Quantcast

Jump to content

» «
Photo

Documenting GTA3/VC memory adresses

1,141 replies to this topic
Y_Less
  • Y_Less

    629

  • Members
  • Joined: 14 Mar 2004

#781

Posted 30 December 2005 - 10:53 PM Edited by Y_Less, 30 December 2005 - 11:05 PM.

Max heli height is:

0x69C780

in GTA version 1.0 and 1.1 or:

0x69C788

in the australian EXE.

New offsets (GXT info):
CODE
0x94B220 - pointer to start of MAIN entries list
0x94B228 - pointer to start of MAIN entries
0x94B230 - pointer to start of loaded table entries list
0x94B238 - pointer to start of loaded table entries
0x94B24C - tables list from GXT file
0x94B243 - last loaded table (read only)


There is only the MAIN table and one other loaded in memory at any one time (loaded with OpCode 054C: use_GXT_table). The entries lists are in the following format:
4 byte address of actual text
8 byte name
(Note: address of the first MAIN entry = address stored at 0x94B228 and same for loaded entries).

The tables list is just the list of names and offsets from (language).gxt for loading purposes (Note: only tested on american.gxt).

If these have been found before, sorry, I couldn't find them.

Supdario
  • Supdario

    Prankster

  • Members
  • Joined: 05 Jul 2005

#782

Posted 01 January 2006 - 02:48 PM

Thanks biggrin.gif

And which is the default value? wink.gif

Y_Less
  • Y_Less

    629

  • Members
  • Joined: 14 Mar 2004

#783

Posted 02 January 2006 - 05:56 PM

80 (IIRC).

Craig Kostelecky
  • Craig Kostelecky

    GTA:LC Team Leader

  • The Connection
  • Joined: 28 Jan 2004

#784

Posted 02 January 2006 - 07:23 PM

80 is correct for the default helicopter ceiling.

Supdario
  • Supdario

    Prankster

  • Members
  • Joined: 05 Jul 2005

#785

Posted 03 January 2006 - 01:51 PM

Ok thanks smile.gif

Y_Less
  • Y_Less

    629

  • Members
  • Joined: 14 Mar 2004

#786

Posted 04 January 2006 - 09:26 PM Edited by Y_Less, 04 January 2006 - 09:45 PM.

I know some of these are known but I couldn't find a good list so I compiled one myself, if i missed a cheat tell me. These are the addresses for the vehicle ids spawned by the different cheats:

CheatID addess
panzer 0x4AC14B
travelinstyle 0x4AC946
thelastride 0x4AC976
rockandrollcar 0x4AC9A6
rubbishcar 0x4AC9D6
gettherefast 0x4ACA06
betterthanwalking 0x4ACA36
gettherequickly 0x4ACDD6
getthereveryfastindeed 0x4ACE06
getthereamazinglyfast 0x4ACE36
The function to handle the spawning of these seems to be at 0x4AE8F0 to spawn a vehicle just push the ID to the stack then sub to there (then pop ecx, though I don't know if this is necessary for a hook).

Quadropheniac90
  • Quadropheniac90

    Confused Clown

  • Andolini Mafia Family
  • Joined: 15 Feb 2005

#787

Posted 07 January 2006 - 09:51 PM

OK, I'm a total noob at this but I just wanted to ask someone to tell me if the following is possible and if yes, if someone wants to help me with it. smile.gif

Is it possible to load an IFP file with the SCM memoryhacking method, and then make a certain actor (Tommy or certain peds...) do animations that are in the file (and maybe when the animation is finished start another one) and when it's finished make the actor behave normal again? This would be a great help for the mod I'm part of. (State of Liberty, Editing Discussion->Maps, if you're interested). I know the ones I want to load, but I need something to do it, because the 'anim wait_state' possibilities are limited.

Sorry if I bothered you with this. smile.gif

random_download
  • random_download

    :o

  • Members
  • Joined: 07 Mar 2004

#788

Posted 08 January 2006 - 10:34 AM

If you look at the code around :Label02086E in the original scm for Vice City, you can see:
CODE
0372: set_actor $412 anim  32 wait_state_time  999999 ms

and
CODE
0372: set_actor $401 anim  29 wait_state_time  999999 ms

In the opcode database it says that these (32 and 29) crash the game. It seems that when you use
CODE
04ED: load_animation "RIOT"

It loads the specified animation to be used with wait_state number 29, 32 and probably 34 depending on how many animations are currently loaded.

