API tools faq
paste
Advertisement
Guest User

BOI Zombies 1.13 RPC

a guest
Feb 15th, 2014
947
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C# 9.89 KB | None | 0 0
raw download clone embed print report
  1. //Black ops zombies 1.13 rpc
  2. //all Credit to choco for the release source on ghosts, ported to bo1 zm by sc58
  3.  
  4. using System;
  5. using System.Collections.Generic;
  6. using System.Linq;
  7. using System.Text;
  8. using System.Threading.Tasks;
  9.  
  10. namespace BOIZMRPC
  11. {
  12.     public class PS3
  13.     {
  14.         static uint processID;
  15.  
  16.         private static uint GetProcessID()
  17.         {
  18.             uint[] ProcessIDs;
  19.             PS3_TMAPI.GetProcessList(0, out ProcessIDs);
  20.             return ProcessIDs[0];
  21.         }
  22.  
  23.         public static void SetMemory(uint address, byte[] memory)
  24.         {
  25.             PS3_TMAPI.ProcessSetMemory(0, PS3_TMAPI.UnitType.PPU, processID, 0, address, memory);
  26.         }
  27.  
  28.         public static byte[] GetMemory(uint address, int length)
  29.         {
  30.             byte[] bytes = new byte[length];
  31.             PS3_TMAPI.ProcessGetMemory(0, PS3_TMAPI.UnitType.PPU, processID, 0, address, ref bytes);
  32.             return bytes;
  33.         }
  34.  
  35.         public static int Init()
  36.         {
  37.             processID = GetProcessID();
  38.             return RPC.Init();
  39.         }
  40.     }
  41.  
  42.     public class RPC
  43.     {
  44.         static uint function_address;
  45.  
  46.         public static int Init()
  47.         {
  48.             function_address = Get_func_address();
  49.             if (function_address == 0) return -1;
  50.             Enable_RPC();
  51.             return 0;
  52.         }
  53.  
  54.         public static uint Get_func_address()
  55.         {
  56.             for (uint i = 0x6E34D4; i < 0x1000000; i += 4)
  57.             {
  58.                 byte[] bytes = PS3.GetMemory(i, 8);
  59.                 if (((bytes[0] == 0x4B) && (bytes[1] == 0xFF) && (bytes[2] == 0xBE) && (bytes[3] == 0x05) && (bytes[4] == 0x4B) && (bytes[5] == 0xFF) && (bytes[6] == 0xFC) && (bytes[7] == 0x98)))
  60.                 {
  61.                     return i + 0xC;
  62.                 }
  63.             }
  64.             return 0;
  65.         }
  66.  
  67.         public static void Enable_RPC()
  68.         {
  69.             /*
  70.              
  71.              Here is the PPC function that gets written into memory, at the address of the fog function
  72.              
  73.                 stdu      r1, -0x70(r1)
  74.                 mflr      r0
  75.                 std       r0, 0x80(r1)
  76.                 lis       r3, 0x1005
  77.                 lwz       r12, 0x4C(r3)
  78.                 cmpwi     r12, 0
  79.                 beq       0x64          #local return
  80.                 lwz       r4, 4(r3)
  81.                 lwz       r5, 8(r3)
  82.                 lwz       r6, 0xC(r3)
  83.                 lwz       r7, 0x10(r3)
  84.                 lwz       r8, 0x14(r3)
  85.                 lwz       r9, 0x18(r3)
  86.                 lwz       r10, 0x1C(r3)
  87.                 lwz       r11, 0x20(r3)
  88.                 lfs       f1, 0x24(r3)
  89.                 lfs       f2, 0x28(r3)
  90.                 lfs       f3, 0x2C(r3)
  91.                 lfs       f4, 0x30(r3)
  92.                 lfs       f5, 0x34(r3)
  93.                 lfs       f6, 0x38(r3)
  94.                 lfs       f7, 0x3C(r3)
  95.                 lfs       f8, 0x40(r3)
  96.                 lfs       f9, 0x48(r3)
  97.                 lwz       r3, 0(r3)
  98.                 mtctr     r12
  99.                 bctrl
  100.                 lis       r4, 0x1005
  101.                 li        r5, 0
  102.                 stw       r5, 0x4C(r4)
  103.                 lwz       r3, 0x50(r4)
  104.                 ld        r0, arg_80(r1)    #here's what the local return branch goes to
  105.                 mtlr      r0
  106.                 addi      r1, r1, 0x70
  107.                 blr
  108.              
  109.             */
  110.  
