Difference between revisions of "Memory Addresses (SA)"

From GTAMods Wiki
Jump to navigation Jump to search
(Base Memory adresses)
(Updated information regarding Vehicle Transformation Matrix, correcting the description of Matrix elements.)
 
(196 intermediate revisions by 31 users not shown)
Line 1: Line 1:
 +
{{Cleanup-rewrite}}
 +
{{TocRight}}
 
'''Note that all offsets thus posted have been confirmed for GTA San Andreas (GTA_SA.EXE) version 1.0.'''
 
'''Note that all offsets thus posted have been confirmed for GTA San Andreas (GTA_SA.EXE) version 1.0.'''
This is ''not'' for Function-Memadresses, for these look into [[Function Memory Addresses (SA)|Function Memory Addresses (SA)]].
+
This is ''not'' for function addresses, for these look into [[Function Memory Addresses (SA)]].
  
'''Note:''' None of the memory addresses below will work for GTA: San Andreas v2.0. All address in v2.0 have been changed or moved. Thus inaccessible.
+
'''Note:''' None of the memory addresses below will work for GTA: San Andreas v2.0 or 3.0(steam). All addresses in v2.0 and above have been changed or moved. Thus inaccessible.
  
= Base Memory adresses =
+
== Base Memory addresses ==
  
==No category yet==
+
===No category yet===
* 0xA49D54 - [dword] Timer for driving/flying missions (in ms)
+
* <code>0xB7CE50</code> – [dword] Money
* 0xA51974 - [dword] Timer for boat/bike missions (in ms)
+
* <code>0xBAA420</code> – Wanted Level
* 0xA51A3C - Timer for Bloodring race
+
* <code>0x8CDEE4</code> – [dword] Max wanted level
* 0xB7CE50 - [dword] Money
+
* <code>0x8D5104</code> – [byte] Current blur level
* 0xBAA420 - Wanted Level
+
* <code>0x8CB7A5</code> – [byte] Current Radiostation-ID
* 0x8CDEE4 - [dword] Max wanted level
+
* <code>0xB700F0</code> – [dword] Current Car ID (from vehicles.ide) not for bikes
* 0xB79038 - [dword] How many days have passed in game
+
* <code>0xB7CB49</code> – [byte] Game freezes like when in menu:
* 0xB70153 - [byte] Current Hour
+
** 0 = normal
* 0xB70152 - [byte] Current Minute
+
** 1 = everything stops
* 0xB7014E - [byte] Current Weekday (1 through 7)
+
* <code>0xB7CB49</code> – [byte] Menu show:
* 0xB700F0 - [dword] Current Car ID (from vehicle.ide) - not for bikes
+
** 0 = leave
* 0x863984 - [float] Gravity
+
** 1 = show
* 0xB7CB84 - [dword] A global timer in ms
+
* <code>0x863984</code> – [float] Gravity (default value: 1.0f/125.0f = 0.008f)
* 0xB7CB64 - [float] Game speed in percent
+
* <code>0xB7CB64</code> – [float] Game speed in percent
* 0xB70158 - [dword] Timer related to weather and time in ms
+
* <code>0xB7CEE4</code> – [byte/boolean] Is infinite run
* 0xB7015C - [dword] Defines how many ms (1 second... default 1000, set to 1 for a headache, number of ms per sec)
+
* <code>0xB7CEE6</code> – [byte/boolean] Is player fireproof
* 0xB7CEE4 - [byte/boolean] Is infinite run
+
* <code>0x96C009</code> – [byte/boolean] Is paynspray free
* 0xB7CEE6 - [byte/boolean] Is player fireproof
+
* <code>0xA444A4</code> – [byte/boolean] Is radar greyed out
* 0x96C009 - [byte/boolean] Is paynspray free
+
* <code>0x8D2530</code> – [float] Pedestrian density multiplier
* 0xA444A4 - [byte/boolean] Is radar grey'd out
+
* <code>0x8A5B20</code> – [float] Vehicle density multiplier
* 0x8D2530 - [float] Pedestrian density multiplier
+
* <code>0xB6F065</code> – [byte/boolean] Widescreen (the view that is displayed during cutscenes, not the display option)
* 0x8A5B20 - [float] Vehicle density multiplier
+
* <code>0xA4A948</code> – Lowrider Challenge score
* 0xB6F065 - [byte/boolean] Widescreen (the view that is displayed during cutscenes, not the display option)
+
* <code>0xA4EC20</code> – Dancing minigame score
* 0xA4A948 - Lowrider hydrailics score
+
* <code>0xB790B8</code> – [byte] Photographs taken number (4 bytes)
* 0xA4EC20 - Minigames dancing score
+
* <code>0xA9AD74</code> – [byte] Tags number (4 bytes)
* 0xB790B8 - [byte] Photographs taken number (4 bytes)
+
* <code>0xB791E4</code> – [byte] Horseshoes number (4 bytes)
* 0xA9AD74 - [byte] Tags number (4 bytes)
+
* <code>0xB791EC</code> – [byte] Oysters number (4 bytes)
* 0xB791E4 - [byte] Horseshoes number (4 bytes)
 
* 0xB791EC - [byte] Oysters number (4 bytes)
 
  
 
'''Note:'''
 
'''Note:'''
 
For those number above if you change it to maximum amount they appear to pop a message and gives a bonus like weapons in cj savehouses.
 
For those number above if you change it to maximum amount they appear to pop a message and gives a bonus like weapons in cj savehouses.
  
* 0x716642 - [float] Change solid clouds
+
* <code>0x716642</code> – [float] Change solid clouds
* 0x716655 - [float] Disable solid clouds
+
* <code>0x716655</code> – [float] Disable solid clouds
  
 
'''Note:'''
 
'''Note:'''
 
Both values default to 200. If you change one of them to 100,000 you get very few clouds, a much nicer effect. If you change both of them to 100,000 you never get the clouds.
 
Both values default to 200. If you change one of them to 100,000 you get very few clouds, a much nicer effect. If you change both of them to 100,000 you never get the clouds.
  
* 0xB79078 - [byte] People dropped off in taxi (number used for the stats, 4 bytes)
+
* <code>0xB79078</code> – [byte] People dropped off in taxi (number used for the stats, 4 bytes)
* 0xA49C30 - [byte] People dropped off in taxi (number used for giving your reward, 4 bytes)
+
* <code>0xA49C30</code> – [byte] People dropped off in taxi (number used for giving your reward, 4 bytes)
* 0xB79040 - [byte] Safehouse visits number (4 bytes)
+
* <code>0xB79040</code> – [byte] Safehouse visits number (4 bytes)
* 0xA49EFC - [dword] Denise Progress
+
* <code>0xA49EFC</code> – [dword] Denise Progress
* 0xA49F00 - [dword] Michelle Progress
+
* <code>0xA49F00</code> – [dword] Michelle Progress
* 0xA49F04 - [dword] Helena Progress
+
* <code>0xA49F04</code> – [dword] Helena Progress
* 0xA49F08 - [dword] Barbara Progress
+
* <code>0xA49F08</code> – [dword] Barbara Progress
* 0xA49F0C - [dword] Katie Progress
+
* <code>0xA49F0C</code> – [dword] Katie Progress
* 0xA49F10 - [dword] Millie Progress
+
* <code>0xA49F10</code> – [dword] Millie Progress
  
 
'''Note:'''
 
'''Note:'''
 
These above six addresses are within the scm block, and valid only for original scm. setting a value to 100 (ie. 100 pct) gives you all gifts of that GF (ie. car keys, wardrobe etc.).
 
These above six addresses are within the scm block, and valid only for original scm. setting a value to 100 (ie. 100 pct) gives you all gifts of that GF (ie. car keys, wardrobe etc.).
  
* 0xB79108 - Number of girls dated
+
* <code>0xB79108</code> – Number of girls dated
* 0xB79100 - Current number of girlfriends
+
* <code>0xB79100</code> – Current number of girlfriends
* 0xB79104 - Number of disastrous dates
+
* <code>0xB79104</code> – Number of disastrous dates
* 0xB79110 - Number of successfull dates
+
* <code>0xB79110</code> – Number of successful dates
* 0xB79060 - Unique jumps found number
+
* <code>0xB79060</code> – Unique jumps found number
* 0xB79064 - Unique jumps done number
+
* <code>0xB79064</code> – Unique jumps done number
* 0x86329C - List of valid command names
+
* <code>0xBA6774</code> – Map target:
* 0xC17054 - Main game window HWND
+
** 0 = disabled
* 0xC97C28 - IDirect3DDevice9 pointer
+
** 1 = enabled
 +
* <code>0x86329C</code> – List of valid command names
 +
* <code>0xC17054</code> – A pointer to the main game window handle (typically <code>0xC8CF88</code> since the pointer is static).
 +
* <code>0xBA3798</code> – Beginning of [[Saves_(GTA_SA)#Block 10: Zones|ZoneInfo structure]]
 +
* <code>0xBA1DF0</code> – Beginning of [[Saves_(GTA_SA)#Block 10: Zones|ZonePop structure]]
 +
* <code>0xA94B68</code> – array of pointers to RwTexture, corresponding to opcode [[038F]]
  
==Stats==
+
* <code>0xA444A0</code> – Is HUD enabled by an opcode 0826:
* 0xB793D4 - [float] Fat stat
+
** 0 = disabled
* 0xB793D8 - [float] Stamina stat
+
** 1 = enabled
* 0xB793DC - [float] Muscle stat
 
* 0xB793E0 - [float] Health stat
 
* 0xB793E4 - [float] Sex Appeal stat
 
* 0xB79496 - [float] Pistol stat
 
* 0xB79498 - [float] Silenced pistol stat
 
* 0xB7949C - [float] Desert eagle stat
 
* 0xB794A0 - [float] Shotgun stat
 
* 0xB794A4 - [float] Sawn-off shotgun stat
 
* 0xB794A8 - [float] Combat shotgun stat
 
* 0xB794AC - [float] Machine pistol stat
 
* 0xB794B0 - [float] SMG stat
 
* 0xB794B4 - [float] AK47 stat
 
* 0xB794B8 - [float] M4 stat
 
  
==HTML Stats File==
+
* <code>0x969110</code> – [char(30)] Buffer of 30 last typed chars, earlier typed chars are on next bytes.
* 0x8663A0 - File Name ( Default : 'stats.html' )
+
* <code>0xBAA7A0</code> - [char(150)] Text box(top-left box) ('''NOTE''': Writing a string will show a message box with duration 1-2 seconds)
* 0x86636C - File Title ( Default : '<title>Grand Theft Auto San Andreas Stats</title>' )
 
  
==Cheats==
+
===Time/Timers===
 +
* <code>0xB70158</code> – [dword] Timer related to weather and time in ms
 +
* <code>0xB610E0</code> – [dword] A global timer in ms (read only)
 +
* <code>0xB7CB84</code> – [dword] A global timer in ms (while not in menu, read/write)
 +
* <code>0xA5153C</code> – [dword] Mission timer from a number to 0 (4 bytes)
 +
* <code>0xB7015C</code> – [dword] Defines how many ms (1 second... default 1000, set to 1 for a headache, number of ms per sec)
 +
* <code>0xB7014E</code> – [byte] Current Weekday (1 through 7)
 +
* <code>0xB79038</code> – [dword] How many days have passed in game
 +
* <code>0xB70153</code> – [byte] Current Hour
 +
* <code>0xB70152</code> – [byte] Current Minute
 +
* <code>0xA49D54</code> – [dword] Timer for driving/flying missions (in ms)
 +
* <code>0xA51974</code> – [dword] Timer for boat/bike missions (in ms)
 +
* <code>0xA5197C</code> – [dword] Timer for taxi driver missions (in ms)
 +
* <code>0xA51980</code> – [dword] Tip Bar timer for taxi driver missions (in seconds)
 +
* <code>0xA519A8</code> – [dword] Timer for paramedic missions (in ms)
 +
* <code>0xA519BC</code> – [dword] Timer for firefighter missions (in ms)
 +
* <code>0xA519D8</code> – [dword] Timer for vigilante missions (in ms)
 +
* <code>0xA51A3C</code> – Timer for Bloodring race
 +
 
 +
===DirectX / Rendering===
 +
* <code>0xC97C1C</code> – A copy of the window handle that is used to initialize the DirectX device.
 +
* <code>0xC97C20</code> – Pointer to [http://msdn.microsoft.com/en-us/library/bb174300%28v=vs.85%29.aspx IDirect3D9] interface.
 +
* <code>0xC97C28</code> – Pointer to [http://msdn.microsoft.com/en-us/library/bb174336%28v=vs.85%29.aspx IDirect3DDevice9] interface.
 +
* <code>0xC9C040</code> – Global instance of [http://msdn.microsoft.com/en-us/library/bb172588%28v=vs.85%29.aspx D3DPRESENT_PARAMETERS] structure.
 +
 
 +
===Stats===
 +
* <code>0xB790B4</code> - [dword] Energy
 +
* <code>0xB791A4</code> – [dword] Lung capacity
 +
* <code>0xB793D4</code> – [float] Fat
 +
* <code>0xB793D8</code> – [float] Stamina
 +
* <code>0xB793DC</code> – [float] Muscle
 +
* <code>0xB793E0</code> – [float] Health
 +
* <code>0xB793E4</code> – [float] Sex Appeal
 +
* <code>0xB79480</code> – [float] Respect
 +
* <code>0xB79494</code> – [float] Pistol
 +
* <code>0xB79498</code> – [float] Silenced pistol
 +
* <code>0xB7949C</code> – [float] Desert eagle
 +
* <code>0xB794A0</code> – [float] Shotgun
 +
* <code>0xB794A4</code> – [float] Sawn-off shotgun
 +
* <code>0xB794A8</code> – [float] Combat shotgun
 +
* <code>0xB794AC</code> – [float] Machine pistol
 +
* <code>0xB794B0</code> – [float] SMG
 +
* <code>0xB794B4</code> – [float] AK47
 +
* <code>0xB794B8</code> – [float] M4
 +
* <code>0xB794BC</code> - [float] Rifle
 +
 
 +
===Skills===
 +
* <code>0xB790A0</code> – [dword] Driving
 +
* <code>0xB7919C</code> – [dword] Flying
 +
* <code>0xB791B4</code> – [dword] Bike
 +
* <code>0xB791B8</code> – [dword] Cycling
 +
* <code>0xB791C4</code> – [dword] Luck at gambling
 +
* <code>0xB794C4</code> – [float] Gambling
 +
 
 +
===HTML Stats File===
 +
* <code>0x8663A0</code> – File Name ( Default : 'stats.html' )
 +
* <code>0x86636C</code> – File Title ( Default : '<title>Grand Theft Auto San Andreas Stats</title>' )
 +
 
 +
===Cheats===
 
[byte] Can be either on (1) or off (0).
 
[byte] Can be either on (1) or off (0).
* 0x969130 - Weapon Set 1
+
* <code>0x969130</code> – Weapon Set 1
* 0x969131 - Weapon Set 2
+
* <code>0x969131</code> – Weapon Set 2
* 0x969132 - Weapon Set 3
+
* <code>0x969132</code> – Weapon Set 3
* 0x969133 - Health+Armor+250K
+
* <code>0x969133</code> – Health+Armor+250K
* 0x969134 - Increase Wanted Level 2 Stars
+
* <code>0x969134</code> – Increase Wanted Level 2 Stars
* 0x969135 - Clear Wanted Level
+
* <code>0x969135</code> – Clear Wanted Level
* 0x969136 - Sunny Weather
+
* <code>0x969136</code> – Sunny Weather
* 0x969137 - Very Sunny Weather
+
* <code>0x969137</code> – Very Sunny Weather
* 0x969138 - Overcast Weather
+
* <code>0x969138</code> – Overcast Weather
* 0x969139 - Rainy Weather
+
* <code>0x969139</code> – Rainy Weather
* 0x96913A - Foggy Weather
+
* <code>0x96913A</code> – Foggy Weather
* 0x96913B - Faster Clock
+
* <code>0x96913B</code> – Faster Clock
* 0x96913C - Faster Gameplay
+
* <code>0x96913C</code> – Faster Gameplay
* 0x96913D - Slower Gameplay
+
* <code>0x96913D</code> – Slower Gameplay
* 0x96913E - Peds Attack Eachother with Golfclub
+
* <code>0x96913E</code> – Peds Attack Each other with Golfclub
* 0x96913F - Have Bounty on Head
+
* <code>0x96913F</code> – Have Bounty on Head
* 0x969140 - Everyone is Armed
+
* <code>0x969140</code> – Everyone is Armed
* 0x969141 - ''Spawn Rhino ('''Not Tested!''')''
+
* <code>0x969141</code> – ''Spawn Rhino ('''Not Tested!''')''
* 0x969142 - ''Spawn Bloodring Banger ('''Not Tested!''')''
+
* <code>0x969142</code> – ''Spawn Bloodring Banger ('''Not Tested!''')''
* 0x969143 - ''Spawn Rancher ('''Not Tested!''')''
+
* <code>0x969143</code> – ''Spawn Rancher ('''Not Tested!''')''
* 0x969144 - ''Spawn Racecar A ('''Not Tested!''')''
+
* <code>0x969144</code> – ''Spawn Racecar A ('''Not Tested!''')''
* 0x969145 - ''Spawn Racecar B ('''Not Tested!''')''
+
* <code>0x969145</code> – ''Spawn Racecar B ('''Not Tested!''')''
* 0x969146 - ''Spawn Romero ('''Not Tested!''')''
+
* <code>0x969146</code> – ''Spawn Romero ('''Not Tested!''')''
* 0x969147 - ''Spawn Stretch ('''Not Tested!''')''
+
* <code>0x969147</code> – ''Spawn Stretch ('''Not Tested!''')''
  
* 0x96914A - Blow up All Cars
+
* <code>0x96914A</code> – Blow up All Cars
* 0x96914B - Wheels Only (Invisible Cars)
+
* <code>0x96914B</code> – Wheels Only (Invisible Cars)
* 0x96914C - Perfect Handling
+
* <code>0x96914C</code> – Perfect / Insane Handling
* 0x96914D - Suicide
+
* <code>0x96914D</code> – Suicide
* 0x96914E - All Green Lights
+
* <code>0x96914E</code> – All Green Lights
* 0x96914F - Aggressive Drivers
+
* <code>0x96914F</code> – Aggressive Drivers
* 0x969150 - Pink Traffic
+
* <code>0x969150</code> – Pink Traffic
* 0x969151 - Black Traffic
+
* <code>0x969151</code> – Black Traffic
* 0x969153 - Boats Can Fly
+
* <code>0x969152</code> – Cars can drive on water
* 0x969154 - CJ is Fat
+
* <code>0x969153</code> – Boats Can Fly
* 0x969155 - Max Muscle
+
* <code>0x969154</code> – CJ is Fat
* 0x969156 - CJ is Skinny
+
* <code>0x969155</code> – Max Muscle
* 0x969157 - Elvis Everywhere
+
* <code>0x969156</code> – CJ is Skinny
* 0x969158 - Peds attack with rockets
+
* <code>0x969157</code> – Elvis Everywhere
* 0x969159 - Beach Theme
+
* <code>0x969158</code> – Peds attack with rockets
* 0x96915A - Gang Members everywhere
+
* <code>0x969159</code> – Beach Theme
* 0x96915B - Gangs control the streets
+
* <code>0x96915A</code> – Gang Members everywhere
* 0x96915C - Ninja Theme
+
* <code>0x96915B</code> – Gangs control the streets
* 0x96915D - Slut Magnet
+
* <code>0x96915C</code> – Ninja Theme
* 0x96915E - Traffic is Cheap Cars
+
* <code>0x96915D</code> – Slut Magnet
* 0x96915F - Traffic is Fast Cars
+
* <code>0x96915E</code> – Traffic is Cheap Cars
* 0x969160 - Cars can Fly
+
* <code>0x96915F</code> – Traffic is Fast Cars
* 0x969161 - Huge Bunny Hop
+
* <code>0x969160</code> – Cars can Fly
* 0x969162 - ''Spawn Hydra ('''Not Tested!''')''
+
* <code>0x969161</code> – Huge Bunny Hop
* 0x969163 - ''Spawn Vortex Hovercraft ('''Not Tested!''')''
+
* <code>0x969162</code> – ''Spawn Hydra ('''Not Tested!''')''
* 0x969164 - Tank Mode/Smash'n Boom
+
* <code>0x969163</code> – ''Spawn Vortex Hovercraft ('''Not Tested!''')''
* 0x969165 - All cars have nitro
+
* <code>0x969164</code> – Tank Mode / Smash'n Boom
* 0x969166 - Cars Float Away when hit
+
* <code>0x969165</code> – All cars have nitro
* 0x969167 - Always Midnight
+
* <code>0x969166</code> – Cars Float Away when hit
* 0x969168 - Stop Game Clock - Orange Sky
+
* <code>0x969167</code> – Always Midnight
* 0x969169 - Thunderstorm
+
* <code>0x969168</code> – Stop Game Clock Orange Sky
* 0x96916A - Sandstorm
+
* <code>0x969169</code> – Thunderstorm
* 0x96916C - Mega Jump
+
* <code>0x96916A</code> – Sandstorm
* 0x96916D - Infinite Health
+
* <code>0x96916C</code> – Mega Jump
* 0x96916E - Infinite Oxygen
+
* <code>0x96916D</code> – Infinite Health
* 0x96916F - Get Parachute
+
* <code>0x96916E</code> – Infinite Oxygen
* 0x969170 - Get Jetpack
+
* <code>0x96916F</code> – Get Parachute
* 0x969171 - Never Wanted
+
* <code>0x969170</code> – Get Jetpack
* 0x969172 - Six Star Wanted Level
+
* <code>0x969171</code> – Lock Wanted (Setting to 1 will lock current wanted)
* 0x969173 - Mega Punch
+
* <code>0x969172</code> – Six Star Wanted Level
* 0x969174 - Never get Hungry
+
* <code>0x969173</code> – Mega Punch
* 0x969175 - Peds Riot (Chaos Mode)
+
* <code>0x969174</code> – Never get Hungry
* 0x969176 - Funhouse Theme
+
* <code>0x969175</code> – Peds Riot (Chaos Mode)
* 0x969177 - Slower Gameplay
+
* <code>0x969176</code> – Funhouse Theme
* 0x969178 - Infinite Ammo, No Reload
+
* <code>0x969177</code> – Slower Gameplay
* 0x969179 - Full Weapon Aiming while driving
+
* <code>0x969178</code> – Infinite Ammo, No Reload
* 0x96917A - Decreased Traffic
+
* <code>0x969179</code> – Full Weapon Aiming while driving
* 0x96917B - Traffic is Country vehicles
+
* <code>0x96917A</code> – Decreased Traffic
* 0x96917C - Recruit Anyone (9mm)
+
* <code>0x96917B</code> – Country Theme
* 0x96917D - Country Theme
+
* <code>0x96917C</code> – Recruit Anyone (9mm)
* 0x96917E - Recruit Anyone (Rockets)
+
* <code>0x96917D</code> – Recruit Anyone (AK47)
* 0x96917F - Max Respect
+
* <code>0x96917E</code> – Recruit Anyone (Rockets)
* 0x969180 - Max Sex Appeal
+
* <code>0x96917F</code> – Max Respect
* 0x969181 - Max Stamina
+
* <code>0x969180</code> – Max Sex Appeal
* 0x969183 - Hitman in All Weapons
+
* <code>0x969181</code> – Max Stamina
* 0x969184 - ''Spawn Hunter ('''Not Tested!''')''
+
* <code>0x969183</code> – Hitman in All Weapons
* 0x969185 - ''Spawn Quad ('''Not Tested!''')''
+
* <code>0x969184</code> – ''Spawn Hunter ('''Not Tested!''')''
* 0x969186 - ''Spawn Tanker Truck ('''Not Tested!''')''
+
* <code>0x969185</code> – ''Spawn Quad ('''Not Tested!''')''
* 0x969187 - ''Spawn Dozer ('''Not Tested!''')''
+
* <code>0x969186</code> – ''Spawn Tanker Truck ('''Not Tested!''')''
* 0x969188 - ''Spawn Stunt Plane ('''Not Tested!''')''
+
* <code>0x969187</code> – ''Spawn Dozer ('''Not Tested!''')''
* 0x969189 - ''Spawn Monster ('''Not Tested!''')''
+
* <code>0x969188</code> – ''Spawn Stunt Plane ('''Not Tested!''')''
 +
* <code>0x969189</code> – ''Spawn Monster ('''Not Tested!''')''
 +
* <code>0x96918B</code> – All Taxis Have Nitro
  
 
[dword]
 
[dword]
* 0x96918C - Has ever Cheated or not
+
* <code>0x96918C</code> – Has ever Cheated or not
* 0xBAA472 - Has now Cheated or not
+
* <code>0xBAA472</code> – Has now Cheated or not
* 0xB79044 - Cheated Count
+
* <code>0xB79044</code> – Cheated Count
  
==Display Settings==
+
[byte]
* 0xBA6784 - [dword] Brightness
+
* <code>0x96918C</code> – 'Cheated' state:
* 0xBA6792 - [byte] Legend
+
** 0 = disabled
* 0xBA676C - [byte] Radar Mode
+
** 1 = enabled
* 0xBA6769 - [byte] Hud Mode
+
 
* 0xBA678C - [byte] Subtitles
+
'''Note:'''
* 0xBA6830 - [byte] Store gallery photos
+
If it's set to 1 you'll get a warning message when saving a game. But this byte doesn't get set if you use a cheat enabler.
* 0xBA6788 - [float] Draw Distance
+
 
* 0xBA6794 - [byte] Frame limiter
+
===Display Settings===
* 0xBA6793 - [byte] Widescreen
+
* <code>0xBA6784</code> – [dword] Brightness
* 0xA9AE54 - [byte] Visual FX Quality
+
* <code>0xBA6792</code> – [byte] Legend
* 0xBA680C - [byte] Mip Mapping
+
* <code>0xBA676C</code> – [byte] Radar Mode
* 0xBA6814 - [byte] Antialiasing values:
+
** 0 = maps & blips
 +
** 1 = blips
 +
** 2 = off
 +
* <code>0xBA6769</code> – [byte] Hud Mode
 +
** 0 = off
 +
** 1 = on
 +
* <code>0xBA678C</code> – [byte] Subtitles
 +
* <code>0xBA6830</code> – [byte] Store gallery photos
 +
* <code>0xBA6788</code> – [float] Draw Distance
 +
* <code>0xBA6794</code> – [byte] Frame limiter
 +
* <code>0xBA6793</code> – [byte] Widescreen
 +
* <code>0xA9AE54</code> – [byte] Visual FX Quality
 +
* <code>0xBA680C</code> – [byte] Mip Mapping
 +
* <code>0xBA6814</code> – [byte] Antialiasing values:
 
** 1 = 0x (off)
 
** 1 = 0x (off)
 
** 2 = 1x
 
** 2 = 1x
 
** 3 = 2x
 
** 3 = 2x
 
** 4 = 3x
 
** 4 = 3x
* 0xBA6820 - [byte] Resolution values:
+
* <code>0xBA6820</code> – [byte] Resolution values:
 
** 11 = 640x480
 
** 11 = 640x480
 
** 12 = 800x400
 
** 12 = 800x400
Line 208: Line 272:
 
:(Depends on the graphic driver/hardware.)
 
:(Depends on the graphic driver/hardware.)
  
==Sound Configuration==
+
===Sound Configuration===
* 0xBA6798 - [byte] Radio Volume [0 through 64]
+
* <code>0xBA6798</code> – [byte] Radio Volume [0 through 64]
* 0xBA6797 - [byte] SFX Volume [0 through 64]
+
* <code>0xBA6797</code> – [byte] SFX Volume [0 through 64]
* 0xBA6799 - [byte] Radio Equalizer
+
* <code>0xBA6799</code> – [byte] Radio Equalizer
* 0xBA6795 - [byte] Radio Auto-tune
+
* <code>0xBA6795</code> – [byte] Radio Auto-tune
* 0xBA67F8 - [byte] Usertrack/Play mode values:
+
* <code>0xBA67F8</code> – [byte] Usertrack/Play mode values:
** 0 = Radio
+
** 0 = radio
** 1 = Random
+
** 1 = random
* 0xBA680D - [byte] Usertrack/Automatic Media Scan
+
* <code>0xBA680D</code> – [byte] Usertrack/Automatic Media Scan
* 0xBA679A - [byte] Radio Station ID values:
+
* <code>0xBA679A</code> – [byte] Radio Station ID values:
 
** 1 to 12 (see below for station names according to ID)
 
** 1 to 12 (see below for station names according to ID)
 
*** 1 = "Playback FM"
 
*** 1 = "Playback FM"
Line 234: Line 298:
  
 
AlienX:  
 
AlienX:  
Seems that the Radio Station ID is just a menu identifier, this does not acctually change the radio station while in-game!
+
Seems that the Radio Station ID is just a menu identifier, this does not actually change the radio station while in-game!
  
Another note... The opcode for switching players radio stations does not work in line with the station ID's, i have yet to figure out what station ID's are for the SCM code - Dont try to use the above ID's for the SCM Operation Code, it just wont work
+
Another note... The opcode for switching players radio stations does not work in line with the station ID's, i have yet to figure out what station ID's are for the SCM code Dont try to use the above ID's for the SCM Operation Code, it just wont work
  
 
Thanks to AlienX For the station names and ID's
 
Thanks to AlienX For the station names and ID's
  
==Controller Configuration==
+
===Controller Configuration===
* 0xBA6818 - [byte] Controller Configuration values:
+
* <code>0xBA6818</code> – [byte] Controller Configuration values:
** 0 = Mouse+Keys
+
** 0 = mouse + keys
** 1 = Joypad
+
** 1 = joypad
* 0xB6EC1C - [float] Mouse sensivity
+
* <code>0xB6EC1C</code> – [float] Mouse sensitivity
* 0xC1CC02 - [byte] Steer with mouse
+
* <code>0xC1CC02</code> – [byte] Steer with mouse
* 0xC1CC03 - [byte] Invert mouse vertically
+
* <code>0xC1CC03</code> – [byte] Fly with mouse
  
*0xB6EC2E - REAL aiming mode offset, not menu:
+
*<code>0xB6EC2E</code> – REAL aiming mode offset, not menu:
 
**0 = joypad
 
**0 = joypad
 
**1 = mouse + keys
 
**1 = mouse + keys
  
==Other Dynamic Memory Addresses (non-static)==
+
===Structures===
 +
CVector //Total 8 bytes
 +
  FLOAT x; // + 0
 +
  FLOAT y; // + 4
 +
  FLOAT z; // + 8
 +
 
 +
CVector2D //Total 4 bytes
 +
  FLOAT x; // + 0
 +
  FLOAT y; // + 4
  
==Pedestrians==
+
eWeaponState //Total 4 Bytes
===General===
+
    WEAPONSTATE_READY,
* 0xB6F5F0 - Player pointer (CPed)
+
    WEAPONSTATE_FIRING,
* 0xB7CD98 - Player pointer, direct offset to the ped pool start (CPed)
+
    WEAPONSTATE_RELOADING,
* 0xB74490 - Contains a pointer
+
    WEAPONSTATE_OUT_OF_AMMO,
This pointer:
+
    WEAPONSTATE_MELEE_MADECONTACT
* +0 = Contains a pointer to the first element in the pool
 
* +4 = Contains a pointer to a byte map indicating which elements are in use
 
* +8 = [dword] Is the maximum number of elements in the pool
 
* +12 = [dword] Is the current number of elements in the pool
 
  
Each ped object is 1988 (0x7C4) bytes.
+
CWeapon //Total 28 bytes
 +
    eWeaponType m_nType; // + 0
 +
    eWeaponState m_nState; // + 4
 +
    unsigned int m_nAmmoInClip; // + 8
 +
    unsigned int m_nTotalAmmo; // + 12
 +
    unsigned int m_nTimeForNextShot; // + 16
 +
    char field_14; // + 17
 +
    char field_15; // + 18
 +
    char field_16; // + 19
 +
    char field_17; // + 20
 +
    FxSystem_c *m_pFxSystem; // flamethrower, spraycan, extinguisher particle
 +
 
 +
eWeaponType
 +
  (Slot0: No Weapon)                    (Slot2: Handguns)
 +
  0 – Fist                              22 – Pistol
 +
  1 – Brass Knuckles                    23 – Silenced Pistol
 +
  (Slot1: Melee)                        24 – Desert Eagle
 +
  2 – Golf Club                        (Slot3: Shotguns)
 +
  3 – Nitestick                          25 – Shotgun
 +
  4 – Knife                              26 – Sawn-Off Shotgun
 +
  5 – Baseball Bat                      27 – SPAS-12
 +
  6 – Shovel                            (Slot4: Sub-Machineguns)
 +
  7 – Pool Cue                          28 – Micro Uzi
 +
  8 – Katana                            29 – MP5
 +
  9 – Chainsaw                          32 – TEC-9
 +
  15 – Cane
 +
  (Slot5: Machineguns)                  (Slot10: Gifts)
 +
  30 – AK47                              14 – Flowers
 +
  31 – M4                                (Slot9:Special1)
 +
  (Slot6: Rifles)                        42 – Fire Extinguisher
 +
  33 – Country Rifle                    43 – Camera
 +
  34 – Sniper Rifle                      (Slot11:Special2)
 +
  (Slot7: Heavy Weapons)                44 – NV Goggles
 +
  35 – Rocket Launcher                  45 – IR Goggles
 +
  36 – Heat Seaking RPG                  46 – Parachute
 +
  37 – Flame Thrower                    (Slot12:Detonators)
 +
  38 – Minigun                            40 – Detonator(for remote explosives)
 +
  (Slot8: Projectiles)
 +
  16 – Grenade
 +
  18 – Molotov Cocktail
 +
  39 – Remote Explosives
 +
  (No slot: Fired from hunter / hydra / missile launcher)
 +
  (This type is stored in the rocket pool as rocket type, but is the continuation of this list)
 +
  19 – Normal rockets
 +
  20 – Heatseeking rockets
 +
  58 – Flares
 +
 
 +
eEntityStatus                (Description)
 +
0x02 STATUS_PLAYER = 0            (player is driving, includes attached carriages and trailers)
 +
0x0A STATUS_PLAYER_PLAYBACKFROMBUFFER = 1  (all vehicles in playback from replay)
 +
0x12 STATUS_SIMPLE = 2            (npc controlled vehicles "a car on rails" doesn't use full physics)
 +
0x1A STATUS_PHYSICS = 3          (npc controlled vehicles: missions, police, interacted with player)
 +
0x22 STATUS_ABANDONED = 4        (vehicle without driver; all buildings, peds and objects)
 +
0x2A STATUS_WRECKED = 5          (vehicle has exploded, sunk doesn't count)
 +
32h STATUS_TRAIN_MOVING = 6     (unobserved - default status of carriage but quickly changed to 4)
 +
0x3A STATUS_TRAIN_NOT_MOVING = 7  (ped enters driver's side of passenger carriage)
 +
0x42 STATUS_REMOTE_CONTROLLED = 8 (player has remote control of an RC vehicle)
 +
0x4A STATUS_PLAYER_DISABLED = 9  (player driver exiting, wasted, busted or hijacked)
 +
0x52 STATUS_TRAILER = 10          (trailer of npc vehicle with physics, towed npc vehicle)
 +
5Ah STATUS_SIMPLE_TRAILER = 11  (unobserved - trailer of npc vehicle without physics)
 +
0x62 STATUS_GHOST = 12            (very distant mission vehicle in area without collision loaded)
 +
 
 +
eEntityType
 +
20h ENTITY_TYPE_NOTHING = 0
 +
0x21 ENTITY_TYPE_BUILDING = 1
 +
0x22 ENTITY_TYPE_VEHICLE = 2
 +
0x23 ENTITY_TYPE_PED = 3
 +
0x24 ENTITY_TYPE_OBJECT = 4
 +
25h ENTITY_TYPE_DUMMY = 5
 +
26h ENTITY_TYPE_NOTINPOOLS = 6
 +
 
 +
===Other Dynamic Memory Addresses (non-static)===
 +
 
 +
===Pedestrians===
 +
====General====
 +
* <code>0xB6F5F0</code> – Player pointer (CPed)
 +
* <code>0xB7CD98</code> – Player pointer, direct offset to the ped pool start (CPed)
 +
* <code>0xB74498</code> – CPeds maximum number (normally 140)
 +
* <code>0xB74490</code> – Pointer to ped pool usage information, which contains:
 +
** +0 = Pointer to the first ped in the pool
 +
** +4 = Pointer to a byte map indicating which peds are in use
 +
** +8 = [dword] Maximum number of peds in the pool
 +
** +12 = [dword] Current number of peds in the pool
 +
 
 +
Each ped object is 1988 (<code>0x7C4</code>) bytes.
  
 
For each ped in the pool:
 
For each ped in the pool:
  
 
In most cases, you can use even the dword of playeraddress as CPed value
 
In most cases, you can use even the dword of playeraddress as CPed value
* CPed +0x14 = Pointer to XYZ position structure (and rotation)
+
* CPed +<code>0x14</code> = Pointer to XYZ position structure (and rotation)
** (CPed+0x14) +0x0 to +0x2C = [dword] Is the rotation matrix
+
** (CPed+<code>0x14</code>) +<code>0x0</code> to +<code>0x2C</code> = [dword] Is the rotation matrix
** (CPed+0x14) +0x30 = [dword] XPos
+
** (CPed+<code>0x14</code>) +<code>0x30</code> = [CVector] Position
** (CPed+0x14) +0x34 = [dword] YPos
+
* CPed +<code>0x2F</code> = [byte] Location status:
** (CPed+0x14) +0x38 = [dword] ZPos
+
** 0 = outside
* CPed +0x2F = [byte] Location status:
+
** 3 = inside a building
** 0 = Outside
+
* CPed +<code>0x40</code> - Physical flags structure
** 3 = Inside a building
+
** +<code>0x0</code> = Movement physics flags
* CPed +0x42 = [float] Is the BP/EP/FP/DP (special flags) status of the player as follows:<br><i>Add these values, and write the sum into +66 (0x42).</i>
+
*** Bit 1 = Unknown 
** 1 = Makes Ped soft (ie. can move through walls and everything) (NOCLIP in other words)
+
*** Bit 2 = Apply Gravity
** 2 = Freezes Ped (ie. ped cannot walk)
+
*** Bit 3 = Disable Collision Force
** 4 = Bullet-proof
+
*** Bit 4 = Collidable
** 8 = Flame-proof
+
*** Bit 5 = Disable Turn Force
** 16 = ?
+
*** Bit 6 = Disable Move Force
** 32 = ?
+
*** Bit 7 = Infinite Mass
** 64 = Damage-proof (from collisions etc)
+
*** Bit 8 = Disable Z
** 128 = Explosion-proof
+
** +<code>0x1</code> = Surface physics flags
* CPed +0xC0 = [dword] Pointer to nearest car
+
*** 1 = Submerged In Water
* CPed +0x15C = Some anim states:
+
*** 2 = On Solid Surface
** 0 = Landing from jump
+
*** 4 = Broken
** 61 = Punching
+
*** 8 = Unknown
** 102 = Stopped
+
*** 16 = Unknown
** 154 = Sprint
+
*** 32 = Don't Apply Speed
** 205 = Run
+
*** 64 = Unknown
* CPed +0x46D = Jump state:
+
*** 128 = Unknown
** 32 = Landed/Idle
+
** +<code>0x2</code> = Special physics flags
** 34 = In air
+
*** 1 = Soft (in other words noclip)
** 36 = Landing
+
*** 2 = Freeze
* CPed +0x46F = Crouch state:
+
*** 4 = Bullet-Proof
** 128 = crouched
+
*** 8 = Fire-Proof
** 132 = stand
+
*** 16 = Collision-Proof (prevent fall damage)
* CPed +0x47C = Pointer to anim struct
+
*** 32 = Melee-Proof
* CPed +0x4DF = Current anim play-state:
+
*** 64 = Melee-Proof, Bullet-Proof, Collision-Proof
** 0 = Nothing
+
*** 128 = Explosion-Proof
** 61 = Starting/Stopping
+
** +<code>0x3</code> = Collision physics flag
** 62 = Looping
+
*** 1 = Unknown
* CPed +0x504 = [word] Muzzle flash intensity:
+
*** 2 = Attached To Entity
** 0 to 10000 = On
+
*** 4 = Unknown
** 65536 = Off
+
*** 8 = Touching Water
* CPed +0x530 = [dword] State:
+
*** 16 = Can Be Collided with
** 0 = Leaving a car, falling down from a bike or something like this
+
*** 32 = Destroyed
** 1 = Normal case
+
*** 64 = Unknown
** 50 = Driving
+
*** 128 = Unknown
** 55 = Wasted
+
* CPed +<code>0xBC</code> = [dword] Array of pointers[6]
** 63 = Busted
+
* CPed +<code>0xD8</code> = [float] How much damage ped taken
* CPed +0x534 = Runningstate:
+
* CPed +<code>0x15C</code> = [byte] Some anim states:
 +
** 0 = landing from jump
 +
** 61 = punching
 +
** 102 = stopped
 +
** 154 = sprint
 +
** 205 = run
 +
* CPed +<code>0x46C</code> = [byte] Player check:
 +
** 0 = In air/water
 +
** 1 = In car
 +
** 2 = Entering interior
 +
** 3 = On foot
 +
** 8 = Swimming
 +
* CPed +<code>0x46D</code> = [byte] Jump state:
 +
** 32 = landed/idle
 +
** 34 = in air
 +
** 36 = landing
 +
* CPed +<code>0x46F</code> = [byte] Crouch state:
 +
** 128 = stand
 +
** 132 = crouched
 +
* CPed +<code>0x470</code> = [byte] Ped properties
 +
** 0 = None
 +
** 3 = Invisible
 +
** 12 = Head immunity
 +
** 20 = Drowning in water
 +
* CPed +<code>0x474</code> = [byte] Other ped properties
 +
** 0 = None
 +
** 2 = Invisible
 +
** 9 = Don't create pickup after death
 +
* CPed +<code>0x47C</code> = Pointer to anim struct
 +
** +<code>0xE0</code> = [dword] Pointer to nearest [[#Vehicle|vehicle]](If ped in car you need to come closer)
 +
** +<code>0x120</code> = [dword] Pointer to nearest [[#Vehicle|vehicle]](Long range)
 +
* CPed +<code>0x4DF</code> = [byte] Current anim play-state:
 +
** 0 = nothing
 +
** 61 = starting/stopping
 +
** 62 = looping
 +
* CPed +<code>0x504</code> = [word] Muzzle flash intensity:
 +
** 0 to 10000 = on
 +
** 65536 = off
 +
* CPed +<code>0x530</code> = [dword] State:
 +
** 0 = leaving a car, falling down from a bike or something like this
 +
** 1 = normal case
 +
** 50 = driving
 +
** 55 = wasted
 +
** 63 = busted
 +
* CPed +<code>0x534</code> = [byte] Runningstate:
 
** 0 = while driving
 
** 0 = while driving
 
** 1 = standing still
 
** 1 = standing still
Line 321: Line 517:
 
** 6 = running
 
** 6 = running
 
** 7 = running fast (sprinting) by pressing sprint key
 
** 7 = running fast (sprinting) by pressing sprint key
* CPed +0x540 = [float] Health
+
* CPed +<code>0x540</code> = [float] Health
* CPed +0x544 = [float] Max health
+
* CPed +<code>0x544</code> = [float] Max health
* CPed +0x548 = [float] Armor
+
* CPed +<code>0x548</code> = [float] Armor
* CPed +0x558 = [float] Z angle
+
* CPed +<code>0x558</code> = [float] Current rotation (Z angle)
* CPed +0x568 = [dword] Current Car you are in contact with
+
* CPed +<code>0x55C</code> = [float] Target rotation (Z angle)
* CPed +0x584 = [dword] Current Entity you are in contact with
+
* CPed +<code>0x560</code> = [float] Rotation speed (Z angle)
* CPed +0x58C = [dword] Last or Current Driven Car
+
* CPed +<code>0x568</code> = [dword] Current Car you are in contact with
* CPed +0x598 = [byte] PLayer lock (set to 1 to lock player controls, can't move)
+
* CPed +<code>0x584</code> = [dword] Current Entity you are in contact with
* CPed +0x5A0 = [byte] Start of weapon data (28 bytes) (See structures: WeaponSlot)
+
* CPed +<code>0x58C</code> = [dword] Last or Current Driven Car (CarPointer)
* CPed +0x5D8 = [dword] Pistol weapon type:
+
* CPed +<code>0x598</code> = [byte] Player lock (set to 1 to lock player controls, can't move)
** 22 = 9mm
+
* CPed +<code>0x5A0</code> = Start of CWeapon[13] struct
** 23 = Silenced 9mm
+
* CPed +<code>0x718</code> = [byte] Current weapon slot (1 byte)
** 24 = Desert eagle
+
* CPed +<code>0x740</code> = Current Weapon ID (from [[default.dat]])
* CPed +0x5DC = [dword] Pistol state
+
* CPed +<code>0x760</code> = [dword] Weapon you were damaged with
* CPed +0x5E0 = [dword] Pistol ammo in clip
+
* CPed +<code>0x764</code> = [dword] Pointer to the ped that damaged you
* CPed +0x5E4 = [dword] Pistol total ammo (including clip)
+
* CPed +<code>0x79C</code> = [dword] Targetted [[#Pedestrians|CPed]]
* CPed +0x5F4 = [dword] Shotgun weapon type:
 
** 25 = Shotgun
 
** 26 = Sawn-Off Shotgun
 
** 27 = SPAS-12
 
* CPed +0x5F8 = [dword] Shotgun state:
 
** 1 = Firing?
 
** 2 = Reloading
 
* CPed +0x5FC = [dword] Shotgun ammo in clip
 
* CPed +0x600 = [dword] Shotgun total ammo (including clip)
 
* CPed +0x718 = [byte] Current weapon slot (1 byte)
 
* CPed +0x740 = Current Weapon ID (from [[default.dat]])
 
* CPed +0x760 = [dword] Weapon you were killed with
 
* CPed +0x764 = [dword] Pointer to the ped that killed you
 
  
===Structures===
+
===Vehicle===
WeaponSlot                // Total 28Bytes
+
* <code>0xB6F980</code> – Is the direct pointer to the pool start (CVehicle)
  DWORD      type          // + 0
+
* <code>0xBA18FC</code> – Current vehicle pointer:
  DWORD      state        // + 4 (0 idle, 1 firing, 2 reloading)
+
** 0 = on-foot
  DWORD      AmmoInClip    // + 8
+
** >0 = in-car
  DWORD      AmmoRemaining // +12
+
* <code>0x969084</code> – First vehicle you got into
  FLOAT      unknown      // +16 (increases each time you fire your weapon, 0 when weapon not active,
+
'''Note:'''
                              probably used to count bullets fired to know when to reload?)
+
To get the next vehicle, so the second one, you need to add +<code>0x4</code> as many times you want. They are 0 if you haven't entered a first/second/third/etc car yet.
  UNKNOWN    0..7 Bytes    // +20 (unknown - goggle mode, 0 off and 256 on)...+27
+
* <code>0xB74494</code> – Pointer to vehicle pool usage information, which contains:
 +
** +0 = Pointer to the first vehicle in the pool
 +
** +4 = Pointer to a byte map indicating which vehicles are in use
 +
** +8 = [dword] Maximum number of vehicles in the pool
 +
** +12 = [dword] Current number of vehicles in the pool
  
WeaponSlot.type
+
Each vehicle object is 2584 (<code>0xA18</code>) bytes. It starts at <code>0xC502AA0</code>.
  (Slot0: No Weapon)                    (Slot2: Handguns)
 
  0 - Fist                              22 - Pistol
 
  1 - Brass Knuckles                    23 - Silenced Pistol
 
  (Slot1: Melee)                        24 - Desert Eagle
 
  2 - Golf Club                        (Slot3: Shotguns)
 
  3 - Nitestick                          25 - Shotgun
 
  4 - Knife                              26 - Sawn-Off Shotgun
 
  5 - Baseball Bat                      27 - SPAS-12
 
  6 - Shovel                            (Slot4: Sub-Machineguns)
 
  7 - Pool Cue                          28 - Micro Uzi
 
  8 - Katana                            29 - MP5
 
  9 - Chainsaw                          32 - TEC-9
 
  15 - Cane
 
  (Slot5: Machineguns)                  (Slot10: Gifts)
 
  30 - AK47                              14 - Flowers
 
  31 - M4                                (Slot9:Special1)
 
  (Slot6: Rifles)                        42 - Fire Extinguisher
 
  33 - Country Rifle                    43 - Camera
 
  34 - Sniper Rifle                      (Slot11:Special2)
 
  (Slot7: Heavy Weapons)                44 - NV Goggles
 
  35 - Rocket Launcher                  45 - IR Goggles
 
  36 - Heat Seaking RPG                  46 - Parachute
 
  37 - Flame Thrower                    (Slot12:Detonators)
 
  38 - Minigun                            40 - Detonator(for remote explosives)
 
  (Slot8: Projectiles)
 
  16 - Grenade
 
  18 - Molotov Cocktail
 
  39 - Remote Explosives
 
  (No slot: Fired from hunter / hydra / missile launcher)
 
  (This type is stored in the rocket pool as rocket type, but is the continuation of this list)
 
  19 - Normal rockets
 
  20 - Heatseeking rockets
 
  58 - Flares
 
 
 
==Cars==
 
* 0xB6F980 - Is the direct pointer to the pool start (CVehicle)
 
* 0xB74494 - Contains a pointer
 
This pointer:
 
* +0 = Contains a pointer to the first element in the pool
 
* +4 = Contains a pointer to a byte map indicating which elements are in use
 
* +8 = [dword] Is the maximum number of elements in the pool
 
* +12 = [dword] Is the current number of elements in the pool
 
 
 
Each vehicle object is 2584 (0xA18) bytes. It starts at 0xC502AA0.
 
  
 
For each vehicle in the pool:
 
For each vehicle in the pool:
  
* +20 = [byte] Contains a pointer to the rotation/position matrix (84 bytes):
+
* +<code>0x14</code> = [byte] Contains a pointer to the rotation/position matrix (84 bytes):
** +0 = [float] X-axis Rotation (Grad)
+
** +<code>0x0</code> = [CVector] World Space Right direction Vector (X-Axis)
** +4 = [float] Y-axis Rotation (Grad)
+
** +<code>0x10</code> = [CVector] World Space Forward direction Vector (Y-Axis)
** +8 = [float] Z-axis Rotation (Grad)
+
** +<code>0x20</code> = [CVector] World Space Upwards direction Vector (Z-Axis)
** +16 = [float] X-axis Rotation (Looking)
+
** +<code>0x30</code> = [CVector] World Space Position
** +20 = [float] Y-axis Rotation (Looking)
+
* +<code>0x22</code> = [word] Vehicle ID from vehicles.ide
** +24 = [float] Z-axis Rotation (Looking)
+
* +<code>0x36</code> = [byte] Entity type
** +48 = [float] X-axis Position
+
** 2 = Player as driver
** +52 = [float] Y-axis Position
+
** 18 = Quiet driver
** +56 = [float] Z-axis Position
+
** 26 = Suspicious driver (when slightly or heavily collided, unlike cops who are never quiet)
* +34 = [word] Vehicle ID from vehicles.ide
+
** 34 = No driver
* +66 = [byte] Is the BP/EP/DP/DP (Special Flags) status of the car as follows:<br><i>Add these values, and write the sum into +66</i>
+
** 42 = Destroyed
** 1 = N/A
+
** 74 = Player as driver is exiting or being wasted, busted or hijacked
** 2 = N/A
+
* +<code>0x40</code> - Physical flags structure
** 4 = Bullet-proof
+
** +<code>0x0</code> = Movement physics flags
** 8 = Fire-proof
+
*** Bit 1 = Unknown
** 16 = Damage-proof (from collisions etc)
+
*** Bit 2 = Apply Gravity
** 32 = N/A
+
*** Bit 3 = Disable Collision Force
** 64 = N/A
+
*** Bit 4 = Collidable
** 128 = Explosion-proof
+
*** Bit 5 = Disable Turn Force
* +68 = [float] X (East-West) speed
+
*** Bit 6 = Disable Move Force
* +72 = [float] Y (North-South) speed
+
*** Bit 7 = Infinite Mass
* +76 = [float] Z (Up-Down) speed
+
*** Bit 8 = Disable Z
* +80 = [float] X (NS) Spin
+
** +<code>0x1</code> = Surface physics flags
* +84 = [float] Y (EW) Spin
+
*** 1 = Submerged In Water
* +88 = [float] Z (NW) Spin
+
*** 2 = On Solid Surface
 +
*** 4 = Broken
 +
*** 8 = Unknown
 +
*** 16 = Unknown
 +
*** 32 = Don't Apply Speed
 +
*** 64 = Unknown
 +
*** 128 = Unknown
 +
** +<code>0x2</code> = Special physics flags
 +
*** 1 = n/a(game prevent this)
 +
*** 2 = Collision-proof
 +
*** 4 = Bullet-proof
 +
*** 8 = Fire-proof
 +
*** 16 = Damage-proof (from collisions etc)
 +
*** 32 = Melee-proof
 +
*** 64 = n/a
 +
*** 128 = Explosion-proof
 +
** +<code>0x3</code> = Collision physics flag
 +
*** 1 = Unknown
 +
*** 2 = Attached To Entity
 +
*** 4 = Unknown
 +
*** 8 = Touching Water
 +
*** 16 = Can Be Collided with
 +
*** 32 = Destroyed
 +
*** 64 = Unknown
 +
*** 128 = Unknown
 +
* +<code>0x44</code> = [CVector] Speed angles
 +
* +<code>0x50</code> = [CVector] Spin angles
  
 
'''Note:'''
 
'''Note:'''
Line 440: Line 609:
  
 
(Car addresses continued:)
 
(Car addresses continued:)
* +140 = [float] Mass (kg) from handling.cfg
+
* +<code>0x8C</code> = [float] Mass (kg) from handling.cfg
* +144 = [float] Turn Mass from handling.cfg
+
* +<code>0x90</code> = [float] Turn Mass from handling.cfg
* +148 = [float] Grip Divider:
+
* +<code>0x94</code> = [float] Grip Divider:
 
** 1.0 = 1 x gGrip
 
** 1.0 = 1 x gGrip
 
** 10.1 = 10 x gGrip
 
** 10.1 = 10 x gGrip
 
** 100.0 = g / 100Grip
 
** 100.0 = g / 100Grip
* +152 = [float] Mass-to-Grip Multiplier. Ie. G Force when flying/during suspension/driving (acceleration towards ground)
+
* +<code>0x98</code> = [float] Mass-to-Grip Multiplier. Ie. G Force when flying/during suspension/driving (acceleration towards ground)
* +160 = [float] Normalized Grip Level
+
* +<code>0xA0</code> = [float] Normalized Grip Level
* +164 = [float] CoM X
+
* +<code>0xA4</code> = [CVector] Center of Mass
* +168 = [float] CoM Y
+
* +<code>0xD8</code> = [float] Increases when collision occurs
* +172 = [float] CoM Z
+
* +<code>0x428</code> = [byte] Engine State (whether the engine is running or stalled):
* +1064 = [byte] Engine State (whether the engine is running or stalled):
+
** 0 = stalled
** 0 = Stalled
+
** 16 = ok
** 16 = Ok
+
* +<code>0x42D</code> = [byte] Siren on/off
* +1069 = [byte] Siren on/off
+
* +<code>0x434</code> = [byte] Body Color (as in [[carcols.dat]], black being the 0)
* +1076 = [byte] Body Color (as in [[carcolors.dat]], black being the 0)
+
* +<code>0x435</code> = [byte] Stripe Color (as in [[carcols.dat]], black being the 0)
* +1077 = [byte] Stripe Color (as in [[carcolors.dat]], black being the 0)
+
* +<code>0x436</code> = [byte] Body Color #2
* +1078 = [byte] Body Color #2
+
* +<code>0x437</code> = [byte] Stripe Color #2
* +1079 = [byte] Stripe Color #2
+
* +<code>0x438</code> = [dword] modding data as in garage info (Not working?)
* +1080 = [dword] modding data as in garage info (Not working?)
+
* +<code>0x43C</code> = [dword] modding data as in garage info (Not working?)
* +1084 = [dword] modding data as in garage info (Not working?)
+
* +<code>0x440</code> = [dword] modding data as in garage info (Not working?)
* +1088 = [dword] modding data as in garage info (Not working?)
+
* +<code>0x444</code> = [dword] modding data as in garage info (Not working?)
* +1092 = [dword] modding data as in garage info (Not working?)
+
* +<code>0x448</code> = [dword] modding data as in garage info (Not working?)
* +1096 = [dword] modding data as in garage info (Not working?)
+
* +<code>0x44C</code> = [dword] modding data as in garage info (Not working?)
* +1100 = [dword] modding data as in garage info (Not working?)
+
* +<code>0x450</code> = [dword] modding data as in garage info (Not working?)
* +1104 = [dword] modding data as in garage info (Not working?)
+
* +<code>0x454</code> = [dword] modding data as in garage info (Not working?)
* +1108 = [dword] modding data as in garage info (Not working?)
+
* +<code>0x458</code> = [float] Car Wheel Size from vehicle.ide
* +1112 = [float] Car Wheel Size from vehicle.ide
+
* +<code>0x45C</code> = [dword] Time left for car alarm to sound in ms
* +1116 = [dword] Time left for car alarm to sound in ms
+
* +<code>0x460</code> = [dword] Pointer to driver
* +1120 = [dword] Pointer to driver
+
* +<code>0x464</code> = [dword] Pointer to passenger 1 (Front-right seat)
* +1124 = [dword] Pointer to passenger 1 (Front-right seat)
+
* +<code>0x468</code> = [dword] Pointer to passenger 2 (Rear-left seat)
* +1128 = [dword] Pointer to passenger 2 (Rear-left seat)
+
* +<code>0x46C</code> = [dword] Pointer to passenger 3 (Rear-right seat)
* +1132 = [dword] Pointer to passenger 3 (Rear-right seat)
+
* +<code>0x470</code> = [dword] Pointer to passenger 4 (Used for buses)
* +1136 = [dword] Pointer to passenger 4 (Used for buses)
+
* +<code>0x474</code> = [dword] Pointer to passenger 5 (Used for buses)
* +1140 = [dword] Pointer to passenger 5 (Used for buses)
+
* +<code>0x478</code> = [dword] Pointer to passenger 6 (Used for buses)
* +1144 = [dword] Pointer to passenger 6 (Used for buses)
+
* +<code>0x47C</code> = [dword] Pointer to passenger 7 (Used for buses)
* +1148 = [dword] Pointer to passenger 7 (Used for buses)
+
* +<code>0x480</code> = [dword] Pointer to passenger 8 (Used for buses)
* +1152 = [dword] Pointer to passenger 8 (Used for buses)
+
* +<code>0x484</code> = [dword] Pointer to passenger 9 (Used for buses)
* +1156 = [dword] Pointer to passenger 9 (Used for buses)
+
* +<code>0x494</code> = [float] Steer angle 1
* +1172 = [float] Steer angle 1
+
* +<code>0x498</code> = [float] Steer angle 2
* +1176 = [float] Steer angle 2
+
* +<code>0x49C</code> = [float] Gas pedal
* +1180 = [float] Gas pedal
+
* +<code>0x4A0</code> = [float] Brake pedal
* +1184 = [float] Brake pedal
+
* +<code>0x4A8</code> = [byte] Places a car-bomb:
* +1192 = [byte] Places a car-bomb:
+
** 0 = No bomb.
** 0 = No bomb
+
** 1 = Car has a time bomb, but it's not armed.
** 1 = Car has bomb, but not armed
+
** 2 = Car has an on-ignition bomb, but it's not armed.
** 4 = Car has bomb, and is armed
+
** 3 = Set remotely, perhaps (?).
 +
** 4 = Time bomb is armed.
 +
** 5 = On-ignition bomb is armed.
  
'''Note:'''
+
'''Note:''' You can set the above values to 0 or 1 to give the car a bomb. Some other flags get set when you arm the bomb. So if you set this value to 4 or 5, or actually arm the bomb through normal gameplay, it does not help if you try to change this value back.
You can set the above values to 0 and 1 to give the car a bomb. Some other flags get set when you arm the bomb. So if you set this value to 4, or actually arm the bomb thru normal gameplay, it does not help to change this value back.
+
 
 +
* +<code>0x4AB</code> = [BYTE] The number of peds (usually cops) trying to hide behind this car.
 +
 
 +
* +<code>0x8A4</code> = [float] Nitro Count
 +
** 1.0 Nitro filled (in case of number of NOS is equal to 0 it'll mean Empty)
 +
** -1.0 Nitro discharged
 +
* +<code>0x48A</code> = [BYTE] Number of available NOS in the vehicle
 +
** 1~10 Have Available NOS
 +
** 0 No Have Available NOS
  
* +1216 = [float] Health/Car Damage Left:
+
* +<code>0x4B0</code> = [float] Body dirt level:
 +
** 0.0 = fully clean
 +
** 15.0 = maximum dirt visible
 +
* +<code>0x4C0</code> = [float] Health/Car Damage Left:
 
** <250.0 = on fire
 
** <250.0 = on fire
 
** 1000.0 = undamaged
 
** 1000.0 = undamaged
* +1272 = [dword] Car Door Locked State:
+
* +<code>0x4F8</code> = [dword] Car Door Locked State:
 
** 1 = open
 
** 1 = open
 
** 2 = locked
 
** 2 = locked
* +1300 = [dword] Alternate siren (honking):
+
* +<code>0x514</code> = [dword] Alternate siren (honking):
 
** 0 = off
 
** 0 = off
 
** 1 = on
 
** 1 = on
* +1412 = [dword] headlights switch:
+
'''Note:''' Automatically gets reset back to 0. To prevent this just NOP <code>0x6E0A3B</code> (6 bytes).
 +
* +<code>0x584</code> = [dword] Headlights switch:
 
** 0 = off
 
** 0 = off
 
** 1 = on
 
** 1 = on
* +1444 = [float] Train speed:
+
'''Note:''' Same case as above, gets automatically reset – NOP <code>0x6E1EDE</code> (6 bytes).
** -0.1 = Is forward
+
* +<code>0x590</code> = [byte] Car type:
** 0.1 = Is reverse
+
** 0 = car/plane
* +1445 = [byte] Car Tire (Left-Front) Status:
+
** 5 = boat
** 0 = Ok
+
** 6 = train
** 1 = Flat
+
** 9 = bike
 +
* +<code>0x5A4</code> = [float] Train speed:
 +
** -0.1 = is forward
 +
** 0.1 = is reverse
 +
* +<code>0x5A5</code> = [byte] Car Tire (Left-Front) Status:
 +
** 0 = ok
 +
** 1 = flat
 
** 2 = Used by planes when landing gear is up
 
** 2 = Used by planes when landing gear is up
* +1446 = [byte] Car Tire (Left-Rear) Status:
+
* +<code>0x5A6</code> = [byte] Car Tire (Left-Rear) Status:
** 0 = Ok
+
** 0 = ok
** 1 = Flat
+
** 1 = flat
 
** 2 = Used by planes when landing gear is up
 
** 2 = Used by planes when landing gear is up
* +1447 = [byte] Car Tire (Right-Front) Status:
+
* +<code>0x5A7</code> = [byte] Car Tire (Right-Front) Status:
** 0 = Ok
+
** 0 = ok
** 1 = Flat
+
** 1 = flat
 
** 2 = Used by planes when landing gear is up
 
** 2 = Used by planes when landing gear is up
* +1448 = [byte] Car Tire (Right-Rear) Status:
+
* +<code>0x5A8</code> = [byte] Car Tire (Right-Rear) Status:
** 0 = Ok
+
** 0 = ok
** 1 = Flat
+
** 1 = flat
 
** 2 = Used by planes when landing gear is up
 
** 2 = Used by planes when landing gear is up
* +1628 = [byte] Bike Tire (Front) Status:
+
* +<code>0x65C</code> = [byte] Bike Tire (Front) Status:
** 0 = Ok
+
** 0 = ok
** 1 = Flat
+
** 1 = flat
* +1629 = [byte] Bike Tire (Rear) Status:
+
* +<code>0x65D</code> = [byte] Bike Tire (Rear) Status:
** 0 = Ok
+
** 0 = ok
** 1 = Flat
+
** 1 = flat
* +1630 = [byte] Bicycle Tire (Front) Status:
+
* +<code>0x65E</code> = [byte] Bicycle Tire (Front) Status:
** 0 = Ok
+
** 0 = ok
** 1 = Shot
+
** 1 = shot
* +1631 = [byte] Bicycle Tire (Rear) Status:
+
* +<code>0x65F</code> = [byte] Bicycle Tire (Rear) Status:
** 0 = Ok
+
** 0 = ok
** 1 = Shot
+
** 1 = shot
  
 
'''Note:'''
 
'''Note:'''
 
You cannot actually shoot the wheels of bmx. If you set the value 1 at above two offsets, it rides as if the wheels were shot. They probably not work.
 
You cannot actually shoot the wheels of bmx. If you set the value 1 at above two offsets, it rides as if the wheels were shot. They probably not work.
  
* +1736 = [byte] Is the bike identifier. Gets set to 1 if this vehicle is a bike (or bmx)
+
* +<code>0x6C8</code> = [byte] Is the bike identifier.
* +2020 = [float] Front-Left suspension height
+
'''Note:'''
* +2024 = [float] Rear-Left suspension height
+
Gets set to 1 if this vehicle is a bike (or bmx).
* +2028 = [float] Front-Right suspension height
+
* +<code>0x720</code> = [float] Front-Left suspension height
* +2032 = [float] Rear-Right suspension height
+
* +<code>0x724</code> = [float] Rear-Left suspension height
* +2276 = [float] Burn Timer (in ms)
+
* +<code>0x728</code> = [float] Front-Rear suspension height
 +
* +<code>0x72C</code> = [float] Rear-Rear suspension height
 +
 
 +
* +<code>0x7BC</code> = [float] Burn Timer (in ms) (for bikes)
 +
'''Note:''' There is also a copy of the suspension values at -<code>0x10</code>, but these are 'smoother'. They range from 0 to 1 (1 = fully extended/airborne, 0 = fully compressed).
 +
* +<code>0x7E4</code> = [float] Front-Left suspension height
 +
* +<code>0x7E8</code> = [float] Rear-Left suspension height
 +
* +<code>0x7EC</code> = [float] Front-Right suspension height
 +
* +<code>0x7F0</code> = [float] Rear-Right suspension height
  
Let's say, the Car Position of this given car starts at 0xC5F5DB4:
+
* +<code>0x86C</code> = [word] Current load of vehicle, works for vehicles such as dumper, packer, dozer, forklift and so on.
* +0 = X Level to the ground
+
* +<code>0x870</code> = [word] Last load value of vehicle. Used to detect whether vehicle should have sound of raising/lowering a load. After detecting it gets value of car struct +<code>0x86C</code> below.
* +4 = Y Level to the ground
+
 
* +8 = Z Level to the ground
+
* +<code>0x8E4</code> = [float] Burn Timer (in ms) (for cars)
* +16 = X Where am I looking
+
 
* +20 = Y Where am I looking
+
Let's say, the Car Position of this given car starts at <code>0xC5F5DB4</code>:
* +24 = Z Where am I looking
+
* +<code>0x0</code> = [CVector] Level to the ground
* +32 = Dyn flight data
+
* +<code>0x10</code> = [CVector] Where am I looking
* +36 = Dyn flight data
+
* +<code>0x20</code> = [CVector] Dyn flight data
* +40 = Dyn flight data
+
* +<code>0x30</code> = [CVector] CarPos
* +48 = CarPosX
 
* +52 = CarPosY
 
* +56 = CarPosZ
 
  
 
Following offsets are Floats, as positions of doors and other car parts that gets detached by damage. We need to recalculate and set their locations if we warp a car from one location to another. Otherwise the car spins uncontrollably:
 
Following offsets are Floats, as positions of doors and other car parts that gets detached by damage. We need to recalculate and set their locations if we warp a car from one location to another. Otherwise the car spins uncontrollably:
* +1828 = Detachables1 Pos X
+
* +<code>0x724</code> = [CVector] Detachables1
* +1832 = Detachables1 Pos Y
+
* +<code>0x750</code> = [CVector] Detachables2
* +1836 = Detachables1 Pos Z
+
* +<code>0x77C</code> = [CVector] Detachables3
* +1872 = Detachables2 Pos X
+
* +<code>0x7A8</code> = [CVector] Detachables4
* +1876 = Detachables2 Pos Y
 
* +1880 = Detachables2 Pos Z
 
* +1916 = Detachables3 Pos X
 
* +1920 = Detachables3 Pos Y
 
* +1924 = Detachables3 Pos Z
 
* +1960 = Detachables4 Pos X
 
* +1964 = Detachables4 Pos Y
 
* +1968 = Detachables4 Pos Z
 
  
 
The locations of the detachable objects are different for cars and bikes.  This is merely because bike object is actually smaller than the car object.  The car object is used for all vehicles (including heli) but the bikes.
 
The locations of the detachable objects are different for cars and bikes.  This is merely because bike object is actually smaller than the car object.  The car object is used for all vehicles (including heli) but the bikes.
  
 
Offsets for Detachables:
 
Offsets for Detachables:
* +1532 = BikeDetachPosAdr(0)
+
* +<code>0x5FC</code> = [CVector] BikeDetachPosAdr(0)
* +1632 = BikeDetachPosAdr(1)
+
* +<code>0x660</code> = [CVector] BikeDetachPosAdr(1)
* +1676 = BikeDetachPosAdr(2)
+
* +<code>0x68C</code> = [CVector] BikeDetachPosAdr(2)
* +1720 = BikeDetachPosAdr(3)
+
* +<code>0x6B8</code> = [CVector] BikeDetachPosAdr(3)
* +1764 = BikeDetachPosAdr(4)
+
* +<code>0x6E4</code> = [CVector] BikeDetachPosAdr(4)
  
* +1828 = CarDetachPosAdr(0)
+
* +<code>0x724</code> = [CVector] CarDetachPosAdr(0)
* +1872 = CarDetachPosAdr(1)
+
* +<code>0x750</code> = [CVector] CarDetachPosAdr(1)
* +1916 = CarDetachPosAdr(2)
+
* +<code>0x77C</code> = [CVector] CarDetachPosAdr(2)
* +1960 = CarDetachPosAdr(3)
+
* +<code>0x7A8</code> = [CVector] CarDetachPosAdr(3)
  
 
The trailer of the tanker is handled the same way as the vehicles. Its pointer gets set at offset:
 
The trailer of the tanker is handled the same way as the vehicles. Its pointer gets set at offset:
* +0x4C8
+
* +<code>0x4C8</code>
 
To the car object start. When warping vehicles that has trailer, we need to warp this 'vehicle' as well.
 
To the car object start. When warping vehicles that has trailer, we need to warp this 'vehicle' as well.
 
The same pointer is used also when you are towing other vehicles as well.
 
The same pointer is used also when you are towing other vehicles as well.
  
==Wanted==
+
===Wanted===
0xB7CD9C - Wanted pool start (CWanted). Each slot has 668 bytes of data.
+
<code>0xB7CD9C</code> – Wanted pool start (CWanted). Each slot has 668 bytes of data.
  
* +0x0 = Is the counter for how pissed the cops are:
+
* +<code>0x0</code> = Is the counter for how pissed the cops are:
 
** above 50 = 1 star
 
** above 50 = 1 star
 
** above 180 = 2 stars
 
** above 180 = 2 stars
Line 602: Line 788:
 
** above 2400 = 5 stars
 
** above 2400 = 5 stars
 
** above 4600 = 6 stars
 
** above 4600 = 6 stars
* +0x2C = [dword] Current wanted level
+
* +<code>0x4</code> = like above, but 'before parole (timed wanted level decrease?)'
* +0x19 = [byte] Number of cops simultaniously shooting at you
+
* +<code>0x8</code> = [dword] time value, the last time the wanted level decreased
 +
* +<code>0xC</code> = [dword] time value, the last time the wanted level changed
 +
* +<code>0x10</code> = [dword] 'time of parole'
 +
* +<code>0x14</code> = [float] multiplier of wanted level contribution of crimes (set using [[03C7]]?)
 +
* +<code>0x18</code> = [byte] Current amount of cops 'in pursuit'
 +
* +<code>0x19</code> = [byte] Maximum number of foot cops simultaneously shooting at you ('in pursuit')
 +
* +<code>0x1A</code> = [byte] Maximum number of cop cars in pursuit
 +
* +<code>0x1B</code> = [byte] Amount of cops currently 'beating the suspect'
 +
* +<code>0x1C</code> = [word] Chance a road block appears, range unknown (though 127 seems to have a special meaning)
 +
* +<code>0x1E</code> = [bool] Is the player ignored by police? (set by script)
 +
* +<code>0x1F</code> = [bool] Is the player ignored by police? (set by garages)
 +
* +<code>0x20</code> = [bool] Is the player ignored by everyone?
 +
* +<code>0x21</code> = [bool] Should the streamer load the SWAT models?
 +
* +<code>0x22</code> = [bool] Should the streamer load the FBI models?
 +
* +<code>0x23</code> = [bool] Should the streamer load the army models?
 +
* +<code>0x24</code> = [dword] Current chase time
 +
* +<code>0x28</code> = [dword] 'Current chase time counter'
 +
* +<code>0x2C</code> = [word] Current wanted level (1-6)
 +
* +<code>0x2F</code> = [word] Wanted level before 'parole'
 +
* need to do more
  
 
'''Note:'''
 
'''Note:'''
Helicopters will still shoot if you change this to 0.
+
Helicopters will still shoot if you change flag <code>0x19</code> to 0.
 +
 
 +
===Player Data===
 +
* <code>0xB7CD98</code> - CPlayerData
 +
** +<code>0x0</code> = [dword] Pointer to [[#Pedestrians|CPed]]
 +
** +<code>0x4</code> = CPlayerData pool start
 +
*** +<code>0x0</code> = [dword] Pointer to [[#Wanted|CWanted]]
 +
*** +<code>0x4</code> = [dword] Pointer to ped clothes description
 +
*** +<code>0x8</code> = [dword] Pointer to cop that arresting you
 +
*** +<code>0xC</code> = [CVector2D] Fight movement
 +
*** +<code>0x14</code> = [float] Move blend ratio
 +
*** +<code>0x18</code> = [float] Time can run
 +
*** +<code>0x1C</code> = [float] Move speed
 +
*** +<code>0x20</code> = [byte] Selected weapon slot
 +
*** +<code>0x21</code> = [byte] Car danger counter
 +
*** +<code>0x24</code> = [dword] Stand still timer
 +
*** +<code>0x28</code> = [dword] Hit animation delay
 +
*** +<code>0x2C</code> = [float] Attack button counter
 +
*** +<code>0x30</code> = [dword] Pointer to car danger
 +
*** +<code>0x34</code> = [dword] Player flags
 +
**** Bit 0 = Stopped Moving
 +
**** Bit 1 = Adrenaline
 +
**** Bit 2 = Have Target Selected
 +
**** Bit 3 = Free Aiming
 +
**** Bit 4 = Can Be Damaged
 +
**** Bit 5 = All Melee Attack Pts Blocked
 +
**** Bit 6 = Just Been Snacking
 +
**** Bit 7 = Require Handle Breath
 +
**** Bit 8 = Group Stuff Disabled
 +
**** Bit 9 = Group Always Follow
 +
**** Bit 10 = Group Never Follow
 +
**** Bit 11 = In Vehicle Dont Allow Weapon Change
 +
**** Bit 12 = Render Weapon
 +
*** +<code>0x38</code> = [dword] Player group
 +
*** +<code>0x3C</code> = [dword] Adrenaline end time
 +
*** +<code>0x40</code> = [byte] Drunkeness
 +
*** +<code>0x41</code> = [byte] Fade drunkeness
 +
*** +<code>0x42</code> = [byte] Drug level
 +
*** +<code>0x43</code> = [byte] Script limit to gangs size
 +
*** +<code>0x44</code> = [float] Breath
 +
*** +<code>0x48</code> = [dword] Pointer to melee weapon animation
 +
*** +<code>0x4C</code> = [dword] Pointer to melee weapon animation extra
 +
*** +<code>0x50</code> = [float] FPS move heading
 +
*** +<code>0x54</code> = [float] Look pitch
 +
*** +<code>0x58</code> = [float] Skateboard speed (?)
 +
*** +<code>0x5C</code> = [float] Skateboard lean (?)
 +
*** +<code>0x60</code> = [dword] Pointer to special atomic
 +
*** +<code>0x64</code> = [float] Gun spin speed
 +
*** +<code>0x68</code> = [float] Gun spin angle
 +
*** +<code>0x6C</code> = [dword] Last time firing
 +
*** +<code>0x70</code> = [dword] Target bone
 +
*** +<code>0x74</code> = [CVector] Target bone offset
 +
*** +<code>0x80</code> = [dword] Bus fares collected
 +
*** +<code>0x84</code> = [bool] Player sprint disabled
 +
*** +<code>0x85</code> = [bool] Don't allow weapon change
 +
*** +<code>0x86</code> = [byte] Force interior lighting
 +
*** +<code>0x88</code> = [word] Pad down pressed in ms
 +
*** +<code>0x8A</code> = [word] Pad up pressed in ms
 +
*** +<code>0x8C</code> = [byte] Wetness
 +
*** +<code>0x8D</code> = [bool] Player gang active
 +
*** +<code>0x8E</code> = [byte] Water cover in percent
 +
*** +<code>0x90</code> = [float] Water height
 +
*** +<code>0x94</code> = [dword] Fire HS missile pressed time
 +
*** +<code>0x98</code> = [dword] Pointer to last HS missile target
 +
*** +<code>0x9C</code> = [dword] Model index of last building shot
 +
*** +<code>0xA0</code> = [dword] Last HS missile los time
 +
*** +<code>0xA0</code> = [byte] Last HS missile los
 +
*** +<code>0xA4</code> = [dword] Pointer to current prostitute ped
 +
*** +<code>0xA8</code> = [dword] Pointer to last prostitute ped shagged
 +
** +<code>0xB0</code> = [dword] Pointer to remote vehicle
 +
** +<code>0xB4</code> = [dword] Pointer to spectating vehicle
 +
** +<code>0xB8</code> = [dword] Money
 +
** +<code>0xBC</code> = [dword] Displayed money
 +
** +<code>0xC0</code> = [dword] Collectables picked up
 +
** +<code>0xC4</code> = [dword] Total number collectables
 +
** +<code>0xC8</code> = [dword] Last bump player vehicle timer
 +
** +<code>0xCC</code> = [dword] Taxi timer
 +
** +<code>0xD0</code> = [dword] Vehicle time counter
 +
** +<code>0xD4</code> = [bool] Taxi timer score
 +
** +<code>0xD5</code> = [bool] Trying to exit vehicle
 +
** +<code>0xD8</code> = [dword] Pointer to last target vehicle
 +
** +<code>0xDC</code> = [byte] Player state
 +
** +<code>0xDD</code> = [bool] After remote vehicle explosion
 +
** +<code>0xDE</code> = [bool] Create remote vehicle explosion
 +
** +<code>0xDF</code> = [bool] Fade after remote vehicle explosion
 +
** +<code>0xE0</code> = [dword] Time of remote vehicle explosion
 +
** +<code>0xE4</code> = [dword] Last time energy lost
 +
** +<code>0xE8</code> = [dword] Last time armour lost
 +
** +<code>0xEC</code> = [dword] Last time big gun fired (?)
 +
** +<code>0xF0</code> = [dword] Times upside down in a row
 +
** +<code>0xF4</code> = [dword] Times stuck in a row
 +
** +<code>0xF8</code> = [dword] Car two wheel counter
 +
** +<code>0xFC</code> = [float] Car two wheel distance
 +
** +<code>0x100</code> = [dword] Car less three wheel counter
 +
** +<code>0x104</code> = [dword] Bike rear wheel counter
 +
** +<code>0x108</code> = [float] Bike rear wheel distance
 +
** +<code>0x10C</code> = [dword] Bike front wheel counter
 +
** +<code>0x110</code> = [float] Bike front wheel distance
 +
** +<code>0x114</code> = [dword] Temp buffer counter
 +
** +<code>0x118</code> = [dword] Best car two wheels time in ms
 +
** +<code>0x11C</code> = [dword] Best car two wheels distance in m
 +
** +<code>0x120</code> = [dword] Best bike wheelie time in ms
 +
** +<code>0x124</code> = [dword] Best bike wheelie distance in m
 +
** +<code>0x128</code> = [dword] Best bike stoppie time in ms
 +
** +<code>0x12C</code> = [dword] Best bike stoppie distance in m
 +
** +<code>0x130</code> = [word] Car density for current zone
 +
** +<code>0x134</code> = [float] Road density around player
 +
** +<code>0x138</code> = [dword] Time of last car explosion caused
 +
** +<code>0x13C</code> = [dword] Explosion multiplier
 +
** +<code>0x140</code> = [dword] Havoc caused
 +
** +<code>0x144</code> = [word] Number of hours didn't eat
 +
** +<code>0x148</code> = [float] Current chase value
 +
** +<code>0x14C</code> = [bool] Does not get tired (Infinite run in other words)
 +
** +<code>0x14D</code> = [bool] Fast reload
 +
** +<code>0x14E</code> = [bool] Fire proof
 +
** +<code>0x14F</code> = [byte] Max health
 +
** +<code>0x150</code> = [byte] Max armour
 +
** +<code>0x151</code> = [bool] Get of jail free & keep weapons
 +
** +<code>0x152</code> = [bool] Free health care & keep weapons
 +
** +<code>0x153</code> = [bool] Can do drive-by
 +
** +<code>0x154</code> = [byte] Busted audio status
 +
** +<code>0x156</code> = [word] Last busted message number
 +
** +<code>0x158</code> = [dword] Crosshair activated
 +
** +<code>0x15C</code> = [CVector2D] Crosshair target
 +
** +<code>0x164</code> = [char(32)]Skin name
 +
** +<code>0x184</code> = [dword] Pointer to skin RwTexture
 +
** +<code>0x188</code> = [bool] Parachute referenced
 +
** +<code>0x18C</code> = [dword] Require parachute timer
 +
 
 +
===Camera===
 +
* <code>0xB6F028</code> – Camera Block Start (CCamera)
 +
* <code>0x52B730</code> – Start of camera 'MOVer' subroutine:
 +
** <code>0xC3</code> = lock camera (retn)
 +
* <code>0xB6F0DC</code> – [dword] Current View:
 +
** 0 = bumper View
 +
** 1 = close external view
 +
** 2 = middle external view
 +
** 3 = furthest external view
 +
** 4 = nothing = same as last?
 +
** 5 = cinematic view
 +
** 6 to INF = same as 4?
 +
* <code>0xB6F0E0</code> – [float] Car View Distance (arm length)
 +
* <code>0xB6F0E8</code> – [float] True View Distance (true arm length)
  
==Camera==
+
===Ignored===
* 0xB6F028 - Camera Block Start (CCamera)
+
<code>0xB7CD9C</code> – Ignored pointer (CIgnored).
* 0x52B730 - Start of camera 'MOVer' subroutine:
 
** 0xC3 = lock camera (retn)
 
* 0xB6F0DC - [dword] Current View:
 
** 0 = Bumper View
 
** 1 = Close external view
 
** 2 = Middle external view
 
** 3 = Furthest external view
 
** 4 = Nothing = same as last?
 
** 5 = Cinematic view
 
** 6 to INF = Same as 4?
 
* 0xB6F0E0 - [float] Car View Distance (arm length)
 
* 0xB6F0E8 - [float] True View Distance (true arm length)
 
  
==Ignored==
+
* +<code>0x1E</code> = [byte/boolean] Is player ignored by cops
0xB7CD9C - Ignored pointer (CIgnored).
+
* +<code>0x298</code> = [byte/boolean] Is player ignored by everyone
  
* +0x1E = [byte/boolean] Is player ignored by cops
+
===Pools===
* +0x298 = [byte/boolean] Is player ignored by everyone
+
See the [[Data Pools]] functions in the [[Function Memory Addresses (SA)]] section.
  
==Pools==
+
<code>0x550F10</code> – AllocatePools function.
See the [[Data Pool]] funtions in the [[Function Memory Addresses]] section.
 
  
00B74484 - PtrNode Single<br>
+
* <code>0xB74484</code> – PtrNode Single
00B74488 - PtrNode Double<br>
+
* <code>0xB74488</code> – PtrNode Double
00B7448C - EntryInfoNode<br>
+
* <code>0xB7448C</code> – EntryInfoNode
00B74490 - Peds<br>
+
* <code>0xB74490</code> – Peds
00B74494 - Vehicles<br>
+
* <code>0xB74494</code> – Vehicles
00B74498 - Buildings<br>
+
* <code>0xB74498</code> – Buildings
00B7449C - Objects<br>
+
* <code>0xB7449C</code> – Objects
00B744A0 - Dummys<br>
+
* <code>0xB744A0</code> – Dummys
00B744A4 - ColModel<br>
+
* <code>0xB744A4</code> – ColModel
00B744A8 - Task<br>
+
* <code>0xB744A8</code> – Task
00B744AC - Event<br>
+
* <code>0xB744AC</code> – Event
00B744B0 - PointRoute<br>
+
* <code>0xB744B0</code> – PointRoute
00B744B4 - PatrolRoute<br>
+
* <code>0xB744B4</code> – PatrolRoute
00B744B8 - NodeRoute<br>
+
* <code>0xB744B8</code> – NodeRoute
00B744CC - TaskAllocator<br>
+
* <code>0xB744CC</code> – TaskAllocator
00B744C0 - PedIntelligence<br>
+
* <code>0xB744C0</code> – PedIntelligence
00B744C4 - PedAttractors
+
* <code>0xB744C4</code> PedAttractors
  
==Handling==
+
===Handling===
0xC2B9DC - Handling Block Start. Each slot has 224 bytes of data.
+
<code>0xC2B9DC</code> – Handling Block Start. Each slot has 224 bytes of data.
  
* +0x0 = [dword] Index/Identifier
+
* +<code>0x0</code> = [dword] Index/Identifier
* +0x4 = fMass
+
* +<code>0x4</code> = fMass
* +0x8 = 1.0 / fMass
+
* +<code>0x8</code> = 1.0 / fMass
* +0xC = fTurnMass
+
* +<code>0xC</code> = fTurnMass
* +0x10 = fDragMult
+
* +<code>0x10</code> = fDragMult
* +0x14 = CentreOfMass.x
+
* +<code>0x14</code> = [CVector] CentreOfMass
* +0x18 = CentreOfMass.y
+
* +<code>0x20</code> = [byte] nPercentSubmerged
* +0x1C = CentreOfMass.z
+
* +<code>0x24</code> = fMass * 8.0000001e-1 / nPercentSubmerged
* +0x20 = [byte] nPercentSubmerged
+
* +<code>0x28</code> = fTractionMultiplier
* +0x24 = fMass * 8.0000001e-1 / nPercentSubmerged
+
* +<code>0x74</code> = [byte] TransmissionData.nDriveType
* +0x28 = fTractionMultiplier
+
* +<code>0x75</code> = [byte] TransmissionData.nEngineType
* +0x74 = [byte] TransmissionData.nDriveType
+
* +<code>0x76</code> = [byte] TransmissionData.nNumberOfGears
* +0x75 = [byte] TransmissionData.nEngineType
+
* +<code>0x7C</code> = TransmissionData.fEngineAcceleration (Multiplied by 3.9999999e-4)
* +0x76 = [byte] TransmissionData.nNumberOfGears
+
* +<code>0x80</code> = TransmissionData.fEngineInertia
* +0x7C = TransmissionData.fEngineAcceleration (Multiplied by 3.9999999e-4)
+
* +<code>0x84</code> = TransmissionData.fMaxVelocity (Multiplied by 5.5555599e-3)
* +0x80 = TransmissionData.fEngineInertia
+
* +<code>0x94</code> = fBrakeDeceleration (Multiplied by 3.9999999e-4)
* +0x84 = TransmissionData.fMaxVelocity (Multiplied by 5.5555599e-3)
+
* +<code>0x98</code> = fBrakeBias
* +0x94 = fBrakeDeceleration (Multiplied by 3.9999999e-4)
+
* +<code>0x9C</code> = [byte] bABS
* +0x98 = fBrakeBias
+
* +<code>0xA0</code> = fSteeringLock
* +0x9C = [byte] bABS
+
* +<code>0xA4</code> = fTractionLoss
* +0xA0 = fSteeringLock
+
* +<code>0xA8</code> = fTractionBias
* +0xA4 = fTractionLoss
+
* +<code>0xAC</code> = fSuspensionForceLevel
* +0xA8 = fTractionBias
+
* +<code>0xB0</code> = fSuspensionDampingLevel
* +0xAC = fSuspensionForceLevel
+
* +<code>0xB4</code> = fSuspensionHighSpdComDamp
* +0xB0 = fSuspensionDampingLevel
+
* +<code>0xB8</code> = Suspension upper limit
* +0xB4 = fSuspensionHighSpdComDamp
+
* +<code>0xBC</code>= Suspension lower limit
* +0xB8 = Suspension upper limit
+
* +<code>0xC0</code> = Suspension bias between front and rear
* +0xBC= Suspension lower limit
+
* +<code>0xC4</code> = Suspension anti-dive multiplier
* +0xC0 = Suspension bias between front and rear
+
* +<code>0xC8</code> = [float] fCollisionDamageMultiplier { memory fCollisionDamageMultiplier = fCollisionDamageMultiplier * ( 1.0 / fMass) * 2000.0 }
* +0xC4 = Suspension anti-dive multiplier
+
* +<code>0xCC</code> = [hex] modelFlags
* +0xC8 = fCollisionDamageMultiplier (multiplier not yet found)
+
* +<code>0xD0</code> = [hex] handlingFlags
* +0xCC = [hex] modelFlags
+
* +<code>0xD4</code> = fSeatOffsetDistance
* +0xD0 = [hex] handlingFlags
+
* +<code>0xD8</code> = [dword] nMonetaryValue
* +0xD4 = fSeatOffsetDistance
+
* +<code>0xDC</code> = [byte] Front lights
* +0xD8 = [dword] nMonetaryValue
+
* +<code>0xDD</code> = [byte] Rear lights
* +0xDC = [byte] Front lights
+
* +<code>0xDE</code> = [byte] Vehicle anim group
* +0xDD = [byte] Rear lights
 
* +0xDE = [byte] Vehicle anim group
 
  
==Controls==
+
===Controls===
0xB73458 - Start of controls block.
+
<code>0xB73458</code> – Start of controls block.
  
* +0x20 = [word] Accelerate:
+
* +<code>0x20</code> = [word] Accelerate:
 
** 0 = off
 
** 0 = off
 
** 255 = on
 
** 255 = on
* +0x22 = [word] Brake
+
* +<code>0x22</code> = [word] Brake
  
==Rockets==
+
===Rockets===
 
The rocket pool contains info on launched rockets (for example, Hydra rockets).
 
The rocket pool contains info on launched rockets (for example, Hydra rockets).
  
0xC891A8 - Rocket pool start. Each slot has 36 bytes of data. There are 32 elements in the pool.
+
<code>0xC891A8</code> – Rocket pool start. Each slot has 36 bytes of data. There are 32 elements in the pool.
 +
 
 +
* +<code>0x0</code> = [dword] Rocket type:
 +
** 16 = none
 +
** 17 = tear gas
 +
** 19 = normal
 +
** 20 = heatseeking
 +
** 39 = remote explosives
 +
** 58 = flare
 +
* +<code>0x4</code> = [dword] Pointer to launching entity
 +
* +<code>0x8</code> = [dword] Pointer to target vehicle (when heatseeking), 0 otherwise
 +
* +<code>0x10</code> = [byte] Does rocket exist?
 +
** 0 = exploded/does not exist
 +
** 1 = travelling
 +
* +<code>0x14</code> = [CVector] Position
 +
 
 +
===Bullets===
 +
 +
<code>0xC88740</code> – Bullet pool start.
 +
 
 +
* +<code>0xC</code> = [byte] Bullet exists
 +
** 0 = Does not exist
 +
** 1 = Exists
 +
* +<code>0x10</code> = [CVector] Position
  
* +0 = [dword] Rocket type:
+
'''Note:''' It works only for Sniper Rifle
** 16 = None
 
** 19 = Normal
 
** 20 = Heatseeking
 
** 58 = Flare
 
* +4 = [dword] Pointer to launching vehicle
 
* +8 = [dword] Pointer to target vehicle (when heatseeking), 0 otherwise
 
* +16 = [byte] Does rocket exist?
 
** 0 = Exploded/does not exist
 
** 1 = Travelling
 
* +20 = [float] X-axis position
 
* +24 = [float] Y-axis position
 
* +28 = [float] Z-axis position
 
  
==Race Checkpoints==
+
===Race Checkpoints===
 
The checkpoints block that are used in the "illegal street racing" mini-games.
 
The checkpoints block that are used in the "illegal street racing" mini-games.
  
0xC7F158 - Checkpoint block start. Each block is 38 bytes, but theres always only two at a time.
+
<code>0xC7F158</code> – Checkpoint block start. Each block is 38 bytes, but theres always only two at a time.
  
* +0 = [byte] Type of checkpoint
+
* +<code>0x0</code> = [byte] Type of checkpoint
* +2 = [byte] RGBA color value
+
* +<code>0x2</code> = [byte] RGBA color value
* +4 = [float] X-axis Position
+
* +<code>0x4</code> = [CVector] Position
* +8 = [float] Y-axis Position
+
* +<code>0x10</code> to +<code>0x18</code> = [float] Rotation Matrix (direction from this checkpoint to the next, all floats)
* +12 = [float] Z-axis Position
+
* +<code>0x20</code> = [float] Checkpoint radius
* +16 to +24 = [float] Rotation Matrix (direction from this checkpoint to the next, all floats)
 
* +32 = [float] Checkpoint radius
 
  
==Garages and Parking==
+
===Garages and Parking===
 
'''Note, that the memory location of garages can vary depending on the scm script you use.'''
 
'''Note, that the memory location of garages can vary depending on the scm script you use.'''
  
There are 50 Garages in the game. Each garage has:-
+
There are [[Garage#San_Andreas_2|50 garages]] in the game. Each garage has:-
 
* Position
 
* Position
 
* Details
 
* Details
Line 753: Line 1,094:
  
 
These are found in the garage object of 212 bytes. The memory locations where the garages start are:
 
These are found in the garage object of 212 bytes. The memory locations where the garages start are:
* 0x96C048 (start of first garage)
+
* <code>0x96C048</code> (start of first garage)
* +0xD4 (offset for second garage - offset this much again for third garage, again for fourth, etc.)
+
* +<code>0xD4</code> (offset for second garage offset this much again for third garage, again for fourth, etc.)
* 0x96C120 (start of final garage)
+
* <code>0x96C120</code> (start of final garage)
  
 
(Tested using non-patched original v1.0 German EXE with English language option selected, and original SCM file.)
 
(Tested using non-patched original v1.0 German EXE with English language option selected, and original SCM file.)
Line 762: Line 1,103:
  
 
Here is the known garage offsets:
 
Here is the known garage offsets:
* +0 = [float] X Coord of the Garage Lower Left corner
+
* +<code>0x0</code> = [CVector] Coord of the Garage Lower Left corner
* +4 = [float] Y Coord of the Garage Lower Left corner
+
* +<code>0xC</code> = [CVector2D] Value of direction vector 1
* +8 = [float] Z Coord of the Garage Lower Left corner
+
* +<code>0x14</code> = [CVector2D] Value of direction vector 2
* +12 = [float] X Value of direction vector 1
+
* +<code>0x1C</code> = [float] Top Z Coord. of the garage
* +16 = [float] Y Value of direction vector 1
+
* +<code>0x20</code> = [float] Normalized Width of the garage
* +20 = [float] X Value of direction vector 2
+
* +<code>0x24</code> = [float] Normalized Depth of the garage
* +24 = [float] Y Value of direction vector 2
+
* +<code>0x28</code> = [float] Left Border (X) corrdinate
* +28 = [float] Top Z Coord. of the garage
+
* +<code>0x2C</code> = [float] Right Border (X) corrdinate
* +32 = [float] Normalized Width of the garage
+
* +<code>0x30</code> = [float] Front Border (Y) corrdinate
* +36 = [float] Normalized Depth of the garage
+
* +<code>0x34</code> = [float] Back Border (Y) corrdinate
* +40 = [float] Left Border (X) corrdinate
+
* +<code>0x38</code> = [float] Garage Door Position
* +44 = [float] Right Border (X) corrdinate
+
* +<code>0x3C</code> = [dword] unknown (Timer)
* +48 = [float] Front Border (Y) corrdinate
+
* +<code>0x40</code> = [dword] unknown (not saved)
* +52 = [float] Back Border (Y) corrdinate
+
* +<code>0x44</code> = [chars] Garage Name (7 bytes + nul)
* +77 = [byte] Garage Door State values:
+
* +<code>0x4C</code> = [byte] Garage Type
** 0 = Closed
+
* +<code>0x4D</code> = [byte] Garage Door State values:
** 1 = Open
+
** 0 = closed
** 2 = Closing
+
** 1 = open
** 3 = Opening
+
** 2 = closing
 +
** 3 = opening
 +
* +<code>0x4E</code> = [byte] Door Flags
 +
** <code>0x01</code> = used mod shop (?)
 +
** <code>0x02</code> = inactive door
 +
** <code>0x04</code> = used Pay'n'Spray (?)
 +
** <code>0x08</code> = small door (reflective?)
 +
** <code>0x10</code> = up and in door
 +
** <code>0x20</code> = camera follows player
 +
** <code>0x40</code> = door is closed flag
 +
** <code>0x80</code> = girlfriend PnS
 +
* +<code>0x4F</code> = [byte] Original Type
  
 
The direction vector 3 is completely left out, I think because the garages are always even to the ground. I think that is also why the Z values of the direction vectors are also left-out.
 
The direction vector 3 is completely left out, I think because the garages are always even to the ground. I think that is also why the Z values of the direction vectors are also left-out.
  
Here are the static Adresses of the Garage Blocks, and to which garage they belong:
+
Note: Direction Vectors marked above may be Quaternions.
* 0x96C048 - Commerce Region, Loading Bay Garage
+
 
* 0x96C120 - Unknown Garage
+
Here are the static Addresses of the Garage Blocks, and to which garage they belong:
* 0x96C1F8 - Unknown Garage near El Corona
+
* <code>0x96C048</code> – Commerce Region, Loading Bay Garage (Life's a Beach)
* 0x96C2D0 - Eight Ball Autos near El Corona
+
* <code>0x96C120</code> – LSPD Police Impound Garage
* 0x96C3A8 - Unknown Garage near El Corona
+
* <code>0x96C1F8</code> – Mission Garage near El Corona (Los Desperados)
* 0x96C480 - Player Garage: El Corona
+
* <code>0x96C2D0</code> – Eight Ball Autos near El Corona
* 0x96C558 - Unknown Garage near Playe del Seville
+
* <code>0x96C3A8</code> – Mission Garage near El Corona (Cesar Vialpando)
* 0x96C630 - LowRider Tuning Garage in Willowfield
+
* <code>0x96C480</code> – Player Garage: El Corona
* 0x96C708 - Pay 'n' Spray in Idlewood
+
* <code>0x96C558</code> – LS Burglary Garage near Playe del Seville
* 0x96C7E0 - Player Garage: Johnson House
+
* <code>0x96C630</code> – LowRider Tuning Garage in Willowfield
* 0x96C8B8 - Pay 'n' Spray in Temple
+
* <code>0x96C708</code> – Pay 'n' Spray in Idlewood
* 0x96C990 - Transfender in Temple
+
* <code>0x96C7E0</code> – Player Garage: Johnson House
* 0x96CA68 - Pay 'n' Spray in Santa Maria Beach
+
* <code>0x96C8B8</code> – Pay 'n' Spray in Temple
* 0x96CB40 - Player Garage: Santa Maria Beach
+
* <code>0x96C990</code> – Transfender in Temple
* 0x96CC18 - Player Garage: Mulholland
+
* <code>0x96CA68</code> – Pay 'n' Spray in Santa Maria Beach
* 0x96CCF0 - Wheel Archangels in Ocean Flats
+
* <code>0x96CB40</code> – Player Garage: Santa Maria Beach
* 0x96CDC8 - Unknown Garage in Ocean Flats
+
* <code>0x96CC18</code> – Player Garage: Mulholland
* 0x96CEA0 - Player Garage: Hashbury
+
* <code>0x96CCF0</code> – Wheel Archangels in Ocean Flats
* 0x96CF78 - Transfender near Wang Cars in Doherty
+
* <code>0x96CDC8</code> – Mission Garage in Ocean Flats (T-Bone Mendez)
* 0x96D050 - Pay 'n' Spray near Wang Cars in Doherty
+
* <code>0x96CEA0</code> – Player Garage: Hashbury
* 0x96D128 - Unknown Garage, Loading Bay near Doherty
+
* <code>0x96CF78</code> – Transfender near Wang Cars in Doherty
* 0x96D200 - Player Garage: Doherty
+
* <code>0x96D050</code> – Pay 'n' Spray near Wang Cars in Doherty
* 0x96D2D8 - Unknown Garage in Doherty
+
* <code>0x96D128</code> – SF Burglary Garage, Loading Bay near Doherty
* 0x96D3B0 - Unknown Garage in Chinatown
+
* <code>0x96D200</code> – Player Garage: Doherty
* 0x96D488 - Michelles Pay 'n' Spray in Downtown
+
* <code>0x96D2D8</code> – Mission Garage in Doherty Garage
* 0x96D560 - Player Garage: Calton Heights
+
* <code>0x96D3B0</code> – Woozie's Mission Garage in Chinatown (Ran Fa Li)
* 0x96D638 - Police Garage in DownTown
+
* <code>0x96D488</code> – Michelle's Pay 'n' Spray in Downtown
* 0x96D710 - Pay 'n' Spray in Juniper Hollow
+
* <code>0x96D560</code> – Player Garage: Calton Heights
* 0x96D7E8 - Player Garage: Paradiso
+
* <code>0x96D638</code> – SFPD Police Impound Garage
* 0x96D8C0 - Unknown Garage near Emerald Isle
+
* <code>0x96D710</code> – Pay 'n' Spray in Juniper Hollow
* 0x96D998 - Airport Plane Garage in Las Venturas
+
* <code>0x96D7E8</code> – Player Garage: Paradiso
* 0x96DA70 - Unknown Garage near Camel's Toe
+
* <code>0x96D8C0</code> – LVPD Police Impound Garage
* 0x96DB48 - Pay 'n' Spray near Royal Casino
+
* <code>0x96D998</code> – Airport Plane Garage in Las Venturas
* 0x96DC20 - Transfender in come-a-lot
+
* <code>0x96DA70</code> – LV Burglary Garage near Camel's Toe
* 0x96DCF8 - Player Garage: Rockshore West
+
* <code>0x96DB48</code> – Pay 'n' Spray near Royal Casino
* 0x96DDD0 - Welding Wedding Bomb-workshop in Emerald Isle
+
* <code>0x96DC20</code> – Transfender in come-a-lot
* 0x96DEA8 - Pay 'n' Spray in Redsands East
+
* <code>0x96DCF8</code> – Player Garage: Rockshore West
* 0x96DF80 - Player Garage: Redland West
+
* <code>0x96DDD0</code> – Welding Wedding Bomb-workshop in Emerald Isle
* 0x96E058 - Player Garage: Prickle Pine
+
* <code>0x96DEA8</code> – Pay 'n' Spray in Redsands East
* 0x96E130 - Player Garage: Whitewood Estates
+
* <code>0x96DF80</code> – Player Garage: Redsands West
* 0x96E208 - Pay 'n' Spray in El Quebrados
+
* <code>0x96E058</code> – Player Garage: Prickle Pine
* 0x96E2E0 - Pay 'n' Spray in Fort Carson
+
* <code>0x96E130</code> – Player Garage: Whitewood Estates
* 0x96E3B8 - Player Garage: Fort Carson
+
* <code>0x96E208</code> – Pay 'n' Spray in El Quebrados
* 0x96E490 - Player Garage: Derdant Meadows
+
* <code>0x96E2E0</code> – Pay 'n' Spray in Fort Carson
* 0x96E568 - Unknown Garage in Bone County
+
* <code>0x96E3B8</code> – Player Garage: Fort Carson
* 0x96E640 - Airport Garage in Verdant Meadows
+
* <code>0x96E490</code> – Player Garage: Verdant Meadows
* 0x96E718 - Unknown Garage in Angel Pine
+
* <code>0x96E568</code> – Mission Garage in El Castillo del Diablo (Interdiction)
* 0x96E7F0 - Pay 'n' Spray in Dillimore
+
* <code>0x96E640</code> – Airport Garage in Verdant Meadows
* 0x96E8C8 - Player Garage: Palomino Creek
+
* <code>0x96E718</code> – Mission Garage in Angel Pine (Puncture Wounds)
* 0x96E9A0 - Player Garage: Dillimore
+
* <code>0x96E7F0</code> – Pay 'n' Spray in Dillimore
 +
* <code>0x96E8C8</code> – Player Garage: Palomino Creek
 +
* <code>0x96E9A0</code> – Player Garage: Dillimore
  
 
Static Mem. Locations for garages:
 
Static Mem. Locations for garages:
* 0x96ABD8 - Johnson House Car 1
+
* <code>0x96ABD8</code> – Johnson House Car 1
* 0x96AC18 - Johnson House Car 2
+
* <code>0x96AC18</code> – Johnson House Car 2
* 0x96AC58 - unknown
+
* <code>0x96AC58</code> – Johnson House Car 3
* 0x96AC98 - unknown
+
* <code>0x96AC98</code> – Johnson House Car 4
* 0x96ACD8 - Santa Maria Beach Car 1
+
* <code>0x96ACD8</code> – Santa Maria Beach Car 1
* 0x96AD18 - Santa Maria Beach Car 2
+
* <code>0x96AD18</code> – Santa Maria Beach Car 2
* 0x96AD58 - Santa Maria Beach Car 3
+
* <code>0x96AD58</code> – Santa Maria Beach Car 3
* 0x96AD98 - Santa Maria Beach Car 4
+
* <code>0x96AD98</code> – Santa Maria Beach Car 4
* 0x96ADD8 - Rockshore West Car 1
+
* <code>0x96ADD8</code> – Rockshore West Car 1
* 0x96AE18 - Rockshore West Car 2
+
* <code>0x96AE18</code> – Rockshore West Car 2
* 0x96AE58 - Rockshore West Car 3
+
* <code>0x96AE58</code> – Rockshore West Car 3
* 0x96AE98 - Rockshore West Car 4
+
* <code>0x96AE98</code> – Rockshore West Car 4
* 0x96AED8 - Fort Carson Car 1
+
* <code>0x96AED8</code> – Fort Carson Car 1
* 0x96AF18 - Fort Carson Car 2
+
* <code>0x96AF18</code> – Fort Carson Car 2
* 0x96AF58 - Fort Carson Car 3
+
* <code>0x96AF58</code> – Fort Carson Car 3
* 0x96AF98 - Fort Carson Car 4
+
* <code>0x96AF98</code> – Fort Carson Car 4
* 0x96AFD8 - Derdant Meadows Car 1
+
* <code>0x96AFD8</code> – Verdant Meadows Car 1
* 0x96B018 - Derdant Meadows Car 2
+
* <code>0x96B018</code> – Verdant Meadows Car 2
* 0x96B058 - Derdant Meadows Car 3
+
* <code>0x96B058</code> – Verdant Meadows Car 3
* 0x96B098 - Derdant Meadows Car 4
+
* <code>0x96B098</code> – Verdant Meadows Car 4
* 0x96B0D8 - Dillimore Car 1
+
* <code>0x96B0D8</code> – Dillimore Car 1
* 0x96B118 - Dillimore Car 2
+
* <code>0x96B118</code> – Dillimore Car 2
* 0x96B158 - Dillimore Car 3
+
* <code>0x96B158</code> – Dillimore Car 3
* 0x96B198 - Dillimore Car 4
+
* <code>0x96B198</code> – Dillimore Car 4
* 0x96B1D8 - Prickle Pine Car 1
+
* <code>0x96B1D8</code> – Prickle Pine Car 1
* 0x96B218 - Prickle Pine Car 2
+
* <code>0x96B218</code> – Prickle Pine Car 2
* 0x96B258 - Prickle Pine Car 3
+
* <code>0x96B258</code> – Prickle Pine Car 3
* 0x96B298 - Prickle Pine Car 3
+
* <code>0x96B298</code> – Prickle Pine Car 3
* 0x96B2D8 - Whitewood Estates Car 1
+
* <code>0x96B2D8</code> – Whitewood Estates Car 1
* 0x96B318 - Whitewood Estates Car 2
+
* <code>0x96B318</code> – Whitewood Estates Car 2
* 0x96B358 - Whitewood Estates Car 3
+
* <code>0x96B358</code> – Whitewood Estates Car 3
* 0x96B398 - Whitewood Estates Car 4
+
* <code>0x96B398</code> – Whitewood Estates Car 4
* 0x96B3D8 - Palomino Creek Car 1
+
* <code>0x96B3D8</code> – Palomino Creek Car 1
* 0x96B418 - Palomino Creek Car 2
+
* <code>0x96B418</code> – Palomino Creek Car 2
* 0x96B458 - Palomino Creek Car 3
+
* <code>0x96B458</code> – Palomino Creek Car 3
* 0x96B498 - Palomino Creek Car 4
+
* <code>0x96B498</code> – Palomino Creek Car 4
* 0x96B4D8 - Redlands West Car 1
+
* <code>0x96B4D8</code> – Redlands West Car 1
* 0x96B518 - Redlands West Car 2
+
* <code>0x96B518</code> – Redlands West Car 2
* 0x96B558 - Redlands West Car 3
+
* <code>0x96B558</code> – Redlands West Car 3
* 0x96B598 - Redlands West Car 4
+
* <code>0x96B598</code> – Redlands West Car 4
* 0x96B5D8 - El Corona Car 1
+
* <code>0x96B5D8</code> – El Corona Car 1
* 0x96B618 - El Corona Car 2
+
* <code>0x96B618</code> – El Corona Car 2
* 0x96B658 - El Corona Car 3
+
* <code>0x96B658</code> – El Corona Car 3
* 0x96B698 - El Corona Car 4
+
* <code>0x96B698</code> – El Corona Car 4
* 0x96B6D8 - MulHolland Car 1
+
* <code>0x96B6D8</code> – MulHolland Car 1
* 0x96B718 - MulHolland Car 2
+
* <code>0x96B718</code> – MulHolland Car 2
* 0x96B758 - MulHolland Car 3
+
* <code>0x96B758</code> – MulHolland Car 3
* 0x96B798 - MulHolland Car 4
+
* <code>0x96B798</code> – MulHolland Car 4
* 0x96B7D8 - Location around train station in El Corona
+
* <code>0x96B7D8</code> – LSPD Impound Car 1
* 0x96B818 - Location around johnson house
+
* <code>0x96B818</code> – LSPD Impound Car 2
* 0x96B858 - Location around train station in El Corona
+
* <code>0x96B858</code> – LSPD Impound Car 3
* 0x96B898 - Unknown
+
* <code>0x96B898</code> – LSPD Impound unused
* 0x96B8D8 - Location near Xoomer Tank Station
+
* <code>0x96B8D8</code> – SFPD Impound Car 1
* 0x96B918 - Location near Girlfriend Michelle
+
* <code>0x96B918</code> – SFPD Impound Car 2
* 0x96B958 - Location near misty's bar in garcia
+
* <code>0x96B958</code> – SFPD Impound Car 3
* 0x96B998 - Unknown
+
* <code>0x96B998</code> – SFPD Impound unused
* 0x96B9D8 - Location near the four dragons casino
+
* <code>0x96B9D8</code> – LVPD Impound Car 1
* 0x96BA18 - Location near the four dragons casino
+
* <code>0x96BA18</code> – LVPD Impound Car 2
* 0x96BA58 - Location near caliguas palace
+
* <code>0x96BA58</code> – LVPD Impound Car 3
* 0x96BA98 - Unknown
+
* <code>0x96BA98</code> – LVPD Impound usued
* 0x96BAD8 - Calton Heights Car 1
+
* <code>0x96BAD8</code> – Calton Heights Car 1
* 0x96BB18 - Calton Heights Car 2
+
* <code>0x96BB18</code> – Calton Heights Car 2
* 0x96BB58 - Calton Heights Car 3
+
* <code>0x96BB58</code> – Calton Heights Car 3
* 0x96BB98 - Calton Heights Car 4
+
* <code>0x96BB98</code> – Calton Heights Car 4
* 0x96BBD8 - Paradiso Car 1
+
* <code>0x96BBD8</code> – Paradiso Car 1
* 0x96BC18 - Paradiso Car 2
+
* <code>0x96BC18</code> – Paradiso Car 2
* 0x96BC58 - Paradiso Car 3
+
* <code>0x96BC58</code> – Paradiso Car 3
* 0x96BC98 - Paradiso Car 4
+
* <code>0x96BC98</code> – Paradiso Car 4
* 0x96BCD8 - Doherty Car 1
+
* <code>0x96BCD8</code> – Doherty Car 1
* 0x96BD18 - Doherty Car 2
+
* <code>0x96BD18</code> – Doherty Car 2
* 0x96BD58 - Doherty Car 3
+
* <code>0x96BD58</code> – Doherty Car 3
* 0x96BD98 - Doherty Car 4
+
* <code>0x96BD98</code> – Doherty Car 4
* 0x96BDD8 - Hashbury Car 1
+
* <code>0x96BDD8</code> – Hashbury Car 1
* 0x96BE18 - Hashbury Car 2
+
* <code>0x96BE18</code> – Hashbury Car 2
* 0x96BE58 - Hashbury Car 3
+
* <code>0x96BE58</code> – Hashbury Car 3
* 0x96BE98 - Hashbury Car 4
+
* <code>0x96BE98</code> – Hashbury Car 4
* 0x96BED8 - Derdant Meadows Airport Car 1
+
* <code>0x96BED8</code> – Verdant Meadows Airport Car 1
* 0x96BF18 - Derdant Meadows Airport Car 2
+
* <code>0x96BF18</code> – Verdant Meadows Airport Car 2
* 0x96BF58 - Derdant Meadows Airport Car 3
+
* <code>0x96BF58</code> – Verdant Meadows Airport Car 3
* 0x96BF98 - Derdant Meadows Airport Car 4
+
* <code>0x96BF98</code> – Verdant Meadows Airport Car 4
 +
 
 +
Offsets:
 +
* +<code>0x0</code> = [CVector] Coord
 +
* +<code>0xE</code> = [word] BPDPEPFP coding
 +
* +<code>0x10</code> = [word] Car ID
 +
* +<code>0x2F</code> = [byte] Body Color ordinal
 +
* +<code>0x30</code> = [byte] Stripe Color ordinal
 +
* +<code>0x3C</code> = [float] Car Angle
  
==Interface==
+
===Interface===
* 0xBAB22C - [byte] Health bar color (RGBA, 4 bytes)
+
* <code>0xBAB22C</code> – [byte] Health bar/red text/enemy marker/anything red color (RGBA, 4 bytes)
* 0xBAB230 - [byte] Money font color (RGBA, 4 bytes)
+
* <code>0xBAB230</code> – [byte] Money font color/vehicle entry name/green text/anything green color (RGBA, 4 bytes)
 +
* <code>0xBAB238</code> – [byte] White text color (RGBA, 4 bytes)
 +
* <code>0xBAB240</code> – [byte] Main menu title border (RGBA, 4 bytes)
 +
* <code>0xBAB244</code> – [byte] Wanted level color (RGBA, 4 bytes)
 +
* <code>0xBAB24C</code> – [byte] Radio station text color (RGBA, 4 bytes)
 +
* <code>0xBAB258</code> – [byte] Yellow blip/text color (RGBA, 4 bytes)
  
==Menu==
+
===Menu===
 
The following addresses have been found:
 
The following addresses have been found:
  
0xBA6748 - Base address.
+
<code>0xBA6748</code> – Base address.
  
* +0x15D = [byte] Current Menu ID
+
* +<code>0x15D</code> = [byte] Current Menu ID
* +0x78D = [byte] Show menu item hover
+
* +<code>0x78D</code> = [byte] Show menu item hover
* +0x54 = [dword] Selected menu item
+
* +<code>0x54</code> = [dword] Selected menu item
  
* +0xE9 = [byte] Main menu switch (startup menu/menu when playing)
+
* +<code>0xE9</code> = [byte] Main menu switch (startup menu/menu when playing)
* +0x84 = [dword] Language
+
* +<code>0x84</code> = [dword] Language
* +0x15F = [byte] Selected savegame
+
* +<code>0x15F</code> = [byte] Selected savegame
* +0x24 = [dword] Radar mode
+
* +<code>0x24</code> = [dword] Radar mode
  
* +0x64 = [float] Map zoom
+
* +<code>0x64</code> = [float] Map zoom
* +0x68 = [float] Map x position
+
* +<code>0x68</code> = [float] Map x position
* +0x6C = [float] Map y position
+
* +<code>0x6C</code> = [float] Map y position
  
* +0x5C = [byte] Player in menu?
+
* +<code>0x5C</code> = [byte] Player in menu?
  
==Menu IDs==
+
===Menu IDs===
Known Menu IDs (get ID at 0xBA68A5):
+
Known Menu IDs (get ID at <code>0xBA68A5</code>):
 
* 0 = Stats
 
* 0 = Stats
 
* 1 = Start game
 
* 1 = Start game
Line 952: Line 1,319:
 
* 6 = Question start new game
 
* 6 = Question start new game
 
* 7 = Game selection
 
* 7 = Game selection
* 8 = Question load mission pack
+
* 8 = Question load [[Mission_Pack|mission pack]]
 
* 9 = Load game
 
* 9 = Load game
 
* 10 = Delete game
 
* 10 = Delete game
Line 988: Line 1,355:
 
* 43 = Empty
 
* 43 = Empty
  
== SCM related ==
+
=== SCM related ===
* 0xA49960 - Start of the SCM block (0xA49960 + (4 * varnumber) is that particular variable)
+
* <code>0xA49960</code> – Start of the SCM block (<code>0xA49960</code> + (4 * varnumber) is that particular variable)
* 0xA7A6A0 - Start of the mission block (69000 bytes)
+
* <code>0xA7A6A0</code> – Start of the mission block (69000 bytes)
* 0x464080 - GetOpcodeParameters()
+
* <code>0x464080</code> – GetOpcodeParameters()
* 0xA447F4 - Command count
+
* <code>0xA447F4</code> – Command count
* 00469F00 - CRunningScript_ProcessOneCommand
+
* <code>0x469F00</code> – CRunningScript_ProcessOneCommand
* 0x464080 - CRunningScript_CollectParameters
+
* <code>0x464080</code> – CRunningScript_CollectParameters
* 0x4859D0 - CRunningScript_UpdateCompareFlag
+
* <code>0x4859D0</code> – CRunningScript_UpdateCompareFlag
* 0x469390 - Game_Script_Thread struct
+
* <code>0x469390</code> – Game_Script_Thread struct
* 0xA43C78 - Where the routine above stores opcode parameters values. Max 16 paramters for an opcode it seems
+
* <code>0xA43C78</code> – Where the routine above stores opcode parameters values. Max 16 paramters for an opcode it seems
* 0x8A6168 - "Master" jumptable, each dword points to one of 27 different functions, each one handling approx 100 opcodes
+
* <code>0x8A6168</code> – "Master" jumptable, each dword points to one of 27 different functions, each one handling approx 100 opcodes
* 0x466C50 - Opcodes 0000 - 0063. Array of dword, each pointing to the function for that opcode
+
* <code>0x466C50</code> – Opcodes 0000 0063. Array of dword, each pointing to the function for that opcode
* 0x468364 - Opcodes 0064 - 00C4. Array of dword, each pointing to the function for that opcode
+
* <code>0x468364</code> – Opcodes 0064 00C4. Array of dword, each pointing to the function for that opcode
* 0x469E4C - Opcodes 00D6 - 0129. Array of byte, each byte is an index for the array of dword at 0x469DD4, which points to the opcode function
+
* <code>0x469E4C</code> – Opcodes 00D6 0129. Array of byte, each byte is an index for the array of dword at <code>0x469DD4</code>, which points to the opcode function
* 0x47D1B4 - Opcodes 0137 - 018F. Array of byte, each byte is an index for the array of dword at 0x47D0F4, which points to the opcode function
+
* <code>0x47D1B4</code> – Opcodes 0137 018F. Array of byte, each byte is an index for the array of dword at <code>0x47D0F4</code>, which points to the opcode function
* 0x47DFE0 - Opcodes 0190 - 01F3. Array of byte, each byte is an index for the array of dword at 0x47DF58, which points to the opcode function
+
* <code>0x47DFE0</code> – Opcodes 0190 01F3. Array of byte, each byte is an index for the array of dword at <code>0x47DF58</code>, which points to the opcode function
* 0x47F304 - Opcodes 01F4 - 0256. Array of byte, each byte is an index for the array of dword at 0x47F24C, which points to the opcode function
+
* <code>0x47F304</code> – Opcodes 01F4 0256. Array of byte, each byte is an index for the array of dword at <code>0x47F24C</code>, which points to the opcode function
* 0x47FA04 - Opcodes 0292 - 02B8. Array of byte, each byte is an index for the array of dword at 0x47F9BC, which points to the opcode function
+
* <code>0x47FA04</code> – Opcodes 0292 02B8. Array of byte, each byte is an index for the array of dword at <code>0x47F9BC</code>, which points to the opcode function
* 0x480FD8 - Opcodes 02BE - 031D. Array of byte, each byte is an index for the array of dword at 0x480F10, which points to the opcode function
+
* <code>0x480FD8</code> – Opcodes 02BE 031D. Array of byte, each byte is an index for the array of dword at <code>0x480F10</code>, which points to the opcode function
* 0x4836B8 - Opcodes 0320 - 0382. Array of byte, each byte is an index for the array of dword at 0x483600, which points to the opcode function
+
* <code>0x4836B8</code> – Opcodes 0320 0382. Array of byte, each byte is an index for the array of dword at <code>0x483600</code>, which points to the opcode function
 
(No time to finish now, will finish later)
 
(No time to finish now, will finish later)
  
===Threads===
+
====Threads====
0xA8B430 - Start of the threads pool. There are two queues: the active threads and inactive ones.<br>
+
<code>0xA8B430</code> – Start of the threads pool. There are two queues: the active threads and inactive ones.<br>
0xA8B42C - Pointer to the first active SCM thread.<br>
+
<code>0xA8B42C</code> – Pointer to the first active SCM thread.<br>
0xA8B428 - Pointer to the first inactive SCM thread.
+
<code>0xA8B428</code> – Pointer to the first inactive SCM thread.
 +
 
 +
Each thread has size of 224 (<code>0xE0</code>) bytes.  
  
Each thread has size of 224 (0xE0) bytes.  
+
* +<code>0x0</code> = [void*] Pointer to the next thread in a queue
 +
* +<code>0x4</code> = [void*] Pointer to the previous thread in a queue
 +
* +<code>0x8</code> = [char] Thread name given by the opcode [[03A4]], char 8
 +
* +<code>0x10</code> = [dword] Thread base IP (used in the missions and [[External_Script|external scripts]] to calculate a global address of a local jump offset)
 +
* +<code>0x14</code> = [dword] Current IP
 +
* +<code>0x18</code> = [dword] Return stack (stores the current IP when a gosub executed, dword 8)
 +
* +<code>0x38</code> = [word] Last item index of the return stack
 +
* +<code>0x3C</code> = [dword] Local variables array, dword 32
 +
* +<code>0xBC</code> = [dword] Automatically incrementing timers, dword 2
 +
* +<code>0xC4</code> = [boolean] Thread active flag
 +
* +<code>0xC5</code> = [boolean] IF result
 +
* +<code>0xC6</code> = [boolean] Mission flag
 +
* +<code>0xC7</code> = [boolean] External script flag
 +
* +<code>0xC8</code> = [boolean] Unknown flag (in menu?). Used in [[03E5]]
 +
* +<code>0xC9</code> = [boolean] Unknown flag (ID of an assigned script?)
 +
* +<code>0xCC</code> = [dword] Wakeup time (set by [[0001]])
 +
* +<code>0xD0</code> = [word] IF number (set by [[00D6]])
 +
* +<code>0xD2</code> = [boolean] Not flag (if a condition to check is negative – any opcodes higher than <code>0x7FFF</code>)
 +
* +<code>0xD3</code> = [boolean] Wasted or busted check enabled flag (set by [[0111]]); '''only for missions'''
 +
* +<code>0xD4</code> = [boolean] Player is wasted or busted flag; '''only for missions'''
 +
* +<code>0xD8</code> = [dword] Skip scene IP (used by opcodes [[0707]], [[0701]])
 +
* +<code>0xDC</code> = [boolean] Mission flag
  
* +0 = [void*] Pointer to the next thread in a queue
+
====External Scripts Info====
* +4 = [void*] Pointer to the previous thread in a queue
+
<code>0xA47B60</code> – Start of the external scripts info pool. There are 82 elements with 32 bytes of size each
* +8 = [char] Thread name given by the opcode [[03A4]], char 8
+
* +<code>0x0</code> = [dword] Script IP
* +16 = [dword] Thread base IP (used in the missions and [[External_Script|external scripts]] to calculate a global address of a local jump offset)
+
* +<code>0x4</code> = [word] Status (can be obtained by [[0926]])
* +20 = [dword] Current IP
+
* +<code>0x6</code> = [word] Index in SCM (a number as defined in the scm header)
* +24 = [dword] Return stack (stores the current IP when a gosub executed, dword 8)
+
* +<code>0x8</code> = [char] Name, char 20
* +56 = [word] Last item index of the return stack
+
* +<code>0x1C</code> = [dword] Size
* +60 = [dword] Local variables array, dword 32
 
* +188 = [dword] Automatically incrementing timers, dword 2
 
* +196 = [boolean] Thread active flag
 
* +197 = [boolean] IF result
 
* +198 = [boolean] Mission flag
 
* +199 = [boolean] External script flag
 
* +200 = [boolean] Unknown flag (in menu?). Used in [[03E5]]
 
* +201 = [boolean] Unknown flag (ID of an assigned script?)
 
* +204 = [dword] Wakeup time (set by [[0001]])
 
* +208 = [word] IF number (set by [[00D6]])
 
* +210 = [boolean] Not flag (if a condition to check is negative – any opcodes higher than 0x7FFF)
 
* +211 = [boolean] Wasted or busted check enabled flag (set by [[0111]]); '''only for missions'''
 
* +212 = [boolean] Player is wasted or busted flag; '''only for missions'''
 
* +216 = [dword] Skip scene IP (used by opcodes [[0707]], [[0701]])
 
* +220 = [boolean] Mission flag
 
  
===External Scripts Info===
+
<code>0xA485A0</code> – [dword] Size of the largest external script<br>
0xA47B60 Start of the external scripts info pool. There are 82 elements with 32 bytes of size each
+
<code>0xA485A4</code> – [dword] Total scripts count
* +0 = [dword] Script IP
 
* +4 = [word] Status (can be obtained by [[0926]])
 
* +6 = [word] Index in SCM (a number as defined in the scm header)
 
* +8 = [char] Name, char 20
 
* +28 = [dword] Size
 
  
0xA485A0 – [dword] Size of the largest external script<br>
+
====Restart Locations====
0xA485A4 – [dword] Total scripts count
+
Also see: opcodes [[016C]] and [[016D]] / [[GTA_SA_Saves#Block_8:_Restart_Locations|save file block 8]]
 +
<br>
 +
An unmodded game has 7 restart locations for "busted" and 8 for "wasted". The memory structure suggests a limit of 10 for both of these.
 +
* <code>0xA43268</code>: dword -- number of busted structures
 +
* <code>0xA4326C</code>: dword -- number of wasted structures
 +
* <code>0xA43270</code>: float[10] -- town numbers for busted structures (1 LS / 2 Country+SF / 3 Desert+LV)
 +
* <code>0xA43298</code>: float[10] -- angles for busted structures
 +
* <code>0xA432C0</code>: float[10] -- town numbers for wasted structures (1 LS / 2 Country+SF / 3 Desert+LV)
 +
* <code>0xA432E8</code>: float[10] -- angles for wasted structures
 +
* <code>0xA43310</code>: float -- unused float, only set up to (0.005 * 0.0625 = 0.0003125), 1/0.0003125 = 3200.0
 +
* <code>0xA43318</code>: float[3][10] -- x,y,z – respawn coords for wasted structures
 +
* <code>0xA43390</code>: float[3][10] -- x,y,z respawn coords for busted structures
 +
* <code>0xA43408</code>: byte[12] -- unknown; matching 12 unknown bytes of [[GTA_SA_Saves#Block_8:_Restart_Locations|save block 8]], <code>0x01</code> after Busted structures
 +
* <code>0xA43414</code>: byte[12] -- unknown; matching 12 unknown bytes of [[GTA_SA_Saves#Block_8:_Restart_Locations|save block 8]], <code>0x0F</code> after Busted structures
 +
* <code>0xA43420</code>: [end]
 +
Notes:
 +
* Town nos. and angles have the busted structures first but coords have the wasted structures first.
 +
* I'm not sure about the end of this structure, but I couldn't recognize anything from the according save block 8 after <code>0xA43420</code>.
  
