1. Forums /
  2. Top Games /
  3. Call of Duty Series /
  4. Call of Duty: Ghosts /
  5. Ghosts Mods, Cheats, and Glitches /
  6. RPC DLL for all updates - Source code included!
Post: RPC DLL for all updates - Source code included!
12-07-2013, 12:40 AM #1
Choco's Avatar
Choco
Respect my authoritah!!
(adsbygoogle = window.adsbygoogle || []).push({}); Hey NGU!

Today I'll be making my first major release for ghosts - an RPC (remote procedure calls) DLL that allows you to call any function in the game from your PC!

This DLL is intended to be used by developers - it must be added to a C# project to be used. It does not contain the ps3tmapi_net DLL, but it will not work if the file is not on your computer. This DLL will only work for DEX users.

How to Use

1. Download the DLL.
2. Add the DLL as a reference to your C# Project.
3. In your code, after you have connected and attached the process, enter this code:

    int err = GHOSTS.PS3.Init();


This code will will return 0 if the RPC is successfully initialized, and -1 if an error occurs.

4. Enjoy your RPC!

How to Call Functions

1. After finding the function you want to call, simply use this format:

    GHOSTS.RPC.Call(uint func_address, params object[] parameters);


Unlike my previous RPC releases, this one supports many argument types: floats (single-precision), ints, uints, and strings.




This RPC will work for any updates from 1.03 onwards.



Download

Download the DLL: You must login or register to view this content.
Virus Scan: You must login or register to view this content.
Download source code (C# Project): You must login or register to view this content.

Thanks to aerosoul94 for his PS3TMAPI importing functions!



Enjoy this guys! I plan on soon creating a version for CEX users Choco

The following 102 users say thank you to Choco for this useful post:

ResistTheMoon, -SuperMan, {H} | Exception, **The_ One**, Kappa, Eddie Mac, 192.168.1.1, ADAM594, Agent Beast, AlexNGU, Anera, anxify, BaSs_HaXoR, BLiNDzZ, Boliberrys, br0wniiez, Bucko, BullyWiiPlaza, D3skm, Dannie Fresh, Dead_Coast, deneo24, DJok3r, Eddie-Lucas, elgolumm, EliteHackzPS3, EquakeCSharp, F l e x, FAKA_ELITE, Father Luckeyy, FM|T Enstone, Force, Foxhoundz3, gaming_nation, Gay For Satan, Harry, Beats, Callumeleyy, iHaxel, ilasthope, ImAzazel, imD, ImPokerz, iNCSx, iNDMx, InfinityISB4CK, J, jake5445, Jalisco123, TheMightyMoJo, KranK, Loxy, M-alShammary, M0T1VAT10N, Machiavelli_23, Mango_Knife, Marco_Legend, MODZ4FUN420, Mr.Azoz, Mr.Hutch, network10, Norway-_-1999, Notorious, NUKES-X-MODS-X, Darth Saul, Vince, Pewp, xProvXKiller, Pseudo_Soldier, qNSp, Raz0rMind, RoCK__711, Roy944, ICS Vortex, SC58, Sirprizer, SnaY, Swaqq, Swifter, Swiss, TeRmiiMoDz, ThePaaqoHD, Ciri, Turk_Warrior, Uk_ViiPeR, Winter, worrorfight, Xcesar1911X, Fatality, xkoeckiiej, xKrazy SicknesS, XM7MD_VX, xPAQz, Xx-GIPPI-xX and 2 other users.
12-08-2013, 08:57 PM #29
FM|T Enstone's Avatar
FM|T Enstone
Bounty hunter
You only load r3 register when returning from your caller. You must store it somewhere so people can retrieve r3 value, you should do the same for f1. (also r4/r5/r6.. for some syscalls)

stdu r1, -0x70(r1)
mflr r0
std r0, 0x80(r1)
lis r3, 0x1005
lwz r12, 0x4C(r3)
cmpwi r12, 0
beq 0x64 #local return
lwz r4, 4(r3)
lwz r5, 8(r3)
lwz r6, 0xC(r3)
lwz r7, 0x10(r3)
lwz r8, 0x14(r3)
lwz r9, 0x18(r3)
lwz r10, 0x1C(r3)
lwz r11, 0x20(r3)
lfs f1, 0x24(r3)
lfs f2, 0x28(r3)
lfs f3, 0x2C(r3)
lfs f4, 0x30(r3)
lfs f5, 0x34(r3)
lfs f6, 0x38(r3)
lfs f7, 0x3C(r3)
lfs f8, 0x40(r3)
lfs f9, 0x48(r3)
lwz r3, 0(r3)
mtctr r12
bctrl
lis r4, 0x1005
li r5, 0
stw r5, 0x4C(r4)
lwz r3, 0x50(r4) <- HERE
ld r0, arg_80(r1) #here's what the local return branch goes to
mtlr r0
addi r1, r1, 0x70
blr
Last edited by FM|T Enstone ; 12-08-2013 at 09:03 PM.

