Jump to content

A test about injecting animations from outside

moiennepe

Recommended Posts

moiennepe

moiennepe

Posted
Posted

Here is a test about replacing VV's 25 ( bone? animation? ) matrices with a external program.
We use the motion recorded from gacha showering scene ( something you see through the frosted glass, not those wmv videos ) for this example.
rezo5.jpg.a90e895f86c0d92c376ab019526b078c.jpg

 

 

Spoiler

rezo6.jpg.9b9b4113e01426bd051550b8492cd8f7.jpg

 

rezo7.jpg.fda35c4a305c293c7e83b34c03e0227e.jpg

 

rezo8.jpg.f85848ec6dcd978dd3a6b0db7a51ef35.jpg

 

 

Few reasons we use calculated matrices for the injection instead of other easy-to-understand rotation/translation forms, or modifying real mpms:

 

1. Modifying mpm is not so handy unless you use decompressed assets, and apparently some of you don't like that ( worry about getting banned, not compatible with KT's stupid update patches .etc ).
( Although I think you really have better to make other vertices/texture mods directly to the assets, instead of doing that in drawcall hooks )
Also there's no automation tool for vv's mpm now, at least in the public.

 

2. These 25 matrices ( MOT00_Hips ... MOT20_RightToe + 4 dummies ) are stored in some even-monkeys-can-manipulate static global variables.
It will be convenient for adopting this to those drawcall hook libs which you are familiar with.

 

3. Modifying / creating new animations with matrices may be a bit harder, but not totally impossible, only if you are familiar with 3D animation matrix manipulations like this:

3Dtransformations.png.d07ca45f11cec86956ab447e97763e4f.png

( D3D uses transposed mat )
Also matrices can do not only rotating and translating, but also scaling and shearing, those may be useful in special cases.

 

 


If you want to run this test, first you have to patch the executable with something like CFF Explorer:
dbg5.jpg.00092fb5810dede7274b4739ad28f490.jpg
Or hex edit 0x166 to 23:

dbg6.jpg.d79eaa97ef47a0050cf6fc10c6d03b1d.jpg
( Because the WriteProcessMemory-way injection in this test is just a temporary solution, I don't waste time on dealing with those ASLR stuffs )

 

 

Launch the game, write down its PID, which shows in some process manager:

rezo4.jpg.ebeb8fa1f73f2933ffffe2d5b2c89f1e.jpg

 

 

Compile and run motinj.exe, enter the PID you got from previous step.

 

If you see now your character disappeared, click the photoshoot mode button, switch the background to studio or bathroom, then you can see the test result we show above.

 

 

 

Now close motinj.exe, you will see the girl freezes into some pose like in "timestop" mode.
Something different is, you can still harass her, she still will get blush .etc, and her lips/brow,  ie. OPT_* bones (facial, fingers), can still move.

 

Restart the game if you want to do anything else.

 

motinj.7z

 

 

Things inside the 7z pack is:
motinj.cs : injector source.
memutil.dll : some worthless WriteProcessMemory stuff.
mot.mtx : dumped animation, bath animation in the pack.


==============

See comments in motinj.cs if you want to apply it to girl 2 / non-main-girl ( any non main girl uses girl 2 slot, even there's only one girl on the screen ) or control its speed.

 

Some details about those 25 matrices:

 

It's 4x4 mat in 32bit float, so 0x640 a frame total.

 

When all 25 matrices are Identity mat, you will get something like this:

rezo3.jpg.5124e9685378d34b258f81649325c8ed.jpg

 

 

(a dick monster)

 

Spoiler
rezo4.jpg.a0abdb6893101e9ef9f484f3b3e92e5a.jpg
 

 

Tweaking them by hand will only produce some disturbing results like this, you have to do real math for real pose/animation editing.

 

 

Here's also a mot dumped from tamaki 8th gravure:
rezo10.jpg.3ce547adc2183bfc473825ca291831f3.jpg
 

 

tmk8th.7z

 

mot.mtx_orig is the untouched dump.
mot.mtx move the coordinate to 0,?,0.

 

Again, this shouldn't be the permanent solution. The real one should hook into those mpm calc funcs, and that will be less resources waste and thread-safe.

 

Link to comment

moiennepe

moiennepe

Posted
  • Author
Posted
22 minutes ago, minazuki said:

Is it hard to record a motion by myself?

Thanks for the bump.
I've explained that awkward method ( for mat recording ) I currently use in the club post.
And that is useless for them if they are even afraid to remove that ASLR byte in executable...

Link to comment
Dragonplayеr62

Dragonplayеr62

Posted
Posted
2 hours ago, moiennepe said:

Thanks for the bump.
I've explained that awkward method ( for mat recording ) I currently use in the club post.
And that is useless for them if they are even afraid to remove that ASLR byte in executable...

Buddy, what about the creation of an offline version DOAX VV? And why did you delete your thread about this? It was very helpful.

Thank you.

Link to comment
moiennepe

moiennepe

Posted
  • Author
Posted
33 minutes ago, Dragonplayеr62 said:

Buddy, what about the creation of an offline version DOAX VV? And why did you delete your thread about this? It was very helpful.

Thank you.

