Information
BLES ONLY. Any vehicle you aim and shoot at, will force the vehicle to boost. Doesn't have network requests so won't work on vehicles where online players are the driver.
Preview
Downloads
1. Download the EBOOT.BIN for your firmware type.
2. Copy it to your USB, or run a FTP application such as Filezilla.
3. Copy EBOOT.BIN into /dev_hdd0/game/BLES01807/USRDIR/
How does this work?
First off, we edit an existing GTA function, and make it execute our own code. Below is a breakdown of C++ to PPC, with as much commenting as possible to hopefully help you understand it. If you have any questions just ask but note i am learning myself, so if i don't know the answer your next person to ask is Sabotage.
C++
Power PC
Hook
PLAYER_PED_ID + 3 Instructions (0x424224):
lis %r11, 0x1BF //r11 = 0x1BF0000
ori %r11, %r11, 0xA7E0 //r11 = 0x1BFA7E0
mtctr %r11 //Changes the program counter to 0x1BFA7E0 (Jumps to that address)
bctrl
Our Custom Function
__0x1BFA7E0: //Our custom function
stdu %r1, -0x70(%r1) //Set up the function
mflr %r0 //Set up the function
std %r0, 0x80(%r1) //Set up the function
lis %r11, 0x42 //r11 = 0x420000
ori %r11, %r11, 0x41D4 //r11 = 0x421D4 (PLAYER_ID)
mtctr %r11 //Call PLAYER_ID
bctrl //Call PLAYER_ID (r3 now contains our player_id)
lis %r4, 0x1C7 //r4 = 0x1C70000
addic %r4, %r4, 0x6DE4 //r4 = 0x1C76DE4 Don't know a better way to do this? ori?
addic %r4, %r4, 0x7000 //r4 = 0x1C7DDE4 Target Address
lis %r11, 0x42 //r11 = 0x420000
ori %r11, %r11, 0x3974 //r11 = 0x423974 (_GET_AIMED_ENTITY)
mtctr %r11 //Call _GET_AIMED_ENTITY
bctrl //Call _GET_AIMED_ENTITY (r3 now contains true or false if you are aiming at an entity)
cmpwi %r3, 0 //See if the return was false
beq :[END] //If its false, jump to end of this function, otherwise carry on.
lis %r11, 0x42 //r11 = 0x420000
ori %r11, %r11, 0x41D4 //r11 = 0x4241D4 (PLAYER_ID)
mtctr %r11 //Call PLAYER_ID
bctrl //Call PLAYER_ID (r3 now contains our player_id)
lis %r11, 0x42 //r11 = 0x420000
ori %r11, %r11, 0x19C8 //r11 = 0x4219C8 (GET_PLAYER_PED)
mtctr %r11 //Call GET_PLAYER_PED
bctrl //Call GET_PLAYER_PED (r3 now contains our Ped ID)
lis %r11, 0x40 //r11 = 0x400000
ori %r11, %r11, 0x79DC //r11 = 0x4079DC
mtctr %r11 //Call IS_PED_SHOOTING
bctrl //Call IS_PED_SHOOTING (r3 now contains true or false if we are shooting)
cmpwi %r3, 0 //See if it returns false
beq :[END] //If it did return false, meaning we are not shooting, jump to end of function
lis %r11, 0x1C7 //r11 = 0x1C70000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
lwz %r3, 0(%r11) //r3 = readint32(0x1C7DDE4) so r3 = target
lis %r11, 0x3A //r11 = 0x3A0000
ori %r11, %r11, 0xD408 //r11 = 0x3AD408 (IS_ENTITY_A_PED)
mtctr %r11 //Call IS_ENTITY_A_PED
bctrl //Call IS_ENTITY_A_PED (r3 contains true/false if target is ped)
cmpwi %r3, 0 //see if entity is ped
beq :[VehCheck] //if its not a ped, jump to check if its a vehicle
lis %r11, 0x1C7 //r11 = 0x1C70000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
lwz %r3, 0(%r11) //r3 = readint32(0x1C7DDE4) so r3 = target
li %r4, 0 //r4 = 0
lis %r11, 0x40 // r11 = 0x400000
ori %r11, %r11, 0x56A8 //r11 = 0x4056A8(IS_PED_IN_ANY_VEHICLE)
mtctr %r11 //Call IS_PED_IN_ANY_VEHICLE
bctrl //Call IS_PED_IN_ANY_VEHICLE returns true/false
cmpwi %r3, 0 //See if it returns false
beq :[END] //If ped isn't in vehicle, go to end of function
lis %r11, 0x1C7 //r11 = 0x1C70000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