===Misc===
+
====Misc====
0xA4892C – Start of the pool stored the flipped vehicles handles. There are 6 elements in there, with each of them:
+
<code>0xA4892C</code> – Start of the pool stored the flipped vehicles handles. There are 6 elements in there, with each of them:
* +0 = [dword] Vehicle handle to check if it flipped. Stored by opcode [[0190]].
+
* +<code>0x0</code> = [dword] Vehicle handle to check if it flipped. Stored by opcode [[0190]].
* +4 = [dword] Time in ms passed from the moment a vehicle flipped. Used by opcode [[018F]]
+
* +<code>0x4</code> = [dword] Time in ms passed from the moment a vehicle flipped. Used by opcode [[018F]]
  
00A90850 – Start of the mission cleanup list. This list keeps the handles of any entities created during a mission. When the opcode [[00D8]] executed (normally it happens at the end of any mission), the game reads this list and destroys everything being stored there. Maximum of the items in the list is 75. Each item has the following structure:
+
<code>0xA90850</code> – Start of the mission cleanup list. This list keeps the handles of any entities created during a mission. When the opcode [[00D8]] executed (normally it happens at the end of any mission), the game reads this list and destroys everything being stored there. Maximum items on the list is 75. Each item has the following structure:
* +0 = [byte] Entity type:
+
* +<code>0x0</code> = [byte] Entity type:
** 1 - Vehicle
+
** 1 – vehicle
** 2 - Actor
+
** 2 – actor
** 3 - Object
+
** 3 – object
** 4 - Particle
+
** 4 – particle
** 5 – Group ([[062F]])
+
** 5 – group ([[062F]])
 
** 7 – AS_origin ([[061D]])
 
** 7 – AS_origin ([[061D]])
** 8 - Action_sequence
+
** 8 – action_sequence
** 9 - Decision maker
+
** 9 – decision maker
** 11 - Searchlight
+
** 11 – searchlight
** 13 - Txd_dictionary
+
** 13 – txd_dictionary
* +4 = [dword] Entity handle (an index in the proper pool)
+
* +<code>0x4</code> = [dword] entity handle (an index in the proper pool)
  
= Weather Codes=
+
== Weather Codes==
0xC81318 - [word] Weather lock (by AlienX).<br>
+
<code>0xC81318</code> – [word] Weather lock (by AlienX).<br>
0xC8131C - [word] Upcoming weather.<br>
+
<code>0xC8131C</code> – [word] Upcoming weather.<br>
0xC81320 - [word] Current weather.<br>
+
<code>0xC81320</code> – [word] Current weather.<br>
 
<br>
 
<br>
 
The following values tie up with the sections in data/[[timecycp.dat]].  There are several different kinds of weathers (including underwater), and the current weather affects viewing distance, sky colour, fog intensity, and other things like that.  The appearance of each weather is time-dependent too.
 
The following values tie up with the sections in data/[[timecycp.dat]].  There are several different kinds of weathers (including underwater), and the current weather affects viewing distance, sky colour, fog intensity, and other things like that.  The appearance of each weather is time-dependent too.
Line 1,104: Line 1,491:
 
* 22 = EXTRACOLOURS_2 (very dark, gradiented skyline, green) Used for interiors?
 
* 22 = EXTRACOLOURS_2 (very dark, gradiented skyline, green) Used for interiors?
  
<br> The following are not mentioned in that file, make of them what you will:
+
<br> The following are not mentioned in that file, but can be used anyway:
  
 
* 23 to 26 = variations of pale orange
 
* 23 to 26 = variations of pale orange
Line 1,121: Line 1,508:
 
'''Warning: Setting these values to anything higher will result in things like black screen, flickering, really red, etc.'''
 
'''Warning: Setting these values to anything higher will result in things like black screen, flickering, really red, etc.'''
  
= Dependencies=
+
== Dependencies==
 
* Car ptr = player ptr when on foot.  
 
* Car ptr = player ptr when on foot.  
['''Note''': This depends on which address for the pointer is being used, if the car pointer appears to be the same as the player pointer on foot, then you may be using a camera-related target pointer.]
+
'''Note:''' This depends on which address for the pointer is being used, if the car pointer appears to be the same as the player pointer on foot, then you may be using a camera-related target pointer.
* CPed block size = 0x7C4 bytes.
+
* CPed block size = <code>0x7C4</code> bytes.
* CVehicle block size = 0x0A18 bytes.
+
* CVehicle block size = <code>0x0A18</code> bytes.
 
 
=External Links=
 
* [http://www.gtaforums.com/index.php?showtopic=194199 GTASA Memory Addresses] - a topic on GTAForums.
 
  
 +
== External links ==
 +
* {{GTAF|194199|GTASA Memory Addresses}}
 +
{{N|SA}}
 
[[Category:Memory Addresses]]
 
[[Category:Memory Addresses]]

Latest revision as of 17:26, 29 January 2024

40px-Ambox rewrite orange.svg.png This article may need to be rewritten.
Please help improve this article. The discussion page may contain suggestions.

Note that all offsets thus posted have been confirmed for GTA San Andreas (GTA_SA.EXE) version 1.0. This is not for function addresses, for these look into Function Memory Addresses (SA).

Note: None of the memory addresses below will work for GTA: San Andreas v2.0 or 3.0(steam). All addresses in v2.0 and above have been changed or moved. Thus inaccessible.

Base Memory addresses

No category yet

  • 0xB7CE50 – [dword] Money
  • 0xBAA420 – Wanted Level
  • 0x8CDEE4 – [dword] Max wanted level
  • 0x8D5104 – [byte] Current blur level
  • 0x8CB7A5 – [byte] Current Radiostation-ID
  • 0xB700F0 – [dword] Current Car ID (from vehicles.ide) – not for bikes
  • 0xB7CB49 – [byte] Game freezes like when in menu:
    • 0 = normal
    • 1 = everything stops
  • 0xB7CB49 – [byte] Menu show:
    • 0 = leave
    • 1 = show
  • 0x863984 – [float] Gravity (default value: 1.0f/125.0f = 0.008f)
  • 0xB7CB64 – [float] Game speed in percent
  • 0xB7CEE4 – [byte/boolean] Is infinite run
  • 0xB7CEE6 – [byte/boolean] Is player fireproof
  • 0x96C009 – [byte/boolean] Is paynspray free
  • 0xA444A4 – [byte/boolean] Is radar greyed out
  • 0x8D2530 – [float] Pedestrian density multiplier
  • 0x8A5B20 – [float] Vehicle density multiplier
  • 0xB6F065 – [byte/boolean] Widescreen (the view that is displayed during cutscenes, not the display option)
  • 0xA4A948 – Lowrider Challenge score
  • 0xA4EC20 – Dancing minigame score
  • 0xB790B8 – [byte] Photographs taken number (4 bytes)
  • 0xA9AD74 – [byte] Tags number (4 bytes)
  • 0xB791E4 – [byte] Horseshoes number (4 bytes)
  • 0xB791EC – [byte] Oysters number (4 bytes)

Note: For those number above if you change it to maximum amount they appear to pop a message and gives a bonus like weapons in cj savehouses.

  • 0x716642 – [float] Change solid clouds
  • 0x716655 – [float] Disable solid clouds

Note: Both values default to 200. If you change one of them to 100,000 you get very few clouds, a much nicer effect. If you change both of them to 100,000 you never get the clouds.

  • 0xB79078 – [byte] People dropped off in taxi (number used for the stats, 4 bytes)
  • 0xA49C30 – [byte] People dropped off in taxi (number used for giving your reward, 4 bytes)
  • 0xB79040 – [byte] Safehouse visits number (4 bytes)
  • 0xA49EFC – [dword] Denise Progress
  • 0xA49F00 – [dword] Michelle Progress
  • 0xA49F04 – [dword] Helena Progress
  • 0xA49F08 – [dword] Barbara Progress
  • 0xA49F0C – [dword] Katie Progress
  • 0xA49F10 – [dword] Millie Progress

Note: These above six addresses are within the scm block, and valid only for original scm. setting a value to 100 (ie. 100 pct) gives you all gifts of that GF (ie. car keys, wardrobe etc.).

  • 0xB79108 – Number of girls dated
  • 0xB79100 – Current number of girlfriends
  • 0xB79104 – Number of disastrous dates
  • 0xB79110 – Number of successful dates
  • 0xB79060 – Unique jumps found number
  • 0xB79064 – Unique jumps done number
  • 0xBA6774 – Map target:
    • 0 = disabled
    • 1 = enabled
  • 0x86329C – List of valid command names
  • 0xC17054 – A pointer to the main game window handle (typically 0xC8CF88 since the pointer is static).
  • 0xBA3798 – Beginning of ZoneInfo structure
  • 0xBA1DF0 – Beginning of ZonePop structure
  • 0xA94B68 – array of pointers to RwTexture, corresponding to opcode 038F
  • 0xA444A0 – Is HUD enabled by an opcode 0826:
    • 0 = disabled
    • 1 = enabled
  • 0x969110 – [char(30)] Buffer of 30 last typed chars, earlier typed chars are on next bytes.
  • 0xBAA7A0 - [char(150)] Text box(top-left box) (NOTE: Writing a string will show a message box with duration 1-2 seconds)

Time/Timers

  • 0xB70158 – [dword] Timer related to weather and time in ms
  • 0xB610E0 – [dword] A global timer in ms (read only)
  • 0xB7CB84 – [dword] A global timer in ms (while not in menu, read/write)
  • 0xA5153C – [dword] Mission timer from a number to 0 (4 bytes)
  • 0xB7015C – [dword] Defines how many ms (1 second... default 1000, set to 1 for a headache, number of ms per sec)
  • 0xB7014E – [byte] Current Weekday (1 through 7)
  • 0xB79038 – [dword] How many days have passed in game
  • 0xB70153 – [byte] Current Hour
  • 0xB70152 – [byte] Current Minute
  • 0xA49D54 – [dword] Timer for driving/flying missions (in ms)
  • 0xA51974 – [dword] Timer for boat/bike missions (in ms)
  • 0xA5197C – [dword] Timer for taxi driver missions (in ms)
  • 0xA51980 – [dword] Tip Bar timer for taxi driver missions (in seconds)
  • 0xA519A8 – [dword] Timer for paramedic missions (in ms)
  • 0xA519BC – [dword] Timer for firefighter missions (in ms)
  • 0xA519D8 – [dword] Timer for vigilante missions (in ms)
  • 0xA51A3C – Timer for Bloodring race

DirectX / Rendering

  • 0xC97C1C – A copy of the window handle that is used to initialize the DirectX device.
  • 0xC97C20 – Pointer to IDirect3D9 interface.
  • 0xC97C28 – Pointer to IDirect3DDevice9 interface.
  • 0xC9C040 – Global instance of D3DPRESENT_PARAMETERS structure.

Stats

  • 0xB790B4 - [dword] Energy
  • 0xB791A4 – [dword] Lung capacity
  • 0xB793D4 – [float] Fat
  • 0xB793D8 – [float] Stamina
  • 0xB793DC – [float] Muscle
  • 0xB793E0 – [float] Health
  • 0xB793E4 – [float] Sex Appeal
  • 0xB79480 – [float] Respect
  • 0xB79494 – [float] Pistol
  • 0xB79498 – [float] Silenced pistol
  • 0xB7949C – [float] Desert eagle
  • 0xB794A0 – [float] Shotgun
  • 0xB794A4 – [float] Sawn-off shotgun
  • 0xB794A8 – [float] Combat shotgun
  • 0xB794AC – [float] Machine pistol
  • 0xB794B0 – [float] SMG
  • 0xB794B4 – [float] AK47
  • 0xB794B8 – [float] M4
  • 0xB794BC - [float] Rifle

Skills

  • 0xB790A0 – [dword] Driving
  • 0xB7919C – [dword] Flying
  • 0xB791B4 – [dword] Bike
  • 0xB791B8 – [dword] Cycling
  • 0xB791C4 – [dword] Luck at gambling
  • 0xB794C4 – [float] Gambling

HTML Stats File

  • 0x8663A0 – File Name ( Default : 'stats.html' )
  • 0x86636C – File Title ( Default : '<title>Grand Theft Auto San Andreas Stats</title>' )

Cheats

[byte] Can be either on (1) or off (0).

  • 0x969130 – Weapon Set 1
  • 0x969131 – Weapon Set 2
  • 0x969132 – Weapon Set 3
  • 0x969133 – Health+Armor+250K
  • 0x969134 – Increase Wanted Level 2 Stars
  • 0x969135 – Clear Wanted Level
  • 0x969136 – Sunny Weather
  • 0x969137 – Very Sunny Weather
  • 0x969138 – Overcast Weather
  • 0x969139 – Rainy Weather
  • 0x96913A – Foggy Weather
  • 0x96913B – Faster Clock
  • 0x96913C – Faster Gameplay
  • 0x96913D – Slower Gameplay
  • 0x96913E – Peds Attack Each other with Golfclub
  • 0x96913F – Have Bounty on Head
  • 0x969140 – Everyone is Armed
  • 0x969141Spawn Rhino (Not Tested!)
  • 0x969142Spawn Bloodring Banger (Not Tested!)
  • 0x969143Spawn Rancher (Not Tested!)
  • 0x969144Spawn Racecar A (Not Tested!)
  • 0x969145Spawn Racecar B (Not Tested!)
  • 0x969146Spawn Romero (Not Tested!)
  • 0x969147Spawn Stretch (Not Tested!)
  • 0x96914A – Blow up All Cars
  • 0x96914B – Wheels Only (Invisible Cars)
  • 0x96914C – Perfect / Insane Handling
  • 0x96914D – Suicide
  • 0x96914E – All Green Lights
  • 0x96914F – Aggressive Drivers
  • 0x969150 – Pink Traffic
  • 0x969151 – Black Traffic
  • 0x969152 – Cars can drive on water
  • 0x969153 – Boats Can Fly
  • 0x969154 – CJ is Fat
  • 0x969155 – Max Muscle
  • 0x969156 – CJ is Skinny
  • 0x969157 – Elvis Everywhere
  • 0x969158 – Peds attack with rockets
  • 0x969159 – Beach Theme
  • 0x96915A – Gang Members everywhere
  • 0x96915B – Gangs control the streets
  • 0x96915C – Ninja Theme
  • 0x96915D – Slut Magnet
  • 0x96915E – Traffic is Cheap Cars
  • 0x96915F – Traffic is Fast Cars
  • 0x969160 – Cars can Fly
  • 0x969161 – Huge Bunny Hop
  • 0x969162Spawn Hydra (Not Tested!)
  • 0x969163Spawn Vortex Hovercraft (Not Tested!)
  • 0x969164 – Tank Mode / Smash'n Boom
  • 0x969165 – All cars have nitro
  • 0x969166 – Cars Float Away when hit
  • 0x969167 – Always Midnight
  • 0x969168 – Stop Game Clock – Orange Sky
  • 0x969169 – Thunderstorm
  • 0x96916A – Sandstorm
  • 0x96916C – Mega Jump
  • 0x96916D – Infinite Health
  • 0x96916E – Infinite Oxygen
  • 0x96916F – Get Parachute
  • 0x969170 – Get Jetpack
  • 0x969171 – Lock Wanted (Setting to 1 will lock current wanted)
  • 0x969172 – Six Star Wanted Level
  • 0x969173 – Mega Punch
  • 0x969174 – Never get Hungry
  • 0x969175 – Peds Riot (Chaos Mode)
  • 0x969176 – Funhouse Theme
  • 0x969177 – Slower Gameplay
  • 0x969178 – Infinite Ammo, No Reload
  • 0x969179 – Full Weapon Aiming while driving
  • 0x96917A – Decreased Traffic
  • 0x96917B – Country Theme
  • 0x96917C – Recruit Anyone (9mm)
  • 0x96917D – Recruit Anyone (AK47)
  • 0x96917E – Recruit Anyone (Rockets)
  • 0x96917F – Max Respect
  • 0x969180 – Max Sex Appeal
  • 0x969181 – Max Stamina
  • 0x969183 – Hitman in All Weapons
  • 0x969184Spawn Hunter (Not Tested!)
  • 0x969185Spawn Quad (Not Tested!)
  • 0x969186Spawn Tanker Truck (Not Tested!)
  • 0x969187Spawn Dozer (Not Tested!)
  • 0x969188Spawn Stunt Plane (Not Tested!)
  • 0x969189Spawn Monster (Not Tested!)
  • 0x96918B – All Taxis Have Nitro

[dword]

  • 0x96918C – Has ever Cheated or not
  • 0xBAA472 – Has now Cheated or not
  • 0xB79044 – Cheated Count

[byte]

  • 0x96918C – 'Cheated' state:
    • 0 = disabled
    • 1 = enabled

Note: If it's set to 1 you'll get a warning message when saving a game. But this byte doesn't get set if you use a cheat enabler.

Display Settings

  • 0xBA6784 – [dword] Brightness
  • 0xBA6792 – [byte] Legend
  • 0xBA676C – [byte] Radar Mode
    • 0 = maps & blips
    • 1 = blips
    • 2 = off
  • 0xBA6769 – [byte] Hud Mode
    • 0 = off
    • 1 = on
  • 0xBA678C – [byte] Subtitles
  • 0xBA6830 – [byte] Store gallery photos
  • 0xBA6788 – [float] Draw Distance
  • 0xBA6794 – [byte] Frame limiter
  • 0xBA6793 – [byte] Widescreen
  • 0xA9AE54 – [byte] Visual FX Quality
  • 0xBA680C – [byte] Mip Mapping
  • 0xBA6814 – [byte] Antialiasing values:
    • 1 = 0x (off)
    • 2 = 1x
    • 3 = 2x
    • 4 = 3x
  • 0xBA6820 – [byte] Resolution values:
    • 11 = 640x480
    • 12 = 800x400
    • 13 = 800x600
    • 15 = 1024x768
(Depends on the graphic driver/hardware.)

Sound Configuration

  • 0xBA6798 – [byte] Radio Volume [0 through 64]
  • 0xBA6797 – [byte] SFX Volume [0 through 64]
  • 0xBA6799 – [byte] Radio Equalizer
  • 0xBA6795 – [byte] Radio Auto-tune
  • 0xBA67F8 – [byte] Usertrack/Play mode values:
    • 0 = radio
    • 1 = random
  • 0xBA680D – [byte] Usertrack/Automatic Media Scan
  • 0xBA679A – [byte] Radio Station ID values:
    • 1 to 12 (see below for station names according to ID)
      • 1 = "Playback FM"
      • 2 = "K Rose"
      • 3 = "K-DST"
      • 4 = "Bounce FM"
      • 5 = "SF-UR"
      • 6 = "Radio Los Santos"
      • 7 = "Radio X"
      • 8 = "CSR 103.9"
      • 9 = "K-JAH West"
      • 10 = "Master Sounds 98.3"
      • 11 = "WCTR Talk Radio"
      • 12 = "User Track Player"
      • 13 = "Radio Off"

AlienX: Seems that the Radio Station ID is just a menu identifier, this does not actually change the radio station while in-game!

Another note... The opcode for switching players radio stations does not work in line with the station ID's, i have yet to figure out what station ID's are for the SCM code – Dont try to use the above ID's for the SCM Operation Code, it just wont work

Thanks to AlienX For the station names and ID's

Controller Configuration

  • 0xBA6818 – [byte] Controller Configuration values:
    • 0 = mouse + keys
    • 1 = joypad
  • 0xB6EC1C – [float] Mouse sensitivity
  • 0xC1CC02 – [byte] Steer with mouse
  • 0xC1CC03 – [byte] Fly with mouse
  • 0xB6EC2E – REAL aiming mode offset, not menu:
    • 0 = joypad
    • 1 = mouse + keys

Structures

CVector //Total 8 bytes
 FLOAT x; // + 0
 FLOAT y; // + 4
 FLOAT z; // + 8
CVector2D //Total 4 bytes
 FLOAT x; // + 0
 FLOAT y; // + 4
eWeaponState //Total 4 Bytes
   WEAPONSTATE_READY,
   WEAPONSTATE_FIRING,
   WEAPONSTATE_RELOADING,
   WEAPONSTATE_OUT_OF_AMMO,
   WEAPONSTATE_MELEE_MADECONTACT
CWeapon //Total 28 bytes
   eWeaponType m_nType; // + 0
   eWeaponState m_nState; // + 4
   unsigned int m_nAmmoInClip; // + 8
   unsigned int m_nTotalAmmo; // + 12
   unsigned int m_nTimeForNextShot; // + 16
   char field_14; // + 17
   char field_15; // + 18
   char field_16; // + 19
   char field_17; // + 20
   FxSystem_c *m_pFxSystem; // flamethrower, spraycan, extinguisher particle
eWeaponType
  (Slot0: No Weapon)                    (Slot2: Handguns)
  0 – Fist                               22 – Pistol
  1 – Brass Knuckles                     23 – Silenced Pistol
  (Slot1: Melee)                         24 – Desert Eagle
  2 – Golf Club                         (Slot3: Shotguns)
  3 – Nitestick                          25 – Shotgun
  4 – Knife                              26 – Sawn-Off Shotgun
  5 – Baseball Bat                       27 – SPAS-12
  6 – Shovel                            (Slot4: Sub-Machineguns)
  7 – Pool Cue                           28 – Micro Uzi 
  8 – Katana                             29 – MP5
  9 – Chainsaw                           32 – TEC-9
  15 – Cane
  (Slot5: Machineguns)                   (Slot10: Gifts)
  30 – AK47                              14 – Flowers
  31 – M4                                (Slot9:Special1)
  (Slot6: Rifles)                        42 – Fire Extinguisher
  33 – Country Rifle                     43 – Camera 
  34 – Sniper Rifle                      (Slot11:Special2)
  (Slot7: Heavy Weapons)                 44 – NV Goggles
  35 – Rocket Launcher                   45 – IR Goggles
  36 – Heat Seaking RPG                  46 – Parachute
  37 – Flame Thrower                     (Slot12:Detonators)
  38 – Minigun                            40 – Detonator(for remote explosives)
  (Slot8: Projectiles)
  16 – Grenade
  18 – Molotov Cocktail
  39 – Remote Explosives
  (No slot: Fired from hunter / hydra / missile launcher)
  (This type is stored in the rocket pool as rocket type, but is the continuation of this list)
  19 – Normal rockets
  20 – Heatseeking rockets
  58 – Flares
eEntityStatus                (Description)
0x02	STATUS_PLAYER = 0            (player is driving, includes attached carriages and trailers)
0x0A	STATUS_PLAYER_PLAYBACKFROMBUFFER = 1  (all vehicles in playback from replay)
0x12	STATUS_SIMPLE = 2            (npc controlled vehicles "a car on rails" doesn't use full physics)
0x1A	STATUS_PHYSICS = 3           (npc controlled vehicles: missions, police, interacted with player)
0x22	STATUS_ABANDONED = 4         (vehicle without driver; all buildings, peds and objects)
0x2A	STATUS_WRECKED = 5           (vehicle has exploded, sunk doesn't count)
32h	STATUS_TRAIN_MOVING = 6	     (unobserved - default status of carriage but quickly changed to 4)
0x3A	STATUS_TRAIN_NOT_MOVING = 7  (ped enters driver's side of passenger carriage)
0x42	STATUS_REMOTE_CONTROLLED = 8 (player has remote control of an RC vehicle)
0x4A	STATUS_PLAYER_DISABLED = 9   (player driver exiting, wasted, busted or hijacked)
0x52	STATUS_TRAILER = 10          (trailer of npc vehicle with physics, towed npc vehicle)
5Ah	STATUS_SIMPLE_TRAILER = 11   (unobserved - trailer of npc vehicle without physics)
0x62	STATUS_GHOST = 12            (very distant mission vehicle in area without collision loaded)
eEntityType
20h	ENTITY_TYPE_NOTHING = 0
0x21	ENTITY_TYPE_BUILDING = 1
0x22	ENTITY_TYPE_VEHICLE = 2
0x23	ENTITY_TYPE_PED = 3
0x24	ENTITY_TYPE_OBJECT = 4
25h	ENTITY_TYPE_DUMMY = 5
26h	ENTITY_TYPE_NOTINPOOLS = 6

Other Dynamic Memory Addresses (non-static)

Pedestrians

General

  • 0xB6F5F0 – Player pointer (CPed)
  • 0xB7CD98 – Player pointer, direct offset to the ped pool start (CPed)
  • 0xB74498 – CPeds maximum number (normally 140)
  • 0xB74490 – Pointer to ped pool usage information, which contains:
    • +0 = Pointer to the first ped in the pool
    • +4 = Pointer to a byte map indicating which peds are in use
    • +8 = [dword] Maximum number of peds in the pool
    • +12 = [dword] Current number of peds in the pool

Each ped object is 1988 (0x7C4) bytes.

For each ped in the pool:

In most cases, you can use even the dword of playeraddress as CPed value

  • CPed +0x14 = Pointer to XYZ position structure (and rotation)
    • (CPed+0x14) +0x0 to +0x2C = [dword] Is the rotation matrix
    • (CPed+0x14) +0x30 = [CVector] Position
  • CPed +0x2F = [byte] Location status:
    • 0 = outside
    • 3 = inside a building
  • CPed +0x40 - Physical flags structure
    • +0x0 = Movement physics flags
      • Bit 1 = Unknown
      • Bit 2 = Apply Gravity
      • Bit 3 = Disable Collision Force
      • Bit 4 = Collidable
      • Bit 5 = Disable Turn Force
      • Bit 6 = Disable Move Force
      • Bit 7 = Infinite Mass
      • Bit 8 = Disable Z
    • +0x1 = Surface physics flags
      • 1 = Submerged In Water
      • 2 = On Solid Surface
      • 4 = Broken
      • 8 = Unknown
      • 16 = Unknown
      • 32 = Don't Apply Speed
      • 64 = Unknown
      • 128 = Unknown
    • +0x2 = Special physics flags
      • 1 = Soft (in other words noclip)
      • 2 = Freeze
      • 4 = Bullet-Proof
      • 8 = Fire-Proof
      • 16 = Collision-Proof (prevent fall damage)
      • 32 = Melee-Proof
      • 64 = Melee-Proof, Bullet-Proof, Collision-Proof
      • 128 = Explosion-Proof
    • +0x3 = Collision physics flag
      • 1 = Unknown
      • 2 = Attached To Entity
      • 4 = Unknown
      • 8 = Touching Water
      • 16 = Can Be Collided with
      • 32 = Destroyed
      • 64 = Unknown
      • 128 = Unknown
  • CPed +0xBC = [dword] Array of pointers[6]
  • CPed +0xD8 = [float] How much damage ped taken
  • CPed +0x15C = [byte] Some anim states:
    • 0 = landing from jump
    • 61 = punching
    • 102 = stopped
    • 154 = sprint
    • 205 = run
  • CPed +0x46C = [byte] Player check:
    • 0 = In air/water
    • 1 = In car
    • 2 = Entering interior
    • 3 = On foot
    • 8 = Swimming
  • CPed +0x46D = [byte] Jump state:
    • 32 = landed/idle
    • 34 = in air
    • 36 = landing
  • CPed +0x46F = [byte] Crouch state:
    • 128 = stand
    • 132 = crouched
  • CPed +0x470 = [byte] Ped properties
    • 0 = None
    • 3 = Invisible
    • 12 = Head immunity
    • 20 = Drowning in water
  • CPed +0x474 = [byte] Other ped properties
    • 0 = None
    • 2 = Invisible
    • 9 = Don't create pickup after death
  • CPed +0x47C = Pointer to anim struct
    • +0xE0 = [dword] Pointer to nearest vehicle(If ped in car you need to come closer)
    • +0x120 = [dword] Pointer to nearest vehicle(Long range)
  • CPed +0x4DF = [byte] Current anim play-state:
    • 0 = nothing
    • 61 = starting/stopping
    • 62 = looping
  • CPed +0x504 = [word] Muzzle flash intensity:
    • 0 to 10000 = on
    • 65536 = off
  • CPed +0x530 = [dword] State:
    • 0 = leaving a car, falling down from a bike or something like this
    • 1 = normal case
    • 50 = driving
    • 55 = wasted
    • 63 = busted
  • CPed +0x534 = [byte] Runningstate:
    • 0 = while driving
    • 1 = standing still
    • 4 = start to run
    • 6 = running
    • 7 = running fast (sprinting) by pressing sprint key
  • CPed +0x540 = [float] Health
  • CPed +0x544 = [float] Max health
  • CPed +0x548 = [float] Armor
  • CPed +0x558 = [float] Current rotation (Z angle)
  • CPed +0x55C = [float] Target rotation (Z angle)
  • CPed +0x560 = [float] Rotation speed (Z angle)
  • CPed +0x568 = [dword] Current Car you are in contact with
  • CPed +0x584 = [dword] Current Entity you are in contact with
  • CPed +0x58C = [dword] Last or Current Driven Car (CarPointer)
  • CPed +0x598 = [byte] Player lock (set to 1 to lock player controls, can't move)
  • CPed +0x5A0 = Start of CWeapon[13] struct
  • CPed +0x718 = [byte] Current weapon slot (1 byte)
  • CPed +0x740 = Current Weapon ID (from default.dat)
  • CPed +0x760 = [dword] Weapon you were damaged with
  • CPed +0x764 = [dword] Pointer to the ped that damaged you
  • CPed +0x79C = [dword] Targetted CPed

Vehicle

  • 0xB6F980 – Is the direct pointer to the pool start (CVehicle)
  • 0xBA18FC – Current vehicle pointer:
    • 0 = on-foot
    • >0 = in-car
  • 0x969084 – First vehicle you got into

Note: To get the next vehicle, so the second one, you need to add +0x4 as many times you want. They are 0 if you haven't entered a first/second/third/etc car yet.

  • 0xB74494 – Pointer to vehicle pool usage information, which contains:
    • +0 = Pointer to the first vehicle in the pool
    • +4 = Pointer to a byte map indicating which vehicles are in use
    • +8 = [dword] Maximum number of vehicles in the pool
    • +12 = [dword] Current number of vehicles in the pool

Each vehicle object is 2584 (0xA18) bytes. It starts at 0xC502AA0.

For each vehicle in the pool:

  • +0x14 = [byte] Contains a pointer to the rotation/position matrix (84 bytes):
    • +0x0 = [CVector] World Space Right direction Vector (X-Axis)
    • +0x10 = [CVector] World Space Forward direction Vector (Y-Axis)
    • +0x20 = [CVector] World Space Upwards direction Vector (Z-Axis)
    • +0x30 = [CVector] World Space Position
  • +0x22 = [word] Vehicle ID from vehicles.ide
  • +0x36 = [byte] Entity type
    • 2 = Player as driver
    • 18 = Quiet driver
    • 26 = Suspicious driver (when slightly or heavily collided, unlike cops who are never quiet)
    • 34 = No driver
    • 42 = Destroyed
    • 74 = Player as driver is exiting or being wasted, busted or hijacked
  • +0x40 - Physical flags structure
    • +0x0 = Movement physics flags
      • Bit 1 = Unknown
      • Bit 2 = Apply Gravity
      • Bit 3 = Disable Collision Force
      • Bit 4 = Collidable
      • Bit 5 = Disable Turn Force
      • Bit 6 = Disable Move Force
      • Bit 7 = Infinite Mass
      • Bit 8 = Disable Z
    • +0x1 = Surface physics flags
      • 1 = Submerged In Water
      • 2 = On Solid Surface
      • 4 = Broken
      • 8 = Unknown
      • 16 = Unknown
      • 32 = Don't Apply Speed
      • 64 = Unknown
      • 128 = Unknown
    • +0x2 = Special physics flags
      • 1 = n/a(game prevent this)
      • 2 = Collision-proof
      • 4 = Bullet-proof
      • 8 = Fire-proof
      • 16 = Damage-proof (from collisions etc)
      • 32 = Melee-proof
      • 64 = n/a
      • 128 = Explosion-proof
    • +0x3 = Collision physics flag
      • 1 = Unknown
      • 2 = Attached To Entity
      • 4 = Unknown
      • 8 = Touching Water
      • 16 = Can Be Collided with
      • 32 = Destroyed
      • 64 = Unknown
      • 128 = Unknown
  • +0x44 = [CVector] Speed angles
  • +0x50 = [CVector] Spin angles

Note: Do not get confused about the Spin Angles, these are NOT rotations but the angles of how fast your vehicle is turning in the given axis direction...

(Car addresses continued:)

  • +0x8C = [float] Mass (kg) from handling.cfg
  • +0x90 = [float] Turn Mass from handling.cfg
  • +0x94 = [float] Grip Divider:
    • 1.0 = 1 x gGrip
    • 10.1 = 10 x gGrip
    • 100.0 = g / 100Grip
  • +0x98 = [float] Mass-to-Grip Multiplier. Ie. G Force when flying/during suspension/driving (acceleration towards ground)
  • +0xA0 = [float] Normalized Grip Level
  • +0xA4 = [CVector] Center of Mass
  • +0xD8 = [float] Increases when collision occurs
  • +0x428 = [byte] Engine State (whether the engine is running or stalled):
    • 0 = stalled
    • 16 = ok
  • +0x42D = [byte] Siren on/off
  • +0x434 = [byte] Body Color (as in carcols.dat, black being the 0)
  • +0x435 = [byte] Stripe Color (as in carcols.dat, black being the 0)
  • +0x436 = [byte] Body Color #2
  • +0x437 = [byte] Stripe Color #2
  • +0x438 = [dword] modding data as in garage info (Not working?)
  • +0x43C = [dword] modding data as in garage info (Not working?)
  • +0x440 = [dword] modding data as in garage info (Not working?)
  • +0x444 = [dword] modding data as in garage info (Not working?)
  • +0x448 = [dword] modding data as in garage info (Not working?)
  • +0x44C = [dword] modding data as in garage info (Not working?)
  • +0x450 = [dword] modding data as in garage info (Not working?)
  • +0x454 = [dword] modding data as in garage info (Not working?)
  • +0x458 = [float] Car Wheel Size from vehicle.ide
  • +0x45C = [dword] Time left for car alarm to sound in ms
  • +0x460 = [dword] Pointer to driver
  • +0x464 = [dword] Pointer to passenger 1 (Front-right seat)
  • +0x468 = [dword] Pointer to passenger 2 (Rear-left seat)
  • +0x46C = [dword] Pointer to passenger 3 (Rear-right seat)
  • +0x470 = [dword] Pointer to passenger 4 (Used for buses)
  • +0x474 = [dword] Pointer to passenger 5 (Used for buses)
  • +0x478 = [dword] Pointer to passenger 6 (Used for buses)
  • +0x47C = [dword] Pointer to passenger 7 (Used for buses)
  • +0x480 = [dword] Pointer to passenger 8 (Used for buses)
  • +0x484 = [dword] Pointer to passenger 9 (Used for buses)
  • +0x494 = [float] Steer angle 1
  • +0x498 = [float] Steer angle 2
  • +0x49C = [float] Gas pedal
  • +0x4A0 = [float] Brake pedal
  • +0x4A8 = [byte] Places a car-bomb:
    • 0 = No bomb.
    • 1 = Car has a time bomb, but it's not armed.
    • 2 = Car has an on-ignition bomb, but it's not armed.
    • 3 = Set remotely, perhaps (?).
    • 4 = Time bomb is armed.
    • 5 = On-ignition bomb is armed.

Note: You can set the above values to 0 or 1 to give the car a bomb. Some other flags get set when you arm the bomb. So if you set this value to 4 or 5, or actually arm the bomb through normal gameplay, it does not help if you try to change this value back.

  • +0x4AB = [BYTE] The number of peds (usually cops) trying to hide behind this car.
  • +0x8A4 = [float] Nitro Count
    • 1.0 Nitro filled (in case of number of NOS is equal to 0 it'll mean Empty)
    • -1.0 Nitro discharged
  • +0x48A = [BYTE] Number of available NOS in the vehicle
    • 1~10 Have Available NOS
    • 0 No Have Available NOS
  • +0x4B0 = [float] Body dirt level:
    • 0.0 = fully clean
    • 15.0 = maximum dirt visible
  • +0x4C0 = [float] Health/Car Damage Left:
    • <250.0 = on fire
    • 1000.0 = undamaged
  • +0x4F8 = [dword] Car Door Locked State:
    • 1 = open
    • 2 = locked
  • +0x514 = [dword] Alternate siren (honking):
    • 0 = off
    • 1 = on

Note: Automatically gets reset back to 0. To prevent this just NOP 0x6E0A3B (6 bytes).

  • +0x584 = [dword] Headlights switch:
    • 0 = off
    • 1 = on

Note: Same case as above, gets automatically reset – NOP 0x6E1EDE (6 bytes).

  • +0x590 = [byte] Car type:
    • 0 = car/plane
    • 5 = boat
    • 6 = train
    • 9 = bike
  • +0x5A4 = [float] Train speed:
    • -0.1 = is forward
    • 0.1 = is reverse
  • +0x5A5 = [byte] Car Tire (Left-Front) Status:
    • 0 = ok
    • 1 = flat
    • 2 = Used by planes when landing gear is up
  • +0x5A6 = [byte] Car Tire (Left-Rear) Status:
    • 0 = ok
    • 1 = flat
    • 2 = Used by planes when landing gear is up
  • +0x5A7 = [byte] Car Tire (Right-Front) Status:
    • 0 = ok
    • 1 = flat
    • 2 = Used by planes when landing gear is up
  • +0x5A8 = [byte] Car Tire (Right-Rear) Status:
    • 0 = ok
    • 1 = flat
    • 2 = Used by planes when landing gear is up
  • +0x65C = [byte] Bike Tire (Front) Status:
    • 0 = ok
    • 1 = flat
  • +0x65D = [byte] Bike Tire (Rear) Status:
    • 0 = ok
    • 1 = flat
  • +0x65E = [byte] Bicycle Tire (Front) Status:
    • 0 = ok
    • 1 = shot
  • +0x65F = [byte] Bicycle Tire (Rear) Status:
    • 0 = ok
    • 1 = shot

Note: You cannot actually shoot the wheels of bmx. If you set the value 1 at above two offsets, it rides as if the wheels were shot. They probably not work.

  • +0x6C8 = [byte] Is the bike identifier.

Note: Gets set to 1 if this vehicle is a bike (or bmx).

  • +0x720 = [float] Front-Left suspension height
  • +0x724 = [float] Rear-Left suspension height
  • +0x728 = [float] Front-Rear suspension height
  • +0x72C = [float] Rear-Rear suspension height
  • +0x7BC = [float] Burn Timer (in ms) (for bikes)

Note: There is also a copy of the suspension values at -0x10, but these are 'smoother'. They range from 0 to 1 (1 = fully extended/airborne, 0 = fully compressed).

  • +0x7E4 = [float] Front-Left suspension height
  • +0x7E8 = [float] Rear-Left suspension height
  • +0x7EC = [float] Front-Right suspension height
  • +0x7F0 = [float] Rear-Right suspension height
  • +0x86C = [word] Current load of vehicle, works for vehicles such as dumper, packer, dozer, forklift and so on.
  • +0x870 = [word] Last load value of vehicle. Used to detect whether vehicle should have sound of raising/lowering a load. After detecting it gets value of car struct +0x86C below.
  • +0x8E4 = [float] Burn Timer (in ms) (for cars)

Let's say, the Car Position of this given car starts at 0xC5F5DB4:

  • +0x0 = [CVector] Level to the ground
  • +0x10 = [CVector] Where am I looking
  • +0x20 = [CVector] Dyn flight data
  • +0x30 = [CVector] CarPos

Following offsets are Floats, as positions of doors and other car parts that gets detached by damage. We need to recalculate and set their locations if we warp a car from one location to another. Otherwise the car spins uncontrollably:

  • +0x724 = [CVector] Detachables1
  • +0x750 = [CVector] Detachables2
  • +0x77C = [CVector] Detachables3
  • +0x7A8 = [CVector] Detachables4

The locations of the detachable objects are different for cars and bikes. This is merely because bike object is actually smaller than the car object. The car object is used for all vehicles (including heli) but the bikes.

Offsets for Detachables:

  • +0x5FC = [CVector] BikeDetachPosAdr(0)
  • +0x660 = [CVector] BikeDetachPosAdr(1)
  • +0x68C = [CVector] BikeDetachPosAdr(2)
  • +0x6B8 = [CVector] BikeDetachPosAdr(3)
  • +0x6E4 = [CVector] BikeDetachPosAdr(4)
  • +0x724 = [CVector] CarDetachPosAdr(0)
  • +0x750 = [CVector] CarDetachPosAdr(1)
  • +0x77C = [CVector] CarDetachPosAdr(2)
  • +0x7A8 = [CVector] CarDetachPosAdr(3)

The trailer of the tanker is handled the same way as the vehicles. Its pointer gets set at offset:

  • +0x4C8

To the car object start. When warping vehicles that has trailer, we need to warp this 'vehicle' as well. The same pointer is used also when you are towing other vehicles as well.

Wanted

0xB7CD9C – Wanted pool start (CWanted). Each slot has 668 bytes of data.

  • +0x0 = Is the counter for how pissed the cops are:
    • above 50 = 1 star
    • above 180 = 2 stars
    • above 550 = 3 stars
    • above 1200 = 4 stars
    • above 2400 = 5 stars
    • above 4600 = 6 stars
  • +0x4 = like above, but 'before parole (timed wanted level decrease?)'
  • +0x8 = [dword] time value, the last time the wanted level decreased
  • +0xC = [dword] time value, the last time the wanted level changed
  • +0x10 = [dword] 'time of parole'
  • +0x14 = [float] multiplier of wanted level contribution of crimes (set using 03C7?)
  • +0x18 = [byte] Current amount of cops 'in pursuit'
  • +0x19 = [byte] Maximum number of foot cops simultaneously shooting at you ('in pursuit')
  • +0x1A = [byte] Maximum number of cop cars in pursuit
  • +0x1B = [byte] Amount of cops currently 'beating the suspect'
  • +0x1C = [word] Chance a road block appears, range unknown (though 127 seems to have a special meaning)
  • +0x1E = [bool] Is the player ignored by police? (set by script)
  • +0x1F = [bool] Is the player ignored by police? (set by garages)
  • +0x20 = [bool] Is the player ignored by everyone?
  • +0x21 = [bool] Should the streamer load the SWAT models?
  • +0x22 = [bool] Should the streamer load the FBI models?
  • +0x23 = [bool] Should the streamer load the army models?
  • +0x24 = [dword] Current chase time
  • +0x28 = [dword] 'Current chase time counter'
  • +0x2C = [word] Current wanted level (1-6)
  • +0x2F = [word] Wanted level before 'parole'
  • need to do more

Note: Helicopters will still shoot if you change flag 0x19 to 0.

Player Data

  • 0xB7CD98 - CPlayerData
    • +0x0 = [dword] Pointer to CPed
    • +0x4 = CPlayerData pool start
      • +0x0 = [dword] Pointer to CWanted
      • +0x4 = [dword] Pointer to ped clothes description
      • +0x8 = [dword] Pointer to cop that arresting you
      • +0xC = [CVector2D] Fight movement
      • +0x14 = [float] Move blend ratio
      • +0x18 = [float] Time can run
      • +0x1C = [float] Move speed
      • +0x20 = [byte] Selected weapon slot
      • +0x21 = [byte] Car danger counter
      • +0x24 = [dword] Stand still timer
      • +0x28 = [dword] Hit animation delay
      • +0x2C = [float] Attack button counter
      • +0x30 = [dword] Pointer to car danger
      • +0x34 = [dword] Player flags
        • Bit 0 = Stopped Moving
        • Bit 1 = Adrenaline
        • Bit 2 = Have Target Selected
        • Bit 3 = Free Aiming
        • Bit 4 = Can Be Damaged
        • Bit 5 = All Melee Attack Pts Blocked
        • Bit 6 = Just Been Snacking
        • Bit 7 = Require Handle Breath
        • Bit 8 = Group Stuff Disabled
        • Bit 9 = Group Always Follow
        • Bit 10 = Group Never Follow
        • Bit 11 = In Vehicle Dont Allow Weapon Change
        • Bit 12 = Render Weapon
      • +0x38 = [dword] Player group
      • +0x3C = [dword] Adrenaline end time
      • +0x40 = [byte] Drunkeness
      • +0x41 = [byte] Fade drunkeness
      • +0x42 = [byte] Drug level
      • +0x43 = [byte] Script limit to gangs size
      • +0x44 = [float] Breath
      • +0x48 = [dword] Pointer to melee weapon animation
      • +0x4C = [dword] Pointer to melee weapon animation extra
      • +0x50 = [float] FPS move heading
      • +0x54 = [float] Look pitch
      • +0x58 = [float] Skateboard speed (?)
      • +0x5C = [float] Skateboard lean (?)
      • +0x60 = [dword] Pointer to special atomic
      • +0x64 = [float] Gun spin speed
      • +0x68 = [float] Gun spin angle
      • +0x6C = [dword] Last time firing
      • +0x70 = [dword] Target bone
      • +0x74 = [CVector] Target bone offset
      • +0x80 = [dword] Bus fares collected
      • +0x84 = [bool] Player sprint disabled
      • +0x85 = [bool] Don't allow weapon change
      • +0x86 = [byte] Force interior lighting
      • +0x88 = [word] Pad down pressed in ms
      • +0x8A = [word] Pad up pressed in ms
      • +0x8C = [byte] Wetness
      • +0x8D = [bool] Player gang active
      • +0x8E = [byte] Water cover in percent
      • +0x90 = [float] Water height
      • +0x94 = [dword] Fire HS missile pressed time
      • +0x98 = [dword] Pointer to last HS missile target
      • +0x9C = [dword] Model index of last building shot
      • +0xA0 = [dword] Last HS missile los time
      • +0xA0 = [byte] Last HS missile los
      • +0xA4 = [dword] Pointer to current prostitute ped
      • +0xA8 = [dword] Pointer to last prostitute ped shagged
    • +0xB0 = [dword] Pointer to remote vehicle
    • +0xB4 = [dword] Pointer to spectating vehicle
    • +0xB8 = [dword] Money
    • +0xBC = [dword] Displayed money
    • +0xC0 = [dword] Collectables picked up
    • +0xC4 = [dword] Total number collectables
    • +0xC8 = [dword] Last bump player vehicle timer
    • +0xCC = [dword] Taxi timer
    • +0xD0 = [dword] Vehicle time counter
    • +0xD4 = [bool] Taxi timer score
    • +0xD5 = [bool] Trying to exit vehicle
    • +0xD8 = [dword] Pointer to last target vehicle
    • +0xDC = [byte] Player state
    • +0xDD = [bool] After remote vehicle explosion
    • +0xDE = [bool] Create remote vehicle explosion
    • +0xDF = [bool] Fade after remote vehicle explosion
    • +0xE0 = [dword] Time of remote vehicle explosion
    • +0xE4 = [dword] Last time energy lost
    • +0xE8 = [dword] Last time armour lost
    • +0xEC = [dword] Last time big gun fired (?)
    • +0xF0 = [dword] Times upside down in a row
    • +0xF4 = [dword] Times stuck in a row
    • +0xF8 = [dword] Car two wheel counter
    • +0xFC = [float] Car two wheel distance
    • +0x100 = [dword] Car less three wheel counter
    • +0x104 = [dword] Bike rear wheel counter
    • +0x108 = [float] Bike rear wheel distance
    • +0x10C = [dword] Bike front wheel counter
    • +0x110 = [float] Bike front wheel distance
    • +0x114 = [dword] Temp buffer counter
    • +0x118 = [dword] Best car two wheels time in ms
    • +0x11C = [dword] Best car two wheels distance in m
    • +0x120 = [dword] Best bike wheelie time in ms
    • +0x124 = [dword] Best bike wheelie distance in m
    • +0x128 = [dword] Best bike stoppie time in ms
    • +0x12C = [dword] Best bike stoppie distance in m
    • +0x130 = [word] Car density for current zone
    • +0x134 = [float] Road density around player
    • +0x138 = [dword] Time of last car explosion caused
    • +0x13C = [dword] Explosion multiplier
    • +0x140 = [dword] Havoc caused
    • +0x144 = [word] Number of hours didn't eat
    • +0x148 = [float] Current chase value
    • +0x14C = [bool] Does not get tired (Infinite run in other words)
    • +0x14D = [bool] Fast reload
    • +0x14E = [bool] Fire proof
    • +0x14F = [byte] Max health
    • +0x150 = [byte] Max armour
    • +0x151 = [bool] Get of jail free & keep weapons
    • +0x152 = [bool] Free health care & keep weapons
    • +0x153 = [bool] Can do drive-by
    • +0x154 = [byte] Busted audio status
    • +0x156 = [word] Last busted message number
    • +0x158 = [dword] Crosshair activated
    • +0x15C = [CVector2D] Crosshair target
    • +0x164 = [char(32)]Skin name
    • +0x184 = [dword] Pointer to skin RwTexture
    • +0x188 = [bool] Parachute referenced
    • +0x18C = [dword] Require parachute timer

Camera

  • 0xB6F028 – Camera Block Start (CCamera)
  • 0x52B730 – Start of camera 'MOVer' subroutine:
    • 0xC3 = lock camera (retn)
  • 0xB6F0DC – [dword] Current View:
    • 0 = bumper View
    • 1 = close external view
    • 2 = middle external view
    • 3 = furthest external view
    • 4 = nothing = same as last?
    • 5 = cinematic view
    • 6 to INF = same as 4?
  • 0xB6F0E0 – [float] Car View Distance (arm length)
  • 0xB6F0E8 – [float] True View Distance (true arm length)

Ignored

0xB7CD9C – Ignored pointer (CIgnored).

  • +0x1E = [byte/boolean] Is player ignored by cops
  • +0x298 = [byte/boolean] Is player ignored by everyone

Pools

See the Data Pools functions in the Function Memory Addresses (SA) section.

0x550F10 – AllocatePools function.

  • 0xB74484 – PtrNode Single
  • 0xB74488 – PtrNode Double
  • 0xB7448C – EntryInfoNode
  • 0xB74490 – Peds
  • 0xB74494 – Vehicles
  • 0xB74498 – Buildings
  • 0xB7449C – Objects
  • 0xB744A0 – Dummys
  • 0xB744A4 – ColModel
  • 0xB744A8 – Task
  • 0xB744AC – Event
  • 0xB744B0 – PointRoute
  • 0xB744B4 – PatrolRoute
  • 0xB744B8 – NodeRoute
  • 0xB744CC – TaskAllocator
  • 0xB744C0 – PedIntelligence
  • 0xB744C4 – PedAttractors

Handling

0xC2B9DC – Handling Block Start. Each slot has 224 bytes of data.

  • +0x0 = [dword] Index/Identifier
  • +0x4 = fMass
  • +0x8 = 1.0 / fMass
  • +0xC = fTurnMass
  • +0x10 = fDragMult
  • +0x14 = [CVector] CentreOfMass
  • +0x20 = [byte] nPercentSubmerged
  • +0x24 = fMass * 8.0000001e-1 / nPercentSubmerged
  • +0x28 = fTractionMultiplier
  • +0x74 = [byte] TransmissionData.nDriveType
  • +0x75 = [byte] TransmissionData.nEngineType
  • +0x76 = [byte] TransmissionData.nNumberOfGears
  • +0x7C = TransmissionData.fEngineAcceleration (Multiplied by 3.9999999e-4)
  • +0x80 = TransmissionData.fEngineInertia
  • +0x84 = TransmissionData.fMaxVelocity (Multiplied by 5.5555599e-3)
  • +0x94 = fBrakeDeceleration (Multiplied by 3.9999999e-4)
  • +0x98 = fBrakeBias
  • +0x9C = [byte] bABS
  • +0xA0 = fSteeringLock
  • +0xA4 = fTractionLoss
  • +0xA8 = fTractionBias
  • +0xAC = fSuspensionForceLevel
  • +0xB0 = fSuspensionDampingLevel
  • +0xB4 = fSuspensionHighSpdComDamp
  • +0xB8 = Suspension upper limit
  • +0xBC= Suspension lower limit
  • +0xC0 = Suspension bias between front and rear
  • +0xC4 = Suspension anti-dive multiplier
  • +0xC8 = [float] fCollisionDamageMultiplier { memory fCollisionDamageMultiplier = fCollisionDamageMultiplier * ( 1.0 / fMass) * 2000.0 }
  • +0xCC = [hex] modelFlags
  • +0xD0 = [hex] handlingFlags
  • +0xD4 = fSeatOffsetDistance
  • +0xD8 = [dword] nMonetaryValue
  • +0xDC = [byte] Front lights
  • +0xDD = [byte] Rear lights
  • +0xDE = [byte] Vehicle anim group

Controls

0xB73458 – Start of controls block.

  • +0x20 = [word] Accelerate:
    • 0 = off
    • 255 = on
  • +0x22 = [word] Brake

Rockets

The rocket pool contains info on launched rockets (for example, Hydra rockets).

0xC891A8 – Rocket pool start. Each slot has 36 bytes of data. There are 32 elements in the pool.

  • +0x0 = [dword] Rocket type:
    • 16 = none
    • 17 = tear gas
    • 19 = normal
    • 20 = heatseeking
    • 39 = remote explosives
    • 58 = flare
  • +0x4 = [dword] Pointer to launching entity
  • +0x8 = [dword] Pointer to target vehicle (when heatseeking), 0 otherwise
  • +0x10 = [byte] Does rocket exist?
    • 0 = exploded/does not exist
    • 1 = travelling
  • +0x14 = [CVector] Position

Bullets

0xC88740 – Bullet pool start.

  • +0xC = [byte] Bullet exists
    • 0 = Does not exist
    • 1 = Exists
  • +0x10 = [CVector] Position

Note: It works only for Sniper Rifle

Race Checkpoints

The checkpoints block that are used in the "illegal street racing" mini-games.

0xC7F158 – Checkpoint block start. Each block is 38 bytes, but theres always only two at a time.

  • +0x0 = [byte] Type of checkpoint
  • +0x2 = [byte] RGBA color value
  • +0x4 = [CVector] Position
  • +0x10 to +0x18 = [float] Rotation Matrix (direction from this checkpoint to the next, all floats)
  • +0x20 = [float] Checkpoint radius

Garages and Parking

Note, that the memory location of garages can vary depending on the scm script you use.

There are 50 garages in the game. Each garage has:-

  • Position
  • Details
  • Usage information
  • Location in game
  • Location of door
  • Width
  • Depth
  • Height
  • Direction it looks
  • Coordinates of lower left corner
  • Coordinates of upper right corner,
  • Usable by the player
  • Which property (safe house) it belongs
  • Number of vehicles which can be parked inside
  • The door state (closed, opening, open and closing)

These are found in the garage object of 212 bytes. The memory locations where the garages start are:

  • 0x96C048 (start of first garage)
  • +0xD4 (offset for second garage – offset this much again for third garage, again for fourth, etc.)
  • 0x96C120 (start of final garage)

(Tested using non-patched original v1.0 German EXE with English language option selected, and original SCM file.)

(UZI-I Tested Player Garage and Pay'n'Spray using Hoodlum Crack EXE with an Blank SCM)

Here is the known garage offsets:

  • +0x0 = [CVector] Coord of the Garage Lower Left corner
  • +0xC = [CVector2D] Value of direction vector 1
  • +0x14 = [CVector2D] Value of direction vector 2
  • +0x1C = [float] Top Z Coord. of the garage
  • +0x20 = [float] Normalized Width of the garage
  • +0x24 = [float] Normalized Depth of the garage
  • +0x28 = [float] Left Border (X) corrdinate
  • +0x2C = [float] Right Border (X) corrdinate
  • +0x30 = [float] Front Border (Y) corrdinate
  • +0x34 = [float] Back Border (Y) corrdinate
  • +0x38 = [float] Garage Door Position
  • +0x3C = [dword] unknown (Timer)
  • +0x40 = [dword] unknown (not saved)
  • +0x44 = [chars] Garage Name (7 bytes + nul)
  • +0x4C = [byte] Garage Type
  • +0x4D = [byte] Garage Door State values:
    • 0 = closed
    • 1 = open
    • 2 = closing
    • 3 = opening
  • +0x4E = [byte] Door Flags
    • 0x01 = used mod shop (?)
    • 0x02 = inactive door
    • 0x04 = used Pay'n'Spray (?)
    • 0x08 = small door (reflective?)
    • 0x10 = up and in door
    • 0x20 = camera follows player
    • 0x40 = door is closed flag
    • 0x80 = girlfriend PnS
  • +0x4F = [byte] Original Type

The direction vector 3 is completely left out, I think because the garages are always even to the ground. I think that is also why the Z values of the direction vectors are also left-out.

Note: Direction Vectors marked above may be Quaternions.

Here are the static Addresses of the Garage Blocks, and to which garage they belong:

  • 0x96C048 – Commerce Region, Loading Bay Garage (Life's a Beach)
  • 0x96C120 – LSPD Police Impound Garage
  • 0x96C1F8 – Mission Garage near El Corona (Los Desperados)
  • 0x96C2D0 – Eight Ball Autos near El Corona
  • 0x96C3A8 – Mission Garage near El Corona (Cesar Vialpando)
  • 0x96C480 – Player Garage: El Corona
  • 0x96C558 – LS Burglary Garage near Playe del Seville
  • 0x96C630 – LowRider Tuning Garage in Willowfield
  • 0x96C708 – Pay 'n' Spray in Idlewood
  • 0x96C7E0 – Player Garage: Johnson House
  • 0x96C8B8 – Pay 'n' Spray in Temple
  • 0x96C990 – Transfender in Temple
  • 0x96CA68 – Pay 'n' Spray in Santa Maria Beach
  • 0x96CB40 – Player Garage: Santa Maria Beach
  • 0x96CC18 – Player Garage: Mulholland
  • 0x96CCF0 – Wheel Archangels in Ocean Flats
  • 0x96CDC8 – Mission Garage in Ocean Flats (T-Bone Mendez)
  • 0x96CEA0 – Player Garage: Hashbury
  • 0x96CF78 – Transfender near Wang Cars in Doherty
  • 0x96D050 – Pay 'n' Spray near Wang Cars in Doherty
  • 0x96D128 – SF Burglary Garage, Loading Bay near Doherty
  • 0x96D200 – Player Garage: Doherty
  • 0x96D2D8 – Mission Garage in Doherty Garage
  • 0x96D3B0 – Woozie's Mission Garage in Chinatown (Ran Fa Li)
  • 0x96D488 – Michelle's Pay 'n' Spray in Downtown
  • 0x96D560 – Player Garage: Calton Heights
  • 0x96D638 – SFPD Police Impound Garage
  • 0x96D710 – Pay 'n' Spray in Juniper Hollow
  • 0x96D7E8 – Player Garage: Paradiso
  • 0x96D8C0 – LVPD Police Impound Garage
  • 0x96D998 – Airport Plane Garage in Las Venturas
  • 0x96DA70 – LV Burglary Garage near Camel's Toe
  • 0x96DB48 – Pay 'n' Spray near Royal Casino
  • 0x96DC20 – Transfender in come-a-lot
  • 0x96DCF8 – Player Garage: Rockshore West
  • 0x96DDD0 – Welding Wedding Bomb-workshop in Emerald Isle
  • 0x96DEA8 – Pay 'n' Spray in Redsands East
  • 0x96DF80 – Player Garage: Redsands West
  • 0x96E058 – Player Garage: Prickle Pine
  • 0x96E130 – Player Garage: Whitewood Estates
  • 0x96E208 – Pay 'n' Spray in El Quebrados
  • 0x96E2E0 – Pay 'n' Spray in Fort Carson
  • 0x96E3B8 – Player Garage: Fort Carson
  • 0x96E490 – Player Garage: Verdant Meadows
  • 0x96E568 – Mission Garage in El Castillo del Diablo (Interdiction)
  • 0x96E640 – Airport Garage in Verdant Meadows
  • 0x96E718 – Mission Garage in Angel Pine (Puncture Wounds)
  • 0x96E7F0 – Pay 'n' Spray in Dillimore
  • 0x96E8C8 – Player Garage: Palomino Creek
  • 0x96E9A0 – Player Garage: Dillimore

Static Mem. Locations for garages:

  • 0x96ABD8 – Johnson House Car 1
  • 0x96AC18 – Johnson House Car 2
  • 0x96AC58 – Johnson House Car 3
  • 0x96AC98 – Johnson House Car 4
  • 0x96ACD8 – Santa Maria Beach Car 1
  • 0x96AD18 – Santa Maria Beach Car 2
  • 0x96AD58 – Santa Maria Beach Car 3
  • 0x96AD98 – Santa Maria Beach Car 4
  • 0x96ADD8 – Rockshore West Car 1
  • 0x96AE18 – Rockshore West Car 2
  • 0x96AE58 – Rockshore West Car 3
  • 0x96AE98 – Rockshore West Car 4
  • 0x96AED8 – Fort Carson Car 1
  • 0x96AF18 – Fort Carson Car 2
  • 0x96AF58 – Fort Carson Car 3
  • 0x96AF98 – Fort Carson Car 4
  • 0x96AFD8 – Verdant Meadows Car 1
  • 0x96B018 – Verdant Meadows Car 2
  • 0x96B058 – Verdant Meadows Car 3
  • 0x96B098 – Verdant Meadows Car 4
  • 0x96B0D8 – Dillimore Car 1
  • 0x96B118 – Dillimore Car 2
  • 0x96B158 – Dillimore Car 3
  • 0x96B198 – Dillimore Car 4
  • 0x96B1D8 – Prickle Pine Car 1
  • 0x96B218 – Prickle Pine Car 2
  • 0x96B258 – Prickle Pine Car 3
  • 0x96B298 – Prickle Pine Car 3
  • 0x96B2D8 – Whitewood Estates Car 1
  • 0x96B318 – Whitewood Estates Car 2
  • 0x96B358 – Whitewood Estates Car 3
  • 0x96B398 – Whitewood Estates Car 4
  • 0x96B3D8 – Palomino Creek Car 1
  • 0x96B418 – Palomino Creek Car 2
  • 0x96B458 – Palomino Creek Car 3
  • 0x96B498 – Palomino Creek Car 4
  • 0x96B4D8 – Redlands West Car 1
  • 0x96B518 – Redlands West Car 2
  • 0x96B558 – Redlands West Car 3
  • 0x96B598 – Redlands West Car 4
  • 0x96B5D8 – El Corona Car 1
  • 0x96B618 – El Corona Car 2
  • 0x96B658 – El Corona Car 3
  • 0x96B698 – El Corona Car 4
  • 0x96B6D8 – MulHolland Car 1
  • 0x96B718 – MulHolland Car 2
  • 0x96B758 – MulHolland Car 3
  • 0x96B798 – MulHolland Car 4
  • 0x96B7D8 – LSPD Impound Car 1
  • 0x96B818 – LSPD Impound Car 2
  • 0x96B858 – LSPD Impound Car 3
  • 0x96B898 – LSPD Impound unused
  • 0x96B8D8 – SFPD Impound Car 1
  • 0x96B918 – SFPD Impound Car 2
  • 0x96B958 – SFPD Impound Car 3
  • 0x96B998 – SFPD Impound unused
  • 0x96B9D8 – LVPD Impound Car 1
  • 0x96BA18 – LVPD Impound Car 2
  • 0x96BA58 – LVPD Impound Car 3
  • 0x96BA98 – LVPD Impound usued
  • 0x96BAD8 – Calton Heights Car 1
  • 0x96BB18 – Calton Heights Car 2
  • 0x96BB58 – Calton Heights Car 3
  • 0x96BB98 – Calton Heights Car 4
  • 0x96BBD8 – Paradiso Car 1
  • 0x96BC18 – Paradiso Car 2
  • 0x96BC58 – Paradiso Car 3
  • 0x96BC98 – Paradiso Car 4
  • 0x96BCD8 – Doherty Car 1
  • 0x96BD18 – Doherty Car 2
  • 0x96BD58 – Doherty Car 3
  • 0x96BD98 – Doherty Car 4
  • 0x96BDD8 – Hashbury Car 1
  • 0x96BE18 – Hashbury Car 2
  • 0x96BE58 – Hashbury Car 3
  • 0x96BE98 – Hashbury Car 4
  • 0x96BED8 – Verdant Meadows Airport Car 1
  • 0x96BF18 – Verdant Meadows Airport Car 2
  • 0x96BF58 – Verdant Meadows Airport Car 3
  • 0x96BF98 – Verdant Meadows Airport Car 4

Offsets:

  • +0x0 = [CVector] Coord
  • +0xE = [word] BPDPEPFP coding
  • +0x10 = [word] Car ID
  • +0x2F = [byte] Body Color ordinal
  • +0x30 = [byte] Stripe Color ordinal
  • +0x3C = [float] Car Angle

Interface

  • 0xBAB22C – [byte] Health bar/red text/enemy marker/anything red color (RGBA, 4 bytes)
  • 0xBAB230 – [byte] Money font color/vehicle entry name/green text/anything green color (RGBA, 4 bytes)
  • 0xBAB238 – [byte] White text color (RGBA, 4 bytes)
  • 0xBAB240 – [byte] Main menu title border (RGBA, 4 bytes)
  • 0xBAB244 – [byte] Wanted level color (RGBA, 4 bytes)
  • 0xBAB24C – [byte] Radio station text color (RGBA, 4 bytes)
  • 0xBAB258 – [byte] Yellow blip/text color (RGBA, 4 bytes)

Menu

The following addresses have been found:

0xBA6748 – Base address.

  • +0x15D = [byte] Current Menu ID
  • +0x78D = [byte] Show menu item hover
  • +0x54 = [dword] Selected menu item
  • +0xE9 = [byte] Main menu switch (startup menu/menu when playing)
  • +0x84 = [dword] Language
  • +0x15F = [byte] Selected savegame
  • +0x24 = [dword] Radar mode
  • +0x64 = [float] Map zoom
  • +0x68 = [float] Map x position
  • +0x6C = [float] Map y position
  • +0x5C = [byte] Player in menu?

Menu IDs

Known Menu IDs (get ID at 0xBA68A5):

  • 0 = Stats
  • 1 = Start game
  • 2 = Brief
  • 3 = Audio options
  • 4 = Display settings
  • 5 = Map
  • 6 = Question start new game
  • 7 = Game selection
  • 8 = Question load mission pack
  • 9 = Load game
  • 10 = Delete game
  • 11 = Question load save game
  • 12 = Question delete game
  • 13 = Loads first savegame? *crash
  • 14 = Delete successful
  • 15 = Delete successful
  • 16 = Save game
  • 17 = Question save
  • 18 = Save successful
  • 19 = Save successful
  • 20 = Save game ok
  • 21 = Load game ok
  • 22 = Game affected, do not save
  • 23 = Display default settings
  • 24 = Audio default settings
  • 25 = Controller default settings
  • 26 = User track options
  • 28 = Language
  • 29 = Save game ok
  • 30 = Save unsuccessful
  • 31 = Load game (save unsuccessful)
  • 32 = Load unsuccessful, file corrupted
  • 33 = Options
  • 34 = Main menu
  • 35 = Quit game
  • 36 = Controller setup
  • 37 = Redefine controls
  • 38 = Foot/vehicle controls
  • 39 = Mouse settings
  • 40 = Joypad settings
  • 41 = Game running main menu
  • 42 = Quit game
  • 43 = Empty

SCM related

  • 0xA49960 – Start of the SCM block (0xA49960 + (4 * varnumber) is that particular variable)
  • 0xA7A6A0 – Start of the mission block (69000 bytes)
  • 0x464080 – GetOpcodeParameters()
  • 0xA447F4 – Command count
  • 0x469F00 – CRunningScript_ProcessOneCommand
  • 0x464080 – CRunningScript_CollectParameters
  • 0x4859D0 – CRunningScript_UpdateCompareFlag
  • 0x469390 – Game_Script_Thread struct
  • 0xA43C78 – Where the routine above stores opcode parameters values. Max 16 paramters for an opcode it seems
  • 0x8A6168 – "Master" jumptable, each dword points to one of 27 different functions, each one handling approx 100 opcodes
  • 0x466C50 – Opcodes 0000 – 0063. Array of dword, each pointing to the function for that opcode
  • 0x468364 – Opcodes 0064 – 00C4. Array of dword, each pointing to the function for that opcode
  • 0x469E4C – Opcodes 00D6 – 0129. Array of byte, each byte is an index for the array of dword at 0x469DD4, which points to the opcode function
  • 0x47D1B4 – Opcodes 0137 – 018F. Array of byte, each byte is an index for the array of dword at 0x47D0F4, which points to the opcode function
  • 0x47DFE0 – Opcodes 0190 – 01F3. Array of byte, each byte is an index for the array of dword at 0x47DF58, which points to the opcode function
  • 0x47F304 – Opcodes 01F4 – 0256. Array of byte, each byte is an index for the array of dword at 0x47F24C, which points to the opcode function
  • 0x47FA04 – Opcodes 0292 – 02B8. Array of byte, each byte is an index for the array of dword at 0x47F9BC, which points to the opcode function
  • 0x480FD8 – Opcodes 02BE – 031D. Array of byte, each byte is an index for the array of dword at 0x480F10, which points to the opcode function
  • 0x4836B8 – Opcodes 0320 – 0382. Array of byte, each byte is an index for the array of dword at 0x483600, which points to the opcode function

(No time to finish now, will finish later)

Threads

0xA8B430 – Start of the threads pool. There are two queues: the active threads and inactive ones.
0xA8B42C – Pointer to the first active SCM thread.
0xA8B428 – Pointer to the first inactive SCM thread.

Each thread has size of 224 (0xE0) bytes.

  • +0x0 = [void*] Pointer to the next thread in a queue
  • +0x4 = [void*] Pointer to the previous thread in a queue
  • +0x8 = [char] Thread name given by the opcode 03A4, char 8
  • +0x10 = [dword] Thread base IP (used in the missions and external scripts to calculate a global address of a local jump offset)
  • +0x14 = [dword] Current IP
  • +0x18 = [dword] Return stack (stores the current IP when a gosub executed, dword 8)
  • +0x38 = [word] Last item index of the return stack
  • +0x3C = [dword] Local variables array, dword 32
  • +0xBC = [dword] Automatically incrementing timers, dword 2
  • +0xC4 = [boolean] Thread active flag
  • +0xC5 = [boolean] IF result
  • +0xC6 = [boolean] Mission flag
  • +0xC7 = [boolean] External script flag
  • +0xC8 = [boolean] Unknown flag (in menu?). Used in 03E5
  • +0xC9 = [boolean] Unknown flag (ID of an assigned script?)
  • +0xCC = [dword] Wakeup time (set by 0001)
  • +0xD0 = [word] IF number (set by 00D6)
  • +0xD2 = [boolean] Not flag (if a condition to check is negative – any opcodes higher than 0x7FFF)
  • +0xD3 = [boolean] Wasted or busted check enabled flag (set by 0111); only for missions
  • +0xD4 = [boolean] Player is wasted or busted flag; only for missions
  • +0xD8 = [dword] Skip scene IP (used by opcodes 0707, 0701)
  • +0xDC = [boolean] Mission flag

External Scripts Info

0xA47B60 – Start of the external scripts info pool. There are 82 elements with 32 bytes of size each

  • +0x0 = [dword] Script IP
  • +0x4 = [word] Status (can be obtained by 0926)
  • +0x6 = [word] Index in SCM (a number as defined in the scm header)
  • +0x8 = [char] Name, char 20
  • +0x1C = [dword] Size

0xA485A0 – [dword] Size of the largest external script
0xA485A4 – [dword] Total scripts count

Restart Locations

Also see: opcodes 016C and 016D / save file block 8
An unmodded game has 7 restart locations for "busted" and 8 for "wasted". The memory structure suggests a limit of 10 for both of these.

  • 0xA43268: dword -- number of busted structures
  • 0xA4326C: dword -- number of wasted structures
  • 0xA43270: float[10] -- town numbers for busted structures (1 LS / 2 Country+SF / 3 Desert+LV)
  • 0xA43298: float[10] -- angles for busted structures
  • 0xA432C0: float[10] -- town numbers for wasted structures (1 LS / 2 Country+SF / 3 Desert+LV)
  • 0xA432E8: float[10] -- angles for wasted structures
  • 0xA43310: float -- unused float, only set up to (0.005 * 0.0625 = 0.0003125), 1/0.0003125 = 3200.0
  • 0xA43318: float[3][10] -- x,y,z – respawn coords for wasted structures
  • 0xA43390: float[3][10] -- x,y,z – respawn coords for busted structures
  • 0xA43408: byte[12] -- unknown; matching 12 unknown bytes of save block 8, 0x01 after Busted structures
  • 0xA43414: byte[12] -- unknown; matching 12 unknown bytes of save block 8, 0x0F after Busted structures
  • 0xA43420: [end]

Notes:

  • Town nos. and angles have the busted structures first but coords have the wasted structures first.
  • I'm not sure about the end of this structure, but I couldn't recognize anything from the according save block 8 after 0xA43420.

Misc

0xA4892C – Start of the pool stored the flipped vehicles handles. There are 6 elements in there, with each of them:

  • +0x0 = [dword] Vehicle handle to check if it flipped. Stored by opcode 0190.
  • +0x4 = [dword] Time in ms passed from the moment a vehicle flipped. Used by opcode 018F

0xA90850 – Start of the mission cleanup list. This list keeps the handles of any entities created during a mission. When the opcode 00D8 executed (normally it happens at the end of any mission), the game reads this list and destroys everything being stored there. Maximum items on the list is 75. Each item has the following structure:

  • +0x0 = [byte] Entity type:
    • 1 – vehicle
    • 2 – actor
    • 3 – object
    • 4 – particle
    • 5 – group (062F)
    • 7 – AS_origin (061D)
    • 8 – action_sequence
    • 9 – decision maker
    • 11 – searchlight
    • 13 – txd_dictionary
  • +0x4 = [dword] entity handle (an index in the proper pool)

Weather Codes

0xC81318 – [word] Weather lock (by AlienX).
0xC8131C – [word] Upcoming weather.
0xC81320 – [word] Current weather.

The following values tie up with the sections in data/timecycp.dat. There are several different kinds of weathers (including underwater), and the current weather affects viewing distance, sky colour, fog intensity, and other things like that. The appearance of each weather is time-dependent too.

Weather Values:

  • 0 = EXTRASUNNY_LA
  • 1 = SUNNY_LA
  • 2 = EXTRASUNNY_SMOG_LA
  • 3 = SUNNY_SMOG_LA
  • 4 = CLOUDY_LA
  • 5 = SUNNY_SF
  • 6 = EXTRASUNNY_SF
  • 7 = CLOUDY_SF
  • 8 = RAINY_SF
  • 9 = FOGGY_SF
  • 10 = SUNNY_VEGAS
  • 11 = EXTRASUNNY_VEGAS (heat waves)
  • 12 = CLOUDY_VEGAS
  • 13 = EXTRASUNNY_COUNTRYSIDE
  • 14 = SUNNY_COUNTRYSIDE
  • 15 = CLOUDY_COUNTRYSIDE
  • 16 = RAINY_COUNTRYSIDE
  • 17 = EXTRASUNNY_DESERT
  • 18 = SUNNY_DESERT
  • 19 = SANDSTORM_DESERT
  • 20 = UNDERWATER (greenish, foggy)
  • 21 = EXTRACOLOURS_1 (very dark, gradiented skyline, purple) Used for interiors?
  • 22 = EXTRACOLOURS_2 (very dark, gradiented skyline, green) Used for interiors?


The following are not mentioned in that file, but can be used anyway:

  • 23 to 26 = variations of pale orange
  • 27 to 29 = variations of fresh blue
  • 30 to 32 = variations of dark, cloudy, teal
  • 33 = dark, cloudy, brown
  • 34 = blue/purple, regular
  • 35 = dull brown
  • 36 to 38 = bright, foggy, orange
  • 39 = extremely bright
  • 40 to 42 = blue/purple cloudy
  • 43 = dark toxic clouds
  • 44 = black/white sky
  • 45 = black/purple sky

Warning: Setting these values to anything higher will result in things like black screen, flickering, really red, etc.

Dependencies

  • Car ptr = player ptr when on foot.

Note: This depends on which address for the pointer is being used, if the car pointer appears to be the same as the player pointer on foot, then you may be using a camera-related target pointer.

  • CPed block size = 0x7C4 bytes.
  • CVehicle block size = 0x0A18 bytes.

External links