Post: How to customize an EBOOT! [PPC] [Improved]
Options
04-24-2014, 09:12 PM
#1
Notorious
Caprisuns Is Back
Basic tut
What you will need:
HxD (google it)
default_mp.elf (Provided)
make_fself program (you can find on internet or on my eboot builder)
A brain
Step 1:
Open up HxD with the default_mp.elf and it should look like this:
You must login or register to view this content.
Step 2:
You need the address and bytes for the mod that you want, so for example we will use
UAV = 0x0013F42C (credits to ErasedDev I think)
ON = 01
So now we will have to subtract 10,000 in HEX to the address of the mod in order to search it in HxD you can do that by going to the calculator with the programmers view then click the HEX radio button then subtract 10,000 to the address and that will be your destination!
and now press CTRL + G to search an offset, here you will search the offset + 10,000 so it will look like this:
You must login or register to view this content.
So then after that it will bring you to the offset like this:
You must login or register to view this content.
So now you can type in the value, in this case it is 01, like so:
You must login or register to view this content.
So now your eboot will contain UAV mod!
PPC Tut
Hey so now we will do a little bit more advanced tutorial to show you how to use powerpc assembly language to add mods to your eboot! It is different but it is really not that difficult! Let's get started!
So first off we will need to get an address that is not being called in the game (An address that is not being used). You can find an address like this by just going in IDA Pro and clicking on a random function and then putting a break point on it in debugger. If you freeze, then it is being used. If you don't freeze then you are good
! So I am just going to make an imaginary address but the address that I use just replace it with the one that you found. So now let's start the ppc! Here is the function layout for this:
1. lis r3, 0xfirstHalfOfAddress
2. li r4, 0xonValue
3. stb r4, 0xsecondHalfOfAddress(r3)
Now I will explain each number line:
1. Loading the first 2 bytes of the address into the register 3 (r3)
2. Loading the value that you are using to turn on the mod into register 4 (r4)
3. Storing that byte at the address that you loaded
Now I will make an example: (I will be giving my primary weapon 100 bullet's)
lis r3, 0x00F4 #First half of the address for primary ammo
li r4, 0x64 #100 In Hex.
stb r4, 0x4DE8(r3) #Storing r4 at primary ammo address
Now let's convert this to the memory:
Line 1: 3C 60 00 F4
Line 2: 38 80 00 64
Line 3: 98 83 4D E8
Now we will write that at the address that we found that is not being used.
Binding Mod's in PPC
Alright, this tutorial is more advanced then the previous one, but that doesn't mean that it is hard! So what I will be teaching you in this part is how to make it so you press a button and it turns on a mod, but in an EBOOT!
Here is an example for binding no clip:
_main:
li r3, 0 #Local client number
li r4, 0x14 #DPAD_UP
bl 0x0018EEF8 #Key_IsDown Address
cmpwi r3, 0
beq 0x84 (end to fps)
bl 0x4C55DC #Address where the no clip function is stored
b 0x84 (end to fps)
//now put this at the address
_main:
lis r3, 0xF4
li r4, 0x01
stb r4, 0x779F(r3)
b end
end:
blr
Hope this helped everyone! Leave any further questions below!
Last edited by
Notorious ; 09-28-2014 at 12:32 PM.
The following 66 users say thank you to Notorious for this useful post:
-JM-, Eddie Mac, A Friend, AlexNGU, ALI ALHILFI, anxify, B777x, bhoot-iq, Bitwise, br0wniiez, BunnyV3, CodJumper:, Cyb3r, Sabotage, Ethan, FusionIsDaName, G-NeR, Geo, Hori_By_Nature, idropkittens, Im_YouViolateMe, ImAzazel, ImPiffHD, ImSooCool, iNDMx, iTпDM, Welsh, Jewels, joni_djESP, KareraHekku, khalid5257, KranK, Kronoaxis, lahyene77, lucasaf01, M4K3VELi7-, Mango_Knife, MegaMister, MrKiller261, Norway-_-1999, John, PartyTime, PrimeCreated, primetime43, xProvXKiller, RaYRoD, RouletteBoi, RTE, Dacoco, Smoky420, SnaY, Sticky, Taylor, Swifter, Taylors Bish, The★A1★HAXO_oR, TheSaltCracka, TheUnknown21, Troyabusa, Tseerock, witchery, xHostModer, xPAQz, xSlinkeyy, zxCARLOSxz
05-11-2014, 09:00 PM
#30
Hori_By_Nature
Space Ninja
Originally posted by Prime
Hey guys this is a tutorial on how to make a modified EBOOT using HxD . And I always see people commenting and messaging people for them to make a cheat eboot so I figured I will make a tuturial.
