[JernejL]

and here is same topic as for gta vc memory exploring, san andreas is out in usa and will be soon in europe and rest of the world, some addresses were already posted in
the vc memory topic, so you can start with clean topic here, now get back to work

[random_download]

0xA49960 = start of scm block

[jacob.]

00B74490 = Pool of CPed structures
00B74494 = Occupied CVehicle (Player when on foot)
CPed + 0x540 = Health. (float)

[LATE EDIT] Removed innacurate information.

This post has been edited by jacob. on Friday, Nov 4 2005, 20:41

[Hammer83]

0x464080 - GetOpcodeParameters()
0xA43C78 - Where the routine above stores opcode parameters values. Max 16 paramters for an opcode it seems.
0x53BC80 - LoadGame(char* fileName), initializes all data structures and loads fileName (which is gta.dat).
0x5B9030 - LoadMapDefinitionFile(char* fileName), parses and loads dat-files, such as default.dat and gta.dat.
0x550F10 - AllocatePools(), allocates stuff which LimitAdjuster modifies, such as Peds and Buildings.
0x82119A - malloc(size_t size)
0x438480 - Looks like cheat processor

[jacob.]

0xB7CE50 - money
0xBAA420 - wanted level
0xB70153 - current hour
0xB70152 - current minute

CPed + 0x740 - current weapon

Display Settings
Look down a few posts.


This post has been edited by jacob. on Sunday, Jun 25 2006, 00:45

[ModelingMan]

CPed + 0x718 = Current weapon slot. (1 byte)
CPed + 0x5A0 = Start of weapon data. Each slot has 28 bytes.

[Stretchnutter]

CPed + 0x14 = pointer to XYZ position structure (and rotation)

0x863984 = gravity

[jacob.]

Stretchnutter, I had a look into XYZ and found these:

Player + 368 = x pos
Player + 372 = y pos
Player + 376 = z pos

Values appear to be read-only.

[Stretchnutter]

yea... these are not read only though.

DWORD(CPed+0x14) + 0x30 = XPos
DWORD(CPed+0x14) + 0x34 = YPos
DWORD(CPed+0x14) + 0x38 = ZPos

DWORD(CPed+0x14) + 0x0 to 0x2C is the rotation matrix


Its much different from vice city. looks like there are a bunch of coordinates at this location.. could be the traffic cars.


maybe i should write a teleporter

[random_download]

coords are DWords not floats?

[ModelingMan]

I have started to label some functions in IDA, here is my current list, it's not much but it's a start
Linkage.

CPed block size = 0x7C4 bytes.
CVehicle block size = 0x0A18 bytes.

Also the maximum amount of vehicles and peds loaded are the same as VC.

QUOTE (By random Posted on Jun 9 2005 @ 07:29)

coords are DWords not floats?

No, read his last post, he says that the dword pointer at (CPed + 0x14) leads you to XYZ and rotation.

Edit:
0x00B6F3B8 = Player CVehicle pointer.
0x00B6F5F0 = Player pointer.

This post has been edited by ModelingMan on Thursday, Jun 9 2005, 09:19

[Squiddy]

Values of all these addresses are saved in gta_sa.set, so most of them should be options related. I see jacob allready found some. I have the problem not having sa at the moment, so I can't test them. If anyone has some time, he could test them please?

------------------------------------------------------
0xB6EC1C float - mouse sensitivity
0xC1CC02 byte
0xC1CC03 byte

0xBA6748
+ 0x4F BYTE
+ 0x50 BYTE
+ 0x52 BYTE
+ 0x4D BYTE
+ 0x51 BYTE
+ 0x3C 4 byte - brightness
+ 0xC4 BYTE
+ 0xC5 BYTE
+ 0xCC 4 byte (0xC8)
+ 0x40 4 byte - draw distance
+ 0x44 BYTE - subtitles
+ 0x4B BYTE
+ 0x4C BYTE
+ 0xD8 4 byte (0xD4)
+ 0xD0 BYTE
+ 0x21 BYTE - hud switch
+ 0x24 4 byte
+ 0xB0 BYTE
+ 0xE8 BYTE - Store Gallery Photos
+ 0xB1 BYTE
+ 0xB2 BYTE
+ 0xB3 BYTE
+ 0xB4 BYTE
+ 0xB5 BYTE
+ 0xB6 BYTE
+ 0x4A BYTE - legend switch
+ 0xAC 4 byte

Added the addresses jacob found, hope it's okay.

Update
+ 0x84 BYTE

This post has been edited by Squiddy on Thursday, Jun 9 2005, 21:05

[aad]

Are memory adresses for cheats welcome if so ill hunt some adresses down and ill post them later it really takes long on my old 1,55 GHZ

[Sobeit]

QUOTE (aad @ Jun 9 2005, 15:09)

Are memory adresses for cheats welcome if so ill hunt some adresses down and ill post them later it really takes long on my old 1,55 GHZ

no, new adresses are not welcome.....wtf were you thinking?

[jacob.]

Thanks for that, squiddy. Figured out what they all did.
All are byte values unless stated otherwise..

Display Settings
0xBA6784 - Brightness [long]
0xBA6792 - Legend
0xBA676C - Radar Mode
0xBA6769 - Hud Mode
0xBA678C - Subtitles
0xBA6830 - Store gallery photos
0xBA6788 - Draw Distance [long]
0xBA6794 - Frame limiter
0xBA6793 - Widescreen
0xA9AE54 - Visual FX Quality
0xBA680C - Mip Mapping
0xBA6814 - Antialiasing [1 = off, 2 = 1, 3 = 2, 4 = 3]
0xBA6820 - Resolution [640x480=11, 800x400 = 12, 800x600=13, 1024x1068=15]

Sound Configuration
0xBA6798 - Radio Volume [0 through 64]
0xBA6797 - SFX Volume [0 through 64]
0xBA6799 - Radio Equalizer
0xBA6795 - Radio Auto-tune
0xBA67F8 - Usertrack/Play mode [0 = radio, 1 = random]
0xBA680D - Usertrack/Automatic Media Scan
0xBA679A - Radio Station [0 through 11, 12 = usertrack player]

Controller Configuration
0xBA6818 - Controller Configuration [0 = mouse+keys, 1 = joypad]
0xB6EC1C - Mouse sensivity [float]

Interesting enough, none of the other controller/mouse config is in the structure squiddy posted. Perhaps its located somewhere else.


This post has been edited by !cMc! Jacob on Sunday, Jun 12 2005, 03:06

[QJimbo]

woo Delfi we are getting in there early
$B70152 : Minutes
$B70153 : Hours (note $0F = 15:00 rather than 16:00)

EDIT: Ack in my rush to post these I didn't notice !cMc! Jacob already had... oh well... it's the thought that counts

This post has been edited by QJimbo on Friday, Jun 10 2005, 03:41

[jacob.]

Player + 45 = Animation

This post has been edited by !cMc! Jacob on Sunday, Jun 12 2005, 03:04

[Stretchnutter]

Camera Stuff

0x52B730 = Start of camera 'MOVer' subroutine. set to 0xC3 (retn) to lock camera

0xB6F028 = Camera Block Start
0xB6F028-0xB6F0DB - Uknown stuff - mostly flags, pointers and some floats

0xB6F0DC = [dword]Current View
(0 = Bumper View / 1 = Close External View / 2 = Middle External View / 3 = Furthest External View / 4 = nothing(same as last?) / 5 = Cinematic View / 6 to INF = same as 4?) same as Vice... no top-down

0xB6F0E0 = [float]Car View Distance (arm length) read only
0xB6F0E8 = [float]True View Distance (true arm length)read only (freezing will cause it to be jumpy, as if final copy )


0x8CC3E0 to 0x8CC3F0 = [floats]Hard-Coded View Distances For Closest External View (ecx = 1) (read/write)
528B13 mov eax, ds:dword_0_8CC3E0[edx*4]
edx = vehicle type (0 to 4) ?! normal car = edx = 0 | eax = true distance

0x8CC3F4 to 0x8CC404 = [floats]Hard-Coded View Distances For Middle External View (ecx = 2) (read/write)
528B24 mov eax, ds:dword_0_8CC3F4[edx*4]
edx = vehicle type (0 to 4) ?! normal car = edx = 0 | eax = true distance

0x8CC408 to 0x8CC418 = [floats]Hard-Coded View Distances For Furthest External View (ecx = 3) (read/write)
528B36 mov eax, ds:dword_0_8CC408[edx*4]
edx = vehicle type (0 to 4) ?! normal car = edx = 0 | eax = true distance

0xB6F97C = Pointer to TRUE? camera Matrix (freezing these has effect, as if final copy)
0xB6F99C to 0xB6F9DB = Camera Matrix (0xB6F99C + 0x30 = Xpos, etc...) read only, unless you write retn @ 52B730



EDIT:

Controls Stuff

0xB73458 = Start of controls block
read only unless the subroutine is disabled (not documented yet)
+ 0x20 = [word]Accelerate (255 = on / 0 = off)
+ 0x22 = [word]Brake
more...


EDIT2:

Text Stuff

write normal strings here (not unicode)

0xBAA7A0 = Top Left Text Box [eg; Cheat activated] (disappears after few seconds)
0XBAADC0 = Busted/Wasted Text Box - Center screen...displayed until first byte is null

This post has been edited by Stretchnutter on Friday, Jun 10 2005, 14:19

[Squiddy]

Controller Configuration
0xC1CC02 - BYTE - Steer with mouse
0xC1CC03 - BYTE - Invert mouse vertically

[steve-m]

QUOTE (!cMc! Jacob @ Jun 9 2005, 22:33)

0x?????? - Visual FX Quality

it's at 0xA9AE54 [0 - 3]