quisquous · quisquous · Apr 13, 2022 · Apr 13, 2022
diff --git a/plugin/CactbotEventSource/FFXIVProcess.cs b/plugin/CactbotEventSource/FFXIVProcess.cs
@@ -375,7 +375,7 @@ internal IntPtr ReadIntPtr(IntPtr addr) {
     /// <param name="offset">The offset from the end of the found pattern to read a pointer from the process memory.</param>
     /// <param name="rip_addressing">Uses x64 RIP relative addressing mode</param>
     /// <returns>A list of pointers read relative to the end of strings in the process memory matching the |pattern|.</returns>
-    internal List<IntPtr> SigScan(string pattern, int offset, bool rip_addressing) {
+    internal List<IntPtr> SigScan(string pattern, int pattern_offset, bool rip_addressing, int rip_offset = 0) {
       List<IntPtr> matches_list = new List<IntPtr>();
 
       if (pattern == null || pattern.Length % 2 != 0) {
@@ -412,7 +412,7 @@ internal List<IntPtr> SigScan(string pattern, int offset, bool rip_addressing) {
 
         IntPtr num_bytes_read = IntPtr.Zero;
         if (NativeMethods.ReadProcessMemory(process_.Handle, read_start_addr, read_buffer, read_size, ref num_bytes_read)) {
-          int max_search_offset = num_bytes_read.ToInt32() - pattern_array.Length - Math.Max(0, offset);
+          int max_search_offset = num_bytes_read.ToInt32() - pattern_array.Length - Math.Max(0, pattern_offset);
           // With RIP we will read a 4byte pointer at the |offset|, else we read an 8byte pointer. Either
           // way we can't find a pattern such that the pointer we want to read is off the end of the buffer.
           if (rip_addressing)
@@ -434,17 +434,17 @@ internal List<IntPtr> SigScan(string pattern, int offset, bool rip_addressing) {
             if (found_pattern) {
               IntPtr pointer;
               if (rip_addressing) {
-                Int32 rip_ptr_offset = BitConverter.ToInt32(read_buffer, search_offset + pattern_array.Length + offset);
+                Int32 rip_ptr_offset = BitConverter.ToInt32(read_buffer, search_offset + pattern_array.Length + pattern_offset);
                 Int64 pattern_start_game_addr = read_start_addr.ToInt64() + search_offset;
-                Int64 pointer_offset_from_pattern_start = pattern_array.Length + offset;
-                Int64 rip_ptr_base = pattern_start_game_addr + pointer_offset_from_pattern_start + 4;
+                Int64 pointer_offset_from_pattern_start = pattern_array.Length + pattern_offset;
+                Int64 rip_ptr_base = pattern_start_game_addr + pointer_offset_from_pattern_start + 4 + rip_offset;
                 // In RIP addressing, the pointer from the executable is 32bits which we stored as |rip_ptr_offset|. The pointer
                 // is then added to the address of the byte following the pointer, making it relative to that address, which we
                 // stored as |rip_ptr_base|.
                 pointer = new IntPtr((Int64)rip_ptr_offset + rip_ptr_base);
               } else {
                 // In normal addressing, the 64bits found with the pattern are the absolute pointer.
-                pointer = new IntPtr(BitConverter.ToInt64(read_buffer, search_offset + pattern_array.Length + offset));
+                pointer = new IntPtr(BitConverter.ToInt64(read_buffer, search_offset + pattern_array.Length + pattern_offset));
               }
               matches_list.Add(pointer);
             }

diff --git a/plugin/CactbotEventSource/FFXIVProcessIntl.cs b/plugin/CactbotEventSource/FFXIVProcessIntl.cs
@@ -97,12 +97,13 @@ public FFXIVProcessIntl(ILogger logger) : base(logger) { }
     private static int kCharmapStructOffsetPlayer = 0;
 
     // In combat boolean.
-    // Variable seems to be set in two places:
-    // * mov [rax+rcx],bl line (on its own, with a calling function that sets rax(offset) and rcx(base address); the old way)
-    // * mov [address],eax line (this signature here)
-    private static String kInCombatSignature = "4889742420574883EC200FB60233F68905";
-    private static int kInCombatSignatureOffset = 0;
+    // This address is written to by "mov [rax+rcx],bl" and has three readers.
+    // This reader is "cmp byte ptr [ffxiv_dx11.exe+????????],00 { (0),0 }"
+    private static String kInCombatSignature = "803D????????000F95C04883C428";
+    private static int kInCombatSignatureOffset = -12;
     private static bool kInCombatSignatureRIP = true;
+    // Because this line is a cmp byte line, the signature is not at the end of the line.
+    private static int kInCombatRipOffset = 1;
 
     // Bait integer.
     // Variable is accessed via a cmp eax,[...] line at offset=0.
@@ -147,7 +148,7 @@ internal override void ReadSignatures() {
         job_data_outer_addr_ = IntPtr.Add(p[0], kJobDataOuterStructOffset);
       }
 
-      p = SigScan(kInCombatSignature, kInCombatSignatureOffset, kInCombatSignatureRIP);
+      p = SigScan(kInCombatSignature, kInCombatSignatureOffset, kInCombatSignatureRIP, kInCombatRipOffset);
       if (p.Count != 1) {
         logger_.LogError(Strings.InCombatSignatureFoundMultipleMatchesErrorMessage, p.Count);
       } else {