Documenting GTA3/VC memory addresses

[mvi]

OK, I'm completely lost, I see all these codes representing different parts of Vice City, but how do I auctually implement them. Do I need a coding program, such as VBasic?

[Linx]

You can use a memory searcher, like T-Search .

[J-Fox.GEMM]

Or Artmoney... (I think thats the fastest app)

[mvi]

OK, I've got it all to work, the only thing I now need to know is how they're found in the first place.

[ESMazter]

Hey Andy could you upload your newest boundaries.cht file please?

[Kryptos]

 

OK, I've got it all to work, the only thing I now need to know is how they're found in the first place.

There's tutorials all over the Internet about this, and this isn't the topic to ask how to do something, this is specifically for documenting addresses. Use Nanobot2k's archive of tutorials to get started, which can be found here [http://pc.nanobot2k.org/?action=articles].

 

And there isn't one specific method to do something. Depending on your skillset you can go about finding addresses numerous ways, some prefer using editors, like T-Search and ArtMoney, while others prefer using disassemblers, like IDA, not to mention the god of Win32 hacking; SoftICE. I prefer both the latter, which are available on the net.

Edited March 1, 2005 by Kryptos

[Andy80586]

Memory hacking has its limitations, and in order to expand the boundaries you will need to modify the file itself with a hex editor. I posted some of the addresses in this thread, but boundaries.cht will not get you anywhere.

 

This will. Unzip it to the base Vice City directory, BACKING UP THE ORIGINAL FILE. This file is early alpha at best and will crash your game at one point or another (depending on what you are doing). Going too fast or acquiring a wanted level will crash the game in some places. This version does not have the fix for east and west water walls, so if you fly too far west or east you will hit one and get wasted. The file does the following:

 

1. Expands the boundaries to 200,000 each way.

2. Increases the maximum number of IDE objects to 4397 (from 3885).

3. Allows for 100 more TXD files to be referenced in the game.

4. Increases the total number of paths possible for the game.

5. Increases the path boundaries by deleting the x16 multiplier (all paths must be converted by dividing the xyz coords by 16 or they won't work).

6. Increases the helicopter height boundary.

 

Fixes for the near future include:

 

1. Eliminating the 2000 poly limit in .col files.

2. Fixing the water walls (I already know the address, but changing it causes some visual issues, so each function will need to be analyzed separately).

3. Fixing water boundaries and perhaps the radar.

[DexX]

/* useful, andy. one more "bug", which i encounted while playing, is that if i stole a car with a car alarm, the alarm didnt shut off, ever.

 

I particularly look forward to seeing if you can increase the 2000-poly col limit... */

[Opius]

Great work, as usual. It's amazing to see your work in action. I'm really looking forward to future releases.

 

One note I do have to give though, is that in the future, could you try to make either a patch for gta-vc.exe, or a trainer that modifies it as it starts? The EXE you posted has a NO-CD crack applied, and any distribution of the EXE is technically against the EULA. It's dubiously legal, and I'd hate to see your project be hit with a cease-and-desist from Rockstar because of your means of distribution.

 

If you need with programming for a patcher or trainer, I'm sure the people in this topic will be more than happy to help you.

[Andy80586]

ok... i'll keep that in mind... maybe for future releases i will have the version require a cd, but for now I am going to have to take the file down. Do you think you can find another place to host it? Not like piraters would like something that crashes as much as this file does, but with crap like the DMCA in place anyone can get sued. So much for living in the "land of the free".

 

edit: or find a way to program what I did into some sort of patch? I tried using an .asi file for this but for some reason or another it failed to work right; it seemed to activate after it was needed.

 

I will look into applying everything I did a second time... maybe it will help get rid of some of the bugs that have shown up, and having it require a CD may make R* happier about it by not making piracy easier to pull off.

 

-Andy80586

Edited March 5, 2005 by Andy80586

[Opius]

I'm sure if you post a list of edits you made, someone could make a small program that edits the original EXE to make it identical to the one you had up before. Another advantage to this method is that it should only be a couple of kilobytes, which would mean it wouldn't put a big strain on the server it's hosted on.

 

I know nothing of actual programming, so I'm afraid I can't help you out with this. I'm just trying to keep you in the clear from a legal standpoint.

[Andy80586]

OK, but that is going to be a long list. What I would need is something that starts before VC (an .asi file starts working after VC starts loading) that can set everything up that I did with the original file. But making the next version CD-only might add an air of legitimacy to the mod.

 

The problem with a list is that I changed lots of things at once with the search tool of Hex Workshop.

 

What I am thinking of is a tool similar to the Limit Adjuster, except it adjusts more limits.

[Squiddy]

Great work Andy. I'm not sure but didn't you took a look on gta lc's launcher? It modifies the exe too, so couldn't this program be used for your changes too?

[steve-m]

 

What I am thinking of is a tool similar to the Limit Adjuster, except it adjusts more limits.

I would be happy to make a new version of the limit adjuster, incorporating all the new things you found. But one thing to make sure is that it works with different versions of VC (also the australian one).

 

Edit: You aren't allowed to spread the game's exe anyway.

[-GRAVITY2-]

SWEEET Id love the no COL thing. Could you do that first? Every modder would love it. Do you know where its located in the exe?

[DexX]

/* @ andy, this is what i use, for loaders and trainers -

http://www.gamehacking.com/sites/tools.php...t=Trainermakers

 

At the top, Game Trainer 1.6.2, its fairly simple and gets the job done. People like steve who can code you something decent are helpful, but this is a quick down-and-dirty fix, which you can easily modify and distribute for testing purposes.

 

The code you actually need to know is super simple, like this:

 

poke 0434567 05

 

instuction, address to modify, value to insert. it'll generate, and compile ASM code for you. i didn't *see* any address limit listed either. give it a shot */

[Andy80586]

SWEEET Id love the no COL thing. Could you do that first? Every modder would love it. Do you know where its located in the exe?

I do not know where it is, or even if the limit is 2000 (there might be two separate limits, one for polys and one for vertices), but I tried making a base terrain for another island (it had 5766 vertices and 1922 polys) and it crashed the game.

[DexX]

/*

 

My Rancher (!) with fire truck lights, re-assigned, positioned, and scaled, to a new vehicle. It also has the emergency Radio, and a glitchy-siren. Squad cars, FBI, swat, and other EM vehicles are next on the list, hopefully i'll get the colors too.

Here's the firetruck Addy's (all are byte):

Firetruck Radio/Siren Vehicle ID: 0x5b8525

Firetruck EM Lights vehicle ID: 0x58be29

Firetruck EM Light Position ID: 0x58be87

Note: All 3 of these MUST be set at once, to the same vehicle, or your game will get glitchy with the firetruck/vehicle your trying to replace it with!!

 

Reposition and resize the Lights to match your vehicle (all are float?):

Firetuck light Z position: 0x69a644

Firetuck light X position: 0x69a6c0

Firetuck light Y offset: 0x69a708

Firetuck light horizontal scale: 0x69a728

 

It should be noted my Rancher was loaded through my custom main.scm, and was not part of the normal traffic. you may need to load your model first, i havent tested it otherwise.

 

I've also managed to re-position the hunter weapons. You can still use them only on other choppers (helis), but i can place them pretty much anywhere i want on the helis now. Nobody f*cks with my Maverick anymore

 

what else, what else........oh, and i got the addresses for the weapon + ammo you get when you enter a police car, or a caddy (you get a golