Quantcast

Jump to content

» «
Photo

Documenting GTA-SA memory adresses

1,335 replies to this topic
LINK/2012
  • LINK/2012

    LIVIN' IN CODE

  • Feroci Racing
  • Joined: 30 Jan 2011
  • Brazil

#1321

Posted 27 January 2014 - 08:09 PM Edited by LINK/2012, 4 weeks ago.

0x4DFB10       CAEBankLoader *__thiscall CAEBankLoader::CAEBankLoader(CAEBankLoader *)
0x4DFB20       void __thiscall CAEBankLoader::~CAEBankLoader(CAEBankLoader *this)
0x4DFB60       void __thiscall CAEBankLoader::InitialiseRequestList(CAEBankLoader *this)
0x4DFBA0       void __thiscall CAEBankLoader::CalculateBufferSize(CAEBankLoader *this)
0x4DFBD0       char __thiscall CAEBankLoader::LoadBankLookupFile(CAEBankLoader *this)
0x4DFC70       char __thiscall CAEBankLoader::LoadSFXPakLookupFile(CAEBankLoader *this)
0x4DFDE0       void *__thiscall CAEBankLoader::GetSoundBuffer2(CAEBankLoader *this, unsigned short bankslot, int *out_size)
0x4DFE30       void __thiscall CAEBankLoader::Service(CAEBankLoader *this)
0x4E01B0       CAEBankLookupItem *__thiscall CAEBankLoader::GetBankLookup(CAEBankLoader *this, unsigned short bank)
0x4E01E0       long double __thiscall CAEBankLoader::GetSoundHeadroom(CAEBankLoader *this, unsigned short sound, short bankslot)
0x4E0220       char __thiscall CAEBankLoader::IsSoundBankLoaded(CAEBankLoader *this, unsigned short bank, short bankslot)
0x4E0250       char __thiscall CAEBankLoader::GetSoundBankLoadingStatus(CAEBankLoader *this, unsigned short bank, short bankslot)
0x4E0280       void *__thiscall CAEBankLoader::GetSoundBuffer(CAEBankLoader *this, unsigned short sound, short bankslot, int *out_Size, short *out_SampleRate)
0x4E0380       int __thiscall CAEBankLoader::GetLoopOffset(CAEBankLoader *this, unsigned short sound, short bankslot)
0x4E03B0       char __thiscall CAEBankLoader::IsSoundLoaded(CAEBankLoader *this, unsigned short bank, unsigned short sound, short bankslot)
0x4E0400       char __thiscall CAEBankLoader::GetSoundLoadingStatus(CAEBankLoader *this, unsigned short bank, unsigned short sound, short bankslot)
0x4E0450       void __thiscall CAEBankLoader::UpdateVirtualChannels(CAEBankLoader *this, void *a2, void *a3, void *a4)
0x4E0590       char __thiscall CAEBankLoader::LoadBankSlotFile(CAEBankLoader *this)
0x4E0670       void __thiscall CAEBankLoader::LoadSoundBank(CAEBankLoader *this, unsigned short bank, short bankslot)
0x4E07A0       void __thiscall CAEBankLoader::LoadSound(CAEBankLoader *this, unsigned short bank, unsigned short sound, short bankslot)
0x4E08F0       char __thiscall CAEBankLoader::Initialise(CAEBankLoader *this)

0x5B97F0       void __cdecl CAEAudioUtility::StaticInitialise()
0x4D9C10       int __cdecl CAEAudioUtility::GetRandomNumberInRange(int, int)
0x4D9C50       double __cdecl CAEAudioUtility::GetRandomNumberInRangef(float, float)
0x4D9C80       char __cdecl CAEAudioUtility::ResolveProbability(float)
0x4D9CC0       char __cdecl CAEAudioUtility::GetBankAndSoundFromScriptSlotAudioEvent(int *a1, int *pBank, int *pSound, int scriptSlot)
0x4D9D90       double __cdecl CAEAudioUtility::GetPiecewiseLinear(float a1, short a2, float *a3)
0x4D9E10       CVehicle *__cdecl CAEAudioUtility::FindVehicleOfPlayer()
0x4D9E50       double __cdecl CAEAudioUtility::AudioLog10(float)
0x4D9E80       int __cdecl CAEAudioUtility::GetCurrentTimeInMilliseconds()
0x4D9EF0       int __cdecl CAEAudioUtility::ConvertFromBytesToMS(unsigned int size, unsigned int sampleRate, unsigned short numChannels)
0x4D9F40       int __cdecl CAEAudioUtility::ConvertFromMSToBytes(unsigned int MS, unsigned int sampleRate, unsigned short numChannels)
#pragma pack(push, 1)
struct CAEBankSlotItem
{
  int m_dwOffset;
  int m_dwLoopOffset;
  short m_usSampleRate;
  short m_usSoundHeadroom;
};
#pragma pack(pop)


#pragma pack(push, 1)
struct CAEBankLookupItem
{
  char m_iPak;
  char _pad[3];
  int m_dwOffset;
  int m_dwSize;
};
#pragma pack(pop)


#pragma pack(push, 1)
struct CAEBankSlot
{
  int m_dwOffsetOnBuffer;
  int m_dwSlotBufferSize;
  int _unknown1;
  int _unknown2;
  unsigned short m_usBankNum;
  unsigned short m_nSoundsOnBank;
  CAEBankSlotItem m_aBankItems[400];
};
#pragma pack(pop)


#pragma pack(push, 1)
struct CAESoundRequest
{
  CAEBankSlot *m_pBankSlot;
  int m_dwOffset;
  int m_dwSize;
  void *m_pBufferData;     // Somewhere in the m_pBuffer, used to resolve sector alignment issues
  void *m_pBuffer;         // Pointer returned by malloc
  int m_iLoadingStatus;
  short m_usBank;
  short m_usBankSlot;
  short m_usSound;
  char m_iPak;
  char field_1F;
};
#pragma pack(pop)

#pragma pack(push, 1)
struct CAEBankLoader
{
  CAEBankSlot *m_pBankSlots;
  CAEBankLookupItem *m_pBankLookup;
  void *m_pPakFiles;
  short m_usNumBankSlots;
  short m_usNumBanks;
  short m_usNumPakFiles;
  short _unused0;
  char m_bInitialized;
  char gap_15[3];
  int m_iSoundBuffersSize;
  char *m_pSoundBuffers;
  int *m_StreamHandles;
  CAESoundRequest m_aSoundRequests[50];
  short _unk0;
  short m_nRequestsToLoad;
  short m_iRequestListNext;
  short m_iStreamingChannel;
  short m_aBankSlotSound[45];
  char _unused1[30];
};
#pragma pack(pop)
enum eBankSlot : short
{
    BANKSLOT_FRONTEND_GAME = 0,
    BANKSLOT_FRONTEND_MENU = 1,
    BANKSLOT_COLLISIONS = 2,
    BANKSLOT_BULLET_SOUNDS = 3,
    BANKSLOT_EXPLOSIONS = 4,
    BANKSLOT_WEAPONS = 5,
    BANKSLOT_WEATHER_RAIN = 6,
    BANKSLOT_STREAM_ENGINE_1 = 7,
    BANKSLOT_STREAM_ENGINE_2 = 8,
    BANKSLOT_STREAM_ENGINE_3 = 9,
    BANKSLOT_STREAM_ENGINE_4 = 10,
    BANKSLOT_STREAM_ENGINE_5 = 11,
    BANKSLOT_STREAM_ENGINE_6 = 12,
    BANKSLOT_STREAM_ENGINE_7 = 13,
    BANKSLOT_STREAM_ENGINE_8 = 14,
    BANKSLOT_STREAM_ENGINE_9 = 15,
    BANKSLOT_STREAM_ENGINE_10 = 16,
    BANKSLOT_HORNS = 17,
    BANKSLOT_HELICOPTER = 18,
    BANKSLOT_VEHICLE_EXTRAS = 19,
    BANKSLOT_SPEECH_0 = 20,
    BANKSLOT_SPEECH_1 = 21,
    BANKSLOT_SPEECH_2 = 22,
    BANKSLOT_SPEECH_3 = 23,
    BANKSLOT_SPEECH_4 = 24,
    BANKSLOT_PLAYER_SPEECH = 25,
    BANKSLOT_SCRIPT_SPEECH_0 = 26,
    BANKSLOT_SCRIPT_SPEECH_1 = 27,
    BANKSLOT_SCRIPT_SPEECH_2 = 28,
    BANKSLOT_SCRIPT_SPEECH_3 = 29,
    BANKSLOT_AMBIENT_RESIDENT = 30,
    BANKSLOT_DOORS = 31,
    BANKSLOT_WATER = 32,
    BANKSLOT_33 = 33,
    BANKSLOT_34 = 34,
    BANKSLOT_35 = 35,
    BANKSLOT_36 = 36,
    BANKSLOT_37 = 37,
    BANKSLOT_38 = 38,
    BANKSLOT_39 = 39,
    BANKSLOT_ENGINE_RESIDENT = 40,
    BANKSLOT_FEET_RESIDENT = 41,
    BANKSLOT_BULLET_TRAIL = 42,
    BANKSLOT_43 = 43,
    BANKSLOT_44 = 44
};

Thanks to Silent for the enum above ;)

Bonus Documentation for SFX files:
SFXPak: http://pastebin.com/NAVwtmyb
BankLkup: http://pastebin.com/drKr6YCP
BankSlot: http://pastebin.com/nM6Ztem1
EventVol: http://pastebin.com/ffQCPE5S
and finally, the most obvious file... including it here just to have a complete documentation
PakFiles: http://pastebin.com/zBrdUpAW

Oh well, I guess the deadline for the audio engine was too short considering the mess it is :p

  • Deji likes this

_DK
  • _DK

    gta3 cleo

  • Feroci Racing
  • Joined: 12 Apr 2009
  • None

#1322

Posted 19 February 2014 - 01:38 PM

All stuff related to mission timers (0xBA1788)

#pragma once
 
#include "plugin\plugin.h"
 
#pragma pack(push, 4)
 
class COnscreenTimerEntry
{
public:
    UInt32 m_dwVarId;
    char   m_acDescriptionTextKey[10];
    char   m_acDisplayedText[42]; // possibly 2b padding?
    Bool   m_bEnabled;
    UInt8  m_nTimerDirection;
    UInt32 m_dwClockBeepCountdownSecs;
};
 
VALIDATE_SIZE(COnscreenTimerEntry, 0x40);
 
class COnscreenCounterEntry
{
public:
    UInt32 m_dwVarId;
    UInt32 m_dwMaxVarValue;
    char   m_acDescriptionTextKey[10];
    UInt16 m_nType; // 0 - counter (%), 1 - line, 2 - conter counter (%/%)
    char   m_acDisplayedText[42]; // possibly 2b padding?
    Bool   m_bEnabled;
    Bool   m_bFlashWhenFirstDisplayed;
    UInt8  m_nColourId; // color index from HudColours
};
 
VALIDATE_SIZE(COnscreenCounterEntry, 0x44);
 
class COnscreenTimer
{
public:
    COnscreenTimerEntry m_Clock;
    COnscreenCounterEntry m_aCounters[4];
    Bool m_bDisplay;
    Bool m_bPaused;
};
 
VALIDATE_SIZE(COnscreenTimer, 0x154);
 
#pragma pack(pop)

WolF Client
  • WolF Client

    Player Hater

  • Members
  • Joined: 24 Feb 2014
  • Germany

#1323

Posted 24 February 2014 - 09:25 PM

Is there a simple way to read the distance of the nearest vehicle? ( Not just 30m )

Maybe with a loop, wich gets the distance of each loaded vehicle object and compare them ...
But how to read the position of all loaded vehicles?


Jack
  • Jack

    firearms and adrenaline

  • Feroci Racing
  • Joined: 06 Dec 2011
  • Serbia

#1324

Posted 28 May 2014 - 08:41 AM Edited by Jack..., 21 June 2014 - 06:17 AM.

Emergency car model arrays:

rhino>>>>>>>>>>?? ?? ?? ?? ?? ?? ?? ?? ?? ??
barracks>>>>>>>?? ?? ?? ?? ?? ?? ?? ?? ?? ??
FBI rancher>>>>B8 EA 01 00 00 5B C3 6A FF E8
enforcer>>>>>>>B8 AB 01 00 00 5B C3 6A FF E8
polmav>>>>>>>>>68 F1 01 00 00 8B C8 E8 FB DB
vcnmav>>>>>>>>>68 E8 01 00 00 8B C8 E8 23 DC
hydra>>>>>>>>>>C7 05 D8 CA C1 00 08 02 00 00
predator>>>>>>>28 AE 01 00 00 C7 44 24 58 18

Testing: everything works - new cars are coming. When I replaced polmav with hunter the new polhunter acted strange...

Rhino and barracks have diferent assembly code... Still searching...

:karmaeater: I'm hungry.

EDIT:

Wanted level needed, to see police cars & peds:

ARMY>>>>>>>>>>06 74 09 F6 41 1E 20 75 03 33
FBI>>>>>>>>>>>05 74 09 F6 41 1E 10 75 03 33
SWAT>>>>>>>>>>04 74 09 F6 41 1E 08 75 03 33
COPS>>>>>>>>>>00 D8 1E 56 00 ED 1E 56 00 90

Star number replacement can replace vehicles from the other stars. FBI at 6 stars is now possible (and others).

IDA pro and Assembly codes made this happen.

And yeah I'm still very hungry :karmaeater:.

0x5DDD86   motorbike cop model

Hydra plane model found (up)...

 

EDIT: I've just found cop weapon related stuff:

cop pistol model >>>>>>>>>>>>>>>>6A 16 E8 DD AC 00 00 88 9E 18 
cop pistol assign >>>>>>>>>>>>>>>6A 16 E8 C3 A6 F5 FF 5E C2 04 
cop shotgun model (from car)>>>>>6A 19 E8 42 C8 1C 00 8B 8B 7C

:karmaeater:.

The first one was found by  DexX a long time ago.


paulicabos
  • paulicabos

    Player Hater

  • Members
  • Joined: 27 Jul 2012

#1325

Posted 08 June 2014 - 03:12 PM

I need to memory adress for the distance you can see the green triangle of a player.

Ex: i want to see that green triangle when i aim someone that is at maximum 200 meters far way from me..


Jack
  • Jack

    firearms and adrenaline

  • Feroci Racing
  • Joined: 06 Dec 2011
  • Serbia

#1326

Posted 14 June 2014 - 08:15 PM Edited by Jack..., 15 June 2014 - 09:05 PM.

All cop skins are stored in this array (not SWAT, FBI or ARMY, just cops):

1B 01 00 00 18 01 00 00 19 01 00 00 1A 01

There're probably some other emergency ped skins arround this location :) - I haven't checked.

Also I found this by accident (it's some fire related stuff):

0x492971
0x4A37E0
0x4C2D78

The third one makes the fire more rectangular shaped or smthng like that... I don't know...

 

EDIT: The array I showed up here (for cop skins) was not a default one - fixed now - I'm sorry about that.

 

EDIT2:
More emergency ped models:

medics (LS, SF, LV)>>>>>>>>>>>>>12 01 00 00 14 01 00 00 13 01 00 00
firefighters (LS, SF, LV)>>>>>>>15 01 00 00 17 01 00 00 16 01 00 00

HackMan128
  • HackMan128

    alovelyday

  • Members
  • Joined: 09 Jul 2006
  • None
  • Best Map 2013 "ViceCityStories PC Edition"

#1327

Posted 18 June 2014 - 07:57 AM Edited by HackMan128, 18 June 2014 - 08:41 AM.

Can someone tell me what address of mouse horizontal camera rotation for player is? Also is possible to set this camera rotation around player? In GTA Vice City something like that was probably possible. The mouse based camera angles was from -1.0 to 1.0.

 

//EDIT:

There are floats 0x00B6F104 and 0x00B6F108 but these are read-only.


OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci Racing
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#1328

Posted 18 June 2014 - 09:39 AM

virtual_protect 1?
 


_DK
  • _DK

    gta3 cleo

  • Feroci Racing
  • Joined: 12 Apr 2009
  • None

#1329

Posted 18 June 2014 - 10:23 AM

That is some CCamera fields. Why don't you work with gtasa IDA idb?

Jack
  • Jack

    firearms and adrenaline

  • Feroci Racing
  • Joined: 06 Dec 2011
  • Serbia

#1330

Posted 22 June 2014 - 09:20 AM Edited by Jack..., 22 June 2014 - 01:02 PM.

Ignore this post.


_DK
  • _DK

    gta3 cleo

  • Feroci Racing
  • Joined: 12 Apr 2009
  • None

#1331

Posted 22 June 2014 - 09:25 AM

Check it in database.

Jack
  • Jack

    firearms and adrenaline

  • Feroci Racing
  • Joined: 06 Dec 2011
  • Serbia

#1332

Posted 22 June 2014 - 09:31 AM Edited by Jack..., 09 July 2014 - 11:02 AM.

Do you mean this:
SA mem add?

It ain't there.

 

They were found in this topic. Edited previous post.

 

EDIT: Mouse related stuff:

0xB73404 [Byte]--------LMB
0xB73405 [Byte]--------RMB
0xB73406 [Byte]--------MMB

0---no action
128-pressed

 

EDIT2:

Weapon accuracy>>>>>>>>>C6 86 1A 07 00 00 XX

There're 5 of them - 4 of them for pedtype 6 and 1 for everyone else - same as in VC and III (XX - default value).


LINK/2012
  • LINK/2012

    LIVIN' IN CODE

  • Feroci Racing
  • Joined: 30 Jan 2011
  • Brazil

#1333

Posted 31 July 2014 - 03:34 AM Edited by LINK/2012, 31 July 2014 - 03:44 AM.

#pragma pack(push, 1)
struct CStreamingInfo // ikr, 0x8E4CC0 -> CStreamingInfo ms_aInfoForModel[26316]
{
  unsigned __int16 usNext;      // Used for linked-list of specific resources
  unsigned __int16 usPrev;      // Used for linked-list of specific resources
  __int16 usNextOnCd;           // The resource following this one on the img directory, used to minimize the number of I/O reads by reading the file(s) following this one, all at once with a single system call.
  unsigned __int8 ucFlags;	// Resource flags, see below
  unsigned __int8 ucImgId;	// The image file id this resource is in
  int iBlockOffset;	        // Offset for this file in 2KiB blocks
  int iBlockCount;		// Size of this file in 2KiB blocks
  unsigned __int8 uiLoadState;	// Loading state, 0=not loaded, 1=loaded, 2=inqueue, 3=reading, 4=?bifile_to_finish
  char _pad1[3];
};
#pragma pack(pop)

enum CStreamingInfoFlags
{
    STREAMING_FLAG_CANNOT_DELETE        = 0x02,     // Cannot unload this object
    STREAMING_FLAG_OWNED_BY_SCRIPT      = 0x04,     // Some script owns this resource
    STREAMING_FLAG_DEPENDENCY           = 0x08,     // This resource is a dependency from another resource or owned by some game code
    STREAMING_FLAG_FIRST_PRIORITY       = 0x10,     // This resource should be loaded as quickly as possible
    STREAMING_FLAG_LOADSCENE            = 0x20	    // This resource has been requested by some scene loading method, which means it should be avoid to stream it out
};
typedef CRect CRange2D; // It's actually a derived class but meh

