Assassin's Creed on 3440x1440 [21:9]
Posted: Sun Mar 05, 2023 12:41 pm
As I go with an assassin's creed series on 1440p I might add more aOb to patches...
Assassin's Creed 1
SKIPPED, -
Note: these scripts and/or aOb strings are based on steam store app. Yet you still need have Ubisoft launcher to launch these games... (…)
Also it seems steam overlay doesn't work correctly* with first few assassin's creed games.. : [Workaround]
Assassin's Creed 2
, - Had to take a look into memory... because existing patch online were different than steam version.
Short version:
- open process "AssassinsCreedIIGame.exe" and find array of bytes of "AssassinsCreedIIGame.exe" "30 40 CD CC CC 3D 33 33 33 3F"
- Change first two bytes into "20 4F"
- DONE
OR
Longer version:
- Open process "AssassinsCreedIIGame.exe
- At memory scan options chose "AssassinsCreedIIGame.exe"
- Set value type to "array of byte"
- Enter search value "30 40 CD CC CC 3D 33 33 33 3F"
- (! important) MARK Gray writable/executable/CopyOnWrite
- Click First Scan
- Should appear one address
- right click on green address
- chose Change value of selected address
- Input box appear, change value to "20 4F CD CC CC 3D 33 33 33 3F" and click ok
- DONE
Assasin's Creed (2) Brotherhood
,- .. online existing patch made all game strings broken <- that was weird... had to look into..
- Create an empty assembly script and paste this code then add to cheat table address list.
Code: Select all
[ENABLE]
aobScanModule(AA_GEN_13997199,ACBSP.exe,45 E0 F3 0F 10 05 34 F6 87 02 0F)
AA_GEN_13997199+2:
Nop 8
registersymbol(AA_GEN_13997199)
[DISABLE]
AA_GEN_13997199+2:
db 45 E0 F3 0F 10 05 34 F6 87 02 0F
unregistersymbol(AA_GEN_13997199)
{ Function dump of "ACBSP.exe+621250"
~ Function header aob : "54 8B C6 5E C3 CC CC CC CC CC CC CC CC CC CC CC 53 8B DC 83 EC 08" ~
// 55 8B 6B 04 89 6C 24 04 8B EC 83 EC 2C 56 8B F1 8B 4E 0C 8B 01
// [0000/0] ACBSP.exe+6211C0 -- (1) 53 -- push ebx
// [0001/1] ACBSP.exe+6211C1 -- (2) 8B DC -- mov ebx,esp
// [0003/3] ACBSP.exe+6211C3 -- (3) 83 EC 08 -- sub esp,08
// [0006/6] ACBSP.exe+6211C6 -- (3) 83 E4 F0 -- and esp,-10
// [0009/9] ACBSP.exe+6211C9 -- (3) 83 C4 04 -- add esp,04
// [000C/12] ACBSP.exe+6211CC -- (1) 55 -- push ebp
// [000D/13] ACBSP.exe+6211CD -- (3) 8B 6B 04 -- mov ebp,[ebx+04]
// [0010/16] ACBSP.exe+6211D0 -- (4) 89 6C 24 04 -- mov [esp+04],ebp
// [0014/20] ACBSP.exe+6211D4 -- (2) 8B EC -- mov ebp,esp
// [0016/22] ACBSP.exe+6211D6 -- (3) 83 EC 2C -- sub esp,2C
// [0019/25] ACBSP.exe+6211D9 -- (1) 56 -- push esi
// [001A/26] ACBSP.exe+6211DA -- (2) 8B F1 -- mov esi,ecx
// [001C/28] ACBSP.exe+6211DC -- (3) 8B 4E 0C -- mov ecx,[esi+0C]
// [001F/31] ACBSP.exe+6211DF -- (2) 8B 01 -- mov eax,[ecx]
// [0021/33] ACBSP.exe+6211E1 -- (3) 8B 50 64 -- mov edx,[eax+64]
// [0024/36] ACBSP.exe+6211E4 -- (2) FF D2 -- call edx
// [0026/38] ACBSP.exe+6211E6 -- (3) 8B 4E 0C -- mov ecx,[esi+0C]
// [0029/41] ACBSP.exe+6211E9 -- (2) 8B 01 -- mov eax,[ecx]
