[PPC] How to reverse GSCr Functions for use in C#!

01cedric

Newbie
Jan 16, 2016
14
6
13
24
Welcome to this Tutorial!
I´ve learned all of this mostly by myself, while discovering the CoD PDBs and compared the Functions within PseudoCode and Graph-View! Anyway lets start off...

Things required:
- A PDB (Server File) of your choice ( I recommend Ghosts PDB for IW Games and BO1/BO2 PDB for Treyarch Games)
- An Elf of the Games you want (I will be using MW3 1.24 defulat_Mp.elf)
- IDA Pro 6.1 (Recommended is 6.6)
- Low Requirements in PPC
- A Brain

Open both up and let them load completely until it tells you "idle" in IDA:

[hide]
[/hide]

Next up, go to the PDB File and search for a Function you want. I will use for this Tutorial PrecacheShader, as of its quite easy to reverse in my opinion. Go to the Function window (usually on the left site), click on it and go on the Top to Search -> Search and type your Function you want to search. In my case I search for -> PrecacheMaterial <- and you´ll find it (Treyarch Games are different to this one, try search for precacheshader, if you wont find it with the above one!) Doubleclick in the Function Window on the Function you want and it will pop up like this:

[hide]
[/hide]

In Most cases, its easier to use the Graph, but in this Case, we will use Textview. To get the Text-View, right-click on the Function and you´ll see "Text-View" (or something like this). Click on it.
Next Step is, to Locate the Functions, which are calling this one. These are most likely somewhere at the Bottom of the Function. In This we´re gonna scroll a little bit down and we will find this function!

[hide]
[/hide]

As of we know, that it needs to be a Material/Shader, we know that its this functionwe need. So lets get and search it for MW3.
Here is a good Pastebin from Shark, where he dumped most likely all GSC Functions for almost every CoD (incl. BO3):

[hide]
[/hide]

What we are gonna do, is open up our ELF (from 1.24 MW3) and going to the Offset of the PrecacheShader, which we´ve found in the Dump.

It will look very similiar to the one we´ve saw in the PDB.
So we scroll down in the precacheShader function and we´ll see the G_MaterialIndex over there.

[hide]
[/hide]

Thats the Function we need to use for calling the GSC Function within C#, the only thing you´ll need to find (its in the Precacheshader function aswell) is level_local_t for precaching. I won´t give you the whole Code, but I will give you some "Basic-Riddle-Code" for you to complete! (Please don´t post in on here, keep it for yourself, as of you would destroy others fun)

Sorry for my bad english, I´m from Switzerland :p

NOTE: Not every GSCr Function can be used within C#, as of not every Function getting called from another Function :) Most of them are, but some aren´t!


Peace out
- 01cedricv2

-Riddle-

[hide]
CSS:
public static int PrecacheShader(string Material)
        {
            PS3.Extension.WriteByte(0x00000000, 1); // The levels_local_t check
            int MaterialIndex = RPC.Call(0x1BE744, Material);
            PS3.Extension.WriteByte(0x00000000, 0); // The levels_local_t check
            return MaterialIndex;
        }
[/hide]

Who can find these Checks (Keep in it private for others to try)
 
  • Like
Reactions: LEGACYY and Cyb3r

Cyb3r

RG Admin
RG Admin
Feb 21, 2015
1,657
852
123
It's good to keep learning, I will get a cup coffee before reading this. :D
 

01cedric

Newbie
Jan 16, 2016
14
6
13
24
It's good to keep learning, I will get a cup coffee before reading this. :D
huehuehue, Yes! Thats what I mean! Everyone can just copy & paste, but if you really want to mod Games, then you need to learn! :) Thats why I implemented a riddle.
 

LEGACYY

⚝ Retired ⚝
RG Prime
Oct 4, 2015
2,355
767
123
Jamaica
i like this tutorial when i'm feeling a little better i will spend time and read this, Incredible work (y)
 

Cyb3r

RG Admin
RG Admin
Feb 21, 2015
1,657
852
123
huehuehue, Yes! Thats what I mean! Everyone can just copy & paste, but if you really want to mod Games, then you need to learn! :) Thats why I implemented a riddle.
I'm not a noob though but it's good to learn something new, TBH I never got into this COD mess because I hate COD games lol
 

SyGnUs

Newbie
Mar 27, 2015
7
16
13
22
Welcome to this Tutorial!
I´ve learned all of this mostly by myself, while discovering the CoD PDBs and compared the Functions within PseudoCode and Graph-View! Anyway lets start off...

