Quantcast

Jump to content

» «
Photo

Documenting GTA-SA memory addresses

1,404 replies to this topic
dkluin
  • dkluin

    GTA:Underground Developer

  • Members
  • Joined: 11 Jun 2013
  • Netherlands
  • Best Conversion 2016 [GTA: Underground]

#1381

Posted 11 September 2015 - 06:31 AM

@michilin:

 

Some of the memory addresses for colors are documented on gtamodding.com.


iFarbod
  • iFarbod

    🍂

  • Members
  • Joined: 17 Dec 2013
  • Unknown

#1382

Posted 08 October 2015 - 05:32 PM Edited by iFarbod, 08 October 2015 - 05:37 PM.

/*
 * ========== All stuff about CPedStats ==========
 * may not be all, but enough to suffice
 */


// Starts from 0 or 1???
// TODO: Confirm that it starts from 0

// Exported from IDA
enum ePedStats
{
  STAT_PLAYER = 0, // starts from 0 or 1???
  STAT_COP,
  STAT_MEDIC,
  STAT_FIREMAN,
  STAT_GANG1,
  STAT_GANG2,
  STAT_GANG3,
  STAT_GANG4,
  STAT_GANG5,
  STAT_GANG6,
  STAT_GANG7,
  STAT_GANG8,
  STAT_GANG9,
  STAT_GANG10,
  STAT_STREET_GUY,
  STAT_SUIT_GUY,
  STAT_SENSIBLE_GUY,
  STAT_GEEK_GUY,
  STAT_OLD_GUY,
  STAT_TOUGH_GUY,
  STAT_STREET_GIRL,
  STAT_SUIT_GIRL,
  STAT_SENSIBLE_GIRL,
  STAT_GEEK_GIRL,
  STAT_OLD_GIRL,
  STAT_TOUGH_GIRL,
  STAT_TRAMP_MALE,
  STAT_TRAMP_FEMALE,
  STAT_TOURIST,
  STAT_PROSTITUTE,
  STAT_CRIMINAL,
  STAT_BUSKER,
  STAT_TAXIDRIVER,
  STAT_PSYCHO,
  STAT_STEWARD,
  STAT_SPORTSFAN,
  STAT_SHOPPER,
  STAT_OLDSHOPPER,
  STAT_BEACH_GUY,
  STAT_BEACH_GIRL,
  STAT_SKATER,
  STAT_STD_MISSION,
  STAT_COWARD,
};

// CPed + 0x59C = Ped stats pointer (this interface)
// for info about each field, please refer to "<Your GTA:SA Dir>\DATA\PEDSTATS.DAT"
class CPedStats
{
public:
    int m_Index;                                // + 0x0 [CONFIRMED]
    char m_PedStatTypeName[18];                 // + 0x4 [CONFIRMED] (Max: 18 chars? or it's a 'char *'? anyway it's confirmed to be STRING!)
    // ---Pad here+++
    float m_fFleeDistance;                      // + 0x1C [CONFIRMED]
    float m_fHeadingChangeRate;                 // + 0x20 [CONFIRMED]
    unsigned char m_ucFear;                     // + 0x24 [CONFIRMED]
    unsigned char m_ucTemper;                   // + 0x25 [CONFIRMED]
    unsigned char m_ucLawfullness;              // + 0x26 [CONFIRMED]
    unsigned char m_ucSexiness;                 // + 0x27 [CONFIRMED]
    float m_fAttackStrength;                    // + 0x28 [CONFIRMED]
    float m_fDefendWeakness;                    // + 0x2C [CONFIRMED]
    unsigned short m_usShootingRate;            // + 0x30 [CONFIRMED]
    unsigned char m_ucDefaultDecisionMaker;     // + 0x32 [CONFIRMED]
    unsigned char m_ucUnknown;                  // + 0x33 [CONFIRMED]
}; // SIZE: 0x34 [CONFIRMED]

/*
 * Some Functions which might be useful
 */
// .text:005DEBC0 ; char *__thiscall CPed::SetPedStats(CPed *this, ePedStats statsType)
// .text:005BB890 ; CPedStats::LoadPedStats(void)
// .text:005BF9D0 ; CPedStats::Initialise(void)
// .data:00C0BBEC ; CPedStats *CPedStats::ms_apPedStats
 

CHeli + 0x9B9 = SWATs remaining to drop

Gets inited to 4 (each police heli can drop maximum of 4 SWAT officers)

Gets decremented each time a SWAT Ped on rope rappels down

//.

