Documenting GTA-SA memory addresses

[JernejL 63]

the car wheels shoot information posted is WRONG, it is NOT at car + 1444 but car + 1445

plus the tire order isn't na/rf/na/lb but all 4 tires at once, one byte for each tire,

this is also valid for quad-bikes but not 2 wheel bikes, for 2 wheeled bikes the data for

each wheel is at 1628 and 1629.

[QJimbo 0]

Anyone found anything for increasing the traffic creation radius? So when skydiving it actually looks realistic ^^ High values would probably really stretch the CPU/RAM/GFX Card, but it'd be interesting to see

[jacob. 1]

0xB7CB64 - gamespeed (float)

0xC8131C - weather (dword)

0xB7CEE4 - is infinite run (byte/boolean)

0xB7CEE6 - is player fireproof (byte/boolean)

0x96C009 - is paynspray free (byte/boolean)

0xA444A4 - is radar grey'd out (byte/boolean)

0x8D2530 - pedestrian density multiplier (float)

0x8A5B20 - vehicle density multiplier (float)

0xB6F065 - widescreen (byte/boolean) (the view that is displayed during cutscenes, not the display option)

 

 

weather values:0 to 7 - different versions of blue skies/clouds08 - storming09 - cloudy and foggy10 - clear blue sky (falls into 0-7 category)11 - scorching hot (las santos heat waves)12 to 15 - very dull, colorless, hazy16 - dull, cloudy, rainy17 to 18 - scorching hot19 - sandstorm20 - foggy/greenish21 - very dark, gradiented skyline, purple22 - very dark, gradiented skyline, green23 to 26 - variations of pale orange27 to 29 - variations of fresh blue30 to 32 - variations of dark, cloudy, teal33 - dark, cloudy, brown34 - blue/purple, regular35 - dull brown36 to 38 - bright, foggy, orange39 - extremely bright40 to 42 - blue/purple cloudy43 - dark toxic clouds44 - black/white sky45 - black/purple sky

 

setting it to anything over this will give you totally randomly f*cked results. (flickering screen, extremely red, etc)

 

 

 

0xB7CD9C - Ignored pointer

Ignored + 0x1E - is player ignored by cops (byte/boolean)

Ignored + 0x298 - is player ignored by everyone (byte/boolean)

 

[Quadropheniac90 3]

I don't get sh*t of this. I don't think it'd be a good idea if I started learnign what all of this means, allthough it'd be cool to change some things. Guess I'll have to stay with scm modding. Don't flame me, but I think this has something to do with memory hacking, but I don't know anything about it: How can I get the game to do something like this:

 

 

get_actor_aimed_at_by_player @00326: @1 = create_actor @0 fire

 

 

So whenever you aim at a ped, it turns on fire. Please help, there's no opcode for this. And also something to store the car the player is aiming at in a variable too? Tnx in advance...

[AlienX 0]

teun.steenbekkers: try posting in the mission editing forum

[Spiralvortex 0]

Havent found much but this should help someone at least

00B79040=# of Safehouse Visits (4 Byte)

00B79078=# of people dropped off in taxi(the number used for the stats)(4 Byte)

00A49C30=# of people dropped off in taxi(the actual number[used for giving your reward])(4 Byte)

hopes this helps someone other than me

[QJimbo 0]

0xC8131C - weather (dword)

I needed that for my TimeSync tool, thanks!

[JernejL 63]

active block + 1444 = train speed float (the number sign is opposite, - is forward, + is reverse)

the speeds are minimal, it seems the game scales them, so -0.1 is forward and 0.1 is reverse.

 

[spanner3003 0]

how do i stop gta logo nvidia in gta sa uk version?

[Stretchnutter 2]

how do i stop gta logo nvidia in gta sa uk version?

Have you tried this method HERE ?!

 

It may say USA exe, but i think it will work for any verision. Give it a try.

 

 

[jacob. 1]

It may say USA exe, but i think it will work for any verision. Give it a try.

Actually, it's only for the USA exe. I tried your method on my EU hoodlum, and all of your offsets were exactly 50 bytes apart from what was actually in my executable.. can't remember if it was +50 or -50 though.

