Quantcast

Jump to content

» «
Photo

Documenting GTA-SA memory adresses

1,331 replies to this topic
_DK
  • _DK

    Call me 'The Bald Guy"

  • Members
  • Joined: 12 Apr 2009
  • Ukraine

#1231

Posted 27 March 2012 - 11:40 PM Edited by DK22Pac, 28 March 2012 - 08:48 PM.

6F6BD0 int __cdecl GetTrainNodeNearPoint(float fX, float fY, float fZ, int pTrackIDresult)
Named by MTA developers.
CODE
int __cdecl GetTrainNodeNearPoint(float fX, float fY, float fZ, int pTrackIDresult)
{
 int trackLineResult; // edi@1
 signed int trackID; // esi@1
 int zero; // ST14_4@1
 int trackLine; // ecx@2
 int pPoint; // edx@3
 int pStartPointsData; // eax@4
 long double distance; // fst5@4
 signed int point.x; // ebp@4
 int pPointData; // eax@4
 float point.z; // ST2C_4@4
 float subX; // ST18_4@4
 long double subY; // fst7@4
 float resultDistance; // [sp+10h] [bp-20h]@1

 trackLineResult = zero;
 LODWORD(resultDistance) = 0x47C34FF3u;        // 99999.898
 trackID = 0;
 do
 {
   trackLine = 0;
   if ( tracksDatLineCount[trackID] > 0 )
   {
     pPoint = 0;
     do
     {
       pStartPointsData = tracksDatContents[trackID];
       point.x = *(pStartPointsData + pPoint);
       pPointData = pPoint + pStartPointsData;
       point.z = *(pPointData + 4) * 0.125;
       subX = fX - point.x * 0.125;
       subY = fY - *(pPointData + 2) * 0.125;
       distance = sqrt((fZ - point.z) * (fZ - point.z) + subY * subY + subX * subX);
       if ( distance < resultDistance )
       {
         resultDistance = distance;
         trackLineResult = trackLine;
         *pTrackIDresult = trackID;
       }
       ++trackLine;
       pPoint += 10;
     }
     while ( trackLine < tracksDatLineCount[trackID] );
   }
   ++trackID;
 }
 while ( trackID < 4 );
 return trackLineResult;
}


CODE
00000000 CTrainNodePoint struc; (sizeof=0xA)
00000000 x               dw ?
00000002 y               dw ?
00000004 z               dw ?
00000006 distanceFromStart dw ?
00000008 field_8         dw ?
0000000A CTrainNodePoint ends

Gonna hack all train-limits biggrin.gif

PS Anyone knows how to generate eNums for IDA from, f.e., text-file? Maybe there some IDC scripts or something?

juarez
  • juarez

    Memory Hacking

  • Members
  • Joined: 11 Jun 2011

#1232

Posted 29 March 2012 - 09:02 AM

sub_60A440 -> CPed_saveGroup
sub_409C10 -> CStreaming__releaseModel

Swoorup
  • Swoorup

    innovator

  • Members
  • Joined: 28 Oct 2008

#1233

Posted 29 March 2012 - 11:10 AM

Can anyone give me some detail on how SA streams nodes.dat and connects the path node in between different zones properly?

Deji
  • Deji

    Coding like a Rockstar!

  • Feroci Racing
  • Joined: 24 Dec 2007
  • None

#1234

Posted 29 March 2012 - 04:50 PM

QUOTE (DK22Pac @ Tuesday, Mar 27 2012, 23:40)
PS Anyone knows how to generate eNums for IDA from, f.e., text-file? Maybe there some IDC scripts or something?

Like this?

Swoorup
  • Swoorup

    innovator

  • Members
  • Joined: 28 Oct 2008

#1235

Posted 30 March 2012 - 12:16 PM Edited by Swoorup, 01 April 2012 - 05:44 AM.

You should be able to produce a C header file which lists structures and enum members defined in the database.

File Menu -> Produce File -> Create C header file

_DK
  • _DK

    Call me 'The Bald Guy"

  • Members
  • Joined: 12 Apr 2009
  • Ukraine

#1236

Posted 04 April 2012 - 05:37 PM

0x563470 int __cdecl CWorld__ClearScanCodes()
0x70A960 int __cdecl CShadows__RenderStoredShadows()
Original R* names.
Has anyone some information about *stream sectors*?

fastman92
  • fastman92

    фастман92 | ف

  • Members
  • Joined: 28 Jul 2009

#1237

Posted 04 April 2012 - 05:45 PM

QUOTE (DK22Pac @ Wednesday, Apr 4 2012, 18:37)
Has anyone some information about *stream sectors*?

I forgot where was that. Can you tell me EXE address?

_DK
  • _DK

    Call me 'The Bald Guy"

  • Members
  • Joined: 12 Apr 2009
  • Ukraine

#1238

Posted 04 April 2012 - 05:58 PM Edited by DK22Pac, 27 April 2012 - 04:22 PM.

0xB7D0B8 streamSectors array
0x70A7E0 CShadows__CastPedShadowSectorList First param is *stream sector* pointer to streamSector.
StreamSector contain some array of pointers to CEntity.
Maybe
CODE
CStreamSector
+0x0 entityPtrList
+0x4 entityPtrList2


CODE
CPed+0x134 pedShadowData?

Wesser
  • Wesser

    The complexity simplifier, the efficiency optimizer.

  • Feroci Racing
  • Joined: 19 Aug 2006
  • Unknown

#1239

Posted 27 April 2012 - 12:09 PM Edited by Wesser, 06 April 2013 - 02:55 PM.

Some outdated findings:

ENTITY

CEntity + 0x36 - [byte] Entity type
0x02 = Player as driver
0x12 = Quiet driver
0x1A = Suspicious driver (when slightly or heavily collided, unlike cops who are never quiet)
0x22 = No driver
0x2A = Destroyed
0x4A = Player as driver is exiting or being wasted, busted or hijacked

PED

0x5E3B60 - BYTE __thiscall CPed__getWeaponSkillIndexByType(short sType)
0x5E6580 - BYTE __thiscall CPed__getWeaponSkillIndex()

VEHICLE

CVehicle + 0x37C - [bool] Nitro on/off (read-only)

CVehicle + 0x38C - [dword] Some flag
0x80000 = nitro installed

CVehicle + 0x48A - [byte] Nitro Slots
2/5/10 = nitros normal slots (n - 1)
101 = special nitro (cheat)

CVehicle + 0x8A4 - [float] Nitro timer

When nitro is activated, it is set to 0.0 and decreased by -1e-06. Once it overcomes -1.0, the game automatically sets it to 0.0 and it gets increased by 1e-06 (it rises faster if player doesn't accelerate and twice if he decelerates, possible bug).

