Documenting GTA3/VC memory addresses

[JernejL]

after seeing how hard it is to find any info on memory adresses in gta: vice city

for memory hacking - and creating trainers (telporters, vehicle spawning etc.. )

and the experiences with MTA team which appears to be nice only from oudside -

they use others stuff but don't share their!! i've decided to push this little doc into

the public, it is intend to be read by anyone interested into how gta:vc works

internaly and for wasting your and my free time.

 

memory offsets:

 

teleporter - same for as ped and as any other vehicle:

8276416 > pointer = 72083480, + 52 bytes = 72083532 where is x, y, z of the object as 4 byte float values

72083532 > float x next is y and then z

 

texts - they are UNICODE format:

 

outputing text on the left - up display

9670696 > text

8207936 > text

- 2 copies, so the game sees one has changed and if so then updates it to that one..

the text fades out by itself.

 

center of screen (mission failed etc...)

7917312 > text

- this text also fades out by itself

 

busted / wasted texts in lower right corner, this text STAYS there until you make the first char ZEROED

7917824 > text

 

rampage middle screen texts, i can't get these to work "by manual":

7918336 > text

7918592 > text

9670440 > text

 

for texts you can use gxt color codings

 

infinite run:

5467949

 

any car spawning:

4901238 = car code for romero's hearse cheat, change this number and type the romero cheat (thelastride)

to spawn a specific car.. ids are same as in default.ide file

 

player model changing:

to change your ped model into another change one of cheat model and txd name references near 6877748 (there are duplicates at 6842396 but are just memory mirrors)

then type in that cheat code, beware, you are limited by the existing character length there..

MTA must know a better way of doing this.. but they don't want to help..

 

model name references:

offset len reference

6877748 > 7 - buddy

6877708 > 7 - ?

6877716 > 5 - ken rosenberg

6877724 > 7 - hilary

6877732 > 6 - jezz - lovefist?

6877740 > 6 > phil

6877748 > 7 > sonny

6877760 > 6 > mercedes

6877768 > 6 > dick ???

6877776 > 6 > diaz

6877844 > 6 > player ????????

 

and you have only these useful for 5 - 6 - 7 length named models..

for other lengths it would need to hack the assembler code..

6877716 > 6842396 > 5 - igken

6877740 > 6842412 > 6 > igphil

6877748 > 6842444 > 7 > igsonny

 

a note: if you use a model that is used in the IDE file the game will crash.

 

gxt color codes:

a = gray

b = blue

c = light blue cyan ?

d

e

f

g = pink

h

i = white

j

k

l

m

n

o = orange

p = purple

q = purple & some pink

r = purple & even more pink

s = silver

t = green

u = green

v

w

x = fading blue

y = yellow

z

 

whatever - a hacker could find this useful

 

[JernejL]

Opius   crosses fingers

brokenfish crosses fingers too

ZanderZ hopes that too

although LithJoe's Ultimate Trainer is great too.

 

Delfi, have you contacted LithJoe? I think he programs in Delphi too and he might know more offsets and stuff.

he does, but his website is d.o.w.n..

 

ok, here is a nice litle something:

 

 

*note here: the background loader is from spooky's path editor

*another note: setup the keys before you run the game

*and another one: it is still unstable..

*and it loads / saves lithjoe's teleport tables

*place it to the gta-vc-exe dir, as it loads the images from img file and the default.ide..

 

baa:

 

http://www.infofeast.com/delfi/will_be_del...p/p_trainer.zip

 

 

[DexX]

ooo, coolness. a few ideas though, do the addresses change if you change the main.scm?

 

also, alot of vehicle characteristics, ie weapons, emergency lights, police radio, whoopee music, hydraulics, flame exhaust, sirens, etc, are hardcoded per vehicle, ive been searching for these, to no avail. might you have any idea on their addresses?

 

good work on the rest though, its a shame MTA wont share what they've learned, prats...

 

Edit again, you posted the address in decimal, not hex, my bad

missed the UNICODE at first glance...

Edited November 2, 2003 by ashdexx

[JernejL]

ooo, coolness. a few ideas though, do the addresses change if you change the main.scm?

 

also, alot of vehicle characteristics, ie weapons, emergency lights, police radio, whoopee music, hydraulics, flame exhaust, sirens, etc, are hardcoded per vehicle, ive been searching for these, to no avail. might you have any idea on their addresses?

 

good work on the rest though, its a shame MTA wont share what they've learned, prats...

 

Edit again, you posted the address in decimal, not hex, my bad

missed the UNICODE at first glance...

these adresses don't, they are the fixed memory regions

except the player coords, those change alaways you die or load a game

they are solved with a pointer...

 

and yes, i am not a hex nut, i like decimals better

as the numbers are easier to calculate by hand..

 

yeah, the vehicle characteristic are to be hacked soon

 

anyone helping?

 

[DexX]

ill lend a hand wherever i can. i want extended vehicle characteristics as much as everyone else.

 

im also gonna append your hearse-cheat..

Unicode!

4901238 - Romero's hearse cheat, thanks for the start point

4901286 - Love fist limo vehicle spawn cheat

4901334 - Trashmaster vehicle spawn cheat

4901382 - Sabre turbo vehicle spawn cheat

4901430 - Caddy vehicle spawn cheat

[Stretchnutter]

excellent, couldnt find text b4

 

ill do my addresses in HEX

 

btw, delfi: i tried your trainer but it doesn't spawn bikes

also you forgot to mention that the GXT color codes are used like this: "~w~" had to figure it out meself

 

Camera Stuff7E48E0 - Zoom Thresh (Car) float7E48BC - Look Up/Down(foot) float7E48CC - Look Left/Right(foot) float7E48C4 - FOV float7E48D4 - Zoom On-Foot float7E4688 - 7E46B4 - Camera Rotations (quaternions)  3x3 matrix floats7E46B8 - Camera X float7E46BC - Camera Y float7E46C0 - Camera Z float7E4764 - Currently Selected View (Car) float7E47EC - Currently Selected View (Foot, Classic Controls) float7E47C4 - Amount of clipping for cinematic view? float7E48DC - Distance from vehicle before camera starts turning around; float

 

 

Some Controls -?? i had more?!7E46B0 - Right (0-255) byte7E46B1 - Left (0-255) byte7E46B2 - Up (0-255) byte7E46B3 - Down (0-255) byte

 

 

 

Options Menu86964C, 690220 - Draw Distance, float869655 - Frame Limiter, byte (0 off 1 on)869650 - Subtitles ^869652 - Wide Screen ^86963A - Hud Mode?! ^

 

 

 

821F7C - Current Car Speed (multiply by 4 for kmh), float

 

 

 

Stuff i used for weapons vibration for Force FeedbackgOffset = Pointer to player block  (dec 8276876)pGunOffset = gOffset + 1284cGun = Get(GameName, pGunOffset, 1) (find current gun (1-9) byte)pGunOffset = (gOffset + 1036) + (cGun * 24) (a byte changes above 1 when current gun is fired)pOffset = generic pointer (7e49c0) whatever is in controlpCollideOffset = pOffset + 260  // Collision (float)

 

Lots lots more but dont have them handy

 

anything more i can do?

 

visit my site for a host of vc hacks

Edited November 3, 2003 by Stretchnutter

[JernejL]

wow, i am impressd by the reaction

 

i will post the new garage and stats stuff i have when i get home

 

and about typing cheats:

 

you can use winapi keyb_event to fool the keyb driver that a key was pressed

use keyb_up and down to fake a keystroke

the keystrokes can be also typed in windows with gta:vc inactive,

it is still checking for the cheats being typed

 

[ZanderZ]

821F7C - Current Car Speed (multiply by 4 for kmh), float

 

Are you sure it's 4 and not 3.6?

3.6 makes more sense, since that's the conversion factor for m/s -> km/h but maybe VC doesn't handle it that way...

 

Nice codes man

Delfi: looking forward to it Maybe you can add a 'Run VC' button, just like in LithJoe's trainer?

[Stretchnutter]

Im working on this camera hack tool of mine, thanks to your TEXT stuff I can now add a speedometer

 

And other stat displays

 

 

 

Thanks... and keep it up!

 

(about the multiply by 4, im unsure, but i used spinnies open & enhanced mod to do a comparison... looks like 4.)

Edited November 3, 2003 by Stretchnutter

[JernejL]

here are some new offsets:

 

7898380 > players car in water

7898408 > players car in water

7899664 > players car in water

7899720 > players car in water

- maybe it is not for car, but separate tires?

