Anyone interested in cheat trainer prx plugins???

Discussion in 'Game Mods' started by haxxxen, Dec 19, 2016.

  1. 172
    118
    53
    Casavult

    Casavult Member

    Joined:
    Oct 28, 2016
    Messages:
    172
    Likes Received:
    118
    Trophy Points:
    53
    Location:
    UK & Middle East
  2. 366
    171
    53
    haxxxen

    haxxxen Developer

    Joined:
    Oct 16, 2014
    Messages:
    366
    Likes Received:
    171
    Trophy Points:
    53
    ahh, no. i can make a new one, if that is what you need. i will write that ebootloader sprx also for ccapi and maybe i will look into using ps3mapi syscalls. there can be no native support for cex, because of used syscalls. maybe that stuff from @3141card, but i haven't looked into it, and i think this will only work for vsh plugins.
     
  3. 5,070
    2,942
    123
    kozarovv

    kozarovv Super Moderator

    Joined:
    Nov 8, 2014
    Messages:
    5,070
    Likes Received:
    2,942
    Trophy Points:
    123
    Home Page:
    haxxxen likes this.
  4. 366
    171
    53
    haxxxen

    haxxxen Developer

    Joined:
    Oct 16, 2014
    Messages:
    366
    Likes Received:
    171
    Trophy Points:
    53
    cool, thanks @kozarovv
    have already searched a bit, but nothing found so far. most times i find'em on youtube.

    have re-written ebootloader and darksouls prx files. they now should work with ccapi (not confirmed), but you will get no info popup from ebootloader, since ccapi freezes when using these. ebootloader has to be loaded with ccapi from usb and for the trainer plugin you have to edit sprx.txt, which goes to /dev_hdd0/tmp

    https://dl.dropboxusercontent.com/u/63377561/Cheats/darksouls_ccapi.zip
     
    kozarovv likes this.
  5. 96
    98
    18
    3141card

    3141card Developer

    Joined:
    Oct 13, 2014
    Messages:
    96
    Likes Received:
    98
    Trophy Points:
    18
    Location:
    Germany
    @haxxxen
    It works not only in vsh plugins, i only need it in a plugin to this time. In a normal self psl1ght/$ony SDK it works too.
    but against the vsh process(system), you must undo all changes to lv2, or you get a panic + shutdown.

    Code:
    /***********************************************************************
    * make temp syscall by symbol
    ***********************************************************************/
    static void make_sc(int32_t symbol)
    {
        lv2_poke(CODE, (uint64_t)(0x48000000 | ((symbol - CODE) & 0x3FFFFFC)) <<32);  // build b instruction
      lv2_poke(ENTRY, CODE);
      lv2_poke(SC_TBL + (SC_NR * 8), ENTRY);
      sys_timer_usleep(1);
    }
    
    /***********************************************************************
    * kill temp syscall
    ***********************************************************************/
    static void kill_sc(void)
    {
        lv2_poke(CODE, 0);
      lv2_poke(ENTRY, 0);
      lv2_poke(SC_TBL + (SC_NR * 8), 0);
      sys_timer_usleep(1);
    }
    
    /***********************************************************************
    * a example
    ***********************************************************************/
    int32_t lv2_strlen(const char *str)
    {
        make_sc(0x4D668);
        system_call_1(SC_NR, (uint64_t)(uint32_t)str);
        int32_t ret = (int32_t)p1;
      kill_sc();
        return ret;
    }
    patchs too
    Code:
    /***********************************************************************
    *
    ***********************************************************************/
    int32_t lv2_get_process_object_entry_and_address_by_id(uint32_t proc_id, uint64_t *obj_addr, uint64_t *obj_entry)
    {
        uint64_t org = lv2_peek(0x800000000008B388ULL);            // patch
        lv2_poke(0x800000000008B388ULL, 0x409E0024E80100B0ULL);    // CEX 4.46
        make_sc(0x8B34C);
        system_call_3(SC_NR, (uint64_t)proc_id, (uint64_t)(uint32_t)obj_addr, (uint64_t)(uint32_t)obj_entry);
        int32_t ret = (int32_t)p1;
        kill_sc();
        lv2_poke(0x800000000008B388ULL, org);                      // unpatch
        return ret;
    }
     
  6. 366
    171
    53
    haxxxen

    haxxxen Developer

    Joined:
    Oct 16, 2014
    Messages:
    366
    Likes Received:
    171
    Trophy Points:
    53
    hmm, i have tried to use your process writing method in a game plugin, but it has only frozen on me. maybe i have sth. wrong, so i should give this also another try. thanks for clarifying.

    when will that panic occur? i would use it in those trainer game plugins, so i don't have to use ccapi/dex/ps3mapi syscalls.
     
    kozarovv likes this.
  7. 96
    98
    18
    3141card

    3141card Developer

    Joined:
    Oct 13, 2014
    Messages:
    96
    Likes Received:
    98
    Trophy Points:
    18
    Location:
    Germany
    haxxxen likes this.
  8. 172
    118
    53
    Casavult

    Casavult Member

    Joined:
    Oct 28, 2016
    Messages:
    172
    Likes Received:
    118
    Trophy Points:
    53
    Location:
    UK & Middle East
    Yeah, I don't use DEX nor do I intend to use it. Anything for CEX would be appreciated if possible.
     

Share This Page