GTA: Modification Area - 

A website for the GTA modding scene


Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» Big-game starts raising Schneider's profile
SA Memory Example Topic EmptySun Mar 04, 2012 2:28 am by lavivi

» [Help] cleo created lighting
SA Memory Example Topic EmptyThu Oct 14, 2010 1:03 am by findmy012

» Mission Question
SA Memory Example Topic EmptyThu Oct 14, 2010 1:02 am by findmy012

» [IV] Spoiler Script
SA Memory Example Topic EmptyThu Oct 14, 2010 1:02 am by findmy012

» Mission mod [help]
SA Memory Example Topic EmptySat Sep 18, 2010 5:50 pm by jayd00

» Bc7 Mod Help
SA Memory Example Topic EmptyFri Aug 20, 2010 11:19 am by pengpeng

» Found a bug
SA Memory Example Topic EmptyFri Dec 18, 2009 4:22 am by _CJ360_

» [IV] Novitec Rosso 599 GTB
SA Memory Example Topic EmptyTue Nov 17, 2009 4:22 pm by Kotton

» Hello/Guidance Request
SA Memory Example Topic EmptyMon Oct 12, 2009 6:45 am by Adler

Affiliates
image

Image

Image

Image

Image

Image

Image

Image

Image

Image

image

Image

steve-m.com

Image


----- Русский -----

Если ваш сайт содержит большую коллекцию SCM/CLEO-скриптов (больше 16), напишите на мой e-mail, и я добавлю его в список. Приветствуются скрипты, которые не встречаются на других сайтах ... Спасибо. ))))


----- English -----

If your website has a big enough collection of SCM/CLEO scripts (more than 16) notify me by e-mail
, and I will add it to the list. The unique scripts are preferable ... Thank you. ))))
SA Memory Example Topic

Sat Mar 07, 2009 8:51 am by gtasbigfoot

I have recently decided to create a new topic to give & collect examples of memory hacking. Cool Some of what I post here may be already know (commonly, less commonly, or may be not know), the purpose of this topic is to help individuals, and keep up to date on our example(s), if you do not understand what is written may be your scripting skills are not good with memory handling, or may be you are not skilled in memory hacking(?) However I will try to explain as clear as I can, some thing which I may post may have already been posted by me or other users on other forums, in a different language, or in the English language. Please note; that most of these are tested with the original game version(v1 U.S San Andreas), and some with the v1 German EXE version, if you find something un-working, or not working correctly make sure you check your EXE's version, (as thing very-upon in different game versions).


Any Key



Check if any key has been pressed, notably; you can check most keys with the CLEO opcode 0AB0, but some times does not work right, and you can use this opcode only if the CLEO library is installed, or you have the opcode source running from your main.scm like was explained in the project CLEO topic by Seemann.

1: Open the keys list All indexes are for version 1.0
2: Get the index of the key(s) you are going to use.
3. First column contains the index pointing to the key related memory address.
4. The keys located at the column KeyLo returns 0xFF when pressed. The keys located at the column KeyHi returns 0xFF0000 when pressed.
5. Read the mem addy using index and compare the value with the conforming constant.

Here is an example:


Code:

0@ = 304484 // Num1, Num2 index

:Test
while true
wait 0
if
  &0(0@,1i) == 0x00FF00FF // Num1+Num2
then
    1@ = 25000
    1@ *= 40  // 25k mul* 40 
    player.money($player_char) += 1@
    end
end // "while"



Cheats



In San Andreas "0x969110" is the start of an array that keeps 30 last pressed keys in SA. Accessing this address allows to create new cheats/passwords in run-time. However there is a integer value for an array index that points at this address: -229908.