Quadropheniac90
  • Quadropheniac90

    Confused Clown

  • Andolini Mafia Family
  • Joined: 15 Feb 2005

#789

Posted 08 January 2006 - 01:47 PM

Thanks, I will try that, but then a second problem occurs: Some animation names are too long for the load_animation opcode, it says that the string is too long. sad.gif Is there a way to bypass the check or something? I'll see if it loads the animations that are short enough.

Y_Less
  • Y_Less

    629

  • Members
  • Joined: 14 Mar 2004

#790

Posted 12 January 2006 - 01:08 AM

Wheres the pointer for 03FD in Vice City? I searched for quite a while through the EXE, but I'm still fairly new to this so I couldn't find it.

dustcrazy
  • dustcrazy

    Just simply, the crazy one.

  • BUSTED!
  • Joined: 11 Apr 2004

#791

Posted 14 January 2006 - 05:40 PM

I'm not 100% percent sure, but i think the opcodes are backwards so it would be FD03
Hope that helped some how biggrin.gif biggrin.gif

random_download
  • random_download

    :o

  • Members
  • Joined: 07 Mar 2004

#792

Posted 14 January 2006 - 10:41 PM Edited by random_download, 14 January 2006 - 11:22 PM.

@Y_Less: not entierly sure, but I think you want 00608812. If that is right then the thing that you are looking for is at 004AD344 I believe


EDIT: Hmmm... wtf happened to opcode 0052? It seems to exist with 6 params but it isn't in the database even as an unknown :s

Y_Less
  • Y_Less

    629

  • Members
  • Joined: 14 Mar 2004

#793

Posted 15 January 2006 - 07:17 AM

QUOTE (random_download @ Jan 14 2006, 22:41)
@Y_Less: not entierly sure, but I think you want 00608812. If that is right then the thing that you are looking for is at 004AD344 I believe


EDIT: Hmmm... wtf happened to opcode 0052? It seems to exist with 6 params but it isn't in the database even as an unknown :s

Cheers.

Lean actually PMed me a few days ago with that address. I actually wanted the pointer, but I was able to find it from that anyway, cheers anyway. (For the sake of it, the pointer is at 0x6D750C+0x4C).

Quadropheniac90
  • Quadropheniac90

    Confused Clown

  • Andolini Mafia Family
  • Joined: 15 Feb 2005

#794

Posted 07 February 2006 - 06:11 PM

Hello. I just started messing around with this and changed basic things like health, money, armor. But now I used the adresses given somewhere in this topic for the loading bar, I changed the speed, and all is perfect, the loading bar doesn't go out of the screen like before, but now I need the loading bar to stay like this. Is that possible without a trainer, maybe with a .DLL? I don't know anything about making one, but I'd appreciate a tutorial or some help. The adress or pointer or whatever it is, is 0068E6FC in Artmoney and the new value is 0.537. If someone could make a .DLL or help me create one, I'd be very grateful. I messed around with it all day to find out I can use floats with more than 2 decimals. sad.gif

random_download
  • random_download

    :o

  • Members
  • Joined: 07 Mar 2004

#795

Posted 07 February 2006 - 06:18 PM

If you make a dll file containing:
CODE
value:= 0.537;
Move(value,ptr($68E6FC),4);

Then rename to an .asi file and drop into the vice city root dir, it should work.

Quadropheniac90
  • Quadropheniac90

    Confused Clown

  • Andolini Mafia Family
  • Joined: 15 Feb 2005

#796

Posted 07 February 2006 - 06:22 PM Edited by teun.steenbekkers, 07 February 2006 - 06:29 PM.

Cool, I'll try it, thanks!