// [002B/43] ACBSP.exe+6211EB -- (6) 8B 90 84000000 -- mov edx,[eax+00000084]
// [0031/49] ACBSP.exe+6211F1 -- (2) 6A 03 -- push 03
// [0033/51] ACBSP.exe+6211F3 -- (2) FF D2 -- call edx
// [0035/53] ACBSP.exe+6211F5 -- (3) 8B 4E 0C -- mov ecx,[esi+0C]
// [0038/56] ACBSP.exe+6211F8 -- (2) 8B 01 -- mov eax,[ecx]
// [003A/58] ACBSP.exe+6211FA -- (6) 8B 90 A8000000 -- mov edx,[eax+000000A8]
// [0040/64] ACBSP.exe+621200 -- (2) 6A 00 -- push 00
// [0042/66] ACBSP.exe+621202 -- (2) FF D2 -- call edx
// [0044/68] ACBSP.exe+621204 -- (3) 8B 4E 0C -- mov ecx,[esi+0C]
// [0047/71] ACBSP.exe+621207 -- (2) 8B 01 -- mov eax,[ecx]
// [0049/73] ACBSP.exe+621209 -- (6) 8B 90 80000000 -- mov edx,[eax+00000080]
// [004F/79] ACBSP.exe+62120F -- (2) 6A 01 -- push 01
// [0051/81] ACBSP.exe+621211 -- (2) FF D2 -- call edx
// [0053/83] ACBSP.exe+621213 -- (3) 8B 4E 0C -- mov ecx,[esi+0C]
// [0056/86] ACBSP.exe+621216 -- (2) 8B 01 -- mov eax,[ecx]
// [0058/88] ACBSP.exe+621218 -- (6) 8B 90 A0000000 -- mov edx,[eax+000000A0]
// [005E/94] ACBSP.exe+62121E -- (2) 6A 07 -- push 07
// [0060/96] ACBSP.exe+621220 -- (2) FF D2 -- call edx
// [0062/98] ACBSP.exe+621222 -- (3) 8B 4E 0C -- mov ecx,[esi+0C]
// [0065/101] ACBSP.exe+621225 -- (2) 8B 01 -- mov eax,[ecx]
// [0067/103] ACBSP.exe+621227 -- (3) 8B 50 24 -- mov edx,[eax+24]
// [006A/106] ACBSP.exe+62122A -- (2) FF D2 -- call edx
// [006C/108] ACBSP.exe+62122C -- (3) 0F57 C0 -- xorps xmm0,xmm0
// [006F/111] ACBSP.exe+62122F -- (3) 8B 4E 0C -- mov ecx,[esi+0C]
// [0072/114] ACBSP.exe+621232 -- (3) 0F28 C8 -- movaps xmm1,xmm0
// [0075/117] ACBSP.exe+621235 -- (3) 0F28 D0 -- movaps xmm2,xmm0
// [0078/120] ACBSP.exe+621238 -- (3) 0F28 D8 -- movaps xmm3,xmm0
// [007B/123] ACBSP.exe+62123B -- (3) 8D 55 F0 -- lea edx,[ebp-10]
// [007E/126] ACBSP.exe+62123E -- (1) 52 -- push edx
// [007F/127] ACBSP.exe+62123F -- (3) 8D 55 E0 -- lea edx,[ebp-20]
// [0082/130] ACBSP.exe+621242 -- (1) 52 -- push edx
// [0083/131] ACBSP.exe+621243 -- (3) 0F14 C2 -- unpcklps xmm0,xmm2
// [0086/134] ACBSP.exe+621246 -- (3) 0F14 D9 -- unpcklps xmm3,xmm1
// [0089/137] ACBSP.exe+621249 -- (3) 0F14 C3 -- unpcklps xmm0,xmm3
// [008C/140] ACBSP.exe+62124C -- (4) 0F29 45 E0 -- movaps [ebp-20],xmm0
// [0090/144] ACBSP.exe+621250 -- (8) F3 0F10 05 34F68702 -- movss xmm0,[ACBSP.exe+1F7F634] -- [(float)1.0000]
// [0098/152] ACBSP.exe+621258 -- (3) 0F28 C8 -- movaps xmm1,xmm0
// [009B/155] ACBSP.exe+62125B -- (3) 0F28 D8 -- movaps xmm3,xmm0
// [009E/158] ACBSP.exe+62125E -- (3) 0F28 D0 -- movaps xmm2,xmm0
// [00A1/161] ACBSP.exe+621261 -- (3) 0F14 D9 -- unpcklps xmm3,xmm1
// [00A4/164] ACBSP.exe+621264 -- (3) 0F14 C2 -- unpcklps xmm0,xmm2
// [00A7/167] ACBSP.exe+621267 -- (3) 0F14 C3 -- unpcklps xmm0,xmm3
// [00AA/170] ACBSP.exe+62126A -- (4) 0F29 45 F0 -- movaps [ebp-10],xmm0
// [00AE/174] ACBSP.exe+62126E -- (2) 8B 01 -- mov eax,[ecx]
// [00B0/176] ACBSP.exe+621270 -- (6) 8B 80 9C000000 -- mov eax,[eax+0000009C]
