Jump to content

How to find memory addresses?


Recommended Posts

First, you should get IDA Pro Advanced. It's an application to dissasemble a binary file that lets you rename all the symbols found, as well as making all kinds of annotations. All these annotations and changes that you do will be saved to a file with the idb extension.

You could try to find some gtasa.idb in google, there are some that have a lot of reversed stuff.

Now, let's say that you want to detect what piece of code is changing your vehicle health to, for example, find what's the memory address of the code processing the bullet hits. You should first take your vehicle memory address, which you can find placing a breakpoint at the vehicles class constructor (you can find this address in the game_sa module). Now, as GTASA is compiled using Visual studio and its ABI for thiscall is passing the this pointer into ecx, the pointer to your vehicle will probably be at the ecx register. Annotate it and continue with the application.

Now that you got the base address of the vehicle, you can also get the address of the vehicle memory field containing its health (you can get the offset from game_sa module as well). Place a hardware memory breakpoint for Write at that address and you will get what instructions are changing it. The fun just began: guess what the heck is every of those pieces of code doing.

This was just an example. There are lots of other methods to find memory addresses.

Link to comment

Okay, I just reversed this for you. You are right in that the offset 0xCC contains the current antialiasing value, but it contains the value for the menu frontend. You must change this value and also the value at offset 0xC8, which is the actual offset containing the currently set and accepted antialiasing value. By the way, both the values at 0xCC and 0xC8 are DWORDs, not BYTEs.

After changing both values (I think that changing the value at 0xC8 is enough though), you need to call the function at 0x7F8A90 and call the function at 0x57D16E passing the setting at offset 0xD4 (dwVideoMode) as parameter. Remember to clear this parameter from the stack after the call.

For more information, refer to the code that is updating the antialiasing value at 0x57D149.

Link to comment
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...