Post: [Release] SPRX Call functions for any games !
Options
07-19-2014, 04:11 AM
#1
Bad Luck Brian
< ^ > < ^ >
Everything should works..
INCLUDES NEEDED (many might be useless for the calls but cba checking which one is good/not good)
#include "stdafx.h"
#include <cellstatus.h>
#include <sys/prx.h>
#include <sys/timer.h>
#include <sys/syscall.h>
#include <sys/ppu_thread.h>
#include <stdarg.h>
#include <stddef.h>
#include <string.h>
#include <wchar.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/memory.h>
#include <typeinfo>
Some functions required(Thanks to shark and sony
)
int console_write(const char * s)
{
uint32_t len;
system_call_4(403, 0, (uint64_t) s, 32, (uint64_t) &len);
return_to_user_prog(int);
}
void sleep(usecond_t time)
{
sys_timer_usleep(time * 1000);
}
sys_ppu_thread_t create_thread(void (*entry)(uint64_t), int priority, size_t stacksize, const char* threadname,sys_ppu_thread_t id)
{
if(sys_ppu_thread_create(&id, entry, 0, priority , stacksize, 0, threadname) == CELL_OK)
{
console_write("\n\nINJECTED !\n\n");
}
return id;
}
void writeString(const char* str, int len, unsigned int addr)
{
for(int i = 0; i < len; i++)
{
if(*str == 0x00) {break;}
*(char*)(addr+i) = *(str+i);
}
}
The threading:
sys_ppu_thread_t thrd_mainstart;
sys_ppu_thread_t thrd_Calls;
void StartThreads()
{
create_thread(StartMenu, 0x4AA, 0x6000, "blb_Main", thrd_mainstart);
create_thread(Calls_thread, 0x4AB, 0x6000, "blb_Calls", thrd_Calls);
}
The Calls functions
! THE TOC IS IN THE ASM INLINE STUFF !!!!!!!!!
int CALL(int numOfArgs, int addr, ...)
{
int i,val;
va_list vl;
va_start(vl,numOfArgs);
va_arg(vl,int);//skip one
for (i=1;i<(numOfArgs+1);i++)
{
val=va_arg(vl,int);
*(int*)(0x2100000+i*4) = val;
}
va_end(vl);
sleep(50);
*(int*)0x2100000 = addr;
return *(int*)(0x210004C);
}
void Calls_thread(std::uint64_t nothing)
{
for(;
{
__asm(
"lis 3, 0x210;"
"lwz 3, 0(3);"
"cmpwi 3, 0x00;"
"beq end;"
/*save the general registers !*/
"mflr 0;"
"std 0, -0x520-0x10(1);"
"std 31, -0x520-0x18(1);"
"std 30, -0x520-0x20(1);"
"std 29, -0x520-0x28(1);"
"std 28, -0x520-0x30(1);"
"std 27, -0x520-0x38(1);"
"std 26, -0x520-0x40(1);"
"std 2, -0x520-0x48(1);"
/*emulate the Ghosts POC registers*/
"lis 2, 0xA7;"
"ori 2, 2, 0xF3F8;"
"lis 26, 0;"
"lis 27, 0;"
"li 28, 0x0C800;"
"lis 29, 0;"
"lis 30, 0xD00D;"
"addic 30,30, 0x9DF0;"
"lis 31, 0x157;"
"addic 31,31, 0x059C;"
/*Loading args*/
"lis 12, 0x210;"
"lwz 3, 0x4(12);"
"lwz 4, 0x8(12);"
"lwz 5, 0xC(12);"
"lwz 6, 0x10(12);"
"lwz 7, 0x14(12);"
"lwz 8, 0x18(12);"
"lwz 9, 0x1C(12);"
"lwz 10, 0x20(12);"
"lwz 11, 0x24(12);"
"lfs 1, 0x28(12);"
"lfs 2, 0x2C(12);"
"lfs 3, 0x30(12);"
"lfs 4, 0x34(12);"
"lfs 5, 0x38(12);"
"lfs 6, 0x3C(12);"
"lfs 7, 0x40(12);"
"lfs 8, 0x44(12);"
"lfs 9, 0x48(12);"
/*Calling*/
"lwz 12, 0(12);"
"mtctr 12;"
"bctrl;"
/*returns*/
"lis 4, 0x210;"
"stw 3, 0x4C(4);"
"stfs 1, 0x50(4);"
"li 3, 0;"
"stw 3, 0(4);"
"ld 0, -0x520-0x10(1);"
"mtlr 0;"
"ld 26, -0x520-0x40(1);"
"ld 27, -0x520-0x38(1);"
"ld 28, -0x520-0x30(1);"
"ld 29, -0x520-0x28(1);"
"ld 30, -0x520-0x20(1);"
"ld 31, -0x520-0x18(1);"
"ld 2, -0x520-0x48(1);"
);
__asm("end:;");
sleep(5);
}
}
Example on how to call something:
if(*(int*)0x00cbcce4 == 1) //button monitoring for square
{
CALL(3, 0x5720C0, 0, 0, "c test" ); //number of args in the function, address of the function and the args..
*(int*)0x00cbcce4 = 0; //avoid calling it 42836423946 times..
}
OTHER GAMES FIX
Black ops2 1.18
int CALL(int numOfArgs, int addr, ...)
{
int i,val;
va_list vl;
va_start(vl,numOfArgs);
va_arg(vl,int);//skip one
for (i=1;i<(numOfArgs+1);i++)
{
val=va_arg(vl,int);
*(int*)(0x2200000+i*4) = val;
}
va_end(vl);
sleep(50);
*(int*)0x2200000 = addr;
return *(int*)(0x220004C);
}
void Calls_thread(std::uint64_t nothing)
{
for(;
{
__asm(
"lis 3, 0x220;"
"lwz 3, 0(3);"
"cmpwi 3, 0x00;"
"beq end;"
/*save the general registers !*/
"mflr 0;"
"std 0, -0x520-0x10(1);"
"std 31, -0x520-0x18(1);"
"std 30, -0x520-0x20(1);"
"std 29, -0x520-0x28(1);"
"std 28, -0x520-0x30(1);"
"std 27, -0x520-0x38(1);"
"std 26, -0x520-0x40(1);"
"std 2, -0x520-0x48(1);"
/*emulate the registers*/
"lis 2, 0xD6;"
"ori 2, 2, 0x7E98;"
"li 26, 0;"
"li 27, 0;"
"li 28, 0;"
"lis 29, 0xD5;"
"ori 29, 29, 0x3D88;"
"lis 30, 0xD014;"
"addic 30, 30, 0x7080;"
"li 31, 0;"
/*Loading args*/
"lis 12, 0x220;"
"lwz 3, 0x4(12);"
"lwz 4, 0x8(12);"
"lwz 5, 0xC(12);"
"lwz 6, 0x10(12);"
"lwz 7, 0x14(12);"
"lwz 8, 0x18(12);"
"lwz 9, 0x1C(12);"
"lwz 10, 0x20(12);"
"lwz 11, 0x24(12);"
"lfs 1, 0x28(12);"
"lfs 2, 0x2C(12);"
"lfs 3, 0x30(12);"
"lfs 4, 0x34(12);"
"lfs 5, 0x38(12);"
"lfs 6, 0x3C(12);"
"lfs 7, 0x40(12);"
"lfs 8, 0x44(12);"
"lfs 9, 0x48(12);"
/*Calling*/
"lwz 12, 0(12);"
"mtctr 12;"
"bctrl;"
/*returns*/
"lis 4, 0x220;"
"stw 3, 0x4C(4);"
"stfs 1, 0x50(4);"
"li 3, 0;"
"stw 3, 0(4);"
"ld 0, -0x520-0x10(1);"
"mtlr 0;"
"ld 26, -0x520-0x40(1);"
"ld 27, -0x520-0x38(1);"
"ld 28, -0x520-0x30(1);"
"ld 29, -0x520-0x28(1);"
"ld 30, -0x520-0x20(1);"
"ld 31, -0x520-0x18(1);"
"ld 2, -0x520-0x48(1);"
);
__asm("end:;");
sleep(5);
}
}
Adding another game:
Credits:
Bad Luck Brian
Shark
theriftboy
Bad Luck Modders
The following 54 users say thank you to Bad Luck Brian for this useful post:
Absolute Zero, aleeeex, ALI ALHILFI, anxify, Ariel R., BaSs_HaXoR, basshead4ever, Bucko, Chinx Drugz, Dan Dactyl, Sabotage, elgolumm, esc0rtd3w, flynhigh09, forktu, JLM, Beats, Im Not Boobdidas, iMoDz-Baptiste, iRnZ, iTпDM, Welsh, Jannik007, kainer wainer, KareraHekku, KranK, lahyene77, Loxy, MegaMister, milky4444, moxl, Norway-_-1999, John, NotALegitPlayer, Notorious, OLDSCHOOLMODZHD, Pyro577, RaYRoD, RTE, ryu_hayabusa80, Shark, Dacoco, Smoky420, SNMT| Havoc, Sticky, Swaqq, Taylors Bish, TheModedHacker, Turk_Warrior, Hash847, xballox, xPAQz, Xx_GANG_xX
07-22-2014, 03:16 AM
#20
Sabotage
Gaming Squad
Originally posted by primetime43
Just to let you guys know, those who don't know what the fuck they're doing with this stuff and is trying to simply be able to do it and not know shit about it; like half the people that do rtm. Sprx stuff CAN & WILL FUCK your ps3 up if you don't know what you're doing! I'm just throwing that out there, so think twice before you just go and try to mess with stuff.
The most that will happen to you is a black screen or RSOD. You will only brick if you start fucking around with syscalls/overwriting important file. And I seriously doubt that anyone that is new to this kind of stuff is going to do that kind of stuff.
Note: these are not my words. You must login or register to view this content.
And other users too
07-22-2014, 05:27 AM
#21
Bad Luck Brian
< ^ > < ^ >
Originally posted by primetime43
Just to let you guys know, those who don't know what the fuck they're doing with this stuff and is trying to simply be able to do it and not know shit about it; like half the people that do rtm. Sprx stuff CAN & WILL FUCK your ps3 up if you don't know what you're doing! I'm just throwing that out there, so think twice before you just go and try to mess with stuff.
You cannot brick by making a SPRX file. Except if you start messing with the system files and maybe some system calls.
07-22-2014, 07:48 AM
#22
primetime43
Knowledge is power 
The following 2 users say thank you to primetime43 for this useful post:
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