Basic tut
What you will need:
HxD (google it)
default_mp.elf (Provided)
make_fself program (you can find on internet or on my eboot builder)
A brain
Step 1:
Open up HxD with the default_mp.elf and it should look like this:
You must login or register to view this content.
Step 2:
You need the address and bytes for the mod that you want, so for example we will use
UAV = 0x0013F42C (credits to ErasedDev I think)
ON = 01
So now we will have to subtract 10,000 in HEX to the address of the mod in order to search it in HxD you can do that by going to the calculator with the programmers view then click the HEX radio button then subtract 10,000 to the address and that will be your destination!
and now press CTRL + G to search an offset, here you will search the offset - 10,000 so it will look like this:
You must login or register to view this content.
So then after that it will bring you to the offset like this:
You must login or register to view this content.
So now you can type in the value, in this case it is 01, like so:
You must login or register to view this content.
So now your eboot will contain UAV mod!
PPC Tut (for mods not loaded in the EBOOT until the game is loaded):
Ok the tutorial above was for mods that are loaded in the .elf before the game has loaded. This tut will teach you how to put mods that are loaded in the game like godmode or other stuff like that!
Lets get started!
Step 1:
you should now know how to look for offsets now and all the basic stuff with hxd. so just open HxD and leave it there
Step 2:
get your offset, in this case we will use godmode
offset = 0x00e0462a
value = 65535
So now here comes the PPC part
here is the PPC instruction layout for a basic mod:
li r3, 0xoff
li r4, value
stb r4, r3, 0xset
so for god mode we will fill it in. but first we need to ad 10,000 to the offset in hex! you should be able to know how to do that..
godmode - 10,000 = 0xE1462A
so now lets fill in, the ppc is now:
li r3, 0xE14
li r4, 65535
stb r4, r3, 0x62A
so now we need to convert this to bytes which is simple
follow along
lets convert this first line - li r3, 0xE14
to do this we will start with 'li'
the opcode for 'li' is 38
the register r3 is 60
and the value is E14
so the bytes are for the first line - 38 60 0E 14
now lets convert this line - li r4, FFFF
to do this we will start with 'li'
the opcode for 'li' is 38
the register r4 is 80
and the value is 65535
so the bytes for this line are - 38 80 FF FF
now lets convert this line - stb r4, r3, 0x62A
we will start with 'stb'
the opcode for 'stb' is 98
the register r4 is 80
the register r3 is 60
the value to add is 06 2A
so the bytes for this line are - 98 83 06 2A
so the bytes all together are:
38 60 0E 14 38 80 06 55 35 98 80 60 06 2A
you can write those values at an empty address with a bunch of .......... (00 00 00 00 00 00 00 00 00 00)
simple as that!
Hope this helped!
Key_IsDown Tutorial (to bind mods)
So maybe you want to make an eboot where you can bind mods? Well I will show you how to do this!
What you will need for this part:
Brain
Mod offset of your choice
so now lets start with the ppc layout
li r3, client number
li r4, 0xbutton
bl 0x18D888 //key is down branch
cmpwi r3, 0 // compares value
beq ... //branch the end of function
li r3, 0xoff
li r4, value
stb r4, r3, 0xset
b .. //branch function
So lets fill in with what we want!
li r3, 0 // client 0
li r4, 0x15 //dpad up
bl 0x18D888 // key_isDown address
cmpwi r3, 0
beq 0x37 // branch
li r3, 0xE14
li r4, 65535 //value
stb r4, r3, 0x62A
b 0x00 //end the function
Now lets convert each line of ppc to bytes!
li r3, 0 = 38 60 00 00
li r4, 0x15 = 38 80 00 15
bl 0x18D888 = 48 18 D8 8D
cmpwi r3, 0 = 2C 03 00 00
beq ... = 41 37
li r3, 0xE14 = 38 60 0E 14
li r4, FFFF = 38 80 FF FF
stb r4, r3, 0x62A = 98 83 06 2A
b = 48 00
all together = 38 60 00 38 80 15 48 18 D8 88 2C 60 00 41 37 38 60 0E 14 38 80 FF FF 98 80 60 06 2A 48 00
store that at a function like fps that is empty in the memory!
How to properly branch the function (b, beq):
Ok so alot of the times it might not work because you have branched it wrong. Which is not what you want, so follow along to learn how to properly branch the end of the function you are using!
