How to call GSC Functions on MW3

1. /* How to call GSC Functions on MW3 and how to do "weapon_fired" and PlayerCMD_IPrintin */
2. // SRC: http://www.nextgenupdate.com/forums/showthread.php?p=6442740
3.  
4. /*
5. Hello NGU Members so today i bring you how to call gsc functions on mw3.
6. Credit goes to Ethernet, Shark, SyGnUs.
7. I had a hard time to get this working but at the end i found a way to get it working so lets get started.
8. Things you Need:
9. */
10.  
11. //Headers
12.  
13. //Global Headers
14. #include <stdio.h>
15. #include <stdlib.h>
16. #include <stdarg.h>
17. #include <stddef.h>
18. #include <string.h>
19. #include <sys/prx.h>
20. #include <sys/syscall.h>
21. #include <sys/ppu_thread.h>
22. #include <sys/sys_time.h>
23. #include <sys/time_util.h>
24. #include <assert.h>
25. #include <sys/process.h>
26. #include <sys/memory.h>
27. #include <sys/timer.h>
28. #include <sys/return_code.h>
29. #include <sys/prx.h>
30. #include <sys/types.h>
31. #include <math.h>
32. #include <fastmath.h>
33. #include <stdio.h>
34. #include <stdlib.h>
35. #include <stdarg.h>
36. #include <stddef.h>
37. #include <string.h>
38. #include <fastmath.h>
39. #include <cellstatus.h>
40. #include <sys/prx.h>
41. #include <sys/timer.h>
42. #include <sys/syscall.h>
43. #include <sys/ppu_thread.h>
44. #include <cell/sysmodule.h>
45. #include <sys/ss_get_open_psid.h>
46. #pragma comment(lib, "sysmodule_stub")
47. #include <math.h>
48. #include <cell/pad.h>
49. #include <stdio.h>
50. #include <stdlib.h>
51. #include <string>
52. #include <sys/random_number.h>
53. #pragma comment(lib, "c")
54. #include <sys/memory.h>
55. #include <cell/cell_fs.h>
56. #pragma comment(lib, "fs_stub")
57. #include <fastmath.h>
58. #include <sys/process.h>
59. #include <ppu_intrinsics.h>
60.  
61. //Offsets + Structures
62. #define TOC 0x72DCE8
63.  
64. enum Address {
65.         SL_ConvertToString_a = 0x210FE0,
66.     Scr_Notify_a = 0x1BB1B0,
67.     Scr_ClearOutParams_a = 0x218414,
68.     Scr_AddInt_a = 0x221A58,
69.     Scr_AddFloat_a = 0x221B48,
70.     Scr_AddString_a = 0x222120,
71.     Scr_AddEntity_a = 0x1BACC8,
72.     Scr_AddVector_a = 0x222444,
73.     gentity_s = 0xFCA280,
74.     gentity_s_size = 0x280,
75.     gclient_s = 0x110A280,
76.     gclient_s_size = 0x3980,
77. };
78.  
79. struct opd_s {
80.     unsigned int sub;
81.     unsigned int toc;
82. };
83.  
84. struct scr_entref_t
85. {
86.   unsigned short entnum;
87.   unsigned short classnum;
88. };
89.  
90. struct VariableStackBuffer {
91.   const char *pos;
92.   unsigned short size;
93.   unsigned short bufLen;
94.   unsigned int localId;
95.   char time;
96.   char buf[1];
97. };
98.  
99. union VariableUnion
100. {
101.   int intValue;
102.   float floatValue;
103.   unsigned int stringValue;
104.   const float *vectorValue;
105.   const char *codePosValue;
106.   unsigned int pointerValue;
107.   VariableStackBuffer *stackValue;
108.   unsigned int entityOffset;
109. };
110.  
111. struct VariableValue {
112.   VariableUnion u;
113.   int type;
114. };
115. #endif
116.  
117. //Functions
118. opd_s ParseAddr(int Address);
119. const char* SL_ConvertToString(int stringValue);
120. void Scr_Notify(int *ent, short stringValue, unsigned int paramcount);
121. void Scr_ClearOutParams();
122. void Scr_AddInt(int value);
123. void Scr_AddFloat(float value);
124. void Scr_AddString(const char* value);
125. void Scr_AddEntity(int value);
126. void Scr_AddVector(float* value);
127. int getEntity(int entityNum, int offset);
128. int getClient(int clientNum, int offset);
129.  
130. void Scr_AddInt(int value) {
131.     void(*Scr_AddInt)(int value) = (void(*)(int))&Scr_AddInt_t;
132.     Scr_AddInt(value);
133. }
134.  