#pragma pack(push, 1)
struct CStreamedIpl // not the actual native name -- 0x8E3FB0 -> pIplPool
{
  CRange2D bounds;                      // Bounding Box for this IPL
  char name[16];                        // IPL Name
  __int16 field_20;	                    //
  unsigned __int16 m_usBuildingsBegin;  // The first building created by this IPL in the pool
  unsigned __int16 m_usBuildingsEnd;    // The last building created by this IPL in the pool
  unsigned__int16 m_usDummyBegin;       // Same as usBuildingBegin, but for dummy objects (basic data for dynamic objects, when near it, it'll create it's CObject)
  unsigned __int16 m_usDummyEnd;        // Same as usBuildingEnd, but for dummy objects......
  __int16 m_sTextIPL;                   // The text IPL related to this streamed IPl
  char m_bIsInterior;                   // Is this an interior IPL?
  char m_bStreamed;                     // Has been streamed in?
  char m_bRequired;                     // Is required to be streamed in?
  char m_bDisableDynamicStreaming;      // Shouldn't be streamed in when required (REMOVE_IPL)
  char m_bNotOwnedByMission;            // Not owned by a script (REQUEST_IPL)
  char _pad1[3];
};
#pragma pack(pop)

_DK
  • _DK

    gta3 cleo

  • Feroci Racing
  • Joined: 12 Apr 2009
  • None

#1334

Posted 01 August 2014 - 07:05 AM

Do you plan to research whole CStreaming stuff?

Do not forget to make an idc script for this please  :lol:


Jack
  • Jack

    firearms and adrenaline

  • Feroci Racing
  • Joined: 06 Dec 2011
  • Serbia

#1335

Posted 2 weeks ago

Wanted stars RGB:

Inactive:
0x58DF41 // R
0x58DF3F // G
0x58DF3D // B
0x58DFC7 // 0 can make them gone

Outer shell on active:
0x58DD50 // R
0x58DD4E // G
0x58DD4C // B
0x58DD41 // 0 can make them gone

Active [already in DB]

juarez
  • juarez

    Memory Hacking

  • Members
  • Joined: 11 Jun 2011

#1336

Posted 4 days ago

CStreamedScripts GTA SA 1.0

0x470660	int __thiscall CStreamedScripts::Initialise(int this)
0x4706A0     	char *__thiscall CStreamedScripts::ReInitialise(void *this)
0x4706C0	int __thiscall CStreamedScripts::RegisterScript(int this, int name)
0x4706F0	signed int __thiscall CStreamedScripts::FindStreamedScriptQuiet(int this, const char *name)
0x470740	signed int __thiscall CStreamedScripts::FindStreamedScript(int this, const char *name)
0x470750	int __thiscall CStreamedScripts::ReadStreamedScriptData(int this)
0x470810	__int16 __thiscall CStreamedScripts::GetProperIndexFromIndexUsedByScript(void *this, __int16 index)
0x470840	char __thiscall CStreamedScripts::LoadStreamedScript(CExternalScriptInfo *this, RwStream *stream, int index)
0x470890	CScriptThread *__thiscall CStreamedScripts::StartNewStreamedScript(int this, int index)
0x4708E0	void __thiscall CStreamedScripts::RemoveStreamedScriptFromMemory(void *this, int index)
0x470900	void *__thiscall CStreamedScripts::GetStreamedScriptFilename(void *this, unsigned __int16 a2)
0x470910	__int16 __thiscall CStreamedScripts::GetStreamedScriptWithThisStartAddress(void *this, int dataPtr)




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users