Quantcast

Jump to content

» «
Photo

SA OM0

97 replies to this topic
Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#31

Posted 07 July 2017 - 10:33 AM Edited by Fooking, 08 July 2017 - 08:47 PM.

I still don't understand some parts regarding duping safehouses. Why would you need Misappropriation to unlock the Abandoned Airstrip when you could already buy it after Interdiction?

 

 

You don't need it, but after I found out that Misappropriation unlocks the Airstrip, I wanted to try every mission to see if something else unlocks the Airstrip, and it does. Ran Fa Li unlocks the Airstrip, but it's one of the only 2 missions that work, but leaves blips behind. The other one is Madd Dogg's Rhymes, which unlocks Santa Maria Beach.

 

Edit: Updated list

 

Spoiler

  • OrionSR, rhans and Crestfallen like this

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#32

Posted 07 July 2017 - 06:49 PM

Comments and questions regarding Fooking's tests:

 

It's my understanding that you are using a cleo mod to launch missions on the Android version. Have all tests been on Android? Have successful results been tested on PC? I could probably craft a save with appropriately locked properties.

 

Can you send me links to before and after saves with a collection of "nothing unlocked" tests? If I can find anything amiss in the save then we can go back and check again with a specific test in mind.

 

Can I assume that all "nothing unlocked" tests except Bike School always provided double percentage?

 

When you mention the green house icon instead of the floppy disc, are red houses turning green?

 

Outdoor properties are not unlocked by the Buy Properties mission. They are controlled by the global variable $Total_Available_Save_Pickups ($885 PC, $884 mobile) and unlocked by other missions. I would not expect the Angel Pine trailer, Catalina's Hideout, the Doherty Garage, Toreno's Ranch, or Four Dragon's Casino (14 thru 18, respectively) to be unlocked by these strategies. 

 

The Johnson House and Madd Dogg's Crib are also unlocked by missions but the save disks are always available (not limited by $Total_Available_Save_Pickups in the Player Save script). You just don't see the save pickup during the early mission because CJ is on a mission.


Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#33

Posted 07 July 2017 - 07:10 PM Edited by Fooking, 07 July 2017 - 07:12 PM.

It's my understanding that you are using a cleo mod to launch missions on the Android version. Have all tests been on Android? Have successful results been tested on PC? I could probably craft a save with appropriately locked properties.

True. Testing on PC takes WAY too long, the only stuff I did on PC was Reuniting the Families, New Model Army and HSLR.
The reason why it takes too long, is because SA takes almost a minute to boot up and I have to find a save on gtasnp for every mission. On Mobile it takes 15-20 seconds to boot up, and I can immediatly open the mission menu and start a mission once the phone call is triggered.

Can you send me links to before and after saves with a collection of "nothing unlocked" tests? If I can find anything amiss in the save then we can go back and check again with a specific test in mind.

I can do that tomorrow, propably.

Can I assume that all "nothing unlocked" tests except Bike School always provided double percentage?

Yes, they do.

When you mention the green house icon instead of the floppy disc, are red houses turning green?

They are red (as my test save doesn't have the countryside or anything except LS unlocked.) Once the area with the safehouse is unlocked, it turns into a green icon.
  • OrionSR likes this

Patrick1994
  • Patrick1994

    Rat

  • Members
  • Joined: 27 Aug 2013

#34

Posted 08 July 2017 - 02:44 AM Edited by Patrick1994, 08 July 2017 - 04:19 PM.

@Orion
This is Misappropriation + Property Buying. [google scrlog]
00000578&0: [0914] COMMAND_0914 0
00000581&0: [0201] LOCATE_PLAYER_IN_CAR_CAR_3D
[nop, acts as a wait 0]
00000583&0: [1ADC] COMMAND_1ADC
the parameter to 0914 is 0 most likely because its type is nonsense, so whatever is left in ScriptParams[0] from earlier opcodes is used: 0 from "wait 0".
  