135. void Scr_AddFloat(float value) {
136.     void(*Scr_AddFloat)(float value) = (void(*)(float))&Scr_AddFloat_t;
137.     Scr_AddFloat(value);
138. }
139.  
140. void Scr_AddString(const char* value) {
141.     void(*Scr_AddString)(const char* value) = (void(*)(const char*))&Scr_AddString_t;
142.     Scr_AddString(value);
143. }
144.  
145. void Scr_AddEntity(int value) {
146.     void(*Scr_AddEntity)(int value) = (void(*)(int))&Scr_AddEntity_t;
147.     Scr_AddEntity(value);
148. }
149.  
150. void Scr_AddVector(float* value) {
151.     void(*Scr_AddVector)(float* value) = (void(*)(float*))&Scr_AddVector_t;
152.     Scr_AddVector(value);
153. }
154.  
155. int getEntity(int entityNum, int offset) {
156.     return gentity_s + (gentity_s_size * entityNum) + offset;
157. }
158.  
159. int getClient(int clientNum, int offset) {
160.     return gclient_s + (gclient_s_size * clientNum) + offset;
161. }
162. void Scr_Notify(int *ent, short stringValue, unsigned int paramcount) {
163.     void(*Scr_Notify)(int *ent, short stringValue, unsigned int paramcount) = (void(*)(int*, short, unsigned int))&Scr_Notify_t;
164.     Scr_Notify(ent, stringValue, paramcount);
165. }
166. const char* SL_ConvertToString(int stringValue) {
167.     const char*(*SL_ConvertToString)(int stringValue) = (const char*(*)(int))&SL_ConvertToString_t;
168.     return SL_ConvertToString(stringValue);
169. }
170. opd_s ParseAddr(int Address) {
171.     opd_s GLS = { Address, TOC };
172.     return GLS;
173. }
174. void Scr_SetNumParam(int numParam) {
175.    *(int*)(0x15702C8 + 0x18) = numParam;
176. }
177. #endif
178.  
179. //Memory
180. float floatArray[100];
181. char byteArray[100];
182. int intArray[100];
183. char returnRead[100];
184.  
185. typedef unsigned char byte;
186. typedef unsigned char BYTE;
187. typedef unsigned char* PBYTE;
188. typedef void VOID;
189. typedef void* PVOID;
190. typedef long long __int64;
191. __int64 ThreadRTOC;
192.  
193. int Memcopy(PVOID destination, const PVOID source, size_t size) {
194.     system_call_4(905, (uint64_t)sys_process_getpid(), (uint64_t)destination, size, (uint64_t)source);
195.     __dcbst(destination);
196.     __sync();
197.     __isync();
198.     return_to_user_prog(int);
199. }
200.  
201. int console_write(const char * s) {
202.     uint32_t len;
203.     system_call_4(403, 0, (uint64_t)s, strlen(s), (uint64_t)&len);
204.     return_to_user_prog(int);
205. }
206.  
207. void sleep(usecond_t time) {
208.     sys_timer_usleep(time * 1000);
209. }
210.  
211. void delay(unsigned int mseconds) {
212.     clock_t goal = (mseconds * 1000) + clock();
213.     while (goal > clock());
214. }
215.  
216. sys_pid_t get_process_id() {
217.     system_call_0(1);
218.     return_to_user_prog(sys_pid_t);
219. }
220.  
221. int32_t write_process(uint64_t ea, const void * data, uint32_t size) {
222.     system_call_4(905, (uint64_t)sys_process_getpid(), ea, size, (uint64_t)data);
223.     return_to_user_prog(int32_t);
224. }
225.  
226. sys_ppu_thread_t create_thread(void(*entry)(uint64_t), int priority, size_t stacksize, const char* threadname, sys_ppu_thread_t id) {
227.     if (sys_ppu_thread_create(&id, entry, 0, priority, stacksize, SYS_PPU_THREAD_CREATE_JOINABLE, threadname) == CELL_OK)
228.     {
229.         console_write("Thread successfully created!\n");
230.     }
231.     return id;
232. }
233.  
234. float* ReadFloat(int address, int length) {
235.     for (int i = 0; i < 100; i++)
236.         floatArray[i] = 0;
237.     for (int i = 0; i < length; i++) {
238.         floatArray[i] = *(float*)(address + (i * 0x04));
239.     }
240.     return floatArray;
241. }
242. void WriteFloat(int address, float* input, int length) {
243.     for (int i = 0; i < length; i++) {
244.         *(float*)(address + (i * 0x04)) = input[i];
245.     }
246. }
247.  
