11 "Enable Hotsampling support (Windowed mode). Leave enabled" Auto Assembler Script // By Otis_Inf and Hattiwatti // See for info about locations/data: // https://github.com/FransBouma/InjectableGenericCameraSystem/blob/master/Notes/Control.txt ////////////////////////////////////////////////////////// // FRAMED Screenshot Community. https://framedsc.github.io ////////////////////////////////////////////////////////// [ENABLE] aobscanmodule(writeRenderResolution,coregame_rmdwin10_f.dll,89 84 24 84 00 00 00 E8) // should be unique alloc(newmem,$1000,coregame_rmdwin10_f.dll+A76B3) label(codeRenderRes) label(returnRenderRes) label(codeKeepFocus) label(returnKeepFocus) registersymbol(writeRenderResolution) //--------------- own memory newmem: codeRenderRes: // hard-write the resolution back instead of the original code which writes the results of calculations to the addresses // in the stackframe. Do this at width+8 and height+8, so mov [rsp+00000084],eax // screen height. (screenwidth is at 80) cvttss2si eax, [rdi+04] mov [rsp+88], eax // rendering width, cvttss2si eax, [rdi+08] mov [rsp+8C], eax // rendering height jmp returnRenderRes codeKeepFocus: mov r8l, 01 // always 1 so always 'has focus' mov [rcx+0000009B],r8l jmp returnKeepFocus //--------------- end own memory // in game dll! writeRenderResolution: jmp newmem nop nop returnRenderRes: // Will break in a patch coregame_rmdwin10_f.dll+ABFEE: jmp codeKeepFocus nop nop returnKeepFocus: coregame_rmdwin10_f.dll+AC281: mov r8d, 00000000 coregame_rmdwin10_f.coregame::GameWindow::updateScreenSize+32: db e9 C7 00 00 00 90 // will break in a patch coregame_rmdwin10_f.coregame::GameWindow::setUserRendererSettings+189: db 90 90 90 90 90 90 [DISABLE] writeRenderResolution: db 89 84 24 84 00 00 00 coregame_rmdwin10_f.dll+ABFEE: mov [rcx+0000009B],r8l coregame_rmdwin10_f.dll+AC281: mov r8d, 00000001 coregame_rmdwin10_f.coregame::GameWindow::updateScreenSize+32: db 0F 85 C6 00 00 00 // will break in a patch coregame_rmdwin10_f.coregame::GameWindow::setUserRendererSettings+189: db FF 15 09 7B 4F 00 unregistersymbol(writeRenderResolution) dealloc(newmem) 6 "Toggle pause (NUMPAD 0)" Auto Assembler Script // By Otis_Inf and Hattiwatti // See for info about locations/data: // https://github.com/FransBouma/InjectableGenericCameraSystem/blob/master/Notes/Control.txt ////////////////////////////////////////////////////////// // FRAMED Screenshot Community. https://framedsc.github.io ////////////////////////////////////////////////////////// [ENABLE] // global r::Timer instance, offset 39 // See notes for location [Control_DX12.exe+11C2118]+39: db 1 [Control_DX12.exe+11C2118]+69: db 1 timerAddress: dq 0 [DISABLE] // global r::Timer instance, offset 38 [Control_DX12.exe+11C2118]+38: dd 0 [Control_DX12.exe+11C2118]+68: dd 0 Toggle Activation 96 0 7 "HUD toggle (DEL) (HUD will hide/show after camera move)" Auto Assembler Script // By Otis_Inf and Hattiwatti // See for info about locations/data: // https://github.com/FransBouma/InjectableGenericCameraSystem/blob/master/Notes/Control.txt ////////////////////////////////////////////////////////// // FRAMED Screenshot Community. https://framedsc.github.io ////////////////////////////////////////////////////////// [ENABLE] CoherentGTCore.WebCore::GraphicsLayer::setOpacity: // set opacity for all objects in any UI to 0. This method is called on many objects so this is // the easiest way without enumerating them all xorps xmm1,xmm1 movss [rcx+00000168],xmm1 ret [DISABLE] CoherentGTCore.WebCore::GraphicsLayer::setOpacity: // resume as normal movss [rcx+00000168],xmm1 ret Toggle Activation 46 0 5 "Toggle debug camera (INS)" Auto Assembler Script // By Otis_Inf and Hattiwatti // See for info about locations/data: // https://github.com/FransBouma/InjectableGenericCameraSystem/blob/master/Notes/Control.txt ////////////////////////////////////////////////////////// // FRAMED Screenshot Community. https://framedsc.github.io ////////////////////////////////////////////////////////// [ENABLE] alloc(enableFreeCamThread,248) aobscanmodule(interceptFreeCamFoV,Control_DX12.exe,0F 10 43 70 0F 58 C3) // should be unique alloc(newmem,$1000,"Control_DX12.exe"+3163BC) label(code) label(return) registersymbol(interceptFreeCamFoV) label(freeCameraStructAddress) registersymbol(freeCameraStructAddress) label(originalCameraCoords) registersymbol(originalCameraCoords) // Create a thread to call a couple of functions, then stop createthread(enableFreeCamThread) enableFreeCamThread: // first pull the current camera state from the cache. Using code from coregame_rmdwin10_f.coregame::CameraComponentState::getPosition mov rsi, Control_DX12.exe mov rcx, [rsi+011C20A8] // hardcoded static address. See notes. mov rbx,[rcx+28] mov rdi,rdx call coregame_rmdwin10_f.coregame::TransformComponentState::getTypeIDStatic // then obtain the camera object address mov edx,eax mov rcx,rbx call rl_rmdwin10_f.r::GameObjectState::getComponentByTypeId // then read the coords and cache them. Coords are at offset D0 (see getPosition) mov rcx, originalCameraCoords mov ebx, [rax+D0] mov [rcx], ebx mov ebx, [rax+D4] mov [rcx+4], ebx mov ebx, [rax+D8] mov [rcx+8], ebx // enable freecam mov eax, 1 mov [Control_DX12.exe+11C20A4], eax call input_rmdwin10_f.input::InputManager::getInstance mov rcx, rax mov dl, 1 call input_rmdwin10_f.input::InputManager::setFreeCameraWithoutPlayerControls // we'll leave the cache write to the interception of the FoV below. ret // this is memory used to intercept the freecam fov. newmem: code: mov [freeCameraStructAddress], rbx movups xmm0,[rbx+70] addps xmm0,xmm3 movups [rbx+70],xmm0 cmp byte [coordsReset], 1 je done // write back the cached coords. push rcx push edx mov rcx, originalCameraCoords mov edx, [rcx] mov [rbx+70], edx mov edx, [rcx+4] mov [rbx+74], edx mov edx, [rcx+8] mov [rbx+78], rdx pop edx // set flag mov cl, 01 mov [coordsReset], cl pop rcx done: jmp return freeCameraStructAddress: dq 0 originalCameraCoords: dd 0 0 0 coordsReset: db 0 interceptFreeCamFoV: jmp newmem nop nop nop nop nop nop return: // hide outlines. Contributed by Pigeon Control_DX12.exe+ACEDF: db E9 74 02 00 00 90 // jmp instead of je [DISABLE] alloc(disableFreeCamThread,248) createthread(disableFreeCamThread) disableFreeCamThread: xor eax, eax mov [Control_DX12.exe+11C20A4], eax call input_rmdwin10_f.input::InputManager::getInstance mov rcx, rax mov dl, 0 call input_rmdwin10_f.input::InputManager::setFreeCameraWithoutPlayerControls ret interceptFreeCamFoV: movups xmm0,[rbx+70] addps xmm0,xmm3 movups [rbx+70],xmm0 Control_DX12.exe+ACEDF: db 0F 84 73 02 00 00 unregistersymbol(freeCameraStructAddress) unregistersymbol(interceptFreeCamFoV) dealloc(newmem) Toggle Activation 45 0 24 "Freecam FoV (NUMPAD-/+ Speed: +CTRL. Reset: CRTL-ALT-NUMPAD)" Float