Code:

0@ = -229908
008B: 1@ = &0(0@,1i)



The last four of the chars stores to 1@


So first of all making cheats through the arrays way
OK:
You can see here for scripts to test how the cheats work, now on to this:


Code:

:Cheat_03
wait 0
1@ = -229907 // address
008B: 1@ = &0(1@,1i)  // get last keypresses
0085: 2@ = 1@ // (int)
div(2@, 0x 1 00 00) // 1char 256, 2chars: 65536: 3chars: 16777216   
mul(2@, 0x 1 00 00) // same 
0062: 1@ -= 2@ // get needed number of chars (2)
if
  1@ == 0x5345
jf @Cheat_03
 1@ = -229908 // address +1          // "search"
if
  &0(1@,1i) == 0x41524348 
jf @Cheat_03
&0(1@,1i) = 0x41524300
03E5: show_text_box 'CHEAT1'  // Cheat activated



The line 1@ == 0x5345 is the first two letters of the cheat, in HEX, the line &0(1@,1i) == 0x41524348 is the next 4 letters(this cheat has 6 letters), and this line &0(1@,1i) = 0x41524300 it's the same line as above only the last digit replaced with 00.

Example script to test cheats was originally posted by me in that topic.


Code:

{$CLEO}
0000:
// Example of cheats

// Testing 4 letter cheat
// Type "hack"
:Cheat_01
0001: wait 0 ms
0006: 29@ = -0x38214
00D6: if
0038:  &0(29@,1i) == 0x4841434B
004D: jump_if_false @Cheat_02
0004: &0(29@,1i) = 0x48414300
03E5: show_text_box 'CHEAT1'  // Cheat activated
0002: jump @Cheat_01

// Testing 6 letter cheat
// Type "cheats"
:Cheat_02
0006: 30@ = -0x38213
008B: 30@ = &0(30@,1i) // (int)
0085: 31@ = 30@ // (int)
0016: 31@ /= 0x10000
0012: 31@ *= 0x10000
0062: 30@ -= 31@ // (int)
00D6: if
0039:  30@ == 0x4348
004D: jump_if_false @Cheat_03
0006: 30@ = -0x38214
00D6: if
0038:  &0(30@,1i) == 0x45415453   
004D: jump_if_false @Cheat_03
0004: &0(30@,1i) = 0x45415400
03E5: show_text_box 'CHEAT1'  // Cheat activated
0002: jump @Cheat_01

// Testing 8 letter cheat
// Type "scriptin"
:Cheat_03
0006: 28@ = -0x38213
00D6: if
0038:  &0(28@,1i) == 0x53435249 
004D: jump_if_false @Cheat_04
0006: 28@ = -0x38214
00D6: if
0038:  &0(28@,1i) == 0x5054494E       
004D: jump_if_false @Cheat_04
0004: &0(28@,1i) = 0x50544900
03E5: show_text_box 'CHEAT1'  // Cheat activated
0002: jump @Cheat_01

// Testing 10 letter cheat
// Type "Memoryhack"
:Cheat_04
0006: 20@ = -0x38212 
008B: 20@ = &0(20@,1i) // (int)
0085: 21@ = 20@ // (int)
0016: 21@ /= 0x10000
0012: 21@ *= 0x10000
0062: 20@ -= 21@ // (int) 
00D6: if
0039:  20@ == 0x4D45   
004D: jump_if_false @Cheat_05
0006: 20@ = -0x38213
00D6: if           
0038:  &0(20@,1i) == 0x4D4F5259 
004D: jump_if_false @Cheat_05
0006: 20@ = -0x38214
00D6: if
0038:  &0(20@,1i) == 0x4841434B         
004D: jump_if_false @Cheat_05
0004: &0(20@,1i) = 0x48414300
03E5: show_text_box 'CHEAT1' // Cheat activated
0002: jump @Cheat_01

// Testing 12 letter cheat
// Type "SannyBuilder"
:Cheat_05
0006: 27@ = -0x38212
00D6: if
0038:  &0(27@,1i) == 0x53414E4E       
004D: jump_if_false @Cheat_01
0006: 27@ = -0x38213
00D6: if
0038:  &0(27@,1i) == 0x59425549 
004D: jump_if_false @Cheat_01
0006: 27@ = -0x38214
00D6: if
0038:  &0(27@,1i) == 0x4C444552 
004D: jump_if_false @Cheat_01
0004: &0(27@,1i) = 0x4C444500
03E5: show_text_box 'CHEAT1'  // Cheat activated
0002: jump @Cheat_01




CLEO OpCodes way


This way uses the cheats start address "0x969110",
This time 4 letters is used up the address of course needs to move up for example; you start with "0x969110", if you used up 4 keys, after that you if you wanna use any more, then the next time you use the address it's going to be "0x969114".


