PPC Compiler - NextGenUpdate

07-27-2013, 02:06 AM #1

Choco

Respect my authoritah!!

2,951

Posts

132,113

Reputation

13

Credits

NextGenUpdate Elite

Jun 2010

NextGenUpdate

(adsbygoogle = window.adsbygoogle || []).push({}); Hey NGU,

This is a tool I created for compiling PowerPC instructions into OpCodes. This is EXTREMELY useful for PS3 modding, as all PS3 .elfs are PowerPC. This is a PPU compiler, so it will compile opcodes that will work for any PS3 game application (or xbox .xex files).

Screenshot:

You must login or register to view this content.

How to use

1. Enter your instructions in the box on the left.
2. Enter the address that you will be injecting the opcodes at in the Start Address box (note, this is the address from IDA/Memory, not the HxD address).
3. Click the compile button.
4. Copy the opcodes from the rightmost box and paste them into your elf at the appropriate address.

To designate a register, put a "%" symbol in front of it. For example:

    li r3, 0    <--this will not work.

li %r3, 0   <--this will work.

For bl instructions, just do:

    bl (address to bl to)

For example:

    bl 0x248FA4

For conditional branching instructions, just do the instruction followed by the distance to branch. For example:

    bdnz -0x14

beq 0x14

bne 0x2C

Download

Download the tool here: You must login or register to view this content.
View a virus scan here: You must login or register to view this content.

(Sorry about the false positives, the app has been protected to prevent reverse engineering Choco

)

Credits:
-BuC-Shotz for some help and some code
-The makers of MinGW
-xSonoro for packing
-iMCSx for some C# help

Enjoy guys, hopefully this will be useful to some of you!

Last edited by Choco ; 07-27-2013 at 02:29 AM.

The following 69 users say thank you to Choco for this useful post:

-JM-, {H} | Exception, |RichModder|, AlexNGU, B777x, BadChoicesZ, BaSs_HaXoR, BLiNDzZ, BrinkerzHD, Bucko, Chxii, Cyb3r, Dan Dactyl, DH63, ErasedDev, esc0rtd3w, Father Luckeyy, FBML, flynhigh09, Gabberhard, Gendjisan, GongasPT, Hunter926, ImAzazel, ImPiffHD, ImSooCool, Insult, Island Time, ItsLollo1000, jdmalex, Je Modz, JLM, JOniiX85, klambo, LBK, M-alShammary, Mango_Knife, milky4444, Mr_Snake_-, Mr. Mask, mrdarkblue, Norway-_-1999, Notorious, O-H, GandalfsBish, Pewp, primetime43, Pseudo_Soldier, ryu_hayabusa80, ICS Vortex, SC58, Shark, Smoky420, SnaY, Soldier., Source Code, Sticky, Swaqq, Taylor, TheUnexpected, Ciri, TotalModzHD, Vicodin10, Winter, xFlavez, xRevolutions

04-13-2014, 03:49 AM #29

Cyb3r

NextGenUpdate Elite

813

Posts

18,386

Reputation

112

Credits

NextGenUpdate Elite

Dec 2009

NextGenUpdate

Originally posted by Choco

Hmm, interesting. I think this is because the function I wrote for generating the bl's only supports shorter length branches (when I wrote this, I had primarily COD games in mind, which don't have large elfs). The branch you have is longer so it's causing an error.

Exactly what i thought so, like i said in my 1st post it doesn't add +1 to the 1st byte of the instruction..

I'm using Asmwiird ATM it's great but it doesn't support all ps3 instructions..

And i really like your PPCC but bl and b is very important instructions for me :p, And BTW it doesn't support b instruction also =(

After all you have done a really great job, keep up pro!

04-14-2014, 11:59 PM #30

Choco

Respect my authoritah!!

2,951

Posts

132,113

Reputation

13

Credits

NextGenUpdate Elite

Jun 2010

NextGenUpdate

Originally posted by Cyb3r

Exactly what i thought so, like i said in my 1st post it doesn't add +1 to the 1st byte of the instruction..

I'm using Asmwiird ATM it's great but it doesn't support all ps3 instructions..

And i really like your PPCC but bl and b is very important instructions for me :p, And BTW it doesn't support b instruction also =(

After all you have done a really great job, keep up pro!

It does support b, but it uses the default compiler to generate these. For them, you have to do:

    b [distance to branch]

So, if I wanted to do a branch at 0x59424 to 0x83468, I would do:

    b 0x2A044

04-15-2014, 12:30 AM #31

Cyb3r

NextGenUpdate Elite

813

Posts

18,386

Reputation

112

Credits

NextGenUpdate Elite

Dec 2009

NextGenUpdate

Originally posted by Choco

It does support b, but it uses the default compiler to generate these. For them, you have to do:

    b [distance to branch]

So, if I wanted to do a branch at 0x59424 to 0x83468, I would do:

    b 0x2A044

Nice that's the same way asmwiird works, but another error when trying to back to the main branch.. you see when you try to go back from 0x83468 to 0x59424:

    

b 0xFFFD5FBC

So in all ways i can't use jump method beacause i can't go back to the main branch :p

04-15-2014, 01:01 AM #32

Choco

Respect my authoritah!!

2,951

Posts

132,113

Reputation

13

Credits

NextGenUpdate Elite

Jun 2010

NextGenUpdate

Originally posted by Cyb3r

Nice that's the same way asmwiird works, but another error when trying to back to the main branch.. you see when you try to go back from 0x83468 to 0x59424:

    

b 0xFFFD5FBC

So in all ways i can't use jump method beacause i can't go back to the main branch :p

Not quite

If you are jumping from 0x83468 to 0x59424, you would do this:

    b -0x2A044

04-15-2014, 01:04 AM #33

Cyb3r

NextGenUpdate Elite

813

Posts

18,386

Reputation

112

Credits

NextGenUpdate Elite

Dec 2009

NextGenUpdate

Then we all good, going to try it as soon as i get back home, thanks for time mate!

04-30-2014, 04:17 PM #34

Jannik007

Do a barrel roll!

111

Posts

2,487

Reputation

61

Credits

Member

Mar 2013

NextGenUpdate

Why this doesn't work ?! Tried everything.

You must login or register to view this content.

12-01-2014, 12:16 AM #35

Smoky420

< ^ > < ^ >

1,047

Posts

9,740

Reputation

108

Credits

Member

Jun 2014

NextGenUpdate

Damn didn't saw this before Drack

Thanks Choco it'll save me a lot of time! Enzo

08-23-2016, 12:37 AM #36

BaSs_HaXoR

Hurah!

691

Posts

20,615

Reputation

185

Credits

Member

Sep 2012

NextGenUpdate

Originally posted by Choco

Hey NGU,

This is a tool I created for compiling PowerPC instructions into OpCodes. This is EXTREMELY useful for PS3 modding, as all PS3 .elfs are PowerPC. This is a PPU compiler, so it will compile opcodes that will work for any PS3 game application (or xbox .xex files).

Screenshot:

You must login or register to view this content.

How to use

1. Enter your instructions in the box on the left.
2. Enter the address that you will be injecting the opcodes at in the Start Address box (note, this is the address from IDA/Memory, not the HxD address).
3. Click the compile button.
4. Copy the opcodes from the rightmost box and paste them into your elf at the appropriate address.

To designate a register, put a "%" symbol in front of it. For example:

    li r3, 0    <--this will not work.

li %r3, 0   <--this will work.

For bl instructions, just do:

    bl (address to bl to)

For example:

    bl 0x248FA4

For conditional branching instructions, just do the instruction followed by the distance to branch. For example:

    bdnz -0x14

beq 0x14

bne 0x2C

Download

Download the tool here: You must login or register to view this content.
View a virus scan here: You must login or register to view this content.

(Sorry about the false positives, the app has been protected to prevent reverse engineering Choco

)

Credits:
-BuC-Shotz for some help and some code
-The makers of MinGW
-xSonoro for packing
-iMCSx for some C# help

Enjoy guys, hopefully this will be useful to some of you!

Originally posted by Choco

This is amazing. Thank you Smile

BUT! I couldn't get it working:

You must login or register to view this content.

(Code inputted into program @ addr: 0x276CB0)

    stdu      %r1, -0x520(%r1)

mflr      %r0

std       %r0, 0x530(%r1)

stfd      f30, 0x530(%r1)

stfd      f31, 0x518(%r1)

std       %r30, 0x500(%r1)

mr        %r30, %r4

std       %r31, 0x508(%r1)

lis       %r4, aMenuPaintInter@h

mr        %r31, %r3

addic     %r4, %r4, aMenuPaintInter@l

std       %r29, 0x4f8(%r1)

std       %r28, 0x4f0(%r1)

std       %r27, 0x4e8(%r1)

std       %r26, 0x4e0(%r1)

std       %r25, 0x4d8(%r1)

std       %r24, 0x4d0(%r1)

std       %r23, 0x4c8(%r1)

std       %r22, 0x4c0(%r1)

std       %r21, 0x4b8(%r1)

li        %r3, -1

bl        0x4D6F9C

lis       %r27, dword_1879CEC@ha

lwz       %r3, dword_1879CEC@l(%r27)

lbz       %r3, 8(%r3)

cmpwi     %r3, 0

beq       loc_276D44

ERROR 1:

You must login or register to view this content.

aMenuPaintInter@l I changed to the actual address ("0x554D70") and it said it was invalid... :l

What am I doing wrong? :?

ERROR 2 (WITH FIX (bl/branch)!) :

    

stdu      %r1, -0x520(%r1)

mflr      %r0

std       %r0, 0x530(%r1)

stfd      f30, 0x530(%r1)

stfd      f31, 0x518(%r1)

std       %r30, 0x500(%r1)

mr        %r30, %r4

std       %r31, 0x508(%r1)

mr        %r31, %r3

std       %r29, 0x4f8(%r1)

std       %r28, 0x4f0(%r1)

std       %r27, 0x4e8(%r1)

std       %r26, 0x4e0(%r1)

std       %r25, 0x4d8(%r1)

std       %r24, 0x4d0(%r1)

std       %r23, 0x4c8(%r1)

std       %r22, 0x4c0(%r1)

std       %r21, 0x4b8(%r1)

li        %r3, -1

bl        0x4D6F9C ;[COLOR="#008000"][B][U]THIS IS WHERE THE NEXT PROBLEM IS[/U][/B][/COLOR]

lis       %r27, dword_1879CEC@ha

lwz       %r3, dword_1879CEC@l(%r27)

lbz       %r3, 8(%r3)

cmpwi     %r3, 0

beq       loc_276D44

Fixed this problem by just taking the bl func PPC code and inserting it like so:

Pic: You must login or register to view this content.

    

stdu      %r1, -0x520(%r1)

mflr      %r0

std       %r0, 0x530(%r1)

stfd      f30, 0x530(%r1)

stfd      f31, 0x518(%r1)

std       %r30, 0x500(%r1)

mr        %r30, %r4

std       %r31, 0x508(%r1)

mr        %r31, %r3

std       %r29, 0x4f8(%r1)

std       %r28, 0x4f0(%r1)

std       %r27, 0x4e8(%r1)

std       %r26, 0x4e0(%r1)

std       %r25, 0x4d8(%r1)

std       %r24, 0x4d0(%r1)

std       %r23, 0x4c8(%r1)

std       %r22, 0x4c0(%r1)

std       %r21, 0x4b8(%r1)

li        %r3, -1



[COLOR="#008000"]; this is where the branch ([I]bl        0x4D6F9C[/I]) [B]was[/B]... but I just took the branch func() itself and put it in the same func() as the one I'm calling:[/COLOR]

li        %r3, 0

addc      %r3, %r1, %r3

std       %r5, 0x40(%r3)

std       %r6, 0x48(%r3)

std       %r7, 0x50(%r3)

std       %r8, 0x58(%r3)

std       %r9, 0x60(%r3)

std       %r10, 0x68(%r3)

[COLOR="#008000"]; /end of branch func()[/COLOR]



lis       %r27, dword_1879CEC@ha

lwz       %r3, dword_1879CEC@l(%r27)

lbz       %r3, 8(%r3)

cmpwi     %r3, 0

beq       loc_276D44

You must login or register to view this content.

Last edited by BaSs_HaXoR ; 08-23-2016 at 02:17 AM. Reason: Error, Application crash + FIX!

08-23-2016, 04:21 AM #37

ymh

Treasure hunter

855

Posts

2,150

Reputation

1,099

Credits

Member

Dec 2015

NextGenUpdate

Originally posted by HaXoR

This is amazing. Thank you Smile

BUT! I couldn't get it working:

You must login or register to view this content.

