Post: How To Update Ghosts HUD Elements! [PPC/IDA]
Options
04-02-2014, 04:31 PM
#1
Shark
Retired.
What You Will Need
1. A Brain
2. IDA Pro + PS3 IDA Plugins
3. Chocos PPC Compiler (Get It Here, You must login or register to view this content.)
4. Ghosts ELF File
Srs is you dont know how to open a fucking spoiler
Step 1
Firstly you want to load up the ghost elf file in IDA
once this is done let it load for a bit then press Shift + F12 what this does is bring up a list of strings, this will make it easier for us to find what we are looking for
!Step 2
Once ida is all loaded up and you have the strings list in front of you, you want to search for "Hud elem string", to search the strings in ida you simply click the search tab in the menu bar at the top of ida then click search and type in "Hud elem string", or you can just press ALT+T
Now in IDA you should have this in front of you
You must login or register to view this content.
now from here you want to double click it, this will take you to the string in IDA View now once we have done this we want to go to the xref of this string, you can do this by double clicking the data xref located right of the string
You must login or register to view this content.
Now you can get the G_HudElems Address
You must login or register to view this content.
Step 3
So now we have G_HudElems address for 1.09 (0xD86E0
Now for the tricky part which is making a ppc function for SetText
so the first thing we want to do is find the fps offset, which is where we are going to execute the ppc code
so in ida go back to our string tab and do either ALT+T or do it from the search tab in the menu bar, so we want to search for "fps: %f\n", when you find it double click it like we did for the hud elems. now you should be in ida view now just do what we did before and go to the data xref it should take you here, this is where we are going to be starting our function (explained in the photo)
You must login or register to view this content.
before we start writing the function we will also need to find the G_LocalizedString Address this is extremely easy to find, just go to your string list search for "localized string", now double click it to go to ida view but dont double click the xref, if we look closely at the xref you will see the g_locazliedstring address without having to double click it and hunt around for it
You must login or register to view this content.
so now that we have this we can begin writing our function
Step 4 - Writing Le PPC Function
ok so we want to start our function where beq loc_369108 is, in screenshot above somewhere ^
now we can close the string window now cause its not needed anymore, instead we want to go to hex view, it should look like this (all the bytes are ppc instructions turned into opcodes (compiled ppc))
You must login or register to view this content.
Now in chocos ppc compiler we want to set the address to where we are going to start writing the ppc function in this case its 0x369070
You must login or register to view this content.
So go to chocos PPC Compiler and type in these instructions
You must login or register to view this content.
lis %r3, 0x210 - Loads 0x2100000
lwz %r4, 0x00(%r3) Reads 0x2100000
cmpwi %r4, 0 - Compares 0x2100000 Value To 0
beq 0x8c - If Value of r4 is equal to 0 (nothing) then it will branch to end of fps function and not execute rest of code
bl 0x331E0 - If value isnt equal then it will call the g_localizedstring offset (0x331E0)
lis %r4, 0x210 - Loads 0x2100000
stw %r3, 0x5000(%r4) - Stores r3's value to 0x2105000
li %r3, 0 - Loads 0x0000000 Into r3
stw %r3, 0x00(%r4) - Stores r3's value into r4 (this can be known as cleaning it out, to stop it being loaded over and over)
b 0x74 - Branches to end of fps offset and ends function
Now that we have our opcode (its in choco ppc compiler, the box on the right with random bytes everywhere :fa: )
now with this code, if you want to check its correct you can type it into ida by going to the hex view, then by pressing F2 this will let you edit the bytes, so simply just type in the bytes from chocos compiler then press F2 when finished, now if we go back to the ida view tab you will see it has changed, it should look something like this (hopefully, 1 mistake can fuck it all up)
You must login or register to view this content.
now to make this into C# is pretty simple, all we do is write the ppc to the memory
public static void WritePPCToMemory()
{
PS3.SetMemory(0x2100000, new byte[32]);//Where Text Writes To
PS3.SetMemory(0x2105000, new byte[32]);//Return String
PS3.SetMemory(0x369070, new byte[] { 0x3C, 0x60, 0x02, 0x10, 0x80, 0x83, 0x00, 0x00, 0x2C, 0x04, 0x00, 0x00, 0x41, 0x82, 0x00, 0x8C, 0x4B, 0xCC, 0xA1, 0x61, 0x3C, 0x80, 0x02, 0x10, 0x90, 0x64, 0x50, 0x00, 0x38, 0x60, 0x00, 0x00, 0x90, 0x64, 0x00, 0x00, 0x48, 0x00, 0x00, 0x74, 0x3B, 0xE4, 0x8F, 0xD4, 0x38, 0x80, 0x00, 0x00 }); //PPC Code We Are Writing To Memory
PS3.SetMemory(0x33227, new byte[] { 0x01 });//Fixes HUDS (without it huds wont spawn)
}//Run this code when connecting your tool or when you start your huds whatever... this will write the ppc code to the memory, now to actually put it to use we will need another function
public static short SetText(string Text)
{
PS3.SetMemory(0x2100000, Encoding.ASCII.GetBytes(Text + "\0"));//Writes Text To Memory
System.Threading.Thread.Sleep(50);//Stops it from overloading and doing weird shit
return (short)PS3.Extension.ReadInt32(0x2105000);//Gets The Return Value
}
One more thing I didnt go over which is how to get the offset to fix hud elems, this is really easy to get and all you need to do is add 0x47 to G_LocalizedStringIndex (0x331E0), so to get the offset for fixed huds for 1.09 just do 0x331E0 + 0x27 which is 0x33227
, all you need to do is set the value to 0x01Hope you learned something during this tutorial :p
if you have any questions contact me on skype, its hfhshark
Some Good Places To Learn Some PPC
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
The following 17 users say thank you to Shark for this useful post:
04-02-2014, 04:34 PM
#2
MegaMister
Former Mega Staff
Originally posted by sharkbait263
Hey since not many people know how to update ghosts hud elements, or they can update the shaders but not the text then this tutorial should help some people out!
