Difference between revisions of "Gamecheats:SPAZ"

From Cheat Engine
Jump to navigation Jump to search
m
m
Line 49: Line 49:
 
* 0458: Heading (float) Actual ship heading
 
* 0458: Heading (float) Actual ship heading
 
* 04C4: Heading (float) Heading to cursor
 
* 04C4: Heading (float) Heading to cursor
* 04D0: X Speed (float)
+
* 04D0: X Speed (String)
* 04D4: Y Speed (float)
+
* 04D4: Y Speed (String)
 
* 04E4: Max Strength
 
* 04E4: Max Strength
 
* 0520: Accelleration (affects bigger ships more?)
 
* 0520: Accelleration (affects bigger ships more?)
Line 56: Line 56:
 
* 0C78: POINTER->Armor Struct
 
* 0C78: POINTER->Armor Struct
 
* 0C7C: POINTER->Shields Struct
 
* 0C7C: POINTER->Shields Struct
* 0CAC: Rez (float) - rez in cargo hold
+
* 0CAC: Rez (String) - rez in cargo hold
 
* 0CB4: Crew (integer) - total crew, so displayed number + 1
 
* 0CB4: Crew (integer) - total crew, so displayed number + 1
 
* 0CC0: POINTER->Reactor Struct
 
* 0CC0: POINTER->Reactor Struct
Line 63: Line 63:
  
 
* 0058: POINTER->Ship Struct
 
* 0058: POINTER->Ship Struct
* 0060: Current Armor (float)
+
* 0060: Current Armor (String)
* 00A0: Max Armor (float) - will repair up to this
+
* 00A0: Max Armor (String) - will repair up to this
* 00A4: Max Armor (float) - doesn't appear to have an effect
+
* 00A4: Max Armor (String) - doesn't appear to have an effect
  
 
=== Shield Struct ===
 
=== Shield Struct ===
Line 72: Line 72:
 
* 0050: POINTER->Shield Data Block (0004 into it is pointer to string name of shield type)
 
* 0050: POINTER->Shield Data Block (0004 into it is pointer to string name of shield type)
 
* 0058: POINTER->Ship Struct
 
* 0058: POINTER->Ship Struct
* 0078: Current Shields (float)
+
* 0078: Current Shields (String)
* 007C: Max Shields (float)
+
* 007C: Max Shields (String)
 
* 0080: -1 when shields on, timer when off (maybe to tell how long to complete cloaking?)
 
* 0080: -1 when shields on, timer when off (maybe to tell how long to complete cloaking?)
  
Line 80: Line 80:
  
 
* 0058: POINTER->Ship Struct
 
* 0058: POINTER->Ship Struct
* 0074: Current Charge (float)
+
* 0074: Current Charge (String)
* 0078: Max Charge (float)
+
* 0078: Max Charge (String)
  
  

Revision as of 13:50, 27 June 2012

Structs

Structs in SPAZ generally have the following format:

0000: Type - same for instances of a class, actually address of pointer to some code
0004: 0000000000000
0008: FFFFFFFFFFFFF
000C: FFFFFFFFFFFFF

The type values will vary with different compilations of the game, but will be the same for all instances of an object type.

Ship List (generic list?)

Version 1.014 (2011-12-17) stores a pointer to the ship list at 007186F0. This can be used to access all ships present in the game. To find this address in other versions, do a scan for this array of bytes (after unchecking 'Writable' or making it grayed out like Executable):

A1 ?? ?? ?? ?? 8b 48 50 8b 40 58 83 c7 04 8d 04 88 53 68

You should just get one address, 40C20B in my case. Select it in the list and hit CTRL+D to disassemble the memory region and you should see instructions like this:

0040C20B - A1 F0867100                - mov eax,[007186F0] : [273DBDF8]
0040C210 - 8B 48 50                   - mov ecx,[eax+50]
0040C213 - 8B 40 58                   - mov eax,[eax+58]

The 007186F0 is the address of the list structure that contains active ships. The following shows that it puts the count of ships into ECX and the address of the ship list into EAX.

0000: Type (00597964)
0050: Count
0054: Max Count
0058: Pointer to list

The list pointed to by 0058 is just a list of (Count) pointers to ships.

Ship Struct

  • 00DC: Pointer to self - useful for validating that you are in a ship structure
  • 0100: TurningSpeed (float) - Computer ships will spaz out if too high, but you can basically make your ship turn instantly
  • 03E0: Incrementing counter (even when game paused) - usefull for checking that ship is still active
  • 03F4: Flags (03F7 is 1 for player ship)
  • 0400: Another Pointer to self
  • 0430: X (float) Increases moving right
  • 0434: Y (float) Increases moving down
  • 0458: Heading (float) Actual ship heading
  • 04C4: Heading (float) Heading to cursor
  • 04D0: X Speed (String)
  • 04D4: Y Speed (String)
  • 04E4: Max Strength
  • 0520: Accelleration (affects bigger ships more?)
  • 0554: Another Pointer to self
  • 0C78: POINTER->Armor Struct
  • 0C7C: POINTER->Shields Struct
  • 0CAC: Rez (String) - rez in cargo hold
  • 0CB4: Crew (integer) - total crew, so displayed number + 1
  • 0CC0: POINTER->Reactor Struct

Armor Struct

  • 0058: POINTER->Ship Struct
  • 0060: Current Armor (String)
  • 00A0: Max Armor (String) - will repair up to this
  • 00A4: Max Armor (String) - doesn't appear to have an effect

Shield Struct

(cloaks too)

  • 0050: POINTER->Shield Data Block (0004 into it is pointer to string name of shield type)
  • 0058: POINTER->Ship Struct
  • 0078: Current Shields (String)
  • 007C: Max Shields (String)
  • 0080: -1 when shields on, timer when off (maybe to tell how long to complete cloaking?)


Reactor Struct

  • 0058: POINTER->Ship Struct
  • 0074: Current Charge (String)
  • 0078: Max Charge (String)


Scripting

SPAZ is written with the Torque game engine and uses its scripting. You can find some interesting things, like if you look for ".?AVArmorClass@@", in 1.014 it is at 060B300. The previous 4 bytes are 00000000, the 4 before that are 005E35BC (BC 35 5E 00). There are many other classes around there. If you search for the address of 8 bytes before the string, there are some pointers to it that you can look for access for in code.