Quantcast

Jump to content

» «
Photo

Documenting GTA-SA memory addresses

1,395 replies to this topic
dkluin
  • dkluin

    GTA:Underground Developer

  • Members
  • Joined: 11 Jun 2013
  • Netherlands
  • Best Conversion 2016 [GTA: Underground]

#1381

Posted 11 September 2015 - 06:31 AM

@michilin:

 

Some of the memory addresses for colors are documented on gtamodding.com.


iFarbod
  • iFarbod

    🍂

  • Members
  • Joined: 17 Dec 2013
  • Unknown

#1382

Posted 08 October 2015 - 05:32 PM Edited by iFarbod, 08 October 2015 - 05:37 PM.

/*
 * ========== All stuff about CPedStats ==========
 * may not be all, but enough to suffice
 */


// Starts from 0 or 1???
// TODO: Confirm that it starts from 0

// Exported from IDA
enum ePedStats
{
  STAT_PLAYER = 0, // starts from 0 or 1???
  STAT_COP,
  STAT_MEDIC,
  STAT_FIREMAN,
  STAT_GANG1,
  STAT_GANG2,
  STAT_GANG3,
  STAT_GANG4,
  STAT_GANG5,
  STAT_GANG6,
  STAT_GANG7,
  STAT_GANG8,
  STAT_GANG9,
  STAT_GANG10,
  STAT_STREET_GUY,
  STAT_SUIT_GUY,
  STAT_SENSIBLE_GUY,
  STAT_GEEK_GUY,
  STAT_OLD_GUY,
  STAT_TOUGH_GUY,
  STAT_STREET_GIRL,
  STAT_SUIT_GIRL,
  STAT_SENSIBLE_GIRL,
  STAT_GEEK_GIRL,
  STAT_OLD_GIRL,
  STAT_TOUGH_GIRL,
  STAT_TRAMP_MALE,
  STAT_TRAMP_FEMALE,
  STAT_TOURIST,
  STAT_PROSTITUTE,
  STAT_CRIMINAL,
  STAT_BUSKER,
  STAT_TAXIDRIVER,
  STAT_PSYCHO,
  STAT_STEWARD,
  STAT_SPORTSFAN,
  STAT_SHOPPER,
  STAT_OLDSHOPPER,
  STAT_BEACH_GUY,
  STAT_BEACH_GIRL,
  STAT_SKATER,
  STAT_STD_MISSION,
  STAT_COWARD,
};

// CPed + 0x59C = Ped stats pointer (this interface)
// for info about each field, please refer to "<Your GTA:SA Dir>\DATA\PEDSTATS.DAT"
class CPedStats
{
public:
    int m_Index;                                // + 0x0 [CONFIRMED]
    char m_PedStatTypeName[18];                 // + 0x4 [CONFIRMED] (Max: 18 chars? or it's a 'char *'? anyway it's confirmed to be STRING!)
    // ---Pad here+++
    float m_fFleeDistance;                      // + 0x1C [CONFIRMED]
    float m_fHeadingChangeRate;                 // + 0x20 [CONFIRMED]
    unsigned char m_ucFear;                     // + 0x24 [CONFIRMED]
    unsigned char m_ucTemper;                   // + 0x25 [CONFIRMED]
    unsigned char m_ucLawfullness;              // + 0x26 [CONFIRMED]
    unsigned char m_ucSexiness;                 // + 0x27 [CONFIRMED]
    float m_fAttackStrength;                    // + 0x28 [CONFIRMED]
    float m_fDefendWeakness;                    // + 0x2C [CONFIRMED]
    unsigned short m_usShootingRate;            // + 0x30 [CONFIRMED]
    unsigned char m_ucDefaultDecisionMaker;     // + 0x32 [CONFIRMED]
    unsigned char m_ucUnknown;                  // + 0x33 [CONFIRMED]
}; // SIZE: 0x34 [CONFIRMED]

/*
 * Some Functions which might be useful
 */
// .text:005DEBC0 ; char *__thiscall CPed::SetPedStats(CPed *this, ePedStats statsType)
// .text:005BB890 ; CPedStats::LoadPedStats(void)
// .text:005BF9D0 ; CPedStats::Initialise(void)
// .data:00C0BBEC ; CPedStats *CPedStats::ms_apPedStats
 

CHeli + 0x9B9 = SWATs remaining to drop

Gets inited to 4 (each police heli can drop maximum of 4 SWAT officers)

Gets decremented each time a SWAT Ped on rope rappels down

//.

  • dkluin likes this

AuahDark
  • AuahDark

    Walking in the shadow of darkness

  • New Members
  • Joined: 20 Dec 2015
  • Indonesia

#1383

Posted 20 December 2015 - 12:54 PM Edited by AuahDark, 02 January 2016 - 12:23 PM.

Using GTASA US 1.0 14.383.616 bytes

 

[ [ [ [gta_sa.exe+0x7606C8]+0x6006C]+0x20]+0x8] = Points to null-terminated string of the current playing song in the User Track Player

[ [ [ [gta_sa.exe+0x7606C8]+0x60070]+0x20]+0x8] = Points to null-terminated string of the next song in the User Track Player (by pressing F5 for exampe).

 

EDIT: I just retest the address again and it doesn't work, so replacing +0x20 by +0x4 fixes it

 

I think there's no way to change which songs are played next

 

EDIT2: Finally, I found this function

0x69F1E0 = PrintLowPriorityMessage(const char* text, int time_in_ms, int unknown1 = 1, int unknown2 = 1);

It shows text near the bottom of the screen.

 

To be exact, it does same exactly like opcode 00BB but the first argument is the text that want to be displayed instead of GXT entry. Example:

PrintLowPriorityMessage("~p~Purple Text~s~",1000)

will display "Purple Text"(with purple color) for a 1 second.


MarjinaL -TR
  • MarjinaL -TR

    Crackhead

  • Members
  • Joined: 16 Dec 2012
  • Turkey

#1384

Posted 29 January 2016 - 03:40 AM Edited by MarjinaL -TR, 29 January 2016 - 04:35 AM.

You decompile from PS2? There are maybe different characteristics .

###

I found the GXT;

MISSON PAGE? CUTSCENE PAGE? LOCATION PAGE?:
Spoiler


First person camera?:
Spoiler


LA?:
Spoiler


ONLINE?:
Spoiler


DEBUG MENU?:
Spoiler


See others...
Spoiler


who knowed? or i win facepalm? :)

MichaelOne
  • MichaelOne

    Grove 4 Life

  • Members
  • Joined: 21 Jul 2009
  • Russia

#1385

Posted 31 January 2016 - 09:46 AM

You decompile from PS2? There are maybe different characteristics .

###

I found the GXT;

MISSON PAGE? CUTSCENE PAGE? LOCATION PAGE?:

Spoiler


First person camera?:
Spoiler


LA?:
Spoiler


ONLINE?:
Spoiler


DEBUG MENU?:
Spoiler


See others...
Spoiler


who knowed? or i win facepalm? :)

You won the facepalm. Most of the 'debug', 'LA', 'multiplayer', 'mission/cutscene/location page' are debug and unimplemented multiplayer leftovers discovered a while ago.  :/


MarjinaL -TR
  • MarjinaL -TR

    Crackhead

  • Members
  • Joined: 16 Dec 2012
  • Turkey

#1386

Posted 31 January 2016 - 04:21 PM Edited by MarjinaL -TR, 31 January 2016 - 04:24 PM.

You decompile from PS2? There are maybe different characteristics .

###

I found the GXT;

MISSON PAGE? CUTSCENE PAGE? LOCATION PAGE?:

Spoiler


First person camera?:
Spoiler


LA?:
Spoiler


ONLINE?:
Spoiler


DEBUG MENU?:
Spoiler


See others...
Spoiler


who knowed? or i win facepalm? :)

You won the facepalm. Most of the 'debug', 'LA', 'multiplayer', 'mission/cutscene/location page' are debug and unimplemented multiplayer leftovers discovered a while ago.  :/

Wow photo.jpg

I found a new mystery, PS2's cutscene sounds more bigger than PC. (other PS2 sounds x2 small from PC.)

Sorry for bad lang. :/

Jack
  • Jack

    Firearms & Adrenaline

  • Feroci
  • Joined: 06 Dec 2011
  • Serbia

#1387

Posted 01 February 2016 - 09:46 AM

Spoiler

HeresOtis
  • HeresOtis

    SA C++ Whiz

  • Feroci
  • Joined: 29 Apr 2011
  • United-States

#1388

Posted 03 February 2016 - 06:43 AM

 

Spoiler

 

Is all that part of CWanted? You should export as a header and put in format: https://github.com/D..._sa/C2dEffect.h


Jack
  • Jack

    Firearms & Adrenaline

  • Feroci
  • Joined: 06 Dec 2011
  • Serbia

#1389

Posted 03 February 2016 - 10:07 PM

Is all that part of CWanted?

