Documenting GTA-SA memory addresses

[J-Fox.GEMM 0]

Hi guys thx for the actor pointer...

 

My issues in SA:

 

- Actor isn't moving smooth but he is synced 1 ms looped

- I can just copy the position

- Gravity settings will not work

- No of ur posted anim adresses works :: just zeros

- Found out the difference between UK and other EU file: The text files will be loaded in a different order

- Can't set Actor pos. while he is in car

- Damn forgot the other issues

 

Fox

 

 

[jacob. 1]

 

- Actor isn't moving smooth but he is synced 1 ms looped

Is it synced locally or remotely? What language is it coded in and what was your frame rate?

 

 

- No of ur posted anim adresses works :: just zeros 

Draco posted one that I know for a fact works - CPed + 1332.

This address gets automatically reset though and you'll have to figure out what to NOP.

 

 

- Can't set Actor pos. while he is in car 

I haven't tried this, but isn't this common sense? Don't move the actor, move the car. The car's position structure is identical to an actor's, the only thing different is finding its pointer.

[copini 0]

 

04FBD4F8 & 04FBD538 - closest car to player, may be zero if there are no cars in world or you are inside a shop or other interior or no car that hasn't been wrecked is near you (max searching distance is around 50 meters i think), these are not fixed address, i once found them on this offset but they vary, the memory was probably in player actor's memory block.

has anyone found out how to calculate these addresses yet?

I've tried to run through the code in IDA (I can't do any debugging in w32dasm or OllyDbg, the game hangs when I try), but it's just to complicated...

I know the program first calculates a base address, the two pointers are +0x0C and +0x4C from this address. but I can't figure out how to get it.

it would be nice to automaticly unlock a locked vehicle you try to enter, and I think using these addresses is the best way.

 

 

btw: 0xA4EC20 is the score for the dancing minigames, maybe for other minigames as well

[saracoglu 6]

Here is a HOT offset to player adresse:

 

CPed + 66 (Byte) this is the BP/EP/FP/DP status of the player as follows:

 

(values are in decimal, add them up as needed and assign byte value to CPed+66)

1 Makes Ped soft (ie. can move through walls and everything)

2 Freezes Ped (ie. ped cannot walk)

4 Bullet-proof

8 Flame-proof

16 ?

32 ?

64 Damage-proof (from collisions etc)

128 Explosion-proof

 

Assigning 1 enables ped to move thru obstacles, yet the ground itself is also an obstacle. So if you flip the first bit, player sinks below ground level

 

happy coding,

 

Alper

[DracoBlue 0]

I updated the gtadb, and completed the description of the WeaponSlot-structure.

 

Please look at the 3 unknown parts of the structure, but the rest should be complete.

 

WeaponSlot-Type

 

See you,

[DracoBlue 0]

 

also, someone that knows please answer my previous question:

"are these disk file management functions or IMG functions? and which interface do they use?"

Those are for all loaded files .dat .img etc.

 

See you,

[JernejL 52]

btw, it seems specific cars now have 4 colors, just look at the carcols.dat, so that are probably 2 bytes after first car colors in memory..

 

more:

 

#12234816 - insane stunt bonus and school instructions ansi-text - it stays onscreen as long as first char is non-zero

 

#12232608 - #399 bytes ANSI text-box in left top corner (12231808 and 12232208 are read only duplicates )

 

$00866C94 - money text formatting string, by default '$%08d'

#5829832 - pointer to money formatting string, there is some empty space at #4195145 that you can use..

[Cowpat 1]

Forgive me if these have been posted earlier

 

Current Car + 0x460 - Pointer to CPed (Player)

 

CPed + 0x58C - Pointer to or ID of current car. I parked two cars beside each other and hopped between each of them to confirm the numbers remained the same.

[[KFC]Nutz 0]

Found one way to change/disable the annoying solid clouds above 220 meters:

 

0x716642 (float)

0x716655 (float)

 

Both values default to 200 (00 00 48 43). If you change one of them to 100,000 (00 50 c3 47)

you get very few clouds, a much nicer effect. If you change both of them to 100,000

you never get the clouds.

 

It appears that betwen 200m and 500m StrClp (haze) gradually reduces from whatever

is in timecyc.dat (if greater than 800) to 800. I'm still looking for how to disable this.

 

Also, someone pointed out that when the height limit for aircraft is raised to 100,000m

you fall off bikes and motorcycles the instant you touch anything (!) Why the two

would be related is a mystery. Reducing the height limit to 2000m (still more

than double the default) seems to make it normal, though I don't do much biking

so it's hard to tell for sure.

Edited July 1, 2005 by [KFC]Nutz

[SeBsZ 0]

Hello guys,

 

I found these addresses:

 

0CB61120

0CB61124

0CB61128

 

which probably are the XYZ locations of the player. However, my values seem a little strange. When I start a new game, these are the tree values in those addresses:

 

-4263047608997904106

4708509432283569353

39519932217031777

 

Is that normal? The values seem to be read-only. I think these are the XYZ of the player because they only change when I move the character.

 

I know that stretchnutter posted this on the first page of this topic:

 

DWORD(CPed+0x14) + 0x30 = XPos

DWORD(CPed+0x14) + 0x34 = YPos

DWORD(CPed+0x14) + 0x38 = ZPos

 

but I don't understand how to put those values into a program like ArtMoney. Can someone help me here, I want the non-readonly values of the player location.

 

Thanks,

 

SeBsZ

[JernejL 52]

SeBsZ: thats because those structures are at dynamic locations, you need pointers.