What You Will Need
1. A Brain
2. IDA Pro + PS3 IDA Plugins
3. Chocos PPC Compiler (Get It Here, You must login or register to view this content.)
4. Ghosts ELF File
Srs is you dont know how to open a fucking spoiler
Step 1
Firstly you want to load up the ghost elf file in IDA
once this is done let it load for a bit then press Shift + F12 what this does is bring up a list of strings, this will make it easier for us to find what we are looking for!
Step 2
Once ida is all loaded up and you have the strings list in front of you, you want to search for "Hud elem string", to search the strings in ida you simply click the search tab in the menu bar at the top of ida then click search and type in "Hud elem string", or you can just press ALT+T
Now in IDA you should have this in front of you
You must login or register to view this content.
now from here you want to double click it, this will take you to the string in IDA View now once we have done this we want to go to the xref of this string, you can do this by double clicking the data xref located right of the string
You must login or register to view this content.
Now you can get the G_HudElems Address
You must login or register to view this content.
Step 3
So now we have G_HudElems address for 1.09 (0xD86E0
Now for the tricky part which is making a ppc function for SetText
so the first thing we want to do is find the fps offset, which is where we are going to execute the ppc code
so in ida go back to our string tab and do either ALT+T or do it from the search tab in the menu bar, so we want to search for "fps: %f\n", when you find it double click it like we did for the hud elems. now you should be in ida view now just do what we did before and go to the data xref it should take you here, this is where we are going to be starting our function (explained in the photo)
You must login or register to view this content.
before we start writing the function we will also need to find the G_LocalizedString Address this is extremely easy to find, just go to your string list search for "localized string", now double click it to go to ida view but dont double click the xref, if we look closely at the xref you will see the g_locazliedstring address without having to double click it and hunt around for it
You must login or register to view this content.
so now that we have this we can begin writing our function
Step 4 - Writing Le PPC Function
ok so we want to start our function where beq loc_369108 is, in screenshot above somewhere ^
now we can close the string window now cause its not needed anymore, instead we want to go to hex view, it should look like this (all the bytes are ppc instructions turned into opcodes (compiled ppc))
You must login or register to view this content.
Now in chocos ppc compiler we want to set the address to where we are going to start writing the ppc function in this case its 0x369070
You must login or register to view this content.
So go to chocos PPC Compiler and type in these instructions
You must login or register to view this content.
Now that we have our opcode (its in choco ppc compiler, the box on the right with random bytes everywhere :fa: )
now with this code, if you want to check its correct you can type it into ida by going to the hex view, then by pressing F2 this will let you edit the bytes, so simply just type in the bytes from chocos compiler then press F2 when finished, now if we go back to the ida view tab you will see it has changed, it should look something like this (hopefully, 1 mistake can fuck it all up)
You must login or register to view this content.
now to make this into C# is pretty simple, all we do is write the ppc to the memory
One more thing I didnt go over which is how to get the offset to fix hud elems, this is really easy to get and all you need to do is add 0x47 to G_LocalizedStringIndex (0x331E0), so to get the offset for fixed huds for 1.09 just do 0x331E0 + 0x27 which is 0x33227, all you need to do is set the value to 0x01
Hope you learned something during this tutorial :p
if you have any questions contact me on skype, its hfhshark
Some Good Places To Learn Some PPC
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
What You Will Need
1. A Brain
2. IDA Pro + PS3 IDA Plugins
3. Chocos PPC Compiler (Get It Here, You must login or register to view this content.)
4. Ghosts ELF File
Srs is you dont know how to open a fucking spoiler
Step 1
Firstly you want to load up the ghost elf file in IDA
once this is done let it load for a bit then press Shift + F12 what this does is bring up a list of strings, this will make it easier for us to find what we are looking for
!Step 2
Once ida is all loaded up and you have the strings list in front of you, you want to search for "Hud elem string", to search the strings in ida you simply click the search tab in the menu bar at the top of ida then click search and type in "Hud elem string", or you can just press ALT+T
Now in IDA you should have this in front of you
You must login or register to view this content.
now from here you want to double click it, this will take you to the string in IDA View now once we have done this we want to go to the xref of this string, you can do this by double clicking the data xref located right of the string
You must login or register to view this content.
Now you can get the G_HudElems Address
You must login or register to view this content.
