Reading memory addresses

[Bennington]

Hey modder

just got some crisis with memory addresses recently

My problem is that I wanna check which immunities a car has.

What I found on GTAModding:

 

    * 0xB6F980 - Is the direct pointer to the pool start (CVehicle)

    * 0xBA18FC - Current vehicle pointer:

          o 0 = on-foot

          o >0 = in-car

    * 0x969084 - First vehicle you got into

 

Note: To get the next vehicle, so the second one, you need to add +0x4 as many times you want. They are 0 if you haven't entered a first/second/third/etc car yet.

 

    * 0xB74494 - Contains a pointer

 

This pointer:

 

    * +0 = Contains a pointer to the first element in the pool

    * +4 = Contains a pointer to a byte map indicating which elements are in use

    * +8 = [dword] Is the maximum number of elements in the pool

    * +12 = [dword] Is the current number of elements in the pool

 

Each vehicle object is 2584 (0xA18) bytes. It starts at 0xC502AA0.

 

# +66 = [byte] Is the BP/EP/DP/DP (Special Flags) status of the car as follows:

Add these values, and write the sum into +66

 

    * 1 = n/a

    * 2 = n/a

    * 4 = bullet-proof

    * 8 = fire-proof

    * 16 = damage-proof (from collisions etc)

    * 32 = n/a

    * 64 = n/a

    * 128 = explosion-proof

 

 

 

OK, well... but how to use it?!?

There isn´t even a documentation or something how to use memory addresses on the page.

Just love you guys if you could refer me to a good one

Greetz Bennington

Edited November 25, 2010 by Bennington

[Adler]

Yo I wrote this script just now (tested and working). When you type "IMMUNE" in a car the script checks what immunities the player's car has and displays them on the screen. The function getCarImmunities can be used for any car whose handle you pass to it.

 

{$CLEO .cs}{   GTA SA Check Car Immunities Script   Created by: Adler}const   ANY_CAR    = [email protected]   BULLETP    = [email protected]   FIREP      = [email protected]   EXPLOSIONP = [email protected]   CRASHP     = [email protected]: Starting code...while true   wait 250   if and       00DF:   actor $PLAYER_ACTOR driving       0ADC:   test_cheat "IMMUNE"   then       0811: ANY_CAR = actor $PLAYER_ACTOR car // versionC       gosub @checkLastChar       while  00DF:   actor $PLAYER_ACTOR driving           wait 0           0AB1: call_scm_func @getCarImmunities 1  car_handle: ANY_CAR  store_to: BULLETP FIREP EXPLOSIONP CRASHP           gosub @textShow           if               0ADC:   test_cheat "IMMUNE"           then               gosub @checkLastChar               break           end       end       00BE: text_clear_all   endend:checkLastCharwhile  0AB0:  key_pressed 0x45 // E   wait 0endreturn:getCarImmunities0A97: [email protected] = car [email protected] struct000A: [email protected] += 660A8D: [email protected] = read_memory [email protected] size 1 virtual_protect 0if   [email protected] >= 128then   [email protected] = 1 // Explosionproof = True   [email protected] -= 128else   [email protected] = 0 // Explosionproof = Falseendif   [email protected] >= 16then   [email protected] = 1 // Crashproof = True   [email protected] -= 16else   [email protected] = 0 // Crashproof = Falseendif   [email protected] >= 8then   [email protected] = 1 // Fireproof = True   [email protected] -= 8else   [email protected] = 0 // Fireproof = Falseendif   [email protected] == 4then   [email protected] = 1 // Bulletproof = Trueelse   [email protected] = 0 // Bulletproof = Falseend0AB2: ret 4  [email protected] [email protected] [email protected] [email protected]:textShow00BE: text_clear_all045A: draw_text_1number 50.0 150.0 GXT 'NUMBER' number BULLETP045A: draw_text_1number 50.0 170.0 GXT 'NUMBER' number FIREP045A: draw_text_1number 50.0 190.0 GXT 'NUMBER' number EXPLOSIONP045A: draw_text_1number 50.0 210.0 GXT 'NUMBER' number CRASHPreturn

 

[Bennington]

 

0A97: [email protected] = car [email protected] struct000A: [email protected] += 660A8D: [email protected] = read_memory [email protected] size 1 virtual_protect 0

 

 

That´s the whole deal? Lol... I thought it would be way harder, look at BnBs CPed topic and you know what I mean...

Anyway, that page isn´t that comprehensible to me all way...

Thanks

[Silent]

Adler, it will be more accurate (and shorter) via bit checking.

 

 

0AB1: call_scm_func @getCarImmunities 1 car_handle: ANY_CAR store_to: BULLETP FIREP CRASHP EXPLOSIONP :getCarImmunities0A97: [email protected] = car [email protected] struct000A: [email protected] += 0x420A8D: [email protected] = read_memory [email protected] size 1 virtual_protect 0if   08B7:   test [email protected] bit 7then  0006: [email protected] = 1 // Explosionproof = Trueelse  0006: [email protected] = 0 // Explosionproof = Falseendif  08B7:   test [email protected] bit 4then  0006: [email protected] = 1 // Crashproof = Trueelse  0006: [email protected] = 0 // Crashproof = Falseendif  08B7:   test [email protected] bit 3then  0006: [email protected] = 1 // Fireproof = Trueelse  0006: [email protected] = 0 // Fireproof = Falseendif  08B7:   test [email protected] bit 2then  0006: [email protected] = 1 // Bulletproof = Trueelse  0006: [email protected] = 0 // Bulletproof = Falseend0AB2: ret 4 [email protected] [email protected] [email protected] [email protected]

 

 

 

Yeah, I know that SCM func sets vars to 0 by default, but it is buggy for me (in CLEO3, CLEO4 has it OK).

[Adler]

Yeah I wasn't sure of how to use the bit stuff (even after reading Deji's tutorial for it) so that's why I didn't use it.

 

But thanks for incorporating the bit stuff into the function. I'll study it so I can learn how to use it.

[Bennington]

Wait... - I´m losing thread.

So it can´t be dealed with only that three lines?

Can anyone describe me the near effect of 0AB1 and 08B7?

[Adler]

0AB1 calls an SCM function in your script at the label (first param). The second param defines how many variables to pass to the function and the next set of params defines those variables. The set of params after the passed variables retrieves variables from the function by 0AB2. Here's SannyBuilder Help's example (modified a bit by me):

 

[email protected] = 50AB1: call_scm_func @GetSQR  vars: 1  passed_vars: 10  store_to: $resultend_thread.....: GetSQR006A: [email protected] *= [email protected] // 10 is passed to the function as [email protected], any more variables passed on will be [email protected] [email protected] and so on.0AB2: ret  vars: 1  return: [email protected] // [email protected] will be stored to $result

 

The local vars used in SCM functions will not affect local vars used elsewhere in the script unless they are returned by 0AB2 so you can any vars in the function without worrying about it messing up any other part of your script.

 

And here's Deji's Tutorial on bits.

 

The "three lines" are enough to read memory but since you said:

 

My problem is that I wanna check which immunities a car has.

I expanded it to a function that will return each immunity that a car has and displays it on-screen. The function was necessary because the address has the sum of all the immunities so I had to do some reverse-math to separate them and find out which separate immunities the car has rather than the sum of them.

Edited December 4, 2010 by Adler

[Bennington]

Ah, thank you.

That math thing was already comprehensible to me.

And I´m understanding the bit thing now, too

But why am I needing 0AB1?

Can´t I just insert

 

03C0: [email protected] = actor $PLAYER_ACTOR car0A97: [email protected] = car [email protected] struct000A: [email protected] += 0x420A8D: [email protected] = read_memory [email protected] size 1 virtual_protect 000D6: if08B7:   test [email protected] bit 7then0006: [email protected] = 1 // Explosionproof = Trueelse0006: [email protected] = 0 // Explosionproof = False00D6: if08B7:   test [email protected] bit 4then0006: [email protected] = 1 // Crashproof = Trueelse0006: [email protected] = 0 // Crashproof = False00D6: if08B7:   test [email protected] bit 3then0006: [email protected] = 1 // Fireproof = Trueelse0006: [email protected] = 0 // Fireproof = False00D6: if08B7:   test [email protected] bit 2then 0006: [email protected] = 1 // Bulletproof = Trueelse 0006: [email protected] = 0 // Bulletproof = False

 

in my script? What are the advantages of that opcode?

Edited December 5, 2010 by Bennington

[Adler]

Well I guess you could do that too lol but I like SCM functions because all you have to do is paste the function somewhere in the script and pass on some vars using 0AB1 to the function and get whatever you want. Then you'd be able to use the function repeatedly throughout the script with 0AB1 without wasting bytes pasting the code wherever you need it but gosubs can do the same too.

 

The only times when SCM functions are more advantageous than gosubs are when the functions use too many variables to share with the rest of your script and when the number of passed and received variables does not exceed the number of variables used in the function (since vars used in SCM functions don't affect anything else in the script).

[Bennington]

Thanks, then I will try 0AB1.

By the way, can I choose the names for SCM functions on myself?

[TheSiggi]

Of course since they access a label it will be renamed when the script is decompiled into the enumerated string you defined with 'name_thread' or simply NONAME

cheers