Post: How to write an RPC for any game
Options
12-20-2014, 08:06 AM
#1
XIUD
Banned
Things required :
Some PPC knowledge.
A custom firmware PS3.
Visual studio. So you can test your RPC by calling functions.
Now let`s get started !
First you wanna open up IDA Pro with your game`s ELF file. Once you have loaded the ELF file you want to look for an empty address.
You find an empty address by finding a function that you dont think do anything. When you find the address you will have to go in debugger and put a breakpoint on the address. If you freeze that means the address is being used, if you dont freeze then it`s an empty address
We need an empty address because we need to store our PPC in the memory. Storing it in an address that is being used will overwrite the coding and most likely freeze you. That`s why we did this ^^
Writing PowerPC
Now we have to write our RPC, right?
I will show you what to write and explain what it does.
You will write this :
stdu r1, r1, -0x70
mfspr r0, LR
std r0, r1, 0x80
lis r6, 0x210
lwz r3, r6, 0x04
lwz r4, r6, 0x08
lwz r5, r6, 0x0C
lwz r6, r6
mtctr r6
li r6, 0
bctrl
lis r6, 0x210
stw r3, r6, 0x10
li r3, 0
stw r3, r6
ld r0, r1, 0x80
mtspr LR, r0
addi r1, r1, 0x70
blr
Now i will explain this.
Line 1 : Allocate some space in the stack. So we can store some things.
Line 2 : Receive the link register and set r0 to it.
Line 3 : Stores link register in stack.
Line 4 : Just a memory spot.
Line 5 , 6, 7, 8 : If you know a little PowerPC i shouldn`t have to explain this.
Line 9 : The count register is the address : 0x2100000.
Line 10 : Stops r6 from being parsed as an argument.
Line 11 : Call the address that you stored in the count register.
Line 12 : Sets 0x210 to the register r6
Line 13 : The returned value will be stored at : 0x2100010
Line 14 : Gives the register r3 the value of 0
Line 15 : Erases the function stored at 0x2100000. Important!! Keeps it from calling more than once.
Line 16 : Get the link register.
Line 17 : Set LR to the original link register.
Line 18 : Unallocate the stack.
Line 19 : Return
How to use this.
You would also have to know how to use this, else it`s pretty much useless right??
Include the PS3 library in your projct ofcourse ^^
Then you can use it like this :
Calling an addres :
PS3::WriteUInt32(0x2100000, 0xAFDCA);
//0xAFDCA would be the address to call, you can use your own one.
Writing a string :
PS3::WriteString(0x2101000, "Writinga string");
This will write the string at 0x2101000.
Writing an integer :
PS3::WriteInt32(0x210004, 5);
Enjoy
Credits to ItzEphdel
The following 4 users say thank you to XIUD for this useful post:
03-12-2015, 05:11 PM
#4
XxBlud23xX
< ^ > < ^ >
Originally posted by XIUD
How to write an RPC
Things required :
Some PPC knowledge.
A custom firmware PS3.
Visual studio. So you can test your RPC by calling functions.
Now let`s get started !
First you wanna open up IDA Pro with your game`s ELF file. Once you have loaded the ELF file you want to look for an empty address.
You find an empty address by finding a function that you dont think do anything. When you find the address you will have to go in debugger and put a breakpoint on the address. If you freeze that means the address is being used, if you dont freeze then it`s an empty address
We need an empty address because we need to store our PPC in the memory. Storing it in an address that is being used will overwrite the coding and most likely freeze you. That`s why we did this ^^
Writing PowerPC
Now we have to write our RPC, right?
I will show you what to write and explain what it does.
You will write this :
Now i will explain this.
Line 1 : Allocate some space in the stack. So we can store some things.
Line 2 : Receive the link register and set r0 to it.
Line 3 : Stores link register in stack.
Line 4 : Just a memory spot.
Line 5 , 6, 7, 8 : If you know a little PowerPC i shouldn`t have to explain this.
Line 9 : The count register is the address : 0x2100000.
Line 10 : Stops r6 from being parsed as an argument.
Line 11 : Call the address that you stored in the count register.
Line 12 : Sets 0x210 to the register r6
Line 13 : The returned value will be stored at : 0x2100010
Line 14 : Gives the register r3 the value of 0
Line 15 : Erases the function stored at 0x2100000. Important!! Keeps it from calling more than once.
Line 16 : Get the link register.
Line 17 : Set LR to the original link register.
Line 18 : Unallocate the stack.
Line 19 : Return
How to use this.
You would also have to know how to use this, else it`s pretty much useless right??
Include the PS3 library in your projct ofcourse ^^
Then you can use it like this :
Calling an addres :
PS3::WriteUInt32(0x2100000, 0xAFDCA);
//0xAFDCA would be the address to call, you can use your own one.
Writing a string :
This will write the string at 0x2101000.
Writing an integer :
Enjoy
Credits to ItzEphdel
Things required :
Some PPC knowledge.
A custom firmware PS3.
Visual studio. So you can test your RPC by calling functions.
Now let`s get started !
First you wanna open up IDA Pro with your game`s ELF file. Once you have loaded the ELF file you want to look for an empty address.
You find an empty address by finding a function that you dont think do anything. When you find the address you will have to go in debugger and put a breakpoint on the address. If you freeze that means the address is being used, if you dont freeze then it`s an empty address
We need an empty address because we need to store our PPC in the memory. Storing it in an address that is being used will overwrite the coding and most likely freeze you. That`s why we did this ^^
Writing PowerPC
Now we have to write our RPC, right?
I will show you what to write and explain what it does.
You will write this :
stdu r1, r1, -0x70
mfspr r0, LR
std r0, r1, 0x80
lis r6, 0x210
lwz r3, r6, 0x04
lwz r4, r6, 0x08
lwz r5, r6, 0x0C
lwz r6, r6
mtctr r6
li r6, 0
bctrl
lis r6, 0x210
stw r3, r6, 0x10
li r3, 0
stw r3, r6
ld r0, r1, 0x80
mtspr LR, r0
addi r1, r1, 0x70
blr
Now i will explain this.
Line 1 : Allocate some space in the stack. So we can store some things.
Line 2 : Receive the link register and set r0 to it.
Line 3 : Stores link register in stack.
Line 4 : Just a memory spot.
Line 5 , 6, 7, 8 : If you know a little PowerPC i shouldn`t have to explain this.
Line 9 : The count register is the address : 0x2100000.
Line 10 : Stops r6 from being parsed as an argument.
Line 11 : Call the address that you stored in the count register.
Line 12 : Sets 0x210 to the register r6
Line 13 : The returned value will be stored at : 0x2100010
Line 14 : Gives the register r3 the value of 0
Line 15 : Erases the function stored at 0x2100000. Important!! Keeps it from calling more than once.
Line 16 : Get the link register.
Line 17 : Set LR to the original link register.
Line 18 : Unallocate the stack.
Line 19 : Return
How to use this.
You would also have to know how to use this, else it`s pretty much useless right??
Include the PS3 library in your projct ofcourse ^^
Then you can use it like this :
Calling an addres :
PS3::WriteUInt32(0x2100000, 0xAFDCA);
//0xAFDCA would be the address to call, you can use your own one.
Writing a string :
PS3::WriteString(0x2101000, "Writinga string");
This will write the string at 0x2101000.
Writing an integer :
PS3::WriteInt32(0x210004, 5);
Enjoy
Credits to ItzEphdel
Awesome, thanks bro.
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
