Quantcast

Jump to content

» «
Photo

Documenting GTA-SA memory adresses

1,355 replies to this topic
AlexTMjugador
  • AlexTMjugador

    Hi!

  • Members
  • Joined: 12 Aug 2011
  • Spain

#1351

Posted 24 January 2015 - 06:57 PM

Thank you very much Seeman, but that isn't what I was looking for. Forgive me if I explained myself wrong :)

 

What I want to know is the memory adress of a CVehicle class method for toggling the engine broken state of a vehicle, if it exists. For example, I know that there's a method in that class to set vehicle engine state (whether it's on or off) at adress 0x41BDD0: CVehicle::SetEngineOn(bool). I only mentioned that opcode because it's kinda related with the method I said, functionality-wise (altrough I know they're different things code-wise, of course).

 

Thanks in advance :D


Seemann
  • Seemann

    Ruhe

  • Members
  • Joined: 03 Sep 2004
  • Russia
  • Best Tool 2013 "Sanny Builder"

#1352

Posted 24 January 2015 - 07:16 PM Edited by Seemann, 24 January 2015 - 07:16 PM.

Well, you know, it's just a flag, one bit in the particular field in a CVehicle struct. You dont need a method to switch one bit. That's why the method you're looking for does not exist. Use the code above.

AlexTMjugador
  • AlexTMjugador

    Hi!

  • Members
  • Joined: 12 Aug 2011
  • Spain

#1353

Posted 24 January 2015 - 07:25 PM

Ok, thanks for explaining :)


iFarbod
  • iFarbod

    King of San Andreas (3D/HD Universe)

  • Members
  • Joined: 17 Dec 2013
  • None

#1354

Posted 2 weeks ago

I Disabled the loading of the SCM, Can someone tell me how to create a player AFTER THE GAME HAS BEEN LOADED WITHOUT USING ANY SDK/THIRD PARTY LIBRARIES


iFarbod
  • iFarbod

    King of San Andreas (3D/HD Universe)

  • Members
  • Joined: 17 Dec 2013
  • None

#1355

Posted 2 weeks ago

I Disabled the loading of the SCM, Can someone tell me how to create a player AFTER THE GAME HAS BEEN LOADED WITHOUT USING ANY SDK/THIRD PARTY LIBRARIES

No body got any ideas?


nyolc8
  • nyolc8

    -

  • Members
  • Joined: 12 Oct 2009
  • Hungary

#1356

Posted A week ago Edited by nyolc8, A week ago.

New reverse engineering technique by IDA and Hex-Rays to produce decompiled pseudocode from binarys: http://video.reverse...?album=17&pos=0

Now for some memory addresses:

0x6ACCD0 : Begins an array holding some vehicle siren attributes (via model), each index in the array in the byte, meaning:
0 -> 2 Sirens
1 -> 1st type of single siren
2 -> 2nd type of single siren (doesn't seem as good as the first (less floats))
4 -> Nothing
0x6ACDAC : If the first array says 2 sirens it comes to this array and chooses what siren offset to use (via model again), each index in the array is still a byte:
0 -> 1st type of double siren
1 -> 2nd type of double siren
2 -> 3rd type of double siren
3 -> 4th type of double siren
4 -> 5th type of double siren
5 -> No Siren
0x6AB36D : switch(SingleSiren[vehiclemodel])
0x6AB39F : switch(DoubleSiren[vehiclemodel])
0x6ACA37 : Hardcoded Model Switches
0X6FC580 : DrawSirenParticle
0x6ABA60 : call DrawSirenParticle (NOP to disable sirens appearing)
0x4F62A0 : GetSirenSound
0x4F62BB : mov dl,[ecx+0x42D] (Get the siren true/false value, NOP to disable siren sounds)
0x501BA8 : Siren Sound array, each in the array is still a byte:
0 -> 1st type of siren sound
1 -> 2nd type of siren sound
2 -> 3rd type of siren sound
3 -> 4th type of siren sound
5 -> 5th type of siren sound
6 -> No siren sound
0x501AB0 : ProcSirenSound
0x501AD6 : switch(SirenSnds[vehiclemodel])
0x6D8470 : DoesModelContainSiren
0x6D84AC : SirenModelArray, only contains models below first police model, each index is a byte where the index is modelid:
0 -> Yes
1 -> No
2 -> Goto IsModelPolice
0x6D2370 : IsModelPolice
0x6D239C : PoliceModelArray, seems to start off where the other models left off (from DoesModelContainSiren), each index is a byte where the index is modelid:
0 -> Yes
1 -> No
To make the game 'think' every model contains a siren write mov al,1 + retn to the start of the func, or (0xB0 0x01 0xC3), same can be done with the Police check

Contrary to popular belief the values in these switches aren't colours, they are floats defining where the sirens appear on the vehicle, colours are not accounted for as of yet (despite what misinformed people may tell you), However this information does give us the ability to decide which vehicles can use which type of siren and where there rendered on the vehicle (SALA already gives you this in a limited way)

EDIT:

I managed to get sirens on heaps of other vehicles (by hacking the arrays) including working sounds, here's a screen of the blista

sirenlq5.th.png

Washington:

washingtonsirenya1.th.png

Some other random car:

siren2el7.th.png

It's interesting to note that although one colour was red the other was nothing (just light), which means I must have clipped the colour somewhere in my memory editing

Yay I just found where the colours are actually located:

0x6AB5B5 : loc Blue (move the Blue colour in)
0x6AB5BE : loc Red (move the Red colour in)

Can someone tell me how to use this? I just can't figure out how to set a siren (or a different siren type) for a car. :/ (what are those "via model" means?)




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users