Quantcast

Jump to content

» «
Photo

Documenting GTA-SA memory addresses

1,423 replies to this topic
MKKJ
  • MKKJ

    Honest Steaks

  • Members
  • Joined: 04 Jun 2015
  • Indonesia

#1411

Posted 25 August 2017 - 06:13 PM Edited by MKKJ, 25 August 2017 - 06:22 PM.

Forgot that i found more related addresses.

 

0x858CEC - Aiming Recoil Multiplier (float, default 0.04)
How much recoil increased/crosshair expands per shot (calculated with data from weapon.dat)
Set to 0.0 to "freeze" crosshair.
 
0x8D2E64 - Aiming Recoil Cooldown Multiplier (float, default 0.96)
How much recoil "decreased" / crosshair retracts.
Set to 0.0 for instant cooldown. 1.0 to disable cooldown. More than 1.0 to make crosshair expand indefinitely.



I'ts possible to make every value independent?

I mean, have just the "static" crosshair, but with the bulletspread value intact?

Locking up the crosshair but keep the recoil?
Sorry, I don't know how. Haven't been looking into it.


CharlesVercetti
  • CharlesVercetti

    Back to the business...

  • Members
  • Joined: 08 Dec 2013
  • India

#1412

Posted 28 August 2017 - 01:03 PM

I searched through the whole topic for addresses related to the HUD positions(Health bar,armor bar,time,money,weapon icon,ammo count,wanted stars).

Many posts were linked to the gtagaming.com website.They were inactive links.Also had a look at the gtamodding wiki,where they provided addresses for changing colors only.Can someone provide me the addresses?


null0245
  • null0245

    java.lang.NullPointerException

  • Members
  • Joined: 25 Dec 2013
  • None

#1413

Posted 31 October 2017 - 11:00 AM

Leaving this here. This is for GTA III CPlayerInfo. Notice it's the same with GTA VC so the structure around could be more or less similar.

/// <summary>
/// The HookerMoneyTimer offset from the PlayerInfo address. (4 bytes integer)
/// </summary>
#define PLAYER_INFO_HOOKER_MONEY_TIMER_OFFSET 0xCC

/// <summary>
/// The HookerTimer offset from the PlayerInfo address. (4 bytes integer)
/// </summary>
#define PLAYER_INFO_HOOKER_TIMER_OFFSET 0xC8

/// <summary>
/// The HookerTime offset from the PlayerInfo address. (4 bytes integer)
/// </summary>
#define PLAYER_INFO_HOOKER_TIME_OFFSET 0xD0

/// <summary>
/// The Hooker offset from the PlayerInfo address. (CPed*)
/// </summary>
#define PLAYER_INFO_HOOKER_OFFSET 0xD4

Gmer
  • Gmer

    Player Hater

  • Members
  • Joined: 08 May 2017
  • Netherlands

#1414

Posted 08 November 2017 - 07:40 AM Edited by Gmer, 21 November 2017 - 11:44 AM.

I documented hundreds of new mem addresses/offsets that weren't known in earlier research.

See herehttps://paste.ee/p/vAxZw             (backup just incase http://www.mediafire...csMemOffset.txt)

 

PC addresses. That is from a novel IDA database, self-generated. It's a DB to IDA MAP for offsets, make sure to read notes at file beginning. 

 

More;

the decompiled GTA_SA IDA C++ pseudocode that belongs to said db: http://www.mediafire...gta_sa-source.c

 

clean import of gta_sa.exe to newest IDA 7.0 and fresh decompile pseudocode (No db linked to it, so no function names and offset titles in the source!): http://www.mediafire...h2139z/gta_sa.c

Just uploaded because of IDA 7.0 enhanced pseudodecompiled code output.

 

Now here's my novel IDA DB used to list the new offsets and mem addresses where this post is all about: .idb http://www.mediafire...ta_sa_IDBdb.idb

 

EDIT: Never rely on all of my addresses in the whole topic, I found obvious mistakes with it, some offsets dont match due to the generating method I used. The function names and great part of the addresses are useful after all.


boludoz
  • boludoz

    Rat

  • Members
  • Joined: 10 Dec 2009
  • Argentina

#1415

Posted 11 November 2017 - 07:22 PM

Which is the direction that deactivates the markers in 2 player mode? How can this be solved? Many people are asking for it. Everything related helps.

Nick007J
  • Nick007J

    Mark Chump

  • Members
  • Joined: 17 Jan 2010
  • Russia

#1416

Posted 11 November 2017 - 09:08 PM

Do you mean missions becoming unavailable? While you can fix it in memory, I don't think starting a mission is possible without a crash in two-player mode.

boludoz
  • boludoz

    Rat

  • Members
  • Joined: 10 Dec 2009
  • Argentina

#1417

Posted 11 November 2017 - 09:39 PM Edited by boludoz, 04 December 2017 - 09:44 PM.

Do you mean missions becoming unavailable? While you can fix it in memory, I don't think starting a mission is possible without a crash in two-player mode.

 

 

I had thought of complementing it with this code, once ? (take the marker)-, player 2 is eliminated, when ?= 1 // 1 - player is entering in an interior is re-enabled.
I do not think it is a big problem to add an extra ped to the mission, in fact there are mods that do it but only once it is in the mission and in the form of cheat. The problem would be to have the mission activated.
 

