GTAMP.com

Grand Theft Auto Media Press
It is currently Sat Dec 20, 2014 5:48 am

All times are UTC




Post new topic Reply to topic  [ 26 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: GTA2 memory addresses
PostPosted: Wed Oct 02, 2013 12:28 pm 
Offline
Boss
User avatar

Joined: Tue Mar 04, 2008 6:51 am
Posts: 1099
Location: GTAMP.com
This byte allows instant gang to get in parked cars/stored cars/mission cars. Normally they only get in dummy traffic cars.

p1car+152 // set to 3 to allow instant gang in your car and peds in your taxi, STORE_CAR_CHARACTER_IS_IN sets p1car+152 to 2.

Syntax: [ Download ] [ Hide ]
Using GTA2 Script Syntax Highlighting
CAR_DATA p1car
COUNTER in
COUNTER cargangflag=3

IF (IS_CHARACTER_IN_ANY_CAR(p1))
  STORE_CAR_CHARACTER_IS_IN (p1,p1car)
  GIVE_WEAPON (p1car,CAR_MACHINE_GUN)
  SET in=(p1car+152)
  CHANGE_GANG_CHAR_RESPECT (in,cargangflag,111) // writes the value 3 to the IN memory address, 111 just means write 1 byte
ENDIF
 
Parsed in 0.019 seconds, using GeSHi 1.0.8.10


I need to write documentation for my documentation!

Most of these addresses are in decimal because that's all that GTA2 script supports. A list of addresses in hex would be more useful for most other languages.

coords = x * 16384
6129088 = ped pointer + 20 = x (changing this will move the player)
6766124 = 0 if 1 player and 1 if multiple players
ped pointer + 1AC, ped pointer + 1B0, ped pointer + 1B4 (this is coord, x, y, z stuff)

invisibilty, electrofingers, invulnerability, on fire and more
it's a dword at p1+21Ch
invis is 2000000h, something else is 4000000h
Syntax: [ Download ] [ Hide ]
Using GTA2 Script Syntax Highlighting
COUNTER in
COUNTER out = 33554433 // this is invis/transparency (you need to get in and out of a car to update the ped sprite)
SET in = (p1+540)
CHANGE_GANG_CHAR_RESPECT (in, out, 114)
Parsed in 0.018 seconds, using GeSHi 1.0.8.10


OBJECT postion and rotation:
object + 4 = object pointer
object pointer + 0 = angle (0 to 359) * 4
object pointer + 20 = footy x coord
object pointer + 24 = footy y coord
object coords pointer + 28 = footy z coord

Playercount/number of players in the game
byte [ 23h + dword [5Eb4FC]]
so peek the dword at 5EB4FC, add 23h to it, then use that to peek a byte

Example code:
COUNTER static = 6206716
SET in = (static+0)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET in = (out+35)
CHANGE_GANG_CHAR_RESPECT (in,out,101)

character/ped/player angle//player angle,x,y,z
Pedsprite = peek dword [p1 + 168h] 360
anglepointer = peek dword [pedprite + 80h] 128
peek word [anglepointer]
peek word [anglepointer] + 20 = x
peek word [anglepointer] + 24 = y
peek word [anglepointer] + 28 = z

Example code:
SET in = (p1+360)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET in = (out+128)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET in = (out+20) //read x
CHANGE_GANG_CHAR_RESPECT (in,out,104)

vehicle coords
p1car + 88 = car pointer + 48 = car X
p1car + 88 = car pointer + 52 = car Y
p1car + 88 = car pointer + 108 = car Z // if you want Z adjust immediately then it must increase by 8192

camera/zoom
SET in = (p+428)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET x = (out+0)

SET in = (p+432)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET y = (out+0)

SET in = (p+436)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET z = (out+0) //zoooooooooooooom

read input/keyboard
vikeplayer = peek dword [p1 + 15C] , 348

SET in = (p+348)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET in = (out+129)
CHANGE_GANG_CHAR_RESPECT (in,out,101)
IF (out=1)
EXPLODE (p)
ENDIF

ppp = player ped pointer
SET in=(out+112) // Up numpad (only in debug mode)
SET in=(out+113) // Down numpad (only in debug mode)
SET in=(out+114) // Left numpad (only in debug mode)
SET in=(out+115) // Right numpad (only in debug mode)
SET in=(out+116) // Home numpad (only in debug mode)
SET in=(out+117) // PageUp numpad (only in debug mode)
SET in=(out+118) // PageDown (only in debug mode)
SET in=(out+119) // PageUp (only in debug mode)
SET in=(out+120) //[ppp+78h] up pressed
SET in=(out+121) //[ppp+79h] down pressed
SET in=(out+122) //[ppp+7Ah] left pressed
SET in=(out+123) //[ppp+7Bh] right pressed
SET in=(out+124) //[ppp+7Ch] shoot pressed
SET in=(out+125) //[ppp+7Dh] bool: "hop in car" is pressed
SET in=(out+126) //[ppp+7Eh] brake/jump
SET in=(out+127) //[ppp+7Fh] "prev weapon" pressed
SET in=(out+128) //[ppp+80h] "next weapon" pressed
SET in=(out+129) //[ppp+81h] bool: special is pressed
SET in=(out+130) //[ppp+82h] bool: special 2 is pressed
SET in=(out+131) //[ppp+84h] bool: special has changed state
SET in=(out+133) // special (horn/furp)
SET in=(out+134) // right shift
SET in=(out+135) // next weapon
SET in=(out+136) // prev weapon
SET in=(out+137) //[ppp+89h]bool: "hop in car" has changed state
SET in=(out+138) // brake/jump
SET in=(out+139) // up
SET in=(out+140) // down
SET in=(out+141) // fire


Top
 Profile  
 
PostPosted: Wed Oct 02, 2013 12:40 pm 
Offline
User avatar

Joined: Fri Jan 29, 2010 3:00 pm
Posts: 898
Location: F21B3EED
Finally!

Sektor wrote:
I just found the byte that allows instant gang to get in parked cars or stored cars. Normally they only get in dummy cars.

Does it actually allow that on purpose, or is it just a side effect? That said, these kind of hacks might end up very buggy scripts if we adjust something we dont fully understand.

_________________
My GTA2 related projects:


Top
 Profile  
 
PostPosted: Wed Oct 02, 2013 12:50 pm 
Offline
Boss
User avatar

Joined: Tue Mar 04, 2008 6:51 am
Posts: 1099
Location: GTAMP.com
T.M. wrote:
Does it actually allow that on purpose, or is it just a side effect? That said, these kind of hacks might end up very buggy scripts if we adjust something we dont fully understand.

It looks harmless, I located that byte for this purpose. It makes sense that there is a byte that stores whether a car is a parked car, dummy car or mission car. I don't know if they blocked instant gang from entering mission cars on purpose. It might have been an accident since instant gang isn't used on the official singleplayer scripts.

I'm trying to figure out what the other car bytes do.


Top
 Profile  
 
PostPosted: Tue Dec 10, 2013 7:35 pm 
Offline
Boss
User avatar

Joined: Tue Mar 04, 2008 6:51 am
Posts: 1099
Location: GTAMP.com
Uh oh, I've been attemping C/C++. Some addresses that I might use for statistics and leaderboards.

LPVOID fraglimit_addr = (void*)0x5EC4AC;
LPVOID p1kills_addr = (void*)0x5EC4BA;
LPVOID p2kills_addr = (void*)0x5EC4C4;
LPVOID p3kills_addr = (void*)0x5EC4CE;
LPVOID p4kills_addr = (void*)0x5EC4D8;
LPVOID p5kills_addr = (void*)0x5EC4E2;
LPVOID p6kills_addr = (void*)0x5EC4EC;
LPVOID p1frags_addr = (void*)0x5EC500;
LPVOID p2frags_addr = (void*)0x5EC502;
LPVOID p3frags_addr = (void*)0x5EC504;
LPVOID p4frags_addr = (void*)0x5EC506;
LPVOID p5frags_addr = (void*)0x5EC508;
LPVOID p6frags_addr = (void*)0x5EC50A;
LPVOID p1name_addr = (void*)0x5EC524;
LPVOID p2name_addr = (void*)0x5EC544;
LPVOID p3name_addr = (void*)0x5EC564;
LPVOID p4name_addr = (void*)0x5EC584;
LPVOID p5name_addr = (void*)0x5EC5A4;
LPVOID p6name_addr = (void*)0x5EC5C4;
LPVOID gmp_addr = (void*)0x5EC075;
LPVOID sty_addr = (void*)0x5EC175;
LPVOID scr_addr = (void*)0x5EC275;
LPVOID mmp_addr = (void*)0x673E30;


Top
 Profile  
 
PostPosted: Wed Dec 11, 2013 2:20 am 
Offline
Jaywalker

Joined: Sat Oct 26, 2013 11:01 pm
Posts: 8
How about timer address?


Top
 Profile  
 
PostPosted: Wed Dec 11, 2013 9:27 am 
Offline
User avatar

Joined: Fri Jan 29, 2010 3:03 pm
Posts: 849
Sektor wrote:
Uh oh, I've been attemping C/C++. Some addresses that I might use for statistics and leaderboards.