(Code inputted into program @ addr: 0x276CB0)

    stdu      %r1, -0x520(%r1)

mflr      %r0

std       %r0, 0x530(%r1)

stfd      f30, 0x530(%r1)

stfd      f31, 0x518(%r1)

std       %r30, 0x500(%r1)

mr        %r30, %r4

std       %r31, 0x508(%r1)

lis       %r4, aMenuPaintInter@h

mr        %r31, %r3

addic     %r4, %r4, aMenuPaintInter@l

std       %r29, 0x4f8(%r1)

std       %r28, 0x4f0(%r1)

std       %r27, 0x4e8(%r1)

std       %r26, 0x4e0(%r1)

std       %r25, 0x4d8(%r1)

std       %r24, 0x4d0(%r1)

std       %r23, 0x4c8(%r1)

std       %r22, 0x4c0(%r1)

std       %r21, 0x4b8(%r1)

li        %r3, -1

bl        0x4D6F9C

lis       %r27, dword_1879CEC@ha

lwz       %r3, dword_1879CEC@l(%r27)

lbz       %r3, 8(%r3)

cmpwi     %r3, 0

beq       loc_276D44

ERROR 1:

You must login or register to view this content.

aMenuPaintInter@l I changed to the actual address ("0x554D70") and it said it was invalid... :l

What am I doing wrong? :?

ERROR 2 (WITH FIX (bl/branch)!) :

    

stdu      %r1, -0x520(%r1)

mflr      %r0

std       %r0, 0x530(%r1)

stfd      f30, 0x530(%r1)

stfd      f31, 0x518(%r1)

std       %r30, 0x500(%r1)

mr        %r30, %r4

std       %r31, 0x508(%r1)

mr        %r31, %r3

std       %r29, 0x4f8(%r1)

std       %r28, 0x4f0(%r1)

std       %r27, 0x4e8(%r1)

std       %r26, 0x4e0(%r1)

std       %r25, 0x4d8(%r1)

std       %r24, 0x4d0(%r1)

std       %r23, 0x4c8(%r1)

std       %r22, 0x4c0(%r1)

std       %r21, 0x4b8(%r1)

li        %r3, -1

bl        0x4D6F9C ;[COLOR="#008000"][B][U]THIS IS WHERE THE NEXT PROBLEM IS[/U][/B][/COLOR]

lis       %r27, dword_1879CEC@ha

lwz       %r3, dword_1879CEC@l(%r27)

lbz       %r3, 8(%r3)

cmpwi     %r3, 0

beq       loc_276D44

Fixed this problem by just taking the bl func PPC code and inserting it like so:

Pic: You must login or register to view this content.

    

stdu      %r1, -0x520(%r1)

mflr      %r0

std       %r0, 0x530(%r1)

stfd      f30, 0x530(%r1)

stfd      f31, 0x518(%r1)

std       %r30, 0x500(%r1)

mr        %r30, %r4

std       %r31, 0x508(%r1)

mr        %r31, %r3

std       %r29, 0x4f8(%r1)

std       %r28, 0x4f0(%r1)

std       %r27, 0x4e8(%r1)

std       %r26, 0x4e0(%r1)

std       %r25, 0x4d8(%r1)

std       %r24, 0x4d0(%r1)

std       %r23, 0x4c8(%r1)

std       %r22, 0x4c0(%r1)

std       %r21, 0x4b8(%r1)

li        %r3, -1



[COLOR="#008000"]; this is where the branch ([I]bl        0x4D6F9C[/I]) [B]was[/B]... but I just took the branch func() itself and put it in the same func() as the one I'm calling:[/COLOR]

li        %r3, 0

addc      %r3, %r1, %r3

std       %r5, 0x40(%r3)

std       %r6, 0x48(%r3)

std       %r7, 0x50(%r3)

std       %r8, 0x58(%r3)

std       %r9, 0x60(%r3)

std       %r10, 0x68(%r3)

[COLOR="#008000"]; /end of branch func()[/COLOR]



lis       %r27, dword_1879CEC@ha

lwz       %r3, dword_1879CEC@l(%r27)

lbz       %r3, 8(%r3)

cmpwi     %r3, 0

beq       loc_276D44

You must login or register to view this content.

thanks, i gave up on this a long time ago because i was getting errors but i don't know much about this sort of stuff but in order to finish my project i need to use custom self's so kinda need to work it out or not bother at all.