Post: How to call raw GSC Functions in an .sprx. Also, how to do waitill xD [RELEASE]
Options
03-09-2015, 06:50 PM
#1
Ambition sG
Haxor!
Ok so first we want to get our basic functions
int Scr_SetParameters(unsigned int Num){
return *(int*)(0x13C3140 + 0x1
= Num;
}
//This will set the parameter number
struct opd_s{
uint Sub;
uint Toc;
};
opd_s ParseAddr(int Address){
opd_s GLS = { Address, 0xA7F3C8 };
return GLS;
}
//TOCNext we want to get all the Scr_Add functions together
#define Scr_AddInt(Value) ((void(*)(int))&ParseAddr(0x2E8AE)(Value)
#define Scr_AddFloat(Value) ((void(*)(float))&ParseAddr(0x2E8BE4))(Value)
#define Scr_AddString(String) ((void(*)(const char*))&ParseAddr(0x2E91EC))(String)
#define Scr_AddEntity(Entity) ((void(*)(int))&ParseAddr(0x28B1CC))(Entity)
#define Scr_AddVector(Vec) ((void(*)(const float*))&ParseAddr(0x2E952C))(Vec)
Now to explain how to actually use these, we're going to use GScr_Earthquake as an example which is located at 0x268B60.
Here's how we do this.
void GScr_Earthquake(float scale, float duration, float* source, float radius){
Scr_AddFloat(radius);
Scr_AddVector(source);
Scr_AddFloat(duration);
Scr_AddFloat(scale);
Scr_SetParameters(4); //See how I set the parameter number after I finish calling the Scr_Adds?
((void(*)())&ParseAddr(0x268B60))(); //Call the actual function
//((void(*)(int))&ParseAddr(0x268B60))(ClientID << 16); //Only call this one if the one above doesn't work.
}
See how I called the Scr_Adds from the last parameter to the 1st one? Well you have to do that, idk why really.
Now on to the hook. You need somewhere to call these right? Well your answer is: VM_Resume - 0x2E69C4.
Method to hook: hookFunctionStart - Credit to Xx jAmes t xX for porting this
void PatchInJump(int Address, int Destination){
int FuncBytes[4];
Destination = *(int*)Destination;
FuncBytes[0] = 0x3D600000 + ((Destination >> 16) & 0xFFFF);
if(Destination & 0x8000) FuncBytes[0] += 1;
FuncBytes[1] = 0x396B0000 + (Destination & 0xFFFF);
FuncBytes[2] = 0x7D6903A6;
FuncBytes[3] = 0x4E800420;
Memcpy((void*)Address, FuncBytes, 4*4);
}
void hookFunctionStart(int Address, int saveStub, int Destination){ //Works on every game
saveStub = *(int*)saveStub;
int BranchtoAddress = Address + (4*4);
int StubData[8];
StubData[0] = 0x3D600000 + ((BranchtoAddress >> 16) & 0xFFFF);
if(BranchtoAddress & 0x8000) StubData[0] += 1;
StubData[1] = 0x396B0000 + (BranchtoAddress & 0xFFFF);
StubData[2] = 0x7D6903A6;
Memcpy(&StubData[3], (void*)Address, 4*4);
StubData[7] = 0x4E800420;
Memcpy((void*)saveStub, StubData, 8*4);
PatchInJump(Address, Destination);
}
Now our function hook
void VM_ResumeStub(int TimeId){
__asm("li %r3, 0x3");
}
void VM_ResumeHook(int TimeId){ // If this doesn't work, hook int VM_Execute() - 0x2E6444 with hookFunctionStart
//You would call GScr_Earthquake here. Obv not in the loop. Make sure you implement a check in here to make it // get called once
VM_ResumeStub(TimeId);
}
To call our hook we do
hookFunctionStart(0x2E69C4, (int)VM_ResumeStub, (int)VM_ResumeHook);
Make sure you call that about 2 seconds after your thread is executed.
Now that's it.
Also, you can call other things like:PlayerCmd_ClonePlayer
PlayerCmd_Suicide
Player_Die
G_RadiusDamage
GScr_NotifyOnPlayerCommand //Someone find this for me on ghosts pls ;-;
G_Damage
and many more!