LPVOID fraglimit_addr = (void*)0x5EC4AC;
LPVOID p1kills_addr = (void*)0x5EC4BA;
LPVOID p2kills_addr = (void*)0x5EC4C4;
...


Nice! I tried some of them in CheatEngine and they work. p1kills_addr etc. are 2 byte type. Funny thing is that cheating is also very easy now, but the other can see that you cheated because the score does not add up.

_________________
"Only Silky Milky implants by Zaibatsu feel and taste like the real thing."


Top
 Profile  
 
PostPosted: Wed Dec 11, 2013 9:42 am 
Offline
Boss
User avatar

Joined: Tue Mar 04, 2008 6:51 am
Posts: 1099
Location: GTAMP.com
Cuban-Pete wrote:
Nice! I tried some of them in CheatEngine and they work. p1kills_addr etc. are 2 byte type. Funny thing is that cheating is also very easy now, but the other can see that you cheated because the score does not add up.

I used Cheat Engine to find these addresses. Most should be 2 bytes but I think fraglimit is 4 bytes. I read 32 bytes for the player names and filenames but they might be longer.

Changing these locally won't give you any multiplayer advantages, it will just cause desyncs.

Krassandra wrote:
How about timer address?

Which timer? I'll find all the multiplayer settings.


Top
 Profile  
 
PostPosted: Wed Dec 11, 2013 3:11 pm 
Offline
Mugger
User avatar

Joined: Mon Dec 09, 2013 12:08 pm
Posts: 14
Location: Romania
Sektor, does this work in multiplayer too ?

_________________


Top
 Profile  
 
PostPosted: Wed Dec 11, 2013 4:15 pm 
Offline
Boss
User avatar

Joined: Tue Mar 04, 2008 6:51 am
Posts: 1099
Location: GTAMP.com
roarke wrote:
Sektor, does this work in multiplayer too ?

It depends what you mean by work. You can read them fine in multiplayer but for writing you would need to change the addresses on every computer playing or it would cause a desync.

None of these addresses will change what is displayed on screen during the game since those have their own addresses. You might see the changes on the final results screen but it won't match what others see.


Top
 Profile  
 
PostPosted: Wed Dec 11, 2013 4:15 pm 
Offline
User avatar

Joined: Fri Jan 29, 2010 3:00 pm
Posts: 898
Location: F21B3EED
Cuban-Pete wrote:
Sektor wrote:
Uh oh, I've been attemping C/C++. Some addresses that I might use for statistics and leaderboards.

LPVOID fraglimit_addr = (void*)0x005EC4AC;
LPVOID p1kills_addr = (void*)0x005EC4BA;
LPVOID p2kills_addr = (void*)0x005EC4C4;
...


Nice! I tried some of them in CheatEngine and they work. p1kills_addr etc. are 2 byte type. Funny thing is that cheating is also very easy now, but the other can see that you cheated because the score does not add up.

Finally a convenient way for old people to play this game without learning all the chea... tricks! (or should i say "features"). Thanks Sektor! 8-)

_________________
My GTA2 related projects:


Top
 Profile  
 
PostPosted: Tue Oct 28, 2014 2:38 pm 
Offline
User avatar

Joined: Sun Apr 15, 2012 8:26 am
Posts: 335
Can we script invisible bots with this script?

_________________
Galactic Boy


Top
 Profile  
 
PostPosted: Fri Nov 14, 2014 1:09 pm 
Offline
Boss
User avatar

Joined: Tue Mar 04, 2008 6:51 am
Posts: 1099
Location: GTAMP.com
I can make peds cloaked/transparent but I don't know how to make them completely invisible.

robotanarchy documented a player movement input address:

0x5ecacc

// movement bits, as ORed together in GTA2 memory
// reverse engineered by robotanarchy
#define GTA2_CTRL_NOT_MOVING 0
#define GTA2_CTRL_FORWARD 1
#define GTA2_CTRL_BACKWARD 2
#define GTA2_CTRL_LEFT 4
#define GTA2_CTRL_RIGHT 8
#define GTA2_CTRL_ATTACK 16
#define GTA2_CTRL_ENTER_EXIT 32
#define GTA2_CTRL_JUMP_HANDBRAKE 64
#define GTA2_CTRL_WEAPON_PREV 128
#define GTA2_CTRL_WEAPON_NEXT 256
#define GTA2_CTRL_SPECIAL_1 512
#define GTA2_CTRL_SPECIAL_2 1024

