Quantcast

Jump to content

» «
Photo

Documenting GTA-SA memory adresses

1,335 replies to this topic
Pixels^
  • Pixels^

    Crackhead

  • Members
  • Joined: 20 May 2007

#751

Posted 23 January 2008 - 11:09 PM

Thanks for that. If no actors are created(except for the player_actor), how do I found out what ID the next one will be?

ceedj
  • ceedj

    PEDS Creator

  • Feroci Racing
  • Joined: 21 May 2005

#752

Posted 24 January 2008 - 06:56 AM

See this post

http://www.gtaforums...dpost&p=2925218

on page 5 of this very topic.

@Sacky: Thanks for the aircraft traffic addys; never even thought of that! biggrin.gif

Pixels^
  • Pixels^

    Crackhead

  • Members
  • Joined: 20 May 2007

#753

Posted 25 January 2008 - 02:21 AM

I'm having some trouble manipulating this code. I just don't know how to use it.

CODE

''Taken from Seemann

TextDrawers Pool = 0x00A913E8
;-------------------------------------------
  StructSize = 68;
  StructsCount = 96;
  Total Pool Size = 68*96 = 6528 bytes
;-------------------------------------------    
TextDrawer struct =
  +0   dword     letter width
  +4   dword     letter height
  +8   byte[4]   letter color RGBA
  +0B  byte      unknown_flag               (opcode 0341h)
  +0C  byte      text_centered flag
  +0D  byte      text_in_box flag
  align
  +10  dword     linewidth
  +14  dword     unknown (lineheight?)      (opcode 0344h)
  +18  dword     background box color RGBA
  +1C  byte      text_proportional flag
  +1D  byte[4]   letter background color RGBA
  +21  byte      shadow type                (opcode 060Dh)
  +22  byte      outline type               (opcode 081Ch)
  +23  byte      unknown flag (align left?) (opcode 03E0h)
  +24  byte      align right flag           (opcode 034Eh)
  align
  +28  dword     Font (draw_style)
  +2C  dword     XPos
  +30  dword     YPos
  +34  char[8]   text GxtEntry
  +3C  dword     number param #1            (045Ah)
  +40  dword     number param #2            (045Bh)
  +44  end
;-------------------------------------------

Peter
  • Peter

    Secretly Heroic

  • Members
  • Joined: 21 Sep 2006

#754

Posted 25 January 2008 - 07:37 AM

What is there to manipulate about a structure definition? Go read something about pointers, since that's what you'll be needing. Creating any modification while you got no idea what you're doing isn't going to work.

roby65
  • roby65

    Punk-ass Bitch

  • Members
  • Joined: 02 Jun 2006

#755

Posted 25 January 2008 - 04:56 PM

QUOTE (Pixels^ @ Jan 25 2008, 02:21)
I'm having some trouble manipulating this code. I just don't know how to use it.

CODE

''Taken from Seemann

TextDrawers Pool = 0x00A913E8
;-------------------------------------------
  StructSize = 68;
  StructsCount = 96;
  Total Pool Size = 68*96 = 6528 bytes
;-------------------------------------------    
TextDrawer struct =
  +0   dword     letter width
  +4   dword     letter height
  +8   byte[4]   letter color RGBA
  +0B  byte      unknown_flag               (opcode 0341h)
  +0C  byte      text_centered flag
  +0D  byte      text_in_box flag
  align
  +10  dword     linewidth
  +14  dword     unknown (lineheight?)      (opcode 0344h)
  +18  dword     background box color RGBA
  +1C  byte      text_proportional flag
  +1D  byte[4]   letter background color RGBA
  +21  byte      shadow type                (opcode 060Dh)
  +22  byte      outline type               (opcode 081Ch)
  +23  byte      unknown flag (align left?) (opcode 03E0h)
  +24  byte      align right flag           (opcode 034Eh)
  align
  +28  dword     Font (draw_style)
  +2C  dword     XPos
  +30  dword     YPos
  +34  char[8]   text GxtEntry
  +3C  dword     number param #1            (045Ah)
  +40  dword     number param #2            (045Bh)
  +44  end
;-------------------------------------------

i know how to modify this struct.....but how to draw the textdraw????? smile.gif

Sacky
  • Sacky

    IV's Limit Adjuster

  • Members
  • Joined: 10 Nov 2006

#756

Posted 26 January 2008 - 02:37 PM

0x8E4CB4 : (DWORD) UsedDevKitMemory (AKA Used Streaming Memory)

Pixels^
  • Pixels^

    Crackhead

  • Members
  • Joined: 20 May 2007

#757

Posted 26 January 2008 - 06:39 PM

QUOTE
  What is there to manipulate about a structure definition? Go read something about pointers, since that's what you'll be needing. Creating any modification while you got no idea what you're doing isn't going to work.