Step 3
So now we have G_HudElems address for 1.09 (0xD86E0
Now for the tricky part which is making a ppc function for SetText
so the first thing we want to do is find the fps offset, which is where we are going to execute the ppc code
so in ida go back to our string tab and do either ALT+T or do it from the search tab in the menu bar, so we want to search for "fps: %f\n", when you find it double click it like we did for the hud elems. now you should be in ida view now just do what we did before and go to the data xref it should take you here, this is where we are going to be starting our function (explained in the photo)
You must login or register to view this content.
before we start writing the function we will also need to find the G_LocalizedString Address this is extremely easy to find, just go to your string list search for "localized string", now double click it to go to ida view but dont double click the xref, if we look closely at the xref you will see the g_locazliedstring address without having to double click it and hunt around for it
You must login or register to view this content.
so now that we have this we can begin writing our function
Step 4 - Writing Le PPC Function
ok so we want to start our function where beq loc_369108 is, in screenshot above somewhere ^
now we can close the string window now cause its not needed anymore, instead we want to go to hex view, it should look like this (all the bytes are ppc instructions turned into opcodes (compiled ppc))
You must login or register to view this content.
Now in chocos ppc compiler we want to set the address to where we are going to start writing the ppc function in this case its 0x369070
You must login or register to view this content.
So go to chocos PPC Compiler and type in these instructions
You must login or register to view this content.
lis %r3, 0x210 - Loads 0x2100000
lwz %r4, 0x00(%r3) Reads 0x2100000
cmpwi %r4, 0 - Compares 0x2100000 Value To 0
beq 0x8c - If Value of r4 is equal to 0 (nothing) then it will branch to end of fps function and not execute rest of code
bl 0x331E0 - If value isnt equal then it will call the g_localizedstring offset (0x331E0)
lis %r4, 0x210 - Loads 0x2100000
stw %r3, 0x5000(%r4) - Stores r3's value to 0x2105000
li %r3, 0 - Loads 0x0000000 Into r3
stw %r3, 0x00(%r4) - Stores r3's value into r4 (this can be known as cleaning it out, to stop it being loaded over and over)
b 0x74 - Branches to end of fps offset and ends function
Now that we have our opcode (its in choco ppc compiler, the box on the right with random bytes everywhere :fa: )
now with this code, if you want to check its correct you can type it into ida by going to the hex view, then by pressing F2 this will let you edit the bytes, so simply just type in the bytes from chocos compiler then press F2 when finished, now if we go back to the ida view tab you will see it has changed, it should look something like this (hopefully, 1 mistake can fuck it all up)
You must login or register to view this content.
now to make this into C# is pretty simple, all we do is write the ppc to the memory
public static void WritePPCToMemory()
{
PS3.SetMemory(0x2100000, new byte[32]);//Where Text Writes To
PS3.SetMemory(0x2105000, new byte[32]);//Return String
PS3.SetMemory(0x369070, new byte[] { 0x3C, 0x60, 0x02, 0x10, 0x80, 0x83, 0x00, 0x00, 0x2C, 0x04, 0x00, 0x00, 0x41, 0x82, 0x00, 0x8C, 0x4B, 0xCC, 0xA1, 0x61, 0x3C, 0x80, 0x02, 0x10, 0x90, 0x64, 0x50, 0x00, 0x38, 0x60, 0x00, 0x00, 0x90, 0x64, 0x00, 0x00, 0x48, 0x00, 0x00, 0x74, 0x3B, 0xE4, 0x8F, 0xD4, 0x38, 0x80, 0x00, 0x00 }); //PPC Code We Are Writing To Memory
PS3.SetMemory(0x33227, new byte[] { 0x01 });//Fixes HUDS (without it huds wont spawn)
}//Run this code when connecting your tool or when you start your huds whatever... this will write the ppc code to the memory, now to actually put it to use we will need another function
public static short SetText(string Text)
{
PS3.SetMemory(0x2100000, Encoding.ASCII.GetBytes(Text + "\0"));//Writes Text To Memory
System.Threading.Thread.Sleep(50);//Stops it from overloading and doing weird shit
return (short)PS3.Extension.ReadInt32(0x2105000);//Gets The Return Value
}
One more thing I didnt go over which is how to get the offset to fix hud elems, this is really easy to get and all you need to do is add 0x47 to G_LocalizedStringIndex (0x331E0), so to get the offset for fixed huds for 1.09 just do 0x331E0 + 0x27 which is 0x33227
, all you need to do is set the value to 0x01Hope you learned something during this tutorial :p
if you have any questions contact me on skype, its hfhshark
Some Good Places To Learn Some PPC
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Nice tut buddy!
04-02-2014, 04:35 PM
#3
Bad Luck Brian
< ^ > < ^ >
Originally posted by sharkbait263
Hey since not many people know how to update ghosts hud elements, or they can update the shaders but not the text then this tutorial should help some people out!
What You Will Need
1. A Brain
2. IDA Pro + PS3 IDA Plugins
3. Chocos PPC Compiler (Get It Here, You must login or register to view this content.)
4. Ghosts ELF File
Srs is you dont know how to open a fucking spoiler
Step 1
Firstly you want to load up the ghost elf file in IDA
once this is done let it load for a bit then press Shift + F12 what this does is bring up a list of strings, this will make it easier for us to find what we are looking for!
Step 2
Once ida is all loaded up and you have the strings list in front of you, you want to search for "Hud elem string", to search the strings in ida you simply click the search tab in the menu bar at the top of ida then click search and type in "Hud elem string", or you can just press ALT+T
Now in IDA you should have this in front of you
You must login or register to view this content.
now from here you want to double click it, this will take you to the string in IDA View now once we have done this we want to go to the xref of this string, you can do this by double clicking the data xref located right of the string
You must login or register to view this content.
