Notifications
Clear all

POWER PC OPCODES

Page 3 / 4

Posts: 0
(@kurt2467)
New Member
Joined: 9 years ago

That's so vague, and I couldn't imagine anybody knowing what to do with them, and those who do can usually find the op codes on their own, just hop into ProDG or IDA, even vdappc.exe will give you things fine enough even though it may have some differently named mnemonics even though the operations are the same. These go by bits, not full bytes, so depending on which register you use something like stb could be 98, 99, 9A, or 9B.

li = 001110 "5 bits ra" "5 bits rb" "signed 8 bits your value of choice", rb + your number = ra. It's only "li" if rb is all zeroes, otherwise it's "addi"
lis = 001111 "5 bits ra" "5 bits rb" "signed 8 bits your value of choice", rb + your number = ra. It's only "lis" if rb is all zeroes, otherwise it's "addis"
addic = 001100 "5 bits ra" "5 bits rb" "signed 8 bits your value of choice", rb + your number = ra

stb = 100110 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 1 byte ra will be stored at address "destinationregister + offset", use 100010 to load
sth = 101100 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 2 bytes ra will be stored at address "destinationregister + offset", use 101000 to load
stw = 100100 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 4 bytes ra will be stored at address "destinationregister + offset", use 100000 to load
std = 111110 "5 bits ra" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 8 bytes ra will be stored at address "destinationregister + offset", use 111010 to load
stfs = 110100 "5 bits fa" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 4 byte single precision float will be stored at address "destinationregister + offset", use 110000 to load
stfd = 110110 "5 bits fa" "5 bits destinationregister" "signed 8 bits offsetofyourchoice", 8 byte double precision float will be stored at address "destinationregister + offset", use 110010 to load
Not even bothering with vectors, never need them.

cmpwi = 001011 "3 bits cr" "2 bits I don't remember the significance of and I always leave as 00" "5 bits registerbeingcompared" "signed 8 bits valueofyourchoicetocompareregisterto"
cmpwli = 001010 "3 bits cr" "2 bits I don't remember the significance of and I always leave as 00" "5 bits registerbeingcompared" "unsigned 8 bits valueofyourchoicetocompareregisterto"

unconditional branches = 001010 "signed 24 bits offsetofyourchoice" "1 bit branchabsolute" "1 bit store currentaddress + 0x4 in linkingregister". Branch absolute will basically let you choose anywhere to go from address ranges FFFFFFFFFE000000 to 0000000002000000, I use it all the time out of laziness even though it doesn't make porting codes from game to game easier for people that don't know a thing about the operation.

conditional branches (beq/bne/bgt/ble/blt/bge) = 010000 "1 bit unknown I leave as 0" "1 bit equal/not equal" "3 bits unknown I leave as 000" "3 bits comparisonregister" "2 bits to determine what kind of comparison to do" "signed 8 bits to add to current address to branch to". For the 2 bits, 00 = blt, 01 = bgt, 10 = beq, 11 = ?? never seen it used before.

conditional branch to linkingregister (beqlr, bnelr, bgtlr, blelr, bltlr, bgelr) = 010011 "1 bit unknown I leave as 0" "1 bit equal/not equal" "3 bits unknown I leave as 000" "3 bits comparisonregister" "2 bits to determine what kind of comparison to do" 00000010. You could change it to 01000011 to branch to ctr instead or lr, or anything depending on which special purpose register you want to use to branch to.

mtctr = 0x7C6903A6
mtlr = 0x7C0803A6
mflr = 0x7C0802A6
bctrl = 0x4E800421, I've also seen 4E9E0421 used a lot in Escape From Dead Island using that bit I never bothered learning about, there's more technical junk to it I'm sure.

They are useless gibberish if you don't know what to do with them though. Just use ProDG or IDA to get a description of opcodes, or vdappc to output whatever you give it. You can kind of learn things by looking at them. A lot of codes involve somebody just removing a line by using 60000000 to either delete a store operation or branch, or force a branch to unconditionally always occur, or modifying a supplied or loaded value.

I love you, finally another person who knows PPC <3

Reply
Cyb3r
Posts: 1598
(@cyb3r)
Noble Member
Joined: 10 years ago

I love you, finally another person who knows PPC :h:

Homo alert?

Reply
Posts: 0
(@kurt2467)
New Member
Joined: 9 years ago

Homo alert?

Not at all, i am just saying that i havn't seen anyone that knows even a little about PPC in a while

Reply
Cyb3r
Posts: 1598
(@cyb3r)
Noble Member
Joined: 10 years ago

Not at all, i am just saying that i havn't seen anyone that knows even a little about PPC in a while

I'm joking (hence the funny face) :p

Reply
Posts: 152
(@y8rz3l56ye2n8q)
Estimable Member
Joined: 10 years ago

You kind of already know my stance Cyb3r.

There was a point in time where I had recorded videos of myself doing stuff like simply porting codes for people, finding codes and whatever else. I deleted them, a lot because I hated the sound of my own voice, and right around that time the tools to decrypt npdrm encrypted eboots for game updates was just released so if I uploaded them people would learn how to do stuff and bam, more online cheaters. It's rare I teach anyone anything, but if I do it's over Skype with people I've known for a while that I'd feel it's safe that they wouldn't start blasting out cheats for big name online games and others like Ammar does whose head I've blown up on multiple times over the years.

All you guys need is ProDG for your PS3, highlight any line of code and it will tell you what the operation is and all of the details since Sony wanted that. As long as you know binary you'll figure out the opcodes and registers very quickly, and mess around a little you'll spot the code exceptions.

As for MIPS, not sure where you'd find details because I've never seen a PS2 ProDG leaked anywhere, and the usual place for that would be assemblergames which is the place for any programming on game consoles, those are the people with all of the dev kits and other stuff.
There's PS2Dis which has been around for a decade, but that's just a bunch of mnemonics with the hex values.
Cronotrigga's rewriting his Code Designer for PS2, not sure if there'd be descriptions of operations.
The only specific weird detail I remember about MIPS for the PS2 is that if you are doing a branch that isn't a "branch likely" operation, the line of code after it will always be executed which was weird to me, but I was far dumber back then so I probably misinterpreted something somewhere. I haven't touched it for about 6 years but it was nothing too crazy.

If I didn't need to worry about online cheating, I'd be throwing out tutorials on every single code I find with a ton of pictures and details, I've done it a bit for people over Skype.

Reply
Page 3 / 4