I think I know how to do it now.
1. Read the pointer 0x00A913E8.
2. ReadPointerVar = ReadPointerVar * TextDrawID (ID's from 1 to 96)
3. Read the pointer ReadPointerVar.
4. Set ReadPointerVar + 0x34 to a string.
5. Set ReadPointerVar + 0x8 to an RGBA byte[4].
One question, will that work and how will I draw the text?

Sacky
  • Sacky

    IV's Limit Adjuster

  • Members
  • Joined: 10 Nov 2006

#758

Posted 26 January 2008 - 11:46 PM

QUOTE
1. Read the pointer 0x00A913E8.
It's not a pointer its the start of the pool.
QUOTE
2. ReadPointerVar = ReadPointerVar * TextDrawID (ID's from 1 to 96)
You need to get the right item in the pool by * it by the sizeof(TextDrawers), in this case 68
QUOTE
3. Read the pointer ReadPointerVar.
???
QUOTE
4. Set ReadPointerVar + 0x34 to a string.
It can only take a GXT 8 character string, so its not just any string, it needs to reference in the GXT.
QUOTE
5. Set ReadPointerVar + 0x8 to an RGBA byte[4].
Set each byte for starters, but you would probably have to initialise the whole structure to prevent crashing, look at it in memory when a textdraw is active.

So a pseudocode version to do what you want to do would be:

CODE
int TextDrawID = 4; // Or Whatever
DWORD dwMem = (DWORD) 0xA913E8;
dwMem += (0x44 * TextDrawID);
WriteProcessMemory(dwMem+0x8,RGBAStuff);
WriteProcessMemory(dwMem+0x34,GXTStuff);

Pixels^
  • Pixels^

    Crackhead

  • Members
  • Joined: 20 May 2007

#759

Posted 28 January 2008 - 12:28 AM

So only stuff in the GXT can be used for the string offset?

Sacky
  • Sacky

    IV's Limit Adjuster

  • Members
  • Joined: 10 Nov 2006

#760

Posted 28 January 2008 - 01:31 AM

QUOTE
So only stuff in the GXT can be used for the string offset?


Yes, but also remember this topic is for documenting memory addresses, if your having trouble with basic memory manipulation you really shouldn't be using this topic for it.

ceedj
  • ceedj

    PEDS Creator

  • Feroci Racing
  • Joined: 21 May 2005

#761

Posted 29 January 2008 - 06:51 AM Edited by ceedj, 29 January 2008 - 06:54 AM.

0x858CC8 (float) - Adjust pickup/icon size multiplier. Affects ALL pickups/icons. Original is 0.6, make it a large number (6.0) for giant pickups. Was looking for something else, but this is amusing. biggrin.gif

UZI-I
  • UZI-I

    WPL Manager...

  • Members
  • Joined: 23 Aug 2006

#762

Posted 30 January 2008 - 12:08 PM

Argh how can I use this JetPack ? It is too big for me :S

user posted image

lol

Nice Stuff ceedj smile.gif


Sacky
  • Sacky

    IV's Limit Adjuster

  • Members
  • Joined: 10 Nov 2006

#763

Posted 30 January 2008 - 12:14 PM

ceedj good job at finding that, but remember that it is a constant so is used in other parts of code that need a 0.6 float, so troubles may arise down the road wink.gif

Seemann
  • Seemann

    Ruhe

  • Members
  • Joined: 03 Sep 2004
  • Russia
  • Best Tool 2013 "Sanny Builder"

#764

Posted 30 January 2008 - 12:34 PM

umm, what about this one?
CODE
08D2: object 0@ scale_model 2.0


same effect, I guess.

ceedj
  • ceedj

    PEDS Creator

  • Feroci Racing
  • Joined: 21 May 2005

#765

Posted 30 January 2008 - 12:45 PM

Thanks for the tips.

@Seemann, very good call, though for some reason, I can't get that opcode to work. Does it only work on certain objects? And again, was just looking for something else. As you can tell by Sacky's post, I totally suck at this. biggrin.gif

Seemann
  • Seemann

    Ruhe

  • Members
  • Joined: 03 Sep 2004
  • Russia
  • Best Tool 2013 "Sanny Builder"

#766

Posted 30 January 2008 - 01:05 PM Edited by Seemann, 31 January 2008 - 04:53 AM.

ok, object != pickup. So, 08D2 won't work for, say, a weapon pickup.

