Quantcast

Jump to content

» «
Photo

Documenting GTA3/VC memory addresses

1,185 replies to this topic
jacob.
  • jacob.

    Homie

  • Members
  • Joined: 27 Jun 2004

#961

Posted 03 July 2010 - 06:19 AM

QUOTE (grovespaz @ Feb 4 2010, 17:52)
Now, imagine this with an ingame dissassembler which shows you the mission script as you step through it inlove.gif
Ambitious? Yes! But too much fun to let go sigh.gif

kudos icon14.gif I specifically requested a run-time SCM debugger in 2005, to which no one replied (topic). It's nice to see VC still being RE'd.

spaceeinstein
  • spaceeinstein

    Chocolate

  • GTA Mods Staff
  • Joined: 17 Jul 2003
  • Hong-Kong
  • Major Contribution Award [Mods]
    Helpfulness Awards [Mods]

#962

Posted 23 July 2010 - 03:42 AM Edited by spaceeinstein, 21 August 2010 - 03:59 PM.

VC garage stuff, original main.scm
CODE
0x7D74B8 - 4 bytes - car IDE model
0x7D74BC - float - x position
0x7D74C0 - float - y position
0x7D74C4 - float - z position
0x7D74C8 - float - vector angle x
0x7D74CC - float - vector angle y
0x7D74D0 - float - vector angle z
0x7D74D4 - 4 bytes - immunities
0x7D74D8 - 1 byte - primary color
0x7D74D9 - 1 byte - secondary color
0x7D74DA - 1 byte - radio station
0x7D74DB - 1 byte - variation  (see http://www.gtaforums.com/index.php?showtopic=107998&view=findpost&p=1059651247)
0x7D74DC - 1 byte - variation 2
0x7D74DD - 1 byte - bomb type (3=remote,2=engine ignition,1=timed)
+28h for each additional garage

CODE
0x7D74B8 - el swanko casa (1 car garage)
0x7D74E0 - el swanko casa
0x7D7508 - el swanko casa
0x7D7530 - el swanko casa
0x7D7558 - hyman condo left (4 car garage)
0x7D7580 - hyman condo left
0x7D75A8 - hyman condo left
0x7D75D0 - hyman condo left
0x7D75F8 - hyman condo middle (2 car garage)
0x7D7620 - hyman condo middle
0x7D7648 - hyman condo middle
0x7D7670 - hyman condo middle
0x7D7698 - hyman condo right (2 car garage)
0x7D76C0 - hyman condo right
0x7D76E8 - hyman condo right
0x7D7710 - hyman condo right
0x7D7738 - ocean heights (1 car garage)
0x7D7760 - ocean heights
0x7D7788 - ocean heights
0x7D77B0 - ocean heights
0x7D77D8 - links view apartment (1 car garage)
0x7D7800 - links view apartment
0x7D7828 - links view apartment
0x7D7850 - links view apartment
0x7D7878 - sunshine autos far right (2 car garage)
0x7D78A0 - sunshine autos far right
0x7D78C8 - sunshine autos far right
0x7D78F0 - sunshine autos far right
0x7D7918 - sunshine autos mid right (2 car garage)
0x7D7940 - sunshine autos mid right
0x7D7968 - sunshine autos mid right
0x7D7990 - sunshine autos mid right
0x7D79B8 - sunshine autos mid left (2 car garage)
0x7D79E0 - sunshine autos mid left
0x7D7A08 - sunshine autos mid left
0x7D7A30 - sunshine autos mid left
0x7D7A58 - sunshine autos far left (2 car garage)
0x7D7A80 - sunshine autos far left
0x7D7AA8 - sunshine autos far left
0x7D7AD0 - sunshine autos far left
0x7D7AF8 - vercetti estate (2 car garage)
0x7D7B20 - vercetti estate
0x7D7B48 - vercetti estate
0x7D7B70 - vercetti estate

All garages can fit at most four cars, even if the garages aren't scripted to open for more than 2 cars.

TheSiggi
  • TheSiggi

    Surgeon

  • Members
  • Joined: 05 Jul 2009

#963

Posted 23 July 2010 - 09:42 AM

CODE
00A10942
is the cheat pool... you can read it with
CODE
05E0: $Read  = read_memory  $Memory size 4 virtual_protect 0
CLEOVC opcode

spaceeinstein
  • spaceeinstein

    Chocolate

  • GTA Mods Staff
  • Joined: 17 Jul 2003
  • Hong-Kong
  • Major Contribution Award [Mods]
    Helpfulness Awards [Mods]

#964

Posted 23 July 2010 - 05:55 PM Edited by spaceeinstein, 05 December 2011 - 06:07 PM.

What do you mean cheat pool? That address is the last key that was pressed and should be size 1. The last 30 keys pressed is recorded by the game beginning with that address.
• A10942 - 30 bytes - last 30 keys pressed

More stuff, all related to "text draw" opcodes
CODE
address - type - description - default value
0x7F0EA0 - float - X stretch (033F) - 0.48
0x7F0EA4 - float - Y stretch - 1.12
0x7F0EA8 - 1 byte - red (0340) - 225
0x7F0EA9 - 1 byte - green - 225
0x7F0EAA - 1 byte - blue - 225
0x7F0EAB - 1 byte - alpha - 255
0x7F0EAC - 1 byte - 0341, shows no effect... - 0
0x7F0EAD - 1 byte - centered at X position (0342) - 0
0x7F0EAE - 1 byte - background (0345) - 0
0x7F0EAF - 1 byte - ? - 0
0x7F0EB0 - float - text width - 182.0
0x7F0EB4 - float - ? - 640.0
0x7F0EB8 - 1 byte - background red - 128
0x7F0EB9 - 1 byte - background green - 128
0x7F0EBA - 1 byte - background blue - 128
0x7F0EBB - 1 byte - background alpha - 128
0x7F0EBC - 1 byte - each letter has consistent width - 1
0x7F0EBD - 1 byte - (reference link below) - 0
0x7F0EBE - 1 byte - the right end of the text ends at X position - 0
0x7F0EC0 - 1 byte - font (use 0,1,2) - 1
0x7F0EC4 - float - x position (033E)
0x7F0EC8 - float - y position
0x7F0ECC - string - the actual text
+0xF4 for each additional text draw

0x7F0EBD
Ends at 0x7F3B6C, 48 text draws supported

SugarD-x
  • SugarD-x

    GTA Fanatic!!!

  • Members
  • Joined: 12 Aug 2005

#965

Posted 25 July 2010 - 08:45 AM

I saw the Wiki topic linked with this but it contains no GTA 3 Memory Addresses. What gives?

Also, that SCM Runtime debugger is an awesome idea. I can't ****ing believe no one has made it yet...

kikiboy95
  • kikiboy95

    Ol' sql, brah.

  • Members
  • Joined: 23 Mar 2010
  • None

#966

Posted 25 July 2010 - 09:18 AM

QUOTE (SugarD-x @ Jul 25 2010, 11:45)
Also, that SCM Runtime debugger is an awesome idea. I can't ****ing believe no one has made it yet...

Say what? Where can I find that one?

spaceeinstein
  • spaceeinstein

    Chocolate

  • GTA Mods Staff
  • Joined: 17 Jul 2003
  • Hong-Kong
  • Major Contribution Award [Mods]
    Helpfulness Awards [Mods]

#967

Posted 25 July 2010 - 07:13 PM

This topic has both III and VC memory addresses. Although you have to scroll through every page to find what you want.

towncivilian
  • towncivilian

    Player Hater

  • Members
  • Joined: 04 Aug 2007

#968

Posted 25 July 2010 - 07:32 PM

Is there any memory address which deals with SCM execution while the pause menu is active? I'd like for the game to continue executing despite being in the pause menu.

spaceeinstein
  • spaceeinstein

    Chocolate

  • GTA Mods Staff
  • Joined: 17 Jul 2003
  • Hong-Kong
  • Major Contribution Award [Mods]
    Helpfulness Awards [Mods]

#969

Posted 25 July 2010 - 07:44 PM Edited by spaceeinstein, 02 August 2010 - 09:16 AM.

FINALLY, I found where all the GXT code colors for VC are located. The colors I had listed in GTAModding had been accurate all along! The keys are based on the virtual key codes values + 0x20 for all of them.
CODE
All in RGB order:
~r~
0x550564
0x550568
0x55056C

~g~
0x550574
0x550578
0x55057C

~b~
0x550584
0x550588
0x55058C

~w~
0x550594
0x550598
0x55059C

~h~
0x5505A4
0x5505A8
0x5505AC

~y~
0x5505B1
0x5505B5
0x5505B9

~p~
0x5505BE
0x5505C2
0x5505C6

~l~
0x5505CB
0x5505CF
0x5505D3

~q~
0x5505D8
0x5505DC
0x5505E0

~t~
0x5505E5
0x5505E9
0x5505ED

~o~
0x5505F2
0x5505F6
0x5505FA

~x~
0x5506FF
0x550603
0x550607

There are other codes like ~f~ and ~n~, which had no color effect when I tested them. What properties do those codes have?

This is a funny picture
user posted image
•0x6971CC
Determines the fatness and skinniness of the text, negative values create a mirrored text!

towncivilian
  • towncivilian

    Player Hater

  • Members
  • Joined: 04 Aug 2007

#970

Posted 31 July 2010 - 02:41 AM Edited by towncivilian, 18 September 2010 - 05:10 AM.

Here are some memory addresses found by Stoku:

CODE
GTA3 1.1:
0x48C3F2 - nop *5 to disable trains
0x95CF34 - freeze at 0 to have game continue SCM execution while in pause menu (does not work if set through SCM; see my post a few posts down for some addresses that will work through SCM)
0x593439 - nop *2 to disable replays

VC 1.0:
0x4D0DA0 - nop *7 to enable execution of SCM in pause menu (works if you set through SCM)
0x4A45C3 - nop *5 to disable replays

spaceeinstein
  • spaceeinstein

    Chocolate

  • GTA Mods Staff
  • Joined: 17 Jul 2003
  • Hong-Kong
  • Major Contribution Award [Mods]
    Helpfulness Awards [Mods]

#971

Posted 06 August 2010 - 12:58 PM Edited by spaceeinstein, 06 August 2010 - 01:17 PM.

Do you hate how the cars that spawn in traffic do not obey the game's law of gravity? Here's a way to fix it.
CODE
0x428EC0 - 1 byte - set to 0
0x428EA7 - 8 bytes - nop them

Traffic will feel similar to GTA IV's. Cars no longer float above ground, cars' wheels will turn when turning, running across the street can result in getting hit, and the car jerks forward when stopping quickly. The only negative side effect is that the "miamitraffic" cheat no longer works.

kikiboy95
  • kikiboy95

    Ol' sql, brah.

  • Members
  • Joined: 23 Mar 2010
  • None

#972

Posted 06 August 2010 - 05:10 PM

Space, can you explain to me via pm how can I make a small CLEO mod which sets the memory adresses you found to something I want. In example, I want a CLEO that controls siren positions and this thing above, but whenever I do it, it crashes. Pls help me, so I can make a mod that controls most of stuff that are normally unable to be modified. Thank you in advance smile.gif

spaceeinstein
  • spaceeinstein

    Chocolate

  • GTA Mods Staff
  • Joined: 17 Jul 2003
  • Hong-Kong
  • Major Contribution Award [Mods]
    Helpfulness Awards [Mods]

#973

Posted 07 August 2010 - 01:29 AM Edited by spaceeinstein, 14 August 2010 - 02:35 PM.

QUOTE (grovespaz @ Feb 4 2010, 17:52)
I've found a way to make VC step through the SCM instructions one step at a time! I can pause and resume the script interpreter at any time, Vice City temporarily stops executing instructions until I release it  lol.gif

I think I found another way to pause the script. At 0x44FEDD, set to 0 to pause the script and 1 to resume. Works just like the way you described. It's kind of fun being able to pause the script whenever I want:


EDIT: Rockstar definitely rigged the police. I found the addresses that controls how fast the police should chase the player.
CODE
all float
0x686E40 - 3 stars
0x686E44 - 4 stars
0x686E48 - 5 stars
0x686E4C - 6 stars

No wonder they can keep up with my Cheetah!

EDIT2: More garages. What I posted before are only for the vehicles saved in save garages. This one is the property of the garage itself.
CODE
0x812668 - Vice Port Pay n Spray
0x812710 - Sunshine Autos Spray n Go
0x8127B8 - Little Haiti Pay n Spray
0x812860 - Vice Point Pay n Spray
0x812908 - Ocean Beach Pay n Spray
etc. The order is primarily based on the order in which they are created through the script file.
+0x0 - 1 byte - garage type
+0x1 - 1 byte - door state (0=closed,1=opened,2=closing,3=opening)
+0x2 - 1 byte - max number of cars to store
+0x19 - 1 byte - set swing door (03BB)
+0x1A - 1 byte - set camera follow player (03DA)

Similar to the above pause script, 0x434713 set to 0 pauses all garage activity. It's most noticeable when the door is closing. You can pause and unpause it!

Can someone find a way to disable VC from unrendering the environment that are behind the camera?

HM128
  • HM128

    alovelyday

  • Feroci
  • Joined: 09 Jul 2006
  • None
  • Best Map 2013 "ViceCityStories PC Edition"

#974

Posted 17 August 2010 - 07:37 AM Edited by HackMan128, 17 August 2010 - 07:39 AM.

Nice nice Space Einstein.
I found your memory address about drawing text.
All is good when i draw text on the screen, but...
When I get on to the some kind of cars, Infernus, it crashing the game.
Widescreen ON will help, but i wont play with that.
And. I do that in multiplayer so I don't know about Single, but there should work good.

Also the question is: How to exactly definitely close off this draw text after message?

spaceeinstein
  • spaceeinstein

    Chocolate

  • GTA Mods Staff
  • Joined: 17 Jul 2003
  • Hong-Kong
  • Major Contribution Award [Mods]
    Helpfulness Awards [Mods]

#975

Posted 18 August 2010 - 10:02 AM

The main reason why I bothered with text_draw was this. I was trying to find why my game keep freezing up with text_draw until I found that solution. To remove text_draw, you have to set text_draw display to off (03F0).

towncivilian
  • towncivilian

    Player Hater

  • Members
  • Joined: 04 Aug 2007

#976

Posted 18 September 2010 - 05:05 AM Edited by towncivilian, 28 October 2010 - 06:00 PM.

More addresses found by Stoku:

GTA3 1.1:
CODE
0x4AD580 - nop *7 to enable execution of SCM in pause menu (this will work even if you nop these through SCM; freezing 0x95CF34 at 0 doesn't)
0x530027 - nop *7 to disable money earned upon hitting other vehicles
0x421C45 - nop *5 to disable time progression after player is wasted


VC 1.0:
CODE
0x869668 - set to 0 to start game automatically upon launch
0x869641 - set to 1 to start game automatically upon launch
(both of these memory addresses must be set for this to occur)


And the same for VC 1.1:
CODE
0x869670 - set to 0
0x869649 - set to 1


I've tested all of these (plus the ones in my previous post; had to fix a couple in that post) and they all work.

EDIT 2010-10-28: Fixed a few of these.
EDIT2 2010-10-28: Fixed startup for VC again.

xNCx
  • xNCx

    VCMP beta tester

  • Members
  • Joined: 15 May 2008
  • None

#977

Posted 06 October 2010 - 08:41 AM

Am I blind, or no one has found the address for money in VC wow.gif ?

I have started playing with Cheat Engine last time and I found them...

CODE
0094ADC8 / 0x54ADC8 sets players money
0094ADCC / 0x54ADCC money don't changes, but the money change "animation" is performing?

towncivilian
  • towncivilian

    Player Hater

  • Members
  • Joined: 04 Aug 2007

#978

Posted 28 October 2010 - 04:25 AM Edited by towncivilian, 05 November 2010 - 01:09 AM.

GTA3 1.1:
CODE
0x5520F3 - 1 byte - amount of money earned upon entering a taxi vehicle

And to start game automatically on game launch:
CODE
0x8F5BA0 - 1 byte - 1
0x8F5A8C - 1 byte - 0
0x8F5A8C - 1 byte - 19

Setting 0x8F5A8C to 19 fixes a crash when the player tries to open "Display Options" after loading game; when set to "0" still, the menu is default (i.e. first pause after loading = gives the initial menu with start game, load game, quit) and causes issues. EDIT: This breaks radio playing automatically in vehicles; to enable it you need to enter the audio settings and go back ingame. Trying to solve this.

Disabling drive-by (thanks Stoku!):
CODE
0x4E0B22 - 1 byte - set to 0 to let GTA3 think fists are the drive-by weapon
0x4E0B65 - 1 byte - set to 0 to set current armed weapon to Fists instead of Uzi

Vice 1.0 & 1.1:
CODE
0x42BD71 - nop *5 to disable time advance after the player is wasted

Vice 1.1:
CODE
0x5B8ACF - nop *8 to disable earning money from entering taxi vehicles
0x4A45E3 - nop *5 to disable replays

towncivilian
  • towncivilian

    Player Hater

  • Members
  • Joined: 04 Aug 2007

#979

Posted 28 October 2010 - 09:04 PM Edited by towncivilian, 28 October 2010 - 10:55 PM.

GTA3 1.1:
CODE
0x4CFA56 - 1 byte - seems to have some control over shotgun ammo, specifically when entering police vehicles - I was able to trigger between 5, 8, and 11 earned with seemingly random values entered (???) also, setting to 19 disables acquisition of new shotgun shells from any source (!)
0x5F6EF8 - float - tilt (and size?) of player blip on radar - set to 10.0 for giant player blip pointing left
0x5F6F04 - float - controls size of radar map? try setting to 2.0 to see
0x5F7084 - float - seems to have something to do with LOD - set to 0.0 and result is http://i198.photobucket.com/albums/aa36/Towncivilian/0x5F7084.jpg
0x5F73DC - float - set to 5.0 for funky colors (traffic light size?), do not zero (video: http://www.youtube.com/watch?v=akSmA6CCCs4)

towncivilian
  • towncivilian

    Player Hater

  • Members
  • Joined: 04 Aug 2007

#980

Posted 04 November 2010 - 11:43 PM Edited by towncivilian, 05 November 2010 - 04:22 AM.

GTA3 1.1:

CODE
0x5FD9D4 - float - controls vertical position of wanted stars
0x421C0B - 1 byte - number of hours time is advanced when player is wasted; 1 disables, 8 is default


VC 1.0:

CODE
0x697B54 - float - controls vertical position of health display
0x697B9C - float - controls horizontal position of wanted stars

towncivilian
  • towncivilian

    Player Hater

  • Members
  • Joined: 04 Aug 2007

#981

Posted 05 November 2010 - 08:26 PM Edited by towncivilian, 06 November 2010 - 01:25 AM.

QUOTE (jacob. @ Apr 26 2005, 17:23)
Messing around in a debugger and found out how to change the name of the scm gta loads.
In fact, I found out the filename of every single file loaded.. and they aren't too hard to change. With this knowledge another possible city loader from LC-Myriad-VC is possible. Simply change the filenames and paths it loads, then force the game to reload.

user posted image

Here I have written my custom scm's filename - GTAS.SCM - in a code cave located in the memory. And as you can see, each address holds the numeric ascii value of one letter.
Then add 1 to the address and there is the location of the next letter.. you get it.

0x4506E1 - SCM file that GTAVC will load..
CODE
004506E1: PUSH gta-vc.xxxxxx // analysis = ASCII "main.scm",0

Scroll to 004506E1 in your debugger and you'll see something similiar to this. Change xxxxx to the address containing the binary ascii of your new file, in my case, 0x67dd50. Reload the game and it loads gtas.scm. This information may have been known for a while now, but if so, why hasn't this method been attempted in the making of a city loader? I don't see where it could fail.
So couldn't all GTA:LC files be installed as, say "mainLC.scm" and "gta3LC.img", etc, and then just reload these files to change cities?


I know this is a five year old quote, but I'm having difficulty getting this to work for Vice. I even tried changing the ASCII @ 0x6886AC to another SCM filename (i.e. nain.scm) and the game simply crashes upon completion of loading. When trying the quoted method, it seems to load, but crashes after loading also. The quoted method works perfectly for GTA3 1.1, however.

EDIT: While this works with the SCM in GTA3 1.1, I tried loading another tracks file and wrote "data\paths\tracks.hat" and set 0x54F170 to the new address containing the new path, but the game crashes after loading. Why does this work with some files and not others, or am I just doing something incorrectly?

EDIT2: I managed to fix the tracks issue, but the game still crashes with larger SCMs. I tried a smaller (1KB) SCM and it loaded, but a 127KB one did not. Why is this?

towncivilian
  • towncivilian

    Player Hater

  • Members
  • Joined: 04 Aug 2007

#982

Posted 29 November 2010 - 08:11 PM Edited by towncivilian, 01 December 2010 - 01:47 AM.

Figured it out, there's a SCM filepath at 6886A0 (this is just the folder) and 6D7368 (entire path). There's also an SCM filename at 6886AC, so you must change that if using anything other than main.scm.

For GTA3 1.1:
CODE
0x54F1E8 - nop *5 - disables train generation (but loads tracks.dat/tracks2.dat)
0x5EE790 - SCM folder path
0x5EE79C - SCM filename
0x610168 - entire SCM path


For Vice 1.0:
CODE
0x6886A0 - SCM folder path
0x6886AC - SCM filename
0x6D7368 - entire SCM path
0x69DB70 - weapon.dat folder path
0x69DB7C - weapon.dat filename


For Vice 1.1:
CODE
0x6886A0 - SCM folder path
0x6886AC - SCM filename
0x6D7340 - entire SCM path
0x69DB70 - weapon.dat folder path
0x69DB7C - weapon.dat filename


Of course, these memory addresses were easily obtained so if you need the filename and/or path for another file, just search text for the filename and you should be able to find it in IDA Pro.

spaceeinstein
  • spaceeinstein

    Chocolate

  • GTA Mods Staff
  • Joined: 17 Jul 2003
  • Hong-Kong
  • Major Contribution Award [Mods]
    Helpfulness Awards [Mods]

#983

Posted 03 January 2011 - 04:43 AM

CODE
address - description - original value
all 4b float
0x54A391 - x offset of mouthpiece of cigarette - 0.02
0x54A389 - y offset of mouthpiece of cigarette - 0.05
0x54A37D - z offset of mouthpiece of cigarette - 0.026
0x54A36E - x offset of end of cigarette - 0.02
0x54A366  - y offset of end of cigarette - 0.15
0x54A35A - z offset of end of cigarette - 0.026

A small but cool thing, unicorn Tommy!
user posted image
  • lopezloo likes this

towncivilian
  • towncivilian

    Player Hater

  • Members
  • Joined: 04 Aug 2007

#984

Posted 04 January 2011 - 04:07 AM

CODE
Both VC versions:
0x697C48 - float - horizontal position of text pop up box
0x697C50 - float - vertical position of text pop up box
0x440B2C - nop *5 to disable weapon pickup message

GTA3 1.1:
0x5FDA44 - float - horizontal position of text pop up box
0x5FDAB0 - float - vertical position of text pop up box



user posted image user posted image

MW_29
  • MW_29

    i came to play

  • Members
  • Joined: 19 Jan 2008
  • None

#985

Posted 06 January 2011 - 12:53 AM

QUOTE (spaceeinstein @ Jan 3 2011, 04:43)
CODE
address - description - original value
all 4b float
0x54A391 - x offset of mouthpiece of cigarette - 0.02
0x54A389 - y offset of mouthpiece of cigarette - 0.05
0x54A37D - z offset of mouthpiece of cigarette - 0.026
0x54A36E - x offset of end of cigarette - 0.02
0x54A366  - y offset of end of cigarette - 0.15
0x54A35A - z offset of end of cigarette - 0.026

A small but cool thing, unicorn Tommy!
user posted image

Could it be possible to be made, if there was a such memaddress which sets the color of the cigarette, so we could use this as on example ...laser pointer beam or in any other creative/practical way??

xNCx
  • xNCx

    VCMP beta tester

  • Members
  • Joined: 15 May 2008
  • None

#986

Posted 06 January 2011 - 02:09 PM

But note MW_29 that there is still the cigarette smoke, don't think there are lasers with smoke biggrin.gif .

Nice find guys, but why don't put them on gtamodding site? I have last night read all 50 sites of this topic and found some interesting memory addresses, nowhere else listed. But searching it is really difficult, also, more then half of posts contains codes for trainers.

And can someone explain me, what I need to do, to NOP a memory address? I am writing 0x90 for a value, but mostly the game crash then.

kikiboy95
  • kikiboy95

    Ol' sql, brah.