We will be writing this in the FPS: function because it will execute it every second:
First get to the end point of where you are writing the function like so (END OF FPS):
You must login or register to view this content.
Now click on the tab that says 'Hex View-A':
You must login or register to view this content.
copy that address and put it in notepad or something...
Now go to where you are going to start writing the function like so:
You must login or register to view this content.
Now go to the Hex view - A like so:
You must login or register to view this content.
And now do End Of Function Address [MINUS] the Start Address (Where we start writing it) (make sure you do it in HEX CALCULATOR)
For example:
36B2F4 - 36B264 = 0x90
so the last line of PPC instructions will be :
b 0x90
How To Make An EBOOT In C# (EBOOT Builder)
Ok so alot of you guys may like this way better because it might be easier for you, or you might want to make an EBOOT Builder or something
Ok so first off you will need visual studio, and then make a new project. (Im not going to go into details for the basic stuff because you should know them already or you can just google them)
so now view the code and put at the top:
So now you will need to add a class, it is in this pastebin:
You must login or register to view this content.
so now you can go to the designer and put a textbox and a button. name the button something like 'Load .ELF File'
so now double click the button, but then navigate to under 'public partial class' and add this code:
so go back to the coding of the button called 'Load .ELF File' and add this:
so now you can add another button called 'Bulid EBOOT' or something like that
and now we will be writing our mods. So double click the Build button or whatever and this will be the outline for each mod:
so i will only be doing that one mod just for an example. So now under that shit add this:
and now you will need this: (thanks to Tustin for sharing his method of building the file itself, which I had trouble with at first)
and now you are all set! You can now build eboots using C# !
Make sure the values are in decimal!
*NOTE* use 'stb' for a 1 byte value. And use 'stw' for a 4 byte value. (always as a decimal)
*I reccomend writing these functions at fps: because it will execute it every second!*
Here is a little tool I made to help you with the PPC mods. You must login or register to view this content.
I want to thank BLB for introducing me to PPC and Vezah for help along the ways! And SC58 for the Key_IsDown Example! <3
If you need additional PPC Help visit this thread made by BadLuckBrian You must login or register to view this content.
You can now make it into an EBOOT.BIN by doing the following:
1.You will need make_fself.exe program
2.Open command prompt in the folder with your .elf and make_fself program by pressing SHIFT + Right Click then choose 'Open Command Window Here'
3. type 'make_fself default_mp.elf EBOOT.BIN'
4. DONE!!!!
I hope you find this helpful
Downloads:
you can download the .elf file right You must login or register to view this content. (thanks mango )
Basic tut
What you will need:
HxD (google it)
default_mp.elf (Provided)
make_fself program (you can find on internet or on my eboot builder)
A brain
Step 1:
Open up HxD with the default_mp.elf and it should look like this:
You must login or register to view this content.
Step 2:
You need the address and bytes for the mod that you want, so for example we will use
UAV = 0x0013F42C (credits to ErasedDev I think)
ON = 01
So now we will have to subtract 10,000 in HEX to the address of the mod in order to search it in HxD you can do that by going to the calculator with the programmers view then click the HEX radio button then subtract 10,000 to the address and that will be your destination!
and now press CTRL + G to search an offset, here you will search the offset - 10,000 so it will look like this:
You must login or register to view this content.
So then after that it will bring you to the offset like this:
You must login or register to view this content.
So now you can type in the value, in this case it is 01, like so:
You must login or register to view this content.
So now your eboot will contain UAV mod!
PPC Tut (for mods not loaded in the EBOOT until the game is loaded):
Ok the tutorial above was for mods that are loaded in the .elf before the game has loaded. This tut will teach you how to put mods that are loaded in the game like godmode or other stuff like that!
Lets get started!
Step 1:
you should now know how to look for offsets now and all the basic stuff with hxd. so just open HxD and leave it there
Step 2:
get your offset, in this case we will use godmode
offset = 0x00e0462a
value = 65535
So now here comes the PPC part
here is the PPC instruction layout for a basic mod:
li r3, 0xoff
li r4, value
stb r4, r3, 0xset
so for god mode we will fill it in. but first we need to ad 10,000 to the offset in hex! you should be able to know how to do that..