Now on to waitill. Pretty easy tbh.
First
#define SL_ConvertToString(StringValue) ((const char*(*)(unsigned short))ParseAddr(0x2D894C))(StringValue)
hookFunctionStart(0x2E1970, (int)VM_NotifyStub, (int)VM_NotifyHook);
void VM_NotifyStub(unsigned int self, short Stringvalue, unsigned int Paramcount){
__asm("li %r3, 0x4");
}
void VM_NotifyHook(unsigned int self, short Stringvalue, unsigned int Paramcount){
//Now if we wanted to monitor onPlayerSpawned we do
int ClientID = ((int(*)(int))&ParseAddr(0x2DBF60))(self); //Scr_GetSelf
const char* Notify = SL_ConvertToString(Stringvalue);
if(!strcmp(Notify, "spawned_player")){
//Executed on spawn. This monitors for ANY CLIENT THAT SPAWNS!
GScr_Earthquake(0.6f, 2, (float*)(Playerstate() + 0x1C), 800); //Yes you can call this in V
}
VM_NotifyStub(self, Stringvalue, Paramcount);
}
That's pretty much it
This works for all cods the same way as it works for this. Just update the offsets.
Last edited by
Ambition sG ; 03-09-2015 at 07:13 PM.
The following 25 users say thank you to Ambition sG for this useful post:
03-10-2015, 05:48 PM
#11
Ambition sG
Haxor!
Originally posted by lutsch1234
i tried it on mw2 everything is fine i can build it but until i start the game i keeps saying awaitig challeng 2... i only have the earthquake function in it the same for ghost and i dont know why
The mw2 one is messed up atm. I have to fix it, but I assure you, I've tested the ghosts one and it works fine.
03-10-2015, 05:59 PM
#12
lutsch1234
Bounty hunter
The following user thanked SC58 for this useful post:
03-10-2015, 07:15 PM
#14
Ambition sG
Haxor!
03-10-2015, 07:32 PM
#16
Ambition sG
Haxor!
The following user thanked Ambition sG for this useful post:
03-17-2015, 09:56 PM
#17
JAKE_1496
< ^ > < ^ >
Originally posted by Ambition
Sup guys, if you don't know me, good. I'm from xbox xD. My alias is Maybe Ethernet. I'll be showing you how to call raw gsc functions in your dll/sprx.
Ok so first we want to get our basic functions
Next we want to get all the Scr_Add functions together
Now to explain how to actually use these, we're going to use GScr_Earthquake as an example which is located at 0x268B60.
Here's how we do this.
See how I called the Scr_Adds from the last parameter to the 1st one? Well you have to do that, idk why really.
Now on to the hook. You need somewhere to call these right? Well your answer is: VM_Resume - 0x2E69C4.
Method to hook: hookFunctionStart - Credit to Xx jAmes t xX for porting this
Now our function hook
To call our hook we do
Make sure you call that about 2 seconds after your thread is executed.
Now that's it. Also, you can call other things like:
PlayerCmd_ClonePlayer
PlayerCmd_Suicide
Player_Die
G_RadiusDamage
GScr_NotifyOnPlayerCommand //Someone find this for me on ghosts pls ;-;
G_Damage
and many more!
Now on to waitill. Pretty easy tbh.
First
That's pretty much it This works for all cods the same way as it works for this. Just update the offsets.
Ok so first we want to get our basic functions
int Scr_SetParameters(unsigned int Num){
return *(int*)(0x13C3140 + 0x1 = Num;
}
//This will set the parameter number
struct opd_s{
uint Sub;
uint Toc;
};
opd_s ParseAddr(int Address){
opd_s GLS = { Address, 0xA7F3C8 };
return GLS;
}
//TOCNext we want to get all the Scr_Add functions together
#define Scr_AddInt(Value) ((void(*)(int))&ParseAddr(0x2E8AE)(Value)
#define Scr_AddFloat(Value) ((void(*)(float))&ParseAddr(0x2E8BE4))(Value)
#define Scr_AddString(String) ((void(*)(const char*))&ParseAddr(0x2E91EC))(String)
#define Scr_AddEntity(Entity) ((void(*)(int))&ParseAddr(0x28B1CC))(Entity)
#define Scr_AddVector(Vec) ((void(*)(const float*))&ParseAddr(0x2E952C))(Vec)
Now to explain how to actually use these, we're going to use GScr_Earthquake as an example which is located at 0x268B60.
