Memory Addresses (SA)
This article may need to be rewritten. Please help improve this article. The discussion page may contain suggestions. |
Note that all offsets thus posted have been confirmed for GTA San Andreas (GTA_SA.EXE) version 1.0. This is not for function addresses, for these look into Function Memory Addresses (SA).
Note: None of the memory addresses below will work for GTA: San Andreas v2.0 or 3.0(steam). All addresses in v2.0 and above have been changed or moved. Thus inaccessible.
Base Memory addresses
No category yet
0xB7CE50
– [dword] Money0xBAA420
– Wanted Level0x8CDEE4
– [dword] Max wanted level0x8D5104
– [byte] Current blur level0x8CB7A5
– [byte] Current Radiostation-ID0xB700F0
– [dword] Current Car ID (from vehicles.ide) – not for bikes0xB7CB49
– [byte] Game freezes like when in menu:- 0 = normal
- 1 = everything stops
0xB7CB49
– [byte] Menu show:- 0 = leave
- 1 = show
0x863984
– [float] Gravity (default value: 1.0f/125.0f = 0.008f)0xB7CB64
– [float] Game speed in percent0xB7CEE4
– [byte/boolean] Is infinite run0xB7CEE6
– [byte/boolean] Is player fireproof0x96C009
– [byte/boolean] Is paynspray free0xA444A4
– [byte/boolean] Is radar greyed out0x8D2530
– [float] Pedestrian density multiplier0x8A5B20
– [float] Vehicle density multiplier0xB6F065
– [byte/boolean] Widescreen (the view that is displayed during cutscenes, not the display option)0xA4A948
– Lowrider Challenge score0xA4EC20
– Dancing minigame score0xB790B8
– [byte] Photographs taken number (4 bytes)0xA9AD74
– [byte] Tags number (4 bytes)0xB791E4
– [byte] Horseshoes number (4 bytes)0xB791EC
– [byte] Oysters number (4 bytes)
Note: For those number above if you change it to maximum amount they appear to pop a message and gives a bonus like weapons in cj savehouses.
0x716642
– [float] Change solid clouds0x716655
– [float] Disable solid clouds
Note: Both values default to 200. If you change one of them to 100,000 you get very few clouds, a much nicer effect. If you change both of them to 100,000 you never get the clouds.
0xB79078
– [byte] People dropped off in taxi (number used for the stats, 4 bytes)0xA49C30
– [byte] People dropped off in taxi (number used for giving your reward, 4 bytes)0xB79040
– [byte] Safehouse visits number (4 bytes)0xA49EFC
– [dword] Denise Progress0xA49F00
– [dword] Michelle Progress0xA49F04
– [dword] Helena Progress0xA49F08
– [dword] Barbara Progress0xA49F0C
– [dword] Katie Progress0xA49F10
– [dword] Millie Progress
Note: These above six addresses are within the scm block, and valid only for original scm. setting a value to 100 (ie. 100 pct) gives you all gifts of that GF (ie. car keys, wardrobe etc.).
0xB79108
– Number of girls dated0xB79100
– Current number of girlfriends0xB79104
– Number of disastrous dates0xB79110
– Number of successful dates0xB79060
– Unique jumps found number0xB79064
– Unique jumps done number0xBA6774
– Map target:- 0 = disabled
- 1 = enabled
0x86329C
– List of valid command names0xC17054
– A pointer to the main game window handle (typically0xC8CF88
since the pointer is static).0xBA3798
– Beginning of ZoneInfo structure0xBA1DF0
– Beginning of ZonePop structure0xA94B68
– array of pointers to RwTexture, corresponding to opcode 038F
0xA444A0
– Is HUD enabled by an opcode 0826:- 0 = disabled
- 1 = enabled
0x969110
– [char(30)] Buffer of 30 last typed chars, earlier typed chars are on next bytes.0xBAA7A0
- [string] Text box(top-left box) (NOTE: Writing a string will show a message box with duration 1-2 seconds)
Time/Timers
0xB70158
– [dword] Timer related to weather and time in ms0xB610E0
– [dword] A global timer in ms (read only)0xB7CB84
– [dword] A global timer in ms (while not in menu, read/write)0xA5153C
– [dword] Mission timer from a number to 0 (4 bytes)0xB7015C
– [dword] Defines how many ms (1 second... default 1000, set to 1 for a headache, number of ms per sec)0xB7014E
– [byte] Current Weekday (1 through 7)0xB79038
– [dword] How many days have passed in game0xB70153
– [byte] Current Hour0xB70152
– [byte] Current Minute0xA49D54
– [dword] Timer for driving/flying missions (in ms)0xA51974
– [dword] Timer for boat/bike missions (in ms)0xA5197C
– [dword] Timer for taxi driver missions (in ms)0xA51980
– [dword] Tip Bar timer for taxi driver missions (in seconds)0xA519A8
– [dword] Timer for paramedic missions (in ms)0xA519BC
– [dword] Timer for firefighter missions (in ms)0xA519D8
– [dword] Timer for vigilante missions (in ms)0xA51A3C
– Timer for Bloodring race
DirectX / Rendering
0xC97C1C
– A copy of the window handle that is used to initialize the DirectX device.0xC97C20
– Pointer to IDirect3D9 interface.0xC97C28
– Pointer to IDirect3DDevice9 interface.0xC9C040
– Global instance of D3DPRESENT_PARAMETERS structure.
Stats
0xB790B4
- [dword] Energy0xB791A4
– [dword] Lung capacity0xB793D4
– [float] Fat0xB793D8
– [float] Stamina0xB793DC
– [float] Muscle0xB793E0
– [float] Health0xB793E4
– [float] Sex Appeal0xB79480
– [float] Respect0xB79494
– [float] Pistol0xB79498
– [float] Silenced pistol0xB7949C
– [float] Desert eagle0xB794A0
– [float] Shotgun0xB794A4
– [float] Sawn-off shotgun0xB794A8
– [float] Combat shotgun0xB794AC
– [float] Machine pistol0xB794B0
– [float] SMG0xB794B4
– [float] AK470xB794B8
– [float] M40xB794BC
- [float] Rifle
Skills
0xB790A0
– [dword] Driving0xB7919C
– [dword] Flying0xB791B4
– [dword] Bike0xB791B8
– [dword] Cycling0xB791C4
– [dword] Luck at gambling0xB794C4
– [float] Gambling
HTML Stats File
0x8663A0
– File Name ( Default : 'stats.html' )0x86636C
– File Title ( Default : '<title>Grand Theft Auto San Andreas Stats</title>' )
Cheats
[byte] Can be either on (1) or off (0).
0x969130
– Weapon Set 10x969131
– Weapon Set 20x969132
– Weapon Set 30x969133
– Health+Armor+250K0x969134
– Increase Wanted Level 2 Stars0x969135
– Clear Wanted Level0x969136
– Sunny Weather0x969137
– Very Sunny Weather0x969138
– Overcast Weather0x969139
– Rainy Weather0x96913A
– Foggy Weather0x96913B
– Faster Clock0x96913C
– Faster Gameplay0x96913D
– Slower Gameplay0x96913E
– Peds Attack Each other with Golfclub0x96913F
– Have Bounty on Head0x969140
– Everyone is Armed0x969141
– Spawn Rhino (Not Tested!)0x969142
– Spawn Bloodring Banger (Not Tested!)0x969143
– Spawn Rancher (Not Tested!)0x969144
– Spawn Racecar A (Not Tested!)0x969145
– Spawn Racecar B (Not Tested!)0x969146
– Spawn Romero (Not Tested!)0x969147
– Spawn Stretch (Not Tested!)
0x96914A
– Blow up All Cars0x96914B
– Wheels Only (Invisible Cars)0x96914C
– Perfect / Insane Handling0x96914D
– Suicide0x96914E
– All Green Lights0x96914F
– Aggressive Drivers0x969150
– Pink Traffic0x969151
– Black Traffic0x969152
– Cars can drive on water0x969153
– Boats Can Fly0x969154
– CJ is Fat0x969155
– Max Muscle0x969156
– CJ is Skinny0x969157
– Elvis Everywhere0x969158
– Peds attack with rockets0x969159
– Beach Theme0x96915A
– Gang Members everywhere0x96915B
– Gangs control the streets0x96915C
– Ninja Theme0x96915D
– Slut Magnet0x96915E
– Traffic is Cheap Cars0x96915F
– Traffic is Fast Cars0x969160
– Cars can Fly0x969161
– Huge Bunny Hop0x969162
– Spawn Hydra (Not Tested!)0x969163
– Spawn Vortex Hovercraft (Not Tested!)0x969164
– Tank Mode / Smash'n Boom0x969165
– All cars have nitro0x969166
– Cars Float Away when hit0x969167
– Always Midnight0x969168
– Stop Game Clock – Orange Sky0x969169
– Thunderstorm0x96916A
– Sandstorm0x96916C
– Mega Jump0x96916D
– Infinite Health0x96916E
– Infinite Oxygen0x96916F
– Get Parachute0x969170
– Get Jetpack0x969171
– Never Wanted0x969172
– Six Star Wanted Level0x969173
– Mega Punch0x969174
– Never get Hungry0x969175
– Peds Riot (Chaos Mode)0x969176
– Funhouse Theme0x969177
– Slower Gameplay0x969178
– Infinite Ammo, No Reload0x969179
– Full Weapon Aiming while driving0x96917A
– Decreased Traffic0x96917B
– Country Theme0x96917C
– Recruit Anyone (9mm)0x96917D
– Recruit Anyone (AK47)0x96917E
– Recruit Anyone (Rockets)0x96917F
– Max Respect0x969180
– Max Sex Appeal0x969181
– Max Stamina0x969183
– Hitman in All Weapons0x969184
– Spawn Hunter (Not Tested!)0x969185
– Spawn Quad (Not Tested!)0x969186
– Spawn Tanker Truck (Not Tested!)0x969187
– Spawn Dozer (Not Tested!)0x969188
– Spawn Stunt Plane (Not Tested!)0x969189
– Spawn Monster (Not Tested!)0x96918B
– All Taxis Have Nitro
[dword]
0x96918C
– Has ever Cheated or not0xBAA472
– Has now Cheated or not0xB79044
– Cheated Count
[byte]
0x96918C
– 'Cheated' state:- 0 = disabled
- 1 = enabled
Note: If it's set to 1 you'll get a warning message when saving a game. But this byte doesn't get set if you use a cheat enabler.
Display Settings
0xBA6784
– [dword] Brightness0xBA6792
– [byte] Legend0xBA676C
– [byte] Radar Mode- 0 = maps & blips
- 1 = blips
- 2 = off
0xBA6769
– [byte] Hud Mode- 0 = off
- 1 = on
0xBA678C
– [byte] Subtitles0xBA6830
– [byte] Store gallery photos0xBA6788
– [float] Draw Distance0xBA6794
– [byte] Frame limiter0xBA6793
– [byte] Widescreen0xA9AE54
– [byte] Visual FX Quality0xBA680C
– [byte] Mip Mapping0xBA6814
– [byte] Antialiasing values:- 1 = 0x (off)
- 2 = 1x
- 3 = 2x
- 4 = 3x
0xBA6820
– [byte] Resolution values:- 11 = 640x480
- 12 = 800x400
- 13 = 800x600
- 15 = 1024x768
- (Depends on the graphic driver/hardware.)
Sound Configuration
0xBA6798
– [byte] Radio Volume [0 through 64]0xBA6797
– [byte] SFX Volume [0 through 64]0xBA6799
– [byte] Radio Equalizer0xBA6795
– [byte] Radio Auto-tune0xBA67F8
– [byte] Usertrack/Play mode values:- 0 = radio
- 1 = random
0xBA680D
– [byte] Usertrack/Automatic Media Scan0xBA679A
– [byte] Radio Station ID values:- 1 to 12 (see below for station names according to ID)
- 1 = "Playback FM"
- 2 = "K Rose"
- 3 = "K-DST"
- 4 = "Bounce FM"
- 5 = "SF-UR"
- 6 = "Radio Los Santos"
- 7 = "Radio X"
- 8 = "CSR 103.9"
- 9 = "K-JAH West"
- 10 = "Master Sounds 98.3"
- 11 = "WCTR Talk Radio"
- 12 = "User Track Player"
- 13 = "Radio Off"
- 1 to 12 (see below for station names according to ID)
AlienX: Seems that the Radio Station ID is just a menu identifier, this does not actually change the radio station while in-game!
Another note... The opcode for switching players radio stations does not work in line with the station ID's, i have yet to figure out what station ID's are for the SCM code – Dont try to use the above ID's for the SCM Operation Code, it just wont work
Thanks to AlienX For the station names and ID's
Controller Configuration
0xBA6818
– [byte] Controller Configuration values:- 0 = mouse + keys
- 1 = joypad
0xB6EC1C
– [float] Mouse sensitivity0xC1CC02
– [byte] Steer with mouse0xC1CC03
– [byte] Fly with mouse
0xB6EC2E
– REAL aiming mode offset, not menu:- 0 = joypad
- 1 = mouse + keys
Other Dynamic Memory Addresses (non-static)
Pedestrians
General
0xB6F5F0
– Player pointer (CPed)0xB7CD98
– Player pointer, direct offset to the ped pool start (CPed)0xB74498
– CPeds maximum number (normally 140)0xB74490
– Pointer to ped pool usage information, which contains:- +0 = Pointer to the first ped in the pool
- +4 = Pointer to a byte map indicating which peds are in use
- +8 = [dword] Maximum number of peds in the pool
- +12 = [dword] Current number of peds in the pool
Each ped object is 1988 (0x7C4
) bytes.
For each ped in the pool:
In most cases, you can use even the dword of playeraddress as CPed value
- CPed +
0x14
= Pointer to XYZ position structure (and rotation)- (CPed+
0x14
) +0x0
to +0x2C
= [dword] Is the rotation matrix - (CPed+
0x14
) +0x30
= [dword] XPos - (CPed+
0x14
) +0x34
= [dword] YPos - (CPed+
0x14
) +0x38
= [dword] ZPos
- (CPed+
- CPed +
0x2F
= [byte] Location status:- 0 = outside
- 3 = inside a building
- CPed +
0x40
= [byte] Player flag? (default = 18)- Bit 1 = makes player a bit shaky
- Bit 2 = makes player rotate while in air
- Bit 3 = player can push anything (peds,objects,car and etc.)