[Trust 0]

Handling:

 

block starts at C2B9DC, each block has a size of 0xE0. All of these values are floats, unless stated otherwise:

 

0x0 = index/identifier (DWord)

0x4 = fMass

0x8 = 1.0 / fMass (ModelingMan)

0xC = fTurnMass

0x10 = fDragMult

0x14 = CentreOfMass.x

0x18 = CentreOfMass.y

0x1C = CentreOfMass.z

0x20 = nPercentSubmerged (Byte)

0x24 = fMass * 8.0000001e-1 / nPercentSubmerged (ModelingMan)

0x28 = fTractionMultiplier

0x74 = TransmissionData.nDriveType (byte)

0x75 = TransmissionData.nEngineType (byte)

0x76 = TransmissionData.nNumberOfGears (byte)

0x7C = TransmissionData.fEngineAcceleration (Multiplied by 3.9999999e-4) (ModelingMan)

0x80 = TransmissionData.fEngineInertia

0x84 = TransmissionData.fMaxVelocity (Multiplied by 5.5555599e-3) (ModelingMan)

0x94 = fBrakeDeceleration (Multiplied by 3.9999999e-4) (ModelingMan)

0x98 = fBrakeBias

0x9C = bABS (byte)

0xA0 = fSteeringLock

0xA4 = fTractionLoss

0xA8 = fTractionBias

0xAC = fSuspensionForceLevel

0xB0 = fSuspensionDampingLevel

0xB4 = fSuspensionHighSpdComDamp

0xB8 = suspension upper limit

0xBC= suspension lower limit

0xC0 = suspension bias between front and rear

0xC4 = suspension anti-dive multiplier

0xC8 = fCollisionDamageMultiplier (multiplier not yet found)

0xCC = modelFlags (in hex)

0xD0 = handlingFlags (in hex)

0xD4 = fSeatOffsetDistance

0xD8 = nMonetaryValue (DWord)

0xDC = front lights (byte)

0xDD = rear lights (byte)

0xDE = vehicle anim group (byte)

 

thanks goes to MM for the multipliers.

 

 

 

 

 

[[IcT]LiX 0]

Has anyone documented the offsets for peddle bikes like the bmx?

[spanner3003 0]

how do i work out +50 or -50 from the usa version offset?

Edited July 15, 2005 by spanner3003

[jacob. 1]

how do i work out +50 or -50 from the usa version offset?

Real easy.. if you find the EXE offset 0x40100, +50 would become 0x40150; -50 would become 0x400B0. Windows's scientific calculator is handy for quick hex add/subtraction, or even hex/decimal convertion and vice versa.

[spanner3003 0]

ok simpler quesion, here is push ebx pusi edi.... in the uk version of gtasa.exe?

[Blehbeb 0]

You can find the patch for the EU version of the GTA exe at: http://www.mtavcsux.net/forums/index.php?showtopic=1496

 

 

Hope that helps.

[nekkerbee 0]

0x8D2530 - pedestrian density multiplier (float)

0x8A5B20 - vehicle density multiplier (float)

 

So... you can change the number of cars & peds here? Fiddling with popcycle.dat only gets you so far, even with cars at 99, I never get more than, 22 or so, and I'm pretty sure peds seem capped at about 50. Has anyone played with these settings to improve the number of cars & peds?

 

On a related note, has anyone found a mem address that dictates when cars/peds/textures appear? I'd like the distance to be farther than what it is.

[JernejL 63]

 

0x8D2530 - pedestrian density multiplier (float)

0x8A5B20 - vehicle density multiplier (float)

 

So... you can change the number of cars & peds here? Fiddling with popcycle.dat only gets you so far, even with cars at 99, I never get more than, 22 or so, and I'm pretty sure peds seem capped at about 50. Has anyone played with these settings to improve the number of cars & peds?

 

On a related note, has anyone found a mem address that dictates when cars/peds/textures appear? I'd like the distance to be farther than what it is.

it is under graphical options menu > advanced.

 

i wonder if anyone could these functions in san andreas (from gta3 ps2 exe function labels):

 

0001:0023C470  CDirectory::CDirectory((int))0001:0023C230  CDirectory::FindItem((char const *,uint &,uint &))0001:0023C340  CDirectory::ReadDirFile((char const *))

 

 

finding this could make end to img files..

 

[nekkerbee 0]

^^^

 

I have my draw distance maxed out in Display Setup, and I have the timecycle.dat file tweaked so farclp is about 1800 or so under most circumstances (less for rain & fog), but where can I further increase the draw distance? Is one of the values in the dat files changed by the draw distance slider in Display Options? Is the Draw Distance in Display Options the same as farclp? Or does that affect peds & cars?