Now you can get the G_HudElems Address
You must login or register to view this content.
Step 3
So now we have G_HudElems address for 1.09 (0xD86E0
Now for the tricky part which is making a ppc function for SetText
so the first thing we want to do is find the fps offset, which is where we are going to execute the ppc code
so in ida go back to our string tab and do either ALT+T or do it from the search tab in the menu bar, so we want to search for "fps: %f\n", when you find it double click it like we did for the hud elems. now you should be in ida view now just do what we did before and go to the data xref it should take you here, this is where we are going to be starting our function (explained in the photo)
You must login or register to view this content.
before we start writing the function we will also need to find the G_LocalizedString Address this is extremely easy to find, just go to your string list search for "localized string", now double click it to go to ida view but dont double click the xref, if we look closely at the xref you will see the g_locazliedstring address without having to double click it and hunt around for it
You must login or register to view this content.
so now that we have this we can begin writing our function
Step 4 - Writing Le PPC Function
ok so we want to start our function where beq loc_369108 is, in screenshot above somewhere ^
now we can close the string window now cause its not needed anymore, instead we want to go to hex view, it should look like this (all the bytes are ppc instructions turned into opcodes (compiled ppc))
You must login or register to view this content.
Now in chocos ppc compiler we want to set the address to where we are going to start writing the ppc function in this case its 0x369070
You must login or register to view this content.
So go to chocos PPC Compiler and type in these instructions
You must login or register to view this content.
Now that we have our opcode (its in choco ppc compiler, the box on the right with random bytes everywhere :fa: )
now with this code, if you want to check its correct you can type it into ida by going to the hex view, then by pressing F2 this will let you edit the bytes, so simply just type in the bytes from chocos compiler then press F2 when finished, now if we go back to the ida view tab you will see it has changed, it should look something like this (hopefully, 1 mistake can fuck it all up)
You must login or register to view this content.
now to make this into C# is pretty simple, all we do is write the ppc to the memory
One more thing I didnt go over which is how to get the offset to fix hud elems, this is really easy to get and all you need to do is add 0x47 to G_LocalizedStringIndex (0x331E0), so to get the offset for fixed huds for 1.09 just do 0x331E0 + 0x27 which is 0x33227, all you need to do is set the value to 0x01
Hope you learned something during this tutorial :p
if you have any questions contact me on skype, its hfhshark
Some Good Places To Learn Some PPC
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
What You Will Need
1. A Brain
2. IDA Pro + PS3 IDA Plugins
3. Chocos PPC Compiler (Get It Here, You must login or register to view this content.)
4. Ghosts ELF File
Srs is you dont know how to open a fucking spoiler
Step 1
Firstly you want to load up the ghost elf file in IDA
once this is done let it load for a bit then press Shift + F12 what this does is bring up a list of strings, this will make it easier for us to find what we are looking for
!Step 2
Once ida is all loaded up and you have the strings list in front of you, you want to search for "Hud elem string", to search the strings in ida you simply click the search tab in the menu bar at the top of ida then click search and type in "Hud elem string", or you can just press ALT+T
Now in IDA you should have this in front of you
You must login or register to view this content.
now from here you want to double click it, this will take you to the string in IDA View now once we have done this we want to go to the xref of this string, you can do this by double clicking the data xref located right of the string
You must login or register to view this content.
Now you can get the G_HudElems Address
You must login or register to view this content.
Step 3
So now we have G_HudElems address for 1.09 (0xD86E0
Now for the tricky part which is making a ppc function for SetText
so the first thing we want to do is find the fps offset, which is where we are going to execute the ppc code
so in ida go back to our string tab and do either ALT+T or do it from the search tab in the menu bar, so we want to search for "fps: %f\n", when you find it double click it like we did for the hud elems. now you should be in ida view now just do what we did before and go to the data xref it should take you here, this is where we are going to be starting our function (explained in the photo)
You must login or register to view this content.
before we start writing the function we will also need to find the G_LocalizedString Address this is extremely easy to find, just go to your string list search for "localized string", now double click it to go to ida view but dont double click the xref, if we look closely at the xref you will see the g_locazliedstring address without having to double click it and hunt around for it
You must login or register to view this content.
so now that we have this we can begin writing our function
Step 4 - Writing Le PPC Function
ok so we want to start our function where beq loc_369108 is, in screenshot above somewhere ^
now we can close the string window now cause its not needed anymore, instead we want to go to hex view, it should look like this (all the bytes are ppc instructions turned into opcodes (compiled ppc))
You must login or register to view this content.
Now in chocos ppc compiler we want to set the address to where we are going to start writing the ppc function in this case its 0x369070
You must login or register to view this content.
