Quantcast

Jump to content

» «
Photo

Introduction to SA Chain Game Style Save Editing - Mobile/PC

106 replies to this topic
ric-013
  • ric-013

    Casual Lurker

  • Members
  • Joined: 24 Nov 2006
  • None

#91

Posted 01 February 2015 - 09:12 PM Edited by ric-013, 01 February 2015 - 09:49 PM.

Gang Zone Editor ( in-game ) Beta
for android ( all versions of game )
 


 

Test-Script :

Spoiler


Compiled Test-Script :
https://www.mediafir...78i158ady1t2i5a

 
 
This script allow you to add or edit gangs to zones ( territory ) while playing SA.
 
What it does :
- add selected gang to selected zone with a density of 50 
- add drug dealers to selected zone with a density of 10
- apply random rezone to " gang-less " zone ( so gang spawn )
 
How it works:
#1 - activate script with CLEO menu
#2 - you will get this message " select , gang area "
#3 - you will get this message " player position , OK "
#4 - now take CJ into zone you want to edit and press OK ( center of screen )
#5 - you will get this message  " gang area , load succesfull "
#6 - you will get this message " select , gang control "
#7 - the 1st gang name will be displayed " ballas "
#8 - press SCROLL ( top center screen ) to select next gangs " ballas , vagos , rifa , danang , mafia , triad , aztecas "
#9 - with gang name you want displayed , press OK ( center of screen ) to confirm gang
#10 - you will get this message " gang control , load succesfull  "
#11 - zone is edited with gang you wanted ... from this point , script jump back to step #2 .

 

notes:

- you can terminate script by pressing EXIT at " select , gang area " menu.

- rifa, da nang , mafia , triads and aztecas dont have zone colors on map , but spawn in zone, 

 
enjoy !
 
special thanks to :
 
OrionSR
:colgate:

  • thehambone and BobyFrançais like this

Jeansowaty
  • Jeansowaty

    Not feelin' up to it right now, sorry.

  • Members
  • Joined: 31 Mar 2013
  • Poland

#92

Posted 02 February 2015 - 04:28 PM

Note that I'm still using hard-coded addresses to find structures in PC memory. I think I've seen PC coding that does something similar to the magic hex strategy used to call for addresses on Android, but I lost track of the reference. The hard coded values shouldn't matter as the addresses should always be consistent for v1, but I'd eventually like to learn the right way to do things.

 

Typo: Please correct.

//003B: 11s@ == [email protected]
003B: [email protected] == [email protected]

Also, I'm a little worried about this evaluation. It should work just fine on these two zones with short names but I didn't isolate a code for 8 byte equals. I had suggested IF 11@ == 13@ AND 12@ == 14@ but the revised strategy works just find with the original coding.

Well Orion, I noticed a bug in the script. The gang works fine, but once you enter PLS or MKT1, all VLA gangsters change into the Strippers, I mean, even the ones in El Corona and others.


ric-013
  • ric-013

    Casual Lurker

  • Members
  • Joined: 24 Nov 2006
  • None

#93

Posted 02 February 2015 - 05:41 PM Edited by ric-013, 02 February 2015 - 05:44 PM.

Note that I'm still using hard-coded addresses to find structures in PC memory. I think I've seen PC coding that does something similar to the magic hex strategy used to call for addresses on Android, but I lost track of the reference. The hard coded values shouldn't matter as the addresses should always be consistent for v1, but I'd eventually like to learn the right way to do things.
 
Typo: Please correct.

//003B: 11s@ == [email protected]
003B: [email protected] == [email protected]
Also, I'm a little worried about this evaluation. It should work just fine on these two zones with short names but I didn't isolate a code for 8 byte equals. I had suggested IF 11@ == 13@ AND 12@ == 14@ but the revised strategy works just find with the original coding.

 
typo corrected !
;)
 

I noticed a bug in the script. The gang works fine, but once you enter PLS or MKT1, all VLA gangsters change into the Strippers, I mean, even the ones in El Corona and others.[/size]

 
if you were using  " port - a " this little typo was messing up zone check.
  • Jeansowaty likes this

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#94

Posted 02 February 2015 - 09:31 PM

Did the weird bugs in your first report work themselves out with the type correction? And the port a version really needs a better equals evaluation before it can be expanded to zone names longer that 4 bytes.

  • Jeansowaty likes this

H.A.F
  • H.A.F

    Square Civilian

  • Members
  • Joined: 10 Oct 2013
  • Indonesia

#95

Posted 15 February 2015 - 12:37 PM

https://plus.google....962382557546027 whether it can make a string without using GXT/FXT ?

Jeansowaty
  • Jeansowaty

    Not feelin' up to it right now, sorry.

  • Members
  • Joined: 31 Mar 2013
  • Poland

#96

Posted 27 February 2015 - 01:03 PM

Alright... now I'm too confused to think about this. I would like to morph other gangs, not only GANG7. I was trying to calculate the numbers as Ric told me but something is not right with them. I'd be grateful if anyone could tell me the hex numbers that have to be used in those scripts for ALL gangs... 


khsh97
  • khsh97

    Thug

  • Members
  • Joined: 16 Feb 2014
  • None
  • Helpfulness Award [SA Mission Help]

#97

Posted 01 March 2015 - 04:30 PM

How to fix v1.07 save checksum?

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#98

Posted 01 March 2015 - 04:41 PM

Isn't it the same as all the others? Clear the last 4 bytes, run HxD's checksum-32 tool on the entire file, encode the checksum into the last 4 bytes.

 

Or try this checksum tool by thehambone.


khsh97
  • khsh97

    Thug

  • Members
  • Joined: 16 Feb 2014
  • None
  • Helpfulness Award [SA Mission Help]

#99

Posted 02 March 2015 - 04:21 AM

Ok. I have another question; Is the PC saves checksum can be fixed by HxD checksum-32 tool?
what is the difference between checksum-32 and checksum-16 tool of HxD?

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#100

Posted 02 March 2015 - 06:45 AM

Checksum-16 will encode to a 2 byte word, which won't work right for GTA saves.


H.A.F
  • H.A.F

    Square Civilian

  • Members
  • Joined: 10 Oct 2013
  • Indonesia

#101

Posted 08 March 2015 - 01:35 AM

_ZN5CRGBAC2Ehhhh ; CRGBA::CRGBA(uchar,uchar,uchar,uchar)

Can you help me to get color values red and blue?


OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#102

Posted 07 October 2015 - 09:59 PM Edited by OrionSR, 09 October 2015 - 07:09 PM.

I guess this is as good of a place as any to record the save editing procedures I've been collecting for PC. I don't want to lose these again.

 

Initialize pools and arrays

0AA5: call 0x49CB10 num_params 0 pop 0 // init unique stunt jump pool
0AA5: call 0x572110 num_params 0 pop 0 // init explored territory array and count
0AA5: call 0x6f3270 num_params 0 pop 0 // init car generator pool and numplates
0AA5: call 0x43f880 num_params 0 pop 0 // init enex pool, delete all

Functions:

:RedirectEnex
// Example: 0AB1: call_scm_func @RedirectEnex 2 source_index 10@ destination index 11@
0AA7: EntryExitPool_atIndex 0x43ef00 num_params  1 pop 1 index 0@ ret: int 0@  // returns pointer to enex
0AA7: EntryExitPool_atIndex 0x43ef00 num_params  1 pop 1 index 1@ ret: int 1@  // returns pointer to enex
000A: 0@ += 0x38    // += offset to destination pointer of source
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 0   // update source pointer with new destination address
0AB2: ret 0
:DeleteCarGenerator
// Adapted from fastman92's DisableCarGeneratorFromBeingSaved function
// Example: 0AB1: call_scm_func @DeleteCarGenerator 1 cargen_index 10@

// Is invalid generator ID?
if or
  -1 >= 0@
  0@ >= 500
then
  0AB2: ret 0
end

0A8D: 1@ = read_memory 0x6F32AA size 1 virtual_protect false // CCarGenerator_size
0AA7: call_function 0x479D60 num_params 1 pop 1 0@ store_result_to 2@ // CCarGenerator* ptr

if
  1@ >= 0x30 // is CCarGenerator_extended ?
then
  2@ += 0x24 // *** untested ***
  0A8C: write_memory 2@ size 2 value 0x0 virtual_protect false // exIplFile
else
  2@ += 0x1D
  0A8C: write_memory 2@ size 1 value 0x0 virtual_protect false // iplFile
end

0AB2: ret 0
  • thehambone likes this

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#103

Posted 10 October 2015 - 09:40 PM Edited by OrionSR, 10 October 2015 - 09:52 PM.

Original Script Rebuilt Car Cenerators - OSRCARGEN (alpha - little practical testing)

 

I've been experimenting with a few test scripts to rebuild a flooded or damaged car generator pool. The original plan was to call separate scripts for each major routine to allow them to be more flexible, but the current implementation is all in one big script. However, since this process has had no practical testing I think it best to post the segments for the time being. (I'm upgrading my PC a bit and want to get this info online where it's handy.)

 

 Cheat Trigger Script (new to me) - type "OSRCARGEN" to trigger the script.

Spoiler

 

Create Cargens - copied from original main. Maintains original sequence and handles using numeric global variables. Comments added to describe each general location, model, organizational groups and mission controlled display status. The script should put the cargens back in the same spot with the same properties, except they're all hidden and need other routines to unlock them properly. (Since this is a long and static part of the script I include this subroutine last.)

Spoiler

 

HideCarBrains - Update display status of reward vehicles based on mission checklist variables - hopefully. The strategy is to display everything and then hide what shouldn't be displayed yet. The export vehicles are left displayed by this routine and handled by the next.

Spoiler

 

HideExportCars - This part had me stumped when I was working on the HideCarBrains routines but I think I've figured it out now. As an independent script it's a handy way to display the vehicles still remaining on your export list.

Spoiler

Gajah.Bertelur_
  • Gajah.Bertelur_

    Player Hater

  • New Members
  • Joined: 02 Feb 2016
  • Indonesia

#104

Posted 02 February 2016 - 10:55 PM Edited by Gajah.Bertelur_, 07 February 2016 - 09:37 PM.

hi :devil:

 

@haf

_ZN15CTouchInterface14m_vecCachedPosE

4bytes float

store 2 touch point pos

every touch point 8bytes(X Y)

xy pos is based on your device resolution

you can get it by calling

_Z17OS_ScreenGetWidthv
_Z18OS_ScreenGetHeightv

or read from

RsGlobal[2, 3]

edit adjustable

 

    0DD0: LABEL GetAddr @_ZN15CTouchInterface10m_pWidgetsE
    0DD1: FUNC GetAddr GetAddr
    0@ = widgetid
    0@ *= 4
    getaddr += 0@
    0DD8: readmem getaddr getaddr 4 0
    getaddr += 12
    0DD9: writemem getaddr 0@ 4 0 1
    getaddr += 4
    0DD9: writemem getaddr 1@ 4 0 1
    getaddr += 4
    0DD9: writemem getaddr 2@ 4 0 1
    getaddr += 4
    0DD9: writemem getaddr 3@ 4 0 1


China·XMDS
  • China·XMDS

    Crackhead

  • Members
  • Joined: 18 Jan 2016
  • China

#105

Posted 28 March 2016 - 05:18 PM Edited by China·XMDS, 28 March 2016 - 05:19 PM.

How to find the android memory address?

China·XMDS
  • China·XMDS

    Crackhead

  • Members
  • Joined: 18 Jan 2016
  • China

#106

Posted 28 March 2016 - 05:28 PM

Current results are based on the dump 2 folder file 5EF0D000-5F3BB000.bin provided by Markuza97. The file was padded with enough bytes (5D1000) to align the first money dword with the 0x96B2CC offset identified in the CleoA topic. 350 as two dwords (money, money on screen) in sequence is a pretty unique search string.
 

Android mem_write address offsets for SA Mobile v1.05

Static offset from base, ad_lib 1

0x96B2CC   // player money

 

0x5FD8D0   // map marker index

0x6BFC74   // start of garagecar records

0x6C10C8    // start of garagezone records
0x6CD8DC    // start of pickup records
0x79822A    // restarts busted word (structure seems off)
0x7FE36C    // start of shopping data
0x96D370    // open map sectors
0x96D374    // map fog array

0x97362C   // start of marker structure

0x9E2A6C    // start of numplate records
0x9E2B5C    // numplates used
0x9E2B68    // start of cargen records

 

 

enex data in dynamic game memory

0x6BF80C    // points to enex pointer (add_ib 1)

enex pointer holds add_ib 0 address of start of enex records

enex pointer is at an add_ib 0 address

enex destinations use add_ib 0 addresses

 

unique stunt jump data in dynamic game memory (reference)

0x801404   // points to usj pointer (see enex pointer info)

0x8013F0   // address of nUniqueJumps (0x801404 - 0x14)

0x8013F4   // address of nUJs_done (0x801404 - 0x10)

 

Notes:

Shopping Clothes offset = 0xAC

Shopping Clothes length = 0xF7

 

I'm still missing a starting point for the garagecar records although I pretty sure I found the general area, completely blank.. A memory dump that included at least tne car in the Jefferson garage should provide the required information. A memory dump that has triggered at last one gang war and an associated save might provide useful information down the road - not a top priority. Right now I'm mostly stuck on the garaged cars.
 
Also, these dumps seem remarkably similar - the dynamic stuff appears static. Was the game restarted at all between dumps? Maybe I need to dig deeper. I ran out of gas tracking down my first guess at the pointers for the enex data. Sorry, I don't have enough time to draft any tests and I expect to be pretty busy with work for the next few days.
 
Enex Structure in Memory - search for 58 14 F2 44 F6 58 F6 C4 in 2\63AAB000-63C6A000.bin, or follow the path through the pointers. The dynamic pointers have been found in 636E1000-637C8000.bin.
 
The enex stuff is tricky though. Most of the time I can use search strings from the save file to identify structures in memory. But the enex stuff is populated almost entirely from text data files. Fortunately the text strings used to link the enexes are still in plain text. The general procedure for manipulating a record is to read the index from the global identified with item, multiply that by the record length, and add the appropriate offset to record 0 field 0. Field offsets are added as appropriate. Note that the globals associated with pickups have extra information in the upper bytes.
 
Markuza97, thanks a lot. Even if my addresses are off I can still verify record and field offsets. I'm feeling pretty good about this though. If it's not quite right the first time we should be able to zero in on things fairly quickly.

Can you arrange a android memory address tabulation ?

Jhan Carlos
  • Jhan Carlos

    Player Hater

  • Members
  • Joined: 07 Feb 2016
  • Mexico

#107

Posted 19 September 2016 - 11:43 PM Edited by Jhan Carlos, 29 September 2016 - 10:09 PM.

The Sourse Script of backfire mod
It's possible Port it to mobile?

{$CLEO}

0000: NOP

while true
  wait 0 
  if and
  00DF:  actor $PLAYER_ACTOR driving
  84A7:  not actor $PLAYER_ACTOR driving_boat
  84A9:  not actor $PLAYER_ACTOR driving_heli
  84C8:  not actor $PLAYER_ACTOR driving_flying_vehicle
  89AE:  not actor $PLAYER_ACTOR driving_train
  80DD:  not actor $PLAYER_ACTOR driving_car_with_model #BMX 
  80DD:  not actor $PLAYER_ACTOR driving_car_with_model #BIKE 
  80DD:  not actor $PLAYER_ACTOR driving_car_with_model #MTBIKE 
  then
    if 
    00DD:  actor $PLAYER_ACTOR driving_car_with_model #INFERNUS // insert any model here
    then
      03C0: 0@ = actor $PLAYER_ACTOR car
      if 
      0AB1: call_scm_func @isVehicleNitroEnabled 1 vehicle 0@ 
      then
        continue
      end
      0AB8: get_vehicle 0@ current_gear_to 4@ 
      if and
        5@ <> -1 
      803B:  4@ <> 5@ 
      then
        0AB1: call_scm_func @getVehiclePartPosXYZ 2 vehicle 0@ dummy 6 store_to 1@ 2@ 3@ 
        066C: 6@ = attach_particle "gunflash" to_car 0@ with_offset 1@ 2@ 3@ rotation 0.0 -90.0 0.0 flag 1 
        064F: remove_references_to_particle 6@ 
        if 
        0AB1: call_scm_func @hasVehicleDoubleExhaust 1 vehicle 0@ 
        then
          1@ *= -1.0 
          066C: 7@ = attach_particle "gunflash" to_car 0@ with_offset 1@ 2@ 3@ rotation 0.0 -90.0 0.0 flag 1 
          064F: remove_references_to_particle 7@ 
        end
        018C: play_sound 1131 at 0.0 0.0 0.0 // SOUND_AMMUNATION_GUN_COLLISION
      end
      0AB8: get_vehicle 0@ current_gear_to 5@ 
    end
  else
    5@ = -1 
  end
end

