Can anyone tell me how to use memory functions. I want to create a marker somewhere specific.



How to use it? How to insert the handle and location into 0x5839A9?

0AA5 for calling functions with no return.
0AA6 for calling methods with no return.
0AA7 for functions with a return.
0AA8 for methods with a return.

I am using 00A6: but nothing shows up. Which isn't suprising because I probably used incorrect parameters.


How to know num_params?

Nothing is created yet, what struct do I have to use?

And pop is 0?

Pointer to class/struct only applies to 0AA6 and 0AA8. You're using 0AA7.

num_params is simply the number of parameters that you want to PUSH to the stack, which is an array of params the function reads from. pop is the number of params to free from the stack, so its usually the same as the number of params you pushed. In some cases, the function pops the params itself, in which case you leave this at 0.

I cant say exactly what params there are for each function as they have not yet perfected IDA for Android... Check the IDB.

I've tried 5, for both num and pop. But it didn't work. I see 5 params in this:
deleted to save space

This post has been edited by badboy: Jun 7 2012, 09:22 PM

Well you just gotta make sure you pass the correct params.

From what I can tell from the ASM, the params are: type, x coord, y coord, z coord, boolean flags

Also I believe you have to enter the params in reverse when using the opcode.

Just look how it called.

I've tried this:


But I get a game crash, I've also tested other ways and removing "result_to 0@".
About the flags, they are 2 params (0, 2) do I have to merge them together somehow?

Learn more info here. The fifth argument is missing in the function but they're still 6. Change the parameters and popping arguments counter to 6.

I don't get it. But I guess that it would be strange to understand everything by reading a short vague tutorial. Anyway I still don't get the code to work:


I'll try to use an other function and see if I can get that to work. Can anyone tell me what 8, 0Ch and 10h means? Is ptr == pointer?


EDIT: New function doesn't work either (CPed_teleport)


This post has been edited by badboy: Jun 5 2012, 07:22 PM

Neither from nothing as you're doing.


Those are the offsets which are added to the stack pointer (esp) to get the argument pointer. Note that local variable offsets are subtracted.


__thiscall methods need the this pointer to be passed, and so the class pointer. Read the tutorial I linked.

I cannot answer the rest since I don't have the game installed at the moment.

This post has been edited by Wesser: Jun 5 2012, 07:45 PM

Well you've got 6 params there. The function only wants 5... So this would be the code:


For CPed::Teleport, it works off a CPed pointer ('ped struct'), so we need to use 0AA6. Also, usually thiscalls clean their own stack. At the bottom of that function you may see the asm "retn 0Ch", which means it's returning from the function and popping 12 (0xC) bytes off the stack, so you can leave the pop value at 0. Also, as I said before, these opcodes have a tendency of wanting params passed backwards.


It should call correctly like that with no crashes. It's just whether that function will work for teleporting the ped alone and it is happy with the coordinates not being radian values that I'm really unsure of.


If you get a crash, you can use the error address to tell where the problem was caused by going to that address in IDA (hit G and enter the address without the 0x prefix). This is always a major help when trying to figure out what's causing a crash when one occurs in gta_sa.exe. If Windows says the module is "cleo.asi" or something, then the crash is most likely directly due to a CLEO opcode (e.g. 0AA7 crashed before CLEO could call the function).

The first function still doesn't work (maybe no pop?), but I'll leave that one. The second one doesn't work either.

EDIT: I can't find those addresses in IDA

Crash:


I've read some more about asm and I understand fastman92 tutorial now. These are very good tutorials for the basics:
An Introduction to Assembly Language Part II
An Introduction to Assembly Language Part III

And does anyone know how to debug in IDA? If an exception takes place the game freezes, and I can't open up IDA to look at the exception. I had to terminate both processes. Windowed mode will probably fix this, but I can't debug with IDA when I use a windowed mode mod.

This post has been edited by badboy: Jun 6 2012, 05:02 PM

MS Visual Studio makes a better debugger...

Where you gettin that exception address from?

Nope. arg_10 is missing but the function still requires 6 arguments to pop off the stack.

Oh yeah, the unused colour param from GTA3... You're right.

Visual Studio has the same problem, I can't do anything in vs when sa crashes.
But I made a note from what vs showed:
Something with "Stack" was scmlog.cleo!003a4f4e() and some other addresses 0x003a4f4e (the same), 0xc0000005 and 0x00000011

EDIT: I've managed to debug properly in Visual Studio
The exact crash is at 01D24F4E, eax has a value of 17

This post has been edited by badboy: Jun 6 2012, 07:02 PM

And you're definitely sure those lines of code are the problem?

Kinda hard for me to be sure of anything without doing it hands on.

Nothing crashed in the function, but then the code jumped to god knows where and I got the error message.

Can anyone tell me how to see the values are added in the function? I can add breakpoints, but the values are added before the function is executed and I don't know where they are added (when I use the normal opcode).

And how do I now what all types are? For example if I load a model using function 0x4087E0 I need to add 0 and #ADMIRAL. But why 0? And I sort of know why the first function didn't work because something is wrong and the opcode doesn't work either. Don't know how to describe that in a proper sentence

This post has been edited by badboy: Jun 8 2012, 01:31 PM