So go to chocos PPC Compiler and type in these instructions
You must login or register to view this content.
lis %r3, 0x210 - Loads 0x2100000
lwz %r4, 0x00(%r3) Reads 0x2100000
cmpwi %r4, 0 - Compares 0x2100000 Value To 0
beq 0x8c - If Value of r4 is equal to 0 (nothing) then it will branch to end of fps function and not execute rest of code
bl 0x331E0 - If value isnt equal then it will call the g_localizedstring offset (0x331E0)
lis %r4, 0x210 - Loads 0x2100000
stw %r3, 0x5000(%r4) - Stores r3's value to 0x2105000
li %r3, 0 - Loads 0x0000000 Into r3
stw %r3, 0x00(%r4) - Stores r3's value into r4 (this can be known as cleaning it out, to stop it being loaded over and over)
b 0x74 - Branches to end of fps offset and ends function
Now that we have our opcode (its in choco ppc compiler, the box on the right with random bytes everywhere :fa: )
now with this code, if you want to check its correct you can type it into ida by going to the hex view, then by pressing F2 this will let you edit the bytes, so simply just type in the bytes from chocos compiler then press F2 when finished, now if we go back to the ida view tab you will see it has changed, it should look something like this (hopefully, 1 mistake can fuck it all up)
You must login or register to view this content.
now to make this into C# is pretty simple, all we do is write the ppc to the memory
public static void WritePPCToMemory()
{
PS3.SetMemory(0x2100000, new byte[32]);//Where Text Writes To
PS3.SetMemory(0x2105000, new byte[32]);//Return String
PS3.SetMemory(0x369070, new byte[] { 0x3C, 0x60, 0x02, 0x10, 0x80, 0x83, 0x00, 0x00, 0x2C, 0x04, 0x00, 0x00, 0x41, 0x82, 0x00, 0x8C, 0x4B, 0xCC, 0xA1, 0x61, 0x3C, 0x80, 0x02, 0x10, 0x90, 0x64, 0x50, 0x00, 0x38, 0x60, 0x00, 0x00, 0x90, 0x64, 0x00, 0x00, 0x48, 0x00, 0x00, 0x74, 0x3B, 0xE4, 0x8F, 0xD4, 0x38, 0x80, 0x00, 0x00 }); //PPC Code We Are Writing To Memory
PS3.SetMemory(0x33227, new byte[] { 0x01 });//Fixes HUDS (without it huds wont spawn)
}//Run this code when connecting your tool or when you start your huds whatever... this will write the ppc code to the memory, now to actually put it to use we will need another function
public static short SetText(string Text)
{
PS3.SetMemory(0x2100000, Encoding.ASCII.GetBytes(Text + "\0"));//Writes Text To Memory
System.Threading.Thread.Sleep(50);//Stops it from overloading and doing weird shit
return (short)PS3.Extension.ReadInt32(0x2105000);//Gets The Return Value
}
One more thing I didnt go over which is how to get the offset to fix hud elems, this is really easy to get and all you need to do is add 0x47 to G_LocalizedStringIndex (0x331E0), so to get the offset for fixed huds for 1.09 just do 0x331E0 + 0x27 which is 0x33227
, all you need to do is set the value to 0x01Hope you learned something during this tutorial :p
if you have any questions contact me on skype, its hfhshark
Some Good Places To Learn Some PPC
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
idk how to open the spoiler and i really want to update my huds
huehuehnice tut sharkynub :wub:
04-02-2014, 05:37 PM
#8
ImSooCool
Vault dweller
Originally posted by sharkbait263
Hey since not many people know how to update ghosts hud elements, or they can update the shaders but not the text then this tutorial should help some people out!
What You Will Need
1. A Brain
2. IDA Pro + PS3 IDA Plugins
3. Chocos PPC Compiler (Get It Here, You must login or register to view this content.)
4. Ghosts ELF File
Srs is you dont know how to open a fucking spoiler
Step 1
Firstly you want to load up the ghost elf file in IDA
once this is done let it load for a bit then press Shift + F12 what this does is bring up a list of strings, this will make it easier for us to find what we are looking for!
Step 2
Once ida is all loaded up and you have the strings list in front of you, you want to search for "Hud elem string", to search the strings in ida you simply click the search tab in the menu bar at the top of ida then click search and type in "Hud elem string", or you can just press ALT+T
Now in IDA you should have this in front of you
You must login or register to view this content.
now from here you want to double click it, this will take you to the string in IDA View now once we have done this we want to go to the xref of this string, you can do this by double clicking the data xref located right of the string
You must login or register to view this content.
Now you can get the G_HudElems Address
You must login or register to view this content.
Step 3
So now we have G_HudElems address for 1.09 (0xD86E0
Now for the tricky part which is making a ppc function for SetText
so the first thing we want to do is find the fps offset, which is where we are going to execute the ppc code
so in ida go back to our string tab and do either ALT+T or do it from the search tab in the menu bar, so we want to search for "fps: %f\n", when you find it double click it like we did for the hud elems. now you should be in ida view now just do what we did before and go to the data xref it should take you here, this is where we are going to be starting our function (explained in the photo)
You must login or register to view this content.
before we start writing the function we will also need to find the G_LocalizedString Address this is extremely easy to find, just go to your string list search for "localized string", now double click it to go to ida view but dont double click the xref, if we look closely at the xref you will see the g_locazliedstring address without having to double click it and hunt around for it
You must login or register to view this content.
so now that we have this we can begin writing our function
Step 4 - Writing Le PPC Function
ok so we want to start our function where beq loc_369108 is, in screenshot above somewhere ^
now we can close the string window now cause its not needed anymore, instead we want to go to hex view, it should look like this (all the bytes are ppc instructions turned into opcodes (compiled ppc))
You must login or register to view this content.
