Quantcast

Jump to content

» «
Photo

Documenting GTA-SA memory adresses

1,331 replies to this topic
Huffy
  • Huffy

    Player Hater

  • Members
  • Joined: 03 Apr 2006

#451

Posted 18 May 2006 - 09:28 AM

What does it mean when there is an address like CPed + (address)? Does CPed stand for player pointer or something?

random_download
  • random_download

    :o

  • Members
  • Joined: 07 Mar 2004

#452

Posted 18 May 2006 - 10:01 AM

CPed means the start of a ped block, so if you wanted to change something related to the palyer, then yes it would be the same as palyer ptr. However it should also work for other peds.

Huffy
  • Huffy

    Player Hater

  • Members
  • Joined: 03 Apr 2006

#453

Posted 18 May 2006 - 10:27 AM

So if there was an address like CPed + 0B3456 would i have to add 0B3456 to the player pointer?

Y_Less
  • Y_Less

    629

  • Members
  • Joined: 14 Mar 2004

#454

Posted 18 May 2006 - 11:19 AM

QUOTE (Huffy @ May 18 2006, 10:27)
So if there was an address like CPed + 0B3456 would i have to add 0B3456 to the player pointer?

If the CPed was the player.

J-Fox.GEMM
  • J-Fox.GEMM

    Ello...

  • Members
  • Joined: 31 Aug 2004

#455

Posted 18 May 2006 - 12:04 PM

Was wondering if there is sum code so u can prevent the game from redrawing/present-ing in a given area... (2D Screen location)

Huffy
  • Huffy

    Player Hater

  • Members
  • Joined: 03 Apr 2006

#456

Posted 18 May 2006 - 02:19 PM

QUOTE (Y_Less @ May 18 2006, 11:19)
QUOTE (Huffy @ May 18 2006, 10:27)
So if there was an address like CPed + 0B3456 would i have to add 0B3456 to the player pointer?

If the CPed was the player.

Sorry for my noobish-ness, but what do you mean by this? How do I know if CPed is the player or not? tounge.gif

MrJax
  • MrJax

    Player Hater

  • Members
  • Joined: 31 May 2005

#457

Posted 18 May 2006 - 03:20 PM

If you want to retrieve or change values from memory for the player, you would use the value of the player pointer + the offset of whatever you're trying to get/set, if you wanted to use different actors, say the 2nd (the player would be the 1st), you add the size of the actor block aswell, which is 1988 in decimal.

eg:
Players health: val_from_plr_pointer + ( actor_index * 1988 ) + 0x540
c++: float fHealth = * ( float* ) ( ( * ( unsigned long* ) 0xB6F5F0 ) + ( actor_index * 1988 ) + 0x540 )

0xB6F5F0: player pointer
actor_index: number between 1 and 140
0x540: health offset

dustcrazy
  • dustcrazy

    Just simply, the crazy one.

  • BUSTED!
  • Joined: 11 Apr 2004

#458

Posted 18 May 2006 - 09:59 PM Edited by dustcrazy, 18 May 2006 - 10:07 PM.

Can you please explain to me how to use your modeluls for drawing text or some quick examples?

Also, Stretchnutter is there any way to inject ASM from VB6?

J-Fox.GEMM
  • J-Fox.GEMM

    Ello...

  • Members
  • Joined: 31 Aug 2004

#459

Posted 19 May 2006 - 01:24 PM

For injecting asm codes i use a jmp code to my offset i calculated by using memalloc... Then it should work fine. Got SCM hook working using that smile.gif (My best VB code so far)

just call the orig functions Stretch gave us to c how it works. Its really simple.

Jett3
  • Jett3

    Player Hater

  • Members
  • Joined: 18 May 2006

#460

Posted 20 May 2006 - 02:31 PM

I've searched this topic high and low so many times, but I still can't seem to find the address(es) for making the car that you are currently in invincible.

Can someone be kind enough to post the pointer along with the offset and value? Normaly I wouldn't ask for so much at once, but there are a lot of different CVehicle pointers and such and they're not all the same....

So, yeah, I'd appreciate it if someone could post that info, thanks in advance =]

Sobeit
  • Sobeit

    mta ninja

  • BUSTED!
  • Joined: 11 May 2004

#461

Posted 20 May 2006 - 07:02 PM Edited by Sobeit, 21 May 2006 - 01:27 AM.

QUOTE (Jett3 @ May 20 2006, 14:31)
I've searched this topic high and low so many times, but I still can't seem to find the address(es) for making the car that you are currently in invincible.

Can someone be kind enough to post the pointer along with the offset and value? Normaly I wouldn't ask for so much at once, but there are a lot of different CVehicle pointers and such and they're not all the same....

So, yeah, I'd appreciate it if someone could post that info, thanks in advance =]

gtamodding.com

its simple....very simple.

BP on address: 0x6441A0C (auto-aim, dynamic)

CODE
Data BreakPoint at : 0x609CAE  C70600000000  mov dword ptr [esi],0x0
Data BreakPoint at : 0x60E4D1  8908  mov [eax],ecx
Data BreakPoint at : 0x60EA53  890F  mov [edi],ecx


to aim at body:
CODE
0x60E4D1  8908  mov [eax],ecx


aim at head:
CODE
0x60EA53  890F  mov [edi],ecx


the first one puts the ptr to the actor/ped into your auto-aim..is the ptr to the person you are currently auto-aiming at (read/write)

put a blip over some ones head (colored thing as seen here )

BP on addr: 0x6441A8C

CODE

Data BreakPoint at : 0x60B883  892F  mov [edi],ebp
Data BreakPoint at : 0x609EE3  C70600000000  mov dword ptr [esi],0x0


(for friendlys or peds)

for enemys, the little blip is flipped, this code is introduced to me:
CODE
Data BreakPoint at : 0x60BA52  C7869C07000000000000  mov dword ptr [esi+0x79C],0x0


to disable this function:
CODE
006B883 - 006B884 : fill with nops to disable blip code (pointer above person your aiming at)


CODE

dwPlayerPointerBase+ 0x584
//-----------------------------------------
//ENTITY YOU ARE IN CONTACT WITH ^
//-----------------------------------------

dwPlayerPointerBase + 0x568
//-----------------------------------------
//VEHICLE YOU ARE IN CONTACT WITH ^
//-----------------------------------------

REALfreaky
  • REALfreaky

    Player Hater

  • Members
  • Joined: 11 Apr 2006

#462

Posted 21 May 2006 - 03:52 AM Edited by REALfreaky, 21 May 2006 - 04:24 AM.

Freakin' nice code, sobeit!

But it didn't really answer that guys question, lol.

QUOTE
I've searched this topic high and low so many times, but I still can't seem to find the address(es) for making the car that you are currently in invincible.

Can someone be kind enough to post the pointer along with the offset and value? Normaly I wouldn't ask for so much at once, but there are a lot of different CVehicle pointers and such and they're not all the same....

So, yeah, I'd appreciate it if someone could post that info, thanks in advance =]


CODE
0xB6F3B8 = Car pointer [DWORD]

Here's the health offset for your current vehicle (freeze it at 1000.0 to keep full health):
CODE
0xB6F3B8 +1216 = Health [FLOAT]


To make the car completely invincible, freeze the above offset and add the following values into the offset:
CODE
0xB6F3B8 +66 = Special Flags [BYTE]

Here are the values (add all the flags you want together, then put that sum into the Special Flags offset):
CODE
2 = Explosion Proof
16 = Damage Proof
32 = Fire Proof
64 = Bullet Proof


I hope this helps, and once again sobeit, that's some NICE code!

cBonky
  • cBonky

    Square Civilian

  • Members
  • Joined: 10 Oct 2005

#463

Posted 26 May 2006 - 01:14 PM

Rough Frame Rate (FPS)

Offset: 0xB729A0 (4-Byte ulong)

Total game loop iterations in the previous second, only updated every second, but possibly useful for people wishing to display a crude frame rate without any api hooking.

Sobeit
  • Sobeit

    mta ninja

  • BUSTED!
  • Joined: 11 May 2004

#464

Posted 29 May 2006 - 10:25 PM

0xB6EC2E - REAL aiming mode offset, not menu.

* 0 = joypad
* 1 = mouse + keys

(writable)

juan_salad
  • juan_salad

    MADD Stunter

  • Members
  • Joined: 24 Mar 2005

#465

Posted 02 June 2006 - 05:03 PM

QUOTE (cBonky @ Feb 17 2006, 23:37)
I felt I should share all this crap as I am in a new job and no longer have the time for serious modding.

Bear with me here, I am trying to decipher my hieroglyphic notes as I type this so some of it may be incorrect or need alteration, I will test them all out again later and edit this post if any of this information is wrong.

These should all work with the original European/Australian/Hoodlum version 1.0 executables at the very least.

Disable Zone Name Text - (beats modifying every zone gxt entry)

Offset: 0x58AA6F

Original Value: 0x3BD6 cmp edx,esi

Action: Nop(0x90) the bugger into oblivion (2-BYTES)


Frame Limit for Frame Limiter

Offset: 0xC1704C (BYTE)

Original Value: 30 decimal for 25fps limit (some exe's may differ, but should be around this value regardless)

For me:-
38 = 30fps
46 = 35fps
55 = 40fps <- my personal favourite, 25fps is simply moronic, but it covers up many of SA's flaws.
65 = 45fps
76 = 50fps
88 = 55fps
105 = 60fps

Really high values screwed around too much with gameflow for me, although SA is just spastic about thread execution and absolutely retarded on multiple processors, good job rockstar!


Disable Motion Blur Effect

Offset: 0x8D5104

Original Value: 0x2400 and al,0x0

Action: Write Zero(0x00) to disable (BYTE)


Disable Vertigo Effect - (connected with above motion blur effect)

Offset: 0x524B3E

Original Value: 0x752E jnz short 0x00524b6e

Action: Write 0xEB to force jump (BYTE)


Disable Non-Highway Speed Limiter - (go fast on all roads, not just designated highways)

Offset: 0x72DF08

Original Value: 0xA3B87AC800 mov [0xC87AB8],eax

Action: Nop(0x90) the lot (5-BYTES)


Disable All Traffic - (parked vehicle generators will still function)

Offset: 0x434237

Default Value: 0x7D34 jge short 0x0043426d

Action: Write 0xEB to force jump (BYTE)

If you go up to 0x434222 you can alter how much traffic is permitted to be generated, 45 vehicles is the default maximum, so for instance, if you set it to 6, you will never have more than 6 other vehicles driving on the road around you.


Some or all of these may already be known but from a quick search none seem to have been shared yet, I have a fair bit more that I stumbled upon while exploring but I need to sort out my notes and test them first.

Happy modding all smile.gif

Could someone pm how to go about changing the frame limiter to 30fps. I see that it says to change it to 38, but what progs do i use and what do i replace 38 with. Sorry im a noob. confused.gif

dustcrazy
  • dustcrazy

    Just simply, the crazy one.

  • BUSTED!
  • Joined: 11 Apr 2004

#466

Posted 02 June 2006 - 07:12 PM

I beleive that the defualt is 30FPS, if you want to you can download TSearch and change the value while the game is running. colgate.gif

DexX
  • DexX

    Black Hat

  • Feroci Racing
  • Joined: 16 May 2002

#467

Posted 12 June 2006 - 01:33 AM

Here's most of the notes i've grabbed so far. if the explanations i provide here aren't clear enough, ask away.

//define addresses
lictextfilter 0x884958 //texture filtering for license plates, see example image @ bottom of post
filterone 0x884960 //texture filtering for menu text, CJ textures and real-time shadow maps
realshadowwrap 0x884948 //texture wrap mode, character realtime shadows
diffusetexwrap 0x884940 //texture wrap mode, all other objects
realshadowsrcblend 0x884934 //vehicle / objec real time shadows
alphasrcblend 0x884924
alphadestblend 0x884928 //maybe not? changing has no effect?
disabletextures 0x884900 //set to 0
objvehrtshadcullmode 0x8849d4 //vehicle / objec real time shadows
objvehrtshadprojsrce 0x8849c0 //projection source?
objvehrtshadprojsrc2 0x88499D //projection source?
texfilmin 0x884988 //texturefilter min
texfilmax 0x88498c //texturefilter max
charshad_maxsize 0x8D5218 //real time character shadows size, default, 128
charshad_minsize 0x8D521c //real time character shadows size, default, 64

//vehicle material and lighting stuff
veh_vertexalpha 0x5d9e22 //01 for on, 00 for off.
veh_uvrefflags 0x5d9d29 //11h default
veh_tci 0x5d9c83 //D3DTSS_TCI, change to "04 (spheremap)"
veh_textf 0x5d9c91 //D3DTEXTURETRANSFORMFLAGS, controls texture trans flags, set to 256 (dec) for "projected"
enablespec 0x5d9abf //globally enables spec (DX - d3drs_specularenable, true)

//these 3 lights are the main specular lighting sources in the game, there isn't just one main specular light. all on by default
enable_light1 0x5d9a88
enable_light2 0x5d9a8f
enable_light3 0x5d9a91
localviewer 0x5D9AD1 //off by default
specmatsrc 0x5D9ADD //specular material source, 0 by default

//spec light direction - writable
speclight1dirx 0xB7CB14 //speclight01 x dir
speclight1diry 0xB7CB18 //speclight01 y dir
speclight1dirz 0xB7CB1C //speclight01 z dir

//veh lighting
vehlight_mul 0x6FFD45 //vehicle lighting (headlights, taillights) multiplier, 1.0 is default

//em vehicles - only references found in the exe, see vehicle.ide
#define copcarru 0x8A5A8C //police rancher
#define copcarla 0x8A5A90 //copcarla
#define copcarsf 0x8A5A94 //copcarsf
#define copcarlvg 0x8A5A98 //copcarlvg
#define copbike 0x8A5A9c //copbike

//em character models, see peds.ide
#define csher 0x8A5AA0 //desert sheriff
#define lapd1 0x8A5AA4 //lapd1
#define sfpd1 0x8A5AA8 //sfpd1
#define lvpd1 0x8A5AAc //lvpd1
#define lapdm1 0x8A5AB0 //lapdm1, motorbike cop

//ambulances. 3 are defined, maybe a different one was planned for each city? see vehicle.ide
#define ambulan1 0x8A5AB8 //ambulan
#define ambulan2 0x8A5ABC //ambulan
#define ambulan3 0x8A5AC0 //ambulan. all 3 of these reference the same vehicle ID.

//ambulance character models, see peds.ide
#define laemt1 0x8A5AC8 //laemt1
#define lvemt1 0x8A5ACC //lvemt1
#define sfemt1 0x8A5AD0 //sfemt1

//firetrucks. 3 are defined, maybe a different one was planned for each city? see vehicle.ide
#define firetruk1 0x8A5AD8 //firetruk
#define firetruk2 0x8A5ADC //firetruk
#define firetruk3 0x8A5AE0 //firetruk. all 3 of these reference the same vehicle ID.

//firetruck character models, see peds.ide
#define lafd1 0x8A5AE8 //lafd1
#define sffd1 0x8A5AEC //sffd1
#define lvfd1 0x8A5AF0 //lvfd1

//taxi Drivers, see peds.ide
#define BMOCD 0x8A5AF4 //262, BMOCD, BMOCD , CIVMALE, STAT_TAXIDRIVER
#define WMYCD1 0x8A5AF8 //261, WMYCD1, WMYCD1 , CIVMALE, STAT_TAXIDRIVER
#define SBMOCD 0x8A5AFC //220, SBMOCD, SBMOCD , CIVMALE, STAT_TAXIDRIVER
#define SWMOCD 0x8A5B00 //234, SWMOCD, SWMOCD , CIVMALE, STAT_TAXIDRIVER
#define VBMOCD 0x8A5B04 //182, VBMOCD, VBMOCD , CIVMALE, STAT_TAXIDRIVER
#define VWMYCD 0x8A5B08 //206, VWMYCD, VWMYCD , CIVMALE, STAT_TAXIDRIVER

//specialty vehicle attributes (hardcoded IDs)
#define bfinject 0x6AC2A1 //hardcoded bfinject piece assignment (flywheel)
#define dozer 0x6AC40E //hardcoded dozer piece assignment
#define cement 0x6AC43d //hardcoded cement piece assignment
#define packer 0x6AC4DB //hardcoded packer piece assignment
#define towtruck 0x6AC509 //hardcoded towtruck piece assignment
#define tractor 0x6AC6DB //hardcoded tractor piece assignment
#define forklift 0x6AC71e //hardcoded forklift piece assignment
#define combine 0x6AC7AD //hardcoded combine piece assignment
#define bandito 0x6ACA39 //hardcoded bandito piece assignment
#define hotknife 0x6ACA43 //hardcoded hotknife piece assignment
#define rhino 0x6ACA4D //hardcoded rhino piece assignment (turret)
#define swatvan 0x6ACA53 //hardcoded swatvan piece assignment
#define firetruk 0x6ACA59 //hardcoded firetruk piece assignment
#define zr350 0x6ACA8f //hardcoded zr350 piece assignment
#define sandking 0x4064A0 //hardcoded sandking piece assignment

//more em vehicles/peds (not listed above, as in different loc/format in mem). 2 references to each.
#define enforcer1 0x40b723 //enforcer?
#define enforcer2 0x40b73e //enforcer?
#define swatped1 0x40b72f //swat ped?
#define swatped2 0x40b754 //swat ped?
#define fbiranch1 0x40b723 //fbiranch?
#define fbiranch2 0x40b793 //fbiranch?
#define fbiped1 0x40b784 //fbi ped?
#define fbiped2 0x40b7a9 //fbi ped?
#define rhino1 0x40b7CD //rhino?
#define rhino2 0x40b7FE //rhino?
#define barracks1 0x40b7D9 //barracks?
#define barracks2 0x40b7F4 //barracks?
#define armyped1 0x40b7E5 //army ped?
#define armyped2 0x40b81D //army ped?
#define polmav1 0x40b841 //police maverick?
#define polmav2 0x40b891 //police maverick?
#define vcnmav1 0x40b878 //vcn maverick?
#define vcnmav2 0x40b887 //vcn maverick?

//other references
#define coach1 0x430642 //coach reference - the coach can hold up to 8 peds
#define coach2 0x4c8ad3 //coach reference
#define bus1 0x43064E //bus reference - can the bus also hold up to 8 peds?
#define bus2 0x4c8ad8 //bus reference

License Plate filtering: change the default value from 1, to 3
left image, point filtering(1). Right, anisotropic(3). Values match the D3DTEXTUREFILTERTYPE Enumerated Type, in the DirectX SDK.
user posted image

For all the vehicle/ped references, the data type for IDs should be short(0x0000). I haven't had a chance to hand test every address in game, but for most of the Em peds and vehicles, these are the only references i can find in the exe. If they don't alter the models ingame, i dont know what will. i've swapped out teh rhino model with a vehicle i loaded through a custom SCM, but it was very iffy, and the same procedure tried several times, didn't always produce the same results.

Thats all for now. if anyone has ideas about changing the weapon IDs for police, like we did in vice, that would be nice.

Edit 2: One of these addresses can used to fix an apparent Sa bug. The "black roads", as explained and resolved, in this topic.
The solution i found was to set the byte at:
texfilmax 0x88498c //texturefilter max, default 02 (Linear)
to 0x03, for anisotropic filtering

dustcrazy
  • dustcrazy

    Just simply, the crazy one.

  • BUSTED!
  • Joined: 11 Apr 2004

#468

Posted 16 June 2006 - 01:07 AM

how would i go about geting and setting the animation of a actor and the player? I already now every thing else, just what offstes are they located, atleast most off them.

J-Fox.GEMM
  • J-Fox.GEMM

    Ello...

  • Members
  • Joined: 31 Aug 2004

#469

Posted 16 June 2006 - 11:03 AM

They have been posted earlier by DracoBlue and Jacob. (Page 3 & 5 i think)
But they aren't working that good. You could use SCM to set them and only read that from memory - works perfect. Shooting is a bit harder. You could use an inivisble actor and tell the other actor to kill him. But the result can be really bad in some cases.

dustcrazy
  • dustcrazy

    Just simply, the crazy one.

  • BUSTED!
  • Joined: 11 Apr 2004

#470

Posted 16 June 2006 - 11:06 AM

Thks, I'll look into it more. I'm sure if I compare values over others I can create some basic rules and go about it that why/

Stinger357
  • Stinger357

    Player Hater

  • Members
  • Joined: 30 Apr 2005

#471

Posted 18 June 2006 - 03:00 PM

I know I asked this about 1 year ago but here goes again. I am looking for the memory offset and value to keep peds from disappearing when killed. Also would be nice to keep blood spots and tire marks. I know that this will crash the system eventually but I want to see how much my machine can handle. I was told it might be a simple value to adjust. When peds die they stay for about 30 seconds or so if you standing right next to them. I want to be able to go around the corner and come back and that ped still be laying there. If someone can please help me find the value and offset of this I would be very appreciative. I have the needed tools to modify the memory just need to know where it is located. Also maybe the timer for cars disappearing when blown up. Wouldn't it be cool to come back and see peds laying there where you killed them 3 hours ago.

Thanks

Sobeit
  • Sobeit

    mta ninja

  • BUSTED!
  • Joined: 11 May 2004

#472

Posted 18 June 2006 - 06:54 PM

QUOTE (Stinger357 @ Jun 18 2006, 15:00)
I know I asked this about 1 year ago but here goes again. I am looking for the memory offset and value to keep peds from disappearing when killed. Also would be nice to keep blood spots and tire marks.

its funny you mention that, when a ped dies a timer is instated...(BP ped health, it brings up the function for all peds (when the ped dies))

anywho i accidentally nopped a timer and after they died they disappeared directly afterward.

Stinger357
  • Stinger357

    Player Hater

  • Members
  • Joined: 30 Apr 2005

#473

Posted 19 June 2006 - 07:19 PM

Great so can you remember the location of the value, maybe instead of a NOOP I can make it a larger number and they wont disappear. Do you think that is possible?

J-Fox.GEMM
  • J-Fox.GEMM

    Ello...

  • Members
  • Joined: 31 Aug 2004

#474

Posted 22 June 2006 - 06:13 PM

I dont think writing sthin else then NOP (one o) works. But you could debug that area and look for the offset it reads and modify them instead wink.gif

DexX
  • DexX

    Black Hat

  • Feroci Racing
  • Joined: 16 May 2002

#475

Posted 25 June 2006 - 09:56 AM

woo! found police weapons. Some issues though.

0x5DDCBF - police nitestick
0x5DDCCC - Police Pistol
0x5DDCDC - Police Accuracy (0-255)

0x5DDD90 - Swat Character Model
0x5DDDA1 - Swat Gun1
0x5DDDAA - Swat Gun2
0x5DDDC9 - Swat Accuracy

0x5DDDD0 - Fbi Character Model
0x5DDDE1 - Fbi Gun1
0x5DDDEA - Fbi Gun2
0x5DDE09 - Fbi Accuracy

0x5DDE10 - Army Character Model
0x5DDE21 - Army Gun1
0x5DDE2A - Army Gun2
0x5DDE49 - Army Accuracy

Notes:
-Changing Police weapons only seems to affect the weapons you pick up from them when they die. Also, they wont fire the new weapons if the assignment is changed. I suspect there are more addresses controlling this than what i have so far. Swat Fbi and Army seem to work ok though.
-When changing the character models, the new models need to be loaded first!
-Weapon Values are as documented in this topic. Both values (gun1 and gun2) need to be changed.
-Accuracy is from 0 to 255, with zero being horrible accuracy, to 255 being that the authorities really don't miss. ever.

Now the Fbi employs hookers with spray cans! Deadly.
  • Jack... likes this

cBonky
  • cBonky

    Square Civilian

  • Members
  • Joined: 10 Oct 2005

#476

Posted 11 July 2006 - 01:11 PM

QUOTE (Nipa @ Apr 2 2006, 10:25)
Has anyone found the Cars Drive on Water sideways wheels memory address? I know they took out Cars Drive on Water in PC SA, but the code that rotates the wheels might still be there.. i'm asking because I'm making a Back to teh Future movie (oh noes), but I want the sideways wheels.. How I plan to make it is make a program or something which modifies the address for the wheels, and puts the cars fly cheat on, linked to a hotkey. Then I could press that hotkey, while filming, the wheels would rotate, and I could go at speed and start flying. But for that to happen, first I need the address.  confused.gif -Nipa

Not sure if you are still looking for this one, but I accidentally came across it while digging up something else.

CVehicle + 0x898 = Local Y-axis wheel model orientation (Float)

The normal value is around 0.6 or so, if you step it up to 1.8, the wheels will rotate downward until horizontal. It can also be used to give vehicles some realistic looking negative camber, although it is not utilized in the physics simulation.

So if you grab the player's vehicle, stiffen up the suspension, disable wheel model angle rotation, enable the flying car cheat and then combine it with a basic trainer to adjust the angle on the fly, voila, a pretty decent back to the future knockoff.

CrazyT
  • CrazyT

    Player Hater

  • BUSTED!
  • Joined: 18 Jul 2006

#477

Posted 19 July 2006 - 06:14 AM

439600 -> JetPackCheatFunction()

When executed you get the JetPack ... works exactly like the Cheat.
There are no params you need to give it.
Maybe i also find the positions of functions to spawn cars ... will be quite useful i guess.

JernejL
  • JernejL

    Big Homie

  • Feroci Racing
  • Joined: 11 Mar 2002

#478

Posted 20 July 2006 - 12:54 PM

QUOTE (DexX @ Jun 12 2006, 02:33)
#define rhino 0x6ACA4D //hardcoded rhino piece assignment (turret)

ok thats part 1 of 3 - just the turret. i would need the ide for car that actually fires tank rockets, and the tank super multi wheels ide, could you find those?

DexX
  • DexX

    Black Hat

  • Feroci Racing
  • Joined: 16 May 2002

#479

Posted 21 July 2006 - 02:25 AM

found some of the wheel stuff. its not just one or 2 values that can be changed, the extra wheels are quite complex.
I'll post tank weapon info when/if i ever find it. i think im the only person who hacks that stuff, so it may be awhile.

CrazyT
  • CrazyT

    Player Hater

  • BUSTED!
  • Joined: 18 Jul 2006

#480

Posted 23 July 2006 - 08:31 AM Edited by CrazyT, 26 July 2006 - 02:17 PM.

anybody knows where the adress is that checks if you are in the water?
cause i want to add something for my trainer, that you can swim in the air smile.gif .

[edit]
k ... did not found what i wanted ... but the opposite:
6c2756
if you change this location into:
b0 00 90 90 90 90 (mov al,0)

you can walk under water (unfortunately ... it does not work the other way(you can not set it to 1 to swim in air))
[/edit]

[edit]
also found another location ... if you set:

code :00681b0d - 74 44 - je 00681b53
to:
code :00681b0d - EB 44 - jmp 00681b53

then jumping is disabled ...
(no idea if this is usefull for somebody ...)
[/edit]




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users