MemoryPatch provides three utility functions used byDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/angelballay/pes6_game_physics_mod/llms.txt
Use this file to discover all available pages before exploring further.
InstallContextHook and InstallPowerHook. WriteJump and WriteFloat call VirtualProtect to temporarily make target memory writable before writing and restore the original page protection immediately after. CheckBytes does not modify memory — it validates the target bytes inside a Win32 SEH __try/__except block without altering page permissions.
Functions
CheckBytes
count bytes starting at address and compares them byte-by-byte against the expected array. Returns true only if every byte matches exactly.
If any byte differs, LogFormat records the address, byte index, expected value, and actual value before returning false. The entire body runs inside a Win32 SEH __try/__except block — if the target address is not mapped or is otherwise unreadable, the exception is caught, an error is logged, and the function returns false safely.
You must call CheckBytes before WriteJump to confirm the binary version of pes6.exe contains the byte sequence the hook was written against. A mismatch means the game has been patched or a different version is running, and writing a jump to an unvalidated address would corrupt the process.
WriteJump
0xE9 + 4-byte relative offset) at source that redirects execution to destination. Any bytes from offset 5 through length - 1 are filled with 0x90 (NOP) to safely consume the remainder of the original instruction sequence.
Parameters
The absolute virtual address in the PES6 process where the JMP will be written. Must point to the first byte of the instruction sequence being replaced.
The address of the hook function (
Hook_Context_1A5905 or Hook_Power_1A637B). The 4-byte relative offset is calculated as (int32_t)(dst - src - 5), where dst = (uintptr_t)destination and src = source.Total number of bytes to overwrite at
source. Must be >= 5. The context hook passes 7; the power hook passes 11.false if length < 5 or if VirtualProtect fails; true on success.
Implementation:
FlushInstructionCache is called for the patched region to ensure the CPU instruction pipeline does not retain stale pre-decoded instructions.
NOP padding is critical when the target instruction sequence is longer than 5 bytes. The context hook (
InstallContextHook) replaces a 7-byte sequence, leaving 2 NOP bytes after the JMP. The power hook (InstallPowerHook) replaces an 11-byte sequence, leaving 6 NOP bytes. Without padding, partial bytes from the old instructions would be interpreted as new opcodes when control falls through from an unexpected path.WriteFloat
address using VirtualProtect to temporarily unlock the page. Used by ModState to patch the ball mass value at the hardcoded address BALL_MASS_ADDRESS = 0x00B8AE70.
Parameters
The absolute virtual address to write to. For ball mass, this is
0x00B8AE70.The float value to write. ModState writes
198.0f when the mod is enabled and 188.0f when disabled.false if VirtualProtect fails; true on success.