248. char* ReadBytes(int address, int length) {
249.     for (int i = 0; i < 100; i++)
250.         byteArray[i] = 0;
251.     for (int i = 0; i < length; i++) {
252.         byteArray[i] = *(char*)(address + (i));
253.     }
254.     return byteArray;
255. }
256.  
257. void WriteBytes(int address, char* input, int length) {
258.     for (int i = 0; i < length; i++) {
259.         *(char*)(address + (i)) = input[i];
260.     }
261. }
262.  
263. int* ReadInt(int address, int length) {
264.     for (int i = 0; i < 100; i++)
265.         intArray[i] = 0;
266.     for (int i = 0; i < length; i++) {
267.         intArray[i] = *(int*)(address + (i * 0x04));
268.     }
269.     return intArray;
270. }
271.  
272. void WriteInt(int address, int* input, int length) {
273.     for (int i = 0; i < length; i++) {
274.         *(int*)(intArray + (i * 0x04)) = input[i];
275.     }
276. }
277.  
278. int WriteString(int address, char* string) {
279.     int FreeMem = 0x1D00000;
280.     int strlength = strlen(string);
281.     char* strpointer = *(char**)FreeMem = string;
282.     char* StrBytes = ReadBytes(*(int*)FreeMem, strlength);
283.     WriteBytes(address, StrBytes, strlength);
284.     return strlength;
285. }
286.  
287. char* ReadString(int address, bool IncludeSpaces) {
288.     int strlength = 100;
289.     char* StrBytes = ReadBytes(address, strlength);
290.  
291.     char StopBytes = 0x00;
292.     if (!IncludeSpaces)
293.         StopBytes = 0x20;
294.        
295.     for (int i = 0; i < strlength; i++)
296.         returnRead[i] = 0;
297.     for (int i = 0; i < strlength; i++) {
298.         if (StrBytes[i] != StopBytes)
299.             returnRead[i] = StrBytes[i];
300.     }
301.     return returnRead;
302. }
303.  
304. void reverse(char s[]) {
305.     int i, j;
306.     char c;
307.  
308.     for (i = 0, j = strlen(s)-1; i<j; i++, j--) {
309.         c = s[i];
310.         s[i] = s[j];
311.         s[j] = c;
312.     }
313. }
314.  
315. /* itoa:  convert n to characters in s */
316. void itoa(int n, char s[]) {
317.     int i, sign;
318.  
319.     if ((sign = n) < 0)  /* record sign */
320.         n = -n;          /* make n positive */
321.     i = 0;
322.     do {        /* generate digits in reverse order */
323.         s[i++] = n % 10 + '0';  /* get next digit */
324.     } while ((n /= 10) > 0);    /* delete it */
325.     if (sign < 0)
326.         s[i++] = '-';
327.     s[i] = '\0';
328.     reverse(s);
329. }
330.  
331. bool isdigit(char Num) {
332.     return (Num >= 0x30 && Num <= 0x39);
333. }
334.  
335. int Atoi( const char *c ) {
336.     int value = 0;
337.     int sign = 1;
338.     if( *c == '+' || *c == '-' ) {
339.         if( *c == '-' ) sign = -1;
340.         c++;
341.     }
342.     while ( isdigit( *c ) ) {
343.         value *= 10;
344.         value += (int) (*c-'0');
345.         c++;
346.     }
347.     return value * sign;
348. }
349.  
350. int VSprintf(char *ptr, const char *fmt, va_list ap) {
351.  
352.     if(!ptr || !fmt)
353.         return -1;
354.  
355.     __int64 Int;
356.     int sLen;
357.     char* String;
358.     char* aPtr;
359.     byte bTemp;
360.     char Buf[0x100];
361.    
362.     while(*fmt) {
363.         char Temp = *fmt;
364.         int Length = -1;
365.  
366.         if(Temp == '%') {
367.             fmt++;
368.  
369.             if(*fmt == '0') {
370.                 fmt++;
371.                 Length = 0;
372.                 char* aPtr = Buf;
373.                 while(isdigit(Temp = *fmt)) {
374.                     *aPtr = Temp;
375.                     aPtr++;
376.                     fmt++;
377.                     *aPtr = 0;
378.                 }
379.                 Length = Atoi(Buf);
380.             }
381.  
382.             switch(*fmt) {
383.  
384.             case 's':
385.                 String = va_arg(ap, char*);
386.                 if(String) {
387.                     while(*String) {
388.                         *ptr = *String;
389.                         String++;
390.                         if(*String)
391.                             ptr++;
392.                     }
393.                 }
394.                 break;
395.  
396.             case 'p':
397.                 Length = 8;
398.             case 'X':
399.             case 'x':
400.                 bool Found;
401.                 bool Caps;
402.                 Int = va_arg(ap, __int64);
403.                 if(Length == -1)
404.                     Int = Int & 0xFFFFFFFF;
405.                 Caps = *fmt != 'x';
406.                 Found = false;
407.                 for(int i = 0; i < 8; i++) { // for each bit :: 0 0   0 0   0 0   0 0
408.                     bTemp = (Int >> ( 28 - (i * 4))) & 0xF;
409.                     if((8-i) <= Length)
410.                         Found = true;
411.                     if(Length == -1 && !Found && bTemp)
412.                         Found = true;
413.                     if(Found) {
414.                         if(bTemp <= 9)// decimal
415.                             *ptr = 0x30 + bTemp;
416.                         else// hex
417.                             *ptr = (Caps ? 0x40 : 0x60) + bTemp - 9;
418.                         if(i != 7)
419.                             *ptr++;
420.                     }
421.                 }
422.                 break;
423.                
424.             case 'i':
425.             case 'd':
426.                 memset(Buf, '0', 0xFF);
427.                 Int = va_arg(ap, __int64);
428.                 if(Length == -1)
429.                     Int = Int & 0xFFFFFFFF;
430.                 aPtr = ptr;
431.                 itoa((int)Int, ptr);
432.                 sLen = strlen(ptr);
433.                 if(Length == -1)
434.                     Length = sLen;
435.                 Memcopy(Buf + 0xFF - sLen, aPtr, sLen);
436.                 Memcopy(aPtr, Buf + 0xFF - Length, Length);
437.                 ptr = aPtr + Length - 1;
438.                 break;
439.  
440.             case 'f':
441.  
442.                 break;
443.             }
444.         } else
445.             *ptr = Temp;
446.         ptr++;
447.         fmt++;
448.     }
449.     *ptr = 0;
450.     return 1;
451. }
452.  
453. int Sprintf(char *ptr, const char *fmt, ...) {// %s, %i, %d, %x, %X, %p
454.    
455.     if(!ptr || !fmt)
456.         return -1;
457.    
458.     va_list ap;
459.     va_start(ap, fmt);
460.  
461.     VSprintf(ptr, fmt, ap);
462.    
463.     va_end(ap);
464.     return 1;
465. }
466.  
467. char vaBuffer[0x2000];
468. char* va(const char* fmt, ...) {
469.     va_list ap;
470.     va_start(ap, fmt);
471.  
472.     VSprintf(vaBuffer, fmt, ap);
473.    
474.     va_end(ap);
475.     return vaBuffer;
476. }
477.  
478. int Printf(const char * s, ...) {
479.     char conBuffer[0x2000];
480.     va_list ap;
481.     va_start(ap, s);
482.  
483.     VSprintf(conBuffer, s, ap);
484.    
485.     va_end(ap);
486.  
487.     uint32_t len;
488.     system_call_4(403, 0, (uint64_t) conBuffer, strlen(conBuffer), (uint64_t) &len);
489.     return_to_user_prog(int);
490. }
491. void PatchInJump(int Address, int Destination, bool Linked) {
492.  
493.     // use this data to copy over the address
494.     int FuncBytes[4];
495.  
496.     // Get the actual destination address
497.     Destination = *(int *)Destination;
498.  
499.     FuncBytes[0] = 0x3D600000 + ((Destination >> 16) & 0xFFFF); // lis  %r11, dest>>16
500.     if(Destination & 0x8000) // If bit 16 is 1
501.         FuncBytes[0] += 1;
502.  
503.     FuncBytes[1] = 0x396B0000 + (Destination & 0xFFFF); // addi %r11, %r11, dest&0xFFFF
504.     FuncBytes[2] = 0x7D6903A6; // mtctr %r11
505.  
506.     FuncBytes[3] = 0x4E800420; // bctr
507.  
508.     if(Linked)
509.         FuncBytes[3] += 1; // bctrl
510.  
511.     Memcopy((void*)Address, FuncBytes, 4*4);
512. }
513.  
514. void HookFunctionStart(int Address, int saveStub, int Destination) {
515.  
516.     // Get the actual addresses
517.     saveStub = *(int *)saveStub;
518.  
519.     int BranchtoAddress = Address + (4*4);
520.    
521.     // use this data to copy over the stub
522.     int StubData[8];
523.  