Here's how we do this.
void GScr_Earthquake(float scale, float duration, float* source, float radius){
Scr_AddFloat(radius);
Scr_AddVector(source);
Scr_AddFloat(duration);
Scr_AddFloat(scale);
Scr_SetParameters(4); //See how I set the parameter number after I finish calling the Scr_Adds?
((void(*)())&ParseAddr(0x268B60))(); //Call the actual function
//((void(*)(int))&ParseAddr(0x268B60))(ClientID << 16); //Only call this one if the one above doesn't work.
}
See how I called the Scr_Adds from the last parameter to the 1st one? Well you have to do that, idk why really.
Now on to the hook. You need somewhere to call these right? Well your answer is: VM_Resume - 0x2E69C4.
Method to hook: hookFunctionStart - Credit to Xx jAmes t xX for porting this
void PatchInJump(int Address, int Destination){
int FuncBytes[4];
Destination = *(int*)Destination;
FuncBytes[0] = 0x3D600000 + ((Destination >> 16) & 0xFFFF);
if(Destination & 0x8000) FuncBytes[0] += 1;
FuncBytes[1] = 0x396B0000 + (Destination & 0xFFFF);
FuncBytes[2] = 0x7D6903A6;
FuncBytes[3] = 0x4E800420;
Memcpy((void*)Address, FuncBytes, 4*4);
}
void hookFunctionStart(int Address, int saveStub, int Destination){ //Works on every game
saveStub = *(int*)saveStub;
int BranchtoAddress = Address + (4*4);
int StubData[8];
StubData[0] = 0x3D600000 + ((BranchtoAddress >> 16) & 0xFFFF);
if(BranchtoAddress & 0x8000) StubData[0] += 1;
StubData[1] = 0x396B0000 + (BranchtoAddress & 0xFFFF);
StubData[2] = 0x7D6903A6;
Memcpy(&StubData[3], (void*)Address, 4*4);
StubData[7] = 0x4E800420;
Memcpy((void*)saveStub, StubData, 8*4);
PatchInJump(Address, Destination);
}
Now our function hook
void VM_ResumeStub(int TimeId){
__asm("li %r3, 0x3");
}
void VM_ResumeHook(int TimeId){ // If this doesn't work, hook int VM_Execute() - 0x2E6444 with hookFunctionStart
//You would call GScr_Earthquake here. Obv not in the loop. Make sure you implement a check in here to make it // get called once
VM_ResumeStub(TimeId);
}
To call our hook we do
hookFunctionStart(0x2E69C4, (int)VM_ResumeStub, (int)VM_ResumeHook);
Make sure you call that about 2 seconds after your thread is executed.
Now that's it.
Also, you can call other things like:PlayerCmd_ClonePlayer
PlayerCmd_Suicide
Player_Die
G_RadiusDamage
GScr_NotifyOnPlayerCommand //Someone find this for me on ghosts pls ;-;
G_Damage
and many more!
Now on to waitill. Pretty easy tbh.
First
#define SL_ConvertToString(StringValue) ((const char*(*)(unsigned short))ParseAddr(0x2D894C))(StringValue)
hookFunctionStart(0x2E1970, (int)VM_NotifyStub, (int)VM_NotifyHook);
void VM_NotifyStub(unsigned int self, short Stringvalue, unsigned int Paramcount){
__asm("li %r3, 0x4");
}
void VM_NotifyHook(unsigned int self, short Stringvalue, unsigned int Paramcount){
//Now if we wanted to monitor onPlayerSpawned we do
int ClientID = ((int(*)(int))&ParseAddr(0x2DBF60))(self); //Scr_GetSelf
const char* Notify = SL_ConvertToString(Stringvalue);
if(!strcmp(Notify, "spawned_player")){
//Executed on spawn. This monitors for ANY CLIENT THAT SPAWNS!
