Here's some more info, how to trace the
VisualTextComponent elements of the item pane:
break #1: ACOrigins.exe+155B820 (hover mouse over an item; on break, F9 till 2nd break)
then
break #2: ACOrigins.exe+152DBB3 (conditional: R14 == 0x35)
then
break #3: ACOrigins.exe+1520CE0 (conditiona: R14 == 0x35 and R8 == 001500009A713616)
then
Code: Select all
ACOrigins.exe+1520D1F - 48 8B D7 - mov rdx,rdi
ACOrigins.exe+1520D22 - E8 19FDFFFF - call ACOrigins.exe+1520A40 <-- enter here
ACOrigins.exe+1520D27 - 84 C0 - test al,al
then
Code: Select all
ACOrigins.exe+15764D0 - 40 53 - push rbx (RAX = 15; R8 = 001500009A713616; R14 = 0000000000000035)
ACOrigins.exe+15764D2 - 48 83 EC 20 - sub rsp,20 { 32 }
ACOrigins.exe+15764D6 - 8B 02 - mov eax,[rdx]
ACOrigins.exe+15764D8 - 48 8B D9 - mov rbx,rcx
ACOrigins.exe+15764DB - 39 01 - cmp [rcx],eax
ACOrigins.exe+15764DD - 74 1C - je ACOrigins.exe+15764FB
ACOrigins.exe+15764DF - 89 01 - mov [rcx],eax
ACOrigins.exe+15764E1 - 48 83 C1 08 - add rcx,08 { 8 }
ACOrigins.exe+15764E5 - 48 83 39 00 - cmp qword ptr [rcx],00 { 0 }
ACOrigins.exe+15764E9 - 75 07 - jne ACOrigins.exe+15764F2
ACOrigins.exe+15764EB - 48 83 79 08 00 - cmp qword ptr [rcx+08],00 { 0 }
ACOrigins.exe+15764F0 - 74 09 - je ACOrigins.exe+15764FB
ACOrigins.exe+15764F2 - 48 8B 11 - mov rdx,[rcx]
ACOrigins.exe+15764F5 - 48 8B 41 20 - mov rax,[rcx+20]
ACOrigins.exe+15764F9 - FF D0 - call rax
ACOrigins.exe+15764FB - 48 8B C3 - mov rax,rbx
ACOrigins.exe+15764FE - 48 83 C4 20 - add rsp,20 { 32 }
ACOrigins.exe+1576502 - 5B - pop rbx
ACOrigins.exe+1576503 - C3 - ret
then
Code: Select all
ACOrigins.exe+A3FE4D - 48 8D 54 24 40 - lea rdx,[rsp+40]
ACOrigins.exe+A3FE52 - E8 6911B400 - call ACOrigins.exe+1580FC0 <-- enter here
then
Code: Select all
ACOrigins.exe+1581163 - 48 8B C8 - mov rcx,rax
ACOrigins.exe+1581166 - E8 4584EDFF - call ACOrigins.exe+14595B0 <-- enter here (RDX = 00000000000E000A)
then
Code: Select all
ACOrigins.exe+14596AD - 41 8B D7 - mov edx,r15d
ACOrigins.exe+14596B0 - E8 CB000000 - call ACOrigins.exe+1459780 <-- enter here (RDX = 00000000000E000A)
ACOrigins.exe+14596B5 - 84 C0 - test al,al
then
Code: Select all
ACOrigins.exe+1459851 - 4D 85 C0 - test r8,r8 <-- R8 = 000000006E2564E6
ACOrigins.exe+1459854 - 0F84 49060000 - je ACOrigins.exe+1459EA3
ACOrigins.exe+145985A - 41 8B C2 - mov eax,r10d
ACOrigins.exe+145985D - 2B C7 - sub eax,edi
then
Code: Select all
ACOrigins.exe+14599B2 - 41 0FB6 1F - movzx ebx,byte ptr [r15] <-- first offset
ACOrigins.exe+14599B6 - 49 FF C7 - inc r15
ACOrigins.exe+14599B9 - 66 41 3B DD - cmp bx,r13w
..
..
ACOrigins.exe+14599F6 - 66 FF C3 - inc bx
ACOrigins.exe+14599F9 - 45 33 ED - xor r13d,r13d
ACOrigins.exe+14599FC - 0F1F 40 00 - nop [rax+00]
ACOrigins.exe+1459A00 - 0FB7 C3 - movzx eax,bx <--
ACOrigins.exe+1459A03 - 45 0FB7 34 84 - movzx r14d,word ptr [r12+rax*4] <--
ACOrigins.exe+1459A08 - 41 0FB7 74 84 02 - movzx esi,word ptr [r12+rax*4+02]
All the above, reduced to 2 breaks:
Code: Select all
ACOrigins.exe+14596AD - 41 8B D7 - mov edx,r15d
ACOrigins.exe+14596B0 - E8 CB000000 - call ACOrigins.exe+1459780
ACOrigins.exe+14596B5 - 84 C0 - test al,al
Code: Select all
ACOrigins.exe+1459E2A - 8B 45 1B - mov eax,[rbp+1B] // check RCX in memory :P
ACOrigins.exe+1459E2D - C1 E8 1E - shr eax,1E { 30 }
ACOrigins.exe+1459E30 - A8 01 - test al,01 { 1 }
ACOrigins.exe+1459E32 - 74 2F - je ACOrigins.exe+1459E63
ACOrigins.exe+1459E34 - 48 8B 5D 0F - mov rbx,[rbp+0F]
ACOrigins.exe+1459E38 - 48 85 DB - test rbx,rbx