API tools faq
paste
Advertisement
BaSs_HaXoR

How to HOOK- [C++][POWERPC][MACHINE CODE]

BaSs_HaXoR
Nov 21st, 2015
1,426
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 7.82 KB | None | 0 0
raw download clone embed print report
  1. ;###########################
  2. ; Credits: Beach LTS Developer
  3. ; NextGenUpdate
  4. ; http://www.nextgenupdate.com/forums/gta-5-scripts-codes/866651-c-powerpc-machine-code-teleport-gun-script-1-26-a.html#post6777176
  5. ; "[C++][POWERPC][MACHINE CODE] TELEPORT GUN SCRIPT [1.26]"
  6. ;###########################
  7. ;Game Hooking
  8.  
  9. ;To execute our own function, we need to hijack one of the games functions which is constantly called, and make it call our function.
  10. ;One native which is constantly being called is "IS_PLAYER_ONLINE", which is at the address 0x3E3A20 in 1.26.
  11. ;We need to find a PPC instruction which is un-needed, or something which can be simply fixed in our own function.
  12. ;This is the function IS_PLAYER_ONLINE, if we go into the bl, we see a relatively small function which has enough room for us to replace 4 instructions, and is easy to replicate. ;(No hooking issues)
  13. ;Now if the jump was small enough, we could simply replace the load immediate for a branch link, but the jump in this case is too large, therefore
  14. ;we need to replace 4 lines,
  15.  
  16. lis r4, byte_2242320@h
  17. li r3, 0
  18. lbz r4, byte_2242320@l(r4)
  19. cmpwi r4, 0
  20.  
  21. ;but because we don't want to break this native, we will NOP the remaining instructions in this function (except blr).
  22. beq 12D8E84
  23. li r3, 1
  24.  
  25. ;And we will replace these four lines with;
  26.  
  27. lis %r11, 0x1D0
  28. ori %r11, %r11, 0x0030
  29. mtctr %r11
  30. bctrl
  31.  
  32. NOP
  33. NOP
  34.  
  35. ;Which will store 0x1D00030 into r11, then set the program counter to that value. (Essentially jumping)
  36.  
  37. ;IMG HERE: http://i.imgur.com/a28MmT7.png
  38.  
  39. ;Hook In Memory
  40.  
  41. ;IMG HERE: http://i.imgur.com/PlI2wxN.png
  42.  
  43. ;C++
  44.  
  45. ;bool IsOn = false;
  46. ;Vector3 Coords;
  47. ;void main()
  48. ;{
  49. ;
  50. ;while(true)
  51. ;{
  52. ;
  53. ;if (IS_CONTROL_PRESSED(0, 0xCC)) //DPAD_LEFT
  54. ;{
  55. ;
  56. ;IsOn = !IsOn; //Invert Boolean Toggle
  57. ;if (IsOn)
  58. ;{
  59. ;
  60. ;UI::_0xF42C43C7("STRING");
  61. ;UI::_ADD_TEXT_COMPONENT_STRING("~g~On"); //Display Notification
  62. ;UI::_0x38F82261(4000, false);
  63. ;}
  64. ;else
  65. ;{
  66. ;
  67. ;UI::_0xF42C43C7("STRING");
  68. ;UI::_ADD_TEXT_COMPONENT_STRING("~r~Off"); //Display Notification
  69. ;UI::_0x38F82261(4000, false);
  70. ;}
  71. ;}
  72. ;if (IsOn) //If its enabled
  73. ;{
  74. ;
  75. ;if (GET_PED_LAST_WEAPON_IMPACT_COORD(PLAYER_PED_ID(), &Coords)) //If you have recently just shot
  76. ;{
  77. ;
  78. ;SET_ENTITY_COORDS(PLAYER_PED_ID(), Coords.x, Coords.y, Coords.z, true, false, false, true); //Set your player to the impact coord location.
  79. ;}
  80. ;}
  81. ;}
  82. ;}
  83.  
  84. ;Assembly (Power PC)
  85.  
  86. stdu %r1, -0x70(%r1)
  87. mflr %r0
  88. std %r0, 0x80(%r1)
  89. li %r3, 0 ;Local Client
  90. li %r4, 0xCC ;DPAD_LEFT Index
  91. bl 0x400414 ;IS_CONTROL_PRESSED
  92. cmpwi %r3, 0 ;Compare with 0
  93. beq :EndIfControlPressed ;Jump to end of If, if previous compare was equal.