 

[DracoBlue 0]

 

Hello guys,

 

I know that stretchnutter posted this on the first page of this topic:

 

DWORD(CPed+0x14) + 0x30 = XPos

DWORD(CPed+0x14) + 0x34 = YPos

DWORD(CPed+0x14) + 0x38 = ZPos

 

but I don't understand how to put those values into a program like ArtMoney. Can someone help me here, I want the non-readonly values of the player location.

 

Thanks,

 

SeBsZ

 

More about that can be found here.

 

With Artmoney you need to read the 4-integer at your (CPed-Address+0x14).

This values is your pointer to the tPosition-Structure.

If you add 0x30 to this value, you can read the XPos as float, same goes for Y and Z Pos.

 

See you,

[SeBsZ 0]

Wow, thanks for your quick replies.

 

Okay, let me explain what I'm doing.

 

On page 1 of this topic, someone said that the player pointer is 00B6F5F0

 

You said that another pointer is at (playerpointer + 14).

 

In Artmoney, I read what 4-integer is at Address 00B6F5F0+14 and I get 213258160. For some reason, it doesn't matter if I do +14 or + 0 the value stays the same, which indicates to me that I'm doing something wrong. If that 213258160 is correct, then I still don't know what to do with that.

 

Help is appreciated... thanks

[ThE_cHeEsE 0]

hey, first of all read this address 00B6F5F0, then with the value that it returned read it again but add + 14 to the value that 00B6F5F0 gave you.

 

Then just read as a float the value that 00B6F5F0 + 14 retreived and + 30 for XPos, 34 for YPos and 38 for ZPos

Edited July 1, 2005 by ThE_cHeEsE

[SeBsZ 0]

FANTASTIC! It works perfectly. Thank you so much!

[SeBsZ 0]

Does anyone know where all the vehicle names are stored? The vehicles.ide file does not contain the full names. For example, in that file the Ambulance is "ambulan" because they are the model names. I want to find out if there is a place containing all the vehicle IDs with the full vehicle name behind it. Anyone knows?

Edited July 1, 2005 by SeBsZ

[Opius 9]

Vehicles.ide holds as the sixth value per line, the GXT key used for the full name.

 

But surely it isn't THAT hard to figure out what each vehicle is by what they're referred to by their shortened names?

 

[SeBsZ 0]

Opius, I'm talking about the vehicle names that appear when you enter a vehicle in the game. The sixth value in the vehicles.ide file is still a shortened version, for example "BFINJC" instead of "BF Injection"

[Opius 9]

If you looked in an un-CRC'd GXT, the key "BFINJC" would contain the text "BF Injection".

[JernejL 52]

un-CRC'd GXT

what are you talking about?

 

[Opius 9]

The GXT key names are CRC'd, as I understand.

[SeBsZ 0]

How can I turn the american.gxt file into a readable text file?

 

EDIT:

Also, does someone know how the coordinate system in San Andreas works? I don't get it... I found that an X value of -985820256 is on the left of the map. However, an X value of 985820256 is NOT the right of the map, but in the middle. ALso, when X:0 and Y:0, I am in the middle of the map. It really confuses me. If someone could give me an explanation on how the coordinate system works in SA, that would be great.

 

Thanks

Edited July 1, 2005 by SeBsZ

[JernejL 52]

The GXT key names are CRC'd, as I understand.

ah i just misunderstood your statement that a unchecksumed gxt exists for san andreas..

 

[mattyboy_96 0]

SeBsZ, Try reading the coords as Floats instead of Dwords

[jacob. 1]

004640DE    8B90 6099A400   MOV EDX,DWORD PTR DS:[EAX+A49960]

 

this seems to get called every time a new opcode is being executed.. so erm..

0xA43C78 = latest opcode called? (in 4 byte dword, convert to hex for opcode form)

 

could be completely off on this, i was just looking at opcode execution in the dissasembly and noticed this.

[SeBsZ 0]

SeBsZ, Try reading the coords as Floats instead of Dwords

Alright, I still think I'm doing something wrong. I am reading from memory to Visual Basic 6's double data type, which I think is like a float. However, these are the XYZ values I get:

 

pX: 5.69851892038368E-315

pY: 1.63255589500922E-314

pZ: 5.43760953752311E-315

 

They look weird and unusable to me. THis is the vb6 code i'm using:

 

ReadProcessMemory ProcessHandle, MemoryLocation, MyVariable, 4, 0&

where MyVariable is of the "double" data type. The "4" is how many bytes have to be read from that memory location.

 

If anyone could help me out here, thanks.

[jacob. 1]

Alright, I still think I'm doing something wrong. I am reading from memory to Visual Basic 6's double data type

Well there's your problem. Read it as a Single if you're using Visual Basic.

[SeBsZ 0]

Thanks, I figured it out myself and wanted to modify my post but then saw yours. So thanks anyway.

[jacob. 1]

I was looking for the actual entity list and stumbled upon something interesting..

0x969084 = first vehicle you got into

0x969088 = second vehicle you got into

0x96908C = third vehicle you get into

.. and so on, increasing by 4 after each vehicle. they are 0 if you haven't entered a first/second/third/etc car yet.

 

edit: i just realized these addresses were only working on my stripped & slightly modified SCM, so this definatly isn't the exact beginning of the entity list.. but it's somewhere 'round here.

Edited July 3, 2005 by jacob.

[SeBsZ 0]

Does someone know how to move the car the player is currently in to another location?

 

Also, the memory address that keeps track of the current car ID does not keep track of when you enter a plane. Anyone know how to do that as well?

 

The wanted level seems to be read-only. I try to change it and it resets itself when I get back into the game...

 

Thanks

Edited July 2, 2005 by SeBsZ