CVehicle + 0x978 - [dword] Nitro particle 1 (mono exhaust)

CVehicle + 0x97C - [dword] Nitro particle 2 (dual exhaust)

0x6A3EA0 - void __thiscall CAutomobile__processNitro(BYTE bSlots)

PATHFIND

0x96F050 - CPathFind

0x420A10 - void *__thiscall CPathFind__getNodePosition(void *pCoords) (from MTA's source)

0x420AC0 - void *__thiscall CPathFind__getNodePointer(DWORD dwNodeAddr) (from MTA's source)

0x44E4F0 - void __thiscall CPathFind__popRouteNodesFartherFrom(float fOriginX, float fOriginY, float fOriginZ, DWORD *pNodeList[], short *pSteps)

fOriginZ - It's unused in the whole function.

0x4515D0 - void __thiscall CPathFind__findShortestRouteNodes(BYTE bType, float fOriginX, float fOriginY, float fOriginZ, DWORD dwFirstNode, float fDestX, float fDestY, float fDestZ, DWORD *pNodeList[], short *pSteps, short sMaxSteps, float *pDistance, float fMinRadius, DWORD dwLastNode, float fMaxRadius, bool bFollowPath, WORD wFlag, bool bUnk, bool bUnk)

bType - Route type
0 = vehicle
1 = pedestrian
pNodeList - An array containing all route nodes found between the start and destination points.
pSteps - The number of route nodes found.
sMaxSteps - The length of pNodeList array.
fMinRadius - The minimum radius the first node and the next nearest one must have to start searching from the origin. It needs confirmation, though.
fMaxRadius - The maximum radius to start searching from the destination.
bFollowPath - If set, route nodes respect lanes, otherwise the best shortest route is found.
wFlag - It's still unknown. Maybe it defines the type the search nodes do have. Default value is 0xFFFF.

CONTROLS

0x53FF90 - bool __thiscall CPad__firePressed()
0x53FDD0 - bool __thiscall CPad__lookLeftPressed()
0x53FE10 - bool __thiscall CPad__lookRightPressed()
0x53FE70 - bool __thiscall CPad__lookBehindPressed()

MATRIX

0x59BD10 - void __thiscall CMatrix__copyFromRwMatrix(RwMatrix *pMatrix, BYTE bUnk)
0x59BD90 - void __thiscall CMatrix__copyToRwMatrix(RwMatrix *pMatrix, BYTE bUnk)

PARTICLE

CParticle (size = 0x84?)
+ 0x0 - [dword] Pointer to next CParticle
+ 0x4 - [dword] Pointer to previous CParticle
+ 0x8 - [dword] Unknown pointer to CParticleData
+ 0xC - [dword] Attaching matrix
+ 0x10-0x50 - [RwMatrix] Matrix
+ 0x50 - [byte] Status:
0 = visible
1 = inactive
>=2 = unknown
+ 0x51 - [byte] Unknown status
+ 0x52-0x53 - [byte] Unknown
+ 0x54 - [dword] Unknown
+ 0x58 - [float] Distance from camera
+ 0x5C - [short] Time (0.0 to 1.0) * 256
+ 0x5E - [short] Frequency/Intensity (0.0 to 1.0) * 1000
+ 0x60 - [short] Speed (0.0 to 1.0) * 1000
+ 0x62 - [byte] Flag
+ 0x63 - [byte] Unknown
+ 0x64 - [float] Unknown ((rand() % 10000) * 0.0001 * (pParticle.matrix.right.y - pParticle.matrix.right.x) + pParticle.matrix.right.x)
+ 0x68-0x70 - [dword] Unknown
+ 0x74-0x84 - [dword] Unknown pointer

BULLET

0x735FD0 - void __cdecl CBullet__releaseAll()
0x736010 - bool __cdecl CBullet__create(CPed *pEntity, short sWeaponType, float fOriginX, float fOriginY, float fOriginZ, float fVelocityX, float fVelocityY, float fVelocityZ)

WEAPONINFO

0x743C60 - void *__cdecl CWeaponInfo__getInfo(short sType, BYTE bSkillIndex)
0x743CD0 - short __cdecl CWeaponInfo__getSkillStat(short sType)

PLACEABLE

0x50A360 - void __stdcall CPlaceable__getPitchYaw(RwV3d *vOffset, float *fPitch, float *fYaw) (unreferenced)
0x59C790 - void __cdecl CPlaceable__transformRelToAbsOffset(RwV3d *vPoint, RwMatrix *pMatrix, RwV3d *vOffset)
0x59C810 - void __cdecl CPlaceable__transformAbsToRelOffset(RwV3d *vPoint, RwV3d *vOffset, RwMatrix *pMatrix)

STRING

0x718600 - char *__cdecl CStr__gtaStrCpy(const char *szSource char *szDest)
0x718630 - char *__cdecl CStr__gtaStrCat(char *szDest const char *szSource)
0x718660 - char *__cdecl CStr__gtaStrCpy(char *szDest const char *szSource)
0x718690 - DWORD __cdecl CStr__gtaStrLen(const char *szString)
0x7186B0 - char *__cdecl CStr__gtaStrReplace(char *szDest const char *szSource, DWORD dwPos)
0x7186E0 - char *__cdecl CStr__gtaUCasePtr(char *szDest const char *szSource)
0x718710 - void __cdecl CStr__gtaUCase(const char *szString)
0x718740 - void __cdecl CStr__gtaLCase(const char *szString)

2DTEXT

0x719380 - void __cdecl C2DText__setSize(float fWidth, float fHeight)
0x719430 - void __cdecl C2DText__setRGBA(DWORD dwColor)
0x719490 - void __cdecl C2DText__setFont(BYTE bType)
0x7194E0 - void __cdecl C2DText__setBackgroundWidth(float fWidth)
0x719510 - void __cdecl C2DText__setShadowRGBA(DWORD dwColor)
0x719590 - void __cdecl C2DText__setShadowSize(BYTE bSize)
0x7195B0 - void __cdecl C2DText__setMinimized(bool bToggle)
0x7195C0 - void __cdecl C2DText__setBackground(bool bWidth, bool bMultiline)
0x719610 - void __cdecl C2DText__setAlignment(BYTE bType)
0 = center
1 = right
2 = left

2DRENDER

0x728640 - void __cdecl C2DRender__drawBarChart(float fPosX, float fPosY, WORD wWidth, BYTE bHeight, float fPercentage, BYTE bRightBorderWidth, bool bPercentage, bool bBorder, DWORD dwForeColor, DWORD dwRightBorderColor) (from MTA's source)

SCREEN

0x859520 - [float] Width scale (1/640)
0x859524 - [float] Height scale (1/448)
0x865394 - [float] Half width scale (1/320)
0x865398 - [float] Half height scale (1/224)

0x70CE30 - bool __cdecl CScreen__transform3DTo2DPoint(RwV3d *vPoint, RwV2d *vScreen, float *pMultX, float *pMultY, bool bNearClip, bool bFarClip)
0x71DA00 - bool __cdecl CScreen__transform3DTo2DPoint(RwV3d *vPoint, RwV2d *vScreen, float *pMultX, float *pMultY)
0x71DAB0 - bool __cdecl CScreen__transform3DTo2DPoint(RwV3d *vPoint, RwV2d *vScreen)

Here is the updated version according to this script:
CODE

{
 FUNCTIONS INCLUDED:

-   getScreenXYFrom3DCoords
     Type: GET
       Description: Get screen 2D coords from world 3D coords.