// [00B6/182] ACBSP.exe+621276 -- (2) FF D0 -- call eax
// [00B8/184] ACBSP.exe+621278 -- (1) 5E -- pop esi
// [00B9/185] ACBSP.exe+621279 -- (2) 8B E5 -- mov esp,ebp
// [00BB/187] ACBSP.exe+62127B -- (1) 5D -- pop ebp
// [00BC/188] ACBSP.exe+62127C -- (2) 8B E3 -- mov esp,ebx
// [00BE/190] ACBSP.exe+62127E -- (1) 5B -- pop ebx
// [00BF/191] ACBSP.exe+62127F -- (1) C3 -- ret
}
older func dump
Assasin's Creed (2) Revelations
- method identical to to brotherhood.
Code: Select all
[ENABLE]
globalalloc(SAVEBYTES,1,$process) //0x100000
aobscanmodule(INJECT,ACRSP.exe,52 0F 14 C2 0F 14 D9 0F 14 C3 0F 29 45 E0 F3) // should be unique
SAVEBYTES:
readmem(INJECT+E,8)
label(RESTORE_POINT)
registersymbol(RESTORE_POINT)
INJECT+E:
RESTORE_POINT:
nop 8
[DISABLE]
//check reassemble() and STRUCT
RESTORE_POINT:
readmem(SAVEBYTES,8)
{
// ORIGINAL CODE - INJECTION POINT: ACRSP.exe+1796412
ACRSP.exe+17963F7: 8B 50 24 - mov edx,[eax+24]
ACRSP.exe+17963FA: FF D2 - call edx
ACRSP.exe+17963FC: 0F 57 C0 - xorps xmm0,xmm0
ACRSP.exe+17963FF: 8B 4E 0C - mov ecx,[esi+0C]
ACRSP.exe+1796402: 0F 28 C8 - movaps xmm1,xmm0
ACRSP.exe+1796405: 0F 28 D0 - movaps xmm2,xmm0
ACRSP.exe+1796408: 0F 28 D8 - movaps xmm3,xmm0
ACRSP.exe+179640B: 8D 55 F0 - lea edx,[ebp-10]
ACRSP.exe+179640E: 52 - push edx
ACRSP.exe+179640F: 8D 55 E0 - lea edx,[ebp-20]
// ---------- INJECTING HERE ----------
ACRSP.exe+1796412: 52 - push edx <-- start searching AOB String from push
// ---------- DONE INJECTING ----------
ACRSP.exe+1796413: 0F 14 C2 - unpcklps xmm0,xmm2
ACRSP.exe+1796416: 0F 14 D9 - unpcklps xmm3,xmm1
ACRSP.exe+1796419: 0F 14 C3 - unpcklps xmm0,xmm3
ACRSP.exe+179641C: 0F 29 45 E0 - movaps [ebp-20],xmm0
ACRSP.exe+1796420: F3 0F 10 05 44 50 F6 02 - movss xmm0,[ACRSP.exe+2175044] <-- nop, this address {1.0}
ACRSP.exe+1796428: 0F 28 C8 - movaps xmm1,xmm0
ACRSP.exe+179642B: 0F 28 D8 - movaps xmm3,xmm0
ACRSP.exe+179642E: 0F 28 D0 - movaps xmm2,xmm0
ACRSP.exe+1796431: 0F 14 D9 - unpcklps xmm3,xmm1
ACRSP.exe+1796434: 0F 14 C2 - unpcklps xmm0,xmm2
}
Assassin's Creed Chronicles CHINA
.. probably will work on all "Assassin's Creed Chronicles",series
- Select first process
- Open lua engine (go to memory viewer --> Tools --> Lua Engine)
- Paste code to lua engine for Assassin's Creed Chronicles * down below and press "Execute"
Code: Select all
bytes = 4
bytestochange = '4C 8E E3 3F"'
changebytesto = {0xB8,0x1E,0x15,0x40}
print_text = 0
address = AOBScanUnique(bytestochange)
if address==nil
then
if(print_text==1) then print('AOB STRING NOT FOUND') end
return
else
while (address~=nil)
do
address = AOBScanUnique(bytestochange)
if address==nil then
if(print_text==1)then print('AOB STRING CHANGED')end
else
if(print_text==1)then printf("%x",address)end
end
if(print_text==1) then print(readBytes(address,bytes)) end
writeBytes(address,changebytesto)
if(print_text==1) then print(readBytes(address,bytes)) end
end
end
Notes : If you want find health value, then it is in float (form). 1 Health bar == 2 float value.
