[SA] Memory access via stat opcodes

[PLPynton 0]

Stat 64412 PROCEDURAL OBJECT GENERATION TABLE DEFINITION 64422:18x4b per cell

 

example breakdown (full) of object 000 (sjmcacti2 by the means of original game):

 

Stat 64422 PROCEDURAL_OBJECT -000 SURFACE TYPE

Stat 64423 PROCEDURAL_OBJECT -000 OBJECT NAME

Stat 64424 PROCEDURAL_OBJECT -000 AVERAGE SPACING

Stat 64425 PROCEDURAL_OBJECT -000 DENSITY [x/sqm]

Stat 64426 PROCEDURAL_OBJECT -000 MINIMUM DISTANCE [x^2]

Stat 64427 PROCEDURAL_OBJECT -000 MINIMUM ROTATION [RAD]

Stat 64428 PROCEDURAL_OBJECT -000 MAXIMUM ROTATION [RAD]

Stat 64429 PROCEDURAL_OBJECT -000 MINIMUM SCALE XY

Stat 64430 PROCEDURAL_OBJECT -000 MAXIMUM SCALE XY

Stat 64431 PROCEDURAL_OBJECT -000 MINIMUM SCALE Z

Stat 64432 PROCEDURAL_OBJECT -000 MAXIMUM SCALE Z

Stat 64433 PROCEDURAL_OBJECT -000 MINIMUM Z OFFSET

Stat 64434 PROCEDURAL_OBJECT -000 MAXIMUM Z OFFSET

Stat 64435 PROCEDURAL_OBJECT -000 b1=ALIGN

Stat 64436 PROCEDURAL_OBJECT -000 USE GRID [sq base in m]

Stat 64437 PROCEDURAL_OBJECT -000 UNUSED

Stat 64438 PROCEDURAL_OBJECT -000 UNUSED

Stat 64439 PROCEDURAL_OBJECT -000 UNUSED

end

 

here is last object for our stat range:

 

Stat 65520 PROCEDURAL_OBJECT -060 SURFACE TYPE

 

and under that virtual stat is last object used in game and there is a memory space for few more:

Stat 66144 PROCEDURAL_OBJECT -093 SURFACE TYPE

Edited October 8, 2006 by PLPynton

[Seemann 273]

As the way of using stats to gain memory access is seriously limited, I'd like to suggest alternate way.

That's pretty clear and simple method which is based on SA arrays.

 

The original idea was told by Y_Less there, so all credits goes to him.

The main thing is that the array indexes can contain 32-bit integer values that gives us an access to ANY in-game address in ranges 0x00000000..0xFFFFFFFF.

 

There is an example how to increment player's money by $150 via arrays (bit useless because of 0109, but very easy to see that it works)

 

(SB example):

 

[email protected] = 0xB7CE50 // memory address to readgosub @MemoryRead // get current money to [email protected]@ += [email protected] = 0xB7CE50gosub @MemoryWrite // set new money value from [email protected]// --------------------:MemoryWrite [email protected] -= 0xA49960 [email protected] /= 4 // now [email protected] contains the value which after array's parsing will point to the memory address that we specified 008A: &0([email protected],1i) = [email protected]:MemoryRead [email protected] -= 0xA49960 [email protected] /= 4 008B: [email protected] = &0([email protected],1i)return

 

 

in SAMB this method will work too but small changes are necessary.

 

P.S. However, there are still one limit. Not every memory address could be re-written by this, because of Access Violation Error. So, the using of Xieon's patch remains the best solution so far.

 

 

[ceedj 29]

Does anyone have a working copy of this .rar they can send me? The one from the top post comes up as corrupted.

 

EDIT: Whoops, just realized I posted this in the worng topic. Sorry guys; I'm referring to Xieon's patch. Thanks.

[Bigun 0]

 

Whoops, just realized I posted this in the worng topic. Sorry guys; I'm referring to Xieon's patch. Thanks.

 

No problem, it isn't really off-topic here. And maybe it's better than bumping that topic for that.

 

 

Does anyone have a working copy of this .rar they can send me? The one from the top post comes up as corrupted.

 

Actually, it works for me. When you click that link, you need to click on "/mempatch.rar". Actually, right-click and choose "Save Target As" etc (using Firefox, when I initially just clicked the link it opened the rar in FF showing the text ).

 

Also, Xieon's patch and INI code converter are included in the latest SB download.

[Seemann 273]

 

Does anyone have a working copy of this .rar they can send me? The one from the top post comes up as corrupted.

 

That's the link

[Seemann 273]

I realized that the way of changing memory I described above (through the arrays) is working only when you change memory value with 32-bit value (dword). But if you need change the only byte (or word) and use this way it also rewrites the neighbour bytes.

 

Though, to change the byte in game memory you need

 

1. Read memory address (you get DWORD value)

2. Change ITS byte(-s) using set_bit, clear_bit opcodes; so you will change only specified bytes

3. Rewrite the whole address with the new value

 

The main thing is that we do not change any bytes except those needed to be changed.

 

 

// [email protected] -address// [email protected] -new value// [email protected] -length (in bytes)//--write specified number of bytes into memory:MemoryWrite    0085: [email protected] = [email protected] [email protected] /= 4 [email protected] *= 4           // memory address 0062: [email protected] -= [email protected]    // offset (0, 1, 2, 3)  :_GetInitValue      // if you specify mem offset in [email protected], you're able to gosub here gosub @MemoryRead // get initial value [email protected] *= 8 // bytes -> bits [email protected] *= 8 dec([email protected]) for [email protected] = 0 to [email protected]   if     08B6: test [email protected] bit [email protected]    then     08BF: set [email protected] bit [email protected]    // 1   else     08C5: clear [email protected] bit [email protected]  // 0   end    inc([email protected]) // next memory bit end     008A: &0([email protected],1i) = [email protected]  // write new value return//--write 32-bit value into memory-----------:MemoryWrite32bit [email protected] -= 0xA49960 [email protected] /= 4 008A: &0([email protected],1i) = [email protected]   return//--read 32-bit value from memory-----------:MemoryRead [email protected] -= 0xA49960 [email protected] /= 4 008B: [email protected] = &0([email protected],1i)return//-------------------------------------------

 

 

So, example of using that. It shows how to remove annoying text box saying "To stop Carl..." when the player first time stealing a car:

 

 

[email protected] = 0xC0BC15 //  [email protected] = 1        //  [email protected] = 1        //  LENGTH (Byte)gosub @MemoryWrite....

 

 

[Demarest 23]

I tried doing that in VC once. Even though I was only changing the one byte, I was crashing the game. I'm assuming that's because I was also trying to write to read-only bytes? Not sure, but not once was I able to get it to work

[random_download 0]

I tried doing that in VC once. Even though I was only changing the one byte, I was crashing the game. I'm assuming that's because I was also trying to write to read-only bytes? Not sure, but not once was I able to get it to work

I think writing to read-only values would just mean that they don't get written to (ie. nothing happens). The game would crash however if you write to an address that doesn't exist.