The following 3 users say thank you to FM|T Enstone for this useful post:

BadChoicesZ, BLiNDzZ, NoOneIsSafe
12-08-2013, 08:57 PM #30
therifboy's Avatar
therifboy
Brute
Originally posted by Choco View Post
And what exactly is wrong with it? :p


You'll hear people complain about it soon enough. :yes:

EDIT: Didn't notice Enstone already replied.He won't get any cookie tho. I lied.
Last edited by therifboy ; 12-08-2013 at 09:06 PM.
12-08-2013, 09:04 PM #31
Choco's Avatar
Choco
Respect my authoritah!!
Originally posted by FM
You only load r3 register when returning from your caller. You must store it somewhere so people can retrieve r3 value, you should do the same for f1. (also r4/r5/r6.. for some syscalls)

stdu r1, -0x70(r1)
mflr r0
std r0, 0x80(r1)
lis r3, 0x1005
lwz r12, 0x4C(r3)
cmpwi r12, 0
beq 0x64 #local return
lwz r4, 4(r3)
lwz r5, 8(r3)
lwz r6, 0xC(r3)
lwz r7, 0x10(r3)
lwz r8, 0x14(r3)
lwz r9, 0x18(r3)
lwz r10, 0x1C(r3)
lwz r11, 0x20(r3)
lfs f1, 0x24(r3)
lfs f2, 0x28(r3)
lfs f3, 0x2C(r3)
lfs f4, 0x30(r3)
lfs f5, 0x34(r3)
lfs f6, 0x38(r3)
lfs f7, 0x3C(r3)
lfs f8, 0x40(r3)
lfs f9, 0x48(r3)
lwz r3, 0(r3)
mtctr r12
bctrl
lis r4, 0x1005
li r5, 0
stw r5, 0x4C(r4)
lwz r3, 0x50(r4) <- HERE
ld r0, arg_80(r1) #here's what the local return branch goes to
mtlr r0
addi r1, r1, 0x70
blr


Whoops, can't believe I let that slip. Will fix it shortly :y:
12-08-2013, 09:05 PM #32
therifboy's Avatar
therifboy
Brute
Originally posted by FM

lis r4, 0x1005
li r5, 0
stw r5, 0x4C(r4)
stw r3, 0x50(r4)
stfs f1, 0x54(r4)
ld r0, arg_80(r1) #here's what the local return branch goes to
mtlr r0
addi r1, r1, 0x70
blr 


    public float GetFloatReturn()

{

    byte[] buff = GetMemory(0x10050054, 4);

    Array.Reverse(buff);

    return BitConverter.ToSingle(buff, 0);

}
12-08-2013, 09:47 PM #33
SC58's Avatar
SC58
Former Staff
Someone just need to make a rpc for all cods and have it do everything it needs and be done with the rpc shit lol Moo

The following 2 users say thank you to SC58 for this useful post:

InfinityISB4CK, INSAN3LY_D34TH
12-09-2013, 11:29 AM #34
Mango_Knife's Avatar
Mango_Knife
In my man cave
Originally posted by Choco View Post
Whoops, can't believe I let that slip. Will fix it shortly :y:


ha :y: Dosent working Anymore
Use :yes:
    

:yes:
12-10-2013, 02:08 AM #35
SC58's Avatar
SC58
Former Staff
There no need to make a post just for these function but here some function to use with this for 1.05.