I have had a look at my SA instapass doc to check for waits in the airstrip unlock range; did not find anything that is usable and does not crash [I did not check out any version other than v1.0, though].
https://docs.google....t#gid=843542130
 
 
 
Oh, there has been quite some action in here. I do not feel like reading it all. I'll just say that Ran Fa Li + Property Buying crashes on PC. I have tested it on SCM v1.0 and the other PC SCMs are identical for those two missions (I ran a diff program over all missions a while ago).
 
 
 

MONSTER & TRUCKING ALONE CRASHES THE GAME!

Please clarify.
 
Make x8 Monster work on PC remastered to change any% a whole lot. :D Monster x8 + Flight School = all of desert done (the ranch and airstrip missions). The Monster Trucks get stuck inside each other. Maybe loading a checkpoint helps - anything.
 
Feel free to just skip to the last paragraph if you feel lazy. ^^
 
This is how we do Monster x2 in any%. We gain control during the tutorial by having the intro cutscene start then and skipping it.

 
This is what TriplePat got with x3 Monster on PC (10sec clip at 1:23):

The execution is poor, that was not the point of the video. IIRC, I did the same with a camera to avoid CJ shooting and I was still too slow to get into the Monster truck before the tutorial restarts: The "getting into Monster" animation was interrupted and CJ teleported.
 
The third way to save the truck is warping to a tuning garage. But the LV one I tried was locked when LV is not unlocked (which is how it is in any% - LV/desert is not unlocked, only its missions). Using an SF one would work but the barriers cannot be passed - the undrowning glitch fails since the truck drowns and you only have 10s on foot until the mission fails, anyway.
 
Yet another way could be to start Monster with a call. Ending the call inside the tutorial cutscene would give control back so that we can get into the truck. However, remastered/mobile does not support om0 calls, right? The only way to get x8 Monster + a call would be valet parking, which requires om0 call holding. On PC, I do not see why it would not work but we cannot unlock Flight School there (and the setup requires a gf call which is purely random.
 
 
 
The remastered checkpoint system might make it work, somehow.
Maybe you can remotely repair the truck using a tuning garage without getting a black screen? Or you could teleport back to the tuning shop with a different Monster truck to get rid of it?

  • rhans likes this

Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#35

Posted 08 July 2017 - 06:31 AM

Please clarify.


Buying a safehouse during Trucking crashes the game, and buying a safehouse during Monster crashes the game. However, starting Trucking and then Monster, and then buying a safehouse will not crash the game.
  • rhans and Patrick1994 like this

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#36

Posted 08 July 2017 - 05:20 PM

Buy Properties List updated with local offsets: (for reference with the Depreciate SA Instapass Stuff).

0	:BUYPRO1_306	Wang
1	:BUYPRO1_410	Zeros
2	:BUYPRO1_504	Airstrip
3	:BUYPRO1_688	Santa Maria 
4	:BUYPRO1_814	Rockshore West 
5	:BUYPRO1_940	Fort Carson
6	:BUYPRO1_1066	Prickle Pine
7	:BUYPRO1_1192	Whitewood Estates 
8	:BUYPRO1_1318	Palomino Creek 
9	:BUYPRO1_1444	Redsands West 
10	:BUYPRO1_1570	El Corona
11	:BUYPRO1_1696	Calton Heights
12	:BUYPRO1_1822	Muholland 
13	:BUYPRO1_1948	Paradiso 
14	:BUYPRO1_2074	Hashbury 
15	:BUYPRO1_2200	Marina
16	:BUYPRO1_2315	Pirate Pants
17	:BUYPRO1_2437	Camel Toe
18	:BUYPRO1_2559	Chinatown
19	:BUYPRO1_2674	Whetstone
20	:BUYPRO1_2789	Doherty
21	:BUYPRO1_2904	Queens
22	:BUYPRO1_3026	Angel Pine
23	:BUYPRO1_3141	El Quebrados
24	:BUYPRO1_3256	Tierra Robada
25	:BUYPRO1_3371	Dillimore
26	:BUYPRO1_3497	Jefferson
27	:BUYPRO1_3612	Old Venturas Strip
28	:BUYPRO1_3734	Clowns Pocket
29	:BUYPRO1_3856	Creek
30	:BUYPRO1_3971	Willowfield
31	:BUYPRO1_4086	Blueberry

  • Patrick1994 and Fooking like this

Patrick1994
  • Patrick1994

    Rat

  • Members
  • Joined: 27 Aug 2013

#37

Posted 08 July 2017 - 08:26 PM Edited by Patrick1994, 08 July 2017 - 08:27 PM.

Please confirm that, Fooking. I tested it on PC v1.0: I started Monster, cheated om to 0, waited a few seconds, bought a property. My guess is that you forgot about version differences and thought that since T->Monster->Property did not crash for rhans, it must be due to Trucking.

 


I first thought you meant that Ran Fa Li unlocked Flight School. My bad. Anyway, I got Monster x8 to work using the food menu to gain control during the tutorial, just like we do in any%. But since we cannot unlock Flight School, it is worthless. Monster x3 would not skip Verdant Meadows, so I could buy the airstrip normally. It would skip Interdiction in addition to High Jack. However, there would need to be a fast setup to save the Monster truck, which does not exist, atm.

 

 

The Property Buying mission differs slightly in the remastered (and mobile) version. I analyzed Ran Fa Li which crashes on v1.0 but is fine on remastered (I used "winstore 1009" from Blantas). Global variables differ between those versions:
v1.0
{613} 02A7: $592 = create_icon_marker_and_sphere $591 at $666 $667 $668
{630} 018B: set_marker $592 radar_mode 2
mobile
{613} 02A7: $320[271] = create_icon_marker_and_sphere $591 at $665 $666 $667
{630} 018B: set_marker $320[271] radar_mode 2

 

So when the game executes the underlined variable as opcode, different things happen in each version: On mobile, 093C is executed, on PC 0940 (4 higher, since the variable number is bigger by 1 and a variable is 4 byte in size). 093C is a nop without parameters, 0940 is not a nop. It does not crash but it takes a parameter. Therefore, the following commands are different.

 
This is what is executed on PC:
00000628&1: [0940] SET_GROUP_FOLLOW_STATUS [UNKNOWN] 67715074
00000636&1: [9902] NOT COMMAND_1902 <-- crashes
On mobile, I suppose, this is executed:
628: [093C] NOP
intended commands from here on
  • rhans likes this

Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#38

Posted 08 July 2017 - 08:42 PM Edited by Fooking, 08 July 2017 - 08:49 PM.

Hmm... Monster seems to be different on Mobile, I can start Monster during New Model Army whereas it crashes on PC. I'll try buying a property again, give me a minute.

 

Edit: Well, it works. Updated the testing list.

 

Edit 2: Patrick, can you tell me if the scripts say anything about the black Maverick in Interdiction that flies away and never returns? If it does, what conditions have to be met?


Patrick1994
  • Patrick1994

    Rat

  • Members
  • Joined: 27 Aug 2013

#39

Posted 08 July 2017 - 09:41 PM Edited by Patrick1994, 11 July 2017 - 12:53 AM.

@Fooking http://gtaforums.com...entry1069709529
 
[The next paragraph is more technical than usual]
Monster is an interesting case. The game loads 69000 bytes from the file main.scm into the part of memory where the mission code is in. Since BUYPRO1 (Property Buying mission) is at the end of the scm, only 4000 by are loaded, the rest of the previous mission (Monster in this case) remains. Since the Monster loop is at offset 5000 (1000 later), it coexists with Property Buying. However, starting missions initializes all local variables with 0, including the Monster handle, it counts as wrecked.
 
I have written some docs on instapasses a while ago. This property stuff is instapassing, too, but it feels funny to call it that since the Property Buying mission is so short. Feel free to skim/read them, it is a lot of stuff and most is probably not too important if at all. ^^
https://docs.google....dit?usp=sharing [Edit: this is mostly by Nick]
https://docs.google....dit?usp=sharing
  • RationalPsycho likes this

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#40

Posted 10 July 2017 - 10:10 AM Edited by OrionSR, 10 July 2017 - 06:16 PM.

I wrote a script to tweak my icons and lock my enexes and garages and then launch the BuyPro1 mission so I test Fooking's successful mobile results on PCv1.
 
Courier Asset, right away, Chinatown
BMX, right away, crash
Street Race, right away, Chinatown enex only
Drive-Thru, right away, crash
Nines and Aks, right away, crash
Catalyst, right away, crash
Just Business, right away, crash
Life's a Beach, after dance, crash
Madd Dogg's Rhymes, right away, crash
Green Sabre, before entering Bravara, Wangs Autos, CV icon only
Cloud Mountain Boys, leave Woozie behind, crash
Ran Fa Li, right away, crash
Zeroing In, after stealing car, crash
Test Drive, leave Cesar behind, crash
Highjack, right away, crash
N.O.E., right away, crash
Intensive Care, after entering the marker at the Hospital, crash
Saint Mark's Bistro, while in LC, doesn't crash right away, doesn't seem to unlock anything in SF
Misappropriation, right away, crash
Architectural Espionage, leave camera behind, Pirates in Men's Pants Save Icon and Enex
Key to her Heart, right away, crash
Breaking the Bank at Caligula's, right away, crash
Cut Throat Business, exit Kart, double percentage
  • Fooking likes this

Bender ุ
  • Bender ุ

    ⭐⭐⭐⭐⭐

  • Members
  • Joined: 21 Aug 2009
  • None

#41

Posted 10 July 2017 - 10:34 AM

As far as i remember duping jury fury dupe the blips but they stay only for time you are around the blip if you leave radius it will disappear

Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#42

Posted 10 July 2017 - 10:49 AM

What??? I'll try it after my last exam for today then, it's really odd that it crashes for you on PC..

Nick007J
  • Nick007J

    Mark Chump

  • Members
  • Joined: 17 Jan 2010
  • Russia

#43

Posted 10 July 2017 - 10:50 AM

As far as i remember duping jury fury dupe the blips but they stay only for time you are around the blip if you leave radius it will disappear


That's because these blips are directly attached to entity and therefore are removed as soon as attached entity despawns. SA blips mechanic is generally more complicated.

Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#44

Posted 10 July 2017 - 12:37 PM Edited by Fooking, 10 July 2017 - 12:37 PM.

Okay, what the f*ck, so the Mobile version is actually better when it comes to safehouse duping...

 

I tried Ran Fa Li on PC, and it doesn't work.


Nick007J
  • Nick007J

    Mark Chump

  • Members
  • Joined: 17 Jan 2010
  • Russia

#45

Posted 10 July 2017 - 12:47 PM

Okay, what the f*ck, so the Mobile version is actually better when it comes to safehouse duping...
 
I tried Ran Fa Li on PC, and it doesn't work.


It's not better, it has different script. Same thing as a common misconseption, when people thought japanese version of Vice City is "more stable", whereas it just had different script.

Patrick1994
  • Patrick1994

    Rat

  • Members
  • Joined: 27 Aug 2013

#46

Posted 10 July 2017 - 02:12 PM

To simplify what Nick said: Different versions are different, not "more stable" or less. That means that some instapasses (property stuff is kind of an instapass) are exclusive to one versions, some to another, most "work" on all of them.

The SF CV icon is really just map icon and marker (I had to make sure). The thread that starts missions is not launched, so it does not give us early double-traction bikes. D:



Btw, I want to automate "crash testing" fully. Example:

From my instapass doc I see that the Vigilante wait at 14671 would instapass Dam&Blast (found by Powdinet). I want to test if it crashes:
My script should create a main.scm that contains a mission that has the perfect wait offset right after starting it (code is here: https://pastebin.com/zJPs3qNKI just need to convert it to binary data and add it into the scm, I also need to make it detect the stack from the thread name of the target mission (Dam & Blast; see the stack fixing part of my "advanced instapasses" doc)). Then it should start SA, launch the prepared mission, then launch the target mission.

Then it should parse scrlog.log and tell me what code was executed.

Bender ุ
  • Bender ุ

    ⭐⭐⭐⭐⭐

  • Members
  • Joined: 21 Aug 2009
  • None

#47

Posted 10 July 2017 - 03:23 PM

If You dupe first SF mission will the blips remain? (police station or hospital) or.. Can you force them to stay?

Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#48

Posted 10 July 2017 - 03:46 PM

The SF CV icon is really just map icon and marker (I had to make sure). The thread that starts missions is not launched, so it does not give us early double-traction bikes. D:


Buying a safehouse during MCB (On Mobile) unlocks the CV missions, during TGS it only places an icon there.

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#49

Posted 10 July 2017 - 07:08 PM Edited by OrionSR, 10 July 2017 - 07:16 PM.

I can confirm another one of Fooking's observations: testing on PC takes a long time. It took a lot longer to complete my tests than I was expecting.

 

Additional Comments:

 

St Mark's Bistro was giving me fits. I could buy property while in LS simply by launching the mission with cleo, and return to SA by getting wasted, but it left my map without icons (but not the mini-map, oddly enough). I didn't make progress observations. I could save but couldn't load the save - might have a mission in memory; I need to check with a save editor. Can you provide more information on how this test was conducted on mobile? 

 

I'm considering editing my main.scm to provide an indexed progress report. Basically, increment the progress provided for each subsequent property routine, then compare the difference in progress made to determine which partial routine has been executed.

 

I was expecting major differences in how this exploit would work on mobile and PC once I learned the importance of the precise location of wait commands within the local missions. I've made several attempts at directly comparing scripts from different versions and there are frequently slight changes that would make a huge difference in offsets if they occur early in the mission. I hadn't anticipated how the global variable would complicate matters. 

 

Fooking, I've been impressed by your results, even if they mostly apply to mobile. And inspired. I'm considering the idea of running more tests based on the idea that experimentation is more likely to produce results. So far, careful planning has been better suited to explaining what's going on after something interesting has been discovered. But then again... SA on PC? I would expect that players have already tested every mission against the buy property mission just to see what happens. How new are these exploits?

 

 

I tried Ran Fa Li on PC, and it doesn't work.

 

My cleo strategy is new, my confidence is still low, but bolstered by confirmation of known strategies. Did you run your test with more natural strategies?


Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#50

Posted 10 July 2017 - 08:37 PM Edited by Fooking, 10 July 2017 - 08:42 PM.

But then again... SA on PC? I would expect that players have already tested every mission against the buy property mission just to see what happens. How new are these exploits

Rhans's video was made on the 30th of December, but TriplePat discovered it. Probably a few days before that.

Not sure when it was discovered that Chinatown is unlocked when duping it using a Courier asset, but it came to my attention in my livestream a couple of days ago, right after the stream I made that video.

My cleo strategy is new, my confidence is still low, but bolstered by confirmation of known strategies. Did you run your test with more natural strategies?

I use the OnMissionChanger (direct download) to have OM0 after starting a mission, then I walk (or teleport using SACC) to a safehouse and buy it.

Patrick1994
  • Patrick1994

    Rat

  • Members
  • Joined: 27 Aug 2013

#51

Posted 11 July 2017 - 01:35 AM Edited by Patrick1994, 11 July 2017 - 01:40 AM.

Most importantly: Fooking, I cannot make sense of the Mountain Cloud Boy thing, please upload all of your mobile main.scm and script.img versions (if you own multiple versions). Should be in gtasa_directory/data/script


 

Patrick1994 told me that there is an offset between (idk the exact numbers, but it's similar I hope) 1996000 and 1997000. If the value is in between this, a safehouse should unlock. I hope he'll get here soon, as he'll be able to explain it better.

Elaboration on that:
Install Cheat Engine, open the cheat table, make sure that the LUA script runs (say "yes"), make sure that auto-attach is enabled (see picture).
574e8373eb67e58e50113adc2b33eb5b.png
Now watch the value it tells you to watch (first entry in the table).

I also did not say "they will unlock", I said "~50% of the time". Approximately 50% of the offsets are useful (I estimate; just think of "offset" as "value in the cheat engine window") that are 19xxxxxx (see the cheat engine file). Those 50% are not chance. Same offset, same result.



@Orion
Regarding relative offsets of each command. You can get global offsets using the "code offsets" debugging feature of Sanny [thanks Nick]. Local offsets need to be calculated, still. D:
77242d39132600c14db4bf4f7608dbaa.png



Are there any open questions, apart from how some property "instapasses" worked? Here is Powdinet's explanation of "perma-passes" (the mission passed part of the mission being called over and over), that might be going on for the mysterious "property instapasses" (except that in this case, right after the unlock, the Property Buying thread ends because those missions just work like that, they are an exception):

A bit of explanation:

This works because LCS and VCS, unlike the previous games, always load only the mission code instead of a set number of bytes.

This means that you can have a big mission code running at the same time as a small mission (this is also possible in the previous games, but only with the last mission [note: a bit more than just the last one], so it's not as easy to manipulate)

Using this, all you have to do is find a big mission that executes a gosub or a function call into an offset that is now held by the small mission. Ideally it calls right into the mission pass code, but in this case, it jumped into the main loop of the mission, so it essentially dupes the mission. When the mission is passed, it jumps back to the big mission's loop, then jumps back again to the small mission. Now, since the variables have all been set correctly to pass the mission, it passes the mission, then loops back again infinitely.

Source
It could also be a jump instead of a gosub. It could even be a return: When a new mission is loaded, only the mission code changes (only the first ~4200 bytes in the case of Property buying). The "old" mission thread itself (e.g. the Architectural Espionage thread) does not change, so the stack stays the same. It could return into Property code - if, when the property was bought, it was inside a loop inside a sub-routine.

OrionSR
  • OrionSR

    Chain Game Development Team

  • Feroci
  • Joined: 23 May 2007
  • None
  • Helpfulness Award [GTA & Modding]

#52

Posted 11 July 2017 - 04:28 AM Edited by OrionSR, 11 July 2017 - 04:29 AM.

Thanks for the hint on CODE_OFFSETS. That will help a lot in my efforts to hex edit indexed progress into my main.scm,  I'm not sure yet if I can trust a recompiled script to maintain the proper offsets. 

 

Something I forgot to mention in my report of PC confirmation tests of Fooking's property duping experiments on mobile: Since 8-Track, Dirt Track and all all race tournaments, including the race portion of High Stakes, Low Rider, Wu Zi Mu, and Farewell, My Love, are all controlled by the same script, I didn't repeat tests for anything other than a default bike race in LS. I'm expecting all race tournaments and missions to produce the same results unless you can get something interesting to happen while following Cesar to the HSLR starting point.

 

Is there any hope of duping a mission plus the BMX/NRG Stunt mission and jump to a buypro1 routine that was loaded in the slack of the stunt mission? I'm not at all sure how this works but this seemed to be implied by previous statements.


Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#53

Posted 11 July 2017 - 08:46 AM Edited by Fooking, 11 July 2017 - 09:18 AM.

I'll install SA Mobile now and record a test video for MCB and Ran Fa Li, and then upload the main.scm to my Google Drive

I couldn't find them at first, but they're located in the .apk itself lol.
scriptV1.img
mainV1.scm



I also showed Misappropriation just for fun.
  • OrionSR likes this

Patrick1994
  • Patrick1994

    Rat

  • Members
  • Joined: 27 Aug 2013

#54

Posted 11 July 2017 - 02:49 PM Edited by Patrick1994, 11 July 2017 - 02:50 PM.

Fooking, I still cannot make any sense of Mountain Cloud + Property. Once I get a new smartphone, I will check if the PC scm also "works" using the mobile version. I have already tried the other way around (mobile Mountain Cloud Boys in the PC version) and it made no difference [still crashes].

[I used Sanny's "hex [hex code] end" syntax to copy the mobile code since I could not decompiled it; I did not copy over the Property Buying code because I had already verified that at the relevant offset the code is identical to PC (where it crashes according to scrlog: it starts at offset 235, there it executes "is char dead", then invalid opcode FFF3).]

 

 

Orion:


mission plus the BMX/NRG

BMX results in a crash because it jumps to offset 4201 ("break" of the switch-case) of the started mission (BMX) after the property is bought. On both PC versions, this is a crash (I had looked into it a while ago). Since the jump happens on the same frame as the unlock, you cannot replace the mission code yet again to avert that jump.

 

Some other mission before BMX might work.

 

See "Blow Fish style instapass" for an example of this jump (your idea is in the doc, too, under "long instapasses").

 

 

 

 

I do not see why editing the scm in Sanny would mess with offsets, but you can verify that by diffing the decompiled original.scm and the decompiled edited.scm (https://www.diffchecker.com/) with the code_offsets debugging option.

  • OrionSR likes this

Bender ุ
  • Bender ุ

    ⭐⭐⭐⭐⭐

  • Members
  • Joined: 21 Aug 2009
  • None

#55

Posted 11 July 2017 - 02:56 PM

Would these property warps work on ps2 as well or they are too 'heavy' for ps2 to handle

Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#56

Posted 11 July 2017 - 03:21 PM Edited by Fooking, 11 July 2017 - 03:22 PM.

Courier Asset, right away, Chinatown
Street Race, right away, Chinatown enex only
Green Sabre, before entering Bravara, Wangs Autos, CV icon only
Saint Mark's Bistro, while in LC, doesn't crash right away, doesn't seem to unlock anything in SF
Architectural Espionage, leave camera behind, Pirates in Men's Pants Save Icon and Enex

These ones should work, I can't tell for sure but you just have to try.

Bender ุ
  • Bender ุ

    ⭐⭐⭐⭐⭐

  • Members
  • Joined: 21 Aug 2009
  • None

#57

Posted 11 July 2017 - 03:26 PM

Endex what does that mean?

Nick007J
  • Nick007J

    Mark Chump

  • Members
  • Joined: 17 Jan 2010
  • Russia

#58

Posted 11 July 2017 - 03:26 PM Edited by Nick007J, 11 July 2017 - 04:27 PM.

I checked why game doesn't crash on mobile. Hilariously, just a day after saying that there are no "more stable versions", I have to take my words back.

Here is a rough decompilation of PC function:
char CRunningScript::ProcessOneCommand(){
  ++CTheScripts::CommandsExecuted;
  unsigned short opcode = *(unsigned short*)m_pCurrentIP;
  m_pCurrentIP = (char *)m_pCurrentIP + 2;
  m_bNotFlag = (opcode & 0x8000 == 0x8000);
  return gCommandsTable[(opcode & 0x7FFF) / 100](opcode & 0x7FFF);
}
Here is one from Android (I removed debugging and irrelevant stuff)
char CRunningScript::ProcessOneCommand(){
  ++CTheScripts::CommandsExecuted;
  unsigned short opcode = *(unsigned short*)m_pCurrentIP;
  m_pCurrentIP = (char *)m_pCurrentIP + 2;
  m_bNotFlag = (opcode & 0x8000 == 0x8000);
  char (__thiscall *f)(CRunningScript*, int);
  if (opcode <= 2699)
    f = gCommandsTable[(opcode & 0x7FFF) / 100];
  else
    f = CRunningScript::ProcessCommands2600To2699;
  // stuff
  if (opcode != 0) //WAIT
    //stuff
    return f(opcode);
  else
    return 1;
}
So unlike PC, which crashes on all unknown opcodes (>=2700), all such opcodes are ignored on Android, which actually makes it "more stable" than PC and consoles.
  • OrionSR and Patrick1994 like this

Fooking
  • Fooking

    you fooking w0t m9?

  • BUSTED!
  • Joined: 24 Jun 2017
  • Germany

#59

Posted 11 July 2017 - 03:30 PM

Endex what does that mean?


There are 4 results;
● Crash
● Nothing unlocked, but double %
● Another safehouse unlocked, double % (this will display a save icon on the map, and a blue/green icon in front of the safehouse)
● Amother safehouse opened, double % (this will keep the red/green icon on the map, and the blue/green icon in front of the safehouse)

Nick007J
  • Nick007J

    Mark Chump

  • Members
  • Joined: 17 Jan 2010
  • Russia

#60

Posted 11 July 2017 - 03:33 PM

Endex what does that mean?


I guess you mean 'enex', which is short for 'entry exit' - a yellow marker for interiors. R* called corresponding section in config files 'ENEX'.
  • Bender ุ likes this




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users