-   get3DCoordsFromScreenXY
     Type: GET
       Description: Get world 3D coords from screen 2D coords by a fixed distance.

-   getFullScreenXY
     Type: GET
       Description: Get screen XY from current resolution.

-   getLocalVarOffset
     Type: GET
       Description: Get local var offset from thread pointer.
}

{$CLEO}

0000: NOP

03F0: enable_text_draw 1

while true
 wait 0
 04C4: store_coords_to 1@ 2@ 3@ from_actor $PLAYER_ACTOR with_offset 0.0 0.0 1.0
 0AB1: call_scm_func @getScreenXYFrom3DCoords 3 coords_XYZ 1@ 2@ 3@ store_to 4@ 5@
 0AB1: call_scm_func @get3DCoordsFromScreenXY 3 coords_XY 4@ 5@ distance 1.0 store_camera_to 1@ 2@ 3@ point_to 1@ 2@ 3@
 0AB1: call_scm_func @getScreenXYFrom3DCoords 3 coords_XYZ 1@ 2@ 3@ store_to 4@ 5@
 054C: use_GXT_table 'SWEET6'
 0341: unknown_text_draw_flag 0
 0342: enable_text_draw_centered 1
 033E: set_draw_text_position 4@ 5@ GXT 'SWE6B34'
end

:getScreenXYFrom3DCoords
{
 Parameters:
   Passed:
     0@ - position X
     1@ - position Y
     2@ - position Z
   Result:
     3@ - screen X
     4@ - screen Y

 Example:
   0AB1: call_scm_func @getScreenXYFrom3DCoords 3 coords_XYZ 2488.562 -1666.865 12.8757 store_to 1@ 2@
}
0AB1: call_scm_func @getLocalVarOffset 1 var 0 store_to 7@
0AB1: call_scm_func @getLocalVarOffset 1 var 3 store_to 8@
0AB1: call_scm_func @getLocalVarOffset 1 var 5 store_to 9@
0AB1: call_scm_func @getLocalVarOffset 1 var 6 store_to 10@
0AA5: call 0x70CE30 num_params 6 pop 6 bFarClip 0 bNearClip 0 pMultY 10@ pMultX 9@ pScreen 8@ pCoords 7@
0AB1: call_scm_func @getScreenXY 2 coords_XY 3@ 4@ store_to 3@ 4@
0AB2: ret 2 3@ 4@

:get3DCoordsFromScreenXY
{
 Parameters:
   Passed:
     0@ - screen X
     1@ - screen Y
     2@ - distance
   Result:
     9@ - camera X
     10@ - camera Y
     11@ - camera Z
     18@ - position X
     19@ - position Y
     20@ - position Z

 Example:
   0AB1: call_scm_func @get3DCoordsFromScreenXY 3 coords_XY 320.0 224.0 distance 1.0 store_camera_to 1@ 2@ 3@ point_to 4@ 5@ 6@
}
0A8D: 3@ = read_memory 0x8D5038 size 4 virtual_protect 0 // field of view
3@ *= 0.5
02F6: 4@ = sine 3@
02F7: 5@ = cosine 3@
0073: 4@ /= 5@ // tangent line
0A8D: 6@ = read_memory 0x865394 size 4 virtual_protect 0 // half screen X scale
006B: 6@ *= 0@
6@ -= 1.0
0097: make 6@ absolute_float
006B: 6@ *= 4@
0A8D: 7@ = read_memory 0x865398 size 4 virtual_protect 0 // half screen Y scale
006B: 7@ *= 1@
7@ -= 1.0
0097: make 7@ absolute_float
006B: 7@ *= 4@
0A8D: 8@ = read_memory 0xC3EFA4 size 4 virtual_protect 0 // screen aspect ratio
0073: 7@ /= 8@
0087: 9@ = 6@
0087: 10@ = 2@
0087: 11@ = 7@
0AB1: call_scm_func @getLocalVarOffset 1 var 9 store_to 12@
0A8D: 13@ = read_memory 0xB6F03C size 4 virtual_protect 0 // camera matrix
0AA5: call 0x59C890 num_params 3 pop 3 pOffsets 12@ pMatrix 13@ pPoint 12@ // CPlaceable__transformPoint
006B: 6@ *= 2@
006B: 7@ *= 2@
0087: 14@ = 6@
0087: 15@ = 2@
0087: 16@ = 7@
0AB1: call_scm_func @getLocalVarOffset 1 var 14 store_to 17@
0AA5: call 0x59C890 num_params 3 pop 3 pOffsets 17@ pMatrix 13@ pPoint 17@ // CPlaceable__transformPoint
0AB2: ret 6 9@ 10@ 11@ 14@ 15@ 16@

:getScreenXY
{
 Parameters:
   Passed:
     0@ - full screen X
     1@ - full screen Y
   Result:
     0@ - screen X
     1@ - screen Y

 Example:
   0AB1: call_scm_func @getScreenXY 2 coords_XY 512.0 384.0 store_to 1@ 2@
}
0A8D: 2@ = read_memory 0xC17044 size 4 virtual_protect 0 // full screen X
0A8D: 3@ = read_memory 0x859520 size 4 virtual_protect 0 // screen X scale
0093: 2@ = integer 2@ to_float
006B: 2@ *= 3@
0073: 0@ /= 2@
0A8D: 5@ = read_memory 0xC17048 size 4 virtual_protect 0 // full screen Y
0A8D: 6@ = read_memory 0x859524 size 4 virtual_protect 0 // screen Y scale
0093: 5@ = integer 5@ to_float
006B: 5@ *= 6@
0073: 1@ /= 5@
0AB2: ret 2 0@ 1@

:getLocalVarOffset
{
 Parameters:
   Passed:
     0@ - var number
   Result:
     0@ - var pointer

 Example:
   0AB1: call_scm_func @getLocalVarOffset 1 var 0 store_to 1@
}
0@ *= 0x4
0A9F: 1@ = current_thread_pointer
0A8E: 2@ = 1@ + 0xDC
0A8D: 2@ = read_memory 2@ size 1 virtual_protect 0 // bMissionFlag
if
 2@ == 1
then
 0@ += 0xA48960 // pMissionLocals
else
 005A: 0@ += 1@
 0@ += 0x3C // pThreadLocals
end
0AB2: ret 1 0@

_DK
  • _DK

    Call me 'The Bald Guy"

  • Members
  • Joined: 12 Apr 2009
  • Ukraine

#1240

Posted 02 May 2012 - 03:04 PM Edited by DK22Pac, 02 May 2012 - 03:10 PM.

@Wesser wow, good work with particleData documenting)

0x5E5ED0 void __thiscall CPed__addWeaponModel(CPed *ped, int modelID)
CODE
void __thiscall CPed__addWeaponModel(CPed *ped, int modelID)
{
 CPed *_ped;
 CBaseModelInfo *weaponModel;
 int weapClump;
 int pedtype;
 int weapSlotOffset;
 CWeaponSlot *weapSlot;
 int hAnimHier;
 int boneIndex;
 int pMatrices;
 int molotovPrt;
 RwV3D pos;

 _ped = ped;
 if ( modelID != -1 )
 {
   if ( !ped->weaponSlots[ped->m_bActiveWeapon].field_15 )
   {
     weaponModel = modelPtrs[modelID];
     if ( ped->WeaponClump )
       CPed__removeWeaponModel(ped, -1);
     weapClump = (*(weaponModel->__vmt + 0x2C))(weaponModel); // CModelBase::createInstance
     _ped->WeaponClump = weapClump;
     if ( weapClump )
       _ped->WeaponGunflashClump = findObjectByNodeName(weapClump, "gunflash");
     else
       _ped->WeaponGunflashClump = 0;
     CModelBase__addRef(weaponModel);
     pedtype = _ped->pedType;
     _ped->field_740 = modelID;
     if ( !pedtype || pedtype == 1 )
     {
       weapSlotOffset = 28 * _ped->m_bActiveWeapon;
       weapSlot = (_ped->weaponSlots + weapSlotOffset);
       if ( weapSlot->type == WEAPON_MOLOTOV )
       {
         if ( modelID == MODEL_MOLOTOV )
         {
           if ( !*(&_ped->weaponSlots[0].particle + weapSlotOffset) )
           {
             hAnimHier = clumpGetFirstSkinAtomicHAnimHierarchy(_ped->__parent.__parent.m_pRWObject);
             boneIndex = RpHAnimIDGetIndex(hAnimHier, BONE_RIGHTWRIST);
             pMatrices = RpHAnimHierarchyGetMatrixArray(hAnimHier);
             LODWORD(pos.x) = 0;
             LODWORD(pos.y) = 0;
             LODWORD(pos.z) = 0;
             molotovPrt = createParticle("molotov_flame", &pos, ((boneIndex * 64) + pMatrices), 0);
             weapSlot->particle = molotovPrt;
             if ( molotovPrt )
             {
               sub_4AA910(1);
               dummy_4AA890(weapSlot->particle);
               CParticle__init(weapSlot->particle);
             }
           }
         }
       }
     }
   }
 }
}


PS
entity->type & 7
CODE
1 - building
2 - vehicle
3 - ped
7 - boat

Swoorup
  • Swoorup

    innovator

  • Members
  • Joined: 28 Oct 2008

#1241

Posted 02 May 2012 - 04:08 PM

QUOTE

0x4515D0 - void __thiscall CPathFind__findShortestRouteNodes(BYTE bType, float fOriginX, float fOriginY, float fOriginZ, DWORD dwFirstNode, float fDestX, float fDestY, float fDestZ, DWORD *pNodeList[], short *pSteps, short sMaxSteps, float *pDistance, float fMinRadius, DWORD dwLastNode, float fMaxRadius, bool bFollowPath, WORD wFlag, bool bUnk, bool bUnk)

bType - Route type
0 = vehicle
1 = pedestrian
pNodeList - An array containing all route nodes found between the start and destination points.

About the pNodeList, is it stored seperately for each ped/ vehicle entities by the game?

Wesser
  • Wesser

    The complexity simplifier, the efficiency optimizer.

  • Feroci Racing
  • Joined: 19 Aug 2006
  • Unknown

#1242

Posted 03 May 2012 - 10:17 AM

What do you mean? Something like this?

CVehicle + 0x394 - [dword] Starting route node index (dwFirstNode)
CVehicle + 0x3DB - [dword] Traffic flag ((dwTrafficFlag >> 6) & 1 = bFollowPath)
CVehicle + 0x3EC - [float] Destination X (fDestX)
CVehicle + 0x3F0 - [float] Destination Y (fDestY)
CVehicle + 0x3F4 - [float] Destination Z (fDestZ)
CVehicle + 0x3F8 - [dword] Array of the last 8 route nodes (dwNodeList[8])
CVehicle + 0x418 - [short] Amount of remaining route nodes (sSteps)

Ped's related addresses are stored somewhere in a task pointer where I don't want to look through right now. confused.gif

Swoorup
  • Swoorup

    innovator

  • Members
  • Joined: 28 Oct 2008

#1243

Posted 04 May 2012 - 05:12 PM Edited by Swoorup, 10 February 2013 - 01:38 AM.

Interesting.
In VC, the CPathFind structure is something like this

CODE

struct GlobalMap
{
   CPathNode Paths[9650];
   CSearchNode SearchPaths[3500];
   int InstBuildings[1250];
   __int16 pointsInfo[20400];
   __int8 tanAngle[20400];
   __int16 SearchPointsInfo[20400];
   int lastPedRoutePointIndex;
   int lastVehicleRoutePointIndex;
   int totalVehicleRoutePointIndexm;
   __int16 numberOfBuildings;
   WORD totalPointInfoIndex;
   DWORD totalSearchPoints;
   DWORD field_53804;
   char field_53808[2];
   CPathNode unklist[512];
};
#pragma pack(pop)


The last structure member is written to and read by the game on the run. Do you know what that means? I am guessing if its similar to SA

JoeBullet
  • JoeBullet

    Player Hater

  • Members
  • Joined: 04 Dec 2011

#1244

Posted 05 May 2012 - 11:35 AM

00000000 CRope struc ; (sizeof=0x328)
00000000 m_vecRopeSegments RwV3D 31 dup(?)
00000174 m_vecRopeStartPos RwV3D ?
00000180 m_vecRopeSegmentsReleased RwV3D 31 dup(?)
000002F4 m_pad1 dd ?
000002F8 m_pad2 dd ?
000002FC m_pad3 dd ?
00000300 m_pRopeEntity dd ? ; offset
00000304 m_pad4 dd ?
00000308 m_fMass dd ?
0000030C m_uiRopeTotalLength dd ?
00000310 pRopeHolder dd ? ; offset
00000314 m_pRopeAttacherObject dd ? ; offset
00000318 m_pAttachedEntity dd ? ; offset
0000031C m_uiRopeSegmentLength dd ?
00000320 m_uiHoldEntityExpireTime dd ?
00000324 m_uiSegmentCount db ?
00000325 m_ucRopeType db ?
00000326 m_ucFlags1 db ?
00000327 m_ucFlags2 db ?
00000328 CRope ends