lwz %r3, 0(%r11) //r3 = readint32(0x1C7DDE4) so r3 = target
li %r4, 0 //r4 = 0
lis %r11, 0x40 //r11 = 0x400000
ori %r11, %r11, 0x8DA8 //r11 = 0x408DA8 (GET_VEHICLE_PED_IS_IN)
mtctr %r11 //Call GET_VEHICLE_PED_IS_IN
bctrl //Call GET_VEHICLE_PED_IS_IN r3 = vehicle ID
lis %r11, 0x1C7 //r11 = 0x1C0000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
stw %r3, 0(%r11) //write new target (vehicle) to target address
lis %r11, 0x1C7 [VehCheck] //r11 = 0x1C70000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
lwz %r3, 0(%r11) //r3 = readint32(0x1C7DDE4) so r3 = target
lis %r11, 0x3A //r11 = 0x3A0000
ori %r11, %r11, 0xD4E4 //r11 = 0x3AD4E4
mtctr %r11 //Call IS_ENTITY_A_VEHICLE
bctrl //Call IS_ENTITY_A_VEHICLE returns true/false into r3
cmpwi %r3, 0 //See if entity isn't vehiclebeq :[END] //Jump to end if its not a vehicle
lis %r11, 0x1C7 //r11 = 0x1C0000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
lwz %r3, 0(%r11) //r3 = readint32(0x1C7DDE4) so r3 = target
lfs %f1, 4(%r11) //f1 (float register) = readFloat(0x1C7DDE4 + 4) so f1 = 100f
lis %r11, 0x45 //r11 = 0x450000
ori %r11, %r11, 0x1600 //r11 = 0x451600 (SET_VEHICLE_FORWARD_SPEED)
mtctr %r11 //Call SET_VEHICLE_FORWARD_SPEED
bctrl //Call SET_VEHICLE_FORWARD_SPEED
lis %r4, 0x1CE :[END] //r4 = 0x1CE0000 We broke PLAYER_PED_ID, so the following lines fix it
addic %r4, %r4, 0x4CF8 //r4 = 0x1CE4CF8
addic %r4, %r4, 0x4000 //r4 = 0x1CE8CF8
li %r3, 0 //r3 = 0
lwz %r4, 0x7000(%r4) //r4 = read4bytes(0x1CE8CF8 + 0x7000)
lwz %r4, 0x04(%r4) //r4 = read4bytes(r4 + 4)ld %r0, 0x80(%r1) //end function
mtlr %r0 //end function
addi %r1, %r1, 0x70 //end function
blr //end function return
Machine Code
Hook (0x424224) - 3D 60 01 BF 61 6B A7 E0 7D 69 03 A6 4E 80 04 21
Custom Function (0x1BFA7E0) - F8 21 FF 91 7C 08 02 A6 F8 01 00 80 3D 60 00 42 61 6B 41 D4 7D 69 03 A6 4E 80 04 21 3C 80 01 C7 30 84 6D E4 30 84 70 00 3D 60 00 42 61 6B 39 74 7D 69 03 A6 4E 80 04 21 2C 03 00 00 41 82 01 10 3D 60 00 42 61 6B 41 D4 7D 69 03 A6 4E 80 04 21 3D 60 00 42 61 6B 19 C8 7D 69 03 A6 4E 80 04 21 3D 60 00 40 61 6B 79 DC 7D 69 03 A6 4E 80 04 21 2C 03 00 00 41 82 00 D8 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 80 6B 00 00 3D 60 00 3A 61 6B D4 08 7D 69 03 A6 4E 80 04 21 2C 03 00 00 41 82 00 64 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 80 6B 00 00 38 80 00 00 3D 60 00 40 61 6B 56 A8 7D 69 03 A6 4E 80 04 21 2C 03 00 00 41 82 00 84 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 80 6B 00 00 38 80 00 00 3D 60 00 40 61 6B 8D A8 7D 69 03 A6 4E 80 04 21 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 90 6B 00 00 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 80 6B 00 00 3D 60 00 3A 61 6B D4 E4 7D 69 03 A6 4E 80 04 21 2C 03 00 00 41 82 00 28 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 80 6B 00 00 C0 2B 00 04 3D 60 00 45 61 6B 16 00 7D 69 03 A6 4E 80 04 21 3C 80 01 CE 30 84 4C F8 30 84 40 00 38 60 00 00 80 84 70 00 80 84 00 04 E8 01 00 80 7C 08 03 A6 38 21 00 70 4E 80 00 20
Credits to NGU for the Thread
BLES ONLY. Any vehicle you aim and shoot at, will force the vehicle to boost. Doesn't have network requests so won't work on vehicles where online players are the driver.
Preview
Downloads
- BLES CEX - Download EBOOT.BIN
- BLES DEX - Download EBOOT.BIN
1. Download the EBOOT.BIN for your firmware type.
2. Copy it to your USB, or run a FTP application such as Filezilla.
3. Copy EBOOT.BIN into /dev_hdd0/game/BLES01807/USRDIR/
How does this work?
