(adsbygoogle = window.adsbygoogle || []).push({});
Hey guys this is a tutorial on how to make a modified EBOOT using HxD . And I always see people commenting and messaging people for them to make a cheat eboot so I figured I will make a tuturial.
Basic tut
What you will need:
HxD (google it)
default_mp.elf (Provided)
make_fself program (you can find on internet or on my eboot builder)
A brain
Step 1:
Open up HxD with the default_mp.elf and it should look like this:
You must login or register to view this content.
Step 2:
You need the address and bytes for the mod that you want, so for example we will use
UAV = 0x0013F42C (credits to ErasedDev I think)
ON = 01
So now we will have to subtract 10,000 in HEX to the address of the mod in order to search it in HxD you can do that by going to the calculator with the programmers view then click the HEX radio button then subtract 10,000 to the address and that will be your destination!
and now press CTRL + G to search an offset, here you will search the offset + 10,000 so it will look like this:
You must login or register to view this content.
So then after that it will bring you to the offset like this:
You must login or register to view this content.
So now you can type in the value, in this case it is 01, like so:
You must login or register to view this content.
So now your eboot will contain UAV mod!
PPC Tut
Hey so now we will do a little bit more advanced tutorial to show you how to use powerpc assembly language to add mods to your eboot! It is different but it is really not that difficult! Let's get started!
So first off we will need to get an address that is not being called in the game (An address that is not being used). You can find an address like this by just going in IDA Pro and clicking on a random function and then putting a break point on it in debugger. If you freeze, then it is being used. If you don't freeze then you are good ! So I am just going to make an imaginary address but the address that I use just replace it with the one that you found. So now let's start the ppc! Here is the function layout for this:
1. lis r3, 0xfirstHalfOfAddress
2. li r4, 0xonValue
3. stb r4, 0xsecondHalfOfAddress(r3)
Now I will explain each number line:
1. Loading the first 2 bytes of the address into the register 3 (r3)
2. Loading the value that you are using to turn on the mod into register 4 (r4)
3. Storing that byte at the address that you loaded
Now I will make an example: (I will be giving my primary weapon 100 bullet's)
lis r3, 0x00F4 #First half of the address for primary ammo
li r4, 0x64 #100 In Hex.
stb r4, 0x4DE8(r3) #Storing r4 at primary ammo address
Now let's convert this to the memory:
Line 1: 3C 60 00 F4
Line 2: 38 80 00 64
Line 3: 98 83 4D E8
Now we will write that at the address that we found that is not being used.
Binding Mod's in PPC
Alright, this tutorial is more advanced then the previous one, but that doesn't mean that it is hard! So what I will be teaching you in this part is how to make it so you press a button and it turns on a mod, but in an EBOOT!
Here is an example for binding no clip:
_main:
li r3, 0 #Local client number
li r4, 0x14 #DPAD_UP
bl 0x0018EEF8 #Key_IsDown Address
cmpwi r3, 0
beq 0x84 (end to fps)
bl 0x4C55DC #Address where the no clip function is stored
b 0x84 (end to fps)
//now put this at the address
_main:
lis r3, 0xF4
li r4, 0x01
stb r4, 0x779F(r3)
b end
end:
blr
Hope this helped everyone! Leave any further questions below!