godmode - 10,000 = 0xE1462A
so now lets fill in, the ppc is now:
li r3, 0xE14
li r4, 65535
stb r4, r3, 0x62A
so now we need to convert this to bytes which is simple
follow along
lets convert this first line - li r3, 0xE14
to do this we will start with 'li'
the opcode for 'li' is 38
the register r3 is 60
and the value is E14
so the bytes are for the first line - 38 60 0E 14
now lets convert this line - li r4, FFFF
to do this we will start with 'li'
the opcode for 'li' is 38
the register r4 is 80
and the value is 65535
so the bytes for this line are - 38 80 FF FF
now lets convert this line - stb r4, r3, 0x62A
we will start with 'stb'
the opcode for 'stb' is 98
the register r4 is 80
the register r3 is 60
the value to add is 06 2A
so the bytes for this line are - 98 83 06 2A
so the bytes all together are:
38 60 0E 14 38 80 06 55 35 98 80 60 06 2A
you can write those values at an empty address with a bunch of .......... (00 00 00 00 00 00 00 00 00 00)
simple as that!
Hope this helped!
Key_IsDown Tutorial (to bind mods)
So maybe you want to make an eboot where you can bind mods? Well I will show you how to do this!
What you will need for this part:
Brain
Mod offset of your choice
so now lets start with the ppc layout
li r3, client number
li r4, 0xbutton
bl 0x18D888 //key is down branch
cmpwi r3, 0 // compares value
beq ... //branch the end of function
li r3, 0xoff
li r4, value
stb r4, r3, 0xset
b .. //branch function
So lets fill in with what we want!
li r3, 0 // client 0
li r4, 0x15 //dpad up
bl 0x18D888 // key_isDown address
cmpwi r3, 0
beq 0x37 // branch
li r3, 0xE14
li r4, 65535 //value
stb r4, r3, 0x62A
b 0x00 //end the function
Now lets convert each line of ppc to bytes!
li r3, 0 = 38 60 00 00
li r4, 0x15 = 38 80 00 15
bl 0x18D888 = 48 18 D8 8D
cmpwi r3, 0 = 2C 03 00 00
beq ... = 41 37
li r3, 0xE14 = 38 60 0E 14
li r4, FFFF = 38 80 FF FF
stb r4, r3, 0x62A = 98 83 06 2A
b = 48 00
all together = 38 60 00 38 80 15 48 18 D8 88 2C 60 00 41 37 38 60 0E 14 38 80 FF FF 98 80 60 06 2A 48 00
store that at a function like fps that is empty in the memory!
How to properly branch the function (b, beq):
Ok so alot of the times it might not work because you have branched it wrong. Which is not what you want, so follow along to learn how to properly branch the end of the function you are using!
We will be writing this in the FPS: function because it will execute it every second:
First get to the end point of where you are writing the function like so (END OF FPS):
You must login or register to view this content.
Now click on the tab that says 'Hex View-A':
You must login or register to view this content.
copy that address and put it in notepad or something...
Now go to where you are going to start writing the function like so:
You must login or register to view this content.
Now go to the Hex view - A like so:
You must login or register to view this content.
And now do End Of Function Address [MINUS] the Start Address (Where we start writing it) (make sure you do it in HEX CALCULATOR)
For example:
36B2F4 - 36B264 = 0x90
so the last line of PPC instructions will be :
b 0x90
How To Make An EBOOT In C# (EBOOT Builder)
Ok so alot of you guys may like this way better because it might be easier for you, or you might want to make an EBOOT Builder or something
Ok so first off you will need visual studio, and then make a new project. (Im not going to go into details for the basic stuff because you should know them already or you can just google them)
so now view the code and put at the top:
using System.IO;
using System.Diagnostics;
So now you will need to add a class, it is in this pastebin:
You must login or register to view this content.