Anyway, it's possible to hack:

CODE
   032B: 28@ = create_weapon_pickup #M4 group 15 ammo 60 at 2480.562 -1666.865 12.8757
   
   0AA7: call_function 0x4552A0 num_params 1 pop 1 28@ 0@ // get pickup index
   mul(0@,0x20)
   inc(0@,0x9788C4) // CPickup*
   0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0 // get pickup.object*
   inc(0@,0x15C) // object.scale_factor
   0A8C: write_memory 0@ size 4 value 15.0 virtual_protect 0 // set new scale factor (15.0)



An we get the gigantic M4
user posted image

Pixels^
  • Pixels^

    Crackhead

  • Members
  • Joined: 20 May 2007

#767

Posted 31 January 2008 - 01:50 AM

Is the running state address at Cped + 0x534 read only? I can read it and it returns 6 for running and 4 for start to run but I can't set it on an actor.

UZI-I
  • UZI-I

    WPL Manager...

  • Members
  • Joined: 23 Aug 2006

#768

Posted 31 January 2008 - 12:02 PM

Because you need to set the 'AnimPlayState' to 62 (If I remember). Else the new animation you write isn't 'played' smile.gif
And You need to nop something for Walk Animation...

Good Luck smile.gif

marcotjuh
  • marcotjuh

    Player Hater

  • Members
  • Joined: 31 Jan 2008

#769

Posted 31 January 2008 - 05:00 PM Edited by marcotjuh, 31 January 2008 - 05:17 PM.

this probably sounds dumb, but whats CPed tounge.gif ?
i dont know :S, and if it has to do with it something, i use visual basic for creating trainers
btw: i will add my own addres
this addres is the damage motifier, its something like 157645454 if you use a memory editor, then change it to 1, otherwise it will probably crash xD,

anyways, its kind of godmode
04b331f

UZI-I
  • UZI-I

    WPL Manager...

  • Members
  • Joined: 23 Aug 2006

#770

Posted 31 January 2008 - 05:41 PM

CPed is a pointer to the Actor Pool smile.gif

Relentless3000
  • Relentless3000

    Player Hater

  • Members
  • Joined: 31 Jan 2008

#771

Posted 31 January 2008 - 06:19 PM

Hey help me please



How do you use or install mods or whatever

PLEASE HELP!!

marcotjuh
  • marcotjuh

    Player Hater

  • Members
  • Joined: 31 Jan 2008

#772

Posted 31 January 2008 - 06:50 PM

QUOTE (UZI-I @ Jan 31 2008, 17:41)
CPed is a pointer to the Actor Pool smile.gif

ok, but now can i use it? because i see code addresses here like
Cped +&h34 or something, but i still dont understand, now you told me what it is, but how can i use it?

UZI-I
  • UZI-I

    WPL Manager...

  • Members
  • Joined: 23 Aug 2006

#773

Posted 31 January 2008 - 08:24 PM

Get the CPed Address in this topic (I can't remeber, sorry, or maybe its 0xB6F5F0)

Read this Address

In VB its like

CODE
dim CPed as long (If I remember my base of VB6 lol)

ReadProcessMemory CPed, 0xB6F5F0, 4 ( It's a DWORD so 4 Bytes )


And now you got the CPed Value smile.gif

you can read the CPed + 0x34

CODE
ReadprocessMemory, Value, CPed + 0x34, ZiseOf(ValueToread)


Its a pseudocode... Please understand me
lol


Pixels^
  • Pixels^

    Crackhead

  • Members
  • Joined: 20 May 2007

#774

Posted 31 January 2008 - 10:04 PM

If you know how to get the hwnd of the GTA process, it's all good from here.

CODE

Dim CpedPointer As Long
ReadProcessMemory GTAHwnd, &HB6F5F0, CpedPointer, 4, 0

Example usage:
CODE

Dim CpedPointer As Long, Data As Long
Data = 300
ReadProcessMemory GTAHwnd, &HB6F5F0, CpedPointer, 4, 0
WriteProcessMemory GTAHwnd, CpedPointer + &H34, Data, 4, 0

marcotjuh
  • marcotjuh

    Player Hater

  • Members
  • Joined: 31 Jan 2008

#775

Posted 01 February 2008 - 06:55 PM Edited by marcotjuh, 01 February 2008 - 06:57 PM.

QUOTE (Pixels^ @ Jan 31 2008, 22:04)
If you know how to get the hwnd of the GTA process, it's all good from here.

CODE

Dim CpedPointer As Long
ReadProcessMemory GTAHwnd, &HB6F5F0, CpedPointer, 4, 0

Example usage:
CODE

Dim CpedPointer As Long, Data As Long
Data = 300
ReadProcessMemory GTAHwnd, &HB6F5F0, CpedPointer, 4, 0
WriteProcessMemory GTAHwnd, CpedPointer + &H34, Data, 4, 0

ah thx pixels, and afcourse UZI-I
pixels, wth is a hwnd?

