Quantcast
Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
    1. Welcome to GTAForums!   (91,992 visits to this link)

    2. News

    1. GTA Online

      1. Find Lobbies & Players
      2. Guides & Strategies
      3. Vehicles
      4. Content Creator
      5. Help & Support
    2. Crews

      1. Events
      2. Recruitment
    1. Grand Theft Auto Series

    2. GTA Next

    3. GTA V

      1. PC
      2. Guides & Strategies
      3. Help & Support
    4. GTA IV

      1. Episodes from Liberty City
      2. Multiplayer
      3. Guides & Strategies
      4. Help & Support
      5. GTA Mods
    5. GTA Chinatown Wars

    6. GTA Vice City Stories

    7. GTA Liberty City Stories

    8. GTA San Andreas

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    9. GTA Vice City

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    10. GTA III

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    11. Top Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    12. Wiki

      1. Merchandising
    1. GTA Modding

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    3. Featured Mods

      1. DYOM
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Red Dead Redemption 2

    2. Red Dead Redemption

    3. Rockstar Games

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Programming
      5. Movies & TV
      6. Music
      7. Sports
      8. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    1. Forum Support

    2. Site Suggestions

JernejL

Documenting GTA-SA memory addresses

Recommended Posts

JernejL

and here is same topic as for gta vc memory exploring, san andreas is out in usa and will be soon in europe and rest of the world, some addresses were already posted in

the vc memory topic, so you can start with clean topic here, now get back to work tounge.gif

Share this post


Link to post
Share on other sites
random_download

0xA49960 = start of scm block

Share this post


Link to post
Share on other sites
jacob.

00B74490 = Pool of CPed structures

00B74494 = Occupied CVehicle (Player when on foot)

CPed + 0x540 = Health. (float)

 

[LATE EDIT] Removed innacurate information.

Edited by jacob.

Share this post


Link to post
Share on other sites
Hammer83

0x464080 - GetOpcodeParameters()

0xA43C78 - Where the routine above stores opcode parameters values. Max 16 paramters for an opcode it seems.

0x53BC80 - LoadGame(char* fileName), initializes all data structures and loads fileName (which is gta.dat).

0x5B9030 - LoadMapDefinitionFile(char* fileName), parses and loads dat-files, such as default.dat and gta.dat.

0x550F10 - AllocatePools(), allocates stuff which LimitAdjuster modifies, such as Peds and Buildings.

0x82119A - malloc(size_t size)

0x438480 - Looks like cheat processor

Share this post


Link to post
Share on other sites
jacob.

0xB7CE50 - money

0xBAA420 - wanted level

0xB70153 - current hour

0xB70152 - current minute

 

CPed + 0x740 - current weapon

 

Display Settings

Look down a few posts.

 

Edited by jacob.

Share this post


Link to post
Share on other sites
ModelingMan

CPed + 0x718 = Current weapon slot. (1 byte)

CPed + 0x5A0 = Start of weapon data. Each slot has 28 bytes.

Share this post


Link to post
Share on other sites
Stretchnutter

CPed + 0x14 = pointer to XYZ position structure (and rotation)

 

0x863984 = gravity

 

Share this post


Link to post
Share on other sites
jacob.

Stretchnutter, I had a look into XYZ and found these:

 

Player + 368 = x pos

Player + 372 = y pos

Player + 376 = z pos

 

Values appear to be read-only.

Share this post


Link to post
Share on other sites
Stretchnutter

yea... these are not read only though.

 

DWORD(CPed+0x14) + 0x30 = XPos

DWORD(CPed+0x14) + 0x34 = YPos

DWORD(CPed+0x14) + 0x38 = ZPos

 

DWORD(CPed+0x14) + 0x0 to 0x2C is the rotation matrix

 

 

Its much different from vice city. looks like there are a bunch of coordinates at this location.. could be the traffic cars.

 

 

maybe i should write a teleporter smile.gif

Share this post


Link to post
Share on other sites
random_download

 

wow.gif coords are DWords not floats?

Share this post


Link to post
Share on other sites
ModelingMan

I have started to label some functions in IDA, here is my current list, it's not much but it's a start smile.gif

Linkage.

 

CPed block size = 0x7C4 bytes.

CVehicle block size = 0x0A18 bytes.

 

Also the maximum amount of vehicles and peds loaded are the same as VC.

 

 

wow.gif coords are DWords not floats?

No, read his last post, he says that the dword pointer at (CPed + 0x14) leads you to XYZ and rotation.

 

Edit:

0x00B6F3B8 = Player CVehicle pointer.

0x00B6F5F0 = Player pointer.

Edited by ModelingMan

Share this post


Link to post
Share on other sites
Squiddy

Values of all these addresses are saved in gta_sa.set, so most of them should be options related. I see jacob allready found some. I have the problem not having sa at the moment, so I can't test them. If anyone has some time, he could test them please? smile.gif

 

------------------------------------------------------

0xB6EC1C float - mouse sensitivity

0xC1CC02 byte

0xC1CC03 byte

 

0xBA6748

+ 0x4F BYTE

+ 0x50 BYTE

+ 0x52 BYTE

+ 0x4D BYTE

+ 0x51 BYTE

+ 0x3C 4 byte - brightness

+ 0xC4 BYTE

+ 0xC5 BYTE

+ 0xCC 4 byte (0xC8)

+ 0x40 4 byte - draw distance

+ 0x44 BYTE - subtitles

+ 0x4B BYTE

+ 0x4C BYTE

+ 0xD8 4 byte (0xD4)

+ 0xD0 BYTE

+ 0x21 BYTE - hud switch

+ 0x24 4 byte

+ 0xB0 BYTE

+ 0xE8 BYTE - Store Gallery Photos

+ 0xB1 BYTE

+ 0xB2 BYTE

+ 0xB3 BYTE

+ 0xB4 BYTE

+ 0xB5 BYTE

+ 0xB6 BYTE

+ 0x4A BYTE - legend switch

+ 0xAC 4 byte

 

Added the addresses jacob found, hope it's okay. wink.gif

 

Update

+ 0x84 BYTE

Edited by Squiddy

Share this post


Link to post
Share on other sites
aad

Are memory adresses for cheats welcome if so ill hunt some adresses down and ill post them later it really takes long on my old 1,55 GHZ wow.gif

Share this post


Link to post
Share on other sites
Sobeit
Are memory adresses for cheats welcome if so ill hunt some adresses down and ill post them later it really takes long on my old 1,55 GHZ wow.gif

no, new adresses are not welcome.....wtf were you thinking?

Share this post


Link to post
Share on other sites
jacob.

Thanks for that, squiddy. Figured out what they all did.

All are byte values unless stated otherwise..

 

Display Settings

0xBA6784 - Brightness [long]

0xBA6792 - Legend

0xBA676C - Radar Mode

0xBA6769 - Hud Mode

0xBA678C - Subtitles

0xBA6830 - Store gallery photos

0xBA6788 - Draw Distance [long]

0xBA6794 - Frame limiter

0xBA6793 - Widescreen

0xA9AE54 - Visual FX Quality

0xBA680C - Mip Mapping

0xBA6814 - Antialiasing [1 = off, 2 = 1, 3 = 2, 4 = 3]

0xBA6820 - Resolution [640x480=11, 800x400 = 12, 800x600=13, 1024x1068=15]

 

Sound Configuration

0xBA6798 - Radio Volume [0 through 64]

0xBA6797 - SFX Volume [0 through 64]

0xBA6799 - Radio Equalizer

0xBA6795 - Radio Auto-tune

0xBA67F8 - Usertrack/Play mode [0 = radio, 1 = random]

0xBA680D - Usertrack/Automatic Media Scan

0xBA679A - Radio Station [0 through 11, 12 = usertrack player]

 

Controller Configuration

0xBA6818 - Controller Configuration [0 = mouse+keys, 1 = joypad]

0xB6EC1C - Mouse sensivity [float]

 

Interesting enough, none of the other controller/mouse config is in the structure squiddy posted. Perhaps its located somewhere else.

 

Edited by !cMc! Jacob

Share this post


Link to post
Share on other sites
QJimbo

woo Delfi we are getting in there early wink.gif

$B70152 : Minutes

$B70153 : Hours (note $0F = 15:00 rather than 16:00)

 

EDIT: Ack in my rush to post these I didn't notice !cMc! Jacob already had... oh well... it's the thought that counts tounge.gif

Edited by QJimbo

Share this post


Link to post
Share on other sites
jacob.
Player + 45 = Animation Edited by !cMc! Jacob

Share this post


Link to post
Share on other sites
Stretchnutter

Camera Stuff

 

0x52B730 = Start of camera 'MOVer' subroutine. set to 0xC3 (retn) to lock camera

 

0xB6F028 = Camera Block Start

0xB6F028-0xB6F0DB - Uknown stuff - mostly flags, pointers and some floats

 

0xB6F0DC = [dword]Current View

(0 = Bumper View / 1 = Close External View / 2 = Middle External View / 3 = Furthest External View / 4 = nothing(same as last?) / 5 = Cinematic View / 6 to INF = same as 4?) same as Vice... no top-down

 

0xB6F0E0 = [float]Car View Distance (arm length) read only

0xB6F0E8 = [float]True View Distance (true arm length)read only (freezing will cause it to be jumpy, as if final copy smile.gif)

 

 

0x8CC3E0 to 0x8CC3F0 = [floats]Hard-Coded View Distances For Closest External View (ecx = 1) (read/write)

528B13 mov eax, ds:dword_0_8CC3E0[edx*4]

edx = vehicle type (0 to 4) ?! normal car = edx = 0 | eax = true distance

 

0x8CC3F4 to 0x8CC404 = [floats]Hard-Coded View Distances For Middle External View (ecx = 2) (read/write)

528B24 mov eax, ds:dword_0_8CC3F4[edx*4]

edx = vehicle type (0 to 4) ?! normal car = edx = 0 | eax = true distance

 

0x8CC408 to 0x8CC418 = [floats]Hard-Coded View Distances For Furthest External View (ecx = 3) (read/write)

528B36 mov eax, ds:dword_0_8CC408[edx*4]

edx = vehicle type (0 to 4) ?! normal car = edx = 0 | eax = true distance

 

0xB6F97C = Pointer to TRUE? camera Matrix (freezing these has effect, as if final copy)

0xB6F99C to 0xB6F9DB = Camera Matrix (0xB6F99C + 0x30 = Xpos, etc...) read only, unless you write retn @ 52B730

 

 

 

EDIT:

 

Controls Stuff

 

0xB73458 = Start of controls block

read only unless the subroutine is disabled (not documented yet)

+ 0x20 = [word]Accelerate (255 = on / 0 = off)

+ 0x22 = [word]Brake

more...

 

 

EDIT2:

 

Text Stuff

 

write normal strings here (not unicode)

 

0xBAA7A0 = Top Left Text Box [eg; Cheat activated] (disappears after few seconds)

0XBAADC0 = Busted/Wasted Text Box - Center screen...displayed until first byte is null

Edited by Stretchnutter

Share this post


Link to post
Share on other sites
Squiddy

Controller Configuration

0xC1CC02 - BYTE - Steer with mouse

0xC1CC03 - BYTE - Invert mouse vertically

 

Share this post


Link to post
Share on other sites
steve-m

 

0x?????? - Visual FX Quality

it's at 0xA9AE54 [0 - 3]

Share this post


Link to post
Share on other sites
Hammer83

ModellingMan, are you sure player struct is at address you listed?

 

I think it might be at 0xB7CD98. IDA doesn't show any refs to 0xB6F5F0, but I must say I still have a lot of code represented as data.

Share this post


Link to post
Share on other sites
ModelingMan

 

ModellingMan, are you sure player struct is at address you listed?

 

I think it might be at 0xB7CD98. IDA doesn't show any refs to 0xB6F5F0, but I must say I still have a lot of code represented as data.

Both addresses work fine. VC also had 2 player pointer addresses. IDA also didn't show any refs to VC's player pointer...

Share this post


Link to post
Share on other sites
Stretchnutter

If I may suggest as an evil game hacking tip: Use Dual Monitors!!!

 

I had some problems using a debugger to set breakpoints with a single monitor. So I wondered what I could do with 2 monitors. Turns out it works great.

 

All you need is a Video Card with dual heads, 2 monitors and a program called Ultramon (free, look on google).

 

Click...

 

You can do things like watch live changes to the memory.... sure you can do this in windowed mode... but noone has figured out how to yet.

 

Sorry for going off-topic tounge.gif

 

 

more text stuff

 

these are wierd if you try writing something to these they dont appear because the game constantly sets the first byte to 0, but if you turn that off they operate in same manner as the busted/wasted text box.

 

0xBAB040 = BOTTOM TEXT BOX - stunt bonus information is written here

0xBAAEC0 = TOP MIDDLE - i dont know, some orange text

0xBAAFC0 = ?

0xBAAF40 = ?

0xBAAE40 = ?

Edited by Stretchnutter

Share this post


Link to post
Share on other sites
jacob.

Racer, if you don't mind me asking, how do you find those textbox addresses? Do you wait until one is displayed then search for the string in memory? (ascii values of characters in order, unless they're in unicode in that case its asciichar,0,asciichar,0)

This is just out of curiousity and for possible future reference to help me get better at finding addresses. tounge.gif

 

I don't have duel moniters so I haven't been able to debug anything at all. I'm just waiting for someone to release a windowed-mode modification.

 

Handling.cfg is loaded into the memory when you start a game, as are all of its parameters stored in memory offsets.. anyone know if theres a 'handling pointer' or something? I'd look into this myself if i had a debugger that worked in full-screen. bored.gif

Share this post


Link to post
Share on other sites
QJimbo

Hey guys, I'm having some problems with my TimeSync Tool, which basically makes the weather go mental when you freeze the time, does anyone know why? It's like there's another timer in there, maybe 16th's/256th's of a second if a single/double byte Hex value... anyone seen any values that look like that?

 

I'm not sure why the weather keeps changing within the minute though, another timer would just make a transition repeat instead of going mental... hmm.

 

And as for the dual monitor thing, that seems like a nice trick, but someway of getting SA running in a window would be good. 3Danalyze doesn't work, as SA seems to go "oh noes teh window" and quits tounge.gif

Share this post


Link to post
Share on other sites
JernejL

i use dual monitors with geforce fx 5600, it works well but many games work improperly on dual monitors, mouse cursor is important problem here, even

gtavc had problems with grabbing cursor on two monitors, zmodeler2 also

doesn't work properly on dualscreen monitors - no hardware, only software

renderer is availible..

 

Share this post


Link to post
Share on other sites
aad

I did a try to search for some memory adresses that would be cool to use for making a trainer (im currently making one) so here is my mem adres

 

 

969160 (Flying Car cheat)

 

 

its in hex so for coding it in VB use &H and then my adress. cool.gif It actualy works better then the normal cheat at least it looks like it works better.

Share this post


Link to post
Share on other sites
Stretchnutter
Racer, if you don't mind me asking, how do you find those textbox addresses? Do you wait until one is displayed then search for the string in memory? (ascii values of characters in order, unless they're in unicode in that case its asciichar,0,asciichar,0)

This is just out of curiousity and for possible future reference to help me get better at finding addresses. tounge.gif

i did exactly that... actually i put in a cheat and searched for "Cheat a" short for Cheat activated..

 

 

i found 3 of them... so i tryed writing something else in them and see which one had an effect... found one that worked... then jumped to the address in IDA, seen a xref to it... then just scrolled down until i saw another xref.

Share this post


Link to post
Share on other sites
Spooky

I don't know if this has been mentioned yet, but the USA and EU versions of game game have different executables. One piece of code I came across was exactly +0x50 bytes misalignged in the EU exe.

Share this post


Link to post
Share on other sites
Stretchnutter

spooky thats wierd... i wonder what they will do when they release a patch, release a different patch for each country?! that would be odd.

 

0xB7CB84 = [dword]A global timer in ms

0xB70158 = [dword]Timer related to weather and time in ms

0xB7015C = [dword]Defines how many ms = 1 second... default 1000, set to 1 for a headache

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • 1 User Currently Viewing
    0 members, 0 Anonymous, 1 Guest

×

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.