Quantcast

Jump to content

» «
Photo

Introduction to SA Chain Game Style Save Editing - Mobile/PC

106 replies to this topic
ric-013
  • ric-013

    Casual Lurker

  • Members
  • Joined: 24 Nov 2006
  • None

#91

Posted 01 February 2015 - 09:12 PM Edited by ric-013, 01 February 2015 - 09:49 PM.

Gang Zone Editor ( in-game ) Beta
for android ( all versions of game )
 


 

Test-Script :

Spoiler


Compiled Test-Script :
https://www.mediafir...78i158ady1t2i5a

 
 
This script allow you to add or edit gangs to zones ( territory ) while playing SA.
 
What it does :
- add selected gang to selected zone with a density of 50 
- add drug dealers to selected zone with a density of 10
- apply random rezone to " gang-less " zone ( so gang spawn )
 
How it works:
#1 - activate script with CLEO menu
#2 - you will get this message " select , gang area "
#3 - you will get this message " player position , OK "
#4 - now take CJ into zone you want to edit and press OK ( center of screen )
#5 - you will get this message  " gang area , load succesfull "
#6 - you will get this message " select , gang control "
#7 - the 1st gang name will be displayed " ballas "
#8 - press SCROLL ( top center screen ) to select next gangs " ballas , vagos , rifa , danang , mafia , triad , aztecas "
#9 - with gang name you want displayed , press OK ( center of screen ) to confirm gang
#10 - you will get this message " gang control , load succesfull  "
#11 - zone is edited with gang you wanted ... from this point , script jump back to step #2 .

 

notes:

- you can terminate script by pressing EXIT at " select , gang area " menu.

- rifa, da nang , mafia , triads and aztecas dont have zone colors on map , but spawn in zone, 

 
enjoy !
 
special thanks to :
 
OrionSR
:colgate:

  • thehambone and BobyFrançais like this

Jeansowaty
  • Jeansowaty

    Have no fear, Olek is here! Mwahahaha...

  • Members
  • Joined: 31 Mar 2013
  • Poland

#92

Posted 02 February 2015 - 04:28 PM

Note that I'm still using hard-coded addresses to find structures in PC memory. I think I've seen PC coding that does something similar to the magic hex strategy used to call for addresses on Android, but I lost track of the reference. The hard coded values shouldn't matter as the addresses should always be consistent for v1, but I'd eventually like to learn the right way to do things.

 

Typo: Please correct.

//003B: 11s@ == [email protected]
003B: [email protected] == [email protected]

Also, I'm a little worried about this evaluation. It should work just fine on these two zones with short names but I didn't isolate a code for 8 byte equals. I had suggested IF 11@ == 13@ AND 12@ == 14@ but the revised strategy works just find with the original coding.

Well Orion, I noticed a bug in the script. The gang works fine, but once you enter PLS or MKT1, all VLA gangsters change into the Strippers, I mean, even the ones in El Corona and others.


ric-013
  • ric-013

    Casual Lurker

  • Members
  • Joined: 24 Nov 2006
  • None

#93

Posted 02 February 2015 - 05:41 PM Edited by ric-013, 02 February 2015 - 05:44 PM.

Note that I'm still using hard-coded addresses to find structures in PC memory. I think I've seen PC coding that does something similar to the magic hex strategy used to call for addresses on Android, but I lost track of the reference. The hard coded values shouldn't matter as the addresses should always be consistent for v1, but I'd eventually like to learn the right way to do things.
 
Typo: Please correct.

//003B: 11s@ == [email protected]
003B: [email protected] == [email protected]
Also, I'm a little worried about this evaluation. It should work just fine on these two zones with short names but I didn't isolate a code for 8 byte equals. I had suggested IF 11@ == 13@ AND 12@ == 14@ but the revised strategy works just find with the original coding.

 
typo corrected !
;)
 

I noticed a bug in the script. The gang works fine, but once you enter PLS or MKT1, all VLA gangsters change into the Strippers, I mean, even the ones in El Corona and others.[/size]

 
if you were using  " port - a " this little typo was messing up zone check.
  • Jeansowaty likes this

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#94

Posted 02 February 2015 - 09:31 PM

Did the weird bugs in your first report work themselves out with the type correction? And the port a version really needs a better equals evaluation before it can be expanded to zone names longer that 4 bytes.

  • Jeansowaty likes this

H.A.F
  • H.A.F

    Square Civilian

  • Members
  • Joined: 10 Oct 2013
  • Indonesia

#95

Posted 15 February 2015 - 12:37 PM

https://plus.google....962382557546027 whether it can make a string without using GXT/FXT ?

Jeansowaty
  • Jeansowaty

    Have no fear, Olek is here! Mwahahaha...

  • Members
  • Joined: 31 Mar 2013
  • Poland

#96

Posted 27 February 2015 - 01:03 PM

Alright... now I'm too confused to think about this. I would like to morph other gangs, not only GANG7. I was trying to calculate the numbers as Ric told me but something is not right with them. I'd be grateful if anyone could tell me the hex numbers that have to be used in those scripts for ALL gangs... 


khsh97
  • khsh97

    Thug

  • Members
  • Joined: 16 Feb 2014
  • None
  • Helpfulness Award [SA Mission Help]

#97

Posted 01 March 2015 - 04:30 PM

How to fix v1.07 save checksum?

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#98

Posted 01 March 2015 - 04:41 PM

Isn't it the same as all the others? Clear the last 4 bytes, run HxD's checksum-32 tool on the entire file, encode the checksum into the last 4 bytes.

 

Or try this checksum tool by thehambone.


khsh97
  • khsh97

    Thug

  • Members
  • Joined: 16 Feb 2014
  • None
  • Helpfulness Award [SA Mission Help]

#99

Posted 02 March 2015 - 04:21 AM

Ok. I have another question; Is the PC saves checksum can be fixed by HxD checksum-32 tool?
what is the difference between checksum-32 and checksum-16 tool of HxD?

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#100

Posted 02 March 2015 - 06:45 AM

Checksum-16 will encode to a 2 byte word, which won't work right for GTA saves.


H.A.F
  • H.A.F

    Square Civilian

  • Members
  • Joined: 10 Oct 2013
  • Indonesia

#101

Posted 08 March 2015 - 01:35 AM

_ZN5CRGBAC2Ehhhh ; CRGBA::CRGBA(uchar,uchar,uchar,uchar)

Can you help me to get color values red and blue?


OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#102

Posted 07 October 2015 - 09:59 PM Edited by OrionSR, 09 October 2015 - 07:09 PM.

I guess this is as good of a place as any to record the save editing procedures I've been collecting for PC. I don't want to lose these again.

 

Initialize pools and arrays

0AA5: call 0x49CB10 num_params 0 pop 0 // init unique stunt jump pool
0AA5: call 0x572110 num_params 0 pop 0 // init explored territory array and count
0AA5: call 0x6f3270 num_params 0 pop 0 // init car generator pool and numplates
0AA5: call 0x43f880 num_params 0 pop 0 // init enex pool, delete all

Functions:

:RedirectEnex
// Example: 0AB1: call_scm_func @RedirectEnex 2 source_index 10@ destination index 11@
0AA7: EntryExitPool_atIndex 0x43ef00 num_params  1 pop 1 index 0@ ret: int 0@  // returns pointer to enex
0AA7: EntryExitPool_atIndex 0x43ef00 num_params  1 pop 1 index 1@ ret: int 1@  // returns pointer to enex
000A: 0@ += 0x38    // += offset to destination pointer of source
0A8C: write_memory 0@ size 4 value 1@ virtual_protect 0   // update source pointer with new destination address
0AB2: ret 0
:DeleteCarGenerator
// Adapted from fastman92's DisableCarGeneratorFromBeingSaved function
// Example: 0AB1: call_scm_func @DeleteCarGenerator 1 cargen_index 10@

// Is invalid generator ID?
if or
  -1 >= 0@
  0@ >= 500
then
  0AB2: ret 0
end

0A8D: 1@ = read_memory 0x6F32AA size 1 virtual_protect false // CCarGenerator_size
0AA7: call_function 0x479D60 num_params 1 pop 1 0@ store_result_to 2@ // CCarGenerator* ptr

if
  1@ >= 0x30 // is CCarGenerator_extended ?
then
  2@ += 0x24 // *** untested ***
  0A8C: write_memory 2@ size 2 value 0x0 virtual_protect false // exIplFile
else
  2@ += 0x1D
  0A8C: write_memory 2@ size 1 value 0x0 virtual_protect false // iplFile
end

0AB2: ret 0
  • thehambone likes this

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#103

Posted 10 October 2015 - 09:40 PM Edited by OrionSR, 10 October 2015 - 09:52 PM.

Original Script Rebuilt Car Cenerators - OSRCARGEN (alpha - little practical testing)

 

I've been experimenting with a few test scripts to rebuild a flooded or damaged car generator pool. The original plan was to call separate scripts for each major routine to allow them to be more flexible, but the current implementation is all in one big script. However, since this process has had no practical testing I think it best to post the segments for the time being. (I'm upgrading my PC a bit and want to get this info online where it's handy.)

 

 Cheat Trigger Script (new to me) - type "OSRCARGEN" to trigger the script.

Spoiler

 

Create Cargens - copied from original main. Maintains original sequence and handles using numeric global variables. Comments added to describe each general location, model, organizational groups and mission controlled display status. The script should put the cargens back in the same spot with the same properties, except they're all hidden and need other routines to unlock them properly. (Since this is a long and static part of the script I include this subroutine last.)

Spoiler

 

HideCarBrains - Update display status of reward vehicles based on mission checklist variables - hopefully. The strategy is to display everything and then hide what shouldn't be displayed yet. The export vehicles are left displayed by this routine and handled by the next.

Spoiler

 

HideExportCars - This part had me stumped when I was working on the HideCarBrains routines but I think I've figured it out now. As an independent script it's a handy way to display the vehicles still remaining on your export list.

Spoiler

Gajah.Bertelur_
  • Gajah.Bertelur_

    Player Hater

  • New Members
  • Joined: 02 Feb 2016
  • Indonesia

#104

Posted 02 February 2016 - 10:55 PM Edited by Gajah.Bertelur_, 07 February 2016 - 09:37 PM.

hi :devil:

 

@haf

_ZN15CTouchInterface14m_vecCachedPosE

4bytes float

store 2 touch point pos

every touch point 8bytes(X Y)

xy pos is based on your device resolution

you can get it by calling

_Z17OS_ScreenGetWidthv
_Z18OS_ScreenGetHeightv

or read from

RsGlobal[2, 3]

edit adjustable

 

    0DD0: LABEL GetAddr @_ZN15CTouchInterface10m_pWidgetsE
    0DD1: FUNC GetAddr GetAddr
    0@ = widgetid
    0@ *= 4
    getaddr += 0@
    0DD8: readmem getaddr getaddr 4 0
    getaddr += 12
    0DD9: writemem getaddr 0@ 4 0 1
    getaddr += 4
    0DD9: writemem getaddr 1@ 4 0 1
    getaddr += 4
    0DD9: writemem getaddr 2@ 4 0 1
    getaddr += 4
    0DD9: writemem getaddr 3@ 4 0 1


China·XMDS
  • China·XMDS

    Crackhead

  • Members
  • Joined: 18 Jan 2016
  • China

#105

Posted 28 March 2016 - 05:18 PM Edited by China·XMDS, 28 March 2016 - 05:19 PM.

How to find the android memory address?

China·XMDS
  • China·XMDS

    Crackhead

  • Members
  • Joined: 18 Jan 2016
  • China

#106

Posted 28 March 2016 - 05:28 PM

Current results are based on the dump 2 folder file 5EF0D000-5F3BB000.bin provided by Markuza97. The file was padded with enough bytes (5D1000) to align the first money dword with the 0x96B2CC offset identified in the CleoA topic. 350 as two dwords (money, money on screen) in sequence is a pretty unique search string.
 

Android mem_write address offsets for SA Mobile v1.05

Static offset from base, ad_lib 1

0x96B2CC   // player money

 

0x5FD8D0   // map marker index

0x6BFC74   // start of garagecar records

0x6C10C8    // start of garagezone records
0x6CD8DC    // start of pickup records
0x79822A    // restarts busted word (structure seems off)
0x7FE36C    // start of shopping data
0x96D370    // open map sectors
0x96D374    // map fog array

0x97362C   // start of marker structure

0x9E2A6C    // start of numplate records
0x9E2B5C    // numplates used
0x9E2B68    // start of cargen records

 

 

enex data in dynamic game memory

0x6BF80C    // points to enex pointer (add_ib 1)

enex pointer holds add_ib 0 address of start of enex records

enex pointer is at an add_ib 0 address

enex destinations use add_ib 0 addresses

 

unique stunt jump data in dynamic game memory (reference)

0x801404   // points to usj pointer (see enex pointer info)

0x8013F0   // address of nUniqueJumps (0x801404 - 0x14)

0x8013F4   // address of nUJs_done (0x801404 - 0x10)

 

Notes:

Shopping Clothes offset = 0xAC

Shopping Clothes length = 0xF7

 

I'm still missing a starting point for the garagecar records although I pretty sure I found the general area, completely blank.. A memory dump that included at least tne car in the Jefferson garage should provide the required information. A memory dump that has triggered at last one gang war and an associated save might provide useful information down the road - not a top priority. Right now I'm mostly stuck on the garaged cars.
 
Also, these dumps seem remarkably similar - the dynamic stuff appears static. Was the game restarted at all between dumps? Maybe I need to dig deeper. I ran out of gas tracking down my first guess at the pointers for the enex data. Sorry, I don't have enough time to draft any tests and I expect to be pretty busy with work for the next few days.
 
Enex Structure in Memory - search for 58 14 F2 44 F6 58 F6 C4 in 2\63AAB000-63C6A000.bin, or follow the path through the pointers. The dynamic pointers have been found in 636E1000-637C8000.bin.
 
The enex stuff is tricky though. Most of the time I can use search strings from the save file to identify structures in memory. But the enex stuff is populated almost entirely from text data files. Fortunately the text strings used to link the enexes are still in plain text. The general procedure for manipulating a record is to read the index from the global identified with item, multiply that by the record length, and add the appropriate offset to record 0 field 0. Field offsets are added as appropriate. Note that the globals associated with pickups have extra information in the upper bytes.
 
Markuza97, thanks a lot. Even if my addresses are off I can still verify record and field offsets. I'm feeling pretty good about this though. If it's not quite right the first time we should be able to zero in on things fairly quickly.

Can you arrange a android memory address tabulation ?

Jhan Carlos
  • Jhan Carlos

    Player Hater

  • New Members
  • Joined: 07 Feb 2016
  • Mexico

#107

Posted 4 days ago

How to get Vehicle Dummy PosOffset exhaust
For mod backfire for android

http://rs1175.pbsrc....&h=480&fit=clip




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users