Now in chocos ppc compiler we want to set the address to where we are going to start writing the ppc function in this case its 0x369070
You must login or register to view this content.
So go to chocos PPC Compiler and type in these instructions
You must login or register to view this content.
Now that we have our opcode (its in choco ppc compiler, the box on the right with random bytes everywhere :fa: )
now with this code, if you want to check its correct you can type it into ida by going to the hex view, then by pressing F2 this will let you edit the bytes, so simply just type in the bytes from chocos compiler then press F2 when finished, now if we go back to the ida view tab you will see it has changed, it should look something like this (hopefully, 1 mistake can fuck it all up)
You must login or register to view this content.
now to make this into C# is pretty simple, all we do is write the ppc to the memory
One more thing I didnt go over which is how to get the offset to fix hud elems, this is really easy to get and all you need to do is add 0x47 to G_LocalizedStringIndex (0x331E0), so to get the offset for fixed huds for 1.09 just do 0x331E0 + 0x27 which is 0x33227, all you need to do is set the value to 0x01
Hope you learned something during this tutorial :p
if you have any questions contact me on skype, its hfhshark
Some Good Places To Learn Some PPC
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
What You Will Need
1. A Brain
2. IDA Pro + PS3 IDA Plugins
3. Chocos PPC Compiler (Get It Here, You must login or register to view this content.)
4. Ghosts ELF File
Srs is you dont know how to open a fucking spoiler
Step 1
Firstly you want to load up the ghost elf file in IDA
once this is done let it load for a bit then press Shift + F12 what this does is bring up a list of strings, this will make it easier for us to find what we are looking for
!Step 2
Once ida is all loaded up and you have the strings list in front of you, you want to search for "Hud elem string", to search the strings in ida you simply click the search tab in the menu bar at the top of ida then click search and type in "Hud elem string", or you can just press ALT+T
Now in IDA you should have this in front of you
You must login or register to view this content.
now from here you want to double click it, this will take you to the string in IDA View now once we have done this we want to go to the xref of this string, you can do this by double clicking the data xref located right of the string
You must login or register to view this content.
Now you can get the G_HudElems Address
You must login or register to view this content.
Step 3
So now we have G_HudElems address for 1.09 (0xD86E0
Now for the tricky part which is making a ppc function for SetText
so the first thing we want to do is find the fps offset, which is where we are going to execute the ppc code
so in ida go back to our string tab and do either ALT+T or do it from the search tab in the menu bar, so we want to search for "fps: %f\n", when you find it double click it like we did for the hud elems. now you should be in ida view now just do what we did before and go to the data xref it should take you here, this is where we are going to be starting our function (explained in the photo)
You must login or register to view this content.
before we start writing the function we will also need to find the G_LocalizedString Address this is extremely easy to find, just go to your string list search for "localized string", now double click it to go to ida view but dont double click the xref, if we look closely at the xref you will see the g_locazliedstring address without having to double click it and hunt around for it
You must login or register to view this content.
so now that we have this we can begin writing our function
Step 4 - Writing Le PPC Function
ok so we want to start our function where beq loc_369108 is, in screenshot above somewhere ^
now we can close the string window now cause its not needed anymore, instead we want to go to hex view, it should look like this (all the bytes are ppc instructions turned into opcodes (compiled ppc))
You must login or register to view this content.
Now in chocos ppc compiler we want to set the address to where we are going to start writing the ppc function in this case its 0x369070
You must login or register to view this content.
So go to chocos PPC Compiler and type in these instructions
You must login or register to view this content.
lis %r3, 0x210 - Loads 0x2100000
lwz %r4, 0x00(%r3) Reads 0x2100000
cmpwi %r4, 0 - Compares 0x2100000 Value To 0
beq 0x8c - If Value of r4 is equal to 0 (nothing) then it will branch to end of fps function and not execute rest of code
bl 0x331E0 - If value isnt equal then it will call the g_localizedstring offset (0x331E0)
lis %r4, 0x210 - Loads 0x2100000
stw %r3, 0x5000(%r4) - Stores r3's value to 0x2105000
li %r3, 0 - Loads 0x0000000 Into r3
stw %r3, 0x00(%r4) - Stores r3's value into r4 (this can be known as cleaning it out, to stop it being loaded over and over)
b 0x74 - Branches to end of fps offset and ends function
Now that we have our opcode (its in choco ppc compiler, the box on the right with random bytes everywhere :fa: )
now with this code, if you want to check its correct you can type it into ida by going to the hex view, then by pressing F2 this will let you edit the bytes, so simply just type in the bytes from chocos compiler then press F2 when finished, now if we go back to the ida view tab you will see it has changed, it should look something like this (hopefully, 1 mistake can fuck it all up)
You must login or register to view this content.
