[QJimbo]

QUOTE (SubConscious @ Jun 13 2005, 15:27)

surely i can use the US exe with my EU install? i've seen it before where they release different versions of the same patch for different regions, but they worked on all of them.

I don't know about the UK version, but I know that the German version has been censored in a few ways, e.g. peds don't drop cash when you kill them, you can't mutilate bodies, etc. All headache causing things for the trainer maker -_-

[Squiddy]

QUOTE (!cMc! Jacob @ Jun 14 2005, 05:17)

Why? Aren't both VisualProtect and memset functions that can be called from external processes? It appears to me like all you'd need is a program that loads gta_sa.exe, then immediatly NOP's 0x747483.

Of course, but this is just a temporary solution. What if others want to make changes like these? We have to think about a standard for this, one major dll that loads all others.

[steve-m]

Don't we have that already?

[Squiddy]

QUOTE (steve-m @ Jun 14 2005, 13:00)

Don't we have that already?

Wasn't sure if hammer's work has been officially announced, but okay, one problem we don't have to think about anymore.

[Stretchnutter]

QUOTE (kyeman @ Jun 14 2005, 04:00)

QUOTE (Opius) [EDIT]And a request: I'd love if someone could find a way to remove the EAX/Nvidia splash screens, the intro movie and the intro splash screen. Tedius as sh*t after the first time. CODE #define NOP 0x90 DWORD d,ds; *(PBYTE)0xC8D4C0 = 5; VirtualProtect((PVOID)0x747483,6,PAGE_EXECUTE_READWRITE,&d); memset((PVOID)0x747483,NOP,6); VirtualProtect((PVOID)0x747483,6,d,&ds); You'd have to use this with something that gets inprocess with gta_sa. I've had to resort to using a loader since we lost the Miles Sound System *sniff* .

found an easier way.

also give a quick tutorial how to use HIEW.

First you will want to make sure you backup gta_sa.exe

These instructions are for the USA version 1.0*

Download HIEW here: http://www.serje.net/sen/

Unzip then run HIEWDEMO.EXE

Browse to gta_sa.exe and load it

You should see a bunch of wierd text. Press F4 then select 'Decode'.
Now it should look like something familiar to you ASM heads.

For the no intro hack do the following:

press F5 then type ".00748AA8" without the parenthesis

at this address you should see
push ebx
pusi edi...


at this point press F3 then type the following exactly: C7 05 C0 D4 C8 00 05 00 00 00 EB DF
without the spaces.

basically this says
mov dword ptr [0xC8D4C0],5
jmp 748A93


the region we are writing code to is called when 0xC8D4C0 = 0x0 just to give a little insight

when you are done press F9 (save) then press F10 (quit)

now when you load the game you are taken directly to the main menu.

No loader or trainer...

This post has been edited by Stretchnutter on Tuesday, Jun 14 2005, 13:29

[random_download]

B793D4: Float, Fat stat
B793D8: Float, Stamina stat
B793DC: Float, Muscle stat

B79496: Float, pistol stat
B79498: Float, silenced pistol stat
B7949C: Float, desert eagle stat
B794A0: Float, shotgun stat
B794A4: Float, sawn-off shotgun stat
B794A8: Float, combat shotgun stat
B794AC: Float, machine pistol stat
B794B0: Float, smg stat
B794B4: Float, AK47 stat
B794B8: Float, M4 stat

[jacob.]

Racer.. in that case, all of the static offsets found with that patched executable would be a few bytes off from what others have found, right? The last thing we need is people coming in here and posting offsets that aren't correct for other people. Which is why some sort of "universal" executable should be chosen as we did with VC (1.0/1.1). Might I suggest the unpacked nocd patch?



This post has been edited by !cMc! Jacob on Saturday, Jun 18 2005, 23:18

[Stretchnutter]

QUOTE (!cMc! Jacob @ Jun 14 2005, 14:17)

Racer.. in that case, all of the static offsets found with that patched executable would be a few bytes off from what others have found, right? The last thing we need is people coming in here and posting offsets that aren't correct for other people. Which is why some sort of "universal" executable should be chosen as we did with VC (1.0/1.1). Might I suggest the unpacked nocd patch?

No that little tutorial only overwrites some code... HIEW is just a better way to do it compared to a hex editor because it accounts for the 'real' memory location. I would have some trouble finding the correct offset to edit with a hex editor.

[JernejL]

QUOTE (!cMc! Jacob @ Jun 14 2005, 19:17)

Racer.. in that case, all of the static offsets found with that patched executable would be a few bytes off from what others have found, right? The last thing we need is people coming in here and posting offsets that aren't correct for other people. Which is why some sort of "universal" executable should be chosen as we did with VC (1.0/1.1). Might I suggest the unpacked nocd patch?

right, now pm me where to get it.

btw, the game is on a dvd - not cd..

[Cowpat]

QUOTE (kyeman @ Jun 14 2005, 04:00)

CODE #define NOP 0x90 DWORD d,ds; *(PBYTE)0xC8D4C0 = 5; VirtualProtect((PVOID)0x747483,6,PAGE_EXECUTE_READWRITE,&d); memset((PVOID)0x747483,NOP,6); VirtualProtect((PVOID)0x747483,6,d,&ds);

Hooray! I've been trying to get VirtualProtect to work for two nights now - no more .rdata blues

Now I can switch gravity off with a button and slide dead peds around like ice pucks

[saracoglu]

I have found some time to have a closer look to the vehicle object, and compared to the gta3 and gtavc vehicles.
There are still a lot to check, but here are some memory offsets (as offset to player car adr.), and what they do:
(offsets are decimal)

66 Byte, Specials: 1..111.. EP/NA/NA/DP/FP/BP/NA/NA
68 Float, X (East-West) speed
72 Float, Y (North-South) speed
76 Float, Z (up-down) speed
80 Float, X (NS) Spin
84 Float, Y (EW) Spin
88 Float, Z (NW) Spin
140 Float, Mass (kg) from handling.cfg
144 Float, Turn Mass from handling.cfg
148 Float, Grip Divider (0.1=10xgGrip / 1=1xgGrip / 100=g/100Grip)
152 Float, Mass-to-Grip Multiplier. Ie. G Force when flying/during suspension/driving (acceleration towards ground)
160 Float, Normalized Grip Level
164 Float, CoM X
168 Float, CoM Y
172 Float, CoM Z
1076 Byte, Body Color (as in carcolors.dat, black being the 0)
1077 Byte, Stripe Color (as in carcolors.dat, black being the 0)
1080 DWord, modding data as in garage info
1084 DWord, modding data as in garage info
1088 DWord, modding data as in garage info
1092 DWord, modding data as in garage info
1096 DWord, modding data as in garage info
1100 DWord, modding data as in garage info
1104 DWord, modding data as in garage info
1108 DWord, modding data as in garage info
1112 Float, Car Wheel Size from vehicle.ide
1116 DWord, Siren Time Left ms
1216 Float, Car Damage Left (1000: undamaged)
1272 Dword, Car Door Locked State (1:open 2:locked)
1444 Byte, Car Wheels Shot: (.1.1.1..=NA/RF/NA/LB/NA/LF/NA/NA) RF:RightFrontWheel 1:shot, 0:OK
[EDIT]
Following offsets are Floats, as positions of doors and other car parts that gets detached by damage
We need to recalculate and set their locations if we warp a car from one location to another. Otherwise
the car spins uncontrollable:
1828 Detachables1 Pos X
1832 Detachables1 Pos Y
1836 Detachables1 Pos Z
1872 Detachables2 Pos X
1876 Detachables2 Pos Y
1880 Detachables2 Pos Z
1916 Detachables3 Pos X
1920 Detachables3 Pos Y
1924 Detachables3 Pos Z
1960 Detachables4 Pos X
1964 Detachables4 Pos Y
1968 Detachables4 Pos Z
[/EDIT]
[EDIT]
Here is the detachable locations for bikes. At each offset, there are 12 bytes, ie. 3 Floats having the X,Y and Z coords.:
+ 1532 BikeDetachPosAdr(0)
+ 1632 BikeDetachPosAdr(1)
+ 1676 BikeDetachPosAdr(2)
+ 1720 BikeDetachPosAdr(3)
+ 1764 BikeDetachPosAdr(4)
[/EDIT]
have a nice time hacking,
Alper

This post has been edited by saracoglu on Saturday, Jun 18 2005, 01:48

[jacob.]

QUOTE

Following offsets are Floats, as positions of doors and other car parts that gets detached by damage We need to recalculate and set their locations if we warp a car from one location to another. Otherwise the car spins uncontrollable: 1828 Detachables1 Pos X 1832 Detachables1 Pos Y 1836 Detachables1 Pos Z 1872 Detachables2 Pos X 1876 Detachables2 Pos Y 1880 Detachables2 Pos Z 1916 Detachables3 Pos X 1920 Detachables3 Pos Y 1924 Detachables3 Pos Z 1960 Detachables4 Pos X 1964 Detachables4 Pos Y 1968 Detachables4 Pos Z

That would explain why my velocity gets totally screwed when spawning in a vehicle.. do you know how these Detachable offsets are calculated? I'd imagine they'd be different for each vehicle, but it sure would be a pain to have to do a preset calculation for every single bloody car...

[saracoglu]

I guess you would just need to recalculate some values on runtime and assign them to the detachables.
You can even assign the car location directly to them. It is better than letting them have 0-0-0 as location values.


By the way, how do you 'spawn' a car?

[JernejL]

just subtract the detachables positions from current location, warp the car and sum
them with new location i assume..