As well if you lose all your health bars and you re-spawn again, then address health going to reset, ("player base" changes upon death which changes health address location (note this applies when searching player raw values)).
showcase UW Patch
Assassin's Creed 3 Remastered
- Method same as revelations or brotherhood . Paste assembly code and add it to address list.
Code: Select all
[ENABLE]
aobscanmodule(Ultrawide_patch_AOB,ACIII.exe,48 83 EC 18 4C 8B 54 24 40) // should be unique
alloc(newmem,64,Ultrawide_patch_AOB)
label(code return)
{
RCX==
+9d4 = screen width
+9d8 = screen height
..
+14=
..
}
newmem:
mov [rcx+c8],#6 // default locks at 2
code:
sub rsp,18
mov r10,[rsp+40]
jmp return
Ultrawide_patch_AOB:
jmp newmem
nop 4
return:
registersymbol(Ultrawide_patch_AOB)
//..
aobscanmodule(patch2,ACIII.exe,89 90 C8 00 00 00 C3) // should be unique
registersymbol(patch2)
patch2:
ret
//...
aobscanmodule(patch3,ACIII.exe,89 81 C8 00 00 00 F3 0F)
patch3:
movss [rcx+000000D8],xmm1
ret
[DISABLE]
Ultrawide_patch_AOB:
db 48 83 EC 18 4C 8B 54 24 40
unregistersymbol(Ultrawide_patch_AOB)
dealloc(newmem)
//..
patch2:
mov [rax+000000C8],edx
ret
unregistersymbol(patch2)
//...
patch3:
mov [rcx+000000C8],eax
movss [rcx+000000D8],xmm1
ret
unregistersymbol(patch3)
func dump
Assassin's Creed III Liberation Remastered
- Method same as III Remastered. Paste assembly code and add it to address list.
Code: Select all
//...
{
#0 -- perfect centred, with bars removed 21:9
#2 -- black bars (default)
#4 -- makes a bit wider, blackbars still visable on 21:9 (16:10? patch)
#6 -- black bars not visible, but hud shifted off the screen
}
define(Patch,#0)
[ENABLE]
aobscanmodule(UltraWidePatch_AOB,ACLiberation.exe,8B 80 C4 00 00 00 89 02) // should be unique
alloc(newmem,$1,UltraWidePatch_AOB)
label(code)
label(return)
newmem:
{$try}
mov eax,Patch
jmp return
code:
{$except}
mov eax,[rax+000000C4]
jmp return
UltraWidePatch_AOB:
jmp newmem
nop
return:
registersymbol(UltraWidePatch_AOB)
[DISABLE]
UltraWidePatch_AOB:
db 8B 80 C4 00 00 00
unregistersymbol(UltraWidePatch_AOB)
dealloc(newmem)
func dump
In overall you get
from:
to:
23-03-17: Added ultra wide 21:9 patch for AC3 Lib ...
23-03-13: Added Assassin's Creed III Remastered assembly stretch script. i didn't find black bar visibility opcode or at least any related address. probably is hidden somewhere between xmm registers... Stretch and lock script. Note that you Might lose some performance using this. Main menu could look weird/off. That is normal, in-game looks fine.
23-03-12: Quick tweak at Chronicles : China script. Reduced default float value. Added additional info.
23-03-10: Changed ACRSP.exe to $process (Desmond side-story loads from another ACXXX.exe) // Added AC Chronicles China CElua script (...)
23-03-08: added patch for Revelations...
23-11-16: reviewed.