[Feature Request] Adding the ability to load more than 1 EEPK for character auras

[Dee-Ayy]

So recently I found that I can make the game load more Entry 0 EEPKs in battle and use them for character auras. All addresses are with the latest xv2 update exe.

This section of code controls what EEPKs to load in battle from the vfx_spec.ers (normally only the ones with IDs 0,1,2,and 6) by testing again esi which is set to value 0x47.

DBXV2.exe+150602 - 85 DE - test esi,ebx DBXV2.exe+150604 - 74 20 - je DBXV2.exe+150626 DBXV2.exe+150606 - C7 44 24 28 01000000 - mov [rsp+28],00000001 DBXV2.exe+15060E - C7 44 24 20 01000000 - mov [rsp+20],00000001 DBXV2.exe+150616 - 45 33 C9 - xor r9d,r9d DBXV2.exe+150619 - 44 8B C7 - mov r8d,edi DBXV2.exe+15061C - 33 D2 - xor edx,edx DBXV2.exe+15061E - 48 8B CD - mov rcx,rbp DBXV2.exe+150621 - E8 BAF06F00 - call DBXV2.exe+84F6E0 DBXV2.exe+150626 - FF C7 - inc edi DBXV2.exe+150628 - D1 C3 - rol ebx,1 DBXV2.exe+15062A - 83 FF 07 - cmp edi,07 DBXV2.exe+15062D - 7C D3 - jl DBXV2.exe+150602

One method to expand this would just be to nop the instruction at DBXV2.exe+150604 which would make the game load every eepk defined in the Entry 0 section of the vfx_spec.ers.

In my experimentation I added more code past instruction at DBXV2.exe+15062D like so

mov edi,00000050 mov [rsp+28],00000001 mov [rsp+20],00000001 xor r9d,r9d mov r8d,edi xor edx,edx mov rcx,rbp call DBXV2.exe+84F6E0 inc edi cmp edi,5B jl DBXV2.exe+1967A5E jmp DBXV2.exe+15062F

I set edi to 0x50 and do the normal set of instructions but without the testing against esi, only continuing to the mormal code set once edi becomes 0x5B. What this accomplishes is loading the normal set of EEPKS in battle (0, 1, 2, and 6) in addition to EEPKS with IDs 80-89.

The second part that makes this work is giving the game the ability to use a different EEPKs for auras in the first place. By default it is hard set to use the EEPK with ID 1 for Aura's (BTL_AURA.eepk) and the code that handles it is here

DBXV2.exe+EBEAD - 39 43 0C - cmp [rbx+0C],eax DBXV2.exe+EBEB0 - 75 1C - jne DBXV2.exe+EBECE DBXV2.exe+EBEB2 - B8 10000000 - mov eax,00000010 DBXV2.exe+EBEB7 - 66 89 84 24 88000000 - mov [rsp+00000088],ax DBXV2.exe+EBEBF - 48 8B 03 - mov rax,[rbx] DBXV2.exe+EBEC2 - 8B 48 44 - mov ecx,[rax+44] DBXV2.exe+EBEC5 - FF C1 - inc ecx DBXV2.exe+EBEC7 - 89 8C 24 94000000 - mov [rsp+00000094],ecx DBXV2.exe+EBECE - 45 33 C0 - xor r8d,r8d DBXV2.exe+EBED1 - 48 8D 54 24 40 - lea rdx,[rsp+40] DBXV2.exe+EBED6 - 41 B9 01000000 - mov r9d,00000001 DBXV2.exe+EBEDC - 48 8B CF - mov rcx,rdi DBXV2.exe+EBEDF - 85 F6 - test esi,esi DBXV2.exe+EBEE1 - 74 07 - je DBXV2.exe+EBEEA

The instruction at DBXV2.exe+EBED6 setting r9d to 1 is what controls the EEPK to use for effect Ids read form the Aura_setting.aur file. To get around and expand this I make use of a code cave and an unused int in the aura_setting.aur file. I replace the instruction at DBXV2.exe+EBEB2 to jump to my code cave with this code