  • Members
  • Joined: 23 Mar 2010
  • None

#987

Posted 19 April 2011 - 04:55 AM

QUOTE (spaceeinstein @ Aug 6 2010, 15:58)
Do you hate how the cars that spawn in traffic do not obey the game's law of gravity? Here's a way to fix it.
CODE
0x428EC0 - 1 byte - set to 0
0x428EA7 - 8 bytes - nop them

Traffic will feel similar to GTA IV's. Cars no longer float above ground, cars' wheels will turn when turning, running across the street can result in getting hit, and the car jerks forward when stopping quickly. The only negative side effect is that the "miamitraffic" cheat no longer works.

How to implement this in CLEO form? Thanks in advance, I love your work&findings as always icon14.gif

spaceeinstein
  • spaceeinstein

    Chocolate

  • GTA Mods Staff
  • Joined: 17 Jul 2003
  • Hong-Kong
  • Major Contribution Award [Mods]
    Helpfulness Awards [Mods]

#988

Posted 25 April 2011 - 12:26 AM

To nop something is to replace the value with 0x90. So
write mem 0x428EA7 size 4 value 0x90909090
write mem 0x428EAB size 4 value 0x90909090
will do

maxorator
  • maxorator

    VC:MP lead developer

  • Members
  • Joined: 24 Feb 2006
  • None
  • Contribution Award [Mods]

#989

Posted 27 April 2011 - 09:58 PM

Here is a video of something funny I did with katanas:

So I thought I might as well post the source code. Since it requires a huge amount of stubs, class definitions, custom functions etc to compile, you may not be able to actually compile it, the idea is to demonstrate how something like this can be achieved.

CODE
#define KATSTATUS_INHAND 0
#define KATSTATUS_INAIR 1
#define KATSTATUS_INTARGET 2

struct KatanaInfo {
   RpAtomic* pKat;
   float fAcc;
   float fSpeed;
   CQuaternion qtStatus;
   CPedVC* pTarget;
   RwMatrix matFinal;
   DWORD dwStatus;
};

KatanaInfo pKatInfos[100];

void KatanaAttack_AcquireSlot(int nSlot) {
   if(!pKatInfos[nSlot].pKat) {
       //if this slot has not been initialized, create the atomic
       UtilMakeSureModelIsLoaded(CWeaponModelInfo_KATANA, 0);
       pKatInfos[nSlot].pKat = CBaseModelInfoMethod_CreateInstance(lpModelList.x[CWeaponModelInfo_KATANA]);
       CBaseModelInfo_AddRef(lpModelList.x[CWeaponModelInfo_KATANA]);
   }
   else {
       if(pKatInfos[nSlot].pTarget) {
           //if target is already specified, remove the reference
           CEntity_RemoveReference(ENT(pKatInfos[nSlot].pTarget), (CEntity**)&pKatInfos[nSlot].pTarget);
       }
   }

   //initialize new slot
   pKatInfos[nSlot].pTarget = NULL;
   pKatInfos[nSlot].dwStatus = KATSTATUS_INHAND;
   pKatInfos[nSlot].fAcc = 0.3f;
   pKatInfos[nSlot].fSpeed = 0.3f;
}

void KatanaAttack_Process(CPedVC* pPed) {
   static int nUsed = -1;
   static DWORD dwLastThrow = 0;
   int nNew = -1;

   CVector vecPos, vecDistance;
   RwMatrix matInvert;
   matInvert.dwFlags=0;

   CMatrix stMatrix;
   RwMatrix *pRwMatrix;
   RwMatrix matReal;

   if(nUsed == -1) {
       //initialize first katana
       KatanaAttack_AcquireSlot(++nUsed);
   }

   //iterate through all katana slots
   for(int m=0; m<100; m++) {
       //unused slot, ignore
       if(!pKatInfos[m].pKat) continue;

       //freshly created slot, ignore
       if(m == nNew) continue;

       if(pKatInfos[m].dwStatus == KATSTATUS_INHAND) {
           //katana is still in player's hand

           //only process for the player
           if(pPed != stPlInf.pPlayerPed) continue;

           //check if the player is pressing SHIFT+4 and that there is no target assigned to this slot already
           if(!(GetKeyState('4') & 0x80) || !(GetKeyState(VK_SHIFT) & 0x80) || pKatInfos[m].pTarget != NULL) continue;
           
           //make sure the player is wielding a katana
           if(pPed->dwWepModelID != CWeaponModelInfo_KATANA) continue;

           //do not allow throwing katanas more often than once per 100ms
           if(dwLastThrow + 100 >= dwGameCount) continue;

           //get katana's atomic's matrix
           pRwMatrix = &RpAtomicGetFrame(pKatInfos[m].pKat)->matFrameRelative;

           //find a suitable target from near peds list
           for(int i=0; i<10; i++) {
               if(pPed->pNearPeds[i] && pPed->pNearPeds[i]->fCurHealth > 0.0f && pPed->pNearPeds[i]->byteIsInVehicle == 0) {
                   pKatInfos[m].pTarget = pPed->pNearPeds[i];
                   break;
               }
           }

           //target was not found, aborting
           if(pKatInfos[m].pTarget == NULL) continue;

           //register a reference, so that it is NULLED when player is destroyed
           CEntity_RegisterReference(ENT(pKatInfos[m].pTarget), (CEntity**)&pKatInfos[m].pTarget);

           //initialize matrix
           stMatrix.pAttached = NULL;
           stMatrix.dwDeleteOnDetach = false;

           CMatrix_Attach(&stMatrix, pRwMatrix, false);
           CMatrix_SetScale(&stMatrix, 1.0f);
           CMatrix_SetRotate(&stMatrix, 0.0f, 0.0f, 0.0f);
           CMatrix_UpdateRW(&stMatrix);
           CMatrix_DCMatrix(&stMatrix);

           RwMatrix* pRwBase;
           DWORD dwIndex;

           //find the matrix for player's right hand
           RpHAnimHierarchy* pAnimHierarchy = RpClumpGetSkinHAnimHierarchy(ENT(pPed)->pModel);
           RwMatrix* pRwMatrixArray = RpHAnimHierarchyGetMatrixArray(pAnimHierarchy);
           dwIndex = RpHAnimIDGetIndex(pAnimHierarchy, pPed->pFrames[AFRAMEID_RHAND]->dwFrameNodeId);
           pRwBase = &pRwMatrixArray[dwIndex];

           //initialize katana's matrix
           RwMatrixTransform(pRwMatrix, pRwBase, rwCOMBINEPOSTCONCAT);

           //get katana's current rotation as a quaternion (for easier interpolation)
           QtMatrixToQuaternion(&pKatInfos[m].qtStatus, pRwMatrix);

           pKatInfos[m].dwStatus = KATSTATUS_INAIR;

           //initialize new slot for the katana in hand, recycle slots
           nUsed = (nUsed+1) % 100;
           KatanaAttack_AcquireSlot(nUsed);

           nNew = nUsed;
           dwLastThrow = dwGameCount;
       }
       else if(pKatInfos[m].dwStatus == KATSTATUS_INAIR) {
           //katana is in air

           //only process for player's render function, also check if the target is still active (might have been destroyed)
           if(pPed != stPlInf.pPlayerPed || pKatInfos[m].pTarget == NULL || ENT(pKatInfos[m].pTarget)->pModel == NULL) continue;

           //get katana's atomic's matrix
           pRwMatrix = &RpAtomicGetFrame(pKatInfos[m].pKat)->matFrameRelative;

           RwMatrix* pRwBase;
           DWORD dwIndex;

           //get the matrix for the spine of the target ped
           RpHAnimHierarchy* pAnimHierarchy = RpClumpGetSkinHAnimHierarchy(ENT(pKatInfos[m].pTarget)->pModel);
           RwMatrix* pRwMatrixArray = RpHAnimHierarchyGetMatrixArray(pAnimHierarchy);
           dwIndex = RpHAnimIDGetIndex(pAnimHierarchy, pPed->pFrames[AFRAMEID_SPINE1]->dwFrameNodeId);
           pRwBase = &pRwMatrixArray[dwIndex];

           //initialize matrix
           stMatrix.pAttached = NULL;
           stMatrix.dwDeleteOnDetach = false;

           //save katana's position (matrix functions tend to reset position)
           VecCopy(&vecPos, &pRwMatrix->vPos);

           //calculate heading matrix from current position to target
           CMatrix_Attach(&stMatrix, &matReal, false);
           CMatrix_SetScale(&stMatrix, 1.0f);
           CMatrix_SetRotate(&stMatrix, 0.0f, 0.0f, 0.0f);
           CVector *v1 = &vecPos, *v2 = &pRwBase->vPos;

           float XY = atan2(v2->Y-v1->Y,v2->X-v1->X);
           float XYZ = atan2(sqrt((v2->X-v1->X)*(v2->X-v1->X) + (v2->Y-v1->Y)*(v2->Y-v1->Y)), v2->Z-v1->Z);

           CMatrix_Rotate(&stMatrix, 0.0f, XYZ, XY);
           CMatrix_UpdateRW(&stMatrix);
           CMatrix_DCMatrix(&stMatrix);

           CQuaternion qtExa, qtRes;

           //interpolate between current rotation and desired rotation
           QtMatrixToQuaternion(&qtExa, &matReal);
           QtSlerp(&qtRes, &pKatInfos[m].qtStatus, &qtExa, pKatInfos[m].fAcc);

           //increase the interpolation degree for next frames
           pKatInfos[m].fAcc = min(pKatInfos[m].fAcc+0.03f, 1.0f);

           //store the new rotation
           QtQuaternionToMatrix(&qtRes, pRwMatrix);

           //calculate distance from katana to target
           VecCopy(&vecDistance, &vecPos);
           VecSubVec(&vecDistance, &pRwBase->vPos);

           float fLen = CVector_GetLength(&vecDistance);

           //only really necessary if there is some extra rotation applied here...
           memcpy(&matReal, pRwMatrix, sizeof(RwMatrix));

           CMatrix_Attach(&stMatrix, &matReal, false);
           CMatrix_Rotate(&stMatrix, 0.0f, 0.0f, 0.0f);
           CMatrix_UpdateRW(&stMatrix);
           CMatrix_DCMatrix(&stMatrix);

           if(fLen > pKatInfos[m].fSpeed) {
               //katana is on its way

               //move according to the rotation
               vecPos.X += matReal.vLookUp.X * pKatInfos[m].fSpeed;
               vecPos.Y += matReal.vLookUp.Y * pKatInfos[m].fSpeed;
               vecPos.Z += matReal.vLookUp.Z * pKatInfos[m].fSpeed;