[saracoglu]

For the garage editor coders:

There are 50 Garages in the game. Each garage position, details, usage information, location in game,
location of door, width, depth and height, direction it looks, coordinates of lower left corner, and
upper right corner, if it is usable by the player, which property (safe house) it belongs, number of
cars that can be parked into, the door state (closed, opening, open and closing) is found in the
garage object of 212 bytes. The memory location where the garages start in the exe I use is:
0x96C048 (I am using non-patched original v1.0 german exe with english language option selected, and
original scm file.) The next garage is at 0xD4 offset, so on 0x96C120

Here is the offsets that I was able to figure out by now:
0 Float, X Coord of the Garage Lower Left corner
4 Float, Y Coord of the Garage Lower Left corner
8 Float, Z Coord of the Garage Lower Left corner
12 Float, X Value of direction vector 1
16 Float, Y Value of direction vector 1
20 Float, X Value of direction vector 2
24 Float, Y Value of direction vector 2
28 Float, Top Z Coord of the garage (TopZCoord - ZCoord = Garage Height)
32 Float, Normalized Width of the garage
36 Float, Normalized Depth of the garage
40 Float, Left Border (X) corrdinate
44 Float, Right Border (X) corrdinate
48 Float, Front Border (Y) corrdinate
52 Float, Back Border (Y) corrdinate
77 Byte, Garage Door State: 0:closed 1:open 2:opening 3:closing

The direction vector 3 is completely left out, I think because the garages are always even to the ground.
I think that is also why the Z values of the direction vectors are also left-out.

I have not yet checked all garages. But some of the known adresses are:
0x96C480 El Corona
0x96C7E0 Johnson House
0x96CB40 Santa Maria Beach
0x96CC18 Mulholland

The contents of the garages are also in the memory in almost the same manner. Like 0x96ABD8 is the 60 Bytes info
block start of the first car parked in Johnson House garage. First 12 bytes are (Float) location matrix (XYZ),
Offset 14 (Word) is BPDPEPFP coding, Offset 16 (Word) is CarID, Offset 20 to 44 is DWords, with tuning info.
I am now working on the details. I will soon finish and post the complete car parking information.

This post has been edited by saracoglu on Thursday, Jun 16 2005, 19:49

[jacob.]

QUOTE

By the way, how do you 'spawn' a car?

I was talking about teleporting a car the player is already in, which in that case you can use the same method of teleporting players on foot.

But for a vehicle your not in, I'd imagine it'd go something like this..
It must first be created somewhere in the game, then its just a matter of finding its pointer. You should be able to do this similiar to GameGetVehicle, just start from the base car pointer and add (index * carblocksize).
Then it's (vehicle+20)+0x30=x, +0x34=y, +0x38=z.. unless the xyz structure is different for vehicles.

[saracoglu]

An idea to spawn a car would be to copy current and known car pointers around player, trigger the car spawn cheat, and compare them with the pointers after car spawn cheat to find the actual pointer. This would however spawn only one type of car. Grabbing the nearest available car and bringing it to user will also result in spawning a random car. We should check the car spawn cheat trigger and see if it is internally so coded that it accepts a CarID to spawn. Because then, we can just trigger the cheat with the desired ID, and not bother about bringing it to the user (with the cheat, the car gets spawned on nearest valid road location).

I am using several methods for controlling the car the user is in (or was in), from flight assistance to changing or fixing speed, spin, flipping car, locking doors, repairing wheel and other damage, changing car colors, etc.
If you have ever used my old GTA3 Admin Console you would remember how it works in game. I am currently working on upgrading the trainer to GTA SA. The User and Car Controls are already OK. After I finish the garage coding (you will be able to not only park cars/bikes/etc in garages and set DPBPEPFP, but also tune them, and give them NOS etc. as well), I will happily announce the beta version and ask for testers. The console does not change anything on the game files or functionality of gta_sa.exe, but overrides memory locations with the wanted values. So it is safe to use it without crashes etc.

Alper

This post has been edited by saracoglu on Friday, Jun 17 2005, 10:20

[DracoBlue]

I searched for some also, because it was a bit difficult to read and edit things (in this board) so I put all the collected data in the Wiki @ http://GTADB.tk/Memory_adresses_San_Andreas

Please adjust when you find a failure or something is missing.

See you,

[JernejL]

QUOTE (DracoBlue @ Jun 17 2005, 12:00)

so I put all the collected data in the Wiki

that is no excuse, there is no problem of posting addresses here, and if you
were at that you could post them on gtamemory: http://www.gtaconnection.net/gtamemory/
which was mentioned in vc adresses topic.

share your things here, on this forum rather than redirect traffic to your site..

[Squiddy]

0xBA6748

+ 0x15D - BYTE Current Menu ID
+ 0x78D - BYTE Show menu item hover
+ 0x54 - DWORD Selected menu item

+ 0xE9 - BYTE Main menu switch (startup menu/menu when playing)
+ 0x84 - DWORD language
+ 0x15F - BYTE selected savegame
+ 0x24 - DWORD radar mode

+ 0x64 - FLOAT map zoom
+ 0x68 - FLOAT map x position
+ 0x6C - FLOAT map y position

+ 0x5C - BYTE Player in menu?

Menu IDs: http://squiddy.marway.org/gta/sanandreas/prv/menu.txt