Documenting GTA-SA memory addresses

[DK22Pac]

6F6BD0 int __cdecl GetTrainNodeNearPoint(float fX, float fY, float fZ, int pTrackIDresult)

Named by MTA developers.

 

int __cdecl GetTrainNodeNearPoint(float fX, float fY, float fZ, int pTrackIDresult){ int trackLineResult; // [email protected] signed int trackID; // [email protected] int zero; // [email protected] int trackLine; // [email protected] int pPoint; // [email protected] int pStartPointsData; // [email protected] long double distance; // [email protected] signed int point.x; // [email protected] int pPointData; // [email protected] float point.z; // [email protected] float subX; // [email protected] long double subY; // [email protected] float resultDistance; // [sp+10h] [bp-20h]@1 trackLineResult = zero; LODWORD(resultDistance) = 0x47C34FF3u;        // 99999.898 trackID = 0; do {   trackLine = 0;   if ( tracksDatLineCount[trackID] > 0 )   {     pPoint = 0;     do     {       pStartPointsData = tracksDatContents[trackID];       point.x = *(pStartPointsData + pPoint);       pPointData = pPoint + pStartPointsData;       point.z = *(pPointData + 4) * 0.125;       subX = fX - point.x * 0.125;       subY = fY - *(pPointData + 2) * 0.125;       distance = sqrt((fZ - point.z) * (fZ - point.z) + subY * subY + subX * subX);       if ( distance < resultDistance )       {         resultDistance = distance;         trackLineResult = trackLine;         *pTrackIDresult = trackID;       }       ++trackLine;       pPoint += 10;     }     while ( trackLine < tracksDatLineCount[trackID] );   }   ++trackID; } while ( trackID < 4 ); return trackLineResult;}

 

 

 

00000000 CTrainNodePoint struc; (sizeof=0xA)00000000 x               dw ?00000002 y               dw ?00000004 z               dw ?00000006 distanceFromStart dw ?00000008 field_8         dw ?0000000A CTrainNodePoint ends

 

Gonna hack all train-limits

 

PS Anyone knows how to generate eNums for IDA from, f.e., text-file? Maybe there some IDC scripts or something?

Edited March 28, 2012 by DK22Pac

[Juarez]

sub_60A440 -> CPed_saveGroup

sub_409C10 -> CStreaming__releaseModel

[Swoorup]

Can anyone give me some detail on how SA streams nodes.dat and connects the path node in between different zones properly?

[Deji]

PS Anyone knows how to generate eNums for IDA from, f.e., text-file? Maybe there some IDC scripts or something?

Like this?

[Swoorup]

You should be able to produce a C header file which lists structures and enum members defined in the database.

 

File Menu -> Produce File -> Create C header file

Edited April 1, 2012 by Swoorup

[DK22Pac]

0x563470 int __cdecl CWorld__ClearScanCodes()

0x70A960 int __cdecl CShadows__RenderStoredShadows()

Original R* names.

Has anyone some information about *stream sectors*?

[fastman92]

Has anyone some information about *stream sectors*?

I forgot where was that. Can you tell me EXE address?

[DK22Pac]

0xB7D0B8 streamSectors array

0x70A7E0 CShadows__CastPedShadowSectorList First param is *stream sector* pointer to streamSector.

StreamSector contain some array of pointers to CEntity.

Maybe

 

CStreamSector+0x0 entityPtrList+0x4 entityPtrList2

 

 

 

CPed+0x134 pedShadowData?

 

Edited April 27, 2012 by DK22Pac

[Wesser]

Some outdated findings:

 

ENTITY

 

CEntity + 0x36 - [byte] Entity type

0x02 = Player as driver

0x12 = Quiet driver

0x1A = Suspicious driver (when slightly or heavily collided, unlike cops who are never quiet)

0x22 = No driver

0x2A = Destroyed

0x4A = Player as driver is exiting or being wasted, busted or hijacked

 

PED

 

0x5E3B60 - BYTE __thiscall CPed__getWeaponSkillIndexByType(short sType)

0x5E6580 - BYTE __thiscall CPed__getWeaponSkillIndex()

 

VEHICLE

 

CVehicle + 0x37C - [bool] Nitro on/off (read-only)

 

CVehicle + 0x38C - [dword] Some flag

0x80000 = nitro installed

 

CVehicle + 0x48A - [byte] Nitro Slots

2/5/10 = nitros normal slots (n - 1)

101 = special nitro (cheat)

 

CVehicle + 0x8A4 - [float] Nitro timer

 

When nitro is activated, it is set to 0.0 and decreased by -1e-06. Once it overcomes -1.0, the game automatically sets it to 0.0 and it gets increased by 1e-06 (it rises faster if player doesn't accelerate and twice if he decelerates, possible bug).

 

CVehicle + 0x978 - [dword] Nitro particle 1 (mono exhaust)

 

CVehicle + 0x97C - [dword] Nitro particle 2 (dual exhaust)

 

0x6A3EA0 - void __thiscall CAutomobile__processNitro(BYTE bSlots)

 

PATHFIND

 

0x96F050 - CPathFind

 

0x420A10 - void *__thiscall CPathFind__getNodePosition(void *pCoords) (from MTA's source)

 

0x420AC0 - void *__thiscall CPathFind__getNodePointer(DWORD dwNodeAddr) (from MTA's source)

 

0x44E4F0 - void __thiscall CPathFind__popRouteNodesFartherFrom(float fOriginX, float fOriginY, float fOriginZ, DWORD *pNodeList[], short *pSteps)

 

fOriginZ - It's unused in the whole function.

 

0x4515D0 - void __thiscall CPathFind__findShortestRouteNodes(BYTE bType, float fOriginX, float fOriginY, float fOriginZ, DWORD dwFirstNode, float fDestX, float fDestY, float fDestZ, DWORD *pNodeList[], short *pSteps, short sMaxSteps, float *pDistance, float fMinRadius, DWORD dwLastNode, float fMaxRadius, bool bFollowPath, WORD wFlag, bool bUnk, bool bUnk)

 

bType - Route type

0 = vehicle

1 = pedestrian

pNodeList - An array containing all route nodes found between the start and destination points.

pSteps - The number of route nodes found.

sMaxSteps - The length of pNodeList array.

fMinRadius - The minimum radius the first node and the next nearest one must have to start searching from the origin. It needs confirmation, though.

fMaxRadius - The maximum radius to start searching from the destination.

bFollowPath - If set, route nodes respect lanes, otherwise the best shortest route is found.

wFlag - It's still unknown. Maybe it defines the type the search nodes do have. Default value is 0xFFFF.

 

CONTROLS

 

0x53FF90 - bool __thiscall CPad__firePressed()

0x53FDD0 - bool __thiscall CPad__lookLeftPressed()

0x53FE10 - bool __thiscall CPad__lookRightPressed()

0x53FE70 - bool __thiscall CPad__lookBehindPressed()

 

MATRIX

 

0x59BD10 - void __thiscall CMatrix__copyFromRwMatrix(RwMatrix *pMatrix, BYTE bUnk)

0x59BD90 - void __thiscall CMatrix__copyToRwMatrix(RwMatrix *pMatrix, BYTE bUnk)

 

PARTICLE

 

CParticle (size = 0x84?)

+ 0x0 - [dword] Pointer to next CParticle

+ 0x4 - [dword] Pointer to previous CParticle

+ 0x8 - [dword] Unknown pointer to CParticleData

+ 0xC - [dword] Attaching matrix

+ 0x10-0x50 - [RwMatrix] Matrix

+ 0x50 - [byte] Status:

0 = visible

1 = inactive

>=2 = unknown

+ 0x51 - [byte] Unknown status

+ 0x52-0x53 - [byte] Unknown

+ 0x54 - [dword] Unknown

+ 0x58 - [float] Distance from camera

+ 0x5C - [short] Time (0.0 to 1.0) * 256

+ 0x5E - [short] Frequency/Intensity (0.0 to 1.0) * 1000

+ 0x60 - [short] Speed (0.0 to 1.0) * 1000

+ 0x62 - [byte] Flag

+ 0x63 - [byte] Unknown

+ 0x64 - [float] Unknown ((rand() % 10000) * 0.0001 * (pParticle.matrix.right.y - pParticle.matrix.right.x) + pParticle.matrix.right.x)

+ 0x68-0x70 - [dword] Unknown

+ 0x74-0x84 - [dword] Unknown pointer

 

BULLET

 

0x735FD0 - void __cdecl CBullet__releaseAll()

0x736010 - bool __cdecl CBullet__create(CPed *pEntity, short sWeaponType, float fOriginX, float fOriginY, float fOriginZ, float fVelocityX, float fVelocityY, float fVelocityZ)

 

WEAPONINFO

 

0x743C60 - void *__cdecl CWeaponInfo__getInfo(short sType, BYTE bSkillIndex)

0x743CD0 - short __cdecl CWeaponInfo__getSkillStat(short sType)

 

PLACEABLE

 

0x50A360 - void __stdcall CPlaceable__getPitchYaw(RwV3d *vOffset, float *fPitch, float *fYaw) (unreferenced)

0x59C790 - void __cdecl CPlaceable__transformRelToAbsOffset(RwV3d *vPoint, RwMatrix *pMatrix, RwV3d *vOffset)

0x59C810 - void __cdecl CPlaceable__transformAbsToRelOffset(RwV3d *vPoint, RwV3d *vOffset, RwMatrix *pMatrix)

 

STRING

 

0x718600 - char *__cdecl CStr__gtaStrCpy(const char *szSource char *szDest)

0x718630 - char *__cdecl CStr__gtaStrCat(char *szDest const char *szSource)

0x718660 - char *__cdecl CStr__gtaStrCpy(char *szDest const char *szSource)

0x718690 - DWORD __cdecl CStr__gtaStrLen(const char *szString)

0x7186B0 - char *__cdecl CStr__gtaStrReplace(char *szDest const char *szSource, DWORD dwPos)

0x7186E0 - char *__cdecl CStr__gtaUCasePtr(char *szDest const char *szSource)

0x718710 - void __cdecl CStr__gtaUCase(const char *szString)

0x718740 - void __cdecl CStr__gtaLCase(const char *szString)

 

2DTEXT

 

0x719380 - void __cdecl C2DText__setSize(float fWidth, float fHeight)

0x719430 - void __cdecl C2DText__setRGBA(DWORD dwColor)

0x719490 - void __cdecl C2DText__setFont(BYTE bType)

0x7194E0 - void __cdecl C2DText__setBackgroundWidth(float fWidth)

0x719510 - void __cdecl C2DText__setShadowRGBA(DWORD dwColor)

0x719590 - void __cdecl C2DText__setShadowSize(BYTE bSize)

0x7195B0 - void __cdecl C2DText__setMinimized(bool bToggle)

0x7195C0 - void __cdecl C2DText__setBackground(bool bWidth, bool bMultiline)

0x719610 - void __cdecl C2DText__setAlignment(BYTE bType)

0 = center

1 = right

2 = left

 

2DRENDER

 

0x728640 - void __cdecl C2DRender__drawBarChart(float fPosX, float fPosY, WORD wWidth, BYTE bHeight, float fPercentage, BYTE bRightBorderWidth, bool bPercentage, bool bBorder, DWORD dwForeColor, DWORD dwRightBorderColor) (from MTA's source)

 

SCREEN

 

0x859520 - [float] Width scale (1/640)

0x859524 - [float] Height scale (1/448)

0x865394 - [float] Half width scale (1/320)

0x865398 - [float] Half height scale (1/224)

 

0x70CE30 - bool __cdecl CScreen__transform3DTo2DPoint(RwV3d *vPoint, RwV2d *vScreen, float *pMultX, float *pMultY, bool bNearClip, bool bFarClip)

0x71DA00 - bool __cdecl CScreen__transform3DTo2DPoint(RwV3d *vPoint, RwV2d *vScreen, float *pMultX, float *pMultY)

0x71DAB0 - bool __cdecl CScreen__transform3DTo2DPoint(RwV3d *vPoint, RwV2d *vScreen)

 

Here is the updated version according to this script:

 

{ FUNCTIONS INCLUDED:-   getScreenXYFrom3DCoords     Type: GET       Description: Get screen 2D coords from world 3D coords.-   get3DCoordsFromScreenXY     Type: GET       Description: Get world 3D coords from screen 2D coords by a fixed distance.-   getFullScreenXY     Type: GET       Description: Get screen XY from current resolution.-   getLocalVarOffset     Type: GET       Description: Get local var offset from thread pointer.}{$CLEO}0000: NOP03F0: enable_text_draw 1 while true wait 0  04C4: store_coords_to [email protected] [email protected] [email protected] from_actor $PLAYER_ACTOR with_offset 0.0 0.0 1.0  0AB1: call_scm_func @getScreenXYFrom3DCoords 3 coords_XYZ [email protected] [email protected] [email protected] store_to [email protected] [email protected]  0AB1: call_scm_func @get3DCoordsFromScreenXY 3 coords_XY [email protected] [email protected] distance 1.0 store_camera_to [email protected] [email protected] [email protected] point_to [email protected] [email protected] [email protected]  0AB1: call_scm_func @getScreenXYFrom3DCoords 3 coords_XYZ [email protected] [email protected] [email protected] store_to [email protected] [email protected]  054C: use_GXT_table 'SWEET6'  0341: unknown_text_draw_flag 0  0342: enable_text_draw_centered 1  033E: set_draw_text_position [email protected] [email protected] GXT 'SWE6B34' end:getScreenXYFrom3DCoords{ Parameters:   Passed:     [email protected] - position X     [email protected] - position Y     [email protected] - position Z   Result:     [email protected] - screen X     [email protected] - screen Y Example:   0AB1: call_scm_func @getScreenXYFrom3DCoords 3 coords_XYZ 2488.562 -1666.865 12.8757 store_to [email protected] [email protected] }0AB1: call_scm_func @getLocalVarOffset 1 var 0 store_to [email protected] 0AB1: call_scm_func @getLocalVarOffset 1 var 3 store_to [email protected] 0AB1: call_scm_func @getLocalVarOffset 1 var 5 store_to [email protected] 0AB1: call_scm_func @getLocalVarOffset 1 var 6 store_to [email protected] 0AA5: call 0x70CE30 num_params 6 pop 6 bFarClip 0 bNearClip 0 pMultY [email protected] pMultX [email protected] pScreen [email protected] pCoords [email protected] 0AB1: call_scm_func @getScreenXY 2 coords_XY [email protected] [email protected] store_to [email protected] [email protected] 0AB2: ret 2 [email protected] [email protected] :get3DCoordsFromScreenXY{ Parameters:   Passed:     [email protected] - screen X     [email protected] - screen Y     [email protected] - distance   Result:     [email protected] - camera X     [email protected] - camera Y     [email protected] - camera Z     [email protected] - position X     [email protected] - position Y     [email protected] - position Z Example:   0AB1: call_scm_func @get3DCoordsFromScreenXY 3 coords_XY 320.0 224.0 distance 1.0 store_camera_to [email protected] [email protected] [email protected] point_to [email protected] [email protected] [email protected] }0A8D: [email protected] = read_memory 0x8D5038 size 4 virtual_protect 0 // field of [email protected] *= 0.5 02F6: [email protected] = sine [email protected] 02F7: [email protected] = cosine [email protected] 0073: [email protected] /= [email protected] // tangent line0A8D: [email protected] = read_memory 0x865394 size 4 virtual_protect 0 // half screen X scale006B: [email protected] *= [email protected] [email protected] -= 1.0 0097: make [email protected] absolute_float006B: [email protected] *= [email protected] 0A8D: [email protected] = read_memory 0x865398 size 4 virtual_protect 0 // half screen Y scale006B: [email protected] *= [email protected] [email protected] -= 1.0 0097: make [email protected] absolute_float006B: [email protected] *= [email protected] 0A8D: [email protected] = read_memory 0xC3EFA4 size 4 virtual_protect 0 // screen aspect ratio0073: [email protected] /= [email protected] 0087: [email protected] = [email protected] 0087: [email protected] = [email protected] 0087: [email protected] = [email protected] 0AB1: call_scm_func @getLocalVarOffset 1 var 9 store_to [email protected] 0A8D: [email protected] = read_memory 0xB6F03C size 4 virtual_protect 0 // camera matrix0AA5: call 0x59C890 num_params 3 pop 3 pOffsets [email protected] pMatrix [email protected] pPoint [email protected] // CPlaceable__transformPoint006B: [email protected] *= [email protected] 006B: [email protected] *= [email protected] 0087: [email protected] = [email protected] 0087: [email protected] = [email protected] 0087: [email protected] = [email protected] 0AB1: call_scm_func @getLocalVarOffset 1 var 14 store_to [email protected] 0AA5: call 0x59C890 num_params 3 pop 3 pOffsets [email protected] pMatrix [email protected] pPoint [email protected] // CPlaceable__transformPoint0AB2: ret 6 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] :getScreenXY{ Parameters:   Passed:     [email protected] - full screen X     [email protected] - full screen Y   Result:     [email protected] - screen X     [email protected] - screen Y Example:   0AB1: call_scm_func @getScreenXY 2 coords_XY 512.0 384.0 store_to [email protected] [email protected] }0A8D: [email protected] = read_memory 0xC17044 size 4 virtual_protect 0 // full screen X0A8D: [email protected] = read_memory 0x859520 size 4 virtual_protect 0 // screen X scale0093: [email protected] = integer [email protected] to_float006B: [email protected] *= [email protected] 0073: [email protected] /= [email protected] 0A8D: [email protected] = read_memory 0xC17048 size 4 virtual_protect 0 // full screen Y0A8D: [email protected] = read_memory 0x859524 size 4 virtual_protect 0 // screen Y scale0093: [email protected] = integer [email protected] to_float006B: [email protected] *= [email protected] 0073: [email protected] /= [email protected] 0AB2: ret 2 [email protected] [email protected] :getLocalVarOffset{ Parameters:   Passed:     [email protected] - var number   Result:     [email protected] - var pointer Example:   0AB1: call_scm_func @getLocalVarOffset 1 var 0 store_to [email protected] }[email protected] *= 0x4 0A9F: [email protected] = current_thread_pointer0A8E: [email protected] = [email protected] + 0xDC 0A8D: [email protected] = read_memory [email protected] size 1 virtual_protect 0 // bMissionFlagif  [email protected] == 1 then [email protected] += 0xA48960 // pMissionLocalselse 005A: [email protected] += [email protected]  [email protected] += 0x3C // pThreadLocalsend0AB2: ret 1 [email protected] 

 

Edited April 6, 2013 by Wesser

[DK22Pac]

@Wesser wow, good work with particleData documenting)

 

0x5E5ED0 void __thiscall CPed__addWeaponModel(CPed *ped, int modelID)

 

void __thiscall CPed__addWeaponModel(CPed *ped, int modelID){ CPed *_ped; CBaseModelInfo *weaponModel; int weapClump; int pedtype; int weapSlotOffset; CWeaponSlot *weapSlot; int hAnimHier; int boneIndex; int pMatrices; int molotovPrt; RwV3D pos; _ped = ped; if ( modelID != -1 ) {   if ( !ped->weaponSlots[ped->m_bActiveWeapon].field_15 )   {     weaponModel = modelPtrs[modelID];     if ( ped->WeaponClump )       CPed__removeWeaponModel(ped, -1);     weapClump = (*(weaponModel->__vmt + 0x2C))(weaponModel); // CModelBase::createInstance     _ped->WeaponClump = weapClump;     if ( weapClump )       _ped->WeaponGunflashClump = findObjectByNodeName(weapClump, "gunflash");     else       _ped->WeaponGunflashClump = 0;     CModelBase__addRef(weaponModel);     pedtype = _ped->pedType;     _ped->field_740 = modelID;     if ( !pedtype || pedtype == 1 )     {       weapSlotOffset = 28 * _ped->m_bActiveWeapon;       weapSlot = (_ped->weaponSlots + weapSlotOffset);       if ( weapSlot->type == WEAPON_MOLOTOV )       {         if ( modelID == MODEL_MOLOTOV )         {           if ( !*(&_ped->weaponSlots[0].particle + weapSlotOffset) )           {             hAnimHier = clumpGetFirstSkinAtomicHAnimHierarchy(_ped->__parent.__parent.m_pRWObject);             boneIndex = RpHAnimIDGetIndex(hAnimHier, BONE_RIGHTWRIST);             pMatrices = RpHAnimHierarchyGetMatrixArray(hAnimHier);             LODWORD(pos.x) = 0;             LODWORD(pos.y) = 0;             LODWORD(pos.z) = 0;             molotovPrt = createParticle("molotov_flame", &pos, ((boneIndex * 64) + pMatrices), 0);             weapSlot->particle = molotovPrt;             if ( molotovPrt )             {               sub_4AA910(1);               dummy_4AA890(weapSlot->particle);               CParticle__init(weapSlot->particle);             }           }         }       }     }   } }}

 

 

PS

entity->type & 7

 

1 - building2 - vehicle3 - ped7 - boat

 

Edited May 2, 2012 by DK22Pac

[Swoorup]

 

0x4515D0 - void __thiscall CPathFind__findShortestRouteNodes(BYTE bType, float fOriginX, float fOriginY, float fOriginZ, DWORD dwFirstNode, float fDestX, float fDestY, float fDestZ, DWORD *pNodeList[], short *pSteps, short sMaxSteps, float *pDistance, float fMinRadius, DWORD dwLastNode, float fMaxRadius, bool bFollowPath, WORD wFlag, bool bUnk, bool bUnk)

 

bType - Route type

0 = vehicle

1 = pedestrian

pNodeList - An array containing all route nodes found between the start and destination points.

 

About the pNodeList, is it stored seperately for each ped/ vehicle entities by the game?

[Wesser]

What do you mean? Something like this?

 

CVehicle + 0x394 - [dword] Starting route node index (dwFirstNode)

CVehicle + 0x3DB - [dword] Traffic flag ((dwTrafficFlag >> 6) & 1 = bFollowPath)

CVehicle + 0x3EC - [float] Destination X (fDestX)

CVehicle + 0x3F0 - [float] Destination Y (fDestY)

CVehicle + 0x3F4 - [float] Destination Z (fDestZ)

CVehicle + 0x3F8 - [dword] Array of the last 8 route nodes (dwNodeList[8])

CVehicle + 0x418 - [short] Amount of remaining route nodes (sSteps)

 

Ped's related addresses are stored somewhere in a task pointer where I don't want to look through right now.

[Swoorup]

Interesting.

In VC, the CPathFind structure is something like this

 

 

struct GlobalMap{   CPathNode Paths[9650];   CSearchNode SearchPaths[3500];   int InstBuildings[1250];   __int16 pointsInfo[20400];   __int8 tanAngle[20400];   __int16 SearchPointsInfo[20400];   int lastPedRoutePointIndex;   int lastVehicleRoutePointIndex;   int totalVehicleRoutePointIndexm;   __int16 numberOfBuildings;   WORD totalPointInfoIndex;   DWORD totalSearchPoints;   DWORD field_53804;   char field_53808[2];   CPathNode unklist[512];};#pragma pack(pop)

 

 

The last structure member is written to and read by the game on the run. Do you know what that means? I am guessing if its similar to SA

Edited February 10, 2013 by Swoorup

[JoeBullet]

00000000 CRope struc ; (sizeof=0x328)

00000000 m_vecRopeSegments RwV3D 31 dup(?)

00000174 m_vecRopeStartPos RwV3D ?

00000180 m_vecRopeSegmentsReleased RwV3D 31 dup(?)

000002F4 m_pad1 dd ?

000002F8 m_pad2 dd ?

000002FC m_pad3 dd ?

00000300 m_pRopeEntity dd ? ; offset

00000304 m_pad4 dd ?

00000308 m_fMass dd ?

0000030C m_uiRopeTotalLength dd ?

00000310 pRopeHolder dd ? ; offset

00000314 m_pRopeAttacherObject dd ? ; offset

00000318 m_pAttachedEntity dd ? ; offset

0000031C m_uiRopeSegmentLength dd ?

00000320 m_uiHoldEntityExpireTime dd ?

00000324 m_uiSegmentCount db ?

00000325 m_ucRopeType db ?

00000326 m_ucFlags1 db ?

00000327 m_ucFlags2 db ?

00000328 CRope ends

 

.data:00B768B8 pRopePool CRope 8 dup(<?>)

 

0x555DC0 static CRope::ResetAll()

0x555F80 CRope::IsEntityAttachedToCrane(CEntity *pEntity)

0x555FB0 CRope::IsRopeOwnedByCrane()

0x556000 CRope::FindByRopeEntity(CEntity *pRopeEntity)

0x556030 CRope::ReleaseRope()

0x556070 CRope::CreateRopeAttacherObject()

0x556780 CRope::~CRope()

0x556800 CRope::Draw()

0x5569C0 CRope::AttachEntity(CEntity *pEntityToAttach)

0x556AE0 static CRope::DrawAll()

0x556B10 static CRope::DestroyAll()

0x556B40 static CRope * CRope::Create(CEntity *pRopeEntity, char ucRopeType, float startPosX, float startPosY, float startPosZ, bool bExpires, char ucSegmentCount, char ucFlags, CEntity *pRopeHolder, int uiExpireTime)

0x557530 CRope::Process()

0x558D10 CRope::CreateSwatRope(CVector *pPos)

0x558D70 static CRope::ProcessAll()

0x5561B0 CRope::Adjust(float startPosX, float startPosY, float startPosZ, int uiUnknown, CVector *pOutVec)

 

It needs to be verified, though.

[Deji]

It needs to be verified, though.

I don't know who you are, but you're a legend! Been after some discovery in this area for a while but never had much time to spend on it. You from MTA or something?

[JoeBullet]

I have been offered a commit access to MTA because of my former contribution(that was at the time when MTA was moving from git to svn) but had to refuse it due to my very limited time and some other projects I am working on. Here are some functions for CWaterCannon(s):

 

CWaterCannon

0x00728AB0 CWaterCannon::~CWaterCannon()

0x00728B40 CWaterCannon::Init()

0x00728C20 CWaterCannon::SetStartAndEndPoint(RwV3D* pStartPoint, RwV3D* pEndPoint)

0x00728CB0 CWaterCannon::Update(CVehicle *pVehicleHoldingCannon, RwV3D* pStartPoint, RwV3D* pEndPoint)

0x00728DA0 CWaterCannon::Render()

0x007295E0 CWaterCannon::PushPeds()

0x0072A280 CWaterCannon::Process(char id)

 

I didn't do as much research on the structure as I did with CRope, but some basic info: First member - Vehicle that is holding water cannon, Second Member - Segments count, there is also segment structure similar to one in CRope.

 

CWaterCannons

0x00728B10 CWaterCannons::CWaterCannons

0x00728B30 CWaterCannons::~CWaterCannons

0x00728C80 CWaterCannons::Initialise()

0x00729B30 CWaterCannons::Render()

0x0072A3C0 CWaterCannons::ProcessAll()

[Deji]

I have been offered a commit access to MTA because of my former contribution(that was at the time when MTA was moving from git to svn) but had to refuse it due to my very limited time and some other projects I am working on.

Very similar situation here, lol.

 

And to be honest, I just had an array when I documented CWaterCannon stuff. I was more interested in concocting a way to easily create small amounts of water in places (literally, just a puddle).

 

Anyway, welcome to GTAForums (or more specifically, the modding parts)

[DK22Pac]

Some unfinished researching...

 

00000000 CPedShadowData  struc; (sizeof=0x4C)00000000 ped             dd ?                  ; CPed *00000004 field_4         db ?00000005 intensityMultiplier db ?00000006 field_6         db 2 dup(?)00000008 cameraA         dd ?                  ; RwCamera *0000000C texture         dd ?                  ; RwTexture *00000010 flagA           dd ?00000014 cameraB         dd ?                  ; RwCamera *00000018 textureBlurred  dd ?                  ; RwTexture *0000001C field_1C        dd ?00000020 flagB           dd ?00000024 field_24        dd ?00000028 light           dd ?                  ; RpLight *0000002C field_2C        db 16 dup(?)0000003C sunPos          RwV3D ?                ; normalized00000048 field_48        dd ?0000004C CPedShadowData  ends

 

 

00000000 obj_C40350      struc; (sizeof=0x54)00000000 flag1           db ?00000001 field_1         db ?00000002 field_2         db ?00000003 field_3         db ?00000004 shadowData      dd ?                  ; CPedShadowData *00000008 shadowDataPtrLists shadowDataPtrList 3 dup(?)00000044 _camera1        dd ?00000048 _texture1       dd ?                  ; struct  offset0000004C _camera2        dd ?00000050 _texture2       dd ?                  ; struct  offset00000054 obj_C40350      ends

 

 

00000000 shadowDataPtrList struc; (sizeof=0x14)00000000 shadowDataPtr   dd 5 dup(?)00000014 shadowDataPtrList ends

 

Edited May 13, 2012 by DK22Pac

[JoeBullet]

Great research!

Though, it seems that your obj_c40350 struct is more like this:

 

0000000 CShadowManager  struc; (sizeof=0x54)00000000 bInitialized    db ?00000001 field_1         db ?00000002 field_2         db ?00000003 field_3         db ?00000004 ppShadowData    dd 16 dup(?)          ; offset00000044 pCamera1        dd ?00000048 pTexture1       dd ?0000004C pCamera2        dd ?00000050 pTexture2       dd ?00000054 CShadowManager  ends

 

I call it CShadowManager.

0x7067C0 CShadowManager::CShadowManager()

0x705B30 CShadowManager::DeleteShadowData(CShadowData* pShadowData)

0x706460 CShadowData::Init(bool bIsBlurred, char ucUnk, bool bUnk)

 

CShadowData

 

00000000 CShadowData     struc; (sizeof=0x4C)00000000 pParent         dd ?                  ; CPhysical*00000004 field_4         db ?00000005 ucIntensity     db ?00000006 field_6         db ?00000007 field_7         db ?00000008 pCamera         dd ?                  ; offset0000000C pTexture        dd ?                  ; offset00000010 bIsBlurred      db ?00000011 field_11        db ?00000012 field_12        db ?00000013 field_13        db ?00000014 pCameraBlurred  dd ?00000018 pTextureBlurred dd ?                  ; offset0000001C field_1C        dd ?00000020 field_20        db ?00000021 field_21        db ?00000022 field_22        db ?00000023 field_23        db ?00000024 ObjectType        dd ?00000028 pLight          dd ?                  ; offset0000002C boundingSphere   RwSphere ?0000003C vecSunPosNormalized RwV3D ?00000048 field_48        dd ?0000004C CShadowData     ends

 

 

CPhysical + 0x134: CShadowData *pShadowData

 

Note: It seems that m_pRwObject is RpAtomic* rather then RpClump*.

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 

00000000 CGlass          struc; (sizeof=0x70)00000000 matrix          CMatrix ?00000048 field_48        dd ?0000004C field_4C        dd ?00000050 field_50        dd ?00000054 field_54        RwV3D ?00000060 time            dd ?00000064 field_64        dd ?00000068 field_68        dd ?0000006C field_6C        db ?0000006D field_6D        db ?0000006E field_6E        db ?0000006F field_6F        db ?00000070 CGlass          ends

 

 

.data:00C71BF8     aGlassPanes     CGlass 2Dh dup(<?>)

 

 

0x854ee0 static CGlass::global_ctor()0x856ba0 static CGlass::global_dtor()0x71a8b0 CGlass::CGlass()0x71a8c0 CGlass::~CGlass()0x71a8d0 CGlass::Init()0x71aa10 CGlass::Update()0x71b0d0 static CGlass::UpdateAll()0x71b100 CGlass::Render_One0x71b620 CGlass::GeneratePanesForWindow0x71bc40 CGlass::WindowRespondsToCollision0x71c0d0 CGlass::WasGlassh*tByBullet0x71c1a0 CGlass::WindowRespondsToExplosion0x71ce20 CGlass::Render

 

 

Misc:

0x6A8C00 CAutomobile::ProcessBuoyancy

0x5E1FA0 CPed::ProcessBuoyancy

 

CEntity revised...

 

class CEntitySAInterface{public:CEntitySAInterfaceVTBL  * vtbl;	// the virtual tableCPlaceableSAInterface	Placeable; // 4RpClump  * m_pRwObject; // 24/********** BEGIN CFLAGS **************/unsigned long bUsesCollision : 1;  	// does entity use collisionunsigned long bCollisionProcessed : 1;  // has object been processed by a ProcessEntityCollision functionunsigned long bIsStatic : 1;    // is entity staticunsigned long bHasContacted : 1;  	// has entity processed some contact forcesunsigned long bIsStuck : 1;    // is entity stuckunsigned long bIsInSafePosition : 1;  // is entity in a collision free safe positionunsigned long bWasPostponed : 1;  	// was entity control processing postponedunsigned long bIsVisible : 1;    //is the entity visibleunsigned long bIsBIGBuilding : 1;  	// Set if this entity is a big buildingunsigned long bRenderDamaged : 1;  	// use damaged LOD models for objects with applicable damageunsigned long bStreamingDontDelete : 1;	// Dont let the streaming remove this unsigned long bRemoveFromWorld : 1;  // remove this entity next time it should be processedunsigned long bHash*tWall : 1;    // has collided with a building (changes subsequent collisions)unsigned long bImBeingRendered : 1;  // don't delete me because I'm being renderedunsigned long bDrawLast :1;    // draw object lastunsigned long bDistanceFade :1;  	// Fade entity because it is far awayunsigned long bDontCastShadowsOn : 1;  // Dont cast shadows on this objectunsigned long bOffscreen : 1;    // offscreen flag. This can only be trusted when it is set to trueunsigned long bIsStaticWaitingForCollision : 1; // this is used by script created entities - they are static until the collision is loaded below themunsigned long bDontStream : 1;    // tell the streaming not to stream meunsigned long bUnderwater : 1;    // this object is underwater change drawing orderunsigned long bHasPreRenderEffects : 1;	// Object has a prerender effects attached to itunsigned long bIsTempBuilding : 1;  	// whether or not the building is temporary (i.e. can be created and deleted more than once)unsigned long bDontUpdateHierarchy : 1;	// Don't update the aniamtion hierarchy this frameunsigned long bHasRoadsignText : 1;  // entity is roadsign and has some 2deffect text stuff to be renderedunsigned long bDisplayedSuperLowLOD : 1;unsigned long bIsProcObject : 1;  	// set object has been generate by procedural object generatorunsigned long bBackfaceCulled : 1;  	// has backface culling onunsigned long bLightObject : 1;  	// light object with directional lightsunsigned long bUnimportantStream : 1;  // set that this object is unimportant, if streaming is having problemsunsigned long bTunnel : 1;  	// Is this model part of a tunnelunsigned long bTunnelTransition : 1;  // This model should be rendered from within and outside of the tunnel/********** END CFLAGS **************/   uint8_t         m_ucSeedColFlags;   uint8_t  	m_ucSeedVisibleFlags;   uint16_t        m_nModelIndex;//34   CReferences	*   m_pReferences; //36      DWORD *  	m_pLastRenderedLink; //   CLink<CEntity*>* m_pLastRenderedLink; +40      uint16_t m_nScanCode;           // 44   uint8_t m_iplIndex;            // used to define which IPL file object is in +46   uint8_t m_areaCode;            // used to define what objects are visible at this point +47      // LOD sh*t   CEntitySAInterface * m_pLod; // 48   // num child higher level LODs   uint8_t numLodChildren; // 52   // num child higher level LODs that have been rendered   int8_t numLodChildrenRendered; // 53   //********* BEGIN CEntityInfo **********//   uint8_t nType : 3; // what type is the entity              // 54 (2 == Vehicle)   uint8_t nStatus : 5;               // control status       // 54   //********* END CEntityInfo **********//   uint8_t m_align; // 55   float pad1; // 56   uint32_t pad2; // 60 - a kind of frame counter or similar   uint32_t b0x01 : 1; // 64   uint32_t bApplyGravity : 1;   uint32_t b0x04 : 1;   uint32_t b0x08 : 1;   uint32_t b0x10 : 1;   uint32_t b0x20 : 1;   uint32_t b0x40 : 1;   uint32_t b0x80 : 1;   uint32_t b0x100 : 1; // 65   uint32_t bOnSolidSurface : 1;   uint32_t b0x400 : 1;   uint32_t b0x800 : 1;    uint32_t b0x1000 : 1;   uint32_t b0x2000 : 1;   uint32_t b0x4000 : 1;   uint32_t b0x8000 : 1;   uint32_t b0x10000 : 1; // 66   uint32_t b0x20000 : 1;   uint32_t bBulletProof : 1;   uint32_t bFireProof : 1;   uint32_t bCollisionProof : 1;   uint32_t bMeeleProof : 1;   uint32_t bInvulnerable : 1;   uint32_t bExplosionProof : 1;   uint32_t b0x1000000 : 1; // 67   uint32_t b0x2000000 : 1;   uint32_t b0x4000000 : 1;   uint32_t bTouchingWater : 1;   uint32_t bEnableCollision : 1;   uint32_t bDestroyed : 1;   uint32_t b0x40000000 : 1;   uint32_t b0x80000000 : 1;};

 

;;;;;;;;;;;;;;;;;;;;;;;;;;;

 

class CBodyPart{public:float pad1; // 0x00RwV3D pos; // 0x04RpQuat* pOrientation; // 0x10uint32_t animID; // 0x14float pad6; // 0x18float pad7; // 0x1Cfloat pad8; // 0x20};

 

 

 

00000000 CBodyParts      struc; (sizeof=0x48)00000000 pTorso          dd ?00000004 pHead           dd ?00000008 pLegs           dd ?0000000C pShoes          dd ?00000010 pLowerLeftArm   dd ?00000014 pUpperLeftArm   dd ?00000018 pLowerRightArm  dd ?0000001C pUpperRightArm  dd ?                  ; offset00000020 pUpperBack      dd ?                  ; offset00000024 pLeftChest      dd ?                  ; offset00000028 pRightChest     dd ?                  ; offset0000002C pStomach        dd ?00000030 pLowerBack      dd ?00000034 pNecklace       dd ?00000038 pWatch          dd ?0000003C pGlasses        dd ?00000040 pHat            dd ?00000044 pSpecialCostume dd ?00000048 CBodyParts      ends

 

Though i think names are bit misleading for things such as pStomach, pWatch etc.

 

CPed+0x488 pBodyParts CBodyParts ?

Edited May 14, 2012 by JoeBullet

[DK22Pac]

Wow, thank for your help, Joe.

I'll continue "shadow" researching tommorow.

For this time, I updated CRegisteredShadow structure.

 

00000000 CRegisteredShadow struc; (sizeof=0x34)00000000 pos             RwV3D ?0000000C X1              dd ?                  ; rotation params00000010 Y1              dd ?00000014 X2              dd ?00000018 Y2              dd ?0000001C zDistance       dd ?00000020 field_20        dd ?00000024 texture         dd ?                  ; RwTexture *00000028 shadowData      dd ?                  ; CShadowData *0000002C intensity       dw ?0000002E colorType       db ?                  ; 1 - black, 2 - RGB, 3 - inversed RGB0000002F rChannel        db ?00000030 gChannel        db ?00000031 bChannel        db ?00000032 flags           dw ?00000034 CRegisteredShadow ends

 

 

.data:00C40430     aShadows        CRegisteredShadow 30h dup(<?>)

 

About bones, I thought that:

 

CBone+0x4 = RwV3D offset

 

I have some stuff here:

link

PS It is possible to get adress of any bone by some formula, I've released this in some of mine opcodes:

 

0D30: [email protected] = actor $3 bone 4

 

(BoneIDs were documented in getPedBonePosition page at MTA site).

Edited May 13, 2012 by DK22Pac

[JoeBullet]

Wow, thank for your help, Joe.

I'll continue "shadow" researching tommorow.

For this time, I updated CRegisteredShadow structure.

 

00000000 CRegisteredShadow struc; (sizeof=0x34)00000000 pos             RwV3D ?0000000C X1              dd ?                  ; rotation params00000010 Y1              dd ?00000014 X2              dd ?00000018 Y2              dd ?0000001C zDistance       dd ?00000020 field_20        dd ?00000024 texture         dd ?                  ; RwTexture *00000028 shadowData      dd ?                  ; CShadowData *0000002C intensity       dw ?0000002E colorType       db ?                  ; 1 - black, 2 - RGB, 3 - inversed RGB0000002F rChannel        db ?00000030 gChannel        db ?00000031 bChannel        db ?00000032 flags           dw ?00000034 CRegisteredShadow ends

 

 

.data:00C40430     aShadows        CRegisteredShadow 30h dup(<?>)

 

About bones, I thought that:

 

CBone+0x4 = RwV3D offset

 

I have some stuff here:

link

PS It is possible to get adress of any bone by some formula, I've released this in some of mine opcodes:

 

0D30: [email protected] = actor $3 bone 4

 

(BoneIDs were documented in getPedBonePosition page at MTA site).

You are right about bones.

CRegisteredShadow+0x20 is a some kind of Offset according to russian gtamodding wiki page.

[DK22Pac]

Actually, that stuff on gtamodding was added by me xD

 

 

00000000 CRegisteredShadow_C4A030 struc; (sizeof=0x40)00000000 id?             dd ?00000004 field_4         dd ?                   ; pointer to something00000008 timeCreate      dd ?0000000C pos             RwV3D ?00000018 X1              dd ?                   ; rotation params0000001C Y1              dd ?00000020 X2              dd ?00000024 Y2              dd ?00000028 zDistance       dd ?0000002C unkScale        dd ?00000030 texture         dd ?                   ; RwTexture *00000034 intensity       dw ?00000036 colorType       db ?00000037 red             db ?00000038 green           db ?00000039 blue            db ?0000003A field_3A        db ?0000003B field_3B        db ?0000003C field_3C        db ?0000003D field_3D        db ?                   ; related to collision mesh?0000003E field_3E        dw ?00000040 CRegisteredShadow_C4A030 ends

 

Edited May 15, 2012 by DK22Pac

[MeatSafeMurderer]

Hi there, I am wondering if any of you know the addresses related to the positioning and color of hud items?

I would search but, it appears to be broken

Edited July 27, 2012 by MeatSafeMurderer

[Deji]

 

Hi there, I am wondering if any of you know the addresses related to the positioning and color of hud items?

I would search but, it appears to be broken 

http://gtag.gtagaming.com/forums/index.php?showtopic=265

I don't stand by every post there, though. Some things I posted (mostly addresses beginning with 0x8 are't to be fiddled with). It was made quite a long time ago.

-----------------------------------------

 

Some stuff I'm researching...

 

00000000 CConvo          struc; (sizeof=0x1C)00000000 field_0         dd ?00000004 field_4         dd ?00000008 pPed            dd ?                  ; offset0000000C ?unkTime1       dd ?00000010 ?unkTime2       dd ?00000014 ?stage          dd ?00000018 field_18        db ?00000019 bIsWithoutSubtitles db ?0000001A field_1A        db ?0000001B field_1B        db ?0000001C CConvo          ends

 

Edited August 1, 2012 by Deji

[boldijar.paul]

Hello!

 

I need to make a teleport hack in c# to coordinate. I need x , y and z position

 

Please tell me the adresses and the value..

 

like int x=0xasdsads +dasdas;

 

EditMemory(x, float value);

[fastman92]

Take a look at 0x005BD7B0 - void __cdecl CPlayer__SetPlayerCoordsFromFile()

 

Basically it is:

CPlaceable__SetPosition(&Player->__parent.__parent.__parent, &TxtCoordinates);

 

You need to make your own SetPosition function, see how easy it is:

 

void __thiscall CPlaceable__SetPosition(CPlaceable *this, RwV3D *Position){ CMatrix *v2; // [email protected] double v3; // [email protected] double v4; // [email protected] v4 = Position->z; v3 = Position->y; v2 = this->m_pCoords; if ( v2 ) {   v2->matrix.pos.x = Position->x;   this->m_pCoords->matrix.pos.y = v3;   this->m_pCoords->matrix.pos.z = v4; } else {   this->placement.pos.x = Position->x;   this->placement.pos.y = v3;   this->placement.pos.z = v4; }}

 

Fortunately SetPosition is very easy to code for trainer.

[boldijar.paul]

Take a look at 0x005BD7B0 - void __cdecl CPlayer__SetPlayerCoordsFromFile()

 

Basically it is:

CPlaceable__SetPosition(&Player->__parent.__parent.__parent, &TxtCoordinates);

 

You need to make your own SetPosition function, see how easy it is:

 

void __thiscall CPlaceable__SetPosition(CPlaceable *this, RwV3D *Position){ CMatrix *v2; // [email protected] double v3; // [email protected] double v4; // [email protected] v4 = Position->z; v3 = Position->y; v2 = this->m_pCoords; if ( v2 ) {   v2->matrix.pos.x = Position->x;   this->m_pCoords->matrix.pos.y = v3;   this->m_pCoords->matrix.pos.z = v4; } else {   this->placement.pos.x = Position->x;   this->placement.pos.y = v3;   this->placement.pos.z = v4; }}

 

Fortunately SetPosition is very easy to code for trainer.

I get a lot of errors..is this c++ or c#?

[fastman92]

C++, but it's exported from IDB database.

You should download IDB database of gta_sa.exe and see that function yourself

Then you can start writing your own function for trainter that will work exactly the same.

[boldijar.paul]

 

C++, but it's exported from IDB database.

You should download IDB database of gta_sa.exe and see that function yourself

Then you can start writing your own function for trainter that will work exactly the same.

https://www.google.com/search?q=DB+database...iw=1163&bih=745

 

 

I can't find , please give me a link

 

 

edit: i don't see how that can help.. why is not as easy as the money hack, or gravity or other memory ?

Edited August 4, 2012 by paulicabos

[Juarez]

More to more

Version 1.0

 

 

0x588E30 -> ShowTexBox1Number0x58A160 -> DrawTripSkip0x447790 -> DrawGarageText0x4E9E50 -> DrawRadioStation

 

Edited August 5, 2012 by juarez