Difference between revisions of "Gamecheats:SPAZ"
m (Reverted edits by 186.23.35.44 (Talk) to last revision by 203.82.95.28) |
|
(2 intermediate revisions by one other user not shown) | |
(No difference)
|
Latest revision as of 00:06, 28 June 2012
Contents
Structs[edit]
Structs in SPAZ generally have the following format:
0000: Type - same for instances of a class, actually address of pointer to some code 0004: 00000000 0008: FFFFFFFF 000C: FFFFFFFF
The type values will vary with different compilations of the game, but will be the same for all instances of an object type.
Ship List (generic list?)[edit]
Version 1.014 (2011-12-17) stores a pointer to the ship list at 007186F0. This can be used to access all ships present in the game. To find this address in other versions, do a scan for this array of bytes (after unchecking 'Writable' or making it grayed out like Executable):
A1 ?? ?? ?? ?? 8b 48 50 8b 40 58 83 c7 04 8d 04 88 53 68
You should just get one address, 40C20B in my case. Select it in the list and hit CTRL+D to disassemble the memory region and you should see instructions like this:
0040C20B - A1 F0867100 - mov eax,[007186F0] : [273DBDF8] 0040C210 - 8B 48 50 - mov ecx,[eax+50] 0040C213 - 8B 40 58 - mov eax,[eax+58]
The 007186F0 is the address of the list structure that contains active ships. The following shows that it puts the count of ships into ECX and the address of the ship list into EAX.
0000: Type (00597964) 0050: Count 0054: Max Count 0058: Pointer to list
The list pointed to by 0058 is just a list of (Count) pointers to ships.
Ship Struct[edit]
- 00DC: Pointer to self - useful for validating that you are in a ship structure
- 0100: TurningSpeed (float) - Computer ships will spaz out if too high, but you can basically make your ship turn instantly
- 03E0: Incrementing counter (even when game paused) - usefull for checking that ship is still active
- 03F4: Flags (03F7 is 1 for player ship)
- 0400: Another Pointer to self
- 0430: X (float) Increases moving right
- 0434: Y (float) Increases moving down
- 0458: Heading (float) Actual ship heading
- 04C4: Heading (float) Heading to cursor
- 04D0: X Speed (float)
- 04D4: Y Speed (float)
- 04E4: Max Strength
- 0520: Accelleration (affects bigger ships more?)
- 0554: Another Pointer to self
- 0C78: POINTER->Armor Struct
- 0C7C: POINTER->Shields Struct
- 0CAC: Rez (float) - rez in cargo hold
- 0CB4: Crew (integer) - total crew, so displayed number + 1
- 0CC0: POINTER->Reactor Struct
Armor Struct[edit]
- 0058: POINTER->Ship Struct
- 0060: Current Armor (float)
- 00A0: Max Armor (float) - will repair up to this
- 00A4: Max Armor (float) - doesn't appear to have an effect
Shield Struct[edit]
(cloaks too)
- 0050: POINTER->Shield Data Block (0004 into it is pointer to string name of shield type)
- 0058: POINTER->Ship Struct
- 0078: Current Shields (float)
- 007C: Max Shields (float)
- 0080: -1 when shields on, timer when off (maybe to tell how long to complete cloaking?)
Reactor Struct[edit]
- 0058: POINTER->Ship Struct
- 0074: Current Charge (float)
- 0078: Max Charge (float)
Scripting[edit]
SPAZ is written with the Torque game engine and uses its scripting. You can find some interesting things, like if you look for ".?AVArmorClass@@", in 1.014 it is at 060B300. The previous 4 bytes are 00000000, the 4 before that are 005E35BC (BC 35 5E 00). There are many other classes around there. If you search for the address of 8 bytes before the string, there are some pointers to it that you can look for access for in code.