.data:00B768B8 pRopePool CRope 8 dup(<?>)

0x555DC0 static CRope::ResetAll()
0x555F80 CRope::IsEntityAttachedToCrane(CEntity *pEntity)
0x555FB0 CRope::IsRopeOwnedByCrane()
0x556000 CRope::FindByRopeEntity(CEntity *pRopeEntity)
0x556030 CRope::ReleaseRope()
0x556070 CRope::CreateRopeAttacherObject()
0x556780 CRope::~CRope()
0x556800 CRope::Draw()
0x5569C0 CRope::AttachEntity(CEntity *pEntityToAttach)
0x556AE0 static CRope::DrawAll()
0x556B10 static CRope::DestroyAll()
0x556B40 static CRope * CRope::Create(CEntity *pRopeEntity, char ucRopeType, float startPosX, float startPosY, float startPosZ, bool bExpires, char ucSegmentCount, char ucFlags, CEntity *pRopeHolder, int uiExpireTime)
0x557530 CRope::Process()
0x558D10 CRope::CreateSwatRope(CVector *pPos)
0x558D70 static CRope::ProcessAll()
0x5561B0 CRope::Adjust(float startPosX, float startPosY, float startPosZ, int uiUnknown, CVector *pOutVec)

It needs to be verified, though.

Deji
  • Deji

    Coding like a Rockstar!

  • Feroci Racing
  • Joined: 24 Dec 2007
  • None

#1245

Posted 06 May 2012 - 01:57 AM

QUOTE (JoeBullet @ Saturday, May 5 2012, 11:35)
It needs to be verified, though.

I don't know who you are, but you're a legend! Been after some discovery in this area for a while but never had much time to spend on it. You from MTA or something? tounge.gif

JoeBullet
  • JoeBullet

    Player Hater

  • Members
  • Joined: 04 Dec 2011

#1246

Posted 06 May 2012 - 08:26 PM

I have been offered a commit access to MTA because of my former contribution(that was at the time when MTA was moving from git to svn) but had to refuse it due to my very limited time and some other projects I am working on. Here are some functions for CWaterCannon(s):

CWaterCannon
0x00728AB0 CWaterCannon::~CWaterCannon()
0x00728B40 CWaterCannon::Init()
0x00728C20 CWaterCannon::SetStartAndEndPoint(RwV3D* pStartPoint, RwV3D* pEndPoint)
0x00728CB0 CWaterCannon::Update(CVehicle *pVehicleHoldingCannon, RwV3D* pStartPoint, RwV3D* pEndPoint)
0x00728DA0 CWaterCannon::Render()
0x007295E0 CWaterCannon::PushPeds()
0x0072A280 CWaterCannon::Process(char id)

I didn't do as much research on the structure as I did with CRope, but some basic info: First member - Vehicle that is holding water cannon, Second Member - Segments count, there is also segment structure similar to one in CRope.

CWaterCannons
0x00728B10 CWaterCannons::CWaterCannons
0x00728B30 CWaterCannons::~CWaterCannons
0x00728C80 CWaterCannons::Initialise()
0x00729B30 CWaterCannons::Render()
0x0072A3C0 CWaterCannons::ProcessAll()

Deji
  • Deji

    Coding like a Rockstar!

  • Feroci Racing
  • Joined: 24 Dec 2007
  • None

#1247

Posted 07 May 2012 - 02:48 PM

QUOTE (JoeBullet @ Sunday, May 6 2012, 20:26)
I have been offered a commit access to MTA because of my former contribution(that was at the time when MTA was moving from git to svn) but had to refuse it due to my very limited time and some other projects I am working on.

Very similar situation here, lol.

And to be honest, I just had an array when I documented CWaterCannon stuff. I was more interested in concocting a way to easily create small amounts of water in places (literally, just a puddle).

Anyway, welcome to GTAForums (or more specifically, the modding parts) smile.gif

_DK
  • _DK

    Call me 'The Bald Guy"

  • Members
  • Joined: 12 Apr 2009
  • Ukraine

#1248

Posted 13 May 2012 - 10:30 AM Edited by DK22Pac, 13 May 2012 - 10:58 AM.

Some unfinished researching...
CODE
00000000 CPedShadowData  struc; (sizeof=0x4C)
00000000 ped             dd ?                  ; CPed *
00000004 field_4         db ?
00000005 intensityMultiplier db ?
00000006 field_6         db 2 dup(?)
00000008 cameraA         dd ?                  ; RwCamera *
0000000C texture         dd ?                  ; RwTexture *
00000010 flagA           dd ?
00000014 cameraB         dd ?                  ; RwCamera *
00000018 textureBlurred  dd ?                  ; RwTexture *
0000001C field_1C        dd ?
00000020 flagB           dd ?
00000024 field_24        dd ?
00000028 light           dd ?                  ; RpLight *
0000002C field_2C        db 16 dup(?)
0000003C sunPos          RwV3D ?                ; normalized
00000048 field_48        dd ?
0000004C CPedShadowData  ends

CODE
00000000 obj_C40350      struc; (sizeof=0x54)
00000000 flag1           db ?
00000001 field_1         db ?
00000002 field_2         db ?
00000003 field_3         db ?
00000004 shadowData      dd ?                  ; CPedShadowData *
00000008 shadowDataPtrLists shadowDataPtrList 3 dup(?)
00000044 _camera1        dd ?
00000048 _texture1       dd ?                  ; struct  offset
0000004C _camera2        dd ?
00000050 _texture2       dd ?                  ; struct  offset
00000054 obj_C40350      ends

CODE
00000000 shadowDataPtrList struc; (sizeof=0x14)
00000000 shadowDataPtr   dd 5 dup(?)
00000014 shadowDataPtrList ends

user posted image

JoeBullet
  • JoeBullet

    Player Hater

  • Members
  • Joined: 04 Dec 2011

#1249

Posted 13 May 2012 - 02:11 PM Edited by JoeBullet, 14 May 2012 - 07:37 AM.