9931224 > water has effect on player - player (or his vehicle) is in water

all these are variables set by the exe when game is checking things, you can't set them.

maybe they are for use in scripts.

 

don't kill me for the garage offsets yet, they are real pain in the ass :S

 

to mta:

i didn't actualy ask for source code, i just asked for

little help to do with character morphing - changing player model

 

i never asked fou your source code...

 

Edited November 5, 2003 by Delfi

[Cray]

In all released versions of MTA:VC, the player model change occurs within the SCM. The Client tells the SCM when to change the player model and what model to change it to.

 

As far as I can tell, you cannot change the player model at run-time of a currently constructed character. I believe the player would have to be destroyed, created and then refreshed.

 

But again, I cannot speak for certain as to whether or not the player model can actually be changed ... as this is only from our findings way back when.

[Demarest]

@Cray: You might be interested in my most recent mod: Chameleon. In it, I followed VC's lead and added changing who you are to GTA3. It actually is a player model swap. No need to destroy. To read about it, the hurdels I encountered, and how I overcame them, just click here.

 

@Blokker: By that mentality, why do you leave the house at all? You never know when you're going to get hit by a car or something.

 

I think the back and forth "I have the logs to prove it" is just a bit less mature than what this thread has been thus far.

[ZanderZ]

don't kill me for the garage offsets yet, they are real pain in the ass :S

Ask LithJoe, he can probably help you. His website still works at http://lithjoe.gta-vice.com

You can also find his email address there: [email protected]

[dans]

We (gtama team, LithJoe of ultimate vc trainer fame and Racer_s aka Stretchnutter, author of the infamous cam tool ) have decided to work on an extensive documentation of the vice memory layout.

 

We have a wiki set up and will start work on it this weekend.

 

Anyone interessted in helping out feel free to join in @

 

irc.game-editing.net

#Game-Editing.net

 

More info to follow...

[DexX]

 

We (gtama team, LithJoe of ultimate vc trainer fame and Racer_s aka Stretchnutter, author of the infamous cam tool ) have decided to work on an extensive documentation of the vice memory layout.

 

We have a wiki set up and will start work on it this weekend.

 

Anyone interessted in helping out feel free to join in @

 

irc.game-editing.net

#Game-Editing.net

 

More info to follow...

indeed. i went to game-editing.net to see if anything had been posted about it there, to be met with a "The End" page, i assume the site is down, permanently?

 

if so, then where would such documention, be documented at?

 

@ Delfi, wahts going on with those garage addresses, i thought you were going to post them?

Edited November 14, 2003 by ashdexx

[dans]

the page is down, the irc server isn't. The wiki is hosted on one of JeyK's pages and I guess the final doc will be available there and on gtascripts.org

[JernejL]

more progress on the console:

 

 

here is the file:

http://www.infofeast.com/delfi/will_be_del...p/p_trainer.zip

 

to turn the console on / off use scroll lock key

there may be crap appearing in the console, use backspace to clear it

use the ¨ key (left to the "1", above the tab key) to execute text

parameters are separated with spaces

 

there is a speedometer on the options page, works alaways even on mission

and on foot , game units or multiplier (200 = km/h)

 

you touch the "extra hacker" on your own responsibility.

 

 

[JernejL]

more more MORE! :

 

 

this is new: car tire status:677, 678, 679, 680 - 1 byte per wheel, i don't know which wheel is which offsetthe middle wheels use same as for the rear wheelsthe offsets are counted from car control block start offset - use generic pointer at 8276416!the status can be:0 - normal1 - poped2 - no tire (used when car is blown up and tire fells off, but the tire             model attachment is stored independantly of this status, data about this is located around 892            so if you change this to no tire, the car acts like it has no tire, but the tire            model is still visible, except if car is blown up..)            anyone knowing anything with car blown up status-es and restoring cars from blown up will get a cookie!  these are from from gta3 console docs, these are st same offsets, with some new flags from me: 80 word- Car Touching Surface Type: 311586 air / 835842 asphalt (also there are a lot of bit coding in this word)82 longword special flags:???exploded darkened texture (you can still drive the vehicle, "tommy" is "burned" too, try it on a bike! )has drivervisible (otherwise car is completely invisible and doesn't make any particle effects, smoke, tire tracks)explosion proof? dent proof ?car totally blown up (if you are in that car and set this you die! )????damage prooffore proof??????boat related?boat related????????

 

[DexX]

oh HELL no, this topic isnt going anywhere!! 2nd page my ass.

More addresses, and a suprise at the end...

 

Hex baby!Vice v1.0Time of day: A10B6BThe rest of these are all switches...0 for off1 for onGreen Scanlines Enabled - A10B69White Scanlines Enabled - A10B68"Wheels Only" Cheat Activated - A10B30"Smoking Tommy" (he smokes a cigarette) Cheat Enabled - A10B23Slow Motion Gameplay - A10B98Translucent Text Box OnScreen - A10B83Show Credits - A10B9CFast Time - A10B80Completely Disable HUD (options menu still thinks its on) - A10B45Funky Camera, not used normally (youll see why) - A10B4F

 

Now i said i had a suprise and i meant it. If youve ever looked through the exe, or the gxt tables, youll notice alot of text that looks like it could at one time been part of an editor, that was built into the game. Well, this has to be the defining proof of that.

and it doesnt work. NONE of the keys on my keyboard move the cursor, the mouse doesnt do jack, and neither does my controller. i can activate the menu, but not use it. i suspect the commands are not bound to any keys, that red one looks like its highlited.

 

Code to enable it:

Ingame, set the value to 1

A10B2D

When you enable it, the camera will fly way off into the distance, i dont know why, it just does. Anyway, VERY interesting info up there, i hope i can get some assitance looking into this...

Edited December 6, 2003 by ashdexx

[JernejL]

f*ckING sh*t!!!!!!!!

 

i was very VERY first thing i wanted to enable on gta-vc

i seen this text, and the stuff like "i told you i can't find the f*cking animation" and things

it must be all a part of something!

 

and the keys probably need to be binded trough the gta-vc.set file i guess

 

btw, anyone that knows what this in carcols.dat means:

 

"# Press START on controller to reload this file while the game is running."

 

theres still whole a lot of sh*t hidden in gta-vc

another is that the gta-vc looks for files: "gta3.ini" and another file in data dir i can't

remember which, "gta3.ini" file was there with gta3, but it is not with gta-vc

all it contained is two lines saying "1.0", it must be all connected somehow

and there are mentions to debug keys and scresnshoots in the exe file near the other

keys, they are probably just gxt pointers but could be more..

 

[DexX]

gta3.ini - gta3 actually uses this, i just copied it to my vice root folder.

Data/SPECIAL.TXT

Data/Views.txt

it lists some view variables..

 

View #i assume the views.txt format...%0.6f %0.6f %0.6f %0.6f %0.6f %0.6f %0.6f %s%d

 

 

Interesting messages...

"Cannot Write to preset view file"

"Cannot Open preset View file"

"Out of memory - not all preset views loaded"

 

and elsewhere in the exe it lists this...

 

CamX: %f CamY: %f CamZ:  %fFrontx: %f, Fronty: %f, Frontz: %[email protected]: %f, [email protected]: %f, [email protected]: %f

 

 

Yea, looks like alot of stuff was left out for the final release. others, like your "press start to reload carcols data" is probably left over form the ps2 version, where the controller actually HAS a start button, lol.

 

yay, hex edit my .set file, that will be fun. could be useful though...

[steve-m]

 

Data/SPECIAL.TXT

Data/Views.txt

VC doesn't even attempt to open these or other files (in its current configuration), I checked it.

But it looks for a directory "movies\subtitles\" for example. Strange stuff.

 

BTW, I extracted the whole data segment to an extra file for easier reading.

 

@Ash: Hope you reply to my PM...

[AJH]

Cool stuff ashdexx.

Here is what I found:

If your in that menu and change the value of A10B39 to 1 it creates a new actor like this.

Maybe it has something to do with that New Actor button.

 

Another thing I found is if you change A10B39 to 0 it hides all hud display's like radar etc..

[JernejL]

Data/SPECIAL.TXT

Data/Views.txt

VC doesn't even attempt to open these or other files (in its current configuration), I checked it.

But it looks for a directory "movies\subtitles\" for example. Strange stuff.

 

BTW, I extracted the whole data segment to an extra file for easier reading.

 

@Ash: Hope you reply to my PM...

yes it loads them, use sysinternals file monitor..

 

btw, about data segments, i made a tool for exporting / importing this stuff

for GTA1, quite old program..

 

http://www.infofeast.com/delfi/will_be_del...sap/exeedit.zip

 

it also renames the section and does some other sh*t..

 

[steve-m]

 

yes it loads them, use sysinternals file monitor..

That's what I did!?

 

That tool is great, exactly what I'm looking for. Could you give me the source? I wanted to update my MenuEditor to read the offset of the data segment from the exe, because most users have problems finding the offset of menu data themselves.

[JernejL]

yes it loads them, use sysinternals file monitor..

That's what I did!?

 

That tool is great, exactly what I'm looking for. Could you give me the source? I wanted to update my MenuEditor to read the offset of the data segment from the exe, because most users have problems finding the offset of menu data themselves.

new offsets:

 

10554188 > mouse controller enabled

10554184 > Freeze world - freezes everything that is usualy doing something

the player freezes (even with a plane mid-air), cars freeze, pedesterians freeze etc..

but the trash and rain drops on camera are still doing "their stuff", the clock is still working..

you can safely unfreeze this mode later, everything works like nothing happened..

this might be used for replay feature as some stuff disappears after it is turned off again..

heh - try this with a scene with thousands of cars onscreen, then use "bigbang" cheat so

everything explodes but stays on place, after that disable the cheat, and everything exploded will start

fliying around

 

it is also interesting to turn this on in middle of replay, everything visual will halt,

but the player and car shadows will still follow the movement

 

interesting thing is that debug menu doesn't activate the funky cam mode setting..

 

ashdexx: the things around your offsets are gold mine i tell you..

 

@ST.MU:

sure, the program is a edit of something i got from borlands website, but i added the

section importer / exporter myself..

 

http://www.infofeast.com/delfi/will_be_del...xe%20editor.zip

 

feel free to do anything with it, it is very crap and old code, so don't expect to see

anything fancy..

 

also, Steve - you'll need my component pack if you don't want to fix the form and unit

by hand to use standard vcl - it is from my components page on my website..

 

[Stretchnutter]

 

Hi everyone,

 

my first reply here at gtaforums.

I tried to modify the camera, with the offsets given at the beginning of that thread.

But nothing happens.

 

When I set the Currently Selected View (Car) to 4, it works. Is there no other way to change the camera when you're on foot, for example?

 

Excuse me for my english. Hope you'll understand me.

 

Greets

Squiddy

 

Welcome to GTAForums!!!

 

ive already made a tool to do this.

 

http://toca.game-editing.net/dl?f=fpstest.zip

 

VC Camera Hack v2.1 Final

 

 

v2.2 is in progress...

Edited December 21, 2003 by Stretchnutter

[JernejL]

 

v2.2 is in progress...

2.1 never worked for me.. crashed game instantly.

the readme suggeststhat if it crashes, use the no cd and even a link in there.

 

 

Its a bit of dodgy code injection which can really only be fixed by distributing a pre-made gta-vc.exe

 

 

check the readme if you still want to try it.

i tried nocd and it didn't have ANY sounds ingame (not even sound effects)

if i ran it with the cd it froze on loading..

 

can you distribute the modified exe? do it or find better camera memory data

 

find the cameradistance and cameratarget..

Edited December 22, 2003 by Delfi

[Squidd]

Sorry, but i've got another question.

 

Somebody found out something about velocity or gravity? Don't know the right word. I mean that you can jump higher for example.

I'm searching a long time, but found nothing yet.

 

Before i continue searching, is it possible that this could be modified through an offset? I mean that it stands somewhere in the memory.

 

 

And for another time, sry for my english.

Think i'm going to improve it by posting here.

 

Squiddy

Edited December 23, 2003 by Squidd

[Squidd]

i understand your english is bad, so maybe you got your terms mixed up, everything is at an offset, all the data exists somewhere, the trick is in finding that offset, and exploiting it to its fullest.

 

I thought Delfi modded the player attributes for how high you could jump didnt he?

Sorry for my english, i try to improve it, so you could understand me.

 

 

About the player attributes, thats why i am asking. I tryed the search, but found nothing. You've maybe got a link or something else for me?

 

Thx

Squiddy