Documenting GTA-SA memory addresses

[JernejL]

but this won't work with original game..

 

[saracoglu]

here are some mem-locs for activating in-game dynamics:

 

 

[EDIT]0x969177 is not Adrenaline Mode as previously stated, but Slower Gameplay Cheat[/EDIT]

 

0x969166 Cars Float Away When Hit (somehow cheesy)

0x96914C Perfect Handling

 

the values are Byte, on/off is 1/0

 

happy coding,

 

Alper

Edited July 21, 2005 by saracoglu

[J-Fox.GEMM]

U are sure that the given adress is the adress which shows the car pointer of the car u are tring to enter if u are still onfoot?

 

 

btw: at home (i am in Austrlia atm) i got the first car pointer for any scm file

[Cowpat]

All one byte set to 1/0.

 

0x969168 Clock stopped, weather changes rapidly

0x969175 Peds riot

0x96917A None or hardly any cars. No peds

0x96913B Time flies by

0x96913E Peds armed and dangerous

0x96914B Wheels only

0x969150 All vehicles pink, other colours corrupted

0x96915B No vehicles or peds

 

All the above work for me but the address for adrenaline given above doesn't, so there may be an issue of different executables.

[jacob.]

All the above work for me but the address for adrenaline given above doesn't, so there may be an issue of different executables.

Same thing here, I think he posted the wrong address for adrenaline.

[copini]

any how do you get the address to the FIRST car in the game?

From the code I figured out the following:

 

00B74494 = CarDataPointer

CarDataPointer + 0 = FirstCarPointer

CarDataPointer + 8 = Number of car structures (110)

 

 

The next available slot is probably in there somewhere too, haven't looked for it yet. You might find it when you take a closer look at the SpawnCar function (0043A0B0 - 0043A46E)...

[JernejL]

copini, thats really sweet, it works, you rock!!! can you find similar thing for actors?

 

[saracoglu]

regarding the mem-loc for the adrenaline mode cheat:

 

the mem-loc 0x969177 is the status of a cheat that gets activated/deactivated when you enter the cheat-code 'MUNASEF'.

this cheat code is assigned in almost all cheat lists to Adrenaline Cheat. However, entering the cheat / setting the mem-val to 1 (byte) activates actually the Slower Gameplay cheat, and the game speed gets set to 33 pct (ie. 0.33 Float).

 

i am sorry for the inconvenience that i have caused. i am currently searching the mem-loc for the 'real' adrenaline mode effect

 

happy coding,

 

Alper

[copini]

 

copini, thats really sweet, it works, you rock!!!

Thanks, tell my boss

 

 

can you find similar thing for actors?

You mean for peds?

 

I discovered the CarData pointer is actually a pointer to the Vehicles pool, one of the pools filled in the AllocatePools function @ 00550F10.

The Peds pool (00B74490) seems to have the same structure. PedsPool + 8 is 140 (with the standard SCM), which is likely the number of Ped structures. Also, the pointer at PedsPool + 0 is the same as the PlayerPointer when you start a new game.

 

Maybe all pools allocated in the AllocatePools functions use the same structure...

These are the pointers to all of them:

00B74484 = PtrNode Single

00B74488 = PtrNode Double

00B7448C = EntryInfoNode

00B74490 = Peds

00B74494 = Vehicles

00B74498 = Buildings

00B7449C = Objects

00B744A0 = Dummys

00B744A4 = ColModel

00B744A8 = Task

00B744AC = Event

00B744B0 = PointRoute

00B744B4 = PatrolRoute

00B744B8 = NodeRoute

00B744CC = TaskAllocator

00B744C0 = PedIntelligence

00B744C4 = PedAttractors

Edited July 21, 2005 by copini

[mattyboy_96]

does anyone know a way to force an actor to fire a weapon?

 

EDIT: that wasnt very specific so ill add to it:

through memory, just shooting in front of them(not targeting anything in specific).

Edited July 22, 2005 by mattyboy_96

[QJimbo]

^^^

 

I have my draw distance maxed out in Display Setup, and I have the timecycle.dat file tweaked so farclp is about 1800 or so under most circumstances (less for rain & fog), but where can I further increase the draw distance? Is one of the values in the dat files changed by the draw distance slider in Display Options? Is the Draw Distance in Display Options the same as farclp? Or does that affect peds & cars?

 

The landscape draw distance is good, but I want the peds/cars, and if possible, textures, to appear farther away than they are.

Yeah I want the same, as I said here. When this came up in the 3/VC mem address topic there was a bit arguement about that it would be pointless because it would push mem/cpu too much. I'd still like to be able to stand on top of a building and see cars for miles around though, even if it hit the framerate.

[jacob.]

0xBA86F8 - Map target X position

0xBA86FC - Map target Y position

 

This seems to only be the case with a new game, but aru found the algo on IRC, and it goes something like this..

 

Read 0xBA873D, continue to add 0x28 until you find an 0x2; the number of times looped will be how much you add to 0xBA86F8, which will result in the address for the map target's X coordinate. Simply add 4 to this to get the Y coordinate.

 

Edited July 23, 2005 by jacob.

[aru]

 

0xBA86F8 - Map target X position

0xBA86FC - Map target Y position

Not quite... asm code referes to a effective address at eax+0xBA86F8, which results in the following:

 

0xBA9AD0 - Map target X

0xBA9AD4 - Map target Y

(read Stretchnutter's post below)

 

0xBA6774 - Map target disabled if 0, else enabled.

Edited July 29, 2005 by aru

[Stretchnutter]

Call in the fire brigade

 

to correct those two above this is vb code representation of the asm

 

 

Dim myLong As LongDim myX, myY, myZFor myLong = 0 To (&HAF * &H28) Step &H28If GetInteger(&HBA873D + myLong) = 4611 ThenmyX = GetFloat(&HBA86F8 + myLong + &H28)myY = GetFloat(&HBA86F8 + myLong + &H28 + &H4)myZ = GetFloat(&HBA86F8 + myLong + &H28 + &H8)Exit ForEnd IfNext myLongMe.Caption = myX & " " & myY & " " & myZ & " " & Hex(&HBA86F8 + myLong + &H28)

 

[copini]

While walking through functions used to get ped/player + vehicle pointers/data I found a few offsets. Some of them are probably already known, but I'll post them anyway.

 

The game figures out the PlayerPointer by multiplying the byte in 00B7CD74 with 0x190 and adding that number to 00B7CD98 (which is a pool with ped pointers).

The CarPointer is taken from PlayerPointer + 0x58C, but first the game checks if the player is in a car at PlayerPointer + 0x46C (byte; 0 = in air/water, 1 = in car, 3 = on foot).

In some of the functions I encountered the game checks if the vehicle is a train by looking at CarPointer + 0x590 (byte; 0 = car/plane, 5 = boat, 6 = train, 9 = bike), sometimes the vehicle ID is also checked (CarPointer + 0x22; word).

 

It's probably not that helpful, but I was especially glad to find the vehicle type byte. Now I've finally got a reliable way of knowing if the player is on a bike! (CarPointer + 0x5C8 is also set to 1 when on a bike, but sometimes changes to 0 for a moment while driving)

 

The next thing I want to find is the pointer to the ped/vehicle you're aiming at. And I still have to find the pointer to the closest car...

Any ideas anyone?

[JernejL]

The next thing I want to find is the pointer to the ped/vehicle you're aiming at. And I still have to find the pointer to the closest car...

Any ideas anyone?

now when you know where the car pool is, just use the car pool and calculate distance to all cars from the player

 

[Trust]

To find the ped you're aiming at, I have a theory about finding it, not sure whether that theory can be put to good use, but who knows?

 

 

When you aim at a ped, the ped's animation is set to 'hands up' or whatever. Now, you can go and take a look at the asm-code and try to find what function triggers the change to that animation, and perhaps that function can lead to another function or address or w/e, containing the info on who/what you're aiming at.

 

Chances are this wo'nt work at all, but that's a small theory I came up with after thinking on how to find such an address.

 

Let me know if it worked

[JernejL]

that wouldn't work, as not everyone has hands up animation, the ped you target does have the arrow drawn above, it is probably stored as a pointer or index or a flag in the ped's data..

 

[jacob.]

0xB6F3B8 = Pointer to Target

Target + 0x79C = Targetted CPED (0 when no cped is targetted)

Edited July 24, 2005 by jacob.

[Opius]

This has probably been asked before, but I don't suppose anyone knows of the address for the coordinates of where the crosshair is? I understand it might only be active when actually firing a weapon, but it's in there somewhere because it can create smoke/sparks at the point where it hits.

[copini]

 

0xB6F3B8 = Pointer to Target

Target + 0x79C = Targetted CPED (0 when no cped is targetted)

Man, that's great!