  • dkluin likes this

AuahDark
  • AuahDark

    Walking in the shadow of darkness

  • New Members
  • Joined: 20 Dec 2015
  • Indonesia

#1383

Posted 20 December 2015 - 12:54 PM Edited by AuahDark, 02 January 2016 - 12:23 PM.

Using GTASA US 1.0 14.383.616 bytes

 

[ [ [ [gta_sa.exe+0x7606C8]+0x6006C]+0x20]+0x8] = Points to null-terminated string of the current playing song in the User Track Player

[ [ [ [gta_sa.exe+0x7606C8]+0x60070]+0x20]+0x8] = Points to null-terminated string of the next song in the User Track Player (by pressing F5 for exampe).

 

EDIT: I just retest the address again and it doesn't work, so replacing +0x20 by +0x4 fixes it

 

I think there's no way to change which songs are played next

 

EDIT2: Finally, I found this function

0x69F1E0 = PrintLowPriorityMessage(const char* text, int time_in_ms, int unknown1 = 1, int unknown2 = 1);

It shows text near the bottom of the screen.

 

To be exact, it does same exactly like opcode 00BB but the first argument is the text that want to be displayed instead of GXT entry. Example:

PrintLowPriorityMessage("~p~Purple Text~s~",1000)

will display "Purple Text"(with purple color) for a 1 second.


MarjinaL -TR
  • MarjinaL -TR

    Crackhead

  • Members
  • Joined: 16 Dec 2012
  • Turkey

#1384

Posted 29 January 2016 - 03:40 AM Edited by MarjinaL -TR, 29 January 2016 - 04:35 AM.

You decompile from PS2? There are maybe different characteristics .

###

I found the GXT;

MISSON PAGE? CUTSCENE PAGE? LOCATION PAGE?:
Spoiler


First person camera?:
Spoiler


LA?:
Spoiler


ONLINE?:
Spoiler


DEBUG MENU?:
Spoiler


See others...
Spoiler


who knowed? or i win facepalm? :)

MichaelOne
  • MichaelOne

    Grove 4 Life

  • Members
  • Joined: 21 Jul 2009
  • Russia

#1385

Posted 31 January 2016 - 09:46 AM

You decompile from PS2? There are maybe different characteristics .

###

I found the GXT;

MISSON PAGE? CUTSCENE PAGE? LOCATION PAGE?:

Spoiler


First person camera?:
Spoiler


LA?:
Spoiler


ONLINE?:
Spoiler


DEBUG MENU?:
Spoiler


See others...
Spoiler


who knowed? or i win facepalm? :)

You won the facepalm. Most of the 'debug', 'LA', 'multiplayer', 'mission/cutscene/location page' are debug and unimplemented multiplayer leftovers discovered a while ago.  :/


MarjinaL -TR
  • MarjinaL -TR

    Crackhead

  • Members
  • Joined: 16 Dec 2012
  • Turkey

#1386

Posted 31 January 2016 - 04:21 PM Edited by MarjinaL -TR, 31 January 2016 - 04:24 PM.

You decompile from PS2? There are maybe different characteristics .

###

I found the GXT;

MISSON PAGE? CUTSCENE PAGE? LOCATION PAGE?:

Spoiler


First person camera?:
Spoiler


LA?:
Spoiler


ONLINE?:
Spoiler


DEBUG MENU?:
Spoiler


See others...
Spoiler


who knowed? or i win facepalm? :)

You won the facepalm. Most of the 'debug', 'LA', 'multiplayer', 'mission/cutscene/location page' are debug and unimplemented multiplayer leftovers discovered a while ago.  :/

Wow photo.jpg

I found a new mystery, PS2's cutscene sounds more bigger than PC. (other PS2 sounds x2 small from PC.)

Sorry for bad lang. :/

Jack
  • Jack

    Wanted Level Modifications

  • Feroci
  • Joined: 06 Dec 2011
  • Serbia

#1387

Posted 01 February 2016 - 09:46 AM

Spoiler

HeresOtis
  • HeresOtis

    SA C++ Whiz

  • Feroci
  • Joined: 29 Apr 2011
  • United-States

#1388

Posted 03 February 2016 - 06:43 AM

 

Spoiler

 

Is all that part of CWanted? You should export as a header and put in format: https://github.com/D..._sa/C2dEffect.h


Jack
  • Jack

    Wanted Level Modifications

  • Feroci
  • Joined: 06 Dec 2011
  • Serbia

#1389

Posted 03 February 2016 - 10:07 PM

Is all that part of CWanted?