Things required:
- A PDB (Server File) of your choice ( I recommend Ghosts PDB for IW Games and BO1/BO2 PDB for Treyarch Games)
- An Elf of the Games you want (I will be using MW3 1.24 defulat_Mp.elf)
- IDA Pro 6.1 (Recommended is 6.6)
- Low Requirements in PPC
- A Brain

Open both up and let them load completely until it tells you "idle" in IDA:

***Hidden content cannot be quoted.***

Next up, go to the PDB File and search for a Function you want. I will use for this Tutorial PrecacheShader, as of its quite easy to reverse in my opinion. Go to the Function window (usually on the left site), click on it and go on the Top to Search -> Search and type your Function you want to search. In my case I search for -> PrecacheMaterial <- and you´ll find it (Treyarch Games are different to this one, try search for precacheshader, if you wont find it with the above one!) Doubleclick in the Function Window on the Function you want and it will pop up like this:

***Hidden content cannot be quoted.***

In Most cases, its easier to use the Graph, but in this Case, we will use Textview. To get the Text-View, right-click on the Function and you´ll see "Text-View" (or something like this). Click on it.
Next Step is, to Locate the Functions, which are calling this one. These are most likely somewhere at the Bottom of the Function. In This we´re gonna scroll a little bit down and we will find this function!

***Hidden content cannot be quoted.***

As of we know, that it needs to be a Material/Shader, we know that its this functionwe need. So lets get and search it for MW3.
Here is a good Pastebin from Shark, where he dumped most likely all GSC Functions for almost every CoD (incl. BO3):

***Hidden content cannot be quoted.***

What we are gonna do, is open up our ELF (from 1.24 MW3) and going to the Offset of the PrecacheShader, which we´ve found in the Dump.

It will look very similiar to the one we´ve saw in the PDB.
So we scroll down in the precacheShader function and we´ll see the G_MaterialIndex over there.

***Hidden content cannot be quoted.***

Thats the Function we need to use for calling the GSC Function within C#, the only thing you´ll need to find (its in the Precacheshader function aswell) is level_local_t for precaching. I won´t give you the whole Code, but I will give you some "Basic-Riddle-Code" for you to complete! (Please don´t post in on here, keep it for yourself, as of you would destroy others fun)

Sorry for my bad english, I´m from Switzerland :p

NOTE: Not every GSCr Function can be used within C#, as of not every Function getting called from another Function :) Most of them are, but some aren´t!


Peace out
- 01cedricv2

-Riddle-

***Hidden content cannot be quoted.***

Who can find these Checks (Keep in it private for others to try)

Nice tutorial, but you should consider adding another function to reverse, as the PrecacheShader/Material function is pretty common knowledge.
 

01cedric

Newbie
Jan 16, 2016
14
6
13
24
Nice tutorial, but you should consider adding another function to reverse, as the PrecacheShader/Material function is pretty common knowledge.
It should be a Tutorial for guys without good knownledge, thats why I made an easy one for those which just started learning :)
 

Shark

Newbie
Jan 18, 2016
1
2
3
29
reverse Scr_MagicBullet :tears:

JavaScript:
void magicBullet(gentity_s* self, int32_t weapon, const vec3_t start, const vec3_t end)
{
    static const vec3_t gunVel = { };
    WeaponDef* weapDef = BG_GetWeaponDef(weapon);
    WeaponVariantDef* weapVariantDef = BG_GetWeaponVariantDef(weapon);
    weaponParms parms;
    memset(&parms, 0, sizeof(parms));
    float fraction, length, x, y, z;
    vec3_t targetOffset = { }, angles, forward;
    gentity_s* rocket = NULL;

    parms.weapDef = weapDef;
    parms.weapVariantDef = weapVariantDef;
    parms.weapon = weapon;
    VectorCopy(start, parms.muzzleTrace);

    x = end[0] - start[0];
    y = end[1] - start[1];
    z = end[2] - start[2];

    length = sqrt(x * x + y * y + z * z);

    fraction = length >= 0 ? 1 / length : 1;
    VectorSet(parms.forward, x * fraction, y * fraction, z * fraction);
    VectorCopy(parms.forward, forward);

    switch (weapDef->weaponType)
    {
    case WEAPTYPE_BULLET:
        Bullet_Fire(self, 0, &parms, NULL, level->time);
        break;
    case WEAPTYPE_PROJECTILE:
        rocket = Weapon_RocketLauncher_Fire(self, weapon, 0, &parms, gunVel, NULL, targetOffset, 0);
        break;
    default:
        return;
    }

    gentity_s* tempent = G_TempEntity(start, EV_FIRE_WEAPON_SCRIPTED);
    vectoangles(angles, forward);
    G_SetAngle(tempent, angles);
    tempent->s.weapon = weapon;
    tempent->s.eventParms[tempent->s.eventSequence] = 0;
    tempent->s.eventParm = self->s.number;
    if (rocket)
        Scr_AddEntity(SCRIPTINSTANCE_SERVER, rocket);
}
 
  • Like
Reactions: SyGnUs and 01cedric

01cedric

Newbie
Jan 16, 2016
14
6
13
24
reverse Scr_MagicBullet :tears:

JavaScript:
void magicBullet(gentity_s* self, int32_t weapon, const vec3_t start, const vec3_t end)
{
    static const vec3_t gunVel = { };
    WeaponDef* weapDef = BG_GetWeaponDef(weapon);
    WeaponVariantDef* weapVariantDef = BG_GetWeaponVariantDef(weapon);
    weaponParms parms;
    memset(&parms, 0, sizeof(parms));
    float fraction, length, x, y, z;
    vec3_t targetOffset = { }, angles, forward;
    gentity_s* rocket = NULL;

    parms.weapDef = weapDef;
    parms.weapVariantDef = weapVariantDef;
    parms.weapon = weapon;
    VectorCopy(start, parms.muzzleTrace);

    x = end[0] - start[0];
    y = end[1] - start[1];
    z = end[2] - start[2];

    length = sqrt(x * x + y * y + z * z);

    fraction = length >= 0 ? 1 / length : 1;
    VectorSet(parms.forward, x * fraction, y * fraction, z * fraction);
    VectorCopy(parms.forward, forward);

    switch (weapDef->weaponType)
    {
    case WEAPTYPE_BULLET:
        Bullet_Fire(self, 0, &parms, NULL, level->time);
        break;
    case WEAPTYPE_PROJECTILE:
        rocket = Weapon_RocketLauncher_Fire(self, weapon, 0, &parms, gunVel, NULL, targetOffset, 0);
        break;
    default:
        return;
    }

    gentity_s* tempent = G_TempEntity(start, EV_FIRE_WEAPON_SCRIPTED);
    vectoangles(angles, forward);
    G_SetAngle(tempent, angles);
    tempent->s.weapon = weapon;
    tempent->s.eventParms[tempent->s.eventSequence] = 0;
    tempent->s.eventParm = self->s.number;
    if (rocket)
        Scr_AddEntity(SCRIPTINSTANCE_SERVER, rocket);
}
Sharky-boi is on here? Dream comes true :X3::zombie:
 

Brad P

Banned
Jul 15, 2014
577
338
93
30
Welcome to this Tutorial!
I´ve learned all of this mostly by myself, while discovering the CoD PDBs and compared the Functions within PseudoCode and Graph-View! Anyway lets start off...

Things required:
- A PDB (Server File) of your choice ( I recommend Ghosts PDB for IW Games and BO1/BO2 PDB for Treyarch Games)
- An Elf of the Games you want (I will be using MW3 1.24 defulat_Mp.elf)
- IDA Pro 6.1 (Recommended is 6.6)
- Low Requirements in PPC
- A Brain

Open both up and let them load completely until it tells you "idle" in IDA:

***Hidden content cannot be quoted.***

Next up, go to the PDB File and search for a Function you want. I will use for this Tutorial PrecacheShader, as of its quite easy to reverse in my opinion. Go to the Function window (usually on the left site), click on it and go on the Top to Search -> Search and type your Function you want to search. In my case I search for -> PrecacheMaterial <- and you´ll find it (Treyarch Games are different to this one, try search for precacheshader, if you wont find it with the above one!) Doubleclick in the Function Window on the Function you want and it will pop up like this:

***Hidden content cannot be quoted.***

In Most cases, its easier to use the Graph, but in this Case, we will use Textview. To get the Text-View, right-click on the Function and you´ll see "Text-View" (or something like this). Click on it.
Next Step is, to Locate the Functions, which are calling this one. These are most likely somewhere at the Bottom of the Function. In This we´re gonna scroll a little bit down and we will find this function!

***Hidden content cannot be quoted.***

As of we know, that it needs to be a Material/Shader, we know that its this functionwe need. So lets get and search it for MW3.
Here is a good Pastebin from Shark, where he dumped most likely all GSC Functions for almost every CoD (incl. BO3):

***Hidden content cannot be quoted.***

What we are gonna do, is open up our ELF (from 1.24 MW3) and going to the Offset of the PrecacheShader, which we´ve found in the Dump.

It will look very similiar to the one we´ve saw in the PDB.
So we scroll down in the precacheShader function and we´ll see the G_MaterialIndex over there.

***Hidden content cannot be quoted.***

Thats the Function we need to use for calling the GSC Function within C#, the only thing you´ll need to find (its in the Precacheshader function aswell) is level_local_t for precaching. I won´t give you the whole Code, but I will give you some "Basic-Riddle-Code" for you to complete! (Please don´t post in on here, keep it for yourself, as of you would destroy others fun)

Sorry for my bad english, I´m from Switzerland :p

NOTE: Not every GSCr Function can be used within C#, as of not every Function getting called from another Function :) Most of them are, but some aren´t!


Peace out
- 01cedricv2

-Riddle-

***Hidden content cannot be quoted.***

Who can find these Checks (Keep in it private for others to try)
Fantastic post, we could do with a few more threads like this around the site. Great job mate.
 
  • Like
Reactions: 01cedric

01cedric

Newbie
Jan 16, 2016
14
6
13
24
Fantastic post, we could do with a few more threads like this around the site. Great job mate.
Thank you! I am working on something at the moment, so I´ve not much time to write Tutorials, but this what I´m working on right now is hopefully turning out good :)