so now you can go to the designer and put a textbox and a button. name the button something like 'Load .ELF File'
so now double click the button, but then navigate to under 'public partial class' and add this code:
public OpenFileDialog OFD = new OpenFileDialog();//this is basically just renaming the OpenFileDialog to 'OFD' and you will have access the the extensions of the class
so go back to the coding of the button called 'Load .ELF File' and add this:
OFD.Filter = ".ELF Files|*.elf";//this makes it so when you are choosing a file, it only lets you choose a .ELF file
if (OFD.ShowDialog() == DialogResult.OK)
{
if (OFD.SafeFileName != "default_mp.elf")//if the SafeFileName does not equal default_mp.elf it will do the following
{
MessageBox.Show("make sure you have not rename the .elf file", "Not Found (ERROR)", MessageBoxButtons.OK);
}
else//otherwise (if it does) then it will do this
{
textBox1.Text = OFD.FileName;//this makes it so that the textbox in the designer will show the path of the file
MessageBox.Show(OFD.SafeFileName + " .ELF file is now ready to modify", "Found", MessageBoxButtons.OK);
}
}
so now you can add another button called 'Bulid EBOOT' or something like that
and now we will be writing our mods. So double click the Build button or whatever and this will be the outline for each mod:
if (chromePlayers.Checked == true)
{
BigEndianWriter bew = new BigEndianWriter(new MemoryStream(File.ReadAllBytes(OFD.FileName)));//sets BigEndianWriter
int myMod = 0x01;//this is the value to turn the mod on (the bytes)
bew.BaseStream.Position = 0x4783CB;//this is the address of the mod
bew.Write(myMod);//this will write the value at the address
bew.Close();//closes
}
so i will only be doing that one mod just for an example. So now under that shit add this:
if (File.Exists("Debug.bat"))//if Debug.bat exists (you will also need scetool, make_fself, batch file, etc) but you can find it in one of my builders or someone elses
{
System.Threading.Thread loading = new System.Threading.Thread(new System.Threading.ThreadStart(ThreadProc));//we will get to this later
Process pro = new Process();
pro.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
pro.StartInfo.FileName = "Debug.bat";
pro.Start();
MessageBox.Show("Your Modified .SELF has been built", "Build Complete", MessageBoxButtons.OK, MessageBoxIcon.Information);
}//all of this is pretty self explanatory (its just using System.Diagnostics to execute the process of the .bat file
else
{
MessageBox.Show("You need to make sure you have zlib.dll !", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
and now you will need this: (thanks to Tustin for sharing his method of building the file itself, which I had trouble with at first)
public static void ThreadProc()
{
}//this is just blank lol but you need this (it is the Thread Target)
and now you are all set! You can now build eboots using C# !
Make sure the values are in decimal!
*NOTE* use 'stb' for a 1 byte value. And use 'stw' for a 4 byte value. (always as a decimal)
*I reccomend writing these functions at fps: because it will execute it every second!*
Here is a little tool I made to help you with the PPC mods. You must login or register to view this content.
I want to thank BLB for introducing me to PPC and Vezah for help along the ways! And SC58 for the Key_IsDown Example! <3
If you need additional PPC Help visit this thread made by BadLuckBrian You must login or register to view this content.
You can now make it into an EBOOT.BIN by doing the following:
1.You will need make_fself.exe program
2.Open command prompt in the folder with your .elf and make_fself program by pressing SHIFT + Right Click then choose 'Open Command Window Here'
3. type 'make_fself default_mp.elf EBOOT.BIN'
4. DONE!!!!
I hope you find this helpful
Downloads:
you can download the .elf file right You must login or register to view this content. (thanks mango )
Good job bro!
05-17-2014, 09:21 PM
#31
Swifter
The Swift One
Originally posted by Prime
Step 2:
You need the address and bytes for the mod that you want, so for example we will use
UAV = 0x0013F42C (credits to ErasedDev I think)
ON = 01
So now we will have to subtract 10,000 in HEX to the address of the mod in order to search it in HxD you can do that by going to the calculator with the programmers view then click the HEX radio button then subtract 10,000 to the address and that will be your destination!
and now press CTRL + G to search an offset, here you will search the offset - 10,000 so it will look like this:
You must login or register to view this content.
Umm.. isn't 13F42C - 10,000 = to 12F42C ? :RTS: cos you added the 10,000 instead of the "subtract" you stated.. Or did you perhaps mean add instead maybe?
..Anyway, but still nonetheless very nice tutorial/guide. :yes:
Last edited by
Swifter ; 05-17-2014 at 09:23 PM.
05-17-2014, 09:31 PM
#32
Notorious
Caprisuns Is Back
Originally posted by Swifter
Umm.. isn't 13F42C - 10,000 = to 12F42C ? :RTS: cos you added the 10,000 instead of the "subtract" you stated.. Or did you perhaps mean add instead maybe?
..Anyway, but still nonetheless very nice tutorial/guide. :yes:
..Anyway, but still nonetheless very nice tutorial/guide. :yes:
lol I messed up but yeah your supposed to subtract and thanks!
The following user thanked Notorious for this useful post:
06-11-2014, 01:14 AM
#36
idropkittens
Do a barrel roll!
Is there a specific way to make it boot up to a certain part of the game, example multiplayer or zombies?
Last edited by
idropkittens ; 06-11-2014 at 03:21 AM.
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