DBXV2.exe+1967A8A - 3B 43 0C - cmp eax,[rbx+0C] DBXV2.exe+1967A8D - 74 0A - je DBXV2.exe+1967A99 DBXV2.exe+1967A8F - B8 10000000 - mov eax,00000010 DBXV2.exe+1967A94 - E9 1E4478FE - jmp DBXV2.exe+EBEB7 DBXV2.exe+1967A99 - 50 - push rax DBXV2.exe+1967A9A - 51 - push rcx DBXV2.exe+1967A9B - 52 - push rdx DBXV2.exe+1967A9C - 48 31 D2 - xor rdx,rdx DBXV2.exe+1967A9F - 8B 51 0C - mov edx,[rcx+0C] DBXV2.exe+1967AA2 - 48 6B C0 10 - imul rax,rax,10 DBXV2.exe+1967AA6 - 48 01 D1 - add rcx,rdx DBXV2.exe+1967AA9 - 48 01 C1 - add rcx,rax DBXV2.exe+1967AAC - 81 79 04 00000000 - cmp [rcx+04],00000000 DBXV2.exe+1967AB3 - 75 05 - jne DBXV2.exe+1967ABA DBXV2.exe+1967AB5 - 5A - pop rdx DBXV2.exe+1967AB6 - 59 - pop rcx DBXV2.exe+1967AB7 - 58 - pop rax DBXV2.exe+1967AB8 - EB D5 - jmp DBXV2.exe+1967A8F DBXV2.exe+1967ABA - 44 8B 49 04 - mov r9d,[rcx+04] DBXV2.exe+1967ABE - 5A - pop rdx DBXV2.exe+1967ABF - 59 - pop rcx DBXV2.exe+1967AC0 - 58 - pop rax DBXV2.exe+1967AC1 - B8 10000000 - mov eax,00000010 DBXV2.exe+1967AC6 - 66 89 84 24 88000000 - mov [rsp+00000088],ax DBXV2.exe+1967ACE - 48 8B 03 - mov rax,[rbx] DBXV2.exe+1967AD1 - 8B 48 44 - mov ecx,[rax+44] DBXV2.exe+1967AD4 - FF C1 - inc ecx DBXV2.exe+1967AD6 - 89 8C 24 94000000 - mov [rsp+00000094],ecx DBXV2.exe+1967ADD - 45 31 C0 - xor r8d,r8d DBXV2.exe+1967AE0 - 48 8D 54 24 40 - lea rdx,[rsp+40] DBXV2.exe+1967AE5 - E9 F24378FE - jmp DBXV2.exe+EBEDC

So the basics of what this does is that while checking the aura_setting.aur file normally for the aura Ids, I also check the unused 4 bytes after the Aura id (genser lables this as "unknow_0") and use it as the ID for which EEPK to use for the effect IDs defined in the aura entry. If it's 0 then it will load the normal BTL_AURA.eepk, otherwise if it is any greater number then it'll load the Type 0 EEPK with that ID.

I've done some light testing and things seems to be well with no obvious bugs or errors. In my tests i use EEPKs with IDs 80-89 for this but that can be expanded or changed to be any number. i just thought an addition 10 was a good testing point. it's also good to note that the game doesn't hang if not all of those EEPKs are defined. I've seen every now again that users have trouble with aura mods because of the limited space available in the BTL_AURA.eepk to add effects to which grows worse each update. the devs may at some point create a BTL_AURA2.eepk if things continue, but i think giving users the ability to use far more than 1 or 2 EEPKs for aura is good.

[eterniti]

Implemented in 4.3. I will leave the issue open until is tested (specially the second part will need some test)

[Dee-Ayy]

Oh thanks again, but a quick question: Is there a limit of 10 new EEPKs like in my test concept, or is there in theory almost no limit?

[eterniti]

I added range 80-90, but I guess I could change it to include more.

[Dee-Ayy]

Ah, I was mostly curious because it wasn't stated in your response and I had stated that in theory any number could be added. I myself feel like 10 is fine, but I'll leave it up to you if more should be added.