Peter
  • Peter

    Secretly Heroic

  • Members
  • Joined: 21 Sep 2006

#776

Posted 01 February 2008 - 07:15 PM

QUOTE (marcotjuh @ Feb 1 2008, 18:55)
QUOTE (Pixels^ @ Jan 31 2008, 22:04)
If you know how to get the hwnd of the GTA process, it's all good from here.

CODE

Dim CpedPointer As Long
ReadProcessMemory GTAHwnd, &HB6F5F0, CpedPointer, 4, 0

Example usage:
CODE

Dim CpedPointer As Long, Data As Long
Data = 300
ReadProcessMemory GTAHwnd, &HB6F5F0, CpedPointer, 4, 0
WriteProcessMemory GTAHwnd, CpedPointer + &H34, Data, 4, 0

ah thx pixels, and afcourse UZI-I
pixels, wth is a hwnd?

You really should not start modificating GTA's memory space and/or assembly code if you have no prior programming experience at all - or are not capable of searching. HWND is a pointer to the game's "screen", used to access its memory space.

Pixels^
  • Pixels^

    Crackhead

  • Members
  • Joined: 20 May 2007

#777

Posted 01 February 2008 - 10:09 PM

QUOTE

  Because you need to set the 'AnimPlayState' to 62 (If I remember). Else the new animation you write isn't 'played' smile.gif
And You need to nop something for Walk Animation...

Good Luck smile.gif

Is it the one where it's Starting/stopping, or stopped?

marcotjuh
  • marcotjuh

    Player Hater

  • Members
  • Joined: 31 Jan 2008

#778

Posted 02 February 2008 - 12:59 PM

QUOTE (.Peter @ Feb 1 2008, 19:15)
QUOTE (marcotjuh @ Feb 1 2008, 18:55)
QUOTE (Pixels^ @ Jan 31 2008, 22:04)
If you know how to get the hwnd of the GTA process, it's all good from here.

CODE

Dim CpedPointer As Long
ReadProcessMemory GTAHwnd, &HB6F5F0, CpedPointer, 4, 0

Example usage:
CODE

Dim CpedPointer As Long, Data As Long
Data = 300
ReadProcessMemory GTAHwnd, &HB6F5F0, CpedPointer, 4, 0
WriteProcessMemory GTAHwnd, CpedPointer + &H34, Data, 4, 0

ah thx pixels, and afcourse UZI-I
pixels, wth is a hwnd?

You really should not start modificating GTA's memory space and/or assembly code if you have no prior programming experience at all - or are not capable of searching. HWND is a pointer to the game's "screen", used to access its memory space.

i never said i had much programming experience, but i do know how to get that hwnd, i only didnt understand what it meant, because of name, so take a cookie cookie.gif

spaceeinstein
  • spaceeinstein

    巧克力

  • Members
  • Joined: 17 Jul 2003
  • None

#779

Posted 02 February 2008 - 07:05 PM

Can I request something? I want to know how does the game choose which models to load the sea animals into the ocean and I want a list of the models.

Sacky
  • Sacky

    IV's Limit Adjuster

  • Members
  • Joined: 10 Nov 2006

#780

Posted 02 February 2008 - 10:24 PM Edited by Sacky, 03 February 2008 - 08:37 AM.

QUOTE
Can I request something? I want to know how does the game choose which models to load the sea animals into the ocean and I want a list of the models.


There is a sea animal pool within the game:

CODE
struct SeaAnimals
{
#pragma pack(1)
WORD* wpID;
DWORD dwUnk;  // Always 0x01 0x14 0x00 0x00
float f1;   // 4.0
float f2;   // 10.0
float f3;   // 0.5
float f4;   // 3.0
float f5;   // 1.0
float f6;   // 3.5
float f7;   // 0.1~
BYTE bUnk[7]; // 0x0A 0xD7 0xA3 0x3B 0x00 0x00 0x00
};


0x8D3698 : Start of Pool
0x2C : sizeof(SeaAnimals)
Number of Items: 7

0x5B5CF7 : (ASM) Code to get the ID's of the models

The list is:

shark
dolphin
turtle
fish3s
fish3single
fish2s
fish2single
fish1s
fish1single
jellyfish01
jellyfish

Weapon Object Pool:

0x28 : sizeof(WeaponObject)
0xB1E158 : WeaponObjectPool
0x85BD78 : WeaponObjectClass




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users