    0xF0978 - BG_GetPerkIndexForName

0x115784 - BG_GetWeaponIndexForName

0x28A474 - G_GetWeaponIndexForName

0x571B14 - Sv_ExecuteClientCommand

0x2865F0 - G_spawn

0x2851E4 - G_SetModel

0x27BF20 - sp_script_model

0xD83F04 - G_entity

0x2A654C - Cbuf_addtext

0x6886B4 - Sv_Gamesendsevercommand

0x59177C - Dvar_GetBool

0x286DDC - G_SetOrigin

0x280310 - G_CallSpawnEntity

0x535F2C - SV_AddTestClient

0x2A6D34 - SV_Cmd_TokenizeString

0x2A6828 - SV_Cmd_EndTokenizedString

0x6308FC - SV_SetConfigstring

0x517330 - Dvar_GetString

0x23F410 - Add_Ammo

0x646968 - Dvar_GetFloat

0x5BD818 - Dvar_GetInt

0x187598 - Key_isdown

0x286CAC - G_SpawnPlayerClone

0x287008 - G_SetAngle

0x6967B8 - SV_SetBrushModel

0x285154 - SV_LinkEntity

0xD84444 - i think this is LevelTime
Last edited by SC58 ; 12-13-2013 at 05:20 AM.

The following 5 users say thank you to SC58 for this useful post:

Anera, BadChoicesZ, Choco, InfinityISB4CK, Mango_Knife
12-10-2013, 07:03 AM #36
BLiNDzZ's Avatar
BLiNDzZ
Who’s Jim Erased?
Originally posted by FM
You only load r3 register when returning from your caller. You must store it somewhere so people can retrieve r3 value, you should do the same for f1. (also r4/r5/r6.. for some syscalls)

stdu r1, -0x70(r1)
mflr r0
std r0, 0x80(r1)
lis r3, 0x1005
lwz r12, 0x4C(r3)
cmpwi r12, 0
beq 0x64 #local return
lwz r4, 4(r3)
lwz r5, 8(r3)
lwz r6, 0xC(r3)
lwz r7, 0x10(r3)
lwz r8, 0x14(r3)
lwz r9, 0x18(r3)
lwz r10, 0x1C(r3)
lwz r11, 0x20(r3)
lfs f1, 0x24(r3)
lfs f2, 0x28(r3)
lfs f3, 0x2C(r3)
lfs f4, 0x30(r3)
lfs f5, 0x34(r3)
lfs f6, 0x38(r3)
lfs f7, 0x3C(r3)
lfs f8, 0x40(r3)
lfs f9, 0x48(r3)
lwz r3, 0(r3)
mtctr r12
bctrl
lis r4, 0x1005
li r5, 0
stw r5, 0x4C(r4)
lwz r3, 0x50(r4) <- HERE
ld r0, arg_80(r1) #here's what the local return branch goes to
mtlr r0
addi r1, r1, 0x70
blr


How in the world does someone read this o.O :p

The following user thanked BLiNDzZ for this useful post:

yomen9
12-10-2013, 09:00 AM #37
test53's Avatar
test53
Keeper
Originally posted by SC58 View Post
There no need to make a post just for these function but here some function to use with this for 1.05.

    0xF0978 - BG_GetPerkIndexForName

0x115784 - BG_GetWeaponIndexForName

0x28A474 - G_GetWeaponIndexForName

0x571B14 - Sv_ExecuteClientCommand

0x2865F0 - G_spawn

0x2851E4 - G_SetModel

0x27BF20 - sp_script_model

0xD83F04 - G_entity

0x2A654C - Cbuf_addtext

0x6886B4 - Sv_Gamesendsevercommand

0x59177C - Dvar_GetBool

0x286DDC - G_SetOrigin

0x280310 - G_CallSpawnEntity

0x535F2C - SV_AddTestClient

0x2A6D34 - SV_Cmd_TokenizeString

0x2A6828 - SV_Cmd_EndTokenizedString

0x6308FC - SV_SetConfigstring

0x517330 - Dvar_GetString

0x23F410 - Add_Ammo

0x646968 - Dvar_GetFloat

0x5BD818 - Dvar_GetInt

0x187598 - Key_isdown

0x286CAC - G_SpawnPlayerClone

0x287008 - G_SetAngle

0x6967B8 - SV_SetBrushModel

0x285154 - SV_LinkEntity


Good release but how do I call these functions? For G_SetOrgin I try passing in the function address, G_entity and then a float but it freezes my PS3. What are the correct parameters to pass to these functions?

private void button25_Click(object sender, EventArgs e)
{
float buffer = 12345;
Call(0x286DDC, 0xD83F04, buffer);
}

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo