Documenting GTA-SA memory addresses

[X_ATP_X]

Die anyone know the memory adresses of the train types that are used in the train traffic?

[Seemann]

Die anyone know the memory adresses of the train types that are used in the train traffic?

*http://www.gtaforums.com/index.php?showtopic=194199&view=findpost&p=3941357

*http://www.gtaforums.com/index.php?showtopic=205020&view=findpost&p=3941370

[X_ATP_X]

Die anyone know the memory adresses of the train types that are used in the train traffic?

*http://www.gtaforums.com/index.php?showtopic=194199&view=findpost&p=3941357

*http://www.gtaforums.com/index.php?showtopic=205020&view=findpost&p=3941370

No I dont mean that. There are 16 train types in San Andreas. I think some of them are only used in missions, and the other in the normal train traffic. So how can I change the types that are used in the normal train traffic?

[Seemann]

 

Die anyone know the memory adresses of the train types that are used in the train traffic?

*http://www.gtaforums.com/index.php?showtopic=194199&view=findpost&p=3941357

*http://www.gtaforums.com/index.php?showtopic=205020&view=findpost&p=3941370

No I dont mean that. There are 16 train types in San Andreas. I think some of them are only used in missions, and the other in the normal train traffic. So how can I change the types that are used in the normal train traffic?

It's hardcoded.

 

 

0x6F7900 is an address of the procedure that generates random trains in game.0xC38000 is a type of the train to generate. It's set randomly.

 

[Pixels^]

Is there any way I can change an actor's skin, like turn him into the CJ skin, using memory?

[Wesser]

Oh man! The player models use some different united body parts to make only a model like peds one. You cannot turn anyone of them with player bodyparts\models. Try to search in 09C7 opcode source in gta-sa.exe if there's a workable address. I made a search but nothing happen.

[Pixels^]

Thanks, I'll just hook the SCM to get my needs done.

[X_ATP_X]

Can anybody say me wich are the adresses of the camera position?

[Pixels^]

Nevermind, found answer.

Edited October 8, 2008 by Pixels^

[Pixels^]

How can I get the player's vehicle's ID? Currently I'm looping through the vehicle block and checking if the pointer matches to the player's vehicle's and it returns 0. Example of what I'm doing:

 

 

Public Function GetPlayerVehicleID() As Long   Dim i As Integer, pPointer As Long, VPointer As Long   ReadProcessMemory Process(), &HB6F5F0, pPointer, 4, 0   ReadProcessMemory Process(), pPointer + &H58C, VPointer, 4, 0   For i = 0 To 50       pPointer = ReadMemoryDWORD(VPointer + (&HA18 * i))       If pPointer = VPointer Then           GetPlayerVehicleID = i           Exit For       End If   Next iEnd Function

 

 

 

EDIT: It just crashes my program now.

Edited November 8, 2008 by Pixels^

[X_ATP_X]

Can anybody say me the memory addres of the max speed from the hydra? I also need he adrees of the max flight hight from planes and the jetpack.

[Deji]

Probably a dumb question to you experts but where could I find out how to use these memory addresses and what they mean? Or if there is no written tutorial then maybe some help from one of you kind experts?

 

And with memory address, could I display stuff like zone names, interior names, model names ect in the game itself?

 

Big thanks to anyone who helps

[jacob.]

 

Can anybody say me the memory addres of the max speed from the hydra? I also need he adrees of the max flight hight from planes and the jetpack.

Set these to zero:

 

 PBYTE MaxAircraftSpeed = (PBYTE)0x6DADE8U;PBYTE MaxJetpackHeight = (PBYTE)0x67F268U;PBYTE MaxAircraftHeight = (PBYTE)0x6D261DU;

 

 

[DeeZire]

Hoping somebody can help

 

As dexx mentioned, there are two defines;-

 

#define copbike 0x8A5A9c //copbike#define lapdm1 0x8A5AB0 //lapdm1, motorbike cop

 

 

So, I try to change them and get weird results. When I change the copbike define to point to another motorbike (e.g. the PCJ) the bike appears ok but drives about of its own accord with no rider. When I change the motorbike cop define to point to any other ped, it doesnt change at all it always keeps the default one.

 

This is the subroutine that uses those defines, can anybody explain to me in plain english whats going wrong?

 

mov     al, byte_9654BEtest    al, almov     ecx, dword_BA6718push    ebxpush    esimov     esi, [esp+8+arg_0]mov     bl, 1jz      short loc_407C8Dtest    esi, esijnz     short loc_407C8Dmov     eax, dword_8A5AB0 // lapdm1lea     eax, [eax+eax*4]cmp     byte_8E4CD0[eax*4], bljnz     short loc_407C8Dmov     eax, dword_8A5A9C // copbikelea     edx, [eax+eax*4]cmp     byte_8E4CD0[edx*4], bljz      short loc_407CFE

 

 

The technique works fine for changing the country cop on the fly but gave me the weird results described above for the copbike ped.

 

EDIT: nvm I fixed it, the copbike peds are also defined again at 0x5DDD86, it works fine now.

Edited December 10, 2008 by DeeZire

[Leonidas I]

 

Can anybody say me the memory addres of the max speed from the hydra? I also need he adrees of the max flight hight from planes and the jetpack.

Set these to zero:

 

 PBYTE MaxAircraftSpeed = (PBYTE)0x6DADE8U;PBYTE MaxJetpackHeight = (PBYTE)0x67F268U;PBYTE MaxAircraftHeight = (PBYTE)0x6D261DU;

 

Doesn't work. Here is what I entered for removing the speed limiter on the aircraft:

 

0181: virtual_protect_change_at 7520695 size 4 new_protect 4

00C4: write_mem_address 7520695 type 0 value 0

0181: virtual_protect_change_at 7520695 size 4 new_protect -1

 

The game crashes as soon as the aircraft moves. I also tried:

 

0181: virtual_protect_change_at 7520695 size 4 new_protect 4

00C4: write_mem_address 7520695 type 1 value 0

0181: virtual_protect_change_at 7520695 size 4 new_protect -1

 

and,

 

0181: virtual_protect_change_at 7520695 size 4 new_protect 4

00C4: write_mem_address 7520695 type 2 value 0

0181: virtual_protect_change_at 7520695 size 4 new_protect -1

 

All had the same effect. Clearly this address in the one pertaining to aircraft speed, but those of us who don't speak code very well need a little more help knowing just how to manipulate these addresses. Maybe other addresses need to be set in conjunction with this one.

 

Incidentally this is an old puzzle for me that I hope can finally be solved without the use of hotkeys. If anyone who really knows this stuff can see through this and help out I would be very thankful.

 

PS: I forgot to mention I am using Xieon's mempatch that adds the three additional opcodes. that's why the addresses have been converted to decimal.

Edited December 18, 2008 by Leonidas I

[cj360]

Any one know the cars drive on water memory address? sry if someone posted it.

Edited January 2, 2009 by cj360

[X_ATP_X]

It is possible too disable the San Andreas Cheats by changing memory adresses?

[Programie]

It is possible too disable the San Andreas Cheats by changing memory adresses?

Yes it´s possible.

 

 

Disable: Write an array with 5 bytes (90 90 90 90 90) to 0x00438480.

Enable: Write an array with 5 bytes (A0 51 F8 B5 00) to 0x00438480.

 

0x90 = NOP

 

Each byte of the array is separated by a space.

[Wesser]

Anyone know where the text menu item color is located? Because I know where to get the title menu one but I can't find the first.

 

If there's no answer about that, could you tell me if is it possible to draw a text while in main menu? I mean the text which uses the sa font. If so, how to do it?

Edited February 11, 2009 by Wesser

[BitsInBlood]

I have a little request for you.

 

I dont know how is made the variables mining and "overwriting" (I know a few programation, but dont know the way to set memory of other process). So, I want to ask to someone to try to find something in the vehicle identification. It is called "Misc Decal ID" in the LithJoe Vice City Ultimate Trainer. This trainer allows you to choose the variant of the vehicle you want to set in your garage. Some vehicle have variants, like the Picador, that have different kind of stuff in its back.

 

Obviously SA has a variable in the ("reference string"?) just like the VC. So, if anyone can find this adress "offset" in the "string", I will be grateful.

 

Thanks in advance.

[jenksta]

Does anyone know why this crashes the game?,

Its a code to disable all peds,

 

*(BYTE*)0x612710 = 0x33;*(BYTE*)0x612711 = 0xC0;*(BYTE*)0x612712 = 0xC3;

 

Any help appriciated,

Also is there a way to stop the intro cutscene?

Edited April 20, 2009 by JeNkStA

[Quantum_Malice]

Does anyone know frame limiter offset for GTA: SA 1.01 UK/ENGLISH version (nocd or not)?

 

I wan't to change frame limiter 25 > 30.

[Programie]

Is it possible to change the current weapon slot via a memory address?

[Wesser]

I made a search and I found what I've always wanted. It works like an interior entering status (interaction with yellow pickup too).

 

0x96A7CC : Interior Entering Status (dword)

• 0 - after yellow pickup appears on screen
• 1 - player is entering in an interior (or walking)
• 2 - player is opening the door
• 3 - player on pickup cone (move forward to make it visible on screen, so it returns 0)

This is for getting your vehicle's GXT entry and changing it. Memory is read\write, of course.

 

0xB1F650 : Base Memory Address

+ 0x308 : Block Size (for each vehicle defined in vehicles.dat)

 

+ 0x36 : GetVehicleGXTEntry

 

The max number of defined vehicles in vehicles.dat is 212. To get a vehicle gxt entry you have to do this.

 

0x308 * ModelID-400 + 0x36

 

This way is not so easy to do using cleo. You have to pass the result (string) to a new thread. This will explain you how it works.

 

{$CLEO .cs}0000: Starting code...while true   wait 0    if        00DF:   actor $PLAYER_ACTOR driving   then       03C0: [email protected] = actor $PLAYER_ACTOR car       0441: [email protected] = car [email protected] model       000E: [email protected] -= 400        0012: [email protected] *= 0x308        000A: [email protected] += 0xB1F650        000A: [email protected] += 0x36        0A8D: [email protected] = read_memory [email protected] size 4 virtual_protect 0        000A: [email protected] += 0x4        0A8D: [email protected] = read_memory [email protected] size 3 virtual_protect 0        0AB1: call_scm_func @SubString 2 [email protected] [email protected]    endend:SubString00BC: show_text_highpriority GXT [email protected] time 0 flag 1 0AB2: ret 0 

 

Hope it helps a lot. Enjoy!

Edited June 16, 2009 by Wesser

[James_Alex]

and to ban player wich code i use plz ??

[PatrickW]

This topic is about SA memory addresses. San Andreas doesn't support multiplayer, so banning players is not an issue.

[James_Alex]

so sorry

vut where can i post this ??

[X_ATP_X]

It is possible to read out the current ammu in the Weapon Clip?

[Wesser]

It has already posted something about how to do it here. See what you should do.

 

CurrentSlot = CPed + 0x718;CurrentAmmoClip = CPed + 0x5A0 + (0x1C * CurrentSlot) + 0x8;

 

This code is how it will look in coding.

 

0A96: [email protected] = actor $PLAYER_ACTOR struct 000A: [email protected] += 0x718 0A8D: [email protected] = read_memory [email protected] size 1 virtual_protect 0 // CurrentSlot0A96: [email protected] = actor $PLAYER_ACTOR struct 000A: [email protected] += 0x5A0 [email protected] *= 0x1C 005A: [email protected] += [email protected] // (int) 000A: [email protected] += 0x8 0A8D: [email protected] = read_memory [email protected] size 4 virtual_protect 0 // CurrentAmmoClip

 

Hope it helps you.

[X_ATP_X]

Thanks, I already found the adresses here.

 

Edit:

I have another question, how can I get the car on that the player is aim? In the modding wiki I founded it only for peds.

Edited July 10, 2009 by X_ATP_X