Notifications
Clear all

POWER PC OPCODES

Page 1 / 4

KranK
Posts: 336
Topic starter
(@KranK)
Reputable Member
Joined: 10 years ago

Here is the opcodes i have for power pc lang ^-^

Hope u find them usefull

[HIDE][/HIDE][HIDE]

  • li = 0x38
  • lis = 0x3C
  • addic = 0x30
  • stb = 0x98
  • stw = 0x90
  • std = 0xF8
  • lbz = 0x88
  • lwz = 0x80
  • ld = 0xE8
  • cmpwi = 0x2C
  • b = 0x48 or 0x4B
  • bl = 0x48 or 0x4B
  • beq = 0x41, 0x82
  • bne = 0x40, 0x82
  • blt = 0x41, 0x80
  • bgt = 0x41, 0x81
  • mtctr = 0x7C, 0x69, 0x03, 0xA6
  • bctrl = 0x4E, 0x80, 0x04, 0x21

[/HIDE]
ENJOY 🙂

Reply
Name of the Video Game, and any other Tags
15 Replies
Posts: 152
(@y8rz3l56ye2n8q)
Estimable Member
Joined: 10 years ago

That's so vague, and I couldn't imagine anybody knowing what to do with them, and those who do can usually find the op codes on their own, just hop into ProDG or IDA, even vdappc.exe will give you things fine enough even though it may have some differently named mnemonics even though the operations are the same. These go by bits, not full bytes, so depending on which register you use something like stb could be 98, 99, 9A, or 9B.

li = 001110 "5 bits ra" "5 bits rb" "signed 8 bits your value of choice", rb + your number = ra. It's only "li" if rb is all zeroes, otherwise it's "addi"
lis = 001111 "5 bits ra" "5 bits rb" "signed 8 bits your value of choice", rb + your number = ra. It's only "lis" if rb is all zeroes, otherwise it's "addis"
addic = 001100 "5 bits ra" "5 bits rb" "signed 8 bits your value of choice", rb + your number = ra

stb = 100110 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 1 byte ra will be stored at address "destinationregister + offset", use 100010 to load
sth = 101100 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 2 bytes ra will be stored at address "destinationregister + offset", use 101000 to load
stw = 100100 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 4 bytes ra will be stored at address "destinationregister + offset", use 100000 to load
std = 111110 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 8 bytes ra will be stored at address "destinationregister + offset", use 111010 to load
stfs = 110100 "5 bits fa" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 4 byte single precision float will be stored at address "destinationregister + offset", use 110000 to load
stfd = 110110 "5 bits fa" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 8 byte double precision float will be stored at address "destinationregister + offset", use 110010 to load
Not even bothering with vectors, never need them.

cmpwi = 001011 "3 bits cr" "2 bits I don't remember the significance of and I always leave as 00" "5 bits registerbeingcompared" "signed 8 bits valueofyourchoicetocompareregisterto"
cmpwli = 001010 "3 bits cr" "2 bits I don't remember the significance of and I always leave as 00" "5 bits registerbeingcompared" "unsigned 8 bits valueofyourchoicetocompareregisterto"

unconditional branches = 001010 "signed 24 bits offsetofyourchoice" "1 bit branchabsolute" "1 bit store currentaddress + 0x4 in linkingregister". Branch absolute will basically let you choose anywhere to go from address ranges FFFFFFFFFE000000 to 0000000002000000, I use it all the time out of laziness even though it doesn't make porting codes from game to game easier for people that don't know a thing about the operation.

conditional branches (beq/bne/bgt/ble/blt/bge) = 010000 "1 bit unknown I leave as 0" "1 bit equal/not equal" "3 bits unknown I leave as 000" "3 bits comparisonregister" "2 bits to determine what kind of comparison to do" "signed 8 bits to add to current address to branch to". For the 2 bits, 00 = blt, 01 = bgt, 10 = beq, 11 = ?? never seen it used before.

conditional branch to linkingregister (beqlr, bnelr, bgtlr, blelr, bltlr, bgelr) = 010011 "1 bit unknown I leave as 0" "1 bit equal/not equal" "3 bits unknown I leave as 000" "3 bits comparisonregister" "2 bits to determine what kind of comparison to do" 00000010. You could change it to 01000011 to branch to ctr instead or lr, or anything depending on which special purpose register you want to use to branch to.

mtctr = 0x7C6903A6
mtlr = 0x7C0803A6
mflr = 0x7C0802A6
bctrl = 0x4E800421, I've also seen 4E9E0421 used a lot in Escape From Dead Island using that bit I never bothered learning about, there's more technical junk to it I'm sure.

They are useless gibberish if you don't know what to do with them though. Just use ProDG or IDA to get a description of opcodes, or vdappc to output whatever you give it. You can kind of learn things by looking at them. A lot of codes involve somebody just removing a line by using 60000000 to either delete a store operation or branch, or force a branch to unconditionally always occur, or modifying a supplied or loaded value.

Reply
Posts: 0
(@xelahot)
New Member
Joined: 9 years ago

well i find these usefull to update a function address when I cant find static ppc code close to it

Reply
Smoky75
Posts: 44
(@Smoky75)
Eminent Member
Joined: 10 years ago

I already knew them by heart

Reply
KranK
Posts: 336
Topic starter
(@KranK)
Reputable Member
Joined: 10 years ago

That's so vague, and I couldn't imagine anybody knowing what to do with them, and those who do can usually find the op codes on their own, just hop into ProDG or IDA, even vdappc.exe will give you things fine enough even though it may have some differently named mnemonics even though the operations are the same. These go by bits, not full bytes, so depending on which register you use something like stb could be 98, 99, 9A, or 9B.

li = 001110 "5 bits ra" "5 bits rb" "signed 8 bits your value of choice", rb + your number = ra. It's only "li" if rb is all zeroes, otherwise it's "addi"
lis = 001111 "5 bits ra" "5 bits rb" "signed 8 bits your value of choice", rb + your number = ra. It's only "lis" if rb is all zeroes, otherwise it's "addis"
addic = 001100 "5 bits ra" "5 bits rb" "signed 8 bits your value of choice", rb + your number = ra

stb = 100110 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 1 byte ra will be stored at address "destinationregister + offset", use 100010 to load
sth = 101100 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 2 bytes ra will be stored at address "destinationregister + offset", use 101000 to load
stw = 100100 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 4 bytes ra will be stored at address "destinationregister + offset", use 100000 to load
std = 111110 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 8 bytes ra will be stored at address "destinationregister + offset", use 111010 to load
stfs = 110100 "5 bits fa" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 4 byte single precision float will be stored at address "destinationregister + offset", use 110000 to load
stfd = 110110 "5 bits fa" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 8 byte double precision float will be stored at address "destinationregister + offset", use 110010 to load
Not even bothering with vectors, never need them.

cmpwi = 001011 "3 bits cr" "2 bits I don't remember the significance of and I always leave as 00" "5 bits registerbeingcompared" "signed 8 bits valueofyourchoicetocompareregisterto"
cmpwli = 001010 "3 bits cr" "2 bits I don't remember the significance of and I always leave as 00" "5 bits registerbeingcompared" "unsigned 8 bits valueofyourchoicetocompareregisterto"

unconditional branches = 001010 "signed 24 bits offsetofyourchoice" "1 bit branchabsolute" "1 bit store currentaddress + 0x4 in linkingregister". Branch absolute will basically let you choose anywhere to go from address ranges FFFFFFFFFE000000 to 0000000002000000, I use it all the time out of laziness even though it doesn't make porting codes from game to game easier for people that don't know a thing about the operation.

conditional branches (beq/bne/bgt/ble/blt/bge) = 010000 "1 bit unknown I leave as 0" "1 bit equal/not equal" "3 bits unknown I leave as 000" "3 bits comparisonregister" "2 bits to determine what kind of comparison to do" "signed 8 bits to add to current address to branch to". For the 2 bits, 00 = blt, 01 = bgt, 10 = beq, 11 = ?? never seen it used before.

conditional branch to linkingregister (beqlr, bnelr, bgtlr, blelr, bltlr, bgelr) = 010011 "1 bit unknown I leave as 0" "1 bit equal/not equal" "3 bits unknown I leave as 000" "3 bits comparisonregister" "2 bits to determine what kind of comparison to do" 00000010. You could change it to 01000011 to branch to ctr instead or lr, or anything depending on which special purpose register you want to use to branch to.

mtctr = 0x7C6903A6
mtlr = 0x7C0803A6
mflr = 0x7C0802A6
bctrl = 0x4E800421, I've also seen 4E9E0421 used a lot in Escape From Dead Island using that bit I never bothered learning about, there's more technical junk to it I'm sure.

They are useless gibberish if you don't know what to do with them though. Just use ProDG or IDA to get a description of opcodes, or vdappc to output whatever you give it. You can kind of learn things by looking at them. A lot of codes involve somebody just removing a line by using 60000000 to either delete a store operation or branch, or force a branch to unconditionally always occur, or modifying a supplied or loaded value.

Very informative

But you missunderstud the point of this post

Reply
Page 1 / 4