API tools faq
paste
Advertisement
ScriptzMoDz

COD4/WAW RPC [C#]

ScriptzMoDz
Aug 23rd, 2014
268
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.42 KB | None | 0 0
raw download clone embed print report
  1. #region CallFunction
  2.  
  3. static uint function_address;
  4.  
  5. public static int Init()
  6. {
  7. function_address = Get_func_address();
  8. if (function_address == 0) return -1;
  9. Enable_RPC();
  10. return 0;
  11. }
  12.  
  13. public static uint Get_func_address()
  14. {
  15. for (uint i = 0x32F1FC; i < 0x1000000; i += 4)
  16. {
  17. byte[] bytes = Ghosts.GetMemory(i, 8);
  18. if (((bytes[0] == 0xF8) && (bytes[1] == 0x01) && (bytes[2] == 0x1F) && (bytes[3] == 0x38) && (bytes[4] == 0x4B) && (bytes[5] == 0xFF) && (bytes[6] == 0xF1) && (bytes[7] == 0xB8)))
  19. {
  20. return i + 0xC;
  21. }
  22. }
  23. return 0;
  24. }
  25.  
  26. public static void Enable_RPC()
  27. {
  28. /*
  29.  
  30. Here is the PPC function that gets written into memory, at the address of the fog function
  31.  
  32. stdu r1, -0x70(r1)
  33. mflr r0
  34. std r0, 0x80(r1)
  35. lis r3, 0x1005
  36. lwz r12, 0x4C(r3)
  37. cmpwi r12, 0
  38. beq 0x64 #local return
  39. lwz r4, 4(r3)
  40. lwz r5, 8(r3)
  41. lwz r6, 0xC(r3)
  42. lwz r7, 0x10(r3)
  43. lwz r8, 0x14(r3)
  44. lwz r9, 0x18(r3)
  45. lwz r10, 0x1C(r3)
  46. lwz r11, 0x20(r3)
  47. lfs f1, 0x24(r3)
  48. lfs f2, 0x28(r3)
  49. lfs f3, 0x2C(r3)
  50. lfs f4, 0x30(r3)
  51. lfs f5, 0x34(r3)
  52. lfs f6, 0x38(r3)
  53. lfs f7, 0x3C(r3)
  54. lfs f8, 0x40(r3)
  55. lfs f9, 0x48(r3)
  56. lwz r3, 0(r3)
  57. mtctr r12
  58. bctrl
  59. lis r4, 0x1005
  60. li r5, 0
  61. stw r5, 0x4C(r4)
  62. lwz r3, 0x50(r4)
  63. ld r0, arg_80(r1) #here's what the local return branch goes to
  64. mtlr r0
  65. addi r1, r1, 0x70
  66. blr
  67.  
  68. */
  69.  
  70. Lib.SetMemory(function_address, new byte[] { 0x4E, 0x80, 0x00, 0x20 });
  71. System.Threading.Thread.Sleep(20);
  72. byte[] func = new byte[] { 0x7C, 0x08, 0x02, 0xA6, 0xF8, 0x01, 0x00, 0x80, 0x3C, 0x60, 0x50, 0x05, 0x81, 0x83, 0x00, 0x4C, 0x2C, 0x0C, 0x00, 0x00, 0x41, 0x82, 0x00, 0x64, 0x80, 0x83, 0x00, 0x04, 0x80, 0xA3, 0x00, 0x08, 0x80, 0xC3, 0x00, 0x0C, 0x80, 0xE3, 0x00, 0x10, 0x81, 0x03, 0x00, 0x14, 0x81, 0x23, 0x00, 0x18, 0x81, 0x43, 0x00, 0x1C, 0x81, 0x63, 0x00, 0x20, 0xC0, 0x23, 0x00, 0x24, 0xC0, 0x43, 0x00, 0x28, 0xC0, 0x63, 0x00, 0x2C, 0xC0, 0x83, 0x00, 0x30, 0xC0, 0xA3, 0x00, 0x34, 0xC0, 0xC3, 0x00, 0x38, 0xC0, 0xE3, 0x00, 0x3C, 0xC1, 0x03, 0x00, 0x40, 0xC1, 0x23, 0x00, 0x48, 0x80, 0x63, 0x00, 0x00, 0x7D, 0x89, 0x03, 0xA6, 0x4E, 0x80, 0x04, 0x21, 0x3C, 0x80, 0x50, 0x05, 0x38, 0xA0, 0x00, 0x00, 0x90, 0xA4, 0x00, 0x4C, 0x80, 0x64, 0x00, 0x50, 0xE8, 0x01, 0x00, 0x80, 0x7C, 0x08, 0x03, 0xA6, 0x38, 0x21, 0x00, 0x70, 0x4E, 0x80, 0x00, 0x20 };
  73. Lib.SetMemory(function_address + 0x4, func);
  74. Lib.SetMemory(0x50050000, new byte[0x2854]);
  75. Lib.SetMemory(function_address, new byte[] { 0xF8, 0x21, 0xFF, 0x91 });
  76. }
  77.  
  78. public static int Call(uint func_address, params object[] parameters)
  79. {
  80. int num_params = parameters.Length;
  81. uint num_floats = 0;
  82. for (uint i = 0; i < num_params; i++)
  83. {
  84. if (parameters[i] is int)
  85. {
  86. byte[] val = BitConverter.GetBytes((int)parameters[i]);
  87. Array.Reverse(val);
  88. Lib.SetMemory(0x50050000 + (i + num_floats) * 4, val);
  89. }
  90. else if (parameters[i] is uint)
  91. {
  92. byte[] val = BitConverter.GetBytes((uint)parameters[i]);
  93. Array.Reverse(val);
  94. Lib.SetMemory(0x50050000 + (i + num_floats) * 4, val);
  95. }
  96. else if (parameters[i] is string)
  97. {
  98. byte[] str = Encoding.UTF8.GetBytes(Convert.ToString(parameters[i]) + "\0");
  99. Lib.SetMemory(0x50050054 + i * 0x400, str);
  100. uint addr = 0x50050054 + i * 0x400;
  101. byte[] address = BitConverter.GetBytes(addr);
  102. Array.Reverse(address);
  103. Lib.SetMemory(0x50050000 + (i + num_floats) * 4, address);
  104. }
  105. else if (parameters[i] is float)
  106. {
  107. num_floats++;
  108. byte[] val = BitConverter.GetBytes((float)parameters[i]);
  109. Array.Reverse(val);
  110. Lib.SetMemory(0x50050024 + ((num_floats - 1) * 0x4), val);
  111. }
  112. }
  113. byte[] fadd = BitConverter.GetBytes(func_address);
  114. Array.Reverse(fadd);
  115. Lib.SetMemory(0x5005004C, fadd);
  116. System.Threading.Thread.Sleep(20);
  117. byte[] ret = Ghosts.GetMemory(0x50050050, 4);
  118. Array.Reverse(ret);
  119. return BitConverter.ToInt32(ret, 0);
  120. }
  121. #endregion
  122. public static class Protection
  123. {
  124. public static uint write_protection = 0x1D61F8;
  125. public static uint cheat_protection = 0x1D61F0;
  126. public static class Write
  127. {
  128. public static void On()
  129. {
  130. byte[] Write = new byte[] { 0x60, 0x00, 0x00, 0x00 };
  131. Lib.SetMemory(write_protection , Write);
  132. }
  133. public static void Off()
  134. {
  135. byte[] Default = new byte[] { 0x40, 0x9E, 0x02, 0xA8 };
  136. Lib.SetMemory(write_protection , Default);
  137. }
  138. }
  139. public static class Cheat
  140. {
  141. public static void On()
  142. {
  143. byte[] Write = new byte[] { 0x60, 0x00, 0x00, 0x00 };
  144. Lib.SetMemory(cheat_protection , Write);
  145. }
  146. public static void Off()
  147. {
  148. byte[] Default = new byte[] { 0x55, 0x40, 0x06, 0xF6 };
  149. Lib.SetMemory(cheat_protection , Default);
  150. }
  151. }
  152. }
  153. //RPC.Init();
  154. //Protection.Write.On();
  155. //Protection.Cheat.On();
  156. //http://www.mediafire.com/download/3r5cb9bspvdfp5d/Modern+Warfare+And+Waw+STATE+CLIENTS.rar - Full with WaW RPC
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!