Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/angelballay/pes6_game_physics_mod/llms.txt

Use this file to discover all available pages before exploring further.

The PES6 Game Physics Mod is a Win32 DLL that injects itself into the pes6.exe process and intercepts the game’s pass physics integrator through two x86 JMP hooks. When the DLL is loaded, DllMain spawns a background monitor thread (MainThread) that waits one second for the game to settle, resolves the executable base address via GetModuleHandleA, and then installs both hooks in sequence. From that point forward, every pass event flows through a pipeline: Hook A captures the passer and receiver memory pointers along with their grid-cell coordinates, Hook B intercepts the EDI register that carries the raw pass power value, delegates the value to CalculateModifiedEDI(), and feeds the result into the game’s original call_78020 ball-writing routine. A hotkey polling thread (HotkeyToggle) allows toggling the entire system at runtime with Ctrl+Shift+P, and an optional Kitserver D3D Present hook renders an on-screen status message when that overlay is available.

Module layout

ModuleResponsibility
dllmain.cppDLL entry point; spawns MainThread, installs both hooks via InstallContextHook / InstallPowerHook, enables the mod, starts HotkeyToggle, and runs the 1-second monitor loop that logs context and power events
PassContextHook A at pes6.exe+1A5905 — captures ESI (passer) and EDX (receiver) into g_savedPasser / g_savedReceiver, increments g_ctxCount, and provides ReadPassContextDistance / ReadPassGeometryDot for geometry queries
PassPowerHook B at pes6.exe+1A637B — saves EDI, calls CalculateModifiedEDI() via cdecl, restores computed EDI, runs the original call_78020 push sequence, then restores the original EDI
PassPowerConfigDefines the PassPowerConfig struct and the global g_passConfig instance holding all tuning parameters: inertia band limits, distance boost lookup tables, soft-floor targets, awkward-angle rescue thresholds, and EDI caps
MemoryPatchProvides CheckBytes() for pre-install byte validation and WriteJump() for writing a relative 0xE9 JMP patch with NOP padding and FlushInstructionCache
ModStateThread-safe on/off toggle backed by InterlockedExchange (writes) and InterlockedCompareExchange (reads); when enabled, sets ball mass at 0x00B8AE70 to 198.0f; when disabled, resets to 188.0f
HotkeyToggleBackground thread that polls GetAsyncKeyState for Ctrl+Shift+P and calls TogglePhysicsModEnabled()
KitserverOverlayOptional hook into the Kitserver D3D Present chain; renders an on-screen message indicating whether the mod is active
LoggerFile-append debug log; used by all modules via WriteLog / LogFormat

Data flow

1

Pass event fired

PES6 executes the pass initiation code path at pes6.exe+1A5905. The CPU arrives at the hooked site with ESI pointing to the passer’s memory structure and EDX pointing to the receiver’s structure.
2

Hook A — context capture

Hook_Context_1A5905 stores ESIg_savedPasser and EDXg_savedReceiver, increments g_ctxCount, calls LogPassGeometryOnly (debug only), then re-executes the original call pes6.exe+1A1570 and mov ebx, eax before jumping back to pes6.exe+1A590C.
3

Geometry available

The monitor thread (and later CalculateModifiedEDI) can now call ReadPassContextDistance to obtain the Manhattan grid-cell distance, and ReadPassGeometryDot to obtain the normalized dot product between the pass direction vector and the ball-relative-to-passer vector.
4

Hook B — power interception

When PES6 reaches pes6.exe+1A637B, EDI holds the raw pass power value. Hook_Power_1A637B saves EDI, pushes it as the sole argument, and calls CalculateModifiedEDI() via the cdecl calling convention.
5

CalculateModifiedEDI()

Classifies the situation (mod enabled check, ball inertia band, strong-pass threshold, context freshness, distance, geometry) and returns a rescaled power value. All boosts are additive; the value is never reduced below ediOriginal.
6

Ball modification via call_78020

The hook loads the computed EDI into the register, executes the original push sequence (push 00 / push ebp / push edi / push eax / push esi / call g_call_78020) which writes the pass power into ball+0x50, then restores the original EDI and jumps to pes6.exe+1A6386.

Subsystems

Hook Pipeline

Two naked-assembly JMP hooks — one at +1A5905 for context capture, one at +1A637B for power interception — form the backbone of the entire mod. Neither hook modifies game state beyond the EDI value used by call_78020.

PassContext

Reads player cell coordinates at +0x204 / +0x205 for Manhattan distance, logic positions at +0xE0/E4/E8 for real-world geometry, and the ball base via [pes6.exe+7CCE94] for dot-product direction analysis.

PassPower & Config

CalculateModifiedEDI orchestrates inertia classification, distance boost lookup tables, soft floors, and awkward-angle rescue paths. All numeric constants live in g_passConfig for easy tuning without recompilation.

MemoryPatch

CheckBytes validates every expected byte before touching memory. WriteJump sets PAGE_EXECUTE_READWRITE, writes the 0xE9 opcode plus a 32-bit relative offset, pads remaining bytes with 0x90 NOPs, flushes the instruction cache, and restores the original page protection.

ModState

A single volatile LONG protected by InterlockedExchange (writes) and InterlockedCompareExchange (reads) provides a lock-free enabled/disabled flag. Toggling also writes a new ball mass float (198.0f / 188.0f) directly into the game’s physics memory at 0x00B8AE70.

HotkeyToggle & Overlay

A dedicated polling thread watches for the Ctrl+Shift+P chord and flips ModState. The optional Kitserver overlay hook surfaces the current mod state on-screen during gameplay without requiring a log viewer.

Build docs developers (and LLMs) love