Nick007J
  • Nick007J

    Mark Chump

  • Members
  • Joined: 17 Jan 2010
  • Russia

#1418

Posted 11 November 2017 - 09:49 PM

Anyway, as far as I know, markers are "disabled", because CPlayerPed::CanPlayerStartMission [0x609590] returns false, because it checks CGameLogic::IsCoopGameGoingOn().

boludoz
  • boludoz

    Rat

  • Members
  • Joined: 10 Dec 2009
  • Argentina

#1419

Posted 11 November 2017 - 09:55 PM Edited by boludoz, 11 November 2017 - 10:04 PM.

Anyway, as far as I know, markers are "disabled", because CPlayerPed::CanPlayerStartMission [0x609590] returns false, because it checks CGameLogic::IsCoopGameGoingOn().

It was the 'OPCODE' that I was missing, thank you. my screen goes black, when I corrupt this. I'm very new in memory edition from where could I get that? how many bytes does that have?

Gmer
  • Gmer

    Player Hater

  • Members
  • Joined: 08 May 2017
  • Netherlands

#1420

Posted 12 November 2017 - 05:49 PM Edited by Gmer, 21 November 2017 - 11:43 AM.

PC GTA SA: From the same never-seen before IDA DB as that I previously posted, I created a much better offset/mem function address list than before:

 

https://pastebin.com/K3eqq3MP

 

It's still too big to fit in a post here.

 

Also ive combined several IDA db's offset/func address maps into one HUGE file, if you want a certain hit on what you're looking for get it here:

https://www.mediafir...SETS-HUGEDB.txt

 

EDIT: Never rely on all of my addresses in the whole topic, I found obvious mistakes with it, some offsets dont match due to the generating method I used. The function names and great part of the addresses are useful after all.


boludoz
  • boludoz

    Rat

  • Members
  • Joined: 10 Dec 2009
  • Argentina

#1421

Posted 12 November 2017 - 07:40 PM Edited by boludoz, 12 November 2017 - 08:41 PM.

From the same never-seen before IDA DB as that I previously posted, I created a much better offset/mem function address list than before:

 

https://pastebin.com/K3eqq3MP

 

It's still too big to fit in a post here.

I had taken a look at this but I did not know how to 0001: 00040390> to hex, excellent job! PD:If we are talking about android this means that the game is still supporting 2p mode on android, beyond the opcode 00E1.


boludoz
  • boludoz

    Rat

  • Members
  • Joined: 10 Dec 2009
  • Argentina

#1422

Posted 18 November 2017 - 01:25 AM Edited by boludoz, 18 November 2017 - 01:27 AM.

0x736AEF (float): Radio necessary for an explosion to affect a vehicle.

frankandbeans
  • frankandbeans

    Crackhead

  • Members
  • Joined: 27 Jul 2015
  • United-States

#1423

Posted 2 weeks ago

[SA]

 

Does anybody know the address that spawns the actors (swat) on the ropes during wanted levels? They seem to be invincible while rappeling down.


Jack
  • Jack

    MODEL_SWAT

  • Feroci
  • Joined: 06 Dec 2011
  • Serbia

#1424

Posted 2 weeks ago

0x006C6C86     loc_6C6C86:                             ; CODE XREF: sub_6C69C0+2C2j
0x006C6C86 09C                 push    eax             ; pTask
0x006C6C87 0A0                 mov     ecx, ebp        ; this
0x006C6C89 0A0                 mov     byte ptr [esp+0A0h+var_4], 0
0x006C6C91 0A0                 call    CTaskComplexSequence__addTaskToSequence
0x006C6C96 09C                 mov     eax, [edi+47Ch]
0x006C6C9C 09C                 push    0
0x006C6C9E 0A0                 push    3
0x006C6CA0 0A4                 push    ebp
0x006C6CA1 0A8                 lea     ecx, [eax+4]
0x006C6CA4 0A8                 call    CPedTasks__AssignPrimaryTask ; CPedTasks method
0x006C6CA9 09C                 and     dword ptr [edi+1Ch], 0FFFFFFFEh  //  ped->physical.entity.m_dwFlags &= 0xFFFFFFFE;   //  -2
0x006C6CAD 09C                 mov     al, [esi+9B9h]
0x006C6CB3 09C                 dec     al
0x006C6CB5 09C                 mov     [esi+9B9h], al
0x006C6CBB 09C                 movzx   eax, al
0x006C6CBE 09C                 push    40800000h
0x006C6CC3 0A0                 push    98h
0x006C6CC8 0A4                 mov     byte ptr [eax+esi+9BAh], 0AAh
0x006C6CD0 0A4                 mov     ecx, [edi+18h]
0x006C6CD3 0A4                 push    0
0x006C6CD5 0A8                 push    ecx
0x006C6CD6 0AC                 call    _ZN12CAnimManager14BlendAnimationEP7RpClump12AssocGroupId11AnimationIdf ; CAnimManager::BlendAnimation(RpClump *,AssocGroupId,AnimationId,float)
0x006C6CDB 0AC                 add     esp, 10h
0x006C6CDE 09C                 lea     ecx, [esp+9Ch+m]
0x006C6CE2 09C                 mov     [esp+9Ch+var_4], 0FFFFFFFFh
0x006C6CED 09C                 call    _ZN7CMatrixD2Ev ; CMatrix::~CMatrix()
0x006C6CF2 09C                 mov     al, 1
0x006C6CF4 09C                 jmp     short loc_6C6D0C

plugin::patch::SetUChar(0x6C6CAC, -1);




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users