  111.             PS3.SetMemory(function_address, new byte[] { 0x4E, 0x80, 0x00, 0x20 });
  112.             System.Threading.Thread.Sleep(20);
  113.             byte[] func = new byte[] { 0x7C, 0x08, 0x02, 0xA6, 0xF8, 0x01, 0x00, 0x80, 0x3C, 0x60, 0x10, 0x05, 0x81, 0x83, 0x00, 0x4C, 0x2C, 0x0C, 0x00, 0x00, 0x41, 0x82, 0x00, 0x64, 0x80, 0x83, 0x00, 0x04, 0x80, 0xA3, 0x00, 0x08, 0x80, 0xC3, 0x00, 0x0C, 0x80, 0xE3, 0x00, 0x10, 0x81, 0x03, 0x00, 0x14, 0x81, 0x23, 0x00, 0x18, 0x81, 0x43, 0x00, 0x1C, 0x81, 0x63, 0x00, 0x20, 0xC0, 0x23, 0x00, 0x24, 0xC0, 0x43, 0x00, 0x28, 0xC0, 0x63, 0x00, 0x2C, 0xC0, 0x83, 0x00, 0x30, 0xC0, 0xA3, 0x00, 0x34, 0xC0, 0xC3, 0x00, 0x38, 0xC0, 0xE3, 0x00, 0x3C, 0xC1, 0x03, 0x00, 0x40, 0xC1, 0x23, 0x00, 0x48, 0x80, 0x63, 0x00, 0x00, 0x7D, 0x89, 0x03, 0xA6, 0x4E, 0x80, 0x04, 0x21, 0x3C, 0x80, 0x10, 0x05, 0x38, 0xA0, 0x00, 0x00, 0x90, 0xA4, 0x00, 0x4C, 0x80, 0x64, 0x00, 0x50, 0xE8, 0x01, 0x00, 0x80, 0x7C, 0x08, 0x03, 0xA6, 0x38, 0x21, 0x00, 0x70, 0x4E, 0x80, 0x00, 0x20, 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x00, 0x00, 0x00 };
  114.             PS3.SetMemory(function_address + 0x4, func);
  115.             PS3.SetMemory(0x10050000, new byte[0x2854]);
  116.             PS3.SetMemory(function_address, new byte[] { 0xF8, 0x21, 0xFF, 0x91 });
  117.         }
  118.  
  119.         public static int Call(uint func_address, params object[] parameters)
  120.         {
  121.             int num_params = parameters.Length;
  122.             uint num_floats = 0;
  123.             for (uint i = 0; i < num_params; i++)
  124.             {
  125.                 if (parameters[i] is int)
  126.                 {
  127.                     byte[] val = BitConverter.GetBytes((int)parameters[i]);
  128.                     Array.Reverse(val);
  129.                     PS3.SetMemory(0x10050000 + (i + num_floats) * 4, val);
  130.                 }
  131.                 else if (parameters[i] is uint)
  132.                 {
  133.                     byte[] val = BitConverter.GetBytes((uint)parameters[i]);
  134.                     Array.Reverse(val);
  135.                     PS3.SetMemory(0x10050000 + (i + num_floats) * 4, val);
  136.                 }
  137.                 else if (parameters[i] is string)
  138.                 {
  139.                     byte[] str = Encoding.UTF8.GetBytes(Convert.ToString(parameters[i]) + "\0");
  140.                     PS3.SetMemory(0x10050054 + i * 0x400, str);
  141.                     uint addr = 0x10050054 + i * 0x400;
  142.                     byte[] address = BitConverter.GetBytes(addr);
  143.                     Array.Reverse(address);
  144.                     PS3.SetMemory(0x10050000 + (i + num_floats) * 4, address);
  145.                 }
  146.                 else if (parameters[i] is float)
  147.                 {
  148.                     num_floats++;
  149.                     byte[] val = BitConverter.GetBytes((float)parameters[i]);
  150.                     Array.Reverse(val);
  151.                     PS3.SetMemory(0x10050024 + ((num_floats - 1) * 0x4), val);
  152.                 }
  153.             }
  154.             byte[] fadd = BitConverter.GetBytes(func_address);
  155.             Array.Reverse(fadd);
  156.             PS3.SetMemory(0x1005004C, fadd);
  157.             System.Threading.Thread.Sleep(20);
  158.             byte[] ret = PS3.GetMemory(0x10050050, 4);
  159.             Array.Reverse(ret);
  160.             return BitConverter.ToInt32(ret, 0);
  161.         }
  162.     }
  163. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!