- Bit 4 = player ignores the collisions (moving in one direction)
- Bit 5 = same as 4
- Bit 6 = ignoring collision (player can't walk)
- Bit 7 = same as 6
- Bit 8 = player ignoring triggers (while in air player ignoring gravity)
- CPed +
0x42
= [byte] Is the BP/EP/FP/DP (special flags) status of the player as follows:
- Bit 1 = makes ped soft (ie. can move through walls and everything) (noclip in other words)
- Bit 2 = freezes ped (ie. ped cannot walk)
- Bit 3 = bullet-proof
- Bit 4 = flame-proof
- Bit 5 = collision-proof
- Bit 6 = MP-proof (MP)
- Bit 7 = same as 2
- Bit 8 = explosion-proof
- CPed +
0x15C
= Some anim states:- 0 = landing from jump
- 61 = punching
- 102 = stopped
- 154 = sprint
- 205 = run
- Cped +
0x46C
= [byte] Player check:- 0 = in air/water
- 1 = in car
- 2 = entering interior
- 3 = on foot
- CPed +
0x46D
= Jump state:- 32 = landed/idle
- 34 = in air
- 36 = landing
- CPed +
0x46F
= Crouch state:- 128 = stand
- 132 = crouched
- CPed +
0x47C
= Pointer to anim struct - CPed +
0x4DF
= Current anim play-state:- 0 = nothing
- 61 = starting/stopping
- 62 = looping
- CPed +
0x504
= [word] Muzzle flash intensity:- 0 to 10000 = on
- 65536 = off
- CPed +
0x530
= [dword] State:- 0 = leaving a car, falling down from a bike or something like this
- 1 = normal case
- 50 = driving
- 55 = wasted
- 63 = busted
- CPed +
0x534
= Runningstate:- 0 = while driving
- 1 = standing still
- 4 = start to run
- 6 = running
- 7 = running fast (sprinting) by pressing sprint key
- CPed +
0x540
= [float] Health - CPed +
0x544
= [float] Max health - CPed +
0x548
= [float] Armor - CPed +
0x558
= [float] Current rotation (Z angle) - CPed +
0x55C
= [float] Target rotation (Z angle) - CPed +
0x560
= [float] Rotation speed (Z angle) - CPed +
0x568
= [dword] Current Car you are in contact with - CPed +
0x584
= [dword] Current Entity you are in contact with - CPed +
0x58C
= [dword] Last or Current Driven Car (CarPointer) - CPed +
0x598
= [byte] Player lock (set to 1 to lock player controls, can't move) - CPed +
0x5A0
= [byte] Start of weapon data (28 bytes) (See structures: WeaponSlot) - CPed +
0x5D8
= [dword] Pistol weapon type:- 22 = 9mm
- 23 = silenced 9mm
- 24 = desert eagle
- CPed +
0x5DC
= [dword] Pistol state - CPed +
0x5E0
= [dword] Pistol ammo in clip - CPed +
0x5E4
= [dword] Pistol total ammo (including clip) - CPed +
0x5F4
= [dword] Shotgun weapon type:- 25 = shotgun
- 26 = sawn-off shotgun
- 27 = spas-12
- CPed +
0x5F8
= [dword] Shotgun state:- 1 = firing?
- 2 = reloading
- CPed +
0x5FC
= [dword] Shotgun ammo in clip - CPed +
0x600
= [dword] Shotgun total ammo (including clip) - CPed +
0x718
= [byte] Current weapon slot (1 byte) - CPed +
0x740
= Current Weapon ID (from default.dat) - CPed +
0x760
= [dword] Weapon you were damaged with - CPed +
0x764
= [dword] Pointer to the ped that damaged you - CPed +
0x79C
= [dword] Pointer to targeted ped
Structures
WeaponSlot // Total 28Bytes DWORD type // + 0 DWORD state // + 4 (0 idle, 1 firing, 2 reloading) DWORD AmmoInClip // + 8 DWORD AmmoRemaining // +12 FLOAT unknown // +16 (increases each time you fire your weapon, 0 when weapon not active, probably used to count bullets fired to know when to reload?) UNKNOWN 0..7 Bytes // +20 (unknown – goggle mode, 0 off and 256 on)...+27
WeaponSlot.type (Slot0: No Weapon) (Slot2: Handguns) 0 – Fist 22 – Pistol 1 – Brass Knuckles 23 – Silenced Pistol (Slot1: Melee) 24 – Desert Eagle 2 – Golf Club (Slot3: Shotguns) 3 – Nitestick 25 – Shotgun 4 – Knife 26 – Sawn-Off Shotgun 5 – Baseball Bat 27 – SPAS-12 6 – Shovel (Slot4: Sub-Machineguns) 7 – Pool Cue 28 – Micro Uzi 8 – Katana 29 – MP5 9 – Chainsaw 32 – TEC-9 15 – Cane (Slot5: Machineguns) (Slot10: Gifts) 30 – AK47 14 – Flowers 31 – M4 (Slot9:Special1) (Slot6: Rifles) 42 – Fire Extinguisher 33 – Country Rifle 43 – Camera 34 – Sniper Rifle (Slot11:Special2) (Slot7: Heavy Weapons) 44 – NV Goggles 35 – Rocket Launcher 45 – IR Goggles 36 – Heat Seaking RPG 46 – Parachute 37 – Flame Thrower (Slot12:Detonators) 38 – Minigun 40 – Detonator(for remote explosives) (Slot8: Projectiles) 16 – Grenade 18 – Molotov Cocktail 39 – Remote Explosives (No slot: Fired from hunter / hydra / missile launcher) (This type is stored in the rocket pool as rocket type, but is the continuation of this list) 19 – Normal rockets 20 – Heatseeking rockets 58 – Flares
Vehicle
0xB6F980
– Is the direct pointer to the pool start (CVehicle)0xBA18FC
– Current vehicle pointer:- 0 = on-foot
- >0 = in-car
0x969084
– First vehicle you got into
Note:
To get the next vehicle, so the second one, you need to add +0x4
as many times you want. They are 0 if you haven't entered a first/second/third/etc car yet.
0xB74494
– Pointer to vehicle pool usage information, which contains:- +0 = Pointer to the first vehicle in the pool
- +4 = Pointer to a byte map indicating which vehicles are in use
- +8 = [dword] Maximum number of vehicles in the pool
- +12 = [dword] Current number of vehicles in the pool
Each vehicle object is 2584 (0xA18
) bytes. It starts at 0xC502AA0
.
For each vehicle in the pool:
- +
0x14
= [byte] Contains a pointer to the rotation/position matrix (84 bytes):- +
0x0
= [float] X-axis Rotation (Grad) - +
0x4
= [float] Y-axis Rotation (Grad) - +
0x8
= [float] Z-axis Rotation (Grad) - +
0x10
= [float] X-axis Rotation (Looking) - +
0x14
= [float] Y-axis Rotation (Looking) - +
0x18
= [float] Z-axis Rotation (Looking) - +
0x30
= [float] X-axis Position - +
0x34
= [float] Y-axis Position - +
0x38
= [float] Z-axis Position
- +
- +
0x22
= [word] Vehicle ID from vehicles.ide - +
0x40
= [byte] Vehicle flag?- 1 Bit = Ignoring gravity
- 2 Bit = Vehicle default flag
- 3 Bit = Multiplies the mass?
- 4 Bit = Same as 1
- 5 Bit = Same as 1
- 6 Bit = Same as 3
- 7 Bit = Same as 3
- 8 Bit = Same as 1
- +
0x42
= [byte] Is the BP/EP/DP/DP (Special Flags) status of the car as follows:
Add these values, and write the sum into +0x42
- 1 = n/a(game prevent this)
- 2 = collision-proof
- 4 = bullet-proof
- 8 = fire-proof
- 16 = damage-proof (from collisions etc)
- 32 = melee-proof
- 64 = n/a
- 128 = explosion-proof
- +
0x44
= [float] X (East-West) speed - +
0x48
= [float] Y (North-South) speed - +
0x4C
= [float] Z (Up-Down) speed - +
0x50
= [float] X (NS) Spin - +
0x54
= [float] Y (EW) Spin - +
0x58
= [float] Z (NW) Spin
Note: Do not get confused about the Spin Angles, these are NOT rotations but the angles of how fast your vehicle is turning in the given axis direction...
(Car addresses continued:)
- +
0x8C
= [float] Mass (kg) from handling.cfg - +
0x90
= [float] Turn Mass from handling.cfg - +
0x94
= [float] Grip Divider:- 1.0 = 1 x gGrip
- 10.1 = 10 x gGrip
- 100.0 = g / 100Grip
- +
0x98
= [float] Mass-to-Grip Multiplier. Ie. G Force when flying/during suspension/driving (acceleration towards ground) - +
0xA0
= [float] Normalized Grip Level - +
0xA4
= [float] CoM X - +
0xA8
= [float] CoM Y - +
0xAC
= [float] CoM Z - +
0xD8
= [float] Increases when collision occurs - +
0x428
= [byte] Engine State (whether the engine is running or stalled):- 0 = stalled
- 16 = ok
- +
0x42D
= [byte] Siren on/off - +
0x434
= [byte] Body Color (as in carcols.dat, black being the 0) - +
0x435
= [byte] Stripe Color (as in carcols.dat, black being the 0) - +
0x436
= [byte] Body Color #2 - +
0x437
= [byte] Stripe Color #2 - +
0x438
= [dword] modding data as in garage info (Not working?) - +
0x43C
= [dword] modding data as in garage info (Not working?) - +
0x440
= [dword] modding data as in garage info (Not working?) - +
0x444
= [dword] modding data as in garage info (Not working?) - +
0x448
= [dword] modding data as in garage info (Not working?) - +
0x44C
= [dword] modding data as in garage info (Not working?) - +
0x450
= [dword] modding data as in garage info (Not working?) - +
0x454
= [dword] modding data as in garage info (Not working?) - +
0x458
= [float] Car Wheel Size from vehicle.ide - +
0x45C
= [dword] Time left for car alarm to sound in ms - +
0x460
= [dword] Pointer to driver - +
0x464
= [dword] Pointer to passenger 1 (Front-right seat) - +
0x468
= [dword] Pointer to passenger 2 (Rear-left seat) - +
0x46C
= [dword] Pointer to passenger 3 (Rear-right seat) - +
0x470
= [dword] Pointer to passenger 4 (Used for buses) - +
0x474
= [dword] Pointer to passenger 5 (Used for buses) - +
0x478
= [dword] Pointer to passenger 6 (Used for buses) - +
0x47C
= [dword] Pointer to passenger 7 (Used for buses) - +
0x480
= [dword] Pointer to passenger 8 (Used for buses) - +
0x484
= [dword] Pointer to passenger 9 (Used for buses) - +
0x494
= [float] Steer angle 1 - +
0x498
= [float] Steer angle 2 - +
0x49C
= [float] Gas pedal - +
0x4A0
= [float] Brake pedal - +
0x4A8
= [byte] Places a car-bomb:- 0 = No bomb.
- 1 = Car has a time bomb, but it's not armed.
- 2 = Car has an on-ignition bomb, but it's not armed.
- 3 = Set remotely, perhaps (?).
- 4 = Time bomb is armed.
- 5 = On-ignition bomb is armed.
Note: You can set the above values to 0 or 1 to give the car a bomb. Some other flags get set when you arm the bomb. So if you set this value to 4 or 5, or actually arm the bomb through normal gameplay, it does not help if you try to change this value back.
- +
0x4AB
= [BYTE] The number of peds (usually cops) trying to hide behind this car.
- +
0x8A4
= [float] Nitro Count- 1.0 Nitro filled (in case of number of NOS is equal to 0 it'll mean Empty)
- -1.0 Nitro discharged
- +
0x48A
= [BYTE] Number of available NOS in the vehicle- 1~10 Have Available NOS
- 0 No Have Available NOS
- +
0x4B0
= [float] Body dirt level:- 0.0 = fully clean
- 15.0 = maximum dirt visible
- +
0x4C0
= [float] Health/Car Damage Left:- <250.0 = on fire
- 1000.0 = undamaged
- +
0x4F8
= [dword] Car Door Locked State:- 1 = open
- 2 = locked
- +
0x514
= [dword] Alternate siren (honking):- 0 = off
- 1 = on
Note: Automatically gets reset back to 0. To prevent this just NOP 0x6E0A3B
(6 bytes).
- +
0x584
= [dword] Headlights switch:- 0 = off
- 1 = on
Note: Same case as above, gets automatically reset – NOP 0x6E1EDE
(6 bytes).
- +
0x590
= [byte] Car type:- 0 = car/plane
- 5 = boat
- 6 = train
- 9 = bike
- +
0x5A4
= [float] Train speed:- -0.1 = is forward
- 0.1 = is reverse
- +
0x5A5
= [byte] Car Tire (Left-Front) Status:- 0 = ok
- 1 = flat
- 2 = Used by planes when landing gear is up
- +
0x5A6
= [byte] Car Tire (Left-Rear) Status:- 0 = ok
- 1 = flat
- 2 = Used by planes when landing gear is up
- +
0x5A7
= [byte] Car Tire (Right-Front) Status:- 0 = ok
- 1 = flat
- 2 = Used by planes when landing gear is up
- +
0x5A8
= [byte] Car Tire (Right-Rear) Status:- 0 = ok
- 1 = flat
- 2 = Used by planes when landing gear is up
- +
0x65C
= [byte] Bike Tire (Front) Status:- 0 = ok
- 1 = flat
- +
0x65D
= [byte] Bike Tire (Rear) Status:- 0 = ok
- 1 = flat
- +
0x65E
= [byte] Bicycle Tire (Front) Status:- 0 = ok
- 1 = shot
- +
0x65F
= [byte] Bicycle Tire (Rear) Status:- 0 = ok
- 1 = shot
Note: You cannot actually shoot the wheels of bmx. If you set the value 1 at above two offsets, it rides as if the wheels were shot. They probably not work.
- +
0x6C8
= [byte] Is the bike identifier.
Note: Gets set to 1 if this vehicle is a bike (or bmx).
- +
0x720
= [float] Front-Left suspension height - +
0x724
= [float] Rear-Left suspension height - +
0x728
= [float] Front-Rear suspension height - +
0x72C
= [float] Rear-Rear suspension height
- +
0x7BC
= [float] Burn Timer (in ms) (for bikes)
Note: There is also a copy of the suspension values at -0x10
, but these are 'smoother'. They range from 0 to 1 (1 = fully extended/airborne, 0 = fully compressed).
- +
0x7E4
= [float] Front-Left suspension height - +
0x7E8
= [float] Rear-Left suspension height - +
0x7EC
= [float] Front-Right suspension height - +
0x7F0
= [float] Rear-Right suspension height
- +
0x86C
= [word] Current load of vehicle, works for vehicles such as dumper, packer, dozer, forklift and so on. - +
0x870
= [word] Last load value of vehicle. Used to detect whether vehicle should have sound of raising/lowering a load. After detecting it gets value of car struct +0x86C
below.