GTA2 script example:
Syntax: [ Download ] [ Hide ]
Using GTA2 Script Syntax Highlighting
COUNTER keys = 16 // fire weapon
COUNTER input = 6212300 // 0x5ecacc
CHANGE_GANG_CHAR_RESPECT ( input, keys, 112 ) // CHANGE_GANG_CHAR_RESPECT is a special command that can read/write memory
Parsed in 0.018 seconds, using GeSHi 1.0.8.10


That will make ALL players fire their weapon


Top
 Profile  
 
PostPosted: Sat Nov 15, 2014 9:14 am 
Offline
Boss
User avatar

Joined: Tue Mar 04, 2008 6:51 am
Posts: 1099
Location: GTAMP.com
dword ptr [0x66A3B4] + word 0x44 = p1 angle/rotation


Top
 Profile  
 
PostPosted: Mon Nov 17, 2014 10:41 am 
Offline
User avatar

Joined: Wed Mar 17, 2010 4:07 am
Posts: 408
Location: Wales, UK
Could this (or some other memory address) also be used to allow groups following the player to get on and off trains? Currently they don't (and never have).

Speaking of trains, you know at each station the train carriages seems to spawn its own peds even if none got on the previous station? I'm guessing that can possibly be changed also... all we need now is just a load of Elvis's jumping off the train! 8-)

_________________


Top
 Profile  
 
PostPosted: Mon Nov 17, 2014 1:01 pm 
Offline
Boss
User avatar

Joined: Tue Mar 04, 2008 6:51 am
Posts: 1099
Location: GTAMP.com
I tried changing p1car+152 to 3 while on a train but my gang still couldn't get in. There must be some other check for trains.

I have the code for changing any random ped to an Elvis or any remap but you will see them change remap. There must be a way to choose their remap before they are created but I haven't looked for that memory location.

You can use CREATE_CHAR_INSIDE_CAR and ORDER_DRIVER_OUT_CAR on a train to make custom peds jump out.


Top
 Profile  
 
PostPosted: Mon Nov 17, 2014 6:21 pm 
Offline
User avatar

Joined: Wed Mar 17, 2010 4:07 am
Posts: 408
Location: Wales, UK
Sektor wrote:
You can use CREATE_CHAR_INSIDE_CAR and ORDER_DRIVER_OUT_CAR on a train to make custom peds jump out.


Interesting, but I thought that trains / carriages didn't have 'names', other than station names declared in map and script? Or are you using STORE_CAR_CHARACTER_IS_IN first? Maybe a code example might be useful here or in code snippits.

Looking at these makes me realise how long I've not done any GTA2 scripting for!

_________________


Top
 Profile  
 
PostPosted: Mon Nov 17, 2014 10:50 pm 
Offline
Boss
User avatar

Joined: Tue Mar 04, 2008 6:51 am
Posts: 1099
Location: GTAMP.com
Does that mean you never saw Grand Theft Loco? You can use STORE_CAR_CHARACTER_IS_IN but Jones and I figured out how to reference any random ped/vehicle. Last page of the GTA Loco topic has code.


Top
 Profile  
 
PostPosted: Tue Nov 18, 2014 11:17 am 
Offline
User avatar

Joined: Wed Mar 17, 2010 4:07 am
Posts: 408
Location: Wales, UK
Ah very nice, I think I saw it a good while ago but forgot about it.

_________________


Top
 Profile  
 
PostPosted: Tue Nov 18, 2014 12:49 pm 
Offline
User avatar

Joined: Wed Mar 17, 2010 4:07 am
Posts: 408
Location: Wales, UK
I forgot to ask actually, do you think this stuff would control how 'tough' a ped is?

For example, a normal game created ped can be killed with 1 pistol shot (as can police with 1 wanted level) whereas SWAT/FBI guys are significantly tougher. I always assumed it was modified by their character type but no matter what you set it to they all seem to be the same for script-created characters. I'm guessing 'game created' peds (peds, police, SWAT, FBI etc) have their own 'toughness' somewhere?

_________________


Top
 Profile  
 
PostPosted: Wed Nov 19, 2014 3:25 am 
Offline
Boss
User avatar

Joined: Tue Mar 04, 2008 6:51 am
Posts: 1099
Location: GTAMP.com
This script sets p1 health to 200%. You could use it on any ped.
Syntax: [ Download ] [ Hide ]
Using GTA2 Script Syntax Highlighting
COUNTER address
COUNTER health=200
SET address=(p1+534) //health
CHANGE_GANG_CHAR_RESPECT (address, health, 112)
 
Parsed in 0.018 seconds, using GeSHi 1.0.8.10

word pedstruct + 216h = health

FBI and SWAT either have more health than 100 or they have armour. I don't have the memory address for armour.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 26 posts ]  Go to page 1, 2  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group