Code:

:6_Letter
wait 0
0A8D: 3@ = read_memory 0x00969110 size 4 virtual_protect 0
0A8D: 4@ = read_memory 0x00969114 size 2 virtual_protect 0
if and
04A4:  3@ == 0x4D4F5259 // mory 
04A4:  4@ == 0x4D45 // me 
jf @6_Letter
03E5: show_text_box 'CHEAT1'
0A8C: write_memory 0x00969110 size 4 value 0x0 virtual_protect 0
0A8C: write_memory 0x00969114 size 2 value 0x0 virtual_protect 0



Example script to test cheats was originally posted by me in that topic.


Code:

{$CLEO}
0000:
// Example of cheats

// Testing 4 letter cheat
// Type "test"
:4_Letter   
0001: wait 0 ms                               
0A8D: 0@ = read_memory 0x00969110 size 4 virtual_protect 0
00D6: if
04A4:  0@ == 0x54455354
004D: jump_if_false @8_Letter
03E5: show_text_box 'CHEAT1'
0A8C: write_memory 0x00969110 size 4 value 0x0 virtual_protect 0
0002: jump @Restart

// Testing 8 letter cheat
// Type "SannyBui"
:8_Letter
0A8D: 1@ = read_memory 0x00969110 size 4 virtual_protect 0
0A8D: 2@ = read_memory 0x00969114 size 4 virtual_protect 0
00D6: if and
04A4:  1@ == 0x59425549 // ybui 
04A4:  2@ == 0x53414E4E  // sann
004D: jump_if_false @6_Letter
03E5: show_text_box 'CHEAT1'
0A8C: write_memory 0x00969110 size 4 value 0x0  virtual_protect 0
0A8C: write_memory 0x00969114 size 4 value 0x0  virtual_protect 0
0002: jump @Restart

// Testing 6 letter cheat
// Type "Memory"
:6_Letter
0A8D: 3@ = read_memory 0x00969110 size 4 virtual_protect 0
0A8D: 4@ = read_memory 0x00969114 size 2 virtual_protect 0
00D6: if and
04A4:  3@ == 0x4D4F5259 // mory 
04A4:  4@ == 0x4D45 // me 
004D: jump_if_false @7_Letter
03E5: show_text_box 'CHEAT1'
0A8C: write_memory 0x00969110 size 4 value 0x0  virtual_protect 0
0A8C: write_memory 0x00969114 size 2 value 0x0  virtual_protect 0
0002: jump @Restart

// Testing 7 letter cheat
// Type "hacking"
:7_Letter
0A8D: 5@ = read_memory 0x00969110 size 4 virtual_protect 0
0A8D: 6@ = read_memory 0x00969114 size 2 virtual_protect 0
0A8D: 7@ = read_memory 0x00969116 size 1 virtual_protect 0
00D6: if and
04A4:  5@ == 0x4B494E47 // king
04A4:  6@ == 0x4143 // ac
04A4:  7@ == 0x48 // h       
004D: jump_if_false @Restart
0A8C: write_memory 0x00969110 size 4 value 0x0 virtual_protect 0
0A8C: write_memory 0x00969114 size 2 value 0x0  virtual_protect 0
0A8C: write_memory 0x00969116 size 1 value 0x0  virtual_protect 0
03E5: show_text_box 'CHEAT1'

:Restart
0001: wait 2000 ms
0002: jump @4_Letter



Easiest way


This way was posted some days ago originally by Seemann on GTAForums

It uses the functions call SCM, here is the main part of the code:


Code:

:TestCheat
if
  0AA9:    is_game_version_original
then
  10@ = 0x969110 // keypresses buffer 1.0
  11@ = 0xA48960 // mission locals 1.0
else
  10@ = 0x96B790 // keypresses buffer 1.01
  11@ = 0xA4AFE0 // mission locals 1.01
end
// get 0@'s offset
0A9F: 4@ = current_thread_pointer
0A8E: 5@ = 4@ + 0xDC // mission Flag
0A8D: 5@ = read_memory 5@ size 1 virtual_protect 0
if
  5@ == 1
then
  0085: 4@ = 11@
else
  4@ += 0x3C
end
// get cheat string length
6@ = 0
while true
  0A8D: 5@ = read_memory 4@ size 1 virtual_protect 0
  if and
      5@ > 0
      6@ < 16
  then
      inc(4@)
      inc(6@)       
  else
      Break
  end
end
0085: 8@ = 10@
while 6@ > 0
  dec(4@)     
  dec(6@)
  0A8D: 5@ = read_memory 4@ size 1 virtual_protect 0 // last cheat char
  // lowercase to uppercase (a->A)
  if
      5@ > 90
  then
      5@ -= 32
  end
  0A8D: 7@ = read_memory 8@ size 1 virtual_protect 0 // last pressed key
  inc(8@) 
  if
      803B:  5@ <> 7@ // (int)
  then
      059A: return_false
      0AB2: ret 0
  end
end
0A8C: write_memory 10@ size 1 value 0 virtual_protect 0
0485: return_true
0AB2: ret 0



You then can call this code check through a script:


Code:

{$CLEO}
0000:
while true
  wait 250 ms
  0@s = 'nocops'
  if
      0AB1: call_scm_func @TestCheat 2 0@ 1@
  then
      0110: clear_player $PLAYER_CHAR wanted_level
  end
end

{$I TestCheat.inc}



The cheat string gets saved to a variable:


Code:

0@s = 'nocops'



If your cheat is longer than 7 symbols, use long strings:


Code:

{$CLEO}
0000:
while true
  wait 250 ms
  22@v = "leavemealone"
  if
      0AB1: call_scm_func @TestCheat 4 22@ 23@ 24@ 25@
  then
      0110: clear_player $PLAYER_CHAR wanted_level
  end
end



The cheat string is case-insensitive. You may write 0@s = 'nocops', 0@s = 'NoCoPs', 0@s = 'nOCOPs', it will still work.

The cheat could be from 1 to 16 symbols in length.


Hard-Coded Interface color changing



This was explained here, please refer to this

Hack weapon pickup size




Code:

032B: 5@ = create_weapon_pickup #DESERT_EAGLE group 15 ammo 99999 at 0@ 1@ 2@
0AA7: call_function 0x4552A0 num_params 1 pop 1 5@ 0@
mul(0@,0x20)
inc(0@,0x9788C4)
0A8D: 0@ = read_memory 0@ size 4 virtual_protect 0
inc(0@,0x15C)
0A8C: write_memory 0@ size 4 value 12.0 virtual_protect 0



Respray




Code:

//&-ALL VEHICLES SPARRYBLE!-&
//--************************************--//
// IMPORTANT: possibility of police cars, and such vehicles allowing you to respray, them other then getting the stupid message all the time.
// 1: Open gtasa.exe with a hex editor
// 2: Find 14334978
// 3: There will be written 2 bytes: 32 C0
// 4: Replace these with the following: B0 01
// 5: Save-finish, and then test
//--************************************--//



A topic for this was published here

Timer and status text without using global variables



Comments: 37

Log in
Who is online?
In total there are 4 users online :: 0 Registered, 0 Hidden and 4 Guests

None

[ View the whole list ]


Most users ever online was 46 on Fri Feb 02, 2024 4:53 pm
Statistics
We have 35 registered users
The newest registered user is reygyquitem

Our users have posted a total of 378 messages in 128 subjects