  94. li %r3, :IsOn_Lower ;Load IsOn address lower
  95. addic %r3, %r3, :IsOn_Higher ;Load IsOn address upper
  96. lbz %r3, 0(%r3) ;Read :IsOn and store in r3
  97. cmpwi %r3, 0 ;Compare with 0
  98. beq :IsOnFalse[ELSE] ;Jump to else if equal
  99. li %r3, :IsOn_Lower ;Load IsOn address lower
  100. addic %r3, %r3, :IsOn_Higher ;Load IsOn address upper
  101. li %r4, 0 ;IsOn = false
  102. stb %r4, 0(%r3) ;Write to memory
  103. b :IsOnFalse[END]
  104. :IsOnFalse[ELSE]
  105. li %r3, :IsOn_Lower ;Load IsOn address lower
  106. addic %r3, %r3, :IsOn_Higher ;Load IsOn address upper
  107. li %r4, 1 ;IsOn = true
  108. stb %r4, 0(%r3) ;Write to memory
  109. :IsOnFalse[END]
  110.  
  111. li %r3, :IsOn_Lower ;Load IsOn address lower
  112. addic %r3, %r3, :IsOn_Higher ;Load IsOn address upper
  113. lbz %r3, 0(%r3) ;Read :IsOn and store in r3
  114. cmpwi %r3, 0 ;Compare with 0
  115. beq :IsOnTrue[ELSE] ;Jump to else if equal
  116. li %r3, :stringTxt_Lower ;Load stringTxt address lower
  117. addic %r3, %r3, :stringTxt_Higher ;Load stringTxt address upper
  118. bl 0x3C8210 ; UI::_0xF42C43C7
  119. li %r3, :stringOn_Lower ;Load stringOn address lower
  120. addic %r3, %r3, :stringOn_Higher ;Load stringOn address upper
  121. bl 0x3C85D0 ; UI::_ADD_TEXT_COMPONENT_STRING [0x27A244D8]
  122. li %r3, 4000 ;Time Ms
  123. li %r4, 0
  124. bl 0x3C8230 ;UI::_0x38F82261
  125. b :IsOnTrue[END]
  126. :IsOnTrue[ELSE]
  127. li %r3, :stringTxt_Lower ;Load stringTxt address lower
  128. addic %r3, %r3, :stringTxt_Higher ;Load stringTxt address upper
  129. bl 0x3C8210 ; UI::_0xF42C43C7
  130. li %r3, :stringOff_Lower ;Load stringOff address lower
  131. addic %r3, %r3, :stringOff_Higher ;Load stringOff address upper
  132. bl 0x3C85D0 ; UI::_ADD_TEXT_COMPONENT_STRING [0x27A244D8]
  133. li %r3, 4000 ;Time Ms
  134. li %r4, 0
  135. bl 0x3C8230 ;UI::_0x38F82261
  136. :IsOnTrue[END]
  137. :EndIfControlPressed ;End of IS_CONTROL_PRESSED if statement.
  138.  
  139. li %r3, :IsOn_Lower ;Load IsOn address lower
  140. addic %r3, %r3, :IsOn_Higher ;Load IsOn address upper
  141. lbz %r3, 0(%r3) ;Read :IsOn and store in r3
  142. cmpwi %r3, 0 ;Compare with 0
  143. beq :IsOnTrueConstant[END] ;Jump to end if equal
  144. bl 0x424218 ;PLAYER_PED_ID
  145. li %r3, :Coords_Lower ;Load Coords address lower
  146. addic %r3, %r3, :Coords_Higher ;Load Coords address upper
  147. li %r4, :Coords_Lower ;Load Coords address lower
  148. addic %r4, %r4, :Coords_Higher + 4 ;Load Coords address upper
  149. li %r5, :Coords_Lower ;Load Coords address lower
  150. addic %r5, %r5, :Coords_Higher + 8 ;Load Coords address upper
  151. bl 0x468F40 ;GET_PED_LAST_WEAPON_IMPACT_COORD
  152. cmpwi %r3, 0 ;Compare with 0
  153. beq :HasShot[END] ;Jump to end if equal
  154. bl 0x424218 ;PLAYER_PED_ID
  155. li %r4, :Coords_Lower ;Load Coords address lower
  156. addic %r4, %r4, :Coords_Higher ;Load Coords address upper
  157. lfs %f1, 0(%r4)
  158. lfs %f2, 4(%r4)
  159. lfs %f3, 8(%r4)
  160. li %r5, 1
  161. li %r6, 0
  162. li %r7, 0
  163. li %r8, 1
  164. bl 0x3B3160 ;SET_ENTITY_COORDS
  165. :HasShot[END]
  166. :IsOnTrueConstant[END]
  167. ld %r0, 0x80(%r1)
  168. mtlr %r0
  169. addi %r1, %r1, 0x70
  170. blr
  171.  
  172. ;Memory Data
  173. :IsOn
  174. :Coords
  175. :stringTxt = "STRING"
  176. :stringOff = "~r~Off"
  177. :stringOn = "~g~On"
  178.  
  179. ;Machine Code (Currently Compiling and testing)
  180.  
  181. ;Write Hook to IS_PLAYER_ONLINE
  182. ;Write hook 0x1D00030 to 0x12D8E6C
  183.  