GScr_Earthquake(0.6f, 2, (float*)(Playerstate() + 0x1C), 800); //Yes you can call this in V
}
VM_NotifyStub(self, Stringvalue, Paramcount);
}
That's pretty much it
This works for all cods the same way as it works for this. Just update the offsets.
Hey I would like to thank you for the hook and sadly on the gta forums they are noobs and won't figure out how to use it hopefully or they will get a base and call it theres either way it will be a while hopefully but again thanks bro and I appreciate your work on this forum and next time keep it on the low lol dont put every game so they dont know XD
04-09-2015, 03:57 AM
#18
Bitwise
Mario!
Just thought I'd drop by and say OP didn't create a single thing here; it was released on Xbox on Ghosts by Xx jAmes t xX, as he quit Ambition knew he could take credit. Be warned, the guy is a dunce.
EDIT:
Hacksorce also released the waitill substitute...
You must login or register to view this content.
This alone proves he did nothing lmfao. How can you not know why? Anyone who has reversed the structure, knows the value container works like a stack frame. When new things are pushed, the last value is dropped a place. Therefore leaving them almost in reverse...so, calling the arguments in reverse will leave the value array correct. I think I just contributed more to the subject more than the OP even did...
You never made a single dime doing anything. Even if you tried to, you wouldn't. You blew james for it before it was released, and made a shitty mw2 menu with it and RELEASED IT. But he is clearing saying that because he is also on 7s, so he knew it was released on Xbox...
EDIT:
Hacksorce also released the waitill substitute...
You must login or register to view this content.
This alone proves he did nothing lmfao. How can you not know why? Anyone who has reversed the structure, knows the value container works like a stack frame. When new things are pushed, the last value is dropped a place. Therefore leaving them almost in reverse...so, calling the arguments in reverse will leave the value array correct. I think I just contributed more to the subject more than the OP even did...
Originally posted by Ambition
Lol as if you knew anything about it xD I've had this for like 4 months now. Never bothered to release it but you know, not making that paper anymore so I just released it. Stick to your achievement releases on xbox bud.
You never made a single dime doing anything. Even if you tried to, you wouldn't. You blew james for it before it was released, and made a shitty mw2 menu with it and RELEASED IT. But he is clearing saying that because he is also on 7s, so he knew it was released on Xbox...
Last edited by
Bitwise ; 04-15-2015 at 07:09 PM.
The following 2 users say thank you to Bitwise for this useful post:
04-20-2015, 11:47 PM
#19
Connerg123
Brute
Originally posted by bitwise
just thought i'd drop by and say op didn't create a single thing here; it was released on xbox on ghosts by xx james t xx, as he quit ambition knew he could take credit. Be warned, the guy is a dunce.
Edit:
Hacksorce also released the waitill substitute...
You must login or register to view this content.
this alone proves he did nothing lmfao. How can you not know why? Anyone who has reversed the structure, knows the value container works like a stack frame. When new things are pushed, the last value is dropped a place. Therefore leaving them almost in reverse...so, calling the arguments in reverse will leave the value array correct. I think i just contributed more to the subject more than the op even did...
You never made a single dime doing anything. Even if you tried to, you wouldn't. You blew james for it before it was released, and made a shitty mw2 menu with it and released it. But he is clearing saying that because he is also on 7s, so he knew it was released on xbox...
Edit:
Hacksorce also released the waitill substitute...
You must login or register to view this content.
this alone proves he did nothing lmfao. How can you not know why? Anyone who has reversed the structure, knows the value container works like a stack frame. When new things are pushed, the last value is dropped a place. Therefore leaving them almost in reverse...so, calling the arguments in reverse will leave the value array correct. I think i just contributed more to the subject more than the op even did...
You never made a single dime doing anything. Even if you tried to, you wouldn't. You blew james for it before it was released, and made a shitty mw2 menu with it and released it. But he is clearing saying that because he is also on 7s, so he knew it was released on xbox...
amen!!
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
