Post: How to customize an EBOOT! [PPC] [Improved]
Options
04-24-2014, 09:12 PM
#1
Notorious
Caprisuns Is Back
Basic tut
What you will need:
HxD (google it)
default_mp.elf (Provided)
make_fself program (you can find on internet or on my eboot builder)
A brain
Step 1:
Open up HxD with the default_mp.elf and it should look like this:
You must login or register to view this content.
Step 2:
You need the address and bytes for the mod that you want, so for example we will use
UAV = 0x0013F42C (credits to ErasedDev I think)
ON = 01
So now we will have to subtract 10,000 in HEX to the address of the mod in order to search it in HxD you can do that by going to the calculator with the programmers view then click the HEX radio button then subtract 10,000 to the address and that will be your destination!
and now press CTRL + G to search an offset, here you will search the offset + 10,000 so it will look like this:
You must login or register to view this content.
So then after that it will bring you to the offset like this:
You must login or register to view this content.
So now you can type in the value, in this case it is 01, like so:
You must login or register to view this content.
So now your eboot will contain UAV mod!
PPC Tut
Hey so now we will do a little bit more advanced tutorial to show you how to use powerpc assembly language to add mods to your eboot! It is different but it is really not that difficult! Let's get started!
So first off we will need to get an address that is not being called in the game (An address that is not being used). You can find an address like this by just going in IDA Pro and clicking on a random function and then putting a break point on it in debugger. If you freeze, then it is being used. If you don't freeze then you are good
! So I am just going to make an imaginary address but the address that I use just replace it with the one that you found. So now let's start the ppc! Here is the function layout for this:
1. lis r3, 0xfirstHalfOfAddress
2. li r4, 0xonValue
3. stb r4, 0xsecondHalfOfAddress(r3)
Now I will explain each number line:
1. Loading the first 2 bytes of the address into the register 3 (r3)
2. Loading the value that you are using to turn on the mod into register 4 (r4)
3. Storing that byte at the address that you loaded
Now I will make an example: (I will be giving my primary weapon 100 bullet's)
lis r3, 0x00F4 #First half of the address for primary ammo
li r4, 0x64 #100 In Hex.
stb r4, 0x4DE8(r3) #Storing r4 at primary ammo address
Now let's convert this to the memory:
Line 1: 3C 60 00 F4
Line 2: 38 80 00 64
Line 3: 98 83 4D E8
Now we will write that at the address that we found that is not being used.
Binding Mod's in PPC
Alright, this tutorial is more advanced then the previous one, but that doesn't mean that it is hard! So what I will be teaching you in this part is how to make it so you press a button and it turns on a mod, but in an EBOOT!
Here is an example for binding no clip:
_main:
li r3, 0 #Local client number
li r4, 0x14 #DPAD_UP
bl 0x0018EEF8 #Key_IsDown Address
cmpwi r3, 0
beq 0x84 (end to fps)
bl 0x4C55DC #Address where the no clip function is stored
b 0x84 (end to fps)
//now put this at the address
_main:
lis r3, 0xF4
li r4, 0x01
stb r4, 0x779F(r3)
b end
end:
blr
Hope this helped everyone! Leave any further questions below!
Last edited by
Notorious ; 09-28-2014 at 12:32 PM.
The following 66 users say thank you to Notorious for this useful post:
-JM-, Eddie Mac, A Friend, AlexNGU, ALI ALHILFI, anxify, B777x, bhoot-iq, Bitwise, br0wniiez, BunnyV3, CodJumper:, Cyb3r, Sabotage, Ethan, FusionIsDaName, G-NeR, Geo, Hori_By_Nature, idropkittens, Im_YouViolateMe, ImAzazel, ImPiffHD, ImSooCool, iNDMx, iTпDM, Welsh, Jewels, joni_djESP, KareraHekku, khalid5257, KranK, Kronoaxis, lahyene77, lucasaf01, M4K3VELi7-, Mango_Knife, MegaMister, MrKiller261, Norway-_-1999, John, PartyTime, PrimeCreated, primetime43, xProvXKiller, RaYRoD, RouletteBoi, RTE, Dacoco, Smoky420, SnaY, Sticky, Taylor, Swifter, Taylors Bish, The★A1★HAXO_oR, TheSaltCracka, TheUnknown21, Troyabusa, Tseerock, witchery, xHostModer, xPAQz, xSlinkeyy, zxCARLOSxz
05-01-2014, 06:58 AM
#12
khairie
Grunt
hai.. how to modified EBOOT for Big mini map : 0x024BB14C default = 0x3f8 : Big = 0x400? i can't find the offset - 10,000... for all offset starts with 0x00 like No Recoil, Red Boxes, Laser, UAV, Advanced UAV, Chrome Players, Wallhack and Super Steady Aim i can find the offset.. but all offset starts with 0x02 like Big mini map, third_person, mini map hardcore, WallHack and Fog i can't find the offset.... plz help... thanks... sorry bad english... :-)
05-01-2014, 08:16 PM
#13
Notorious
Caprisuns Is Back
Originally posted by khairie
hai.. how to modified EBOOT for Big mini map : 0x024BB14C default = 0x3f8 : Big = 0x400? i can't find the offset - 10,000... for all offset starts with 0x00 like No Recoil, Red Boxes, Laser, UAV, Advanced UAV, Chrome Players, Wallhack and Super Steady Aim i can find the offset.. but all offset starts with 0x02 like Big mini map, third_person, mini map hardcore, WallHack and Fog i can't find the offset.... plz help... thanks... sorry bad english... :-)
the offset you use for the 'Basic Tut' Must be under the size of the file. Just go in HxD and press CTRL + A and look at the bottom right where it says 'Length' and the offset cannot be bigger then the length. Unless you follow the 'PPC Tut' Which you can make PowerPC Functions to load the address and value when the game is loaded.
05-01-2014, 09:16 PM
#14
TheSaltCracka
League Champion
Originally posted by Prime
the offset you use for the 'Basic Tut' Must be under the size of the file. Just go in HxD and press CTRL + A and look at the bottom right where it says 'Length' and the offset cannot be bigger then the length. Unless you follow the 'PPC Tut' Which you can make PowerPC Functions to load the address and value when the game is loaded.
How would you make a debugged self instead of a debugged EBOOT?
05-02-2014, 11:15 AM
#15
A Friend
League Champion
Originally posted by TheSaltCracka
How would you make a debugged self instead of a debugged EBOOT?
1.You will need make_fself.exe program
2.Open command prompt in the folder with your .elf and make_fself program by pressing SHIFT + Right Click then choose 'Open Command Window Here'
3. type 'make_fself default_mp.elf default_mp.self'
I havent tested a debug self I made myself, so you could try that
05-02-2014, 11:52 AM
#16
TheSaltCracka
League Champion
Originally posted by A
1.You will need make_fself.exe program
2.Open command prompt in the folder with your .elf and make_fself program by pressing SHIFT + Right Click then choose 'Open Command Window Here'
3. type 'make_fself default_mp.elf default_mp.self'
I havent tested a debug self I made myself, so you could try that
2.Open command prompt in the folder with your .elf and make_fself program by pressing SHIFT + Right Click then choose 'Open Command Window Here'
3. type 'make_fself default_mp.elf default_mp.self'
I havent tested a debug self I made myself, so you could try that
Lol bro I just figured it out Yesterday thanks though
Any idea how to make a regular EBOOT/self that CEX could use?
Last edited by
TheSaltCracka ; 05-02-2014 at 12:00 PM.
05-02-2014, 12:05 PM
#18
TheSaltCracka
League Champion
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