Most of it but not all. Thsese addresses are all mixed up atm, which I located at the diferent times for a diferent purposes and I used most of them for my latest mods. I located some of them by comparing with the other III era databases (VC%III)... 

This ain't a big finding but I thought maybe it could be usefull to advanced members with ASM experience for further analysis.


iFarbod
  • iFarbod

    🍂

  • Members
  • Joined: 17 Dec 2013
  • Unknown

#1390

Posted 21 February 2016 - 12:58 PM

 

Spoiler

 

Most of the tank stuff is in CAutomobile, and it derives from CVehicle.


DK22Pac
  • DK22Pac

  • Feroci
  • Joined: 12 Apr 2009
  • Ukraine
  • Best WIP Mod 2014 [Grand Theft Auto 3D Contribution]
    Contribution Award [Mods]

#1391

Posted 05 June 2016 - 04:32 PM Edited by DK22Pac, 05 June 2016 - 04:33 PM.

0x4F1AE0 bool CAEStreamingChannel::AddFX()
0x4F1C20 void CAEStreamingChannel::RemoveFX()
0x4D7A10 bool CAEAudioChannel::Lost()
0x4D7AA0 bool CAEAudioChannel::SetReverbAndDepth(unsigned char environment, int depth)
0x4D7B50 void CAEAudioChannel::UpdateEnvironmentWithSoundType(unsigned char type) // 0 = frontend, 1 - world
fun
  • sharpie_eastern, ThirteenAG, Silent and 13 others like this

MKKJ
  • MKKJ

    Honest Steaks

  • Members
  • Joined: 04 Jun 2015
  • Indonesia

#1392

Posted 09 June 2016 - 07:11 PM Edited by MKKJ, 10 June 2016 - 07:31 PM.

0xB7CDC8 - Bulletspread and crosshair expansion (float)

 

As in how crosshair gets bigger for every bullet shot and how far bullet spreads from center crosshair. 0.0 is default value (accurate shot)


MaTeeeS
  • MaTeeeS

    MOD Tester

  • Members
  • Joined: 03 May 2016
  • Czech-Republic

#1393

Posted 18 June 2016 - 04:25 PM Edited by MaTeeeS, 24 June 2016 - 10:55 AM.

0x4F1AE0 bool CAEStreamingChannel::AddFX()
0x4F1C20 void CAEStreamingChannel::RemoveFX()
0x4D7A10 bool CAEAudioChannel::Lost()
0x4D7AA0 bool CAEAudioChannel::SetReverbAndDepth(unsigned char environment, int depth)
0x4D7B50 void CAEAudioChannel::UpdateEnvironmentWithSoundType(unsigned char type) // 0 = frontend, 1 - world
fun

 

 

How to install this?


chris car
  • chris car

    Player Hater

  • New Members
  • Joined: 18 Jul 2016
  • United-States

#1394

Posted 18 July 2016 - 06:06 PM

0x464080 - GetOpcodeParameters()
0xA43C78 - Where the routine above stores opcode parameters values. Max 16 paramters for an opcode it seems.
0x53BC80 - LoadGame(char* fileName), initializes all data structures and loads fileName (which is gta.dat).
0x5B9030 - LoadMapDefinitionFile(char* fileName), parses and loads dat-files, such as default.dat and gta.dat.
0x550F10 - AllocatePools(), allocates stuff which LimitAdjuster modifies, such as Peds and Buildings.
0x82119A - malloc(size_t size)
0x438480 - Looks like cheat processor


null0245
  • null0245

    java.lang.NullPointerException

  • Members
  • Joined: 25 Dec 2013
  • None

#1395

Posted 29 August 2016 - 07:29 AM

Hello. Are there memory addresses of the executable that can be referenced where the logic of the prostitute solicitation starts? For instance, can the prostitute solicitation be prolonged or shortened?


gtauser1234
  • gtauser1234

    Player Hater

  • New Members
  • Joined: 14 Feb 2017
  • None

#1396

Posted 14 February 2017 - 11:41 AM

 

thegambler
wait a second... there's no gambler cheat on PC, and no corresponding hash for CCheat::TheGambler on mobile.
UPD: lol, latest mobile version really contains this code


I tried to go to the _ZN6CCheat15m_aCheatStringsE symbol @libGTASA when you mentioned it, but it's not there, maybe it's from a specific version of the binary?

android lib v1.08 contains this array


so, finally, there's cheat definition i've used (updated corresponding to new cheat strings)
Spoiler

 

Where are the CCheat things on android? I can't find them.


dkluin
  • dkluin

    GTA:Underground Developer

  • Members
  • Joined: 11 Jun 2013
  • Netherlands
  • Best Conversion 2016 [GTA: Underground]

#1397

Posted 21 February 2017 - 11:43 AM

The mobile version is shipped with a file which can be opened with IDA Pro, which contains all of the function names I believe. Don't know for sure though.