now to make this into C# is pretty simple, all we do is write the ppc to the memory
public static void WritePPCToMemory()
{
PS3.SetMemory(0x2100000, new byte[32]);//Where Text Writes To
PS3.SetMemory(0x2105000, new byte[32]);//Return String
PS3.SetMemory(0x369070, new byte[] { 0x3C, 0x60, 0x02, 0x10, 0x80, 0x83, 0x00, 0x00, 0x2C, 0x04, 0x00, 0x00, 0x41, 0x82, 0x00, 0x8C, 0x4B, 0xCC, 0xA1, 0x61, 0x3C, 0x80, 0x02, 0x10, 0x90, 0x64, 0x50, 0x00, 0x38, 0x60, 0x00, 0x00, 0x90, 0x64, 0x00, 0x00, 0x48, 0x00, 0x00, 0x74, 0x3B, 0xE4, 0x8F, 0xD4, 0x38, 0x80, 0x00, 0x00 }); //PPC Code We Are Writing To Memory
PS3.SetMemory(0x33227, new byte[] { 0x01 });//Fixes HUDS (without it huds wont spawn)
}//Run this code when connecting your tool or when you start your huds whatever... this will write the ppc code to the memory, now to actually put it to use we will need another function
public static short SetText(string Text)
{
PS3.SetMemory(0x2100000, Encoding.ASCII.GetBytes(Text + "\0"));//Writes Text To Memory
System.Threading.Thread.Sleep(50);//Stops it from overloading and doing weird shit
return (short)PS3.Extension.ReadInt32(0x2105000);//Gets The Return Value
}
One more thing I didnt go over which is how to get the offset to fix hud elems, this is really easy to get and all you need to do is add 0x47 to G_LocalizedStringIndex (0x331E0), so to get the offset for fixed huds for 1.09 just do 0x331E0 + 0x27 which is 0x33227
, all you need to do is set the value to 0x01Hope you learned something during this tutorial :p
if you have any questions contact me on skype, its hfhshark
Some Good Places To Learn Some PPC
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Nice Tutorial Sharky!
04-02-2014, 11:45 PM
#10
Dacoco
I void warranties.
Originally posted by sharkbait263
Hey since not many people know how to update ghosts hud elements, or they can update the shaders but not the text then this tutorial should help some people out!
What You Will Need
1. A Brain
2. IDA Pro + PS3 IDA Plugins
3. Chocos PPC Compiler (Get It Here, You must login or register to view this content.)
4. Ghosts ELF File
Srs is you dont know how to open a fucking spoiler
Step 1
Firstly you want to load up the ghost elf file in IDA
once this is done let it load for a bit then press Shift + F12 what this does is bring up a list of strings, this will make it easier for us to find what we are looking for!
Step 2
Once ida is all loaded up and you have the strings list in front of you, you want to search for "Hud elem string", to search the strings in ida you simply click the search tab in the menu bar at the top of ida then click search and type in "Hud elem string", or you can just press ALT+T
Now in IDA you should have this in front of you
You must login or register to view this content.
now from here you want to double click it, this will take you to the string in IDA View now once we have done this we want to go to the xref of this string, you can do this by double clicking the data xref located right of the string
You must login or register to view this content.
Now you can get the G_HudElems Address
You must login or register to view this content.
Step 3
So now we have G_HudElems address for 1.09 (0xD86E0
Now for the tricky part which is making a ppc function for SetText
so the first thing we want to do is find the fps offset, which is where we are going to execute the ppc code
so in ida go back to our string tab and do either ALT+T or do it from the search tab in the menu bar, so we want to search for "fps: %f\n", when you find it double click it like we did for the hud elems. now you should be in ida view now just do what we did before and go to the data xref it should take you here, this is where we are going to be starting our function (explained in the photo)
You must login or register to view this content.
before we start writing the function we will also need to find the G_LocalizedString Address this is extremely easy to find, just go to your string list search for "localized string", now double click it to go to ida view but dont double click the xref, if we look closely at the xref you will see the g_locazliedstring address without having to double click it and hunt around for it
You must login or register to view this content.
so now that we have this we can begin writing our function
Step 4 - Writing Le PPC Function
ok so we want to start our function where beq loc_369108 is, in screenshot above somewhere ^
now we can close the string window now cause its not needed anymore, instead we want to go to hex view, it should look like this (all the bytes are ppc instructions turned into opcodes (compiled ppc))
You must login or register to view this content.
Now in chocos ppc compiler we want to set the address to where we are going to start writing the ppc function in this case its 0x369070
You must login or register to view this content.
So go to chocos PPC Compiler and type in these instructions
You must login or register to view this content.
Now that we have our opcode (its in choco ppc compiler, the box on the right with random bytes everywhere :fa: )
now with this code, if you want to check its correct you can type it into ida by going to the hex view, then by pressing F2 this will let you edit the bytes, so simply just type in the bytes from chocos compiler then press F2 when finished, now if we go back to the ida view tab you will see it has changed, it should look something like this (hopefully, 1 mistake can fuck it all up)
You must login or register to view this content.
now to make this into C# is pretty simple, all we do is write the ppc to the memory
One more thing I didnt go over which is how to get the offset to fix hud elems, this is really easy to get and all you need to do is add 0x47 to G_LocalizedStringIndex (0x331E0), so to get the offset for fixed huds for 1.09 just do 0x331E0 + 0x27 which is 0x33227, all you need to do is set the value to 0x01
Hope you learned something during this tutorial :p
if you have any questions contact me on skype, its hfhshark
Some Good Places To Learn Some PPC
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
What You Will Need
1. A Brain
2. IDA Pro + PS3 IDA Plugins
3. Chocos PPC Compiler (Get It Here, You must login or register to view this content.)
4. Ghosts ELF File
Srs is you dont know how to open a fucking spoiler
Step 1
Firstly you want to load up the ghost elf file in IDA
once this is done let it load for a bit then press Shift + F12 what this does is bring up a list of strings, this will make it easier for us to find what we are looking for
!Step 2
Once ida is all loaded up and you have the strings list in front of you, you want to search for "Hud elem string", to search the strings in ida you simply click the search tab in the menu bar at the top of ida then click search and type in "Hud elem string", or you can just press ALT+T
Now in IDA you should have this in front of you
You must login or register to view this content.
now from here you want to double click it, this will take you to the string in IDA View now once we have done this we want to go to the xref of this string, you can do this by double clicking the data xref located right of the string
You must login or register to view this content.
