[Ghosts] How to call raw GSC Functions in an .sprx.

1. // ################################################################################### //
2. /*   How to call raw GSC Functions in an .sprx. Also, how to do waitill xD [RELEASE]   */
3. // ################################################################################### //
4. /*                                Thanks to Ethernet. :)                               */
5. // ################################################################################### //
6. /*                               OP: http://adf.ly/19CbY9                              */
7. // ################################################################################### //
8. // Sup guys, if you don't know me, good. I'm from xbox xD. My alias is Maybe Ethernet. I'll be showing you how to call raw gsc functions in your dll/sprx.
9.  
10. //Ok so first we want to get our basic functions
11.  
12. int Scr_SetParameters(unsigned int Num){
13. return *(int*)(0x13C3140 + 0x1 = Num;
14. }//This will set the parameter number
15.  
16. struct opd_s{
17. uint Sub;
18. uint Toc;
19. };
20.  
21. opd_s ParseAddr(int Address){
22. opd_s GLS = { Address, 0xA7F3C8 };
23. return GLS;
24. }//TOC
25.  
26. //Next we want to get all the Scr_Add functions together
27. #define Scr_AddInt(Value) ((void(*)(int))&ParseAddr(0x2E8AE)(Value)
28. #define Scr_AddFloat(Value) ((void(*)(float))&ParseAddr(0x2E8BE4))(Value)
29. #define Scr_AddString(String) ((void(*)(const char*))&ParseAddr(0x2E91EC))(String)
30. #define Scr_AddEntity(Entity) ((void(*)(int))&ParseAddr(0x28B1CC))(Entity)
31. #define Scr_AddVector(Vec) ((void(*)(const float*))&ParseAddr(0x2E952C))(Vec)
32.  
33. //Now to explain how to actually use these, we're going to use GScr_Earthquake as an example which is located at 0x268B60.
34.  
35. //Here's how we do this.
36.  
37. void GScr_Earthquake(float scale, float duration, float* source, float radius){
38. Scr_AddFloat(radius);
39. Scr_AddVector(source);
40. Scr_AddFloat(duration);
41. Scr_AddFloat(scale);
42. Scr_SetParameters(4); //See how I set the parameter number after I finish calling the Scr_Adds?
43. ((void(*)())&ParseAddr(0x268B60))(); //Call the actual function
44. //((void(*)(int))&ParseAddr(0x268B60))(ClientID << 16); //Only call this one if the one above doesn't work.
45. }
46.  
47. //See how I called the Scr_Adds from the last parameter to the 1st one? Well you have to do that, idk why really.
48.  
49. //Now on to the hook. You need somewhere to call these right? Well your answer is: VM_Resume - 0x2E69C4.
50.  
51. //Method to hook: hookFunctionStart - Credit to Xx jAmes t xX for porting this
52.  
53. void PatchInJump(int Address, int Destination){
54. int FuncBytes[4];
55. Destination = *(int*)Destination;
56. FuncBytes[0] = 0x3D600000 + ((Destination >> 16) & 0xFFFF);
57. if(Destination & 0x8000) FuncBytes[0] += 1;
58. FuncBytes[1] = 0x396B0000 + (Destination & 0xFFFF);
59. FuncBytes[2] = 0x7D6903A6;
60. FuncBytes[3] = 0x4E800420;
61. Memcpy((void*)Address, FuncBytes, 4*4);
62. }
63.  
64.  
65. void hookFunctionStart(int Address, int saveStub, int Destination){ //Works on every game
66. saveStub = *(int*)saveStub;
67. int BranchtoAddress = Address + (4*4);
68. int StubData[8];
69. StubData[0] = 0x3D600000 + ((BranchtoAddress >> 16) & 0xFFFF);
70. if(BranchtoAddress & 0x8000) StubData[0] += 1;
71. StubData[1] = 0x396B0000 + (BranchtoAddress & 0xFFFF);
72. StubData[2] = 0x7D6903A6;
73. Memcpy(&StubData[3], (void*)Address, 4*4);
74. StubData[7] = 0x4E800420;
75. Memcpy((void*)saveStub, StubData, 8*4);
76. PatchInJump(Address, Destination);
77. }
78.  
79. //Now our function hook
80.  
81. void VM_ResumeStub(int TimeId){
82. __asm("li %r3, 0x3");
83. }
84.  
85. void VM_ResumeHook(int TimeId){ // If this doesn't work, hook int VM_Execute() - 0x2E6444 with hookFunctionStart
86. //You would call GScr_Earthquake here. Obv not in the loop. Make sure you implement a check in here to make it // get called once
87. VM_ResumeStub(TimeId);
88. }
89.  
90. // To call our hook we do hookFunctionStart(0x2E69C4, (int)VM_ResumeStub, (int)VM_ResumeHook);
91. // Make sure you call that about 2 seconds after your thread is executed.
92.  
93.  
94. // Now that's it.  Also, you can call other things like:
95.  
96. PlayerCmd_ClonePlayer
97. PlayerCmd_Suicide
98. Player_Die
99. G_RadiusDamage
100. GScr_NotifyOnPlayerCommand //Someone find this for me on ghosts pls ;-;
101. G_Damage
102. and many more!
103.  
104. // Now on to waitill. Pretty easy tbh.
105.  
106. // First #define SL_ConvertToString(StringValue) ((const char*(*)(unsigned short))ParseAddr(0x2D894C))(StringValue)
107.  
108. hookFunctionStart(0x2E1970, (int)VM_NotifyStub, (int)VM_NotifyHook);
109.  
110. void VM_NotifyStub(unsigned int self, short Stringvalue, unsigned int Paramcount){
111. __asm("li %r3, 0x4");
112. }
113.  
114. void VM_NotifyHook(unsigned int self, short Stringvalue, unsigned int Paramcount){
115. //Now if we wanted to monitor onPlayerSpawned we do
116. int ClientID = ((int(*)(int))&ParseAddr(0x2DBF60))(self); //Scr_GetSelf
117. const char* Notify = SL_ConvertToString(Stringvalue);
118. if(!strcmp(Notify, "spawned_player")){
119. //Executed on spawn. This monitors for ANY CLIENT THAT SPAWNS!
120. GScr_Earthquake(0.6f, 2, (float*)(Playerstate() + 0x1C), 800); //Yes you can call this in V
121. }
122. VM_NotifyStub(self, Stringvalue, Paramcount);
123. }
124.  
125. // That's pretty much it :P This works for all cods the same way as it works for this. Just update the offsets.
126. // ################################################################################### //
127. //BaSs_HaXoR