  184. ;Variable Data
  185. 0x1D00000 = :IsOn
  186. 0x1D00004 = :Coords
  187. 0x1D00010 = :stringTxt
  188. 0x1D00018 = :stringOff
  189. 0x1D00020 = :stringOn
  190.  
  191. ;Calculated Jumps, removed comments and other non-needed data.
  192. stdu %r1, -0x70(%r1)
  193. mflr %r0
  194. std %r0, 0x80(%r1)
  195. li %r3, 0
  196. li %r4, 0xCC
  197. bl 0x400414
  198. cmpwi %r3, 0
  199. beq 0x9C
  200. li %r3, 0
  201. addic %r3, %r3, 0x1D0
  202. lbz %r3, 0(%r3)
  203. cmpwi %r3, 0
  204. beq 0x18
  205. li %r3, 0
  206. addic %r3, %r3, 0x1D0
  207. li %r4, 0
  208. stb %r4, 0(%r3)
  209. b 0x14
  210. li %r3, 0
  211. addic %r3, %r3, 0x1D0
  212. li %r4, 1
  213. stb %r4, 0(%r3)
  214. li %r3, 0
  215. addic %r3, %r3, 0x1D0
  216. lbz %r3, 0(%r3)
  217. cmpwi %r3, 0
  218. beq 0x2C
  219. li %r3, 0x10
  220. addic %r3, %r3, 0x1D0
  221. bl 0x3C8210
  222. li %r3, 0x20
  223. addic %r3, %r3, 0x1D0
  224. bl 0x3C85D0
  225. li %r3, 4000
  226. li %r4, 0
  227. bl 0x3C8230
  228. b 0x28
  229. li %r3, 0x10
  230. addic %r3, %r3, 0x1D0
  231. bl 0x3C8210
  232. li %r3, 0x18
  233. addic %r3, %r3, 0x1D0
  234. bl 0x3C85D0
  235. li %r3, 4000
  236. li %r4, 0
  237. bl 0x3C8230
  238. li %r3, 0
  239. addic %r3, %r3, 0x1D0
  240. lbz %r3, 0(%r3)
  241. cmpwi %r3, 0
  242. beq 0x58
  243. bl 0x424218
  244. li %r3, 0x04
  245. addic %r3, %r3, 0x1D0
  246. li %r4, 0x08
  247. addic %r4, %r4, 0x1D0
  248. li %r5, 0x0C
  249. addic %r5, %r5, 0x1D0
  250. bl 0x468F40
  251. cmpwi %r3, 0
  252. beq 0x30
  253. bl 0x424218
  254. li %r4, 4
  255. addic %r4, %r4, 0x1D0
  256. lfs %f1, 0(%r4)
  257. lfs %f2, 4(%r4)
  258. lfs %f3, 8(%r4)
  259. li %r5, 1
  260. li %r6, 0
  261. li %r7, 0
  262. li %r8, 1
  263. bl 0x3B3160
  264. ld %r0, 0x80(%r1)
  265. mtlr %r0
  266. addi %r1, %r1, 0x70
  267. blr
  268.  
  269. ;Machine Code Write To > 0x1D00030
  270. F8 21 FF 91 7C 08 02 A6 F8 01 00 80 38 60 00 00 38 80 00 CC 4B 71 03 D1 2C 03 00 00 41 82 00 9C 38 60 00 00 30 63 01 CF 88 63 00 00 2C 03 00 00 41 82 00 18 38 60 00 00 30 63 01 CF 38 80 00 00 98 83 00 00 48 00 00 14 38 60 00 00 30 63 01 CF 38 80 00 01 98 83 00 00 38 60 00 00 30 63 01 CF 88 63 00 00 2C 03 00 00 41 82 00 2C 38 60 00 10 30 63 01 CF 4B 6D 81 6D 38 60 00 20 30 63 01 CF 4B 6D 85 21 38 60 0F A0 38 80 00 00 4B 6D 81 75 48 00 00 28 38 60 00 10 30 63 01 CF 4B 6D 81 45 38 60 00 18 30 63 01 CF 4B 6D 84 F9 38 60 0F A0 38 80 00 00 4B 6D 81 4D 38 60 00 00 30 63 01 CF 88 63 00 00 2C 03 00 00 41 82 00 58 4B 73 41 1D 38 60 00 04 30 63 01 CF 38 80 00 08 30 84 01 CF 38 A0 00 0C 30 A5 01 CF 4B 77 8E 29 2C 03 00 00 41 82 00 30 4B 73 40 F5 38 80 00 04 30 84 01 CF C0 24 00 00 C0 44 00 04 C0 64 00 08 38 A0 00 01 38 C0 00 00 38 E0 00 00 39 00 00 01 4B 6C 30 15 E8 01 00 80 7C 08 03 A6 38 21 00 70 4E 80 00 20
  271. ;Last edited by Beach; 11-20-2015 at 10:44 AM.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!