Help with Memory Addresses (SA)

[Rapper_skull]

Hello, I have SA v1.0 EUR No-CD and I'm exploring memory with HxD, but I have two problems:

1) Some addresses are the same as the one I find here: http://www.gtamodding.com/index.php?title=Memory_Addresses_(SA) like money etc. but I can't understand why CPed is not the same. According to that X coordinate of the player should be at 0xB6F634 (CPed + 0x14 + 0x30) but mine is at B6FF74. Am I doing calculations wrong or there is a difference between original and No-CD? Is there a table for shifting between 1.0 and 1.01, US and EUR, original and no-cd, etc.?

2) How do I convert rotation matrix to numbers? For coordinates I use this: http://www.binaryconvert.com/convert_float.html but how can I convert the rotation matrix to sexagesimal angle?

 

Thanks in advance for your help!

[Jack]

1)Try this:

0A96: [email protected] = actor $PLAYER_ACTOR struct // CPed
000A: [email protected] += 0x00

2)

DWORD = 2 WORDs = 4 bytes = integer
0093: [email protected] = integer [email protected] to_float

I'm not sure if the float result will be in degrees or radians but if it's in radians continue with this:

0007: [email protected] = 3.14159265358979 // pi
006B: [email protected] *= [email protected]  // (float)
0017: [email protected] /= 180.0

Or go here:

http://www.mathinary.com/degrees_radians.jsp

[Rapper_skull]

This is in CLEO script I guess, what is the mathematical formula for this conversion?

[Silent]

US and EU .data sections (where your CPed is) are a bit shifted.

 

For gettng an angle from a rotation matrix, this may be a good read:

https://truesculpt.googlecode.com/hg-history/38000e9dfece971460473d5788c235fbbe82f31b/Doc/rotation_matrix_to_euler.pdf

[Rapper_skull]

OK I found my rotation (on the X angle I guess) at B7684C while it should be at B6FF44-B6FF6F. This is driving me crazy. Let's suppose I want to write a trainer, how can I make it compatible with all versions? Is there a shifting table?

[Silent]

You could read a proper pointer from .text section, these are constant at least between US and EU versions.

[Rapper_skull]

Please explain better.

[Silent]

You should be able to get player's CPed pointer reliably by reading an address from 0x442E06, then reading the result again - the retrieved address is player's CPed address. Then you just add specific offsets to it and done.

[Rapper_skull]

The address 0x442E06 is in memory or from the .text file in gta_sa.exe? Because all I see is CC CC CC CC.

[Silent]

It's from game memory.

[Rapper_skull]

When I go to offset 442E06 I see 98 CD B7 00 that reversed is address 0xB7CD98 at that address I find a value that changes every time I run the game, now is 10 CE 66 0A that reversed is 0xA66CE10. Considering this as the CPed X coordinate should be at 0xA66CE54, but all I find is 00 00 00 00. What I'm looking for is at 0xA7E3450 (the nearest one). What am I doing wrong?

[fastman92]

When I go to offset 442E06 I see 98 CD B7 00 that reversed is address 0xB7CD98 at that address I find a value that changes every time I run the game, now is 10 CE 66 0A that reversed is 0xA66CE10. Considering this as the CPed X coordinate should be at 0xA66CE54, but all I find is 00 00 00 00. What I'm looking for is at 0xA7E3450 (the nearest one). What am I doing wrong?

Please get IDA Pro 6.1 and then you can start analysis, you'll see what's wrong and what's right in game memory.

I can send you an IDB file of:

 

GTA San Andreas v1.0 [uS] No-CD Fixed ExeGTA San Andreas v1.01 [EURO] No-CD Fixed EXE

With some creativity you can disassemble another gta_sa.exe and find addresses you need based on known addresses from 'GTA San Andreas v1.0 [uS] No-CD Fixed Exe'.

 

0xA66CE54 - 0xA66CE10 = 0x44

 

 

00000000 CPed struc ; (sizeof=0x79C)00000000 __parent CPhysical ?...

00000000 CPhysical struc ; (sizeof=0x138)00000000 __parent CEntity ?00000044 m_vVelocity RwV3D ?00000050 m_vAngularVelocity RwV3D ?

0x44 - m_vVelocity

Finding a current XYZ position of ped may be a bit hard when making a trainer without a DLL attached to gta_sa.exe process that could call functions easily.

That's how 00A0: store_actor $PLAYER_ACTOR position_to $TEMPVAR_FLOAT_1 $TEMPVAR_FLOAT_2 $TEMPVAR_FLOAT_3

command works

 

case 0xA0:CRunningScript__CollectParameters(this, 1u);v62 = CPool_CPed__getStructByHandle(CPools__ms_pPedPool, opcodeParameters[0]);v63 = v62->PedFlags.Flags1;if ( BYTE1(v63) & 1 && (v64 = v62->pVehicle) != 0 ){v65 = v64->__parent.__parent.__parent.m_pCoords;if ( v65 )v66 = &v65->matrix.pos;elsev66 = &v64->__parent.__parent.__parent.placement.pos;}else{v67 = v62->__parent.__parent.__parent.m_pCoords;if ( v67 )v66 = &v67->matrix.pos;elsev66 = &v62->__parent.__parent.__parent.placement.pos;}a2[0] = v66->x;a2[1] = v66->y;v68 = v66->z;opcodeParameters[0] = LODWORD(a2[0]);v135 = v68;opcodeParameters[1] = LODWORD(a2[1]);opcodeParameters[2] = LODWORD(v68);CRunningScript__StoreParameters(v2, 3);return 0;

Edited October 30, 2013 by fastman92

[Rapper_skull]

I got IDA Pro but it is the same: the address I am looking for isn't where it should be.