I was moving the phone/police block. Model 163 and 21. But it moved only along z. I also tried to turn. Without changes. Maybe the object somewhere on the sprite where the rewritten coordinates are stored.Sektor wrote:They're not read only but maybe something else has to change to trigger the game to redraw. If you try with an animated object like a rocket, it should update instantly.
GTA2 memory addresses
Re: GTA2 memory addresses
Re: GTA2 memory addresses
Changing x and y works in an SCR script, even on a phone.
[mis]
PLAYER_PED p1 = (136.50, 149.50, 2.00) 25 0
OBJ_DATA object1
OBJ_DATA object2
COUNTER in
COUNTER out
COUNTER true = 1
COUNTER x
COUNTER x2
COUNTER y
COUNTER z
LEVELSTART
object1 = CREATE_OBJ (137.5, 149.5, 2.0) 0 phone END
object2 = CREATE_OBJ (137.5, 149.5, 2.0) 0 phone END
WHILE_EXEC ( true = 1 )
GIVE_WEAPON (p1,ROCKET_LAUNCHER)
//IF (IS_CHAR_FIRING_ONSCREEN (p1))
//DELETE_ITEM (object1)
//DELETE_ITEM (object2)
object1 = CREATE_OBJ (137.5, 149.5, 2.0) 0 phone END
SET in = (object1+4)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET in = (out+20)
CHANGE_GANG_CHAR_RESPECT (in,x,114)
SET in = (out+24)
CHANGE_GANG_CHAR_RESPECT (in,y,114)
SET in = (out+28)
CHANGE_GANG_CHAR_RESPECT (in,z,114)
/*
object2 = CREATE_OBJ (137.5, 149.5, 2.0) 180 phone END
SET in = (object2+4)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET in = (out+20)
CHANGE_GANG_CHAR_RESPECT (in,x2,114)
SET in = (out+24)
CHANGE_GANG_CHAR_RESPECT (in,y,114)
SET in = (out+28)
CHANGE_GANG_CHAR_RESPECT (in,z,114)
*/
//ENDIF
SET in = (p1+428)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET x = (out+5000)
SET x2 = (out+10000)
SET in = (p1+432)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET y = (out+0)
SET in = (p1+436)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET z = (out+0)
ENDWHILE
LEVELEND
[/mis]
[mis]
PLAYER_PED p1 = (136.50, 149.50, 2.00) 25 0
OBJ_DATA object1
OBJ_DATA object2
COUNTER in
COUNTER out
COUNTER true = 1
COUNTER x
COUNTER x2
COUNTER y
COUNTER z
LEVELSTART
object1 = CREATE_OBJ (137.5, 149.5, 2.0) 0 phone END
object2 = CREATE_OBJ (137.5, 149.5, 2.0) 0 phone END
WHILE_EXEC ( true = 1 )
GIVE_WEAPON (p1,ROCKET_LAUNCHER)
//IF (IS_CHAR_FIRING_ONSCREEN (p1))
//DELETE_ITEM (object1)
//DELETE_ITEM (object2)
object1 = CREATE_OBJ (137.5, 149.5, 2.0) 0 phone END
SET in = (object1+4)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET in = (out+20)
CHANGE_GANG_CHAR_RESPECT (in,x,114)
SET in = (out+24)
CHANGE_GANG_CHAR_RESPECT (in,y,114)
SET in = (out+28)
CHANGE_GANG_CHAR_RESPECT (in,z,114)
/*
object2 = CREATE_OBJ (137.5, 149.5, 2.0) 180 phone END
SET in = (object2+4)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET in = (out+20)
CHANGE_GANG_CHAR_RESPECT (in,x2,114)
SET in = (out+24)
CHANGE_GANG_CHAR_RESPECT (in,y,114)
SET in = (out+28)
CHANGE_GANG_CHAR_RESPECT (in,z,114)
*/
//ENDIF
SET in = (p1+428)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET x = (out+5000)
SET x2 = (out+10000)
SET in = (p1+432)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET y = (out+0)
SET in = (p1+436)
CHANGE_GANG_CHAR_RESPECT (in,out,104)
SET z = (out+0)
ENDWHILE
LEVELEND
[/mis]
Re: GTA2 memory addresses
Is it the creation of a new object or movement of the same? You can look at the sample code.
Re: GTA2 memory addresses
My script creates new phone at the same coordinates and then moves that phone.
Re: GTA2 memory addresses
It is necessary to create out of cycle 1 the phone, after moving it in a cycle. Is it moving (not re-creating models)?Sektor wrote:My script creates new phone at the same coordinates and then moves that phone. That might make a difference.
Re: GTA2 memory addresses
I tested trying to move without creating a new object but it doesn't move x and y, I don't know why.
Re: GTA2 memory addresses
That's what I wrote about it. Coordinates x, y, rotation in the object is read-only. Yes, you might need a trigger that involves redrawing the object. But the coordinate z exclusion it changes when the animation is turned on (the object becomes higher than other objects - I noticed it when the phone call was turned on).Sektor wrote:I tested trying to move without creating a new object but it doesn't move x and y, I don't know why.
Added:
The same thing I noticed happening to a car when it is devoid of physics (hanging in air) Its coordinates can not be changed. Conclusion: objects are devoid of physics because they themselves do not redraw.
Re: GTA2 memory addresses
Sector, do you have an address for e.GXT? similar to this http://gtamp.com/forum/viewtopic.php?f=4&t=1124#p10549
Re: GTA2 memory addresses
Does anyone have an working address for check the player's arrest (busted)?
Re: GTA2 memory addresses
Hello Sector.
Year ago or so, I asked about strafe movement and mouse look, at gtaforum site. (https://gtaforums.com/topic/893793-)
Can we expect some new info about it?
There are few posts here and there, where users say it's possible. Also you mentioned that we can ask about it @robotanarchy, but seems like GTA2HR is abandoned for now.
Year ago or so, I asked about strafe movement and mouse look, at gtaforum site. (https://gtaforums.com/topic/893793-)
Can we expect some new info about it?
There are few posts here and there, where users say it's possible. Also you mentioned that we can ask about it @robotanarchy, but seems like GTA2HR is abandoned for now.
Re: GTA2 memory addresses
Dege made a MISI mod/script that supports strafing with a gamepad. You could ask for mouse support or use a mouse to joystick emulator.TempUser_ wrote:Hello Sector.
Year ago or so, I asked about strafe movement and mouse look, at gtaforum site. (https://gtaforums.com/topic/893793-)
Can we expect some new info about it?
There are few posts here and there, where users say it's possible. Also you mentioned that we can ask about it @robotanarchy, but seems like GTA2HR is abandoned for now.
Link: http://gtamp.com/forum/viewtopic.php?f=4&t=1150
Re: GTA2 memory addresses
Hi TempUser_ as Sektor said I already implemented strafe controls like the ones in hotline miami (but for an XBOX controller), I was trying to make a standalone ASI for the mod to separate it from MISI as much as possible, but I'll release what I got in the next week if you want to fiddle with the codeSektor wrote:Dege made a MISI mod/script that supports strafing with a gamepad. You could ask for mouse support or use a mouse to joystick emulator.TempUser_ wrote:Hello Sector.
Year ago or so, I asked about strafe movement and mouse look, at gtaforum site. (https://gtaforums.com/topic/893793-)
Can we expect some new info about it?
There are few posts here and there, where users say it's possible. Also you mentioned that we can ask about it @robotanarchy, but seems like GTA2HR is abandoned for now.
Link: http://gtamp.com/forum/viewtopic.php?f=4&t=1150
For a mouse aim I can try to look at it this summer but I can't promise anything because I haven't so much time.
The things to do are: implementing mouse input, then detecting the mouse position relative to the player, the rest of the code is already in place.
PS: your link is broken, I think that you're referring to this thread https://gtaforums.com/topic/893793-gta2 ... e-lookaim/ I looked at it before the start of the development of my mod looking for something ready to use
Re: GTA2 memory addresses
Anyone had luck with damaging a specific car by command / increasing the damage level?Sektor wrote:byte cardamage=carstruct+75h (0 = 0% damage, 125 = 100% damage). You can make wrecks drivable by changing this.
word carid=carstruct+6Ch
This will change the car ID to the car damage
[mis]
COUNTER cardamageaddress
COUNTER cardamagevalue
COUNTER caridaddress
SET cardamageaddress=(p1car+117)
CHANGE_GANG_CHAR_RESPECT (cardamageaddress, cardamagevalue, 104)
SET caridaddress=(p1car+108)
CHANGE_GANG_CHAR_RESPECT (caridaddress, cardamagevalue, 112)[/mis]
Having control over the damage sprites would also be nice.
Re: GTA2 memory addresses
Hi guys, this is a very old thread, but since we have "Ghidra" tool, now, the reverse engineering process goes to the new level.
I will keep posted here my progress if you are interested.
Let's begin from something fun, from cheats.
The GTA is using a kind of `hash` function to check if cheat applied.
The function located at: 004590f0, signature: `void ApplyCheats(void *ptr,WCHAR *profileName,wchar_t *param_3)`,
What is *ptr, I didn't reversed yet.
The hash function is very simple, here is JavaScript remake of it:
If you are using Chrome, type F12 then go to "Console" tab then run this code, you will see the table of codes.
Since the hash function is very simple, "GAOLLOT", "HHUBEMAN", "BARFXSEK", "BSEKHACK" all of those, for example, will give you "0x45118", so they will apply the same cheat.
There are an interesting segment on the end of the function, some unknown cheat with hash 0x49c76.
I'll make a `rainbow hash` for it in the evening.
I will keep posted here my progress if you are interested.
Let's begin from something fun, from cheats.
The GTA is using a kind of `hash` function to check if cheat applied.
The function located at: 004590f0, signature: `void ApplyCheats(void *ptr,WCHAR *profileName,wchar_t *param_3)`,
What is *ptr, I didn't reversed yet.
Code: Select all
if (lengthOfName != 0) {
do {
hash = hash + (int)str[n] * CHEATS_CODE[n];
n = n + 1;
} while (n < lengthOfName);
if (hash == GOURANGA) {
*(undefined *)((int)ptr + 0xc9cd) = 1;
eqTo9IfCheatsAreApplied = 9;
return;
}
}
Code: Select all
(()=>{
function gtaCheatHash(str) {
const table = [ 0x33D, 0x2F9, 0x17, 0x281, 0x2B, 0x329, 0x2A5, 0xBF ];
str = str.substr(0, 8);
let hash = 0;
for(let n=0;n<str.length;n++) {
hash += str.charCodeAt(n) * table[n]
}
return `0x${hash.toString(16)}`;
}
let cheats = ['GOURANGA', 'GOREFEST', 'MADEMAN', 'EATSOUP', 'CUTIE1', 'ARSESTAR', 'DANISGOD', 'MUCHCASH', 'IAMDAVEJ', 'SEGARULZ', 'COCKTART', 'DAVEMOON', 'GODOFGTA', 'VOLTFEST', 'FLAMEON', 'SCHURULZ', 'RSJABBER', 'HUNSRUS', 'BUCKFAST', 'NEKKID', 'LASVEGAS', 'FISHFLAP', 'UKGAMER', 'TUMYFROG', 'GAOLLOT', 'HHUBEMAN', 'BARFXSEK', 'BSEKHACK', 'JAILBAIT', 'GINGERR'];
let res = cheats.map(str=>({str, hash: gtaCheatHash(str)}))
console.table(res);
})();
Since the hash function is very simple, "GAOLLOT", "HHUBEMAN", "BARFXSEK", "BSEKHACK" all of those, for example, will give you "0x45118", so they will apply the same cheat.
There are an interesting segment on the end of the function, some unknown cheat with hash 0x49c76.
Code: Select all
if (hash == 0x49c76) {
uVar2 = 0;
relToCheats4 = relToCheats4 == false;
uVar1 = 1;
}
else {
if (hash != TUMYFROG) {
if (hash == SCHURULZ) {
CHEAT_SCHURULZ = CHEAT_SCHURULZ == 0;
eqTo9IfCheatsAreApplied = 9;
return;
}
if (hash != HUNSRUS) {
if (hash != FISHFLAP) {
return;
}
relToCheats = relToCheats == 0;
eqTo9IfCheatsAreApplied = 9;
return;
}
relToCheats2 = relToCheats2 == 0;
eqTo9IfCheatsAreApplied = 9;
return;
}
relToCheats3 = relToCheats3 == false;
FUN_004a8b00();
uVar2 = 2;
uVar1 = 2;
}
Make GTA Great Again: https://discord.gg/H7tBftD
Re: GTA2 memory addresses
Here is a rainbow hash generator on JavaScript for generating alternative cheat codes.
For example, you can type "GOURANGA" or you can type "UFEVIVE", "UUNOBAT", "MNEQXYF", "OWDRCNG", "EXMSNTI" or "TXEPRBO" with the same effect...
BTW "OTIRWUD" will apply the secret un-document cheat from the previous post. Crime sound is played but I have no idea what this cheat are doing...
For example, you can type "GOURANGA" or you can type "UFEVIVE", "UUNOBAT", "MNEQXYF", "OWDRCNG", "EXMSNTI" or "TXEPRBO" with the same effect...
BTW "OTIRWUD" will apply the secret un-document cheat from the previous post. Crime sound is played but I have no idea what this cheat are doing...
Code: Select all
(()=>{
let t = {
"0x49362": "GOURANGA",
"0x484df": "GOREFEST",
"0x41611": "MADEMAN",
"0x4657b": "EATSOUP",
"0x33a69": "CUTIE1",
"0x47af1": "ARSESTAR",
"0x44d2f": "DANISGOD",
"0x49a34": "MUCHCASH",
"0x4672d": "IAMDAVEJ",
"0x4a98b": "SEGARULZ",
"0x478a9": "COCKTART",
"0x4639f": "DAVEMOON",
"0x49771": "GODOFGTA",
"0x4da77": "VOLTFEST",
"0x45ec2": "FLAMEON",
"0x4d5c4": "SCHURULZ",
"0x478fb": "RSJABBER",
"0x4b28c": "HUNSRUS",
"0x4878d": "BUCKFAST",
"0x36f62": "NEKKID",
"0x46be8": "LASVEGAS",
"0x45aef": "FISHFLAP",
"0x45b2c": "UKGAMER",
"0x5073d": "TUMYFROG",
"0x45118": "BSEKHACK",
"0x44dee": "JAILBAIT",
"0x45f48": "GINGERR",
"0x49c76": "Mystic secret cheat :)",
};
function gtaCheatHash(str) {
const table = [ 0x33D, 0x2F9, 0x17, 0x281, 0x2B, 0x329, 0x2A5, 0xBF ];
str = str.substr(0, 8);
let hash = 0;
for(let n=0;n<str.length;n++) {
hash += str.charCodeAt(n) * table[n]
}
return `0x${hash.toString(16)}`;
}
function randomString() {
let str = '';
const len = Math.floor(Math.random()*4) + 4;
for(let i=0;i<len;i++) {
str += String.fromCharCode(65 + Math.floor(Math.random()*25));
}
return str;
}
function generate() {
for(let i=0;i<100000;i++) {
let str = randomString();
let hash = gtaCheatHash(str);
if(hash in t) {
console.log(`Found!!! ${str} give hash ${hash}, same as ${t[hash]}`);
return;
}
}
console.log('no luck');
setTimeout(generate, 1)
}
generate();
})();
Make GTA Great Again: https://discord.gg/H7tBftD
Re: GTA2 memory addresses
If you want to apply cheats in the middle of the game, here is addresses:
Player lives
Death reason
Guns Ammo. A little bit complicated part...
Most easy to set the currently selected gun ammo (ammo value usually should be multiplied by 10 if not SMG gun used)
Ammo is stored in player's guns array, so many pointers are there...
For example ElectroBatton gun have index 7, so to calculate its struct position need to add offset 718+4*7, you will see it in offsets below.
BTW ammo in weapon struct located at #0 this is the reason why I am typing <Offset>0+0</Offset>
Will continue tomorrow.
- GOREFAST - 005ead51
- BUCKFAST - 005ead93
- VOLTFEST - 005ead70
- MADEMAN - 005ead8a
- LASVEGAS - 005ead9f
- NEKKID - 005eada0
- EATSOUP - 005ead84
- DAVEMOON - 005ead6e
- CUTIE1 - 005ead8f
- ARESTAR - 005ead9e
- GODOFGTA - 005ead74
- RSJABBER - 005ead71
- DANISGOD - 005ead97
- COCKTART - 005ead5d
- FLAMEON - 005ead9b
- IAMDAVEJ - 005eada6
- SEGARULZ - 005ead7b
- UKGAMER - 005ead5c
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>9</ID>
<Description>"game > currentSaveSlot -> money"</Description>
<LastState Value="7108" RealAddress="06E8031C"/>
<VariableType>4 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>2d4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>196</ID>
<Description>"game > currentSaveSlot -> moneyMultiplier"</Description>
<LastState Value="1" RealAddress="06E80704"/>
<VariableType>4 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>6bc</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatTable>
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>202</ID>
<Description>"game > currentSaveSlot -> lives -> value"</Description>
<LastState Value="5" RealAddress="06E806CC"/>
<VariableType>4 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>684+0</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatTable>
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>201</ID>
<Description>"game > currentSaveSlot -> deathReason (WASTED0 0, WASTED 1, FRIED 2, NICKED 3, SHOCKED 4)"</Description>
<LastState Value="0" RealAddress="06E8008C"/>
<VariableType>4 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>44</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatTable>
Most easy to set the currently selected gun ammo (ammo value usually should be multiplied by 10 if not SMG gun used)
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>233</ID>
<Description>"game > currentSaveSlot-> ped -> selected weapon > ammo"</Description>
<LastState Value="50" RealAddress="069F68B8"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0</Offset>
<Offset>170</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatTable>
For example ElectroBatton gun have index 7, so to calculate its struct position need to add offset 718+4*7, you will see it in offsets below.
BTW ammo in weapon struct located at #0 this is the reason why I am typing <Offset>0+0</Offset>
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>234</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons arr"</Description>
<LastState Value="003AB4D8" RealAddress="069D0A64"/>
<ShowAsHex>1</ShowAsHex>
<VariableType>4 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
<CheatEntries>
<CheatEntry>
<ID>235</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr"</Description>
<LastState Value="069F6708" RealAddress="003ABBF0"/>
<ShowAsHex>1</ShowAsHex>
<VariableType>4 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>718</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>236</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #0 pistol > ammo"</Description>
<LastState Value="100" RealAddress="069F6708"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0+0</Offset>
<Offset>718+4*0</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>237</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #1 smg > ammo"</Description>
<LastState Value="20" RealAddress="069F6738"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0+0</Offset>
<Offset>718+4*1</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>244</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #2 rocket > ammo"</Description>
<LastState Value="30" RealAddress="069F6768"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0+0</Offset>
<Offset>718+4*2</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>243</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #3 shocker > ammo"</Description>
<LastState Value="10" RealAddress="069F6798"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0+0</Offset>
<Offset>718+4*3</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>245</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #4 molotov > ammo"</Description>
<LastState Value="40" RealAddress="069F67C8"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0+0</Offset>
<Offset>718+4*4</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>246</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #5 grenade > ammo"</Description>
<LastState Value="20" RealAddress="069F67F8"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0+0</Offset>
<Offset>718+4*5</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>247</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #6 shotgun > ammo"</Description>
<LastState Value="40" RealAddress="069F6828"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0+0</Offset>
<Offset>718+4*6</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>248</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #7 ElectroBaton!!!!! > ammo"</Description>
<LastState Value="790" RealAddress="069F6858"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0+0</Offset>
<Offset>718+4*7</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>249</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #8 Flamethrower > ammo"</Description>
<LastState Value="28" RealAddress="069F6888"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0+0</Offset>
<Offset>718+4*8</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>250</ID>
<Description>"game > currentSaveSlot-> ped -> player weapons -> weapons arr -> #9 silenced smg > ammo"</Description>
<LastState Value="50" RealAddress="069F68B8"/>
<VariableType>2 Bytes</VariableType>
<Address>005eb4fc</Address>
<Offsets>
<Offset>0+0</Offset>
<Offset>718+4*9</Offset>
<Offset>15c</Offset>
<Offset>C4</Offset>
<Offset>38</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatTable>
Make GTA Great Again: https://discord.gg/H7tBftD
Re: GTA2 memory addresses
Made DLL and injector for it. My point is not just to read and write memory, I want to be able to modify and extend GTA original functions.
