Quantcast

Jump to content

» «
Photo

Manipulating SA game memory for fun and profit

10 replies to this topic
Xieîn
  • Xieîn

    The conspirator

  • Members
  • Joined: 13 Sep 2005

#1

Posted 21 September 2006 - 07:39 PM Edited by Xieîn, 22 September 2006 - 08:08 PM.

Here is definitely a new thing, that i think can essentially expand opportunities of mission coding.

Link: http://xieon.by.ru/mempatch.rar

Note that this tool i made a one month ago from zero (i did not release it owing to my absence)
and it hasn't any relation to the neighbour topic (and to any other eariler topic), i am surprised by it smile.gif .


The program inside archive represents a special patch for GTA:SA that literally adds to
the game three new opcodes, replacing with itself some NOPs:

CODE
00C3: read_mem_address [ ] type [ ] value_to [ ]


This new opcode reads value of specified mem address (with new 0181 - any game address) and
writes it to the global or local variable. You may specify how much to read - 8 bit value (byte),
16 bit (word) or 32 bit (dword).

CODE
00C4: write_mem_address [ ] type [ ] value [ ]


This opcode same as previous except that it writes memory but not reads.

CODE
0181: virtual_protect_change_at [ ] size [ ] new_protect [ ]


And this opcode is maybe most unstandard. It allows to call VirtualProtect WinAPI
function directly from SCM, as you know it can unlock any address, which cause
AccessViolation exception (or game crash in SA) when accessing to it. So all reasonable
game memory can get in your hands.

All other information and why the CyQ's mem-technique for VC became impossible in SA
in the readme.

--- Advantages

- Easiest to use and absence of necessity to use variables, to do any actions
and to write any mission code for make this focus working.
- Flexibility - you can specify size of value when accessing to the memory and
write real address, what it is anywhere (one action - convertion from HEX to INT, but
in new SB it will be possible to specify hex and other numeric formats for values).
- Presentation of the mnemonics of the opcodes.
- Very small size of the patch (~14 kb without docs).

--- Disadvantages

- Without patch it doesn't work, but i can add to the next version opcode, by means of
which it will be possible to check up its presence and avoid game crash.

Most likely in new SB also will be built-in functions based on this tool for works with memory.

***
I very much wait for any wishes or criticism from you, and forgive me for my dreadful grammar smile.gif
In theory, by similar approach it is possible to carry out calls to other API functions (just present the opening opportunities) and to make, for example, full working MP3 player, operated by the SCM opcodes, and many many other.

Have fun with it.
Cheers, Xieon.

Demarest
  • Demarest

    what could be

  • BUSTED!
  • Joined: 12 Jul 2003

#2

Posted 21 September 2006 - 10:22 PM

QUOTE (Xie�n @ Sep 21 2006, 15:39)
All other information and why the CyQ mem-technique for VC became impossible in SA in the readme.
Actually, documentation of an all natural method of doind exactly that has begun unfolding here.

QUOTE (Xie�n @ Sep 21 2006, 15:39)
You may specify how much to read - 8 bit value (byte), 16 bit (word) or 32 bit (dword).
Okay, NOW you have my UNDIVIDED attention wink.gif That's fabulous.

Question. How independent is this patch? There must be a dozen different EXE's out there. For example, I run the Hoodlum no-DVD EXE, modified to bypass the opening splash screens. Will this patch work with that EXE? Can you document various EXE supports so that as we begin to author SCM's requiring this patch, we can forward the documentation to our users?

Y_Less
  • Y_Less

    629

  • Members
  • Joined: 14 Mar 2004

#3

Posted 21 September 2006 - 10:27 PM

I can't download the file, it just comes up as pure text, not a rar download.

Also, does the readme cover what I went over here (different to Dems topic): http://www.gtaforums...ic=217910&st=20

pdescobar
  • pdescobar

    Conformist Scum Panda

  • Members
  • Joined: 19 Jul 2005

#4

Posted 22 September 2006 - 12:35 AM

QUOTE (Y_Less @ Sep 21 2006, 18:27)
I can't download the file, it just comes up as pure text, not a rar download.

Just right-click the eventual download link and choose "Save As" and you should be able to download it properly; worked for me.

@Xieon: Wow. This is brilliant. Ran the gravity change in the readme as a quick test and it worked flawlessly. If this patch will work on all the different SA versions, it's unbelievably useful considering the hoops we have to go through to change memory via the stat opcodes and the limits there. Also, have you considered supplying a "loader" in addition to the patch? There's no good reason for that request aside from the fact that some are more comfortable with that method.

daxton
  • daxton

    Player Hater

  • Members
  • Joined: 26 Jun 2006

#5

Posted 23 September 2006 - 01:28 AM

Wow! This is my dream come true! I didn't see any way to access the lower (not to mention protected) memaddresses with the recent stat opcode discovery, but your patch solves this!
Thank you so much!
Now I can recreate edisoncarter's PS2 gravity code. If I could only figure out the NESW directional gravity...

PS: Hello, I'm new smile.gif

P.I.M.P_PL
  • P.I.M.P_PL

    GMAS TEAM LEADER(FANGTA SECONDARY ACCOUNT)

  • Members
  • Joined: 04 Oct 2007

#6

Posted 22 March 2008 - 11:43 AM

maybe somebody can tell me adress in memory of:

scm block(main) limit and object ides limit??

Lancast
  • Lancast

    Player Hater

  • Members
  • Joined: 08 Jul 2009

#7

Posted 23 July 2009 - 07:47 PM

Could someone reupload the program?

Deji
  • Deji

    Coding like a Rockstar!

  • Feroci
  • Joined: 24 Dec 2007
  • None

#8

Posted 23 July 2009 - 08:21 PM

QUOTE (Lancast @ Jul 23 2009, 19:47)
Could someone reupload the program?

You don't need it. It's implemented with CLEO Library. Just use the new opcodes.

Lancast
  • Lancast

    Player Hater

  • Members
  • Joined: 08 Jul 2009

#9

Posted 23 July 2009 - 08:28 PM

I never did this stuff before so I have no idea how to add opcodes, I need to add those 2 to gta_sa.exe
Enable Multiple SA Windows:
0x7468E0 : (func) CheckForOtherSA(void)
0x74872D : (asm) call CheckForOtherSA (NOP this in the exe)

Could you tell me how to do it please?

Deji
  • Deji

    Coding like a Rockstar!

  • Feroci
  • Joined: 24 Dec 2007
  • None

#10

Posted 23 July 2009 - 09:04 PM

QUOTE (Lancast @ Jul 23 2009, 20:28)
I never did this stuff before so I have no idea how to add opcodes, I need to add those 2 to gta_sa.exe
Enable Multiple SA Windows:
0x7468E0 : (func) CheckForOtherSA(void)
0x74872D : (asm) call CheckForOtherSA (NOP this in the exe)

Could you tell me how to do it please?

Mmm, I think this might work?

CODE
0A8C: write_memory 0x7468E0 size 1 value 0 virtual_protect 0


You might have to mess with the size and virtual_portect values, though wink.gif

Lancast
  • Lancast

    Player Hater

  • Members
  • Joined: 08 Jul 2009

#11

Posted 23 July 2009 - 09:06 PM Edited by Lancast, 23 July 2009 - 10:36 PM.

Could you please tell me how to apply this? I'm a complete newbie to this stuff.
Btw. I have found those 2 memory addresses I in program called HIEW32, but when I edit those values I dunno what to type
Maybe could you please make an exe like that for me? Im using the 1.0 Hoodlum exe




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users