When I searched that area for the address of the targeted vehicle, I found another interesting pointer:

 

Target + 0xC0 = pointer to last object (ped, car, maybe others) you collided with

 

This works when in a car and on foot, so it partly solves my other problem. If you walk into a vehicle, you've got the carpointer for that vehicle. With this, I can finally make my 'automaticly unlock vehicles' function work!

 

 

now when you know where the car pool is, just use the car pool and calculate distance to all cars from the player

That could work, but it's a lot of work . I know GTA:VC had a fixed pointer to the closest car, so I assume (and hope) the same goes for GTA:SA...

[copini]

It took me some time (it's 4:30 am local time ) , but I discovered how to find the closest car pointer!

 

PlayerPointer + 0x47C = ClosestPointer

ClosestPointer + 0xE0 = CarPointer to closest car (if there's a ped in the car, you'll have to come really close)

ClosestPointer + 0x120 = CarPointer to closest car (this one seems to work for cars with peds from a greater radius)

 

Edited July 25, 2005 by copini

[J-Fox.GEMM]

 

THX for that nice pointers any ideas on the XYZ point maybe its + 48 , 52 , 56 i cant play and dev in SA atm because i am in Australia.. can somebody check that?

[Majke]

Hi guys.

 

I read in the beginning of the topic that the radio volume was found at the memory address 0xBA6798

 

I tried to use this in the Trainer Maker Kit 1.51 and there i wrote Add BYTE 0BA6798 04

 

In the game the radio volume bar does indeed increase, but the actual sound doesn't. Where did I go wrong?

[copini]

THX for that nice pointers any ideas on the XYZ point maybe its + 48 , 52 , 56 i cant play and dev in SA atm because i am in Australia.. can somebody check that?

The coördinates of the vehicle?

It's the same as for other vehicles and peds:

CarPointer + 0x14 = pointer to RotationMatrix

RotationMatrix + 0x30 = XPos

RotationMatrix + 0x34 = YPos

RotationMatrix + 0x38 = ZPos

[jacob.]

The coördinates of the vehicle?

It's the same as for other vehicles and peds:

CarPointer + 0x14 = pointer to RotationMatrix

RotationMatrix + 0x30 = XPos

RotationMatrix + 0x34 = YPos

RotationMatrix + 0x38 = ZPos

He meant the coordinates of the cursor, which I'm pretty sure doesn't exist after having a long search for it. The spark/bullet trails must be calculated based off the view/world matrix, not by a set of 3D coordinates.

[J-Fox.GEMM]

But in LC and VC they were given with a pointer... And they exist in Mem...

 

//edit

 

How to make a actor shoot? Maybe somewhere near his Weapon pointer or near his anim adress.

 

just found it out for Vehicles Weapon 1 and 2

 

 

Can somebody post a code / function (in VB) where he is rotating a non player controlled car given by a pointer? like the console does

 

//

Edited July 26, 2005 by J-Fox.GEMM

[SeBsZ]

Hello all,

 

can someone tell me how I can create a new 'actor'? I want to be able to move this actor by setting its XYZ coordinates. Help is appreciated and thanks in advance.

 

SeBsZ

[Luke]

Hello all,

 

can someone tell me how I can create a new 'actor'? I want to be able to move this actor by setting its XYZ coordinates. Help is appreciated and thanks in advance.

 

SeBsZ

It's not really possible to make an actor using the memory alone, some of the early GTA:SA mp mods have been using a loop in the SCM and then a var changing triggers the loop to create an actor, but it's not the best method.

[copini]

0xB7CDBC [dword] current weapon slot

PlayerPointer + 0x718 = current weapon, this also works for other peds

 

 

00969130 to 0096918B = list of cheat enablers (all bytes, set to 1 to enable cheat). The list is in the same order as the cheat functions.

I've tested a few, but I don't have the time to test them all. Not all cheats can be enabled by setting the corresponding byte to 1.

 

These certainly work:

0096913B = Faster Clock

00969178 = Infinite Ammo, No Reload

00969179 = Full Weapon Aiming While Driving

 

And saracoglu already reported these:

00969177 = Slower Gameplay

00969166 = Cars Float Away When Hit

0096914C = Perfect Handling

 

The 'cheated' state is saved in byte 0096918C (if it's set to 1 you'll get a warning message when saving a game). But this byte doesn't get set if you use a cheat enabler.