EDIT: It doesn't work. sad.gif Here's a screen of what it says in ArtMoney:

user posted image

Maybe I said it wrong... blush.gif

random_download
  • random_download

    :o

  • Members
  • Joined: 07 Mar 2004

#797

Posted 09 February 2006 - 04:49 PM

Well before you said
QUOTE
The adress or pointer or whatever it is, is 0068E6FC in Artmoney and the new value is 0.537

Where as in that screen shot the address is 0068E708, so just chagne the address in your code so it is:
CODE
value:= 0.537;
Move(value,ptr($68E708),4);

Quadropheniac90
  • Quadropheniac90

    Confused Clown

  • Andolini Mafia Family
  • Joined: 15 Feb 2005

#798

Posted 09 February 2006 - 09:15 PM

Oops, the previous adress was good, but I mean, when I rename it to .ASI, it says the file isn't a valid Windows-copy, and when I rename it to .DLL nothing happens. confused.gif

random_download
  • random_download

    :o

  • Members
  • Joined: 07 Mar 2004

#799

Posted 09 February 2006 - 09:32 PM

you need to use a programming language liek C++ or Delphi to compile the code:
CODE
value:= 0.537;
Move(value,ptr($68E6FC),4);

Into a dll file. Then rename that dll to an .asi

Quadropheniac90
  • Quadropheniac90

    Confused Clown

  • Andolini Mafia Family
  • Joined: 15 Feb 2005

#800

Posted 10 February 2006 - 02:03 PM

Oh lol, I get it, I'll do some research, thanks! smile.gif

Quadropheniac90
  • Quadropheniac90

    Confused Clown

  • Andolini Mafia Family
  • Joined: 15 Feb 2005

#801

Posted 10 February 2006 - 03:28 PM

Which program do I use, someone told me it's DirectX code, but he didn't know how to compile it. I searched and came across Delphi and C++ Builder by Borland or something, but they're not free. sad.gif Sorry for my noobishness on this subject... blush.gif

Y_Less
  • Y_Less

    629

  • Members
  • Joined: 14 Mar 2004

#802

Posted 10 February 2006 - 04:40 PM

It depends on what you are trying to do. If you are going to make a visual addition (like the speedo) you will need a programming language with a DX SDK. If you are modifying in-game values you just need one that will compile real DLLs (i.e. not VB or ArtMoney, C(#,++)/ Delphi). If you don't even know what programs you need to program I don't think you're going to have much sucess programming. Go find a few tutorials on basic things before you try mem-hacking a game.

random_download
  • random_download

    :o

  • Members
  • Joined: 07 Mar 2004

#803

Posted 10 February 2006 - 04:50 PM

OK, I made a tool to do what you want: click on "Mem Hack.rar" (4th from top). To use it just add all your addresses and values to the "addresses.ini" file like this:
CODE
$68E6FC=f=0.537
address ($ means hex) = f for float or i for integer value to write = value to write

Then drop that and the .asi file into your VC directory. Note: this is tool completely untested.
If you want to make .asi files yourself you will either need to get a trial of Delphi/C++ etc. or obtain them by alternative methods.

Quadropheniac90
  • Quadropheniac90

    Confused Clown

  • Andolini Mafia Family
  • Joined: 15 Feb 2005

#804

Posted 10 February 2006 - 05:43 PM Edited by teun.steenbekkers, 10 February 2006 - 05:52 PM.

That was what I was trying, but thanks random_download, and Y_Less, I will look into programming more when I have some more time. smile.gif

EDIT: Hmmm, VC closes down before reaching the menu, but I think I'll learn about programming when I have the time and try to fix it myself, but thanks for all the help! biggrin.gif

dustcrazy
  • dustcrazy

    Just simply, the crazy one.

  • BUSTED!
  • Joined: 11 Apr 2004

#805

Posted 19 March 2006 - 11:13 PM

Has anyone ever looked for the memory offset that tells the game where to spawn a car when a car spawn cheat code is used?

ch1p1
  • ch1p1

    Player Hater

  • Members
  • Joined: 06 May 2006

#806

Posted 12 May 2006 - 11:12 PM

im looking at these memory adress what is a basic command i can add in the backround of my dialog so ingame when i press f3 it will activate i wanna try some sh*t out!

J-Fox.GEMM
  • J-Fox.GEMM

    Ello...

  • Members
  • Joined: 31 Aug 2004

#807

Posted 13 May 2006 - 09:03 AM

in VB you could use sum easy code:

CODE
if GetAsyncKeyState(VK_F4)<>0 then
'Do the writepm stuff here - You could use weather and time easily. Traffic is also easy to change. But its your choice.
endif


I think there are enough examples in this thread. For the declarations of GetAsyncKeyState, WriteProcessMemory, CloseHandle, OpenProcess, ... you can have a look at you WinAPI


AK-73
  • AK-73

    Hustler

  • Members
  • Joined: 31 Oct 2005

#808

Posted 20 June 2006 - 11:44 AM

Some goodies for you:

(Vice 1.0)

0x69C668 - Driver Flees On Foot likelihood (0.0-1.0), float, default: 0.5
Explanation: when cars get shot at, peds either flee in car
or on foot. The constant at this address seems to determine the
likelihood of each, the lower the less likely to flee on foot.


