How To locate Native functions " Step by Step "

KranK

✮ ズ丂ム刀ズ ✮
RG Prime
May 27, 2015
346
388
73
29
Israel
www.csc-xsc.tk
Hey RG in this tutorial I will show you how alocate natives function .

Note: this tutorial focused on GTA 5 , however this will work in Any Rage (RockStar Advanced Gaming Engine) Based game.

Let's get to the tutorial

1. Open IDA

2. Open Last GTA V .elf

3. Click Alt+B

4. its the most tricky part ( we need the value of 'lis %r3' ) that = 3C60 , and we need 2 first bytes of any native hash ill take example with GET_PLAYER_PED = 0x6E31E993

5. so in that case it will be 3C606E31 , so we enter that in the string box and check the checkbox "find all occurences" than click ok

6. now it will take some time until you get the result usual there is only one result but if there if few make sure to chose one that much the actual native hash you searching for and than double click it .
it will look something like
Code:
seg001:00424100 sub_4240F4 lis       r3, 0x6E31 # 0x6E31E993
7.after you duble click it you will see
Code:
seg001:00424100                 lis       r3, 0x6E31 # 0x6E31E993
seg001:00424104                 lis       r4, ((off_1B9B2D8+0x10000)@h)
Depends on what native you search but you got the idea

8. now you have to click on (off_XXXXXXX) in that case its the (off_1B9B2D8) !

9. and it will bring you here
Code:
seg021:01B9B2D8 off_1B9B2D8:    .long loc_1525450       # DATA XREF: sub_4240F4+10*o
you have to click the (loc_XXXXXXX) in that case its the (loc_1525450) !

10. and you will see something like that
Code:
seg001:01525450 loc_1525450:                            # DATA XREF: seg021:off_1B9B2D8*o
seg001:01525450                 mflr      r0
seg001:01525454                 bl        sub_1776544
seg001:01525458                 stdu      r1, -0x80(r1)
seg001:0152545C                 std       r0, 0x90(r1)
seg001:01525460                 mr        r31, r3
seg001:01525464                 lwz       r3, 8(r31)
seg001:01525468                 lwz       r3, 0(r3)
seg001:0152546C                 extsw     r3, r3
seg001:01525470                 bl        sub_41EEF0
seg001:01525474                 lwz       r4, 0(r31)
seg001:01525478                 stw       r3, 0(r4)
seg001:0152547C                 addi      r1, r1, 0x80
seg001:01525480                 b         loc_17765A8
and here we go the second (bl sub_XXXXXX) is our native function in this case its (bl sub_41EEF0)

Hope that it helps !
 

Cain532

Happy Modding
RG Admin
Feb 23, 2015
1,302
684
123
USA
where to find GTA V .elf?
You are going to look in

dev_hdd0/game/BLUS31156/USDIR/ for the BLUS (NTSC) version of them game
dev_hdd0/game/BLES01807/USDIR/ for the BLES (UK) version of the game.