Embed Size (px)
Citation preview
#1
PPC - Basics Tutorial
May 25, 2013
You have to know C/C++ to understand most of this. You also will need a good understanding of how memory works, thisincludes the stack and heap; a good understanding of pointers will help a ton too.
If you want to learn C/C++ here are some good tutorials, that I learned from.
http://www.xboxmb.com/forum/52-programming/95554-programming-tutorials.html
http://www.youtube.com/view_play_list?p=FE6E58F856038C69
http://www.cplusplus.com/doc/tutorial/
BasicsPowerPC is a assembly language, so each line or instruction is a opertation that the processor performs. So unlike high levellanguages that are compiled into an assembly language. PPC will only run on a processor that uses PowerPc (Linux,Xbox360, Ps3). UnlessPs3u have a computer with linux you will have to have a jtag or a XDK. Even if you don't have ethieryou can still read code in Xbox executables (xex's), with a dissasembler. PowerPC or Performance Optimization WithEnhanced RISC – Performance Computing, was created by Apple, IBM and Motorola it supports both endians but it's mostcommon in 32-bit mode. That is one of the downfalls that has caused PPC to be phased out by x84. It's also used foralmost every gaming console out at this time (Xbox, Ps3, Wii, Wiiu). This tutorial will focus on the 32 bit version seeing thisis for Xbox 360 development and reverse engineering.
Home Forums PC & Mobile Programming & Scripting Source Code & Tutorial Database
ConstÜbermensch
Forums
Search Forums Recent Posts
Log in or Sign up
PPC - Basics Tutorial | Se7enSins Gaming Community 04/11/2014
http://www.se7ensins.com/forums/threads/ppc-basics-tutorial.927634/ 1 / 8
RegistersThere are 32 GPR (General Purpose Registers), r0-r31 this is what you will be mainly using. r1 is used as a stack pointer, r2table of contents pointer, r3 is used as the return value of a function and also the first argument, r4-r10 are used asarguments 2-8 and the rest are mostly used for anything else. They are similar to variables but are stored on the processor.This means you can access these values fast. Registers are also not addressable meaning you can't have anything pointingto them. Each register is 64 bits (8 bytes but on the xbox we can only use the lower 32 bits), so you can store most datatypes in one register. They also can be used to hold any sort of data type, they can store ints, chars, pointers, uints, etc. Toperform an operation on a value, we have to use a register to hold the value first. So if we wanted to add two immediatevalues, we would first have to put one into a register or both. Ther are also FPR (Floating Point Registers) f0-f31 they aresimilar to the GPR but contain floats, f1-f8 are used as params or the return of a function. The rest are used for anything.
InstructionsA ll PPC instrutions are 32 bits (4 bytes) in size. I'm not really going to go indepth into how to deterimine instructions bythere bits, because I honestly don't know how that works. I believe the first 4 bits determine the instruction but after that Idon't know I belive IBM has info on there website about it. I'm just going to list some common instructions an label how touse them and what they do. CTRL+F is gonna come in handy when this is done.
Basic Math Instructions
Li - Load Immediateli gpr1, SI16Example:li r3, 20This example just sets r3 to 20, SI16 = (Signed int 16).
Lis - Load Immediate Shiftedlis gpr1, SI16Example:lis r3, 20In this example r3 is set to 20 then shifted left by 41.
Add - Addadd gpr1, gpr2, gpr3Example:add r3, r4, r10In this r4 is added with r10 and the sum is stored in r3.
Addi - Add Immediateaddi gpr1, gpr2, SI16Example:addi r3, r4, 20In this r4 is added with SI16 and then the sum is stored in r3.
Addis - Add Immediate Shiftedaddis gpr1, gpr2, SI16Example:addis gpr3, gpr3, 4In this r3 is added with 4 then the sum is stored in r3, then r3 is shifted by 32 minus 4 bits left.
Subf - Subtract Fromsubf gpr1, gpr2, gpr3Example:subf, r3, r4, r5This is subtracting r4 from r5 then storing the difference in r3.
Mul - Multiplymul gpr1, gpr2, gpr3Example:mul r3, r4, r6This will multiply r4 with r6 and store the product in r3.
PPC - Basics Tutorial | Se7enSins Gaming Community 04/11/2014
http://www.se7ensins.com/forums/threads/ppc-basics-tutorial.927634/ 2 / 8
Mullw - Multiply Low Wordmullw gpr1, gpr2, gpr3Example:mullw r3, r5, r10In this will multiply r5 with r10 and place the product in the lowwer 32 bits of r3.
Mullh - Multiply High Wordmullh gpr1, gpr2, gpr3Example:mullh r5, r6, r31This will multiply r6 with r31 and place the product in the higher 32 bits of r5.
Mulli - Multiply Low Immidiatemulli gpr1, gpr2, SI16Example:mulli r4, r5, 0x20This will multiply r5 with 0x20 and place the product in the lowwer 32 bits.
Div - Dividedivw gpr1, gpr2, gpr3Example:divw r4, r23, r7This will multiply r23 with r7 and put the quotient in r4.
Condition and Compare Instructions
First I need to give you a bit of info on how condition/logical instructions work. Like GPRs and FPRs there are alsoCondition registers cr0-cr7, cr1 is for floating point registers. So untill you understand how floats work in ppc I suggestusing cr0 and cr1-cr7. Each cr is 4 bits in size and each one is a different flag.FlagsBit 0 - LT (Less Than)Bit 1 - GT (Greater Than)Bit 2 - EQ (Equal)Bit 3 - Summary Overview (Copy of XER I believe)
First we are going to look at cmp, I would just show code examples but this is more complex then most. cmp takes 3 'args'you can either specify what cr to use or if we leave it blank it will use cr0.
Cmp - Comparecmp cr1, 0(Set this for 32 bit architechture), grp1, gpr2Example:cmp cr2, 0, r4, r6In this example cr2 will contain a bit flag depending on if r4 is greater than, less than or equal.
Cmpi - Compare Immediatecmpi cr1, 0(Same as above), grp1, SI16Example:cmpi cr2, 0, r5, 20This will compare r5 to 20, and place the bit flag in cr2.
Cmpwi - Compare Word Immediatecmpwi cr1, gpr1, SI16Example:Cmpwi cr4, r6, 300This compares r6 to 300, then places the bit flag in cr4.
Bit Wise Operations
I will be adding some of the more complex ones later like rlwinm.
Or - ORor gpr1, gpr2, gpr3
PPC - Basics Tutorial | Se7enSins Gaming Community 04/11/2014
http://www.se7ensins.com/forums/threads/ppc-basics-tutorial.927634/ 3 / 8
Example:or r3, r5, r6This will OR2 r5 and r6 then place the results in r3.
Ori - OR Immediateori gpr1, gpr2, SI16Example:ori r5, r28, 4This will OR2 r28 with 4 and then store the results in r5.
Oris - OR Immediate Shiftedoris gpr1, gpr2, SI16Example:oris r26, r14, 16This will OR2 the upper 16 bits of r14 with 16 and place the results in r26.
Mr - Move (to) Registermr gpr1, gpr2Example:mr r4, r30This will place r30 in r4.
And - ANDand gpr1, gpr2, gpr3Example:and r5, r6, r25This will AND r6 with r25 then place the results in r5.
Andi - And Immediateandi gpr1, gpr2, SI16Example:andi r7, r9, 8This will AND r9 with 8 and place the results in r7.
Andis - And Immediate Shiftedandis gpr1, gpr2, SI16Example:andis r5, r18, 1This will AND the upper 16 bits of r18 with 1 and place the results in r5.
Slw - Shift left wordslw gpr1, gpr2, gpr3Example:slw r6, r5, r7Thiw will shift r5 left by 32 minus the lowwer six bits of r7 and place the results in r6.
Srw - Shift right wordsrw gpr1, gpr2, gpr3Example:srw r4, r18, r23This will shift r18 right by 32 minus the lowwer six bits of r23 then place the results in r4.
Branching
Branching will execute code from a different function, or area of code.
B - Branchb addressExample:b Func1This will execute the code at Func1.
PPC - Basics Tutorial | Se7enSins Gaming Community 04/11/2014
http://www.se7ensins.com/forums/threads/ppc-basics-tutorial.927634/ 4 / 8
primetime43, TreyZ1337, Kingkat714 and 8 others like this.
Beq - Branch if equalbeq cr1, addressExample:beq cr4, Some_FunctionThis will execute the code at Some_Function if cr4 contains the bit for equal.
Bne - Branch if not equalbne cr1, addressExample:bne cr0, For_Loop1This will execute the code at For_Loop1 if cr0 contains any bit besides the one for equal.
Blt - Branch if less thanblt cr1, addressExample:blt cr7, Test4This will execute the code at Test4 if cr1 contains the bit for less than.
Bgt - Branch if greater thanbgt cr1, addressExample:bgt cr6, Func2This will execute the code at Func2 if cr6 contains the bit for greater than.
Ble - Branch if less than or equalble cr1, addressExample:ble cr5, Derping9This will execute the code at Derping9 if cr5 contains the bits for less than or the equal bits.