freeCameraStructAddress

-20 Decrease Value 17 109 0.1 0 Increase Value 17 107 0.1 1 Decrease Value 109 0.01 2 Increase Value 107 0.01 3 Set Value 17 18 109 1.1344 4 39 "Rotation speed (F9: 0.04, for mouse. CTRL-F9: 0.7, for controller)" Float

freeCameraStructAddress

8C Set Value 120 0.04 0 Set Value 17 120 0.7 1 12 "Gameplay FOV Override (F2)" Auto Assembler Script // By Otis_Inf and Hattiwatti // See for info about locations/data: // https://github.com/FransBouma/InjectableGenericCameraSystem/blob/master/Notes/Control.txt ////////////////////////////////////////////////////////// // FRAMED Screenshot Community. https://framedsc.github.io ////////////////////////////////////////////////////////// [ENABLE] aobscanmodule(FoVInterception,Control_DX12.exe,F3 0F 59 43 10) // should be unique alloc(newmem,$1000,"Control_DX12.exe"+1FA3B2) label(code) label(return) registersymbol(FoVInterception) label(fovAddress) registerSymbol(fovAddress) newmem: code: mulss xmm0,[rbx+10] mov [fovAddress], rbx jmp return fovAddress: dq 0 FoVInterception: jmp newmem return: [DISABLE] FoVInterception: db F3 0F 59 43 10 unregistersymbol(FoVInterception) dealloc(newmem) Toggle Activation 113 0 13 "Gameplay FoV (PgUp/PgDn Speed: +CTRL. Reset: CTRL-ALT-PgUp)" Float

fovAddress

10 Decrease Value 17 33 0.1 0 Increase Value 17 34 0.1 1 Decrease Value 33 0.01 2 Increase Value 34 0.01 3 Set Value 17 18 33 1.1344 4 34 "Render Effects" 1 36 "Depth of Field (F3: Off, CTRL-F3: On)" Byte

rend::RenderOptions::RenderDepthOfField

Set Value 114 0 0 Set Value 17 114 1 1 37 "Motion Blur (F4: Off, CTRL-F4: On)" Byte

rend::RenderOptions::RenderVectorBlur

Set Value 115 0 0 Set Value 17 115 1 1 35 "Bloom (F5: Off, CTRL-F5: On)" Byte

rend::RenderOptions::RenderBloom

Set Value 116 0 0 Set Value 17 116 1 1 38 "Screenspace AA (F6: Off, CTRL-F6: On)" Byte

rend::RenderOptions::ScreenSpaceAntialiasing

Set Value 117 0 0 Set Value 17 117 1 1 40 "Wireframe (F7: Off, CTRL-F7: On)" Byte

rend::RenderOptions::Wireframe

Set Value 118 0 0 Set Value 17 118 1 1 25 "---------------------------------------------------------------------------" 400080 1 28 "Debug camera tip: use Mousewheel to decrease speed (and a controller for movement)" 0000FF 1 33 "When the game is paused, to hide the hud press ESC twice" 0000FF 1 29 "---------------------------------------------------------------------------" 1 26 "Screenshot CT for Control DirectX 12. By Otis_Inf and Hattiwatti. v1.5 (26-jan-2020). Thanks to Pigeon" FF0000 1 27 "FRAMED Screenshot Community. https://framedsc.github.io" FF8080 1 thread

1F4C19A0000

Info about this table:

"CoherentGTCore.dll"+2E2DDD

Call SetOpacity