Quantcast

Jump to content

» «
Photo

Documenting GTA3/VC memory addresses

1,208 replies to this topic
AK-73
  • AK-73

    Hustler

  • Members
  • Joined: 31 Oct 2005

#871

Posted 02 August 2007 - 01:53 PM

Are you sure the copying of values works as it should?
I always do it differently...
If I know there's a float at say 0x7E46B8 (the x position of the camera), this is how I do it:

CODE
float* camX = 0x7E46B8;
float nPlayer_X = *camX;


Of course if I store an address as a DWORD, I have to convert it to float* first.

Anyway, my general advice beyond that would be: get a good debugger, learn how to use it and study what your code does in actuality. Doing so has helped me *a lot* with bugs. With that one doesn't have to *guess* anymore what goes wrong, one can actually study what is happening.

Alex

PS You're writing a swimming mod? For VC or GTA3?

Balin2003
  • Balin2003

    Player Hater

  • Members
  • Joined: 13 Jul 2005

#872

Posted 26 August 2007 - 09:20 PM

2 Dexx and others

In Dexx's code of CarRef.asi which adds "real-time" reflections to VC were noted these adresses:


In RW.cpp:

RpWorldAddCamera 0x00654460
RwTextureCreate 0x0064DE60
RwRasterCreate 0x00655490
RwCameraBeginUpdate 0x0064A820
RwCameraEndUpdate 0x0064A810
RwFrameCreate 0x00644AA0
RwFrameTranslate 0x006450A0
RwImageCreate 0x00651250
RwImageAllocatePixels 0x00651310
RwImageSetFromRaster 0x00660270
RwImageDestroy 0x006512B0
RwRasterSetFromImage 0x006602B0
RwRasterPushContext 0x00655320
RwRasterRenderFast 0x00655270
RwRasterPopContext 0x006553D0
RwTextureSetRaster 0x0064DCC0

In EntryPoint.cpp:
RwCameraGetRaster 0x008100BC
MatFXEnvRender 0x00674EE0
0x006765C9

Could someone give equivalents of these adresses or may be create an asi file like these but for GTA3?

P.S. Xcuse 4 my bad english

ModelingMan
  • ModelingMan

    Crackalacking!

  • Feroci
  • Joined: 23 Jan 2004
  • Scotland

#873

Posted 29 August 2007 - 01:13 PM

GTAIII addresses:

RpWorldAddCamera 0x005AFB80
RwTextureCreate 0x005A72D0
RwRasterCreate 0x005AD930
RwCameraBeginUpdate 0x005A5030
RwCameraEndUpdate 0x005A5020
RwFrameCreate 0x005A1A00
RwFrameTranslate 0x005A2000
RwImageCreate 0x005A9120
RwImageAllocatePixels 0x005A91E0
RwImageSetFromRaster 0x005BBF10
RwImageDestroy 0x005A9180
RwRasterSetFromImage 0x005BBF50
RwRasterPushContext 0x005AD7C0
RwRasterRenderFast 0x005AD710
RwRasterPopContext 0x005AD870

RwTextureSetRaster is non-existant in GTAIII, however you can set it manually...
If you are using the Renderware headers then set it like so:
CODE
RwRaster *raster;
RwTexture *texture;
...
texture->raster = raster;

Alternatively you can do this:
CODE
void *raster;
void *texture;
...
*(DWORD*)(texture) = (DWORD)raster;


QUOTE (Balin2003 @ Aug 26 2007, 22:20)
In EntryPoint.cpp:
RwCameraGetRaster  0x008100BC

That isn't the address to the function, that's the address of a static RwCamera data struct. The equivalent of that in GTAIII is 0x0072676C.

MatFXEnvRender 0x005CF6C0
0x005D0CE9

Balin2003
  • Balin2003

    Player Hater

  • Members
  • Joined: 13 Jul 2005

#874

Posted 02 September 2007 - 08:49 PM

A lot of thanks!

Could somebody help me with finding
rwcore.h
rwplcore.h
rpworld.h
?

gamenerd
  • gamenerd

    Linux lover

  • BUSTED!
  • Joined: 19 Nov 2005

#875

Posted 26 November 2007 - 10:03 PM

QUOTE (DexX @ Sep 9 2006, 16:25)
Good news: I fixed the alpha issue in vice!
Bad news: it affects everything with an alpha channel!

0057FA7A                push    5 ;D3DCMP_GREATER = 5
0057FA7C                push    19h
0057FA7E                call    _RwD3D9SetRenderState ; D3DRS_ALPHAFUNC = 25 (map objects)
^sets up the alpha func..

0057FA85                push    2 ;ALPHAREF
0057FA87                push    18h
0057FA89                call    _RwD3D9SetRenderState ; D3DRS_ALPHAREF = 24 (map objects)
^when blending, it compares it to the value @ 57fa85. the default value of 2, produces this result..
user posted image

with higher values (F0 seen here) producing smoother blending...
user posted image

There are are no other areas i can find that control alpha the way this does (well one for the menu, but i dont have it handy), but i figured id post it anyway, as this might be the closest its come to getting fixed. 80-A0 seem to work fairly well, while retaining some of the alpha. the main problem, is with the clouds which get pretty much erased, along with shadows from peds/vehicles/dynamic objects.

Having problems getting this in my gta-vc.exe
user posted imagemonocle.gif

wexxa
  • wexxa

    Player Hater

  • Members
  • Joined: 18 Aug 2007

#876

Posted 27 November 2007 - 02:45 PM

GTA 3: LC
Hí, would be itself ask if one no knows these Memory Addres

HUD - ?
Loading Screen (txd) - ?
and load newgame confused.gif
main.scm - ?
data/mains - ?

Heckstorm
  • Heckstorm

    Are you Lookin' at me?!

  • Members
  • Joined: 09 Dec 2007

#877

Posted 02 January 2008 - 04:13 PM

I'm confused. What file in gta 3 am I suppose to go to change the camera in the car? I'm so confused where to put it.

Gouveia
  • Gouveia

    #YardOn

  • The Yardies
  • Joined: 01 Jan 2006
  • Brazil

#878

Posted 16 January 2008 - 05:58 PM

Hey guys. Is there any tutorial for newbs? Also, is it posible to change the game cheats with this? Say, I can spawn a hunter typing "BROWNTHUNDER"?

AK-73
  • AK-73

    Hustler

  • Members
  • Joined: 31 Oct 2005

#879

Posted 21 January 2008 - 06:50 PM

QUOTE (VinnyGouveia @ Jan 16 2008, 17:58)
Hey guys. Is there any tutorial for newbs? Also, is it posible to change the game cheats with this? Say, I can spawn a hunter typing "BROWNTHUNDER"?


Don't know if there is a tutorial but if necessary, I can guide anyone through the first steps. Best to not do that in *this thread* though.

Alex

Shadow-Link
  • Shadow-Link

    Li'l G Loc

  • Members
  • Joined: 01 Dec 2004
  • Netherlands

#880

Posted 21 January 2008 - 11:43 PM

That would be awesome AK-73. Maybe you can post a "mini" tutorial in the tutorial forum.

MeanpantheR
  • MeanpantheR

    Player Hater

  • Members
  • Joined: 03 Feb 2005

#881

Posted 15 February 2008 - 01:33 PM

Does anyone know the address you have to NOP to stop the WalkState/Animation from resetting itself?

AK-73
  • AK-73

    Hustler

  • Members
  • Joined: 31 Oct 2005

#882

Posted 15 February 2008 - 02:56 PM

QUOTE (MeanpantheR @ Feb 15 2008, 14:33)
Does anyone know the address you have to NOP to stop the WalkState/Animation from resetting itself?


For VC? Yeah, I do, but not at the top of my head. I won't be able to tell you before Monday. For VC, the walk state is +0x1F4 into the player object. Just set a memory breakpoint on that DWORD. Maybe that information helps already?

Alex

MeanpantheR
  • MeanpantheR

    Player Hater

  • Members
  • Joined: 03 Feb 2005

#883

Posted 16 February 2008 - 12:32 PM

When I try to set a breakpoint it fails.
The breakpoint i'm ment to be setting is CPed + 0x1F4 right? ... or am I doing it totaly wrong?

AK-73
  • AK-73

    Hustler

  • Members
  • Joined: 31 Oct 2005

#884

Posted 18 February 2008 - 04:21 PM

Well, first of all I forgot to look it up because I managed to "crack" the xbox format over the weekend, sorry.

Secondly, yes, CPed + 0x1F4.

Don't know which debugger you are using, I am using ollydbg and setting a normal breakpoint in that memory area usually fails on me too. When that happens and it's important I set a *hardware breakpoint* on that address instead. That works always.

Alex

MeanpantheR
  • MeanpantheR

    Player Hater

  • Members
  • Joined: 03 Feb 2005

#885

Posted 18 February 2008 - 06:51 PM

I'm also using OllyDBG, I actually spent a couple of hours looking up with the error I kept getting when setting the breakpoint.
Cheers for the info on setting the hardware breakpoint, il try that out in a sec.

AK-73
  • AK-73

    Hustler

  • Members
  • Joined: 31 Oct 2005

#886

Posted 18 February 2008 - 06:55 PM

QUOTE (MeanpantheR @ Feb 18 2008, 19:51)
I'm also using OllyDBG, I actually spent a couple of hours looking up with the error I kept getting when setting the breakpoint.
Cheers for the info on setting the hardware breakpoint, il try that out in a sec.


One advice: I had problem of getting rid of the hardware breakpoint again afterwards... I usually do that by setting hardware execution breakpoints - you can only have 4 hardware breakpoints and upon setting the 4th execution breakpoint, it shows me a menu to delete the memory breakpoint. Hardware execution breakpoints can be deleted - by going to the line you set them and right click, etc. (Please note that hardware memory breakpoints stop on the line after the modification/access.)

Alex

MeanpantheR
  • MeanpantheR

    Player Hater

  • Members
  • Joined: 03 Feb 2005

#887

Posted 18 February 2008 - 08:15 PM Edited by MeanpantheR, 18 February 2008 - 08:34 PM.

I don't think i'm setting the hardware breakpoints correctly.
After I set one of them on CPed+0x1F4.
I go into game and run about for awhile, but my game dosnt minimize itself or anything.

:::EDIT:::
I did set it properly and the game did quit out.
I got a new problem. Whenever my game quits out because of a breakpoint, I can't view OllyDBG or anything but my start bar.

I think i'm going to have to find out how to play the game in a window in order to debug it properly...

MrJax
  • MrJax

    Player Hater

  • Members
  • Joined: 31 May 2005

#888

Posted 19 February 2008 - 11:41 AM Edited by MrJax, 19 February 2008 - 11:44 AM.

Use this aswell:
CODE
SetWindowLong ( pPresentationParameters->hDeviceWindow, GWL_STYLE, WS_POPUP )

AK-73
  • AK-73

    Hustler

  • Members
  • Joined: 31 Oct 2005

#889

Posted 19 February 2008 - 02:19 PM

QUOTE (MeanpantheR @ Feb 18 2008, 21:15)
I don't think i'm setting the hardware breakpoints correctly.
After I set one of them on CPed+0x1F4.
I go into game and run about for awhile, but my game dosnt minimize itself or anything.

:::EDIT:::
I did set it properly and the game did quit out.
I got a new problem. Whenever my game quits out because of a breakpoint, I can't view OllyDBG or anything but my start bar.

I think i'm going to have to find out how to play the game in a window in order to debug it properly...


I use the speedometer. It has a function that allows to run VC windowed. Works like a charm. I even did rewrite the d3d8.dll to not render the speedometer, only to run the game windowed.

Alex

MeanpantheR
  • MeanpantheR

    Player Hater

  • Members
  • Joined: 03 Feb 2005

#890

Posted 20 February 2008 - 01:13 AM

I've still had trouble trying to get the address.
The Fullscreen thing isn't a problem anymore ( I just plugged in another monitor )
The address I found, I NOP'd and had some strange results...
I would try running foward then straft off to the left but it would continue to run foward even when I release the 'w'/up key.

What i'm trying to do is have an actor basicly copy what i'm doing.
I've got the X/Y/Z/Rotation sorted, and the walking/running animation working abit. But whenever I stop sprinting and go into a jog, the Actors animation would get set to standing still (Thats what i'm trying to get rid off)

AK-73
  • AK-73

    Hustler

  • Members
  • Joined: 31 Oct 2005

#891

Posted 25 February 2008 - 03:31 PM

default.ide, I think.

This file sets the walking style per ped.

I would also like to point you to my GTA:Martial Arts mod which has a side-benefit of allowing to introduce new animations (triggering them is another matter), including walk styles.

Here's an overview of how animations work:

Each time an animation gets triggered, the responsible proc gets handed *two* variables determining the animation.

Let's call the first animation ID and the second animation group ID.

You see, the combination of both determines which animation actually gets triggered.

The concept of the animation group allows the engine to have different actors "do" the same thing in a different way. For example, the activity of walking might have animation ID 1 (not sure whether that's the ID but...). Then you can specify different styles of walking by just changing the animation group ID. That's what +0x1F4/the walk style in default.ide is for, iirc.

Please realize this though: I think the player walkstyle has more animations than the ped walkstyles. I think run_player only exists in the player animation group(=walkstyle), the ped walkstyles only no walking and sprinting (sprint_civi).

So your problem may be this (*may be*): the animation ID for run_player (the jog animation) might be, let's say, 3. But since it's a ped, the game never calls animation ID 3 because by default all ped walkstyles don't include a jog, so it didn't ,make sense to code that into the ped AI. All the game then calls are IDs for walking or full-blown sprint.

In that case you would have to write a plug-in into the ped AI and trigger the running animation yourself.


But I am not sure on any of this without looking at it from inside the game myself first-hand first. It's been a while since I had been coding on this.

Alex


Squiddy
  • Squiddy

    Back!

  • The Connection
  • Joined: 06 Oct 2004

#892

Posted 18 March 2008 - 09:27 PM Edited by Squiddy, 18 March 2008 - 09:29 PM.

0x978794 DWORD People killed (from stats)
0x9B48EC DWORD Amount of frames to be rendered per second. Default is 30. (framelimiter)

Yeah, it's boring, but those were asked for. tounge.gif

maxorator
  • maxorator

    VC:MP lead developer

  • Members
  • Joined: 24 Feb 2006
  • None
  • Contribution Award [Mods]

#893

Posted 19 March 2008 - 07:44 AM Edited by maxorator, 19 March 2008 - 07:46 AM.

Plus it registers the count separately for each model, both cars and peds.
0x7D8E30 WORD[240] Amount of that model either destroyed (car) or killed (ped)
CDarkel_RegisterKillByPlayer(CPed*,eWeaponType,bool) @ 0x429E90 - increases the value for peds (0-129)
CDarkel_RegisterCarBlownUpByPlayer(CVehicle*) @ 0x429DF0 - increases the value for cars (130-239)
CDarkel_ResetModelsKilledByPlayer(void) @ 0x429B00 - resets the count
CDarkel_QueryModelsKilledByPlayer(int) @ 0x429AF0 - returns the amount of specified models destroyed

SkuggyA
  • SkuggyA

    Player Hater

  • Members
  • Joined: 15 Dec 2007

#894

Posted 07 November 2008 - 02:56 AM

Does anyone know the address of the PlayerInfo check(s) in the player processor (gta-vc.00537270)? I've been looking for hours and I can't seem to find it. confused.gif

HM128
  • HM128

    blabla

  • Feroci
  • Joined: 09 Jul 2006
  • European-Union
  • Best Map 2013 "ViceCityStories PC Edition"

#895

Posted 07 November 2008 - 09:47 PM Edited by HackMan128, 07 November 2008 - 09:49 PM.

im so excited this topic so I wrote some little and fast program for test some address. More features later smile.gif
here's the link: http://www.megaupload.com/?d=RVNWWEML

maxorator
  • maxorator

    VC:MP lead developer

  • Members
  • Joined: 24 Feb 2006
  • None
  • Contribution Award [Mods]

#896

Posted 24 November 2008 - 07:54 PM

QUOTE (SkuggyA @ Nov 7 2008, 02:56)
Does anyone know the address of the PlayerInfo check(s) in the player processor (gta-vc.00537270)? I've been looking for hours and I can't seem to find it. confused.gif

What exactly do you mean?

SkuggyA
  • SkuggyA

    Player Hater

  • Members
  • Joined: 15 Dec 2007

#897

Posted 26 November 2008 - 11:10 PM

I'm trying to create a co-op over a LAN, and I am trying to enable car jacking between two players; my theory is that if I nop out the call to the CPlayerInfo structure, the structure which contains data for the players which distinguish them from peds, then jacking will be enabled. I could find the PlayerInfo call in SA, but I can't in VC.

maxorator
  • maxorator

    VC:MP lead developer

  • Members
  • Joined: 24 Feb 2006
  • None
  • Contribution Award [Mods]

#898

Posted 27 November 2008 - 12:17 PM Edited by maxorator, 27 November 2008 - 04:08 PM.

QUOTE (SkuggyA @ Nov 26 2008, 23:10)
I'm trying to create a co-op over a LAN, and I am trying to enable car jacking between two players; my theory is that if I nop out the call to the CPlayerInfo structure, the structure which contains data for the players which distinguish them from peds, then jacking will be enabled.  I could find the PlayerInfo call in SA, but I can't in VC.

It most definately won't help since it doesn't affect the things you mentioned, though it makes you lose control over the player since some key handling is done in CPlayerInfo::Process too (entering/exiting a vehicle and more). Trying to make your player a normal ped is a very bad idea since it will certainly cause lots of side effects. If you're still interested though, CPlayerInfo::Process is located at 4BCA90h and is called from CWorld::Process.

SkuggyA
  • SkuggyA

    Player Hater

  • Members
  • Joined: 15 Dec 2007

#899

Posted 27 November 2008 - 03:31 PM

Hmm... then how would I go about doing this? I see what you mean about the probs

maxorator
  • maxorator

    VC:MP lead developer

  • Members
  • Joined: 24 Feb 2006
  • None
  • Contribution Award [Mods]

#900

Posted 30 November 2008 - 10:18 PM

QUOTE (SkuggyA @ Nov 27 2008, 15:31)
Hmm... then how would I go about doing this? I see what you mean about the probs

You have to find where that check is located. One hint might be that it probably calls CPed::IsPlayer() (4F4930h) to check that. I haven't done that myself so I can't tell any specific address at the moment.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users