GTA2 memory addresses

Anything to do with GTA1/GTA2 modding (tools, scripts and more).
Logofero
Serial Killer
Serial Killer
Posts: 258
Joined: 09 Dec 2015, 14:18
GH nick: Logofero

Re: GTA2 memory addresses

Post by Logofero » 16 Mar 2018, 22:12

Sektor wrote:They're not read only but maybe something else has to change to trigger the game to redraw. If you try with an animated object like a rocket, it should update instantly.
I was moving the phone/police block. Model 163 and 21. But it moved only along z. I also tried to turn. Without changes. Maybe the object somewhere on the sprite where the rewritten coordinates are stored.

User avatar
Sektor
Boss
Boss
Posts: 1369
Joined: 04 Mar 2008, 06:51
GH nick: Sektor
Location: GTAMP.com
Contact:

Re: GTA2 memory addresses

Post by Sektor » 16 Mar 2018, 22:56

Changing x and y works in an SCR script, even on a phone.

Image

[mis]
PLAYER_PED p1 = (136.50, 149.50, 2.00) 25 0

OBJ_DATA object1
OBJ_DATA object2

COUNTER in
COUNTER out
COUNTER true = 1

COUNTER x
COUNTER x2
COUNTER y
COUNTER z


LEVELSTART

object1 = CREATE_OBJ (137.5, 149.5, 2.0) 0 phone END
object2 = CREATE_OBJ (137.5, 149.5, 2.0) 0 phone END

WHILE_EXEC ( true = 1 )

GIVE_WEAPON (p1,ROCKET_LAUNCHER)

//IF (IS_CHAR_FIRING_ONSCREEN (p1))
//DELETE_ITEM (object1)
//DELETE_ITEM (object2)
object1 = CREATE_OBJ (137.5, 149.5, 2.0) 0 phone END
SET in = (object1+4)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET in = (out+20)
CHANGE_GANG_CHAR_RESPECT (in,x,114)
SET in = (out+24)
CHANGE_GANG_CHAR_RESPECT (in,y,114)
SET in = (out+28)
CHANGE_GANG_CHAR_RESPECT (in,z,114)

/*
object2 = CREATE_OBJ (137.5, 149.5, 2.0) 180 phone END
SET in = (object2+4)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET in = (out+20)
CHANGE_GANG_CHAR_RESPECT (in,x2,114)
SET in = (out+24)
CHANGE_GANG_CHAR_RESPECT (in,y,114)
SET in = (out+28)
CHANGE_GANG_CHAR_RESPECT (in,z,114)
*/

//ENDIF

SET in = (p1+428)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET x = (out+5000)
SET x2 = (out+10000)

SET in = (p1+432)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET y = (out+0)

SET in = (p1+436)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET z = (out+0)

ENDWHILE

LEVELEND
[/mis]

Logofero
Serial Killer
Serial Killer
Posts: 258
Joined: 09 Dec 2015, 14:18
GH nick: Logofero

Re: GTA2 memory addresses

Post by Logofero » 16 Mar 2018, 23:00

Is it the creation of a new object or movement of the same? You can look at the sample code.

User avatar
Sektor
Boss
Boss
Posts: 1369
Joined: 04 Mar 2008, 06:51
GH nick: Sektor
Location: GTAMP.com
Contact:

Re: GTA2 memory addresses

Post by Sektor » 16 Mar 2018, 23:04

My script creates new phone at the same coordinates and then moves that phone.

Logofero
Serial Killer
Serial Killer
Posts: 258
Joined: 09 Dec 2015, 14:18
GH nick: Logofero

Re: GTA2 memory addresses

Post by Logofero » 16 Mar 2018, 23:11

Sektor wrote:My script creates new phone at the same coordinates and then moves that phone. That might make a difference.
It is necessary to create out of cycle 1 the phone, after moving it in a cycle. Is it moving (not re-creating models)?

User avatar
Sektor
Boss
Boss
Posts: 1369
Joined: 04 Mar 2008, 06:51
GH nick: Sektor
Location: GTAMP.com
Contact:

Re: GTA2 memory addresses

Post by Sektor » 16 Mar 2018, 23:14

I tested trying to move without creating a new object but it doesn't move x and y, I don't know why.

Logofero
Serial Killer
Serial Killer
Posts: 258
Joined: 09 Dec 2015, 14:18
GH nick: Logofero

Re: GTA2 memory addresses

Post by Logofero » 16 Mar 2018, 23:22

Sektor wrote:I tested trying to move without creating a new object but it doesn't move x and y, I don't know why.
That's what I wrote about it. Coordinates x, y, rotation in the object is read-only. Yes, you might need a trigger that involves redrawing the object. But the coordinate z exclusion it changes when the animation is turned on (the object becomes higher than other objects - I noticed it when the phone call was turned on).

Added:

The same thing I noticed happening to a car when it is devoid of physics (hanging in air) Its coordinates can not be changed. Conclusion: objects are devoid of physics because they themselves do not redraw.

Logofero
Serial Killer
Serial Killer
Posts: 258
Joined: 09 Dec 2015, 14:18
GH nick: Logofero

Re: GTA2 memory addresses

Post by Logofero » 21 Mar 2018, 18:13

Sector, do you have an address for e.GXT? similar to this http://gtamp.com/forum/viewtopic.php?f=4&t=1124#p10549

Logofero
Serial Killer
Serial Killer
Posts: 258
Joined: 09 Dec 2015, 14:18
GH nick: Logofero

Re: GTA2 memory addresses

Post by Logofero » 13 Apr 2018, 19:10

Does anyone have an working address for check the player's arrest (busted)?

TempUser_
Ped
Ped
Posts: 1
Joined: 07 Aug 2017, 17:08

Re: GTA2 memory addresses

Post by TempUser_ » 06 Jul 2018, 14:42

Hello Sector.
Year ago or so, I asked about strafe movement and mouse look, at gtaforum site. (https://gtaforums.com/topic/893793-)
Can we expect some new info about it?
There are few posts here and there, where users say it's possible. Also you mentioned that we can ask about it @robotanarchy, but seems like GTA2HR is abandoned for now.

User avatar
Sektor
Boss
Boss
Posts: 1369
Joined: 04 Mar 2008, 06:51
GH nick: Sektor
Location: GTAMP.com
Contact:

Re: GTA2 memory addresses

Post by Sektor » 07 Jul 2018, 01:15

TempUser_ wrote:Hello Sector.
Year ago or so, I asked about strafe movement and mouse look, at gtaforum site. (https://gtaforums.com/topic/893793-)
Can we expect some new info about it?
There are few posts here and there, where users say it's possible. Also you mentioned that we can ask about it @robotanarchy, but seems like GTA2HR is abandoned for now.
Dege made a MISI mod/script that supports strafing with a gamepad. You could ask for mouse support or use a mouse to joystick emulator.

Link: http://gtamp.com/forum/viewtopic.php?f=4&t=1150

Dege
Jaywalker
Jaywalker
Posts: 8
Joined: 04 Apr 2018, 21:06

Re: GTA2 memory addresses

Post by Dege » 08 Jul 2018, 21:39

Sektor wrote:
TempUser_ wrote:Hello Sector.
Year ago or so, I asked about strafe movement and mouse look, at gtaforum site. (https://gtaforums.com/topic/893793-)
Can we expect some new info about it?
There are few posts here and there, where users say it's possible. Also you mentioned that we can ask about it @robotanarchy, but seems like GTA2HR is abandoned for now.
Dege made a MISI mod/script that supports strafing with a gamepad. You could ask for mouse support or use a mouse to joystick emulator.

Link: http://gtamp.com/forum/viewtopic.php?f=4&t=1150
Hi TempUser_ as Sektor said I already implemented strafe controls like the ones in hotline miami (but for an XBOX controller), I was trying to make a standalone ASI for the mod to separate it from MISI as much as possible, but I'll release what I got in the next week if you want to fiddle with the code ;)

For a mouse aim I can try to look at it this summer but I can't promise anything because I haven't so much time.

The things to do are: implementing mouse input, then detecting the mouse position relative to the player, the rest of the code is already in place.

PS: your link is broken, I think that you're referring to this thread https://gtaforums.com/topic/893793-gta2 ... e-lookaim/ I looked at it before the start of the development of my mod looking for something ready to use :D

Rick
Car Jacker
Car Jacker
Posts: 33
Joined: 29 Jan 2012, 18:56
GH nick: Sequential

Re: GTA2 memory addresses

Post by Rick » 08 Feb 2019, 17:28

Sektor wrote:byte cardamage=carstruct+75h (0 = 0% damage, 125 = 100% damage). You can make wrecks drivable by changing this.
word carid=carstruct+6Ch

This will change the car ID to the car damage
[mis]
COUNTER cardamageaddress
COUNTER cardamagevalue
COUNTER caridaddress
SET cardamageaddress=(p1car+117)
CHANGE_GANG_CHAR_RESPECT (cardamageaddress, cardamagevalue, 104)
SET caridaddress=(p1car+108)
CHANGE_GANG_CHAR_RESPECT (caridaddress, cardamagevalue, 112)[/mis]
Anyone had luck with damaging a specific car by command / increasing the damage level?
Having control over the damage sprites would also be nice.

h0x91b
Mugger
Mugger
Posts: 16
Joined: 22 May 2019, 23:08
GH nick: h0x91b

Re: GTA2 memory addresses

Post by h0x91b » 25 May 2019, 10:17

Hi guys, this is a very old thread, but since we have "Ghidra" tool, now, the reverse engineering process goes to the new level.

I will keep posted here my progress if you are interested.

Let's begin from something fun, from cheats.

The GTA is using a kind of `hash` function to check if cheat applied.

The function located at: 004590f0, signature: `void ApplyCheats(void *ptr,WCHAR *profileName,wchar_t *param_3)`,
What is *ptr, I didn't reversed yet.

Code: Select all

    if (lengthOfName != 0) {
      do {
        hash = hash + (int)str[n] * CHEATS_CODE[n];
        n = n + 1;
      } while (n < lengthOfName);
      if (hash == GOURANGA) {
        *(undefined *)((int)ptr + 0xc9cd) = 1;
        eqTo9IfCheatsAreApplied = 9;
        return;
      }
    }
The hash function is very simple, here is JavaScript remake of it:

Code: Select all

(()=>{
  function gtaCheatHash(str) {
    const table = [ 0x33D, 0x2F9, 0x17, 0x281, 0x2B, 0x329, 0x2A5, 0xBF ];
    str = str.substr(0, 8);
    let hash = 0;
    for(let n=0;n<str.length;n++) {
      hash += str.charCodeAt(n) * table[n]
    }
    return `0x${hash.toString(16)}`;
  }

  let cheats = ['GOURANGA', 'GOREFEST', 'MADEMAN', 'EATSOUP', 'CUTIE1', 'ARSESTAR', 'DANISGOD', 'MUCHCASH', 'IAMDAVEJ', 'SEGARULZ', 'COCKTART', 'DAVEMOON', 'GODOFGTA', 'VOLTFEST', 'FLAMEON', 'SCHURULZ', 'RSJABBER', 'HUNSRUS', 'BUCKFAST', 'NEKKID', 'LASVEGAS', 'FISHFLAP', 'UKGAMER', 'TUMYFROG', 'GAOLLOT', 'HHUBEMAN', 'BARFXSEK', 'BSEKHACK', 'JAILBAIT', 'GINGERR'];

  let res = cheats.map(str=>({str, hash: gtaCheatHash(str)}))
  console.table(res);
})();
If you are using Chrome, type F12 then go to "Console" tab then run this code, you will see the table of codes.

Since the hash function is very simple, "GAOLLOT", "HHUBEMAN", "BARFXSEK", "BSEKHACK" all of those, for example, will give you "0x45118", so they will apply the same cheat.

There are an interesting segment on the end of the function, some unknown cheat with hash 0x49c76.

Code: Select all

        if (hash == 0x49c76) {
          uVar2 = 0;
          relToCheats4 = relToCheats4 == false;
          uVar1 = 1;
        }
        else {
          if (hash != TUMYFROG) {
            if (hash == SCHURULZ) {
              CHEAT_SCHURULZ = CHEAT_SCHURULZ == 0;
              eqTo9IfCheatsAreApplied = 9;
              return;
            }
            if (hash != HUNSRUS) {
              if (hash != FISHFLAP) {
                return;
              }
              relToCheats = relToCheats == 0;
              eqTo9IfCheatsAreApplied = 9;
              return;
            }
            relToCheats2 = relToCheats2 == 0;
            eqTo9IfCheatsAreApplied = 9;
            return;
          }
          relToCheats3 = relToCheats3 == false;
          FUN_004a8b00();
          uVar2 = 2;
          uVar1 = 2;
        }
I'll make a `rainbow hash` for it in the evening.
Attachments
Screenshot 2019-05-25 13.09.54.png
Make GTA Great Again: https://discord.gg/H7tBftD

h0x91b
Mugger
Mugger
Posts: 16
Joined: 22 May 2019, 23:08
GH nick: h0x91b

Re: GTA2 memory addresses

Post by h0x91b » 25 May 2019, 20:19

Here is a rainbow hash generator on JavaScript for generating alternative cheat codes.

For example, you can type "GOURANGA" or you can type "UFEVIVE", "UUNOBAT", "MNEQXYF", "OWDRCNG", "EXMSNTI" or "TXEPRBO" with the same effect...

BTW "OTIRWUD" will apply the secret un-document cheat from the previous post. Crime sound is played but I have no idea what this cheat are doing...

Code: Select all

(()=>{
  let t = {
    "0x49362": "GOURANGA",
    "0x484df": "GOREFEST",
    "0x41611": "MADEMAN",
    "0x4657b": "EATSOUP",
    "0x33a69": "CUTIE1",
    "0x47af1": "ARSESTAR",
    "0x44d2f": "DANISGOD",
    "0x49a34": "MUCHCASH",
    "0x4672d": "IAMDAVEJ",
    "0x4a98b": "SEGARULZ",
    "0x478a9": "COCKTART",
    "0x4639f": "DAVEMOON",
    "0x49771": "GODOFGTA",
    "0x4da77": "VOLTFEST",
    "0x45ec2": "FLAMEON",
    "0x4d5c4": "SCHURULZ",
    "0x478fb": "RSJABBER",
    "0x4b28c": "HUNSRUS",
    "0x4878d": "BUCKFAST",
    "0x36f62": "NEKKID",
    "0x46be8": "LASVEGAS",
    "0x45aef": "FISHFLAP",
    "0x45b2c": "UKGAMER",
    "0x5073d": "TUMYFROG",
    "0x45118": "BSEKHACK",
    "0x44dee": "JAILBAIT",
    "0x45f48": "GINGERR",
    "0x49c76": "Mystic secret cheat :)",
  };
  
  function gtaCheatHash(str) {
    const table = [ 0x33D, 0x2F9, 0x17, 0x281, 0x2B, 0x329, 0x2A5, 0xBF ];
    str = str.substr(0, 8);
    let hash = 0;
    for(let n=0;n<str.length;n++) {
      hash += str.charCodeAt(n) * table[n]
    }
    return `0x${hash.toString(16)}`;
  }
  
  function randomString() {
    let str = '';
    const len = Math.floor(Math.random()*4) + 4;
    for(let i=0;i<len;i++) {
      str += String.fromCharCode(65 + Math.floor(Math.random()*25));
    }
    return str;
  }
  
  function generate() {
    for(let i=0;i<100000;i++) {
      let str = randomString();
      let hash = gtaCheatHash(str);
      if(hash in t) {
        console.log(`Found!!! ${str} give hash ${hash}, same as ${t[hash]}`);
        return;
      }
    }
    console.log('no luck');
    setTimeout(generate, 1)
  }
  
  generate();
})();
Attachments
Screenshot 2019-05-25 23.19.21.png
Make GTA Great Again: https://discord.gg/H7tBftD

h0x91b
Mugger
Mugger
Posts: 16
Joined: 22 May 2019, 23:08
GH nick: h0x91b

Re: GTA2 memory addresses

Post by h0x91b » 25 May 2019, 23:54

If you want to apply cheats in the middle of the game, here is addresses:
  • GOREFAST - 005ead51
  • BUCKFAST - 005ead93
  • VOLTFEST - 005ead70
  • MADEMAN - 005ead8a
  • LASVEGAS - 005ead9f
  • NEKKID - 005eada0
  • EATSOUP - 005ead84
  • DAVEMOON - 005ead6e
  • CUTIE1 - 005ead8f
  • ARESTAR - 005ead9e
  • GODOFGTA - 005ead74
  • RSJABBER - 005ead71
  • DANISGOD - 005ead97
  • COCKTART - 005ead5d
  • FLAMEON - 005ead9b
  • IAMDAVEJ - 005eada6
  • SEGARULZ - 005ead7b
  • UKGAMER - 005ead5c
Money and money multiplier

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>9</ID>
      <Description>"game > currentSaveSlot -> money"</Description>
      <LastState Value="7108" RealAddress="06E8031C"/>
      <VariableType>4 Bytes</VariableType>
      <Address>005eb4fc</Address>
      <Offsets>
        <Offset>2d4</Offset>
        <Offset>38</Offset>
      </Offsets>
    </CheatEntry>
    <CheatEntry>
      <ID>196</ID>
      <Description>"game > currentSaveSlot -> moneyMultiplier"</Description>
      <LastState Value="1" RealAddress="06E80704"/>
      <VariableType>4 Bytes</VariableType>
      <Address>005eb4fc</Address>
      <Offsets>
        <Offset>6bc</Offset>
        <Offset>38</Offset>
      </Offsets>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Player lives

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>202</ID>
      <Description>"game > currentSaveSlot -> lives -> value"</Description>
      <LastState Value="5" RealAddress="06E806CC"/>
      <VariableType>4 Bytes</VariableType>
      <Address>005eb4fc</Address>
      <Offsets>
        <Offset>684+0</Offset>
        <Offset>38</Offset>
      </Offsets>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Death reason

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>201</ID>
      <Description>"game > currentSaveSlot -> deathReason (WASTED0 0, WASTED 1, FRIED 2, NICKED 3, SHOCKED 4)"</Description>
      <LastState Value="0" RealAddress="06E8008C"/>
      <VariableType>4 Bytes</VariableType>
      <Address>005eb4fc</Address>
      <Offsets>
        <Offset>44</Offset>
        <Offset>38</Offset>
      </Offsets>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Guns Ammo. A little bit complicated part...

Most easy to set the currently selected gun ammo (ammo value usually should be multiplied by 10 if not SMG gun used)

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>233</ID>
      <Description>"game > currentSaveSlot-> ped -> selected weapon > ammo"</Description>
      <LastState Value="50" RealAddress="069F68B8"/>
      <VariableType>2 Bytes</VariableType>
      <Address>005eb4fc</Address>
      <Offsets>
        <Offset>0</Offset>
        <Offset>170</Offset>
        <Offset>C4</Offset>
        <Offset>38</Offset>
      </Offsets>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Ammo is stored in player's guns array, so many pointers are there...
For example ElectroBatton gun have index 7, so to calculate its struct position need to add offset 718+4*7, you will see it in offsets below.
BTW ammo in weapon struct located at #0 this is the reason why I am typing <Offset>0+0</Offset>

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>234</ID>
      <Description>"game > currentSaveSlot-> ped -> player weapons arr"</Description>
      <LastState Value="003AB4D8" RealAddress="069D0A64"/>
      <ShowAsHex>1</ShowAsHex>
      <VariableType>4 Bytes</VariableType>
      <Address>005eb4fc</Address>
      <Offsets>
        <Offset>15c</Offset>
        <Offset>C4</Offset>
        <Offset>38</Offset>
      </Offsets>
      <CheatEntries>
        <CheatEntry>
          <ID>235</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr"</Description>
          <LastState Value="069F6708" RealAddress="003ABBF0"/>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>718</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>236</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #0 pistol > ammo"</Description>
          <LastState Value="100" RealAddress="069F6708"/>
          <VariableType>2 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>0+0</Offset>
            <Offset>718+4*0</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>237</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #1 smg > ammo"</Description>
          <LastState Value="20" RealAddress="069F6738"/>
          <VariableType>2 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>0+0</Offset>
            <Offset>718+4*1</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>244</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #2 rocket > ammo"</Description>
          <LastState Value="30" RealAddress="069F6768"/>
          <VariableType>2 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>0+0</Offset>
            <Offset>718+4*2</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>243</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #3 shocker > ammo"</Description>
          <LastState Value="10" RealAddress="069F6798"/>
          <VariableType>2 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>0+0</Offset>
            <Offset>718+4*3</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>245</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #4 molotov > ammo"</Description>
          <LastState Value="40" RealAddress="069F67C8"/>
          <VariableType>2 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>0+0</Offset>
            <Offset>718+4*4</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>246</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #5 grenade > ammo"</Description>
          <LastState Value="20" RealAddress="069F67F8"/>
          <VariableType>2 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>0+0</Offset>
            <Offset>718+4*5</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>247</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #6 shotgun > ammo"</Description>
          <LastState Value="40" RealAddress="069F6828"/>
          <VariableType>2 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>0+0</Offset>
            <Offset>718+4*6</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>248</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #7 ElectroBaton!!!!! > ammo"</Description>
          <LastState Value="790" RealAddress="069F6858"/>
          <VariableType>2 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>0+0</Offset>
            <Offset>718+4*7</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>249</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #8 Flamethrower > ammo"</Description>
          <LastState Value="28" RealAddress="069F6888"/>
          <VariableType>2 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>0+0</Offset>
            <Offset>718+4*8</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
        <CheatEntry>
          <ID>250</ID>
          <Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #9 silenced smg > ammo"</Description>
          <LastState Value="50" RealAddress="069F68B8"/>
          <VariableType>2 Bytes</VariableType>
          <Address>005eb4fc</Address>
          <Offsets>
            <Offset>0+0</Offset>
            <Offset>718+4*9</Offset>
            <Offset>15c</Offset>
            <Offset>C4</Offset>
            <Offset>38</Offset>
          </Offsets>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
Will continue tomorrow.
Make GTA Great Again: https://discord.gg/H7tBftD

h0x91b
Mugger
Mugger
Posts: 16
Joined: 22 May 2019, 23:08
GH nick: h0x91b

Re: GTA2 memory addresses

Post by h0x91b » 29 May 2019, 15:36

Made DLL and injector for it. My point is not just to read and write memory, I want to be able to modify and extend GTA original functions.

A short video demonstrates injection of DLL into the process, the creation of basic windows with simple controls, then how to move all pedestrian to the player's pedestrian location using native functions of GTA.


Code: Select all

typedef Ped* (__fastcall GetFirstPed)(DWORD ptrToPedManager, DWORD edx);
GetFirstPed* fnGetFirstPed = (GetFirstPed*)0x00435530;

Ped *ped = fnGetFirstPed(ptrToPedManager, 0);
Those 3 lines took me so many time...
GTA is using __thiscall pattern, this means that the first argument of the function is passed in ECX and not in the stack via PUSH\POP and the first argument is "this" of course... I do not have "this" in my DLL and cannot use __thiscall, so if I want to call this function I need to use something like:

Code: Select all

DWORD __declspec(naked) wrapper() {
  DWORD ret;
  __asm {
    mov ecx, ptrToPedManager;
    call 0x00435530
    mov ret, eax
  }
  return ret;
}
Basically, it can make what I need but it's looking bad. I want to something more similar to a regular C function call.

The __fastcall pattern fixes the issue, it passing first argument (`this` in my case) in ECX, but the second argument goes to EDX, third and so on goes to stack. I do not have the second argument, so I just not using it, I am always passing here 0...

Now the code looking like regular C:

Code: Select all

void MoveAllPeds() {
	wchar_t buf[1024];
	AddLog(L"MoveAllPeds()");
	if (*(DWORD*)ptrToPedManager == 0) {
		AddLog(L"ptrToPedManager isn't set. Not in a game probably.");
		return;
	}
	wsprintf(buf, L"ptrToPedManager -> %08X", *(DWORD*)ptrToPedManager);
	AddLog(buf);

	AddLog(L"Calling to fnGetPedByID(1) to retrive player ped");
	Ped* playerPed = fnGetPedByID(1);

	wsprintf(buf, L"Player ped -> %08X", playerPed);
	AddLog(buf);

	if (playerPed->currentCar != NULL) {
		AddLog(L"Player in car, can not move peds");
		return;
	}

	Ped* ped = (Ped*)(*(DWORD*)ptrToPedManager + 0x8);
	wsprintf(buf, L"First ped in ped manager -> %08X", ped);
	AddLog(buf);

	for (int i = 1; i < 200; i++) {
		if (ped && ped->pedSprite && ped->pedSprite->actualPosition) {

			wsprintf(buf, L"Move ped %d to player location", ped->id);
			AddLog(buf);
			ped->pedSprite->actualPosition->x = playerPed->pedSprite->actualPosition->x;
			ped->pedSprite->actualPosition->y = playerPed->pedSprite->actualPosition->y;
		}
		++ped;
	}
}
Next, I want to catch user input and maybe hook to direct draw.

Will try to use mouse for rotation of ped and maybe strafing.
Make GTA Great Again: https://discord.gg/H7tBftD

User avatar
Sektor
Boss
Boss
Posts: 1369
Joined: 04 Mar 2008, 06:51
GH nick: Sektor
Location: GTAMP.com
Contact:

Re: GTA2 memory addresses

Post by Sektor » 29 May 2019, 16:04

Great work! I’ve always wanted to call the original functions.

h0x91b
Mugger
Mugger
Posts: 16
Joined: 22 May 2019, 23:08
GH nick: h0x91b

Re: GTA2 memory addresses

Post by h0x91b » 29 May 2019, 16:09

Thanks, did you tried ghidra already?
Make GTA Great Again: https://discord.gg/H7tBftD

User avatar
Sektor
Boss
Boss
Posts: 1369
Joined: 04 Mar 2008, 06:51
GH nick: Sektor
Location: GTAMP.com
Contact:

Re: GTA2 memory addresses

Post by Sektor » 29 May 2019, 16:17

No, I hadn’t really heard about it before. I wouldn’t know how to use it, my disassembly skills and knowledge are very basic.

Post Reply