524.     StubData[0] = 0x3D600000 + ((BranchtoAddress >> 16) & 0xFFFF); // lis   %r11, dest>>16
525.  
526.     if(BranchtoAddress & 0x8000) // If bit 16 is 1
527.         StubData[0] += 1;
528.  
529.     StubData[1] = 0x396B0000 + (BranchtoAddress & 0xFFFF); // addi  %r11, %r11, dest&0xFFFF
530.     StubData[2] = 0x7D6903A6; // mtctr  %r11
531.    
532.     Memcopy(&StubData[3], (void*)Address, 4*4);// copy the 4 instructions
533.     StubData[7] = 0x4E800420; // bctr
534.  
535.     Memcopy((void*)saveStub, StubData, 8*4);
536.     PatchInJump(Address, Destination, false);
537. }
538.  
539. uint64_t GetRTOC() {
540.     __asm("mr %r3, %r2");
541. }
542.  
543. void SetRTOC(uint64_t RTOC) {
544.     __asm("mr %r2, %r3");
545. }
546.  
547. typedef void* PVOID;
548.  
549. int Memcopy(PVOID destination, const PVOID source, size_t size);
550. int console_write(const char * s);
551. void sleep(usecond_t time);
552. void delay(unsigned int mseconds);
553. sys_pid_t get_process_id();
554. int32_t write_process(uint64_t ea, const void * data, uint32_t size);
555. sys_ppu_thread_t create_thread(void(*entry)(uint64_t), int priority, size_t stacksize, const char* threadname, sys_ppu_thread_t id);
556. float* ReadFloat(int address, int length);
557. void WriteFloat(int address, float* input, int length);
558. char* ReadBytes(int address, int length);
559. void WriteBytes(int address, char* input, int length);
560. int* ReadInt(int address, int length);
561. void WriteInt(int address, int* input, int length);
562. int WriteString(int address, char* string);
563. char* ReadString(int address, bool IncludeSpaces);
564. void reverse(char s[]);
565. void itoa(int n, char s[]);
566. bool isdigit(char Num);
567. int Atoi( const char *c );
568. int VSprintf(char *ptr, const char *fmt, va_list ap);
569. int Sprintf(char *ptr, const char *fmt, ...);
570. char* va(const char* fmt, ...);
571. int Printf(const char * s, ...);
572. void PatchInJump(int Address, int Destination, bool Linked);
573. void HookFunctionStart(int Address, int saveStub, int Destination);
574. uint64_t GetRTOC();
575. void SetRTOC(uint64_t RTOC);
576. #endif
577.  
578. /*
579. Thats it for stuff you have to add to get it working.
580. I dont care if you put all in 1 class or make a few.
581. So know to to the function we gonna call i use PlayerCMD_iPrintInBold
582. */
583.  
584. //Code:
585. void Playercmd_iprintinbold(int client, const char* msg)
586. {
587.     Scr_AddString(msg);
588.     Scr_SetNumParam1(1);
589.     ((void(*)(int))&ParseAddr(0x00180CC8))(client << 16);
590. }
591.  
592. //The actual call
593. void Scr_NotifyHook(int Entity, short StringValue, unsigned int Parameters){
594.      const char* NotifyId = SL_ConvertToString(StringValue);
595.      if(!strcmp(NotifyId, "weapon_fired"))
596.      {
597.             Playercmd_iprintinbold(0, "Hey Ngu");
598.      }
599.  
600.  
601.      ((void(*)(int, unsigned int, short, unsigned int))&ParseAddr(0x21A948))(*(int*)Entity, 0, StringValue, Parameters); //Scr_NotifyNum
602. }
603.  
604. /*
605. If you shoot it will work
606. Lets come to the end of this thread to get it working i use this patchinjump
607. */
608. void PatchInJump1(int Address, int Destination){
609.     int FuncBytes[4];
610.     Destination = *(int*)Destination;
611.     FuncBytes[0] = 0x3D600000 + ((Destination >> 16) & 0xFFFF);
612.     if(Destination & 0x8000) FuncBytes[0] += 1;
613.     FuncBytes[1] = 0x396B0000 + (Destination & 0xFFFF);
614.     FuncBytes[2] = 0x7D6903A6;
615.     FuncBytes[3] = 0x4E800420;
616.     Memcopy((void*)Address, FuncBytes, 4*4);
617. }
618.  
619. //To patch it use this and you should be good to go
620. PatchInJump1(0x1BB1B0, (int)Scr_NotifyHook);
621. //Im also going to make a thread with the GSC functions i find hopefully a few release usefull functions too. Thanks for your time