:isVehicleNitroEnabled
{
  Parameters:
    Passed:
      0@ - vehicle handle
    Result:
      true/false

  Example:
    0AB1: call_scm_func @isVehicleNitroEnabled 1 vehicle 0x0 
}
0A97: 0@ = car 0@ struct
0@ += 0x37C 
0A8D: 1@ = read_memory 0@ size 1 virtual_protect 0 // bNitroActivated
if 
  1@ <> 0 
then
  0485: return_true
else
  059A: return_false
end
0AB2: ret 0 

:getModelOffset
{
  Parameters:
    Passed:
      0@ - model ID
    Result:
      0@ - model offset

  Example:
    0AB1: call_scm_func @getModelOffset 1 model #LANDSTAL store_to 0@ 
}
0@ *= 0x4 
0@ += 0xA9B0C8 
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0 // CModels (any type)
0AB2: ret 1 0@ 

:getVehiclePartPosXYZ
{
  Parameters:
    Passed:
      0@ - vehicle handle
      1@ - dummy ID
    Result:
      2@ - X position
      3@ - Y position
      4@ - Z position

  Example:
    0AB1: call_scm_func @getVehiclePartPosXYZ 2 vehicle 0x0 dummy 0 store_to 1@ 2@ 3@ 
}
0441: 0@ = car 0@ model
0AB1: call_scm_func @getModelOffset 1 model 0@ store_to 0@ 
0@ += 0x5C 
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0 
1@ *= 0xC 
005A: 0@ += 1@ 
0A8D: 2@ = read_memory 0@ size 4 virtual_protect 0 
0@ += 0x4 
0A8D: 3@ = read_memory 0@ size 4 virtual_protect 0 
0@ += 0x4 
0A8D: 4@ = read_memory 0@ size 4 virtual_protect 0 
0AB2: ret 3 2@ 3@ 4@ 

:getVehicleHandlingID
{
  Parameters:
    Passed:
      0@ - vehicle handle
    Result:
      1@ - vehicle handling ID

  Example:
    0AB1: call_scm_func @getVehicleHandlingID 1 vehicle 0x0 store_to 1@ 
}
0441: 0@ = car 0@ model
0AB1: call_scm_func @getModelOffset 1 model 0@ store_to 0@ 
0@ += 0x4A 
0A8D: 1@ = read_memory 0@ size 2 virtual_protect 0 // wHandlingID
0AB2: ret 1 1@ 

:getVehicleHandlingOffset
{
  Parameters:
    Passed:
      0@ - vehicle handle
    Result:
      0@ - vehicle handling offset

  Example:
    0AB1: call_scm_func @getVehicleHandlingOffset 1 vehicle 0x0 store_to 0@ 
}
0AB1: call_scm_func @getVehicleHandlingID 1 vehicle 0@ store_to 0@ 
0@ *= 0xE0 
0@ += 0xC2B9DC 
0AB2: ret 1 0@ 

:getVehicleModelFlag
{
  Parameters:
    Passed:
      0@ - vehicle handle
    Result:
      1@ - vehicle model flag

  Example:
    0AB1: call_scm_func @getVehicleModelFlag 1 vehicle 0x0 store_to 1@ 
}
0AB1: call_scm_func @getVehicleHandlingOffset 1 vehicle 0@ store_to 0@ 
0@ += 0xCC 
0A8D: 1@ = read_memory 0@ size 4 virtual_protect 0 // dwModelFlag
0AB2: ret 1 1@ 

:hasVehicleDoubleExhaust
{
  Parameters:
    Passed:
      0@ - vehicle handle
    Result:
      true/false

  Example:
    0AB1: call_scm_func @hasVehicleDoubleExhaust 1 vehicle 0x0 
}
0AB1: call_scm_func @getVehicleModelFlag 1 vehicle 0@ store_to 1@ 
if 
08B4:  test 1@ bit 13 // DOUBLE_EXHAUST
then
  0485: return_true
else
  059A: return_false
end
0AB2: ret 0 
http://rs1175.pbsrc....&h=480&fit=clip




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users