Gamecheats:SPAZ

From Cheat Engine
Revision as of 11:06, 26 December 2011 by Jgoemat (talk | contribs) (Created page with '== Structs == Structs in SPAZ generally have the following format: 0000: Type - same for instances of a class, actually address of pointer to some code 0004: 00000000 0008: …')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Structs

Structs in SPAZ generally have the following format:

0000: Type - same for instances of a class, actually address of pointer to some code
0004: 00000000
0008: FFFFFFFF
000C: FFFFFFFF

The type values will vary with different compilations of the game, but will be the same for all instances of an object type.

Ship List (generic list?)

Version 1.014 (2011-12-17) stores a pointer to the ship list at 007186F0. This can be used to access all ships present in the game. To find this address in other versions, do a scan for this array of bytes (after unchecking 'Writable' or making it grayed out like Executable):

A1 ?? ?? ?? ?? 8b 48 50 8b 40 58 83 c7 04 8d 04 88 53 68

You should just get one address, 40C20B in my case. Select it in the list and hit CTRL+D to disassemble the memory region and you should see instructions like this:

0040C20B - A1 F0867100                - mov eax,[007186F0] : [273DBDF8]
0040C210 - 8B 48 50                   - mov ecx,[eax+50]
0040C213 - 8B 40 58                   - mov eax,[eax+58]

The 007186F0 is the address of the list structure that contains active ships. The following shows that it puts the count of ships into ECX and the address of the ship list into EAX.

0000: Type (00597964)
0050: Count
0054: Max Count
0058: Pointer to list

The list pointed to by 0058 is just a list of (Count) pointers to ships.

Ship Struct

  • 00DC: Pointer to self - useful for validating that you are in a ship structure
  • 0100: TurningSpeed (float) - Computer ships will spaz out if too high, but you can basically make your ship turn instantly
  • 03E0: Incrementing counter (even when game paused) - usefull for checking that ship is still active
  • 03F4: Flags (03F7 is 1 for player ship)
  • 0400: Another Pointer to self
  • 0430: X (float) Increases moving right
  • 0434: Y (float) Increases moving down
  • 0458: Heading (float) Actual ship heading
  • 04C4: Heading (float) Heading to cursor
  • 04D0: X Speed (float)
  • 04D4: Y Speed (float)
  • 04E4: Max Speed
  • 0520: Accelleration (affects bigger ships more?)
  • 0554: Another Pointer to self
  • 0C78: POINTER->Armor Struct
  • 0C7C: POINTER->Shields Struct
  • 0CAC: Rez (float) - rez in cargo hold
  • 0CB4: Crew (integer) - total crew, so displayed number + 1
  • 0CC0: POINTER->Reactor Struct

Armor Struct

  • 0058: POINTER->Ship Struct
  • 0060: Current Armor (float)
  • 00A0: Max Armor (float) - will repair up to this
  • 00A4: Max Armor (float) - doesn't appear to have an effect

Shield Struct

(cloaks too)

  • 0050: POINTER->Shield Data Block (0004 into it is pointer to string name of shield type)
  • 0058: POINTER->Ship Struct
  • 0078: Current Shields (float)
  • 007C: Max Shields (float)
  • 0080: -1 when shields on, timer when off (maybe to tell how long to complete cloaking?)


Reactor Struct

  • 0058: POINTER->Ship Struct
  • 0074: Current Charge (float)
  • 0078: Max Charge (float)


Scripting

SPAZ is written with the Torque game engine and uses its scripting. You can find some interesting things, like if you look for ".?AVArmorClass@@", in 1.014 it is at 060B300. The previous 4 bytes are 00000000, the 4 before that are 005E35BC (BC 35 5E 00). There are many other classes around there. If you search for the address of 8 bytes before the string, there are some pointers to it that you can look for access for in code.