rbx+00000480],xmm0
	HellbladeGame-Win64-Shipping.exe+1959219 - F2 0F10 44 24 2C - movsd xmm0,[rsp+2C]
	HellbladeGame-Win64-Shipping.exe+195921F - F2 0F11 83 8C040000 - movsd [rbx+0000048C],xmm0
	HellbladeGame-Win64-Shipping.exe+1959227 - 0F10 44 24 38 - movups xmm0,[rsp+38]
	HellbladeGame-Win64-Shipping.exe+195922C - 89 83 88040000 - mov [rbx+00000488],eax
	HellbladeGame-Win64-Shipping.exe+1959232 - 8B 44 24 34 - mov eax,[rsp+34]
	HellbladeGame-Win64-Shipping.exe+1959236 - 89 83 94040000 - mov [rbx+00000494],eax
	HellbladeGame-Win64-Shipping.exe+195923C - 8B 44 24 4C - mov eax,[rsp+4C]
	HellbladeGame-Win64-Shipping.exe+1959240 - 0F11 83 98040000 - movups [rbx+00000498],xmm0
	HellbladeGame-Win64-Shipping.exe+1959247 - 83 E0 03 - and eax,03 { 3 }
	HellbladeGame-Win64-Shipping.exe+195924A - F3 0F10 44 24 48 - movss xmm0,[rsp+48]
	HellbladeGame-Win64-Shipping.exe+1959250 - 09 83 AC040000 - or [rbx+000004AC],eax
	HellbladeGame-Win64-Shipping.exe+1959256 - 0FB6 44 24 50 - movzx eax,byte ptr [rsp+50]

	// FOV read: (no write-per-frame, can be overwritten at will)
	HellbladeGame-Win64-Shipping.exe+1944DD0 - F3 0F10 81 14040000 - movss xmm0,[rcx+00000414]
	HellbladeGame-Win64-Shipping.exe+1944DD8 - 0F57 C9 - xorps xmm1,xmm1
	HellbladeGame-Win64-Shipping.exe+1944DDB - 0F2F C1 - comiss xmm0,xmm1
	HellbladeGame-Win64-Shipping.exe+1944DDE - 77 08 - ja HellbladeGame-Win64-Shipping.exe+1944DE8
	HellbladeGame-Win64-Shipping.exe+1944DE0 - F3 0F10 81 98040000 - movss xmm0,[rcx+00000498] // FOV READ
	HellbladeGame-Win64-Shipping.exe+1944DE8 - C3 - ret
	HellbladeGame-Win64-Shipping.exe+1944DE9 - CC - int 3