GamerFreak
  • GamerFreak

    Player Hater

  • New Members
  • Joined: 27 Feb 2017
  • None

#1398

Posted 27 February 2017 - 09:14 PM

Does someone of u guys know the memory address to get the chat color in SAMP- sent by the server?


grasmanek94
  • grasmanek94

    Player Hater

  • Members
  • Joined: 17 Dec 2008

#1399

Posted 28 February 2017 - 09:59 AM Edited by grasmanek94, 28 February 2017 - 09:59 AM.

Does anyone know a function address ot variable address or what to modify to make AI spawn everywhere in SA? Like drive from one side to other, and back, and come by the same AI/cars/same damage etc (static world).


OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#1400

Posted 26 March 2017 - 09:38 AM

QUOTE (DexX @ Mar 30 2010, 02:11) The actual array of carcol colors is at 0x00B4E480
There's space allocated for 128 colors (at 4 bytes per color, though alpha isn't used), although it would probably be possible to create a new array of colors, and modify the game to point to the new array. You'd have to update the carcols.dat file though to actually set the extra colors to a non-zero value, and actually have vehicles that use the new colors. You'd still be limited to 256 colors though, unless you changed the indices at B4E3F0x to use something with a larger storage capacity. This is all completely untested of course.

About the actual carcols, I've seen several modders adding new colors in the carcols.dat. They seem to work just by adding them to the file, without an intense modding like pointing to a new array or something. How does the game handle those? Does it just overwrite the values that are stored after the allocated carcols array? Now that would lead to the assumption, that some other gamedata is overwritten by those new colors ... right?

 

Does anyone know what exists in the 512 bytes beyond the carcols array that starts at 0x00B4E480? 0x00B4E680 through 0x00B487F,

 

I've been experimenting with the out-of-range "hidden colors" of San Andreas in the Chain Game custom saves. Many of these colors appear brighter and more interesting that the standard color palette. Some tend to change between two or more colors every time the game is started. I'm curious about what the out of range data could be, why it changes, and whether or not it can be manipulated.


Seemann
  • Seemann

    Ruhe

  • GTA Mods Staff
  • Joined: 03 Sep 2004
  • Russia
  • Best Tool 2016 [OpenIV]
    Best Tool 2013 [Sanny Builder]
    Contribution Award [Mods]
    Helpfulness Awards [Mods]