- +
0x8E4
= [float] Burn Timer (in ms) (for cars)
Let's say, the Car Position of this given car starts at 0xC5F5DB4
:
- +
0x0
= X Level to the ground - +
0x4
= Y Level to the ground - +
0x8
= Z Level to the ground - +
0x10
= X Where am I looking - +
0x14
= Y Where am I looking - +
0x18
= Z Where am I looking - +
0x20
= Dyn flight data - +
0x24
= Dyn flight data - +
0x28
= Dyn flight data - +
0x30
= CarPosX - +
0x34
= CarPosY - +
0x38
= CarPosZ
Following offsets are Floats, as positions of doors and other car parts that gets detached by damage. We need to recalculate and set their locations if we warp a car from one location to another. Otherwise the car spins uncontrollably:
- +
0x724
= Detachables1 Pos X - +
0x728
= Detachables1 Pos Y - +
0x72C
= Detachables1 Pos Z - +
0x750
= Detachables2 Pos X - +
0x754
= Detachables2 Pos Y - +
0x758
= Detachables2 Pos Z - +
0x77C
= Detachables3 Pos X - +
0x780
= Detachables3 Pos Y - +
0x784
= Detachables3 Pos Z - +
0x7A8
= Detachables4 Pos X - +
0x7AC
= Detachables4 Pos Y - +
0x7B0
= Detachables4 Pos Z
The locations of the detachable objects are different for cars and bikes. This is merely because bike object is actually smaller than the car object. The car object is used for all vehicles (including heli) but the bikes.
Offsets for Detachables:
- +
0x5FC
= BikeDetachPosAdr(0) - +
0x660
= BikeDetachPosAdr(1) - +
0x68C
= BikeDetachPosAdr(2) - +
0x6B8
= BikeDetachPosAdr(3) - +
0x6E4
= BikeDetachPosAdr(4)
- +
0x724
= CarDetachPosAdr(0) - +
0x750
= CarDetachPosAdr(1) - +
0x77C
= CarDetachPosAdr(2) - +
0x7A8
= CarDetachPosAdr(3)
The trailer of the tanker is handled the same way as the vehicles. Its pointer gets set at offset:
- +
0x4C8
To the car object start. When warping vehicles that has trailer, we need to warp this 'vehicle' as well. The same pointer is used also when you are towing other vehicles as well.
Wanted
0xB7CD9C
– Wanted pool start (CWanted). Each slot has 668 bytes of data.
- +
0x0
= Is the counter for how pissed the cops are:- above 50 = 1 star
- above 180 = 2 stars
- above 550 = 3 stars
- above 1200 = 4 stars
- above 2400 = 5 stars
- above 4600 = 6 stars
- +
0x4
= like above, but 'before parole (timed wanted level decrease?)' - +
0x8
= [dword] time value, the last time the wanted level decreased - +
0xC
= [dword] time value, the last time the wanted level changed - +
0x10
= [dword] 'time of parole' - +
0x14
= [float] multiplier of wanted level contribution of crimes (set using 03C7?) - +
0x18
= [byte] Current amount of cops 'in pursuit' - +
0x19
= [byte] Maximum number of foot cops simultaneously shooting at you ('in pursuit') - +
0x1A
= [byte] Maximum number of cop cars in pursuit - +
0x1B
= [byte] Amount of cops currently 'beating the suspect' - +
0x1C
= [word] Chance a road block appears, range unknown (though 127 seems to have a special meaning) - +
0x1E
= [bool] Is the player ignored by police? (set by script) - +
0x1F
= [bool] Is the player ignored by police? (set by garages) - +
0x20
= [bool] Is the player ignored by everyone? - +
0x21
= [bool] Should the streamer load the SWAT models? - +
0x22
= [bool] Should the streamer load the FBI models? - +
0x23
= [bool] Should the streamer load the army models? - +
0x24
= [dword] Current chase time - +
0x28
= [dword] 'Current chase time counter' - +
0x2C
= [word] Current wanted level (1-6) - +
0x2F
= [word] Wanted level before 'parole' - need to do more
Note:
Helicopters will still shoot if you change flag 0x19
to 0.
Camera
0xB6F028
– Camera Block Start (CCamera)0x52B730
– Start of camera 'MOVer' subroutine:0xC3
= lock camera (retn)
0xB6F0DC
– [dword] Current View:- 0 = bumper View
- 1 = close external view
- 2 = middle external view
- 3 = furthest external view
- 4 = nothing = same as last?
- 5 = cinematic view
- 6 to INF = same as 4?
0xB6F0E0
– [float] Car View Distance (arm length)0xB6F0E8
– [float] True View Distance (true arm length)
Ignored
0xB7CD9C
– Ignored pointer (CIgnored).
- +
0x1E
= [byte/boolean] Is player ignored by cops - +
0x298
= [byte/boolean] Is player ignored by everyone
Pools
See the Data Pools functions in the Function Memory Addresses (SA) section.
0x550F10
– AllocatePools function.
0xB74484
– PtrNode Single0xB74488
– PtrNode Double0xB7448C
– EntryInfoNode0xB74490
– Peds0xB74494
– Vehicles0xB74498
– Buildings0xB7449C
– Objects0xB744A0
– Dummys0xB744A4
– ColModel0xB744A8
– Task0xB744AC
– Event0xB744B0
– PointRoute0xB744B4
– PatrolRoute0xB744B8
– NodeRoute0xB744CC
– TaskAllocator0xB744C0
– PedIntelligence0xB744C4
– PedAttractors
Target
0xB6F3B8
= Pointer to Target.
- +
0x79C
[dword] = Targetted CPed:- 0 = no cped targetted
- +
0xC0
= Pointer to last object (ped, car, maybe others) you collided with
Handling
0xC2B9DC
– Handling Block Start. Each slot has 224 bytes of data.
- +
0x0
= [dword] Index/Identifier - +
0x4
= fMass - +
0x8
= 1.0 / fMass - +
0xC
= fTurnMass - +
0x10
= fDragMult - +
0x14
= CentreOfMass.x - +
0x18
= CentreOfMass.y - +
0x1C
= CentreOfMass.z - +
0x20
= [byte] nPercentSubmerged - +
0x24
= fMass * 8.0000001e-1 / nPercentSubmerged - +
0x28
= fTractionMultiplier - +
0x74
= [byte] TransmissionData.nDriveType - +
0x75
= [byte] TransmissionData.nEngineType - +
0x76
= [byte] TransmissionData.nNumberOfGears - +
0x7C
= TransmissionData.fEngineAcceleration (Multiplied by 3.9999999e-4) - +
0x80
= TransmissionData.fEngineInertia - +
0x84
= TransmissionData.fMaxVelocity (Multiplied by 5.5555599e-3) - +
0x94
= fBrakeDeceleration (Multiplied by 3.9999999e-4) - +
0x98
= fBrakeBias - +
0x9C
= [byte] bABS - +
0xA0
= fSteeringLock - +
0xA4
= fTractionLoss - +
0xA8
= fTractionBias - +
0xAC
= fSuspensionForceLevel - +
0xB0
= fSuspensionDampingLevel - +
0xB4
= fSuspensionHighSpdComDamp - +
0xB8
= Suspension upper limit - +
0xBC
= Suspension lower limit - +
0xC0
= Suspension bias between front and rear - +
0xC4
= Suspension anti-dive multiplier - +
0xC8
= [float] fCollisionDamageMultiplier { memory fCollisionDamageMultiplier = fCollisionDamageMultiplier * ( 1.0 / fMass) * 2000.0 } - +
0xCC
= [hex] modelFlags - +
0xD0
= [hex] handlingFlags - +
0xD4
= fSeatOffsetDistance - +
0xD8
= [dword] nMonetaryValue - +
0xDC
= [byte] Front lights - +
0xDD
= [byte] Rear lights - +
0xDE
= [byte] Vehicle anim group
Controls
0xB73458
– Start of controls block.
- +
0x20
= [word] Accelerate:- 0 = off
- 255 = on
- +
0x22
= [word] Brake
Rockets
The rocket pool contains info on launched rockets (for example, Hydra rockets).
0xC891A8
– Rocket pool start. Each slot has 36 bytes of data. There are 32 elements in the pool.
- +
0x0
= [dword] Rocket type:- 16 = none
- 17 = tear gas
- 19 = normal
- 20 = heatseeking
- 39 = remote explosives
- 58 = flare
- +
0x4
= [dword] Pointer to launching entity - +
0x8
= [dword] Pointer to target vehicle (when heatseeking), 0 otherwise - +
0x10
= [byte] Does rocket exist?- 0 = exploded/does not exist
- 1 = travelling
- +
0x14
= [float] X-axis position - +
0x18
= [float] Y-axis position - +
0x1C
= [float] Z-axis position
Bullets
0xC88740
– Bullet pool start.
- +
0xC
= [byte] Bullet exists- 0 = Does not exist
- 1 = Exists
- +
0x10
= [float] X-axis position - +
0x14
= [float] Y-axis position - +
0x18
= [float] Z-axis position
Note: It works only for Sniper Rifle
Race Checkpoints
The checkpoints block that are used in the "illegal street racing" mini-games.
0xC7F158
– Checkpoint block start. Each block is 38 bytes, but theres always only two at a time.
- +
0x0
= [byte] Type of checkpoint - +
0x2
= [byte] RGBA color value - +
0x4
= [float] X-axis Position - +
0x8
= [float] Y-axis Position - +
0xC
= [float] Z-axis Position - +
0x10
to +0x18
= [float] Rotation Matrix (direction from this checkpoint to the next, all floats) - +
0x20
= [float] Checkpoint radius
Garages and Parking
Note, that the memory location of garages can vary depending on the scm script you use.
There are 50 garages in the game. Each garage has:-
- Position
- Details
- Usage information
- Location in game
- Location of door
- Width
- Depth
- Height
- Direction it looks
- Coordinates of lower left corner
- Coordinates of upper right corner,
- Usable by the player
- Which property (safe house) it belongs
- Number of vehicles which can be parked inside
- The door state (closed, opening, open and closing)
These are found in the garage object of 212 bytes. The memory locations where the garages start are:
0x96C048
(start of first garage)- +
0xD4
(offset for second garage – offset this much again for third garage, again for fourth, etc.) 0x96C120
(start of final garage)
(Tested using non-patched original v1.0 German EXE with English language option selected, and original SCM file.)
(UZI-I Tested Player Garage and Pay'n'Spray using Hoodlum Crack EXE with an Blank SCM)
Here is the known garage offsets:
- +0 = [float] X Coord of the Garage Lower Left corner
- +4 = [float] Y Coord of the Garage Lower Left corner
- +8 = [float] Z Coord of the Garage Lower Left corner
- +12 = [float] X Value of direction vector 1
- +16 = [float] Y Value of direction vector 1
- +20 = [float] X Value of direction vector 2
- +24 = [float] Y Value of direction vector 2
- +28 = [float] Top Z Coord. of the garage
- +32 = [float] Normalized Width of the garage
- +36 = [float] Normalized Depth of the garage
- +40 = [float] Left Border (X) corrdinate
- +44 = [float] Right Border (X) corrdinate
- +48 = [float] Front Border (Y) corrdinate
- +52 = [float] Back Border (Y) corrdinate
- +56 = [float] Garage Door Position
- +60 = [dword] unknown (Timer)
- +64 = [dword] unknown (not saved)
- +68 = [chars] Garage Name (7 bytes + nul)
- +76 = [byte] Garage Type
- +77 = [byte] Garage Door State values:
- 0 = closed
- 1 = open
- 2 = closing
- 3 = opening
- +78 = [byte] Door Flags
0x01
= used mod shop (?)0x02
= inactive door0x04
= used Pay'n'Spray (?)0x08
= small door (reflective?)0x10
= up and in door0x20
= camera follows player0x40
= door is closed flag0x80
= girlfriend PnS
- +79 = [byte] Original Type
The direction vector 3 is completely left out, I think because the garages are always even to the ground. I think that is also why the Z values of the direction vectors are also left-out.
Note: Direction Vectors marked above may be Quaternions.
Here are the static Addresses of the Garage Blocks, and to which garage they belong:
0x96C048
– Commerce Region, Loading Bay Garage (Life's a Beach)0x96C120
– LSPD Police Impound Garage0x96C1F8
– Mission Garage near El Corona (Los Desperados)0x96C2D0
– Eight Ball Autos near El Corona0x96C3A8
– Mission Garage near El Corona (Cesar Vialpando)0x96C480
– Player Garage: El Corona0x96C558
– LS Burglary Garage near Playe del Seville0x96C630
– LowRider Tuning Garage in Willowfield0x96C708
– Pay 'n' Spray in Idlewood0x96C7E0
– Player Garage: Johnson House0x96C8B8
– Pay 'n' Spray in Temple0x96C990
– Transfender in Temple0x96CA68
– Pay 'n' Spray in Santa Maria Beach0x96CB40
– Player Garage: Santa Maria Beach0x96CC18
– Player Garage: Mulholland0x96CCF0
– Wheel Archangels in Ocean Flats0x96CDC8
– Mission Garage in Ocean Flats (T-Bone Mendez)0x96CEA0
– Player Garage: Hashbury0x96CF78
– Transfender near Wang Cars in Doherty0x96D050
– Pay 'n' Spray near Wang Cars in Doherty0x96D128
– SF Burglary Garage, Loading Bay near Doherty0x96D200
– Player Garage: Doherty0x96D2D8
– Mission Garage in Doherty Garage0x96D3B0
– Woozie's Mission Garage in Chinatown (Ran Fa Li)0x96D488
– Michelle's Pay 'n' Spray in Downtown0x96D560
– Player Garage: Calton Heights0x96D638
– SFPD Police Impound Garage0x96D710
– Pay 'n' Spray in Juniper Hollow0x96D7E8
– Player Garage: Paradiso0x96D8C0
– LVPD Police Impound Garage0x96D998
– Airport Plane Garage in Las Venturas0x96DA70
– LV Burglary Garage near Camel's Toe0x96DB48
– Pay 'n' Spray near Royal Casino0x96DC20
– Transfender in come-a-lot0x96DCF8
– Player Garage: Rockshore West0x96DDD0
– Welding Wedding Bomb-workshop in Emerald Isle0x96DEA8
– Pay 'n' Spray in Redsands East0x96DF80
– Player Garage: Redsands West0x96E058
– Player Garage: Prickle Pine0x96E130
– Player Garage: Whitewood Estates0x96E208
– Pay 'n' Spray in El Quebrados0x96E2E0
– Pay 'n' Spray in Fort Carson0x96E3B8
– Player Garage: Fort Carson0x96E490
– Player Garage: Verdant Meadows0x96E568
– Mission Garage in El Castillo del Diablo (Interdiction)0x96E640
– Airport Garage in Verdant Meadows0x96E718
– Mission Garage in Angel Pine (Puncture Wounds)0x96E7F0
– Pay 'n' Spray in Dillimore0x96E8C8
– Player Garage: Palomino Creek0x96E9A0
– Player Garage: Dillimore
Static Mem. Locations for garages:
0x96ABD8
– Johnson House Car 10x96AC18
– Johnson House Car 20x96AC58
– Johnson House Car 30x96AC98
– Johnson House Car 40x96ACD8
– Santa Maria Beach Car 10x96AD18