First off, we edit an existing GTA function, and make it execute our own code. Below is a breakdown of C++ to PPC, with as much commenting as possible to hopefully help you understand it. If you have any questions just ask but note i am learning myself, so if i don't know the answer your next person to ask is Sabotage.
C++
Code:
int Target = 0; //Stored At 0x1C7DDE4
float Speed = 100f; //Stored At 0x1C7DDE8
if (_GET_AIMED_ENTITY(PLAYER_ID(), &Target))
{
if (IS_PED_SHOOTING(PLAYER::PLAYER_PED_ID())
{
if (IS_ENTITY_A_PED(Target))
{
if (IS_PED_IN_ANY_VEHICLE(Target, false))
{
Target = GET_VEHICLE_PED_IS_IN(Target, false);
}
}
if (IS_ENTITY_A_VEHICLE(Target))
{
SET_VEHICLE_FORWARD_SPEED(Target, Speed);
}
}}Power PC
Hook
PLAYER_PED_ID + 3 Instructions (0x424224):
lis %r11, 0x1BF //r11 = 0x1BF0000
ori %r11, %r11, 0xA7E0 //r11 = 0x1BFA7E0
mtctr %r11 //Changes the program counter to 0x1BFA7E0 (Jumps to that address)
bctrl
Our Custom Function
__0x1BFA7E0: //Our custom function
stdu %r1, -0x70(%r1) //Set up the function
mflr %r0 //Set up the function
std %r0, 0x80(%r1) //Set up the function
lis %r11, 0x42 //r11 = 0x420000
ori %r11, %r11, 0x41D4 //r11 = 0x421D4 (PLAYER_ID)
mtctr %r11 //Call PLAYER_ID
bctrl //Call PLAYER_ID (r3 now contains our player_id)
lis %r4, 0x1C7 //r4 = 0x1C70000
addic %r4, %r4, 0x6DE4 //r4 = 0x1C76DE4 Don't know a better way to do this? ori?
addic %r4, %r4, 0x7000 //r4 = 0x1C7DDE4 Target Address
lis %r11, 0x42 //r11 = 0x420000
ori %r11, %r11, 0x3974 //r11 = 0x423974 (_GET_AIMED_ENTITY)
mtctr %r11 //Call _GET_AIMED_ENTITY
bctrl //Call _GET_AIMED_ENTITY (r3 now contains true or false if you are aiming at an entity)
cmpwi %r3, 0 //See if the return was false
beq :[END] //If its false, jump to end of this function, otherwise carry on.
lis %r11, 0x42 //r11 = 0x420000
ori %r11, %r11, 0x41D4 //r11 = 0x4241D4 (PLAYER_ID)
mtctr %r11 //Call PLAYER_ID
bctrl //Call PLAYER_ID (r3 now contains our player_id)
lis %r11, 0x42 //r11 = 0x420000
ori %r11, %r11, 0x19C8 //r11 = 0x4219C8 (GET_PLAYER_PED)
mtctr %r11 //Call GET_PLAYER_PED
bctrl //Call GET_PLAYER_PED (r3 now contains our Ped ID)
lis %r11, 0x40 //r11 = 0x400000
ori %r11, %r11, 0x79DC //r11 = 0x4079DC
mtctr %r11 //Call IS_PED_SHOOTING
bctrl //Call IS_PED_SHOOTING (r3 now contains true or false if we are shooting)
cmpwi %r3, 0 //See if it returns false
beq :[END] //If it did return false, meaning we are not shooting, jump to end of function
lis %r11, 0x1C7 //r11 = 0x1C70000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
lwz %r3, 0(%r11) //r3 = readint32(0x1C7DDE4) so r3 = target
lis %r11, 0x3A //r11 = 0x3A0000
ori %r11, %r11, 0xD408 //r11 = 0x3AD408 (IS_ENTITY_A_PED)
mtctr %r11 //Call IS_ENTITY_A_PED
bctrl //Call IS_ENTITY_A_PED (r3 contains true/false if target is ped)
cmpwi %r3, 0 //see if entity is ped
beq :[VehCheck] //if its not a ped, jump to check if its a vehicle
lis %r11, 0x1C7 //r11 = 0x1C70000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
lwz %r3, 0(%r11) //r3 = readint32(0x1C7DDE4) so r3 = target
li %r4, 0 //r4 = 0
lis %r11, 0x40 // r11 = 0x400000
ori %r11, %r11, 0x56A8 //r11 = 0x4056A8(IS_PED_IN_ANY_VEHICLE)
mtctr %r11 //Call IS_PED_IN_ANY_VEHICLE
bctrl //Call IS_PED_IN_ANY_VEHICLE returns true/false