#1401

Posted 27 March 2017 - 07:21 PM

.data:00B4E480     _vehicleColors  RwRGBA 80h dup(<?>)                         ; DATA XREF: _sub_447090+4o ...
.data:00B4E680     CVehicleModelInfo::CVehicleStructure::m_pInfoPool dd ?      ; DATA XREF: _sub_4C9570r ...
.data:00B4E684                     align 8
.data:00B4E688     ; RwTexDictionary *vehicleTxd
.data:00B4E688     vehicleTxd      dd ?                                        ; DATA XREF: sub_4C7510r ...
.data:00B4E68C     ; RwTexture *CVehicleModelInfo::ms_pLightsTexture
.data:00B4E68C     CVehicleModelInfo::ms_pLightsTexture dd ?                   ; DATA XREF: CVehicleModelInfo::ShutdownLightTexture(void)r ...
.data:00B4E690     ; RwTexture *CVehicleModelInfo::ms_pLightsOnTexture
.data:00B4E690     CVehicleModelInfo::ms_pLightsOnTexture dd ?                 ; DATA XREF: CVehicleModelInfo::ShutdownLightTexture(void):loc_4C748Cr ...
.data:00B4E694                     align 10h
.data:00B4E6A0     ; int gtaSavedTextureFindCallback
.data:00B4E6A0     gtaSavedTextureFindCallback dd ?                            ; DATA XREF: _setTextureFindCallback+Aw ...
.data:00B4E6A4                     db 14h dup(?)                               ; 0
.data:00B4E6B8     ; RwFrame *carFrame
.data:00B4E6B8     _carFrame       dd ?                                        ; DATA XREF: CVehicleModelInfo::ShutdownEnvironmentMaps(void)+14r ...
.data:00B4E6BC     byte_B4E6BC     db ?                                        ; DATA XREF: CVehicleModelInfo::ShutdownEnvironmentMaps(void)+9w
.data:00B4E6BD                     align 10h
.data:00B4E6C0     flt_B4E6C0      dd ?                                        ; DATA XREF: sub_84BD50+Cw
.data:00B4E6C4     flt_B4E6C4      dd ?                                        ; DATA XREF: sub_84BD70+Cw
.data:00B4E6C8     flt_B4E6C8      dd ?                                        ; DATA XREF: sub_84BD90+Cw
.data:00B4E6CC     flt_B4E6CC      dd ?                                        ; DATA XREF: sub_84BDB0+12w ...
.data:00B4E6D0     flt_B4E6D0      dd ?                                        ; DATA XREF: sub_84BDD0+Cw
.data:00B4E6D4     flt_B4E6D4      dd ?                                        ; DATA XREF: sub_84BDF0+Cw
.data:00B4E6D8     ; CComponentLinks componentLinks
.data:00B4E6D8     _componentLinks CComponentLinks <?>                         ; DATA XREF: _sub_4073C0o ...
.data:00B4E754     flt_B4E754      dd ?                                        ; DATA XREF: sub_84BE10+Cw
.data:00B4E758     flt_B4E758      dd ?                                        ; DATA XREF: sub_84BE30+Cw
.data:00B4E75C     flt_B4E75C      dd ?                                        ; DATA XREF: sub_84BE50+Cw
.data:00B4E760     flt_B4E760      dd ?                                        ; DATA XREF: sub_84BE70+12w ...
.data:00B4E764     flt_B4E764      dd ?                                        ; DATA XREF: sub_84BE90+Cw
.data:00B4E768     flt_B4E768      dd ?                                        ; DATA XREF: sub_84BEB0+Cw
.data:00B4E76C                     align 10h
.data:00B4E770     __RwD3D9QuadVerts dd ?                                      ; DATA XREF: _rwD3D9RasterRenderGeneric+B7w ...
.data:00B4E774     flt_B4E774      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+C0w
.data:00B4E778     dword_B4E778    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+18Bw
.data:00B4E77C     dword_B4E77C    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+195w
.data:00B4E780     dword_B4E780    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+1A2w
.data:00B4E784     flt_B4E784      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+1B6w
.data:00B4E788     flt_B4E788      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+1E4w
.data:00B4E78C     flt_B4E78C      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+C9w
.data:00B4E790     flt_B4E790      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+E1w ...
.data:00B4E794     dword_B4E794    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+1D0w
.data:00B4E798     dword_B4E798    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+1DAw
.data:00B4E79C     dword_B4E79C    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+1CBw
.data:00B4E7A0     flt_B4E7A0      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+1F9w
.data:00B4E7A4     flt_B4E7A4      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+22Aw
.data:00B4E7A8     flt_B4E7A8      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+F7w ...
.data:00B4E7AC     flt_B4E7AC      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+100w ...
.data:00B4E7B0     dword_B4E7B0    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+216w
.data:00B4E7B4     dword_B4E7B4    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+220w
.data:00B4E7B8     dword_B4E7B8    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+211w
.data:00B4E7BC     flt_B4E7BC      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+242w
.data:00B4E7C0     flt_B4E7C0      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+277w
.data:00B4E7C4     flt_B4E7C4      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+116w ...
.data:00B4E7C8     flt_B4E7C8      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric:loc_4CA725w
.data:00B4E7CC     dword_B4E7CC    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+263w
.data:00B4E7D0     dword_B4E7D0    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+26Dw
.data:00B4E7D4     dword_B4E7D4    dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+25Ew
.data:00B4E7D8     flt_B4E7D8      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+28Fw
.data:00B4E7DC     flt_B4E7DC      dd ?                                        ; DATA XREF: _rwD3D9RasterRenderGeneric+2A7w
.data:00B4E7E0     __rwD3D9PixelFormatInfo db 200h dup(?)                              ; 0
.data:00B4E7E0                                                                 ; DATA XREF: __rwD3D9RasterPluginAttach+35o ...
.data:00B4E9E0     __RwD3D9RasterExtOffset dd ?                                ; DATA XREF: _rwD3D9RasterCtor+4r ...
  • OrionSR likes this

fastman92
  • fastman92

    фастман92 | ف

  • Members
  • Joined: 28 Jul 2009
  • Poland
  • Best Conversion 2016 [GTA: Underground] [Contribution]
    Contribution Award [Mods]

#1402

Posted 29 March 2017 - 10:44 AM

QUOTE (DexX @ Mar 30 2010, 02:11) The actual array of carcol colors is at 0x00B4E480
There's space allocated for 128 colors (at 4 bytes per color, though alpha isn't used), although it would probably be possible to create a new array of colors, and modify the game to point to the new array. You'd have to update the carcols.dat file though to actually set the extra colors to a non-zero value, and actually have vehicles that use the new colors. You'd still be limited to 256 colors though, unless you changed the indices at B4E3F0x to use something with a larger storage capacity. This is all completely untested of course.

About the actual carcols, I've seen several modders adding new colors in the carcols.dat. They seem to work just by adding them to the file, without an intense modding like pointing to a new array or something. How does the game handle those? Does it just overwrite the values that are stored after the allocated carcols array? Now that would lead to the assumption, that some other gamedata is overwritten by those new colors ... right?

 
Does anyone know what exists in the 512 bytes beyond the carcols array that starts at 0x00B4E480? 0x00B4E680 through 0x00B487F,
 
I've been experimenting with the out-of-range "hidden colors" of San Andreas in the Chain Game custom saves. Many of these colors appear brighter and more interesting that the standard color palette. Some tend to change between two or more colors every time the game is started. I'm curious about what the out of range data could be, why it changes, and whether or not it can be manipulated.

Memory pointers and float values.
Not the colors.
  • dkluin likes this

null0245
  • null0245

    java.lang.NullPointerException

  • Members
  • Joined: 25 Dec 2013
  • None

#1403

Posted 12 April 2017 - 03:15 AM

CTaskComplexProstituteSolicit + 0x14
  + 0x0 (int?) - some large value, which could be comparable to the start of tasks.
  + 0x4 (int) - unknown
  + 0x8 (int, 4 bytes) - detects if sex should start?
  + 0xC (int, 4 bytes) - timestamp of some sort, kind of like 0xC but not sure what this does
  + 0x10 (int, 4 bytes) - next timestamp of when the money/health should change
  + 0x14 (int, 4 bytes) - sex timer, behavior depends on the mode of the task*

The task has three modes: before, during, and after sex.

 

When sex has not yet started, value is 850 (not sure if this is another value on different versions).

When sex is starting, value decrements from 999999999 at a constant rate.
Sex is slow when this value is 999999999-600000000, medium when 599999999-300000000, and fast when 299999999.
When you try to set this value manually to less than 900000000, the car won't shake.
Sex is finished when this value goes less than or equal to 0.

When sex has been finished, value is set to 200000000, then decrements at the same rate during sex.
The prostitute exits the car when this value goes less than or equal to 0.

I'm guessing whether the car shakes in the player's direction or the prostitute's depends on a rand() function, which could be overridden.

 
Also, when I try to increment a pointer, it offsets to the address + 0xE0. Could a task be this large?

DK22Pac
  • DK22Pac

  • Feroci
  • Joined: 12 Apr 2009
  • Ukraine
  • Best WIP Mod 2014 [Grand Theft Auto 3D Contribution]
    Contribution Award [Mods]

#1404

Posted 12 April 2017 - 09:11 AM Edited by DK22Pac, 12 April 2017 - 09:28 AM.

Also, when I try to increment a pointer, it offsets to the address + 0xE0. Could a task be this large?

In a case when an object is dynamically allocated, you can find its size by checking operator new call.

NyjcURC.png

PS Just to clarify, a memory for new task object is not allocated when CTask::operator new is called. It's pre-allocated when CTask pool is initializing. CTask::operator new just returns a pointer to an empty slot in a pool.

Kilowog01
  • Kilowog01

    Player Hater

  • Members
  • Joined: 21 Apr 2015
  • Brazil

#1405

Posted 15 April 2017 - 02:18 AM

I'm a beginner in C ++, I want to create a simple program, without the api, without dlls and everything.But i need some memory addresses. I need to know if the chat is open and how to send msg in chat (Preferably, messages that only I can read). Someone know that address? i can't find with cheatengine 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users