Jump to content
    1. Welcome to GTAForums!

    1. GTANet.com

    1. GTA Online

      1. Los Santos Drug Wars
      2. Updates
      3. Find Lobbies & Players
      4. Guides & Strategies
      5. Vehicles
      6. Content Creator
      7. Help & Support
    2. Red Dead Online

      1. Blood Money
      2. Frontier Pursuits
      3. Find Lobbies & Outlaws
      4. Help & Support
    3. Crews

    1. Grand Theft Auto Series

      1. Bugs*
      2. St. Andrews Cathedral
    2. GTA VI

    3. GTA V

      1. Guides & Strategies
      2. Help & Support
    4. GTA IV

      1. The Lost and Damned
      2. The Ballad of Gay Tony
      3. Guides & Strategies
      4. Help & Support
    5. GTA San Andreas

      1. Classic GTA SA
      2. Guides & Strategies
      3. Help & Support
    6. GTA Vice City

      1. Classic GTA VC
      2. Guides & Strategies
      3. Help & Support
    7. GTA III

      1. Classic GTA III
      2. Guides & Strategies
      3. Help & Support
    8. Portable Games

      1. GTA Chinatown Wars
      2. GTA Vice City Stories
      3. GTA Liberty City Stories
    9. Top-Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    1. Red Dead Redemption 2

      1. PC
      2. Help & Support
    2. Red Dead Redemption

    1. GTA Mods

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Red Dead Mods

      1. Documentation
    3. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    4. Featured Mods

      1. Design Your Own Mission
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Rockstar Games

    2. Rockstar Collectors

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Movies & TV
      5. Music
      6. Sports
      7. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    1. Announcements

    2. Forum Support

    3. Suggestions

Overwriting inside gtasa.exe instrucion?


Recommended Posts

Hi. I'm decompiling a cleo script that i'm interested to reutilize. But the decompiled has some errors, and if any of you know about assembler and overwriting in memory addresses, maybe you can help me completing the missing info in this decompiled result.

First of all, i want to start mentioning i don't know assembler!

// The addresses in this code correspond to CHud::DrawAreaName region of gta_sa.exe0AC6: [email protected] = label @Noname_6480 offset // Decompiling bug: Label not [email protected] -= 0x58AD9E // suspicious value0A8C: write_memory 0x58AD99 size 1 value 233 virtual_protect 1 0A8C: write_memory 0x58AD9A size 4 value [email protected] virtual_protect 1

Let's see...

IDA Pro view:


Cheat Engine view:


If i understand well, 0x58AD99 takes me to the E8 (232), that correspond to "call" instruction, and the code is modifying it to "233"? and then is rewriting the address of the pointer 0x58AD9A??

[email protected] -= 0x58AD9E // suspicious value

And if i take literally the value 0x58AD9E, it corresponds to the direction of the instruction "push edi", the next line after the "call _setFontShadowRGBA"?



Anyways, the question is, how can i rewrite this part of code in order to obtain the intended result (which is modify something related to visual style in the Area/Zone Info Text)? What it was supposed to have the label @Noname_6480 in terms of hex ... end?



Thanks in advance.

Edited by Sloth-
Link to comment
Share on other sites

Sorry, maybe my first post was incomplete.


I browse the same memory region with the original cleo script running, to see the differences and i found this:




The instruction

(binary representation)

0058AD99: E8 72E71800

(cheat engine representation)

0058AD99: call    gta_sa.exe + 319510

(ida pro representation)

0058AD99: call    __setFontShadowRGBA

Was replaced by the CLEO script to:





(binary representation)

0058AD99: E9 FA4BB103

(cheat engine representation)

0058AD99: jmp    0409F998

And then this Address 0x0409F998 has:




The address executes the same instruction "call gta_sa.exe+319510", which i guess is "call __setFontShadowRGBA".


I'm trying to go to address 0x0409F998 from IDA Pro, and it fails, so i guess this address is outside gta_sa.exe.



I really don't understand the logic of all this, but all i can guess is the effect. If i run original CLEO script, the Zone Text is this:





But when i run my decompiled script omitting that previous block of code, i obtain this:




So, my guess is that block of code is changing the Zone Text fontstyle...


(Yes, the script is for convert GTA SA HUD into GTA III styled HUD!).



That's all i can comment for now, but question still remains: what can i do to my label @Noname_6480 in order to still obtain same effect into script.

Edited by Sloth-
Link to comment
Share on other sites

From what I was able to see from here - the mod for the text style replaces the register (edi) with a value:

.text:0058AD99 018                 call    _ZN5CFont12SetDropColorE5CRGBA ; CFont::SetDropColor(CRGBA).text:0058AD9E 018                 push    edi             ; font.text:0058AD9F 01C                 call    _ZN5CFont12SetFontStyleEs

.text:0058AD99 018                 call    _ZN5CFont12SetDropColorE5CRGBA ; CFont::SetDropColor(CRGBA).text:0058AD9E 018                 push    1             ; font.text:0058AD9F 01C                 call    _ZN5CFont12SetFontStyleEs

And here's how it works (this is just an example - some addresses are pointer values):


address         addressValueAsArray     asm instruction                                 array size      dword       dword       array                                          0058AD99        E9 66 93 9A 03          jmp     03F34104    //  03F34104 - 0058AD99     -   5       = 039A9366  =  039A9366 =  66 93 9A 0303F34104        E8 08 54 7E FC          call    00719510    //  00719510 - 03F34104     -   5       = -0381ABF8 = FC7E5408 =  08 54 7E FC03F34109        6A 01                   push    0103F3410B        E8 80 53 7E FC          call    00719490    //  00719490 - 03F3410B     -   5       = -0381AC80 = FC7E5380 =  80 53 7E FC03F34110        E9 8A 6C 65 FC          jmp     0058AD9F    //  0058AD9F - 03F34110     -   5       = -039A9376 = FC656C8A =  8A 6C 65 FC

the result:

0058AD99    //  jmp     03F341040058AD9E    //  nop 10058AD9F    //  nop 5raw data (output file):03F34104        call    _ZN5CFont12SetDropColorE5CRGBA03F34109        push    01  //  textStyle      03F3410B        call    _ZN5CFont12SetFontStyleEs03F34110        jmp     0058AD9F

In other words the code jumps to some external code snippet (an output which contains raw data) then jumps back to the close memory position alowing the executable to continue like nothing happened.
It's an old scm trick used by many people. Edited by Jack
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • 1 User Currently Viewing
    0 members, 0 Anonymous, 1 Guest

  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.