cmpwi %r3, 0 //See if it returns false
beq :[END] //If ped isn't in vehicle, go to end of function
lis %r11, 0x1C7 //r11 = 0x1C70000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
lwz %r3, 0(%r11) //r3 = readint32(0x1C7DDE4) so r3 = target
li %r4, 0 //r4 = 0
lis %r11, 0x40 //r11 = 0x400000
ori %r11, %r11, 0x8DA8 //r11 = 0x408DA8 (GET_VEHICLE_PED_IS_IN)
mtctr %r11 //Call GET_VEHICLE_PED_IS_IN
bctrl //Call GET_VEHICLE_PED_IS_IN r3 = vehicle ID
lis %r11, 0x1C7 //r11 = 0x1C0000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
stw %r3, 0(%r11) //write new target (vehicle) to target address
lis %r11, 0x1C7 [VehCheck] //r11 = 0x1C70000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
lwz %r3, 0(%r11) //r3 = readint32(0x1C7DDE4) so r3 = target
lis %r11, 0x3A //r11 = 0x3A0000
ori %r11, %r11, 0xD4E4 //r11 = 0x3AD4E4
mtctr %r11 //Call IS_ENTITY_A_VEHICLE
bctrl //Call IS_ENTITY_A_VEHICLE returns true/false into r3
cmpwi %r3, 0 //See if entity isn't vehiclebeq :[END] //Jump to end if its not a vehicle
lis %r11, 0x1C7 //r11 = 0x1C0000
addic %r11, %r11, 0x6DE4 //r11 = 0x1C76DE4
addic %r11, %r11, 0x7000 //r11 = 0x1C7DDE4 target address
lwz %r3, 0(%r11) //r3 = readint32(0x1C7DDE4) so r3 = target
lfs %f1, 4(%r11) //f1 (float register) = readFloat(0x1C7DDE4 + 4) so f1 = 100f
lis %r11, 0x45 //r11 = 0x450000
ori %r11, %r11, 0x1600 //r11 = 0x451600 (SET_VEHICLE_FORWARD_SPEED)
mtctr %r11 //Call SET_VEHICLE_FORWARD_SPEED
bctrl //Call SET_VEHICLE_FORWARD_SPEED
lis %r4, 0x1CE :[END] //r4 = 0x1CE0000 We broke PLAYER_PED_ID, so the following lines fix it
addic %r4, %r4, 0x4CF8 //r4 = 0x1CE4CF8
addic %r4, %r4, 0x4000 //r4 = 0x1CE8CF8
li %r3, 0 //r3 = 0
lwz %r4, 0x7000(%r4) //r4 = read4bytes(0x1CE8CF8 + 0x7000)
lwz %r4, 0x04(%r4) //r4 = read4bytes(r4 + 4)ld %r0, 0x80(%r1) //end function
mtlr %r0 //end function
addi %r1, %r1, 0x70 //end function
blr //end function return
Machine Code
Hook (0x424224) - 3D 60 01 BF 61 6B A7 E0 7D 69 03 A6 4E 80 04 21
Custom Function (0x1BFA7E0) - F8 21 FF 91 7C 08 02 A6 F8 01 00 80 3D 60 00 42 61 6B 41 D4 7D 69 03 A6 4E 80 04 21 3C 80 01 C7 30 84 6D E4 30 84 70 00 3D 60 00 42 61 6B 39 74 7D 69 03 A6 4E 80 04 21 2C 03 00 00 41 82 01 10 3D 60 00 42 61 6B 41 D4 7D 69 03 A6 4E 80 04 21 3D 60 00 42 61 6B 19 C8 7D 69 03 A6 4E 80 04 21 3D 60 00 40 61 6B 79 DC 7D 69 03 A6 4E 80 04 21 2C 03 00 00 41 82 00 D8 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 80 6B 00 00 3D 60 00 3A 61 6B D4 08 7D 69 03 A6 4E 80 04 21 2C 03 00 00 41 82 00 64 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 80 6B 00 00 38 80 00 00 3D 60 00 40 61 6B 56 A8 7D 69 03 A6 4E 80 04 21 2C 03 00 00 41 82 00 84 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 80 6B 00 00 38 80 00 00 3D 60 00 40 61 6B 8D A8 7D 69 03 A6 4E 80 04 21 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 90 6B 00 00 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 80 6B 00 00 3D 60 00 3A 61 6B D4 E4 7D 69 03 A6 4E 80 04 21 2C 03 00 00 41 82 00 28 3D 60 01 C7 31 6B 6D E4 31 6B 70 00 80 6B 00 00 C0 2B 00 04 3D 60 00 45 61 6B 16 00 7D 69 03 A6 4E 80 04 21 3C 80 01 CE 30 84 4C F8 30 84 40 00 38 60 00 00 80 84 70 00 80 84 00 04 E8 01 00 80 7C 08 03 A6 38 21 00 70 4E 80 00 20
Credits to NGU for the Thread
Last edited:
