(adsbygoogle = window.adsbygoogle || []).push({}); I need some help with my RPC that I've been trying to get working.

Every time I call a function I freeze when my function returns which is the funcHookAddr + 4.

I don't know if its a simple error or if I freeze because I have the function parameters wrong or what but I can't figure it out.

Any and all help / tips will be greatly appreciated, thanks in advance.

This is what I have so far, its for a game that isn't common but based on information from other threads and research this is what I have made:


public static void Call(uint address, params object[] regs)
{
uint funcHookAddr = 0x00022580; /* the blr address of a function that is called constantly */
uint emptyAddr = 0x00791AC8; /* Game memory empty address */
byte[] loadfunction = new byte[] { 0xF8, 0x21, 0xFF, 0x91, 0x7C, 0x08, 0x02, 0xA6, 0xF8, 0x01, 0x00, 0x80, 0x3F, 0x80, 0x00, 0x79, 0x63, 0x9C, 0x1A, 0xC4, 0x80, 0x7C, 0x00, 0x00, 0x80, 0x9C, 0x00, 0x04, 0x80, 0xBC, 0x00, 0x08, 0x80, 0xDC, 0x00, 0x0C, 0x80, 0xFC, 0x00, 0x10, 0x81, 0x1C, 0x00, 0x14, 0x81, 0x3C, 0x00, 0x18, 0x81, 0x5C, 0x00, 0x1C, 0x81, 0x7C, 0x00, 0x20, 0xC0, 0x3C, 0x00, 0x24, 0xC0, 0x5C, 0x00, 0x28, 0xC0, 0x7C, 0x00, 0x2C, 0xC0, 0x9C, 0x00, 0x30, 0xC0, 0xBC, 0x00, 0x34, 0xC0, 0xDC, 0x00, 0x38, 0xC0, 0xFC, 0x00, 0x3C, 0xC1, 0x1C, 0x00, 0x40, 0xC1, 0x3C, 0x00, 0x44, 0x83, 0x9C, 0x00, 0x00, 0x7F, 0x89, 0x03, 0xA6, 0x3B, 0x80, 0x00, 0x00, 0x4E, 0x80, 0x04, 0x21, 0x3F, 0x80, 0x00, 0x79, 0x63, 0x9C, 0x1A, 0xC4, 0x90, 0x7C, 0x01, 0x00, 0x38, 0x60, 0x00, 0x00, 0x90, 0x7C, 0x00, 0x00, 0xE8, 0x01, 0x00, 0x80, 0x7C, 0x08, 0x03, 0xA6, 0x38, 0x21, 0x00, 0x70, 0x4E, 0x80, 0x00, 0x20 };
PS3.Extension.WriteBytes(0x00791FC4 /* empty address to load ppc function */, loadfunction);
int length = regs.Length;
int index = 0;
UInt32 count = 0;
UInt32 Strings = 0;
UInt32 Single = 0;
UInt32 Array = 0;
while (index < length)
{
if (regs[index] is int)
{
PS3.Extension.WriteInt32(emptyAddr + (count * 4), (int)regs[index]);
count++;
}
else if (regs[index] is uint)
{
PS3.Extension.WriteUInt32(emptyAddr + (count * 4), (uint)regs[index]);
count++;
}
else if (regs[index] is byte)
{
PS3.Extension.WriteByte(emptyAddr + (count * 4), (byte)regs[index]);
count++;
}
else
{
UInt32 pointer;
if (regs[index] is String)
{
pointer = emptyAddr + (Strings * 0x400);
PS3.Extension.WriteString(pointer, Convert.ToString(regs[index]));
PS3.Extension.WriteUInt32(0x00791AC8 + (count * 4), pointer);
count++;
Strings++;
}
else if (regs[index] is Single)
{
WriteSingle(emptyAddr + (Single * 4), (Single)regs[index]);
Single++;
}
else if (regs[index] is Single[])
{
Single[] Args = (Single[])regs[index];
pointer = emptyAddr + Array * 4;
WriteSingle(pointer, Args);
PS3.Extension.WriteUInt32(emptyAddr + count * 4, pointer);
count++;
Array += (UInt32)Args.Length;
}
}
index++;
}
PS3.Extension.WriteUInt32(0x791AC4 /* this is where my function looks for the function address to call (I think) */, address);
PS3.Extension.WriteBytes(funcHookAddr, new byte[] { 0x48, 0x76, 0xFA, 0x45 }); /* change the blr to bl 0x00791FC4 to call my function */
Thread.Sleep(20);
PS3.Extension.WriteBytes(funcHookAddr, new byte[] { 0x4E, 0x80, 0x00, 0x20 }); /* change back to blr */
}


If anyone wants to look at the function I'm using this is the one I've made. setreg is lis and addic but in one line, I used codewizard to compile the ppc:


stdu r1, -0x70(r1)
mfspr r0, LR
std r0, 0x80(r1)
setreg r28, 0x791AC4
lwz r3, 0x00(r2
lwz r4, 0x04(r2
lwz r5, 0x08(r2
lwz r6, 0x0C(r2
lwz r7, 0x10(r2
lwz r8, 0x14(r2
lwz r9, 0x18(r2
lwz r10, 0x1C(r2
lwz r11, 0x20(r2
lfs f1, 0x24(r2
lfs f2, 0x28(r2
lfs f3, 0x2C(r2
lfs f4, 0x30(r2
lfs f5, 0x34(r2
lfs f6, 0x38(r2
lfs f7, 0x3C(r2
lfs f8, 0x40(r2
lfs f9, 0x44(r2
lwz r28, r28
mtctr r28
li r28, 0
bctrl
setreg r28, 0x791AC4
stw r3, 0x100(r2
li r3, 0
stw r3, r28
ld r0, 0x80(r1)
mtspr LR, r0
addi r1, r1, 0x70
blr