Most of it but not all. Thsese addresses are all mixed up atm, which I located at the diferent times for a diferent purposes and I used most of them for my latest mods. I located some of them by comparing with the other III era databases (VC%III)... 

This ain't a big finding but I thought maybe it could be usefull to advanced members with ASM experience for further analysis.


iFarbod
  • iFarbod

    🍂

  • Members
  • Joined: 17 Dec 2013
  • Unknown

#1390

Posted 21 February 2016 - 12:58 PM

 

Spoiler

 

Most of the tank stuff is in CAutomobile, and it derives from CVehicle.


DK22Pac
  • DK22Pac

  • Feroci
  • Joined: 12 Apr 2009
  • Ukraine
  • Best WIP Mod 2014 [Grand Theft Auto 3D Contribution]
    Contribution Award [Mods]

#1391

Posted 05 June 2016 - 04:32 PM Edited by DK22Pac, 05 June 2016 - 04:33 PM.

0x4F1AE0 bool CAEStreamingChannel::AddFX()
0x4F1C20 void CAEStreamingChannel::RemoveFX()
0x4D7A10 bool CAEAudioChannel::Lost()
0x4D7AA0 bool CAEAudioChannel::SetReverbAndDepth(unsigned char environment, int depth)
0x4D7B50 void CAEAudioChannel::UpdateEnvironmentWithSoundType(unsigned char type) // 0 = frontend, 1 - world
fun
  • sharpie_eastern, ThirteenAG, Silent and 11 others like this

MKKJ
  • MKKJ

    Honest Steaks

  • Members
  • Joined: 04 Jun 2015
  • Indonesia

#1392

Posted 09 June 2016 - 07:11 PM Edited by MKKJ, 10 June 2016 - 07:31 PM.

0xB7CDC8 - Bulletspread and crosshair expansion (float)

 

As in how crosshair gets bigger for every bullet shot and how far bullet spreads from center crosshair. 0.0 is default value (accurate shot)


MaTeeeS
  • MaTeeeS

    MOD Tester

  • Members
  • Joined: 03 May 2016
  • Czech-Republic

#1393

Posted 18 June 2016 - 04:25 PM Edited by MaTeeeS, 24 June 2016 - 10:55 AM.

0x4F1AE0 bool CAEStreamingChannel::AddFX()
0x4F1C20 void CAEStreamingChannel::RemoveFX()
0x4D7A10 bool CAEAudioChannel::Lost()
0x4D7AA0 bool CAEAudioChannel::SetReverbAndDepth(unsigned char environment, int depth)
0x4D7B50 void CAEAudioChannel::UpdateEnvironmentWithSoundType(unsigned char type) // 0 = frontend, 1 - world
fun

 

 

How to install this?


chris car
  • chris car

    Player Hater

  • New Members
  • Joined: 18 Jul 2016
  • United-States

#1394

Posted 18 July 2016 - 06:06 PM

0x464080 - GetOpcodeParameters()
0xA43C78 - Where the routine above stores opcode parameters values. Max 16 paramters for an opcode it seems.
0x53BC80 - LoadGame(char* fileName), initializes all data structures and loads fileName (which is gta.dat).
0x5B9030 - LoadMapDefinitionFile(char* fileName), parses and loads dat-files, such as default.dat and gta.dat.
0x550F10 - AllocatePools(), allocates stuff which LimitAdjuster modifies, such as Peds and Buildings.
0x82119A - malloc(size_t size)
0x438480 - Looks like cheat processor


null0245
  • null0245

    java.lang.NullPointerException

  • Members
  • Joined: 25 Dec 2013
  • None

#1395

Posted 29 August 2016 - 07:29 AM

Hello. Are there memory addresses of the executable that can be referenced where the logic of the prostitute solicitation starts? For instance, can the prostitute solicitation be prolonged or shortened?


gtauser1234
  • gtauser1234

    Player Hater

  • New Members
  • Joined: 5 days ago
  • None

#1396

Posted 5 days ago

 

thegambler
wait a second... there's no gambler cheat on PC, and no corresponding hash for CCheat::TheGambler on mobile.
UPD: lol, latest mobile version really contains this code


I tried to go to the _ZN6CCheat15m_aCheatStringsE symbol @libGTASA when you mentioned it, but it's not there, maybe it's from a specific version of the binary?

android lib v1.08 contains this array


so, finally, there's cheat definition i've used (updated corresponding to new cheat strings)
Spoiler

 

Where are the CCheat things on android? I can't find them.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users