Great research!
Though, it seems that your obj_c40350 struct is more like this:
CODE

0000000 CShadowManager  struc; (sizeof=0x54)
00000000 bInitialized    db ?
00000001 field_1         db ?
00000002 field_2         db ?
00000003 field_3         db ?
00000004 ppShadowData    dd 16 dup(?)          ; offset
00000044 pCamera1        dd ?
00000048 pTexture1       dd ?
0000004C pCamera2        dd ?
00000050 pTexture2       dd ?
00000054 CShadowManager  ends

I call it CShadowManager.
0x7067C0 CShadowManager::CShadowManager()
0x705B30 CShadowManager::DeleteShadowData(CShadowData* pShadowData)
0x706460 CShadowData::Init(bool bIsBlurred, char ucUnk, bool bUnk)

CShadowData
CODE

00000000 CShadowData     struc; (sizeof=0x4C)
00000000 pParent         dd ?                  ; CPhysical*
00000004 field_4         db ?
00000005 ucIntensity     db ?
00000006 field_6         db ?
00000007 field_7         db ?
00000008 pCamera         dd ?                  ; offset
0000000C pTexture        dd ?                  ; offset
00000010 bIsBlurred      db ?
00000011 field_11        db ?
00000012 field_12        db ?
00000013 field_13        db ?
00000014 pCameraBlurred  dd ?
00000018 pTextureBlurred dd ?                  ; offset
0000001C field_1C        dd ?
00000020 field_20        db ?
00000021 field_21        db ?
00000022 field_22        db ?
00000023 field_23        db ?
00000024 ObjectType        dd ?
00000028 pLight          dd ?                  ; offset
0000002C boundingSphere   RwSphere ?
0000003C vecSunPosNormalized RwV3D ?
00000048 field_48        dd ?
0000004C CShadowData     ends


CPhysical + 0x134: CShadowData *pShadowData

Note: It seems that m_pRwObject is RpAtomic* rather then RpClump*.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
CODE

00000000 CGlass          struc; (sizeof=0x70)
00000000 matrix          CMatrix ?
00000048 field_48        dd ?
0000004C field_4C        dd ?
00000050 field_50        dd ?
00000054 field_54        RwV3D ?
00000060 time            dd ?
00000064 field_64        dd ?
00000068 field_68        dd ?
0000006C field_6C        db ?
0000006D field_6D        db ?
0000006E field_6E        db ?
0000006F field_6F        db ?
00000070 CGlass          ends

CODE

.data:00C71BF8     aGlassPanes     CGlass 2Dh dup(<?>)

CODE

0x854ee0 static CGlass::global_ctor()
0x856ba0 static CGlass::global_dtor()
0x71a8b0 CGlass::CGlass()
0x71a8c0 CGlass::~CGlass()
0x71a8d0 CGlass::Init()
0x71aa10 CGlass::Update()
0x71b0d0 static CGlass::UpdateAll()
0x71b100 CGlass::Render_One
0x71b620 CGlass::GeneratePanesForWindow
0x71bc40 CGlass::WindowRespondsToCollision
0x71c0d0 CGlass::WasGlassh*tByBullet
0x71c1a0 CGlass::WindowRespondsToExplosion
0x71ce20 CGlass::Render


Misc:
0x6A8C00 CAutomobile::ProcessBuoyancy
0x5E1FA0 CPed::ProcessBuoyancy

CEntity revised...
CODE

class CEntitySAInterface
{
public:
CEntitySAInterfaceVTBL  * vtbl; // the virtual table

CPlaceableSAInterface Placeable; // 4

RpClump  * m_pRwObject; // 24
/********** BEGIN CFLAGS **************/
unsigned long bUsesCollision : 1;   // does entity use collision
unsigned long bCollisionProcessed : 1;  // has object been processed by a ProcessEntityCollision function
unsigned long bIsStatic : 1;    // is entity static
unsigned long bHasContacted : 1;   // has entity processed some contact forces
unsigned long bIsStuck : 1;    // is entity stuck
unsigned long bIsInSafePosition : 1;  // is entity in a collision free safe position
unsigned long bWasPostponed : 1;   // was entity control processing postponed
unsigned long bIsVisible : 1;    //is the entity visible

unsigned long bIsBIGBuilding : 1;   // Set if this entity is a big building
unsigned long bRenderDamaged : 1;   // use damaged LOD models for objects with applicable damage
unsigned long bStreamingDontDelete : 1; // Dont let the streaming remove this
unsigned long bRemoveFromWorld : 1;  // remove this entity next time it should be processed
unsigned long bHash*tWall : 1;    // has collided with a building (changes subsequent collisions)
unsigned long bImBeingRendered : 1;  // don't delete me because I'm being rendered
unsigned long bDrawLast :1;    // draw object last
unsigned long bDistanceFade :1;   // Fade entity because it is far away

unsigned long bDontCastShadowsOn : 1;  // Dont cast shadows on this object
unsigned long bOffscreen : 1;    // offscreen flag. This can only be trusted when it is set to true
unsigned long bIsStaticWaitingForCollision : 1; // this is used by script created entities - they are static until the collision is loaded below them
unsigned long bDontStream : 1;    // tell the streaming not to stream me
unsigned long bUnderwater : 1;    // this object is underwater change drawing order
unsigned long bHasPreRenderEffects : 1; // Object has a prerender effects attached to it
unsigned long bIsTempBuilding : 1;   // whether or not the building is temporary (i.e. can be created and deleted more than once)
unsigned long bDontUpdateHierarchy : 1; // Don't update the aniamtion hierarchy this frame

unsigned long bHasRoadsignText : 1;  // entity is roadsign and has some 2deffect text stuff to be rendered
unsigned long bDisplayedSuperLowLOD : 1;
unsigned long bIsProcObject : 1;   // set object has been generate by procedural object generator
unsigned long bBackfaceCulled : 1;   // has backface culling on
unsigned long bLightObject : 1;   // light object with directional lights
unsigned long bUnimportantStream : 1;  // set that this object is unimportant, if streaming is having problems
unsigned long bTunnel : 1;   // Is this model part of a tunnel
unsigned long bTunnelTransition : 1;  // This model should be rendered from within and outside of the tunnel
/********** END CFLAGS **************/


   uint8_t         m_ucSeedColFlags;
   uint8_t   m_ucSeedVisibleFlags;
   uint16_t        m_nModelIndex;//34
   CReferences *   m_pReferences; //36
   
   DWORD *   m_pLastRenderedLink; //   CLink<CEntity*>* m_pLastRenderedLink; +40
   
   uint16_t m_nScanCode;           // 44
   uint8_t m_iplIndex;            // used to define which IPL file object is in +46
   uint8_t m_areaCode;            // used to define what objects are visible at this point +47
   
   // LOD sh*t
   CEntitySAInterface * m_pLod; // 48
   // num child higher level LODs
   uint8_t numLodChildren; // 52
   // num child higher level LODs that have been rendered
   int8_t numLodChildrenRendered; // 53