– Santa Maria Beach Car 20x96AD58
– Santa Maria Beach Car 30x96AD98
– Santa Maria Beach Car 40x96ADD8
– Rockshore West Car 10x96AE18
– Rockshore West Car 20x96AE58
– Rockshore West Car 30x96AE98
– Rockshore West Car 40x96AED8
– Fort Carson Car 10x96AF18
– Fort Carson Car 20x96AF58
– Fort Carson Car 30x96AF98
– Fort Carson Car 40x96AFD8
– Verdant Meadows Car 10x96B018
– Verdant Meadows Car 20x96B058
– Verdant Meadows Car 30x96B098
– Verdant Meadows Car 40x96B0D8
– Dillimore Car 10x96B118
– Dillimore Car 20x96B158
– Dillimore Car 30x96B198
– Dillimore Car 40x96B1D8
– Prickle Pine Car 10x96B218
– Prickle Pine Car 20x96B258
– Prickle Pine Car 30x96B298
– Prickle Pine Car 30x96B2D8
– Whitewood Estates Car 10x96B318
– Whitewood Estates Car 20x96B358
– Whitewood Estates Car 30x96B398
– Whitewood Estates Car 40x96B3D8
– Palomino Creek Car 10x96B418
– Palomino Creek Car 20x96B458
– Palomino Creek Car 30x96B498
– Palomino Creek Car 40x96B4D8
– Redlands West Car 10x96B518
– Redlands West Car 20x96B558
– Redlands West Car 30x96B598
– Redlands West Car 40x96B5D8
– El Corona Car 10x96B618
– El Corona Car 20x96B658
– El Corona Car 30x96B698
– El Corona Car 40x96B6D8
– MulHolland Car 10x96B718
– MulHolland Car 20x96B758
– MulHolland Car 30x96B798
– MulHolland Car 40x96B7D8
– LSPD Impound Car 10x96B818
– LSPD Impound Car 20x96B858
– LSPD Impound Car 30x96B898
– LSPD Impound unused0x96B8D8
– SFPD Impound Car 10x96B918
– SFPD Impound Car 20x96B958
– SFPD Impound Car 30x96B998
– SFPD Impound unused0x96B9D8
– LVPD Impound Car 10x96BA18
– LVPD Impound Car 20x96BA58
– LVPD Impound Car 30x96BA98
– LVPD Impound usued0x96BAD8
– Calton Heights Car 10x96BB18
– Calton Heights Car 20x96BB58
– Calton Heights Car 30x96BB98
– Calton Heights Car 40x96BBD8
– Paradiso Car 10x96BC18
– Paradiso Car 20x96BC58
– Paradiso Car 30x96BC98
– Paradiso Car 40x96BCD8
– Doherty Car 10x96BD18
– Doherty Car 20x96BD58
– Doherty Car 30x96BD98
– Doherty Car 40x96BDD8
– Hashbury Car 10x96BE18
– Hashbury Car 20x96BE58
– Hashbury Car 30x96BE98
– Hashbury Car 40x96BED8
– Verdant Meadows Airport Car 10x96BF18
– Verdant Meadows Airport Car 20x96BF58
– Verdant Meadows Airport Car 30x96BF98
– Verdant Meadows Airport Car 4
Offsets:
- +
0x0
= [float] X Coord - +
0x4
= [float] Y Coord - +
0x8
= [float] Z Coord - +
0xE
= [word] BPDPEPFP coding - +
0x10
= [word] Car ID - +
0x2F
= [byte] Body Color ordinal - +
0x30
= [byte] Stripe Color ordinal - +
0x3C
= [float] Car Angle
Interface
0xBAB22C
– [byte] Health bar/red text/enemy marker/anything red color (RGBA, 4 bytes)0xBAB230
– [byte] Money font color/vehicle entry name/green text/anything green color (RGBA, 4 bytes)0xBAB238
– [byte] White text color (RGBA, 4 bytes)0xBAB240
– [byte] Main menu title border (RGBA, 4 bytes)0xBAB244
– [byte] Wanted level color (RGBA, 4 bytes)0xBAB24C
– [byte] Radio station text color (RGBA, 4 bytes)0xBAB258
– [byte] Yellow blip/text color (RGBA, 4 bytes)
Menu
The following addresses have been found:
0xBA6748
– Base address.
- +
0x15D
= [byte] Current Menu ID - +
0x78D
= [byte] Show menu item hover - +
0x54
= [dword] Selected menu item
- +
0xE9
= [byte] Main menu switch (startup menu/menu when playing) - +
0x84
= [dword] Language - +
0x15F
= [byte] Selected savegame - +
0x24
= [dword] Radar mode
- +
0x64
= [float] Map zoom - +
0x68
= [float] Map x position - +
0x6C
= [float] Map y position
- +
0x5C
= [byte] Player in menu?
Menu IDs
Known Menu IDs (get ID at 0xBA68A5
):
- 0 = Stats
- 1 = Start game
- 2 = Brief
- 3 = Audio options
- 4 = Display settings
- 5 = Map
- 6 = Question start new game
- 7 = Game selection
- 8 = Question load mission pack
- 9 = Load game
- 10 = Delete game
- 11 = Question load save game
- 12 = Question delete game
- 13 = Loads first savegame? *crash
- 14 = Delete successful
- 15 = Delete successful
- 16 = Save game
- 17 = Question save
- 18 = Save successful
- 19 = Save successful
- 20 = Save game ok
- 21 = Load game ok
- 22 = Game affected, do not save
- 23 = Display default settings
- 24 = Audio default settings
- 25 = Controller default settings
- 26 = User track options
- 28 = Language
- 29 = Save game ok
- 30 = Save unsuccessful
- 31 = Load game (save unsuccessful)
- 32 = Load unsuccessful, file corrupted
- 33 = Options
- 34 = Main menu
- 35 = Quit game
- 36 = Controller setup
- 37 = Redefine controls
- 38 = Foot/vehicle controls
- 39 = Mouse settings
- 40 = Joypad settings
- 41 = Game running main menu
- 42 = Quit game
- 43 = Empty
0xA49960
– Start of the SCM block (0xA49960
+ (4 * varnumber) is that particular variable)0xA7A6A0
– Start of the mission block (69000 bytes)0x464080
– GetOpcodeParameters()0xA447F4
– Command count0x469F00
– CRunningScript_ProcessOneCommand0x464080
– CRunningScript_CollectParameters0x4859D0
– CRunningScript_UpdateCompareFlag0x469390
– Game_Script_Thread struct0xA43C78
– Where the routine above stores opcode parameters values. Max 16 paramters for an opcode it seems0x8A6168
– "Master" jumptable, each dword points to one of 27 different functions, each one handling approx 100 opcodes0x466C50
– Opcodes 0000 – 0063. Array of dword, each pointing to the function for that opcode0x468364
– Opcodes 0064 – 00C4. Array of dword, each pointing to the function for that opcode0x469E4C
– Opcodes 00D6 – 0129. Array of byte, each byte is an index for the array of dword at0x469DD4
, which points to the opcode function0x47D1B4
– Opcodes 0137 – 018F. Array of byte, each byte is an index for the array of dword at0x47D0F4
, which points to the opcode function0x47DFE0
– Opcodes 0190 – 01F3. Array of byte, each byte is an index for the array of dword at0x47DF58
, which points to the opcode function0x47F304
– Opcodes 01F4 – 0256. Array of byte, each byte is an index for the array of dword at0x47F24C
, which points to the opcode function0x47FA04
– Opcodes 0292 – 02B8. Array of byte, each byte is an index for the array of dword at0x47F9BC
, which points to the opcode function0x480FD8
– Opcodes 02BE – 031D. Array of byte, each byte is an index for the array of dword at0x480F10
, which points to the opcode function0x4836B8
– Opcodes 0320 – 0382. Array of byte, each byte is an index for the array of dword at0x483600
, which points to the opcode function
(No time to finish now, will finish later)
Threads
0xA8B430
– Start of the threads pool. There are two queues: the active threads and inactive ones.