 

The landscape draw distance is good, but I want the peds/cars, and if possible, textures, to appear farther away than they are.

[saracoglu 6]

here is the girlfriend progress mem. locations:

 

0xA49EFC DWord Denise Progress

0xA49F00 DWord Michelle Progress

0xA49F04 DWord Helena Progress

0xA49F08 DWord Barbara Progress

0xA49F0C DWord Katie Progress

0xA49F10 DWord Millie Progress

 

 

be careful. these locations are within the scm block, and valid only for original scm. setting a value to 100 (ie. 100 pct) gives you all gifts of that GF (ie. car keys, wardrobe etc.)

 

 

[psf132004 0]

Hiya everyone, im very new to memorey hacking, im working with artmoney and visual basic.

 

im trying to teleport the playerby giving x,y,z cords:

 

This is how i am reading the cords and this works fine.

 

 

******************VB CODE*************

Dim returnval As Long

Dim pointer As Long

Dim X As Single

Dim y As Single

Dim Z As Single

returnval = ReadProcessMemory(lngPHandle, &HB6F5F0, pointer, 4, lpBytesWritten)

 

 

ReadProcessMemory lngPHandle, pointer + 368, X, 4, lpBytesWritten

ReadProcessMemory lngPHandle, pointer + 372, y, 4, lpBytesWritten

ReadProcessMemory lngPHandle, pointer + 376, Z, 4, lpBytesWritten

 

Form1.XC.text = X

Form1.YC.text = y

Form1.ZC.text = Z

***************************************

 

my question is does anyone know how to write to these values to warp the player?

[random_download 0]

 

Dim returnval As LongDim pointer As LongDim X As SingleDim y As SingleDim Z As SingleX = Form1.XC.texty = Form1.YC.textZ = Form1.ZC.textreturnval = ReadProcessMemory(lngPHandle, &HB6F5F0, pointer, 4, lpBytesWritten)WriteProcessMemory lngPHandle, pointer + 368, X, 4, lpBytesWrittenWriteProcessMemory lngPHandle, pointer + 372, y, 4, lpBytesWrittenWriteProcessMemory lngPHandle, pointer + 376, Z, 4, lpBytesWritten

 

At I guess. I am not sure about the exact syntax, but that is the general idea.

[psf132004 0]

Sussed it all by myself.

 

*****************VB CODE**************

Function WarpPlayer(X As Single, Y As Single, Z As Single)

Dim blockaddr As Long

 

Dim Xpoint As Long

Dim Ypoint As Long

Dim Zpoint As Long

 

playerptr = playerpointer

ReadProcessMemory lngPHandle, playerptr + &H14, blockaddr, 4, lpBytesWritten

 

 

Xpoint = blockaddr + &H30

Ypoint = blockaddr + &H34

Zpoint = blockaddr + &H38

 

WriteProcessMemory lngPHandle, Xpoint, X, 4, lpBytesWritten

WriteProcessMemory lngPHandle, Ypoint, Y, 4, lpBytesWritten

WriteProcessMemory lngPHandle, Zpoint, Z, 4, lpBytesWritten

End Function

[J-Fox.GEMM 0]

Any ideas for next car adress?

[mattyboy_96 0]

to get any cars address just use:

(all in decimal)

 

First car + (2584 * CarNo)

 

or to get the next car it's just:

 

Car + 2584

 

(although im sure this has all been mentioned before.)

[JernejL 63]

any how do you get the address to the FIRST car in the game?

 

[jacob. 1]

any how do you get the address to the FIRST car in the game?

Entity list, but I've yet to find it. I found some sort of list, but it contained random objects and vehicles seemed to be randomly thrown in.

[mattyboy_96 0]

its not hard, but it seems to be scm related. search for a pointer to a pointer to the first car made its usually around...

 

0xB??????

 

the two i have had to find for my scms were:

0xB99330

EDIT: 0xB99AE0

it takes a bit to find but its well worth it.

Edited July 21, 2005 by mattyboy_96

[jacob. 1]

My solution to getting the first vehicle pointer is based off a post I made earlier in this topic..

 

 

0x969084 = first vehicle you got into

0x969088 = second vehicle you got into

0x96908C = third vehicle you get into

.. and so on, increasing by 4 after each vehicle. they are 0 if you haven't entered a first/second/third/etc car yet.

 

 

I use SCM to put the player into the first vehicle created for 3 seconds, then warp him on foot. 0x969088 then contains the first vehicle pointer.