A short video demonstrates injection of DLL into the process, the creation of basic windows with simple controls, then how to move all pedestrian to the player's pedestrian location using native functions of GTA.
Those 3 lines took me so many time...
GTA is using __thiscall pattern, this means that the first argument of the function is passed in ECX and not in the stack via PUSH\POP and the first argument is "this" of course... I do not have "this" in my DLL and cannot use __thiscall, so if I want to call this function I need to use something like:
Basically, it can make what I need but it's looking bad. I want to something more similar to a regular C function call.
The __fastcall pattern fixes the issue, it passing first argument (`this` in my case) in ECX, but the second argument goes to EDX, third and so on goes to stack. I do not have the second argument, so I just not using it, I am always passing here 0...
Now the code looking like regular C:
Next, I want to catch user input and maybe hook to direct draw.
Will try to use mouse for rotation of ped and maybe strafing.
A short video demonstrates injection of DLL into the process, the creation of basic windows with simple controls, then how to move all pedestrian to the player's pedestrian location using native functions of GTA.
Code: Select all
typedef Ped* (__fastcall GetFirstPed)(DWORD ptrToPedManager, DWORD edx);
GetFirstPed* fnGetFirstPed = (GetFirstPed*)0x00435530;
Ped *ped = fnGetFirstPed(ptrToPedManager, 0);
GTA is using __thiscall pattern, this means that the first argument of the function is passed in ECX and not in the stack via PUSH\POP and the first argument is "this" of course... I do not have "this" in my DLL and cannot use __thiscall, so if I want to call this function I need to use something like:
Code: Select all
DWORD __declspec(naked) wrapper() {
DWORD ret;
__asm {
mov ecx, ptrToPedManager;
call 0x00435530
mov ret, eax
}
return ret;
}
The __fastcall pattern fixes the issue, it passing first argument (`this` in my case) in ECX, but the second argument goes to EDX, third and so on goes to stack. I do not have the second argument, so I just not using it, I am always passing here 0...
Now the code looking like regular C:
Code: Select all
void MoveAllPeds() {
wchar_t buf[1024];
AddLog(L"MoveAllPeds()");
if (*(DWORD*)ptrToPedManager == 0) {
AddLog(L"ptrToPedManager isn't set. Not in a game probably.");
return;
}
wsprintf(buf, L"ptrToPedManager -> %08X", *(DWORD*)ptrToPedManager);
AddLog(buf);
AddLog(L"Calling to fnGetPedByID(1) to retrive player ped");
Ped* playerPed = fnGetPedByID(1);
wsprintf(buf, L"Player ped -> %08X", playerPed);
AddLog(buf);
if (playerPed->currentCar != NULL) {
AddLog(L"Player in car, can not move peds");
return;
}
Ped* ped = (Ped*)(*(DWORD*)ptrToPedManager + 0x8);
wsprintf(buf, L"First ped in ped manager -> %08X", ped);
AddLog(buf);
for (int i = 1; i < 200; i++) {
if (ped && ped->pedSprite && ped->pedSprite->actualPosition) {
wsprintf(buf, L"Move ped %d to player location", ped->id);
AddLog(buf);
ped->pedSprite->actualPosition->x = playerPed->pedSprite->actualPosition->x;
ped->pedSprite->actualPosition->y = playerPed->pedSprite->actualPosition->y;
}
++ped;
}
}
Will try to use mouse for rotation of ped and maybe strafing.
Make GTA Great Again: https://discord.gg/H7tBftD
Re: GTA2 memory addresses
Great work! I’ve always wanted to call the original functions.
Re: GTA2 memory addresses
Thanks, did you tried ghidra already?
Make GTA Great Again: https://discord.gg/H7tBftD
Re: GTA2 memory addresses
No, I hadn’t really heard about it before. I wouldn’t know how to use it, my disassembly skills and knowledge are very basic.