   //********* BEGIN CEntityInfo **********//
   uint8_t nType : 3; // what type is the entity              // 54 (2 == Vehicle)
   uint8_t nStatus : 5;               // control status       // 54
   //********* END CEntityInfo **********//

   uint8_t m_align; // 55

   float pad1; // 56
   uint32_t pad2; // 60 - a kind of frame counter or similar

   uint32_t b0x01 : 1; // 64
   uint32_t bApplyGravity : 1;
   uint32_t b0x04 : 1;
   uint32_t b0x08 : 1;
   uint32_t b0x10 : 1;
   uint32_t b0x20 : 1;
   uint32_t b0x40 : 1;
   uint32_t b0x80 : 1;

   uint32_t b0x100 : 1; // 65
   uint32_t bOnSolidSurface : 1;
   uint32_t b0x400 : 1;
   uint32_t b0x800 : 1;
   uint32_t b0x1000 : 1;
   uint32_t b0x2000 : 1;
   uint32_t b0x4000 : 1;
   uint32_t b0x8000 : 1;

   uint32_t b0x10000 : 1; // 66
   uint32_t b0x20000 : 1;
   uint32_t bBulletProof : 1;
   uint32_t bFireProof : 1;
   uint32_t bCollisionProof : 1;
   uint32_t bMeeleProof : 1;
   uint32_t bInvulnerable : 1;
   uint32_t bExplosionProof : 1;

   uint32_t b0x1000000 : 1; // 67
   uint32_t b0x2000000 : 1;
   uint32_t b0x4000000 : 1;
   uint32_t bTouchingWater : 1;
   uint32_t bEnableCollision : 1;
   uint32_t bDestroyed : 1;
   uint32_t b0x40000000 : 1;
   uint32_t b0x80000000 : 1;
};

;;;;;;;;;;;;;;;;;;;;;;;;;;;
CODE

class CBodyPart
{
public:
float pad1; // 0x00
RwV3D pos; // 0x04
RpQuat* pOrientation; // 0x10
uint32_t animID; // 0x14
float pad6; // 0x18
float pad7; // 0x1C
float pad8; // 0x20
};


CODE


00000000 CBodyParts      struc; (sizeof=0x48)
00000000 pTorso          dd ?
00000004 pHead           dd ?
00000008 pLegs           dd ?
0000000C pShoes          dd ?
00000010 pLowerLeftArm   dd ?
00000014 pUpperLeftArm   dd ?
00000018 pLowerRightArm  dd ?
0000001C pUpperRightArm  dd ?                  ; offset
00000020 pUpperBack      dd ?                  ; offset
00000024 pLeftChest      dd ?                  ; offset
00000028 pRightChest     dd ?                  ; offset
0000002C pStomach        dd ?
00000030 pLowerBack      dd ?
00000034 pNecklace       dd ?
00000038 pWatch          dd ?
0000003C pGlasses        dd ?
00000040 pHat            dd ?
00000044 pSpecialCostume dd ?
00000048 CBodyParts      ends

Though i think names are bit misleading for things such as pStomach, pWatch etc.

CPed+0x488 pBodyParts CBodyParts ?

_DK
  • _DK

    Call me 'The Bald Guy"

  • Members
  • Joined: 12 Apr 2009
  • Ukraine

#1250

Posted 13 May 2012 - 10:05 PM Edited by DK22Pac, 13 May 2012 - 10:14 PM.

Wow, thank for your help, Joe.
I'll continue "shadow" researching tommorow.
For this time, I updated CRegisteredShadow structure.
CODE
00000000 CRegisteredShadow struc; (sizeof=0x34)
00000000 pos             RwV3D ?
0000000C X1              dd ?                  ; rotation params
00000010 Y1              dd ?
00000014 X2              dd ?
00000018 Y2              dd ?
0000001C zDistance       dd ?
00000020 field_20        dd ?
00000024 texture         dd ?                  ; RwTexture *
00000028 shadowData      dd ?                  ; CShadowData *
0000002C intensity       dw ?
0000002E colorType       db ?                  ; 1 - black, 2 - RGB, 3 - inversed RGB
0000002F rChannel        db ?
00000030 gChannel        db ?
00000031 bChannel        db ?
00000032 flags           dw ?
00000034 CRegisteredShadow ends

CODE
.data:00C40430     aShadows        CRegisteredShadow 30h dup(<?>)

About bones, I thought that:
CODE
CBone+0x4 = RwV3D offset

I have some stuff here:
link
PS It is possible to get adress of any bone by some formula, I've released this in some of mine opcodes:
CODE
0D30: 0@ = actor $3 bone 4

(BoneIDs were documented in getPedBonePosition page at MTA site).

JoeBullet
  • JoeBullet

    Player Hater

  • Members
  • Joined: 04 Dec 2011

#1251

Posted 14 May 2012 - 07:09 AM

QUOTE (DK22Pac @ Sunday, May 13 2012, 22:05)
Wow, thank for your help, Joe.
I'll continue "shadow" researching tommorow.
For this time, I updated CRegisteredShadow structure.
CODE
00000000 CRegisteredShadow struc; (sizeof=0x34)
00000000 pos             RwV3D ?
0000000C X1              dd ?                  ; rotation params
00000010 Y1              dd ?
00000014 X2              dd ?
00000018 Y2              dd ?
0000001C zDistance       dd ?
00000020 field_20        dd ?
00000024 texture         dd ?                  ; RwTexture *
00000028 shadowData      dd ?                  ; CShadowData *
0000002C intensity       dw ?
0000002E colorType       db ?                  ; 1 - black, 2 - RGB, 3 - inversed RGB
0000002F rChannel        db ?
00000030 gChannel        db ?
00000031 bChannel        db ?
00000032 flags           dw ?
00000034 CRegisteredShadow ends

CODE
.data:00C40430     aShadows        CRegisteredShadow 30h dup(<?>)

About bones, I thought that:
CODE
CBone+0x4 = RwV3D offset

I have some stuff here:
link
PS It is possible to get adress of any bone by some formula, I've released this in some of mine opcodes:
CODE
0D30: 0@ = actor $3 bone 4

(BoneIDs were documented in getPedBonePosition page at MTA site).

You are right about bones.
CRegisteredShadow+0x20 is a some kind of Offset according to russian gtamodding wiki page.

_DK
  • _DK

    Call me 'The Bald Guy"

  • Members
  • Joined: 12 Apr 2009
  • Ukraine

#1252

Posted 14 May 2012 - 08:55 AM Edited by DK22Pac, 15 May 2012 - 02:54 PM.

