Documenting GTA-SA memory addresses

[Frouk]

0xB79490[float] - Address affecting to respect stats

[Frouk]

CPed + 0x480[DWORD] - Pointer to CPlayerData
CPed + 0x550[CVector(2)] - Dedicated to player's angles
CPed + 0x598[DWORD] - ePedType
CPed + 0x59C[DWORD] - Pointer to CPedStat

Values for CPed State(Taken from DK's plug-in):

0:None
1:Idle
2:Look entity
3:Look heading
4:Wander range
5:Wander path
6:Seek position
7:Seek entity
8:Pursue
9:Follow path
10:Sniper mode
11:Rocketlauncher mode
12:Dummy
13:Pause
14:Attack
15:Fight
16:Face phone
17:Make phonecall
18:Chat
19:Mug
20:Aimgun
21:AI Control
22:Seek car
23:Seek boat position
24:Follow route
25:CPR
26:Solicit
27:Buy ice cream
28:Investigate event
29:Evade step
30:On fire
31:Sunbathe
32:Flash
33:Jog
34:Answer mobile
35:Hang out
36:States no AI
37:Abseil from heli
38:Sit
39:Jump
40:Fall
41:Getup
42:Stagger
43:Evade dive
44:States can shoot
45:Enter train
46:Exit train
49:Arrest player
50:Driving
51:Passenger
52:Taxi passenger
53:Open door
54:Die
55:Dead
56:Die by stealth
57:Carjack
58:Dragged from car
59:Enter car
60:Steal car
61:Exit car
62:Hands up
63:Arrested
64:Deploy stinger

Edited July 31, 2021 by Frouk

[Shiro Naomi]

There are a addres to get x,y,z of the aim?
I mean, where are you aiming in the map, like (2000.0, 535.0, 20.0)

Note: I dont use VSC to make .asi, only full .cs

 

Other stuff
How i can get the Move speed from player?

 

 

This dont work: 

 

7@ = 0xB7CD9C
0A8D: 7@ = read_memory 7@ size 4 virtual_protect 0
7@ += 0x1C
//0A8D: 7@ = read_memory 7@ size 4 virtual_protect 0

 

[OrionSR]

4 hours ago, Shiro Naomi said:

How i can get the Move speed from player?

Easy way:

06AC: 7@ = actor $PLAYER_ACTOR movement_speed

 

Using memory codes:

7@ = 0xB7CD98 // pointer to player data
0A8D: 7@ = read_memory 7@ size 4 virtual_protect 0
7@ += 0x4  // offset from start of player data to player info structure of player 1
7@ += 0x1C // offset from start of player info to movement speed
0A8D: 7@ = read_memory 7@ size 4 virtual_protect 0

 

Probably; the computer I was using to run SA doesn't work anymore, so I can't test the codes myself. Sorry.

 

Added: I once wrote a HUD script that displayed CJ's movement speed as reported by opcode 06AC: but the results were poor while on-foot. Vehicles displayed a readable number that transitioned smoothly. But when on foot the speed value seemed to be based on CJ's center of gravity, which tends to lurch forward in spurts as the running animation plays, resulting in an unreadable value. 

Edited November 12, 2021 by OrionSR

[Shiro Naomi]

On 11/12/2021 at 8:23 AM, OrionSR said:

Using memory codes:

7@ = 0xB7CD98 // pointer to player data
0A8D: 7@ = read_memory 7@ size 4 virtual_protect 0
7@ += 0x4  // offset from start of player data to player info structure of player 1
7@ += 0x1C // offset from start of player info to movement speed
0A8D: 7@ = read_memory 7@ size 4 virtual_protect 0

I see, it work now (Edit: Dont work, i get other value (7.38484e-43), so i dont know)
well, I just put that to know how to get the addres of that value, i dont really care about the movement of the player, but thanks for answering, now i know how to get those addres
On the other hand, if i need an addres to get the coordinates of where the player is aiming, unlike the opcode (0667: AS_actor -1 aim_at 969.3931 -1098.341 22.877 120000 ms), which is to force the actor to aim to that direction, but what i want, is to get those coordinates to be able to make a mod that i want to make
In all the mods I have seen of "aimbot" since most of them dont work, what they do is to get the coordinates of the "camera" and "target_camara" and then do a thousand mathematical operations to get where's the player aiming in the map
But is there an addres that solves that?
Like

 0A8D: $TEMPVAR_FLOAT_1 = read_memory 0x00000000 size 4 virtual_protect 0 //X
 0A8D: $TEMPVAR_FLOAT_2 = read_memory 0x00000004 size 4 virtual_protect 0 //Y
 0A8D: $TEMPVAR_FLOAT_3 = read_memory 0x00000008 size 4 virtual_protect 0 //Z
// So, i could do something like "create_explosion_at $TEMPVAR_FLOAT_1 $TEMPVAR_FLOAT_2 $TEMPVAR_FLOAT_3"

I will soon be posting a lot of address that no one has seen before, as i have been finding them while probing all the structure of cars, pedestrians, objects and markers

Edited November 13, 2021 by Shiro Naomi
Dont work the player data pool and i get other values

[Shiro Naomi]

On 3/3/2018 at 8:10 PM, DK22Pac said:

I hate CLEO and CLEO 'scripters'.

Well, im one

[Frouk]

On 11/13/2021 at 3:06 AM, Shiro Naomi said:

I see, it work now (Edit: Dont work, i get other value (7.38484e-43), so i dont know)
well, I just put that to know how to get the addres of that value, i dont really care about the movement of the player, but thanks for answering, now i know how to get those addres
On the other hand, if i need an addres to get the coordinates of where the player is aiming, unlike the opcode (0667: AS_actor -1 aim_at 969.3931 -1098.341 22.877 120000 ms), which is to force the actor to aim to that direction, but what i want, is to get those coordinates to be able to make a mod that i want to make
In all the mods I have seen of "aimbot" since most of them dont work, what they do is to get the coordinates of the "camera" and "target_camara" and then do a thousand mathematical operations to get where's the player aiming in the map
But is there an addres that solves that?
Like

 0A8D: $TEMPVAR_FLOAT_1 = read_memory 0x00000000 size 4 virtual_protect 0 //X
 0A8D: $TEMPVAR_FLOAT_2 = read_memory 0x00000004 size 4 virtual_protect 0 //Y
 0A8D: $TEMPVAR_FLOAT_3 = read_memory 0x00000008 size 4 virtual_protect 0 //Z
// So, i could do something like "create_explosion_at $TEMPVAR_FLOAT_1 $TEMPVAR_FLOAT_2 $TEMPVAR_FLOAT_3"

I will soon be posting a lot of address that no one has seen before, as i have been finding them while probing all the structure of cars, pedestrians, objects and markers

there's no address to get aiming angles to map, you actually need to use math functions

[Shiro Naomi]

On 6/22/2005 at 7:08 AM, saracoglu said:

Here is a detailed explanation on car placement and rotation:

 

1. All read values are Floats, unless otherwise stated.

2. The Mem. Adresses are not static, but as pre-calculated example showing the offsets.

3. Offsets are decimal

 

Let's say, a given Car Object Starts at C502AA0:

Adresse Offset Description

0xC502AB4 20 Ptr to Car Position (DWord)

0xC502AE4 68 X (East-West) speed

0xC502AE8 72 Y (North-South) speed

0xC502AEC 76 Z (up-down) speed

0xC502AF0 80 X (NS) Spin

0xC502AF4 84 Y (EW) Spin

0xC502AF8 88 Z (NW) Spin

 

Let's say, the Car Position of this given car starts at C5F5DB4:

0xC5F5DB4 0 X Level to the ground

0xC5F5DB8 4 Y Level to the ground

0xC5F5DBC 8 Z Level to the ground

0xC5F5DC4 16 X Where am I looking

0xC5F5DC8 20 Y Where am I looking

0xC5F5DCC 24 Z Where am I looking

0xC5F5DD4 32 dyn flight data

0xC5F5DD8 36 dyn flight data

0xC5F5DDC 40 dyn flight data

0xC5F5DE4 48 CarPosX

0xC5F5DE8 52 CarPosY

0xC5F5DEC 56 CarPosZ

 

The location, speed and spin matrixes are on constant change, due to wind etc. The car does not actually stand still if a ped is in. If you check these values for a parked car, you will see that the changes are way too little than if a ped/player is in.

 

happy hacking,

Alper

The question is, how do I get the addres of the cars and edit those values?
With car sruct (opcode 0A97), I get something else related to the car itself, but nothing about those values 

[MiranDMC]

I researched draw distance for procedural objects (foliage, rocks, sea bed elements).

More info: https://gtaforums.com/topic/980558-increase-foliage-draw-distance/?do=findComment&comment=1072014676

 

00859AA4 - memory addres containing const float with value 10000.0
Referenced in at least 16 locations describled below:


// distance checks in loop of function placing procedural objects on colModel
005DCB88 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DCBBD - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DCBEA - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DCC17 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DCC40 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DCC69 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DCC92 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]

// alternative distance check for colModel: sphere with radius
// 100.0 meters radius float. Replace with 44FA0000 for radius 2000.0
005DCE78 - 68 0000C842 - push 42C80000 

// distance checks for cleaning up far away temp objects
005DC0D0 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DC103 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DC130 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DC15D - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DC18A - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DC1B3 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]
005DC1DC - D8 1D A49A8500  - fcomp dword ptr [00859AA4]

// distance check in CRenderer::ScanSectorList. Seems not to be assiociated with procedural objects. Keep original
00554895 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]

// associated with "interesting events". I don't know what is that, better keep it original
00603D68 - D8 1D A49A8500  - fcomp dword ptr [00859AA4]


// addresses to other const floats that may be used to replace adresses in instuctions describled above
00858FD8 - 300.0
00859A94 - 3000.0
00859AA4 - 10000.0 (original)
00859928 - 30000.0
008598B4 - 648000.0

Edited December 15, 2022 by MiranDMC

[vladvo]

0x448900 IsPointWithinHideOutGarage__8CGaragesFR7CVector proc near // CGarages::IsPointWithinHideOutGarage(CVector *)
Detects if a player is inside a hideout garage. Does not detect PnS, mod or bomb shops, only player/save garages.
Thanks to OrionSR for help.
Example:

{$USE bitwise}

00A0: store_actor $PLAYER_ACTOR position_to 21@ 22@ 23@
0AA7: call_function_return 0x448900 num_params 1 pop 1 21@v 25@ //use 21@v to pass CVector to function
0B17: 25@ {&=} 0xFF //strip the garbage

In this case 25@ will return 0 (zero) when CJ is outside of any garage and 1 if he is inside.

[vladvo]

CPed  (ped stuct) +0x59C is a pointer to CPedStats, that are set in pedstats.dat file.

[vladvo]

0x56E6DC - Time till CJ feels hungry (and a message pops up)
There is a line in IDA at this address.

.text:0056E6D5 004 66 83 BE 44 01 00 00 30                 cmp     word ptr [esi+144h], 30h

 

By default - CJ will get hungry after 48 (on the start of 49th) hours of not eating. This can be checked at 0xB7CD98 (CPlayerInfo) offset 0x144 (m_nNumHoursNotEating) size 2 (dw). 
So, the aforementioned cmp operator compares m_nNumHoursNotEating to 30h (48 dec). If we change 30h to 5h (5 dec = 5 hours) with
 

0A8C: write_memory 0x56E6DC size 1 value 0x5 virtual_protect 0

then CJ will feel hunger on the start of the 6th hour.
BTW - m_nNumHoursNotEating is reset to 0 when a saved game is loaded. 

[Pussy hunter]

Why no one try to documented the gta sa android version 2.0 ? ( this is the popular version ) .

like

cped + offset

cvehicle + offset

chandling + offset

and more .

[jet ranger]

hi , dudes ! Once , i have tested opcode that simply changed crosshair offset . But in first person view mode ( first person mod by Voroh ) that opcode changes nothing . Maybe there are memory adresses that change crosshair offset ?

[elyx]

Hi guys, please tell me urgently what is "CVehicle + 0x690"? Exactly what is "0x690"? I've looked at nothing written about it. I saw it in the "steering" script, as I understood it, "steer angle 2", but for some reason using the offset "steer angle 2" - 0x498 (or 1176) steering does not work. That's why I wondered what kind of displacement it is.

Edited August 30, 2024 by elyx