How to detect when a game calls a certain function, such as Save or Load.

[atom0s]

OllyDbg is a debugger.

IDA is a disassembler and a debugger.

[K^2]

OllyDbg is a debugger.

IDA is a disassembler and a debugger.

Oh right, so how did you get the information from ollydbg? I can't attach it because the game wont maximize then.

How did you learn all this lol

[atom0s]

Oh right, so how did you get the information from ollydbg? I can't attach it because the game wont maximize then.

How did you learn all this lol

Set Olly to be always on top, so when you alt+tab it'll come up.
And if a breakpoint is hit you can CTRL+ALT+DEL to open Task Manager and tab to Olly then instead of losing control etc.

As for getting the info, set a conditional logging breakpoint. To do that:
- Open OllyDbg.
- Open GTASA in Olly.
- Ctrl+G and enter CreateFileA (* see note 1 below!)
- At the top of the function, right-click -> Breakpoint -> Conditional Log
- Leave everything how it is exception change the following two things:
---> Log value of expression : Set to always.
---> Log function arguments : Set to always.
- Click ok, a pink breakpoint should be set on the address now.

Note 1: If you are on Windows 7/8 going directly to CreateFileA wont work with Ctrl+G since you will land up in the kernelbase wrapper instead. To get the real API address, right-click in the code window, choose view, then find kernel32 in the list. Right-click again after kernel32 is loaded, choose search for -> Name (label) in current module. Find CreateFileA export, double click it and you'll be at the real API call.

Then run the game as normal, load/save etc. and then alt+tab back to OllyDbg and check the log window for the results.

As for how I learned how to do this, trial and error, taking the time to learn the tools at hand, etc. I've been doing stuff like this for over 15 years now so you get used to it after awhile of practice heh.

[K^2]

I followed your instructions, is this the log window because this is the data in it after loading the game:

https://i.imgur.com/u5cQGdD.png

Thankyou for the explaination, can you remind me what I should be looking for now you've found "gta_sa.00834215"?
Once the start address is found do I need to re-write the save/load system exactly as the .exe did or can I do it my own way?

Also, the reason I'm doing this is to bypass certain data the game checks for and writes when saving/loading (mainly the missions).
Is this possible?

I really can't thank you enough atom0s, you sir deserve a medal.

[atom0s]

Here is a quickly thrown together hook for it:

Code:

/**
 * Grand Theft Auto: San Andras - File Loader Hook
 * (c) 2013 atom0s [atom0s@live.com]
 */

#include <Windows.h>
#include <string>

#define MakeJump( f, t ) (int)( ( (int)t - (int)f ) - 5)

DWORD   g_SaveGame      = 0x00834038;
DWORD   g_JumpBack      = 0x00000000;

DWORD   g_Argument1     = NULL;
DWORD   g_Argument2     = NULL;
DWORD   g_Argument3     = NULL;
DWORD   g_Argument4     = NULL;
DWORD   g_Argument5     = NULL;

char    g_OutputBuffer[ 1024 ] = { 0 };

__declspec( naked ) void  SaveGameHook( void )
{
    __asm
    {
        // Pull the arguments from the stack..
        push DWORD PTR DS:[esp+0x04]
        pop [g_Argument1]
        push DWORD PTR DS:[esp+0x08]
        pop [g_Argument2]
        push DWORD PTR DS:[esp+0x0C]
        pop [g_Argument3]
        push DWORD PTR DS:[esp+0x10]
        pop [g_Argument4]
        push DWORD PTR DS:[esp+0x14]
        pop [g_Argument5]

        // Restore the original code..
        push ebp
        mov ebp, esp
        sub esp, 0x1C

        // Preserve registers and flags..
        pushad
        pushfd
    }

    sprintf_s( g_OutputBuffer, 1024, "SaveGameHook [Arg1: 0x%08X][Arg2: 0x%08X][Arg3: %s][Arg4: %d][Arg5: %d]",
        g_Argument1, g_Argument2, g_Argument3, g_Argument4, g_Argument5
        );
    OutputDebugString( g_OutputBuffer );

    __asm
    {
        // Restore registers and flags..
        popfd
        popad

        // Jump back to the original function..
        jmp g_JumpBack
    }
}

void InstallHook( HMODULE hModule )
{
    MessageBox(0,0,0,0);
    DWORD dwOldProtection = NULL;
    VirtualProtect( (LPVOID)0x00834038, 0x1000, PAGE_EXECUTE_READWRITE, &dwOldProtection ); 

    BYTE* btJump            = (BYTE*)g_SaveGame;
    *(BYTE*)(btJump + 0)    = 0xE9;
    *(int* )(btJump + 1)    = MakeJump( btJump, SaveGameHook );
    *(BYTE*)(btJump + 5)    = 0x90; // Nop extra data..

    g_JumpBack = (DWORD)( btJump + 6 );
}

BOOL APIENTRY DllMain( HMODULE hModule, DWORD fdwReason, LPVOID lpReserved )
{
    UNREFERENCED_PARAMETER( lpReserved );

    switch (fdwReason)
    {
    case DLL_PROCESS_ATTACH:
        InstallHook( hModule );
        break;
    }

    return TRUE;
}

However looking at it now, the function seems to be used to load all types of files:

Code:

[7236] SaveGameHook [Arg1: 0x0028FB6C][Arg2: 0x0028FB68][Arg3: loadscs.txd][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FB58][Arg2: 0x0028FB54][Arg3: loadscs.txd][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FB5C][Arg2: 0x0028FB58][Arg3: loadscs.txd][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FCE0][Arg2: 0x0028FCDC][Arg3: AMERICAN.GXT][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FC14][Arg2: 0x0028FC10][Arg3: HANDLING.CFG][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FBEC][Arg2: 0x0028FBE8][Arg3: data\surface.dat][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FBCC][Arg2: 0x0028FBC8][Arg3: data\surfinfo.dat][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FCB0][Arg2: 0x0028FCAC][Arg3: data\surfaud.dat][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FCBC][Arg2: 0x0028FCB8][Arg3: DATA\PEDSTATS.DAT][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028F14C][Arg2: 0x0028F148][Arg3: PedEvent.txt][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028EFE4][Arg2: 0x0028EFE0][Arg3: RANDOM.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028EFE4][Arg2: 0x0028EFE0][Arg3: m_norm.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028EFE4][Arg2: 0x0028EFE0][Arg3: m_plyr.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028EFE4][Arg2: 0x0028EFE0][Arg3: RANDOM.grp][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028EFE4][Arg2: 0x0028EFE0][Arg3: MISSION.grp][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028E638][Arg2: 0x0028E634][Arg3: GangMbr.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028E62C][Arg2: 0x0028E628][Arg3: Cop.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028E620][Arg2: 0x0028E61C][Arg3: R_Norm.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028E614][Arg2: 0x0028E610][Arg3: R_Tough.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028E608][Arg2: 0x0028E604][Arg3: R_Weak.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028E5FC][Arg2: 0x0028E5F8][Arg3: Fireman.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028E638][Arg2: 0x0028E634][Arg3: m_empty.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028E62C][Arg2: 0x0028E628][Arg3: Indoors.ped][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028E620][Arg2: 0x0028E61C][Arg3: RANDOM.grp][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028E614][Arg2: 0x0028E610][Arg3: RANDOM2.grp][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FC24][Arg2: 0x0028FC20][Arg3: TIMECYC.DAT][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FC84][Arg2: 0x0028FC80][Arg3: POPCYCLE.DAT][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FCE4][Arg2: 0x0028FCE0][Arg3: AUDIO\CONFIG\BANKSLOT.DAT][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FCE4][Arg2: 0x0028FCE0][Arg3: AUDIO\CONFIG\BANKLKUP.DAT][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FC60][Arg2: 0x0028FC5C][Arg3: AUDIO\CONFIG\PAKFILES.DAT][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FCE4][Arg2: 0x0028FCE0][Arg3: AUDIO\STREAMS\AA][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FCE0][Arg2: 0x0028FCDC][Arg3: sa-utrax.dat][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FCC0][Arg2: 0x0028FCBC][Arg3: AUDIO\STREAMS\AA][Arg4: 0][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FD0C][Arg2: 0x0028FD08][Arg3: AUDIO\CONFIG\EVENTVOL.DAT][Arg4: 0][Arg5: 420]

When you open the 'Load Save Game screen this is the result:

Code:

[7236] SaveGameHook [Arg1: 0x0028FA14][Arg2: 0x0028FA10][Arg3: C:\Users\atom0s\Documents\GTA San Andreas User Files\GTASAsf1.b][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FA04][Arg2: 0x0028FA00][Arg3: C:\Users\atom0s\Documents\GTA San Andreas User Files\GTASAsf1.b][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FA14][Arg2: 0x0028FA10][Arg3: C:\Users\atom0s\Documents\GTA San Andreas User Files\GTASAsf2.b][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FA04][Arg2: 0x0028FA00][Arg3: C:\Users\atom0s\Documents\GTA San Andreas User Files\GTASAsf2.b][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FA14][Arg2: 0x0028FA10][Arg3: C:\Users\atom0s\Documents\GTA San Andreas User Files\GTASAsf3.b][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FA14][Arg2: 0x0028FA10][Arg3: C:\Users\atom0s\Documents\GTA San Andreas User Files\GTASAsf4.b][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FA14][Arg2: 0x0028FA10][Arg3: C:\Users\atom0s\Documents\GTA San Andreas User Files\GTASAsf5.b][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FA14][Arg2: 0x0028FA10][Arg3: C:\Users\atom0s\Documents\GTA San Andreas User Files\GTASAsf6.b][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FA14][Arg2: 0x0028FA10][Arg3: C:\Users\atom0s\Documents\GTA San Andreas User Files\GTASAsf7.b][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FA14][Arg2: 0x0028FA10][Arg3: C:\Users\atom0s\Documents\GTA San Andreas User Files\GTASAsf8.b][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FB8C][Arg2: 0x0028FB88][Arg3: MODELS\FRONTEN1.TXD][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FB8C][Arg2: 0x0028FB88][Arg3: MODELS/FRONTEN_pc.TXD][Arg4: 32768][Arg5: 420]
[7236] SaveGameHook [Arg1: 0x0028FB8C][Arg2: 0x0028FB88][Arg3: MODELS\FRONTEN2.TXD][Arg4: 32768][Arg5: 420]

From here you are on your own though. I got other things to attend to. Good luck.