Actually, that stuff on gtamodding was added by me xD

CODE
00000000 CRegisteredShadow_C4A030 struc; (sizeof=0x40)
00000000 id?             dd ?
00000004 field_4         dd ?                   ; pointer to something
00000008 timeCreate      dd ?
0000000C pos             RwV3D ?
00000018 X1              dd ?                   ; rotation params
0000001C Y1              dd ?
00000020 X2              dd ?
00000024 Y2              dd ?
00000028 zDistance       dd ?
0000002C unkScale        dd ?
00000030 texture         dd ?                   ; RwTexture *
00000034 intensity       dw ?
00000036 colorType       db ?
00000037 red             db ?
00000038 green           db ?
00000039 blue            db ?
0000003A field_3A        db ?
0000003B field_3B        db ?
0000003C field_3C        db ?
0000003D field_3D        db ?                   ; related to collision mesh?
0000003E field_3E        dw ?
00000040 CRegisteredShadow_C4A030 ends

MeatSafeMurderer
  • MeatSafeMurderer

    Avoiding GTA Online at all costs until the grand payout rebuffs.

  • Members
  • Joined: 29 Mar 2012
  • None

#1253

Posted 27 July 2012 - 03:52 PM Edited by MeatSafeMurderer, 27 July 2012 - 04:17 PM.

Hi there, I am wondering if any of you know the addresses related to the positioning and color of hud items?
I would search but, it appears to be broken whatsthat.gif

Deji
  • Deji

    Coding like a Rockstar!

  • Feroci Racing
  • Joined: 24 Dec 2007
  • None

#1254

Posted 01 August 2012 - 02:17 AM Edited by Deji, 01 August 2012 - 02:20 AM.

QUOTE (MeatSafeMurderer @ Friday, Jul 27 2012, 15:52)
Hi there, I am wondering if any of you know the addresses related to the positioning and color of hud items?
I would search but, it appears to be broken  whatsthat.gif

http://gtag.gtagamin...p?showtopic=265
I don't stand by every post there, though. Some things I posted (mostly addresses beginning with 0x8 are't to be fiddled with). It was made quite a long time ago.
-----------------------------------------

Some stuff I'm researching...
CODE
00000000 CConvo          struc; (sizeof=0x1C)
00000000 field_0         dd ?
00000004 field_4         dd ?
00000008 pPed            dd ?                  ; offset
0000000C ?unkTime1       dd ?
00000010 ?unkTime2       dd ?
00000014 ?stage          dd ?
00000018 field_18        db ?
00000019 bIsWithoutSubtitles db ?
0000001A field_1A        db ?
0000001B field_1B        db ?
0000001C CConvo          ends

paulicabos
  • paulicabos

    Player Hater

  • Members
  • Joined: 27 Jul 2012

#1255

Posted 04 August 2012 - 07:44 AM

Hello!

I need to make a teleport hack in c# to coordinate. I need x , y and z position

Please tell me the adresses and the value..

like int x=0xasdsads +dasdas;

EditMemory(x, float value);

fastman92
  • fastman92

    фастман92 | ف

  • Members
  • Joined: 28 Jul 2009

#1256

Posted 04 August 2012 - 08:01 AM

Take a look at 0x005BD7B0 - void __cdecl CPlayer__SetPlayerCoordsFromFile()

Basically it is:
CPlaceable__SetPosition(&Player->__parent.__parent.__parent, &TxtCoordinates);

You need to make your own SetPosition function, see how easy it is:
CODE
void __thiscall CPlaceable__SetPosition(CPlaceable *this, RwV3D *Position)
{
 CMatrix *v2; // eax@1
 double v3; // st6@1
 double v4; // st7@1

 v4 = Position->z;
 v3 = Position->y;
 v2 = this->m_pCoords;
 if ( v2 )
 {
   v2->matrix.pos.x = Position->x;
   this->m_pCoords->matrix.pos.y = v3;
   this->m_pCoords->matrix.pos.z = v4;
 }
 else
 {
   this->placement.pos.x = Position->x;
   this->placement.pos.y = v3;
   this->placement.pos.z = v4;
 }
}

Fortunately SetPosition is very easy to code for trainer.

paulicabos
  • paulicabos

    Player Hater

  • Members
  • Joined: 27 Jul 2012

#1257

Posted 04 August 2012 - 11:28 AM

QUOTE (fastman92 @ Saturday, Aug 4 2012, 08:01)
Take a look at 0x005BD7B0 - void __cdecl CPlayer__SetPlayerCoordsFromFile()

Basically it is:
CPlaceable__SetPosition(&Player->__parent.__parent.__parent, &TxtCoordinates);

You need to make your own SetPosition function, see how easy it is:
CODE
void __thiscall CPlaceable__SetPosition(CPlaceable *this, RwV3D *Position)
{
 CMatrix *v2; // eax@1
 double v3; // st6@1
 double v4; // st7@1

 v4 = Position->z;
 v3 = Position->y;
 v2 = this->m_pCoords;
 if ( v2 )
 {
   v2->matrix.pos.x = Position->x;
   this->m_pCoords->matrix.pos.y = v3;
   this->m_pCoords->matrix.pos.z = v4;
 }
 else
 {
   this->placement.pos.x = Position->x;
   this->placement.pos.y = v3;
   this->placement.pos.z = v4;
 }
}

Fortunately SetPosition is very easy to code for trainer.

I get a lot of errors..is this c++ or c#?

fastman92
  • fastman92

    фастман92 | ف

  • Members
  • Joined: 28 Jul 2009

#1258

Posted 04 August 2012 - 11:35 AM

C++, but it's exported from IDB database.
You should download IDB database of gta_sa.exe and see that function yourself
Then you can start writing your own function for trainter that will work exactly the same.

paulicabos
  • paulicabos

    Player Hater

  • Members
  • Joined: 27 Jul 2012

#1259

Posted 04 August 2012 - 11:51 AM Edited by paulicabos, 04 August 2012 - 05:44 PM.

QUOTE (fastman92 @ Saturday, Aug 4 2012, 11:35)
C++, but it's exported from IDB database.
You should download IDB database of gta_sa.exe and see that function yourself
Then you can start writing your own function for trainter that will work exactly the same.

https://www.google.c...iw=1163&bih=745


I can't find , please give me a link


edit: i don't see how that can help.. why is not as easy as the money hack, or gravity or other memory ?

juarez
  • juarez

    Memory Hacking

  • Members
  • Joined: 11 Jun 2011

#1260

Posted 05 August 2012 - 10:04 AM Edited by juarez, 05 August 2012 - 10:06 AM.

More to more tounge.gif
Version 1.0

CODE
0x588E30 -> ShowTexBox1Number
0x58A160 -> DrawTripSkip
0x447790 -> DrawGarageText
0x4E9E50 -> DrawRadioStation




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users