Now you can get the G_HudElems Address
You must login or register to view this content.
Step 3
So now we have G_HudElems address for 1.09 (0xD86E0
Now for the tricky part which is making a ppc function for SetText
so the first thing we want to do is find the fps offset, which is where we are going to execute the ppc code
so in ida go back to our string tab and do either ALT+T or do it from the search tab in the menu bar, so we want to search for "fps: %f\n", when you find it double click it like we did for the hud elems. now you should be in ida view now just do what we did before and go to the data xref it should take you here, this is where we are going to be starting our function (explained in the photo)
You must login or register to view this content.
before we start writing the function we will also need to find the G_LocalizedString Address this is extremely easy to find, just go to your string list search for "localized string", now double click it to go to ida view but dont double click the xref, if we look closely at the xref you will see the g_locazliedstring address without having to double click it and hunt around for it
You must login or register to view this content.
so now that we have this we can begin writing our function
Step 4 - Writing Le PPC Function
ok so we want to start our function where beq loc_369108 is, in screenshot above somewhere ^
now we can close the string window now cause its not needed anymore, instead we want to go to hex view, it should look like this (all the bytes are ppc instructions turned into opcodes (compiled ppc))
You must login or register to view this content.
Now in chocos ppc compiler we want to set the address to where we are going to start writing the ppc function in this case its 0x369070
You must login or register to view this content.
So go to chocos PPC Compiler and type in these instructions
You must login or register to view this content.
lis %r3, 0x210 - Loads 0x2100000
lwz %r4, 0x00(%r3) Reads 0x2100000
cmpwi %r4, 0 - Compares 0x2100000 Value To 0
beq 0x8c - If Value of r4 is equal to 0 (nothing) then it will branch to end of fps function and not execute rest of code
bl 0x331E0 - If value isnt equal then it will call the g_localizedstring offset (0x331E0)
lis %r4, 0x210 - Loads 0x2100000
stw %r3, 0x5000(%r4) - Stores r3's value to 0x2105000
li %r3, 0 - Loads 0x0000000 Into r3
stw %r3, 0x00(%r4) - Stores r3's value into r4 (this can be known as cleaning it out, to stop it being loaded over and over)
b 0x74 - Branches to end of fps offset and ends function
Now that we have our opcode (its in choco ppc compiler, the box on the right with random bytes everywhere :fa: )
now with this code, if you want to check its correct you can type it into ida by going to the hex view, then by pressing F2 this will let you edit the bytes, so simply just type in the bytes from chocos compiler then press F2 when finished, now if we go back to the ida view tab you will see it has changed, it should look something like this (hopefully, 1 mistake can fuck it all up)
You must login or register to view this content.
now to make this into C# is pretty simple, all we do is write the ppc to the memory
public static void WritePPCToMemory()
{
PS3.SetMemory(0x2100000, new byte[32]);//Where Text Writes To
PS3.SetMemory(0x2105000, new byte[32]);//Return String
PS3.SetMemory(0x369070, new byte[] { 0x3C, 0x60, 0x02, 0x10, 0x80, 0x83, 0x00, 0x00, 0x2C, 0x04, 0x00, 0x00, 0x41, 0x82, 0x00, 0x8C, 0x4B, 0xCC, 0xA1, 0x61, 0x3C, 0x80, 0x02, 0x10, 0x90, 0x64, 0x50, 0x00, 0x38, 0x60, 0x00, 0x00, 0x90, 0x64, 0x00, 0x00, 0x48, 0x00, 0x00, 0x74, 0x3B, 0xE4, 0x8F, 0xD4, 0x38, 0x80, 0x00, 0x00 }); //PPC Code We Are Writing To Memory
PS3.SetMemory(0x33227, new byte[] { 0x01 });//Fixes HUDS (without it huds wont spawn)
}//Run this code when connecting your tool or when you start your huds whatever... this will write the ppc code to the memory, now to actually put it to use we will need another function
public static short SetText(string Text)
{
PS3.SetMemory(0x2100000, Encoding.ASCII.GetBytes(Text + "\0"));//Writes Text To Memory
System.Threading.Thread.Sleep(50);//Stops it from overloading and doing weird shit
return (short)PS3.Extension.ReadInt32(0x2105000);//Gets The Return Value
}
One more thing I didnt go over which is how to get the offset to fix hud elems, this is really easy to get and all you need to do is add 0x47 to G_LocalizedStringIndex (0x331E0), so to get the offset for fixed huds for 1.09 just do 0x331E0 + 0x27 which is 0x33227
, all you need to do is set the value to 0x01Hope you learned something during this tutorial :p
if you have any questions contact me on skype, its hfhshark
Some Good Places To Learn Some PPC
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
To bad im half retarded, so I cant understand this shit, but nice tut
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