Bge - Branch if greater than or equalbge cr1, addressExample:bge cr3, UnlockAll_Cod4This will execute the code at UnlockAll_Cod4 if cr3 contains the bits for greater than or equal.
What to Expect I will be adding more functions that I feel you need but this should be a good start to get you making some cool mods fordifferent games. I also think I will add info about IDA and how to use it to its full potential. I will also be covering more ofthe syntax of ppc later, if you have any questions feel free to pm me.
Where to learn http://www.ibm.com/developerworks/library/l-ppc/http://publib.boulder.ibm.com/infoc...ic=/com.ibm.aix.aixassem/doc/alangref/abs.htmhttps://www.power.org/wp-content/uploads/2012/07/PowerISA_V2.06B_V2_PUBLIC.pdfhttp://www.xboxmb.com/forum/52-programming/99929-powerpc-beginners-tutorial.html
Last edited: May 26, 2013
PPC - Basics Tutorial | Se7enSins Gaming Community 04/11/2014
http://www.se7ensins.com/forums/threads/ppc-basics-tutorial.927634/ 5 / 8
#2
#3
#4
#5
#6
May 25, 2013
Finally! I've heard so many people say "Learn PPC" and I've never been able to find anything referencing to it.Thanks for this man!
May 25, 2013
looked like a copypasta from Experiment's tutorial at first then I went back and checked, nice job.
May 25, 2013
Z61 said: ↑
I used his as a reference, he seemed to cover more of the syntax of ppc and how to do simple stuff. I think it's harder tolearn what every instruction does, seeing IBM's site can be a bit hard to understand sometimes.
May 26, 2013
Time to stay on computer
May 26, 2013
Const said: ↑
So given your example:
Code:
Da BotchEnthusiast
Z61The Struggle is overwhelmingly real.
ConstÜbermensch
looked like a copypasta from Experiment's tutorial at first then I went back and checked, nice job.
iMaes"We lived in an electric world.."
DwackNow employed at Dominoes!
Lis - Load Immediate Shiftedlis gpr1, SI16Example:lis r3, 20In this example r3 is set to 20 then shifted left by 41.
Addis - Add Immediate Shiftedaddis gpr1, gpr2, SI16
Click to expand...
PPC - Basics Tutorial | Se7enSins Gaming Community 04/11/2014
http://www.se7ensins.com/forums/threads/ppc-basics-tutorial.927634/ 6 / 8
Shadow 7s and Const like this.
#7
lis r3, 0x20// start r3 == 0// set r3 to 0x20(same as li r3, 0x20)// r3 == 0x0000.0000.0000.0020//then r3 is shifted left 4 bits// r3 == 0x0000.0000.0000.0200// That doesn't seem right o.O
Lets try this the right way:
Code:
lis r3, 0x20// start r3 == 0// set r3 to 0x20(same as li r3, 0x20)// r3 == 0x0000.0000.0000.0020//then r3 is shifted left 16 bits// r3 == 0x0000.0000.0020.0000
Hmmm...that one looks much better!
The same thing applies to addis
Code:
li r3, 0x1234addis r4, r3, 2// r4 == 0x0000.0000.0002.1234// 2 << 16 then add to r3
May 26, 2013
rlwinm
Code:
rlwinm r5, r3, 16,20,23 // r5 = register to store result in// r3 = register to use to compute result// 16 = the # of bits to rotate left// 20 = the start bit for the mask// 23 = the end bit for the mask
Lets assume r3 == 0x12345678
so now we rotate:Remember this is a rotate instruction not a shift. So when we do shift we have to catch the bits that fall off
Code:
r3 = (r3 << 16) | (r3 >> (32-16))r3 << 16 gives us 0x56780000r3 >> (32-16) gives us 0x00001234OR them and you get the result of 0x56781234
DwackNow employed at Dominoes!
PPC - Basics Tutorial | Se7enSins Gaming Community 04/11/2014
http://www.se7ensins.com/forums/threads/ppc-basics-tutorial.927634/ 7 / 8
Se7enSins 7.1 Privacy Policy Contact Us Help Top
Terms and RulesForum software by XenForo™ ©2010-2013 XenForo Ltd. - Trading System by XenCentral.com
therifboy, Shadow 7s and XOR like this.
(You must log in or sign up to reply here.)
So now lets generate our mask:this is a 32 bit mask, all bits 0 except mask start through mask end. So our mask would look like this:
Code:
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0which gives us 0x0F00
So we've rotated and generated our mask. Now apply it
Code:
0x56781234 & 0x0F00 == 0x200 r5 = 0x200
PPC - Basics Tutorial | Se7enSins Gaming Community 04/11/2014
http://www.se7ensins.com/forums/threads/ppc-basics-tutorial.927634/ 8 / 8
