Manipulating SA game memory for fun and profit

[Xieîn]

Here is definitely a new thing, that i think can essentially expand opportunities of mission coding.

 

Link: http://xieon.by.ru/mempatch.rar

 

Note that this tool i made a one month ago from zero (i did not release it owing to my absence)

and it hasn't any relation to the neighbour topic (and to any other eariler topic), i am surprised by it .

 

The program inside archive represents a special patch for GTA:SA that literally adds to

the game three new opcodes, replacing with itself some NOPs:

 

 

00C3: read_mem_address [ ] type [ ] value_to [ ]

 

 

This new opcode reads value of specified mem address (with new 0181 - any game address) and

writes it to the global or local variable. You may specify how much to read - 8 bit value (byte),

16 bit (word) or 32 bit (dword).

 

 

00C4: write_mem_address [ ] type [ ] value [ ]

 

 

This opcode same as previous except that it writes memory but not reads.

 

 

0181: virtual_protect_change_at [ ] size [ ] new_protect [ ]

 

 

And this opcode is maybe most unstandard. It allows to call VirtualProtect WinAPI

function directly from SCM, as you know it can unlock any address, which cause

AccessViolation exception (or game crash in SA) when accessing to it. So all reasonable

game memory can get in your hands.

 

All other information and why the CyQ's mem-technique for VC became impossible in SA

in the readme.

 

--- Advantages

 

- Easiest to use and absence of necessity to use variables, to do any actions

and to write any mission code for make this focus working.

- Flexibility - you can specify size of value when accessing to the memory and

write real address, what it is anywhere (one action - convertion from HEX to INT, but

in new SB it will be possible to specify hex and other numeric formats for values).

- Presentation of the mnemonics of the opcodes.

- Very small size of the patch (~14 kb without docs).

 

--- Disadvantages

 

- Without patch it doesn't work, but i can add to the next version opcode, by means of

which it will be possible to check up its presence and avoid game crash.

 

Most likely in new SB also will be built-in functions based on this tool for works with memory.

 

***

I very much wait for any wishes or criticism from you, and forgive me for my dreadful grammar

In theory, by similar approach it is possible to carry out calls to other API functions (just present the opening opportunities) and to make, for example, full working MP3 player, operated by the SCM opcodes, and many many other.

 

Have fun with it.

Cheers, Xieon.

Edited September 22, 2006 by Xieîn

[Demarest]

All other information and why the CyQ mem-technique for VC became impossible in SA in the readme.

Actually, documentation of an all natural method of doind exactly that has begun unfolding here.

 

 

You may specify how much to read - 8 bit value (byte), 16 bit (word) or 32 bit (dword).

Okay, NOW you have my UNDIVIDED attention That's fabulous.

 

Question. How independent is this patch? There must be a dozen different EXE's out there. For example, I run the Hoodlum no-DVD EXE, modified to bypass the opening splash screens. Will this patch work with that EXE? Can you document various EXE supports so that as we begin to author SCM's requiring this patch, we can forward the documentation to our users?

[Y_Less]

I can't download the file, it just comes up as pure text, not a rar download.

 

Also, does the readme cover what I went over here (different to Dems topic): http://www.gtaforums.com/index.php?showtopic=217910&st=20

[pdescobar]

 

I can't download the file, it just comes up as pure text, not a rar download.

Just right-click the eventual download link and choose "Save As" and you should be able to download it properly; worked for me.

 

@Xieon: Wow. This is brilliant. Ran the gravity change in the readme as a quick test and it worked flawlessly. If this patch will work on all the different SA versions, it's unbelievably useful considering the hoops we have to go through to change memory via the stat opcodes and the limits there. Also, have you considered supplying a "loader" in addition to the patch? There's no good reason for that request aside from the fact that some are more comfortable with that method.

[daxton]

Wow! This is my dream come true! I didn't see any way to access the lower (not to mention protected) memaddresses with the recent stat opcode discovery, but your patch solves this!

Thank you so much!

Now I can recreate edisoncarter's PS2 gravity code. If I could only figure out the NESW directional gravity...

 

PS: Hello, I'm new

[P.I.M.P_PL]

maybe somebody can tell me adress in memory of:

 

scm block(main) limit and object ides limit??

[Lancast]

Could someone reupload the program?

[Deji]

Could someone reupload the program?

You don't need it. It's implemented with CLEO Library. Just use the new opcodes.

[Lancast]

I never did this stuff before so I have no idea how to add opcodes, I need to add those 2 to gta_sa.exe

Enable Multiple SA Windows:

0x7468E0 : (func) CheckForOtherSA(void)

0x74872D : (asm) call CheckForOtherSA (NOP this in the exe)

 

Could you tell me how to do it please?

[Deji]

I never did this stuff before so I have no idea how to add opcodes, I need to add those 2 to gta_sa.exe

Enable Multiple SA Windows:

0x7468E0 : (func) CheckForOtherSA(void)

0x74872D : (asm) call CheckForOtherSA (NOP this in the exe)

 

Could you tell me how to do it please?

Mmm, I think this might work?

 

 

0A8C: write_memory 0x7468E0 size 1 value 0 virtual_protect 0

 

 

You might have to mess with the size and virtual_portect values, though

[Lancast]

Could you please tell me how to apply this? I'm a complete newbie to this stuff.

Btw. I have found those 2 memory addresses I in program called HIEW32, but when I edit those values I dunno what to type

Maybe could you please make an exe like that for me? Im using the 1.0 Hoodlum exe

Edited July 23, 2009 by Lancast