0xA8B42C
– Pointer to the first active SCM thread.
0xA8B428
– Pointer to the first inactive SCM thread.
Each thread has size of 224 (0xE0
) bytes.
- +
0x0
= [void*] Pointer to the next thread in a queue - +
0x4
= [void*] Pointer to the previous thread in a queue - +
0x8
= [char] Thread name given by the opcode 03A4, char 8 - +
0x10
= [dword] Thread base IP (used in the missions and external scripts to calculate a global address of a local jump offset) - +
0x14
= [dword] Current IP - +
0x18
= [dword] Return stack (stores the current IP when a gosub executed, dword 8) - +
0x38
= [word] Last item index of the return stack - +
0x3C
= [dword] Local variables array, dword 32 - +
0xBC
= [dword] Automatically incrementing timers, dword 2 - +
0xC4
= [boolean] Thread active flag - +
0xC5
= [boolean] IF result - +
0xC6
= [boolean] Mission flag - +
0xC7
= [boolean] External script flag - +
0xC8
= [boolean] Unknown flag (in menu?). Used in 03E5 - +
0xC9
= [boolean] Unknown flag (ID of an assigned script?) - +
0xCC
= [dword] Wakeup time (set by 0001) - +
0xD0
= [word] IF number (set by 00D6) - +
0xD2
= [boolean] Not flag (if a condition to check is negative – any opcodes higher than0x7FFF
) - +
0xD3
= [boolean] Wasted or busted check enabled flag (set by 0111); only for missions - +
0xD4
= [boolean] Player is wasted or busted flag; only for missions - +
0xD8
= [dword] Skip scene IP (used by opcodes 0707, 0701) - +
0xDC
= [boolean] Mission flag
External Scripts Info
0xA47B60
– Start of the external scripts info pool. There are 82 elements with 32 bytes of size each
- +0 = [dword] Script IP
- +4 = [word] Status (can be obtained by 0926)
- +6 = [word] Index in SCM (a number as defined in the scm header)
- +8 = [char] Name, char 20
- +28 = [dword] Size
0xA485A0
– [dword] Size of the largest external script
0xA485A4
– [dword] Total scripts count
Restart Locations
Also see: opcodes 016C and 016D / save file block 8
An unmodded game has 7 restart locations for "busted" and 8 for "wasted". The memory structure suggests a limit of 10 for both of these.
0xA43268
: dword -- number of busted structures0xA4326C
: dword -- number of wasted structures0xA43270
: float[10] -- town numbers for busted structures (1 LS / 2 Country+SF / 3 Desert+LV)0xA43298
: float[10] -- angles for busted structures0xA432C0
: float[10] -- town numbers for wasted structures (1 LS / 2 Country+SF / 3 Desert+LV)0xA432E8
: float[10] -- angles for wasted structures0xA43310
: float -- unused float, only set up to (0.005 * 0.0625 = 0.0003125), 1/0.0003125 = 3200.00xA43318
: float[3][10] -- x,y,z – respawn coords for wasted structures0xA43390
: float[3][10] -- x,y,z – respawn coords for busted structures0xA43408
: byte[12] -- unknown; matching 12 unknown bytes of save block 8,0x01
after Busted structures0xA43414
: byte[12] -- unknown; matching 12 unknown bytes of save block 8,0x0F
after Busted structures0xA43420
: [end]
Notes:
- Town nos. and angles have the busted structures first but coords have the wasted structures first.
- I'm not sure about the end of this structure, but I couldn't recognize anything from the according save block 8 after
0xA43420
.
Misc
0xA4892C
– Start of the pool stored the flipped vehicles handles. There are 6 elements in there, with each of them:
- +0 = [dword] Vehicle handle to check if it flipped. Stored by opcode 0190.
- +4 = [dword] Time in ms passed from the moment a vehicle flipped. Used by opcode 018F
0xA90850
– Start of the mission cleanup list. This list keeps the handles of any entities created during a mission. When the opcode 00D8 executed (normally it happens at the end of any mission), the game reads this list and destroys everything being stored there. Maximum items on the list is 75. Each item has the following structure:
- +0 = [byte] Entity type:
- +4 = [dword] entity handle (an index in the proper pool)
Weather Codes
0xC81318
– [word] Weather lock (by AlienX).
0xC8131C
– [word] Upcoming weather.
0xC81320
– [word] Current weather.
The following values tie up with the sections in data/timecycp.dat. There are several different kinds of weathers (including underwater), and the current weather affects viewing distance, sky colour, fog intensity, and other things like that. The appearance of each weather is time-dependent too.
Weather Values:
- 0 = EXTRASUNNY_LA
- 1 = SUNNY_LA
- 2 = EXTRASUNNY_SMOG_LA
- 3 = SUNNY_SMOG_LA
- 4 = CLOUDY_LA
- 5 = SUNNY_SF
- 6 = EXTRASUNNY_SF
- 7 = CLOUDY_SF
- 8 = RAINY_SF
- 9 = FOGGY_SF
- 10 = SUNNY_VEGAS
- 11 = EXTRASUNNY_VEGAS (heat waves)
- 12 = CLOUDY_VEGAS
- 13 = EXTRASUNNY_COUNTRYSIDE
- 14 = SUNNY_COUNTRYSIDE
- 15 = CLOUDY_COUNTRYSIDE
- 16 = RAINY_COUNTRYSIDE
- 17 = EXTRASUNNY_DESERT
- 18 = SUNNY_DESERT
- 19 = SANDSTORM_DESERT
- 20 = UNDERWATER (greenish, foggy)
- 21 = EXTRACOLOURS_1 (very dark, gradiented skyline, purple) Used for interiors?
- 22 = EXTRACOLOURS_2 (very dark, gradiented skyline, green) Used for interiors?
The following are not mentioned in that file, but can be used anyway:
- 23 to 26 = variations of pale orange
- 27 to 29 = variations of fresh blue
- 30 to 32 = variations of dark, cloudy, teal
- 33 = dark, cloudy, brown
- 34 = blue/purple, regular
- 35 = dull brown
- 36 to 38 = bright, foggy, orange
- 39 = extremely bright
- 40 to 42 = blue/purple cloudy
- 43 = dark toxic clouds
- 44 = black/white sky
- 45 = black/purple sky
Warning: Setting these values to anything higher will result in things like black screen, flickering, really red, etc.
Dependencies
- Car ptr = player ptr when on foot.
Note: This depends on which address for the pointer is being used, if the car pointer appears to be the same as the player pointer on foot, then you may be using a camera-related target pointer.
- CPed block size =
0x7C4
bytes. - CVehicle block size =
0x0A18
bytes.
External links
- GTAForums: GTASA Memory Addresses