Different police car weapon:
(addresses that need to be changed to change the weapon *and* load the model)
These cause a change of weapon data in the player block:
5B8964 - weaponID (same as in scripts) byte, default 0x13
5B8979 - weaponID (same as in scripts) byte, default 0x13
5B898A - weaponID (same as in scripts) byte, default 0x13
These request the right model to get loaded:
5B899F - modelID (ID from default.ide), word, default (0x151)
5B8A83 - modelID (ID from default.ide), word, default (0x151)
This modifies a check that tests if the correct model has been loaded:
(which normally happens on entry of the vehicle so that model is
ready by the time you leave it, which explains why you may not get
a weapon if you enter and leave right away)
5B894D - pointer to the model status flag (01 = available) for each
default.ide model, dword, default (0x94F37C) for chromegun.
calculate new address for different model by 0x94DDD8 + 0x14*modelID

Additionally:
5B8977 - ammunition given by vehicle, signed byte, default (0x5)
5B8988 - ammunition given by vehicle, signed byte, default (0x5)

Please note: changing the weapon works, I have tested it. But on last try I received an exception (at 0x5825A4) after a while so the game may crash for you. It might be that one or the other address doesn't need to be changed (maybe one of the ammunition ones or the first modelID address, I haven't checked those thoroughly yet). Either wait until I have further information or mess with it on your own. smile.gif

Alex

DexX
  • DexX

    Black Hat

  • Feroci Racing
  • Joined: 16 May 2002

#809

Posted 20 June 2006 - 02:06 PM

@ Ak-73
looks like you found the same thing i did awhile ago;
QUOTE (myself earlier in the topic)

Police Car
Shoot this car ID, to get a star - 0x5b9675 (i know this was posted before, but it goes with the next line)
Number of stars you get - 0x5b9685
Get shotgun when enter Policecar - ID numbers
Weapon.dat ID1 - 0x5b8964
Weapon.dat ID2 - 0x5b8979
Weapon.dat ID3 - 0x5b898a
Default.ide model reference (ALL must be changed to work properly!!) - 5b899f
Ammo for shotgun (5 is default) - 0x5b8977, 0x5b8988


but it looks like you found more data concerning it than i did. good man. nice job on the driver fleeing too, annoyed the piss outta me when they ran half the time cookie.gif

AK-73
  • AK-73

    Hustler

  • Members
  • Joined: 31 Oct 2005

#810

Posted 21 June 2006 - 08:25 AM

QUOTE (DexX @ Jun 20 2006, 14:06)
@ Ak-73
looks like you found the same thing i did awhile ago;
QUOTE (myself earlier in the topic)

Police Car
Shoot this car ID, to get a star - 0x5b9675 (i know this was posted before, but it goes with the next line)
Number of stars you get - 0x5b9685
Get shotgun when enter Policecar - ID numbers
Weapon.dat ID1 - 0x5b8964
Weapon.dat ID2 - 0x5b8979
Weapon.dat ID3 - 0x5b898a
Default.ide model reference (ALL must be changed to work properly!!) - 5b899f
Ammo for shotgun (5 is default) - 0x5b8977, 0x5b8988


but it looks like you found more data concerning it than i did. good man. nice job on the driver fleeing too, annoyed the piss outta me when they ran half the time cookie.gif


Yeah, but what's going to be more difficult is to make the fleeing cars actually drive past other vehicles instead of running into them though. smile.gif Changing the ones you mentioned below didn't work if the *chromegun* hadn't been loaded before (as mentioned, the routine checks if the chromegun model is available before proceeding with handing the player the weapon).

I forgot another potentially good one, the address of the request model proc: 0x40E310. It expects two parameters on the stack. First push a flag onto the stack (0x01 is used for requesting models, I think), then modelID from default.ide. Just as in the case of the cop car weapon, I recommend changing the mechanics of the exe though and letting it do the necessary calls and checks. If you'd call the proc yourself, you'd have to check in a seperate thread is the model is available (see above post) before continuing, no? Possible but not so nice.

Alex




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users