Not me, ask the God ( or plural, Elohim ) on this forum.
Also you can run those things in this thread no matter using emu or not.

Link to comment
Dark7543

Dark7543

Posted
Posted
5 hours ago, Dragonplayеr62 said:

Buddy, what about the creation of an offline version DOAX VV? And why did you delete your thread about this? It was very helpful.

Thank you.

This thread was deleted by moderators. :( 

 

4 hours ago, moiennepe said:

Not me, ask the God ( or plural, Elohim ) on this forum.
Also you can run those things in this thread no matter using emu or not.

Please give us a link to your project. Many didnt have time to download it. I remember that there was a link to Mega.
Offline version is very promising  Keep up the great work!

 

Link to comment
moiennepe

moiennepe

Posted
  • Author
Posted
3 hours ago, daydreamer250 said:

That's promising, can you create a blender plugin for the animation dump file? I am thinking to import MMD animations.

I'm not so familiar with 3d modeling softwares.
And in my ignorance, I haven't seen a plugin or something that export animations in matrices yet...

Link to comment
itasou

itasou

Posted
Posted
On 5/9/2019 at 10:31 PM, moiennepe said:

Thanks for the bump.
I've explained that awkward method ( for mat recording ) I currently use in the club post.
And that is useless for them if they are even afraid to remove that ASLR byte in executable...

what is club???

Link to comment
moiennepe

moiennepe

Posted
  • Author
Posted
7 hours ago, daydreamer250 said:

Hi, is that possible I can create an animation dump from DOA5LR and migrate it to DOAXVV. The bones should be the same. I am going to try this one first.

 

 

 

 

Dumped some mots from doa5
motdoa5.7z

rezo20.jpg.5920a06c63e1a940c05cb3b45b34e350.jpg

( Coordinates not modified, open the odekake panel if you can't find / can't follow your character )

You are right their bone structure are the same.

But I don't know what that in your video is, I install doa5 today and never play it before.

 

53 minutes ago, itasou said:

what is club???

Ask minazuki about the club.
Only those had emu setted up are allowed.
And mostly technical things there, not much for leechers.

Link to comment
moiennepe

moiennepe

Posted
  • Author
Posted
On 5/12/2019 at 11:57 PM, daydreamer250 said:

Wow, that awesome. The dancing animation is my WIP and I will give it a try to create a dump file from it. Do you have a little bit more details about how to create dumps?

I spent some time on considering a easier way to do the dump.


Dump itself is relatively easy, just put BP like the picture on 700dd9 or 700E86
dbg7.jpg.fdaabde73b582da27580050a0bb2d41b.jpg
the "command text" box is savedata m\{u:$breakpointcounter}, 0x13C92E0,0x600 .
m is a folder under x32dbg root directory.
Sometimes 700dd9 can get data, sometimes 700E86 can. All addresses above base on game.exe v1.10c final.


After you get matrices dumps, delete all the duplicates in them ( with eg. Duplicate Cleaner 2.1 ), and concat them with some prog
( becasue doa5 mats length is 0x600, not 0x640 in VV, so you have to fill that 0x40 gap by some means )

 

Not sure if it will work when some hooks ( dinput8.dll, d3d9.dll .etc ) exist.

 

The thing annoying is, game.exe is on steam and has a steam-drm packer, and also has ASLR.

It may be not so easy for amateurs to remove that....

 

What I am using now is a heavily modified one, it uses assets under Z\*.b instead of *.lnk

Spoiler

dbg8.jpg.42c65cb801461c78e48d8c7e827e07f0.jpg

 

https://mega.nz/#!vygUSCxK!nFWnrIfKt5kt5N0WB9cega5lPa5Bp-I0hyzLQZ4ZScM

Don't know if it can be some help for you to modify the executable for yourself...

Link to comment
moiennepe

moiennepe

Posted
  • Author
Posted

Porting doa5 mpm to VV is much simpler than I expected.

rezo55.jpg.09e6332c54095e70f8d79d95ea81c163.jpg

Spoiler

Ported from _Movie\ParvateParadise\DOAHDM\AYANE_0440\AYANE\AYANE.MPM

 

rezo57.jpg.ceb97012865a44ac3801941126b8501d.jpg

rezo56.jpg.7c9329f941f1cb3c80ebfcc9b1a19e2d.jpg

rezo53.jpg.2cf039be8d9ed016094065940d3c2a60.jpg

rezo54.jpg.e5b10bec7f79870abdaca193fbbaaed8.jpg

rezo52.jpg.80bb310fa617ef0f2335254d8faf1834.jpg

rezo51.jpg.c9ba1549694e832fb4ed6efc464cc302.jpg

 

rezo50.jpg

Though I am completely ignorant about the data structures in char_dat 2nd~6th segments...
( Try searching around internet, all I can find are some script-kiddie's "tutorials", none of them has explanations on the data fields... )

 

Here's some code to split doa5 4-parts mpm to 3 individual mpms ( body + facial +2 hands ) for vv,
and convert the anim indices, timeline indices (?)  in char_dat 1st segment from int32 to int64.

mpmlr2vv.rar

Link to comment
  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

View Community Rules

Help Support LoversLab

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. For more information, see our Privacy Policy & Terms of Use