               VecCopy(&pRwMatrix->vPos, &vecPos);

               //gradually increase movement speed
               pKatInfos[m].fSpeed += 0.001f;
           }
           else {
               //katana arrived at target

               //move according to the rotation
               vecPos.X += matReal.vLookUp.X * fLen;
               vecPos.Y += matReal.vLookUp.Y * fLen;
               vecPos.Z += matReal.vLookUp.Z * fLen;
               VecCopy(&pRwMatrix->vPos, &vecPos);

               //get the inverted matrix of target's spine
               RwMatrixInvert(&matInvert, pRwBase);

               //store katana's current rotation
               memcpy(&pKatInfos[m].matFinal, pRwMatrix, sizeof(RwMatrix));

               //transform rotation to local space of target
               RwMatrixTransform(&pKatInfos[m].matFinal, &matInvert, rwCOMBINEPOSTCONCAT);
               VecSetFloat(&pKatInfos[m].matFinal.vPos, 0.0f);

               //kill target and do some blood effects
               CPed_SpawnFlyingComponent(pKatInfos[m].pTarget, 1, 0);
               pKatInfos[m].pTarget->fCurHealth = 0.0f;

               //choose a death animation for the target
               DWORD dwAnimID = 16;

               if(rand() & 0x1000){
                   dwAnimID = 18;
               }

               //start death animation
               CPed_SetDie(pKatInfos[m].pTarget, dwAnimID, 4.0f, 0.0f);

               pKatInfos[m].dwStatus = KATSTATUS_INTARGET;
           }

           //make the RW engine aware of the rotation/position changes
           RwMatrixUpdate(pRwMatrix);
           RwFrameUpdateObjects(RpAtomicGetFrame(pKatInfos[m].pKat));

           //render katana's atomic
           pKatInfos[m].pKat->pRenderCallback(pKatInfos[m].pKat);
       }
       else if(pKatInfos[m].dwStatus == KATSTATUS_INTARGET) {
           //katana is in the target

           //only process this when rendering the target
           if(pPed != pKatInfos[m].pTarget) continue;

           DWORD dwIndex;
           RwMatrix* pRwBase;

           //get the matrix for the spine of the target ped
           RpHAnimHierarchy* pAnimHierarchy = RpClumpGetSkinHAnimHierarchy(ENT(pKatInfos[m].pTarget)->pModel);
           RwMatrix* pRwMatrixArray = RpHAnimHierarchyGetMatrixArray(pAnimHierarchy);
           dwIndex = RpHAnimIDGetIndex(pAnimHierarchy, pPed->pFrames[AFRAMEID_SPINE1]->dwFrameNodeId);
           pRwBase = &pRwMatrixArray[dwIndex];

           //get katana's atomic's matrix
           pRwMatrix = &RpAtomicGetFrame(pKatInfos[m].pKat)->matFrameRelative;

           memcpy(pRwMatrix, &pKatInfos[m].matFinal, sizeof(RwMatrix));

           //calculate world coords and rotation of the katana atomic
           RwMatrixTransform(pRwMatrix, pRwBase, rwCOMBINEPOSTCONCAT);

           //make the RW engine aware of the rotation/position changes
           RwMatrixUpdate(pRwMatrix);
           RwFrameUpdateObjects(RpAtomicGetFrame(pKatInfos[m].pKat));

           //render katana's atomic
           pKatInfos[m].pKat->pRenderCallback(pKatInfos[m].pKat);
       }
   }
}

CPedVC* _pHookPed;

void _declspec(naked) Hook_CPed_Render() {
   _asm mov _pHookPed,ecx
   _asm pushad
   
   KatanaAttack_Process(_pHookPed);
   
   _asm popad
   _asm push ebx
   _asm push esi
   _asm mov ebx,ecx
   _asm push ebp
   _asm sub esp,0D8h
   _asm mov eax,4FE0FBh
   _asm jmp eax
}

void InstallHook(DWORD dwInstallAddress, DWORD dwHookFunction, DWORD dwHookStorage) {
   *(PDWORD)dwHookStorage = (DWORD)dwHookFunction;
   *((PWORD)dwInstallAddress) = 0x25FF;
   *((PDWORD)(dwInstallAddress+2)) = dwHookStorage;
}

InstallHook(0x4FE0F0, (DWORD)Hook_CPed_Render, 0x4FE4B4);


The same thing at Pastebin: http://pastebin.com/NCQ4iFZY

Ideas, suggestions, requests related to this and my other mods are highly appreciated.
  • lopezloo likes this

lolleroz
  • lolleroz

    They might kill me, but they won't scare me.

  • Members
  • Joined: 29 Jul 2010
  • None

#990

Posted 27 April 2011 - 10:09 PM

What the....that's just f*cking amazing, nice one. By the way, [IT]Marcell here.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users