Quantcast

Jump to content

» «
Photo

Documenting GTA-SA memory adresses

1,363 replies to this topic
AlexTMjugador
  • AlexTMjugador

    Hi!

  • Members
  • Joined: 12 Aug 2011
  • Spain

#1351

Posted 24 January 2015 - 06:57 PM

Thank you very much Seeman, but that isn't what I was looking for. Forgive me if I explained myself wrong :)

 

What I want to know is the memory adress of a CVehicle class method for toggling the engine broken state of a vehicle, if it exists. For example, I know that there's a method in that class to set vehicle engine state (whether it's on or off) at adress 0x41BDD0: CVehicle::SetEngineOn(bool). I only mentioned that opcode because it's kinda related with the method I said, functionality-wise (altrough I know they're different things code-wise, of course).

 

Thanks in advance :D


Seemann
  • Seemann

    Ruhe

  • Members
  • Joined: 03 Sep 2004
  • Russia
  • Best Tool 2013 "Sanny Builder"

#1352

Posted 24 January 2015 - 07:16 PM Edited by Seemann, 24 January 2015 - 07:16 PM.

Well, you know, it's just a flag, one bit in the particular field in a CVehicle struct. You dont need a method to switch one bit. That's why the method you're looking for does not exist. Use the code above.

AlexTMjugador
  • AlexTMjugador

    Hi!

  • Members
  • Joined: 12 Aug 2011
  • Spain

#1353

Posted 24 January 2015 - 07:25 PM

Ok, thanks for explaining :)


iFarbod
  • iFarbod

    King of San Andreas (3D/HD Universe)

  • Members
  • Joined: 17 Dec 2013
  • None

#1354

Posted 15 February 2015 - 04:22 PM

I Disabled the loading of the SCM, Can someone tell me how to create a player AFTER THE GAME HAS BEEN LOADED WITHOUT USING ANY SDK/THIRD PARTY LIBRARIES


iFarbod
  • iFarbod

    King of San Andreas (3D/HD Universe)

  • Members
  • Joined: 17 Dec 2013
  • None

#1355

Posted 17 February 2015 - 03:58 PM

I Disabled the loading of the SCM, Can someone tell me how to create a player AFTER THE GAME HAS BEEN LOADED WITHOUT USING ANY SDK/THIRD PARTY LIBRARIES

No body got any ideas?


nyolc8
  • nyolc8

    -

  • Members
  • Joined: 12 Oct 2009
  • Hungary

#1356

Posted 21 February 2015 - 04:49 PM Edited by nyolc8, 21 February 2015 - 06:18 PM.

New reverse engineering technique by IDA and Hex-Rays to produce decompiled pseudocode from binarys: http://video.reverse...?album=17&pos=0

Now for some memory addresses:

0x6ACCD0 : Begins an array holding some vehicle siren attributes (via model), each index in the array in the byte, meaning:
0 -> 2 Sirens
1 -> 1st type of single siren
2 -> 2nd type of single siren (doesn't seem as good as the first (less floats))
4 -> Nothing
0x6ACDAC : If the first array says 2 sirens it comes to this array and chooses what siren offset to use (via model again), each index in the array is still a byte:
0 -> 1st type of double siren
1 -> 2nd type of double siren
2 -> 3rd type of double siren
3 -> 4th type of double siren
4 -> 5th type of double siren
5 -> No Siren
0x6AB36D : switch(SingleSiren[vehiclemodel])
0x6AB39F : switch(DoubleSiren[vehiclemodel])
0x6ACA37 : Hardcoded Model Switches
0X6FC580 : DrawSirenParticle
0x6ABA60 : call DrawSirenParticle (NOP to disable sirens appearing)
0x4F62A0 : GetSirenSound
0x4F62BB : mov dl,[ecx+0x42D] (Get the siren true/false value, NOP to disable siren sounds)
0x501BA8 : Siren Sound array, each in the array is still a byte:
0 -> 1st type of siren sound
1 -> 2nd type of siren sound
2 -> 3rd type of siren sound
3 -> 4th type of siren sound
5 -> 5th type of siren sound
6 -> No siren sound
0x501AB0 : ProcSirenSound
0x501AD6 : switch(SirenSnds[vehiclemodel])
0x6D8470 : DoesModelContainSiren
0x6D84AC : SirenModelArray, only contains models below first police model, each index is a byte where the index is modelid:
0 -> Yes
1 -> No
2 -> Goto IsModelPolice
0x6D2370 : IsModelPolice
0x6D239C : PoliceModelArray, seems to start off where the other models left off (from DoesModelContainSiren), each index is a byte where the index is modelid:
0 -> Yes
1 -> No
To make the game 'think' every model contains a siren write mov al,1 + retn to the start of the func, or (0xB0 0x01 0xC3), same can be done with the Police check

Contrary to popular belief the values in these switches aren't colours, they are floats defining where the sirens appear on the vehicle, colours are not accounted for as of yet (despite what misinformed people may tell you), However this information does give us the ability to decide which vehicles can use which type of siren and where there rendered on the vehicle (SALA already gives you this in a limited way)

EDIT:

I managed to get sirens on heaps of other vehicles (by hacking the arrays) including working sounds, here's a screen of the blista

sirenlq5.th.png

Washington:

washingtonsirenya1.th.png

Some other random car:

siren2el7.th.png

It's interesting to note that although one colour was red the other was nothing (just light), which means I must have clipped the colour somewhere in my memory editing

Yay I just found where the colours are actually located:

0x6AB5B5 : loc Blue (move the Blue colour in)
0x6AB5BE : loc Red (move the Red colour in)

Can someone tell me how to use this? I just can't figure out how to set a siren (or a different siren type) for a car. :/ (what are those "via model" means?)

iFarbod
  • iFarbod

    King of San Andreas (3D/HD Universe)

  • Members
  • Joined: 17 Dec 2013
  • None

#1357

Posted 2 weeks ago

What's this function's address? (US 1.0 - If you know the EU 1.0 and 1.1 post them too!)

 

CGangs::SetGangWeapons(short,int,int,int)  


nick7
  • nick7

    グランドセフトオ

  • Members
  • Joined: 04 Aug 2011
  • None

#1358

Posted 2 weeks ago Edited by nick7, 2 weeks ago.

What's this function's address? (US 1.0 - If you know the EU 1.0 and 1.1 post them too!)

CGangs::SetGangWeapons(short,int,int,int)

Check this out - EU-1.00 @ 0x5DE550


* * *

Actually i wanna post a pair cheat collisions i've found (I'm posting here because cheat topic was closed lol)
// spaces are just for readability
LXGIWYL -> THUGS ARMOURY // CCheat::WeaponCheat1 (Weapon set 1)
UZUMYMW -> NUTTERS TOYS  // CCheat::WeaponCheat3 (Weapon set 3)
It's really similar to vice city's and looks like 'PROFESSIONALS KIT' so i think i'm right.

not sure, but seems to be right:
AJLOJYQY -> ROUGH NEIGHBOURHOOD // CCheat::MayhemCheat (Peds attack other with golfclub)
  • ThirteenAG, LINK/2012 and iFarbod like this

iFarbod
  • iFarbod

    King of San Andreas (3D/HD Universe)

  • Members
  • Joined: 17 Dec 2013
  • None

#1359

Posted 2 weeks ago Edited by iFarbod, 2 weeks ago.

 

What's this function's address? (US 1.0 - If you know the EU 1.0 and 1.1 post them too!)

CGangs::SetGangWeapons(short,int,int,int)

Check this out - EU-1.00 @ 0x5DE550


* * *

Actually i wanna post a pair cheat collisions i've found (I'm posting here because cheat topic was closed lol)
// spaces are just for readability
LXGIWYL -> THUGS ARMOURY // CCheat::WeaponCheat1 (Weapon set 1)
UZUMYMW -> NUTTERS TOYS  // CCheat::WeaponCheat3 (Weapon set 3)
It's really similar to vice city's and looks like 'PROFESSIONALS KIT' so i think i'm right.

not sure, but seems to be right:
AJLOJYQY -> ROUGH NEIGHBOURHOOD // CCheat::MayhemCheat (Peds attack other with golfclub)

Is the address same for US 1.0 and 1.1? If not, how can i find that address?

 

Anyway, There is also a CCheat::WeaponCheat4 I Found in the Android version of the game.

 

EDIT: Worked like a charm for both EU and US, not sure about 1.1


iFarbod
  • iFarbod

    King of San Andreas (3D/HD Universe)

  • Members
  • Joined: 17 Dec 2013
  • None

#1360

Posted 2 weeks ago Edited by iFarbod, 2 weeks ago.

// Need the addresses for the following functions:
CPed::DettachPedFromEntity(void)
CPed::AttachPedToEntity(CEntity *,CVector,ushort,float,eWeaponType)
CPed::AttachPedToBike(CEntity *,CVector,ushort,float,float,eWeaponType) 

juarez
  • juarez

    Thx you

  • Members
  • Joined: 11 Jun 2011
  • Australia

#1361

Posted 2 weeks ago

https://github.com/D...ame_sa/CPed.cpp

  • iFarbod likes this

iFarbod
  • iFarbod

    King of San Andreas (3D/HD Universe)

  • Members
  • Joined: 17 Dec 2013
  • None

#1362

Posted A day ago Edited by iFarbod, A day ago.

My random finds :)

0056E230 int __cdecl FindPlayerWanted(int) // i think it should return a CWanted
0056E160 int __cdecl FindPlayerTrain(int a1)
0056E610 char __thiscall CPlayerInfo::WorkOutEnergyFromHunger(void *this)
00588BE0 char __cdecl CHud::SetHelpMessage(char const *msg, unsigned short *, bool, bool, bool, unsigned int) // parameters stolen from libGTASA
0056EA30 int __thiscall CPlayerInfo::BlowUpRCBuggy(bool) // not sure what this does

Deji
  • Deji

    Coding like a Rockstar!

  • Feroci
  • Joined: 24 Dec 2007
  • None
  • Contribution Award [Mods]

#1363

Posted A day ago

Actually i wanna post a pair cheat collisions i've found (I'm posting here because cheat topic was closed lol)

// spaces are just for readability
LXGIWYL -> THUGS ARMOURY // CCheat::WeaponCheat1 (Weapon set 1)
UZUMYMW -> NUTTERS TOYS  // CCheat::WeaponCheat3 (Weapon set 3)
It's really similar to vice city's and looks like 'PROFESSIONALS KIT' so i think i'm right.

not sure, but seems to be right:
AJLOJYQY -> ROUGH NEIGHBOURHOOD // CCheat::MayhemCheat (Peds attack other with golfclub)

Bunch more here: http://gtag.gtagamin...andreas/cheats/
  • Silent likes this

Alexander Blade
  • Alexander Blade

    Come As You Are

  • Members
  • Joined: 05 Nov 2006
  • None

#1364

Posted 7 hours ago

You can look into the Android version , there are actual cheat strings there

 

 

Actually i wanna post a pair cheat collisions i've found (I'm posting here because cheat topic was closed lol)

// spaces are just for readability
LXGIWYL -> THUGS ARMOURY // CCheat::WeaponCheat1 (Weapon set 1)
UZUMYMW -> NUTTERS TOYS  // CCheat::WeaponCheat3 (Weapon set 3)
It's really similar to vice city's and looks like 'PROFESSIONALS KIT' so i think i'm right.

not sure, but seems to be right:
AJLOJYQY -> ROUGH NEIGHBOURHOOD // CCheat::MayhemCheat (Peds attack other with golfclub)
Bunch more here: http://gtag.gtagamin...andreas/cheats/

 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users