API tools faq
paste
Jo-Milk

How to learn PPC by making a RPC

Jo-Milk
Dec 29th, 2018
449
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.32 KB | None | 0 0
raw download clone embed print report
  1. You can't expect learning something just by reading and observing you must practice to integrate the knowledge. This is how I learned PPC:
  2.  
  3. I first read Modding Tutorials: "Advanced [PowerPC] Author: Bad Luck Brian, PowerPC Lessons, By: Bad Luck Brian".
  4. I Uploaded it here: https://www.mediafire.com/file/2djl9p9u2esmm79/Lessons%5BAdvanced-PPC%5D.pdf/file
  5. Then I also used PPC Compiler By Choco uploaded here: https://www.mediafire.com/file/0es6ry30hv637ob/PPC_Compiler.exe/file
  6. Then I tried making a RPC and uderstand what it did so I ported MW3 FPS RPC by VezahHFH on different cods to practice: https://pastebin.com/uZ7VSfiq
  7.  
  8. /*
  9. * MW3 FPS RPC by VezahHFH!
  10. * This function get written at the FPS Offset 0x027720C and FPS Turned ON
  11. * The offset 0x10050000 is filled with null bytes and that space will be used for setting arguments to the RPC
  12. *Since I don't use C# for a while I always use his Call function it works all cods if you where to change game you might want to change the offset 0x10050000 another null byte area and what function you want to overwrite (so 0x027720C would change) this works all games*/
  13. Put the ppc code in choco PPC compiler to get the bytes tho the syntax is a bit different than what's presented below you must add % in front of registers. Ex:
  14. lis %r28, 0x1005
  15. lwz %r12, 0x48(%r28)
  16. ---------------------------------------------------------------------------------------------------------------------------------------
  17. MW3 FPS RPC by VezahHFH Explained
  18. ---------------------------------------------------------------------------------------------------------------------------------------
  19. /*
  20. lis r28, 0x1005 this instruction should be written in memory at 0x027720C and compiled is equal to 4 bytes 0x3F,0x80,0x10,0x05 r28 = 0x10050000
  21. lwz r12, 0x48(r28) equivalent in C++ to (int r12 = *(int*)0x10050048;) r12 gets 4 bytes from 0x10050048 r28 temporary = 0x10050048
  22. cmpwi r12, 0 compares r12 to 0 HERE r12 is the function we want to call or 0 as we didn't call any functtion in this case jump to the end of the code this changes depending the game
  23. beq 0x74 makes it jump to 0x277290 if r12 = 0 so jump if we didn't call nothing
  24. lwz r3, 0x00(r28) equivalent in C++ to (int r3 = *(int*)0x10050000;) read 4 bytes at 0x10050000 and put in as first argument
  25. lwz r4, 0x04(r28) equivalent in C++ to (int r4 = *(int*)0x10050004;) read 4 bytes at 0x10050004 and put in as 2nd argument
  26. lwz r5, 0x08(r28)
  27. lwz r6, 0x0C(r28)
  28. lwz r7, 0x10(r28)
  29. lwz r8, 0x14(r28)
  30. lwz r9, 0x18(r28)
  31. lwz r10, 0x1C(r28)
  32. lwz r11, 0x20(r28)
  33. lfs f1, 0x24(r28) same thing than above but with float registers so float arguments
  34. lfs f2, 0x28(r28)
  35. lfs f3, 0x2C(r28)
  36. lfs f4, 0x30(r28)
  37. lfs f5, 0x34(r28)
  38. lfs f6, 0x38(r28)
  39. lfs f7, 0x3C(r28)
  40. lfs f8, 0x40(r28)
  41. lfs f9, 0x44(r28)
  42. mtctr r12 move r12 in count register
  43. bctrl jump to count register basically call value stored at 0x10050048
  44. li r4, 0 r4 = 0
  45. stw r4, 0x48(r28) write 4 bytes (should be 4 nullbytes at 0x10050048 to avoid calling same function twice
  46. stw r3, 0x4C(r28) r3 always contain the return value if function returns something so we store it at 0x1005004C
  47. stfs f1, 0x50(r28) if the return is a float it will be written at 0x10050050
  48. b 0x14 jump to end of function this changes depending on the game you can also nop until you reach the end of the branch
  49. */
  50. ready for compiler
  51.  
  52. lis %r28, 0x1005
  53. lwz %r12, 0x48(%r28)
  54. cmpwi %r12, 0
  55. beq 0x74
  56. lwz %r3, 0x00(%r28)
  57. lwz %r4, 0x04(%r28)
  58. lwz %r5, 0x08(%r28)
  59. lwz %r6, 0x0C(%r28)
  60. lwz %r7, 0x10(%r28)
  61. lwz %r8, 0x14(%r28)
  62. lwz %r9, 0x18(%r28)
  63. lwz %r10, 0x1C(%r28)
  64. lwz %r11, 0x20(%r28)
  65. lfs %f1, 0x24(%r28)
  66. lfs %f2, 0x28(%r28)
  67. lfs %f3, 0x2C(%r28)
  68. lfs %f4, 0x30(%r28)
  69. lfs %f5, 0x34(%r28)
  70. lfs %f6, 0x38(%r28)
  71. lfs %f7, 0x3C(%r28)
  72. lfs %f8, 0x40(%r28)
  73. lfs %f9, 0x44(%r28)
  74. mtctr %r12
  75. bctrl
  76. li %r4, 0
  77. stw %r4, 0x48(%r28)
  78. stw %r3, 0x4C(%r28)
  79. stfs %f1, 0x50(%r28)
  80. b 0x14
  81.  
  82. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  83. If interested for a PPC Class and you don't wanna learn by yourself inbox me
  84. Skype: Jo-Milk
  85. Twitter: @jomilk15
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!