1. Forums /
  2. Gaming Lounge /
  3. PS3 /
  4. PS3 Mods and Cheats /
  5. [Release] SPRX Call functions for any games !
Post: [Release] SPRX Call functions for any games !
07-19-2014, 04:11 AM #1
Bad Luck Brian's Avatar
Bad Luck Brian
< ^ > < ^ >
(adsbygoogle = window.adsbygoogle || []).push({}); First of all, you need to do is to change the TOC wich is commented and maybe the address where my Calls is writing/reading to (0x2100000). Also you will need to change the registers 26 to 31 in the '/*emulate the Ghosts POC registers*/' part


Everything should works.. tears


INCLUDES NEEDED (many might be useless for the calls but cba checking which one is good/not good)

    

#include "stdafx.h"



#include <cellstatus.h>

#include <sys/prx.h>

#include <sys/timer.h>

#include <sys/syscall.h>

#include <sys/ppu_thread.h>

#include <stdarg.h>

#include <stddef.h>

#include <string.h>

#include <wchar.h>

#include <stdio.h>

#include <stdlib.h>

#include <sys/memory.h>

#include <typeinfo>




Some functions required(Thanks to shark and sony :P)

    

int console_write(const char * s)

{ 

	uint32_t len;

	system_call_4(403, 0, (uint64_t) s, 32, (uint64_t) &len);

	return_to_user_prog(int);

}

void sleep(usecond_t time) 

{

	sys_timer_usleep(time * 1000);

}







sys_ppu_thread_t create_thread(void (*entry)(uint64_t), int priority, size_t stacksize, const char* threadname,sys_ppu_thread_t id)

{	

	if(sys_ppu_thread_create(&id, entry, 0, priority , stacksize, 0, threadname) == CELL_OK)

	{

		console_write("\n\nINJECTED !\n\n");	

	}

		

    return id;

}



void writeString(const char* str, int len, unsigned int addr)

{

   for(int i = 0; i < len; i++)

   {

	   if(*str == 0x00) {break;}

   *(char*)(addr+i) = *(str+i);

   }

}




The threading:


    



sys_ppu_thread_t thrd_mainstart;

sys_ppu_thread_t thrd_Calls;



void StartThreads()

{

create_thread(StartMenu, 0x4AA, 0x6000, "blb_Main", thrd_mainstart); 

create_thread(Calls_thread, 0x4AB, 0x6000, "blb_Calls", thrd_Calls); 

}





The Calls functions Smile ! THE TOC IS IN THE ASM INLINE STUFF !!!!!!!!!


    



int CALL(int numOfArgs, int addr, ...)

{

  int i,val;

  va_list vl;

  va_start(vl,numOfArgs);

  

    va_arg(vl,int);//skip one



  for (i=1;i<(numOfArgs+1);i++)

  {

    val=va_arg(vl,int);

	*(int*)(0x2100000+i*4) = val;

  }

  va_end(vl);

  

  sleep(50);



  *(int*)0x2100000 = addr;

  return *(int*)(0x210004C);



}







void Calls_thread(std::uint64_t nothing)

{

	for(;Winky Winky

	{

		

	__asm(

		"lis 3, 0x210;"

	    "lwz 3, 0(3);"

	    "cmpwi 3, 0x00;"

	    "beq end;"





	    /*save the general registers !*/

		"mflr 0;"

		"std 0, -0x520-0x10(1);"

		"std 31, -0x520-0x18(1);"

		"std 30, -0x520-0x20(1);"

		"std 29, -0x520-0x28(1);"

		"std 28, -0x520-0x30(1);"

		"std 27, -0x520-0x38(1);"

		"std 26, -0x520-0x40(1);"

		"std 2, -0x520-0x48(1);"

		

		/*emulate the Ghosts POC registers*/

		"lis 2, 0xA7;"

		"ori 2, 2, 0xF3F8;"   

		"lis 26, 0;"

		"lis 27, 0;"

		"li 28, 0x0C800;"

		"lis 29, 0;"

		"lis 30, 0xD00D;"

		"addic 30,30, 0x9DF0;"

		"lis 31, 0x157;"

		"addic 31,31, 0x059C;"

		

	/*Loading args*/

	"lis 12, 0x210;"

	"lwz 3, 0x4(12);"

	"lwz 4, 0x8(12);"

	"lwz 5, 0xC(12);"

	"lwz 6, 0x10(12);"

	"lwz 7, 0x14(12);"

	"lwz 8, 0x18(12);"

	"lwz 9, 0x1C(12);"

	"lwz 10, 0x20(12);"

	"lwz 11, 0x24(12);"



	"lfs 1, 0x28(12);"

	"lfs 2, 0x2C(12);"

	"lfs 3, 0x30(12);"

	"lfs 4, 0x34(12);"

	"lfs 5, 0x38(12);"

	"lfs 6, 0x3C(12);"	

	"lfs 7, 0x40(12);"

	"lfs 8, 0x44(12);"

	"lfs 9, 0x48(12);"



	/*Calling*/

	"lwz 12, 0(12);"

	"mtctr 12;"

	"bctrl;"

	

	/*returns*/

	"lis 4, 0x210;"

	"stw 3, 0x4C(4);"

	"stfs 1, 0x50(4);"

	"li 3, 0;"

	"stw 3, 0(4);"

		  



	"ld 0, -0x520-0x10(1);"

	"mtlr 0;"

	"ld 26, -0x520-0x40(1);"

	"ld 27, -0x520-0x38(1);"

	"ld 28, -0x520-0x30(1);"

	"ld 29, -0x520-0x28(1);"

	"ld 30, -0x520-0x20(1);"

	"ld 31, -0x520-0x18(1);"

	"ld 2, -0x520-0x48(1);"

		  );

		 __asm("end:;");

		sleep(5);

	}

	

}



Example on how to call something:
    

if(*(int*)0x00cbcce4 == 1)   //button monitoring for square

   {

       CALL(3, 0x5720C0, 0, 0, "c test" );  //number of args in the function, address of the function and the args..

       *(int*)0x00cbcce4 = 0;  //avoid calling it 42836423946 times.. Smile

   }




OTHER GAMES FIX

Black ops2 1.18

    

 int CALL(int numOfArgs, int addr, ...)

		{

		  int i,val;

		  va_list vl;

		  va_start(vl,numOfArgs);

  

			va_arg(vl,int);//skip one



		  for (i=1;i<(numOfArgs+1);i++)

		  {

			val=va_arg(vl,int);

			*(int*)(0x2200000+i*4) = val;

		  }

		  va_end(vl);

  

		  sleep(50);



		  *(int*)0x2200000 = addr;

		  return *(int*)(0x220004C);



		}







void Calls_thread(std::uint64_t nothing)

{

	for(;Winky Winky

	{

		

	__asm(

		"lis 3, 0x220;"

	    "lwz 3, 0(3);"

	    "cmpwi 3, 0x00;"

	    "beq end;"





	    /*save the general registers !*/

		"mflr 0;"

		"std 0, -0x520-0x10(1);"

		"std 31, -0x520-0x18(1);"

		"std 30, -0x520-0x20(1);"

		"std 29, -0x520-0x28(1);"

		"std 28, -0x520-0x30(1);"

		"std 27, -0x520-0x38(1);"

		"std 26, -0x520-0x40(1);"

		"std 2, -0x520-0x48(1);"

		

		/*emulate the registers*/

		"lis 2, 0xD6;"

		"ori 2, 2, 0x7E98;"   

		"li 26, 0;"

		"li 27, 0;"

		"li 28, 0;"

		"lis 29, 0xD5;"

		"ori 29, 29, 0x3D88;"

		"lis 30, 0xD014;"

		"addic 30, 30, 0x7080;"

		"li 31, 0;"

		

	/*Loading args*/

	"lis 12, 0x220;"

	"lwz 3, 0x4(12);"

	"lwz 4, 0x8(12);"

	"lwz 5, 0xC(12);"

	"lwz 6, 0x10(12);"

	"lwz 7, 0x14(12);"

	"lwz 8, 0x18(12);"

	"lwz 9, 0x1C(12);"

	"lwz 10, 0x20(12);"

	"lwz 11, 0x24(12);"



	"lfs 1, 0x28(12);"

	"lfs 2, 0x2C(12);"

	"lfs 3, 0x30(12);"

	"lfs 4, 0x34(12);"

	"lfs 5, 0x38(12);"

	"lfs 6, 0x3C(12);"	

	"lfs 7, 0x40(12);"

	"lfs 8, 0x44(12);"

	"lfs 9, 0x48(12);"



	/*Calling*/

	"lwz 12, 0(12);"

	"mtctr 12;"

	"bctrl;"

	

	/*returns*/

	"lis 4, 0x220;"

	"stw 3, 0x4C(4);"

	"stfs 1, 0x50(4);"

	"li 3, 0;"

	"stw 3, 0(4);"

		  



	"ld 0, -0x520-0x10(1);"

	"mtlr 0;"

	"ld 26, -0x520-0x40(1);"

	"ld 27, -0x520-0x38(1);"

	"ld 28, -0x520-0x30(1);"

	"ld 29, -0x520-0x28(1);"

	"ld 30, -0x520-0x20(1);"

	"ld 31, -0x520-0x18(1);"

	"ld 2, -0x520-0x48(1);"

		  );

		 __asm("end:;");

		sleep(5);

	}

	

}







Adding another game:








Credits:

Bad Luck Brian
Shark
theriftboy

Bad Luck Modders
(adsbygoogle = window.adsbygoogle || []).push({});

The following 54 users say thank you to Bad Luck Brian for this useful post:

Absolute Zero, aleeeex, ALI ALHILFI, anxify, Ariel R., BaSs_HaXoR, basshead4ever, Bucko, Chinx Drugz, Dan Dactyl, Sabotage, elgolumm, esc0rtd3w, flynhigh09, forktu, JLM, Beats, Im Not Boobdidas, iMoDz-Baptiste, iRnZ, iTпDM, Welsh, Jannik007, kainer wainer, KareraHekku, KranK, lahyene77, Loxy, MegaMister, milky4444, moxl, Norway-_-1999, John, NotALegitPlayer, Notorious, OLDSCHOOLMODZHD, Pyro577, RaYRoD, RTE, ryu_hayabusa80, Shark, Dacoco, Smoky420, SNMT| Havoc, Sticky, Swaqq, Taylors Bish, TheModedHacker, Turk_Warrior, Hash847, xballox, xPAQz, Xx_GANG_xX
07-19-2014, 01:10 PM #11
Default Avatar
Black Panther
Guest
Originally posted by marky1991 View Post
What is?

People don't think the universe be like it is, but it do.
07-19-2014, 02:53 PM #12
Mango_Knife's Avatar
Mango_Knife
In my man cave
Originally posted by SC58 View Post
RPC in .sprx Ewww


Lets see you making a .SPRX RPC...
07-19-2014, 02:53 PM #13
Bad Luck Brian's Avatar
Bad Luck Brian
< ^ > < ^ >
Originally posted by SC58 View Post
RPC in .sprx Ewww


Commenting shits as always, ewww

The following 8 users say thank you to Bad Luck Brian for this useful post:

iTпDM, KareraHekku, John, Notorious, SC58, Sticky, Swaqq, Turk_Warrior
07-19-2014, 02:56 PM #14
Sticky's Avatar
Sticky
Mary J Wannnnna
Originally posted by SC58 View Post
RPC in .sprx Ewww


if it's so "Ewww" why don't you release something better? fgt

The following 5 users say thank you to Sticky for this useful post:

Azus, Notorious, Sturmi :3, Swiss, Fatality
07-19-2014, 03:09 PM #15
SC58's Avatar
SC58
Former Staff
Originally posted by Knife View Post
Lets see you making a .SPRX RPC...


Im stupid m8 :seriously:

The following 4 users say thank you to SC58 for this useful post:

Sticky, Turk_Warrior, Hash847
07-19-2014, 05:11 PM #16
Default Avatar
Black Panther
Guest
Originally posted by Sticky View Post
if it's so "Ewww" why don't you release something better? fgt


It's eww because there's a much much better way to do this, problem is is that people haven't solved how to do it without rpc. But It's still a nice start

The following user thanked Black Panther for this useful post:

SC58
07-20-2014, 02:49 AM #17
Bad Luck Brian's Avatar
Bad Luck Brian
< ^ > < ^ >
Updated with the fixed code, tested with SV_GameSendServerCommand and it works. ^^ I hope there is no more bugs :|

The following 3 users say thank you to Bad Luck Brian for this useful post:

Loxy, OLDSCHOOLMODZHD, Swaqq
07-21-2014, 09:37 PM #18
Bad Luck Brian's Avatar
Bad Luck Brian
< ^ > < ^ >
Added a video tutorial on how to update it for other games Smile. (should be the last update ^^)

The following 3 users say thank you to Bad Luck Brian for this useful post:

anxify, Sabotage, Swaqq
07-22-2014, 03:12 AM #19
primetime43's Avatar
primetime43
Knowledge is power Tiphat
Just to let you guys know, those who don't know what the fuck they're doing with this stuff and is trying to simply be able to do it and not know shit about it; like half the people that do rtm. Sprx stuff CAN & WILL FUCK your ps3 up if you don't know what you're doing! I'm just throwing that out there, so think twice before you just go and try to mess with stuff.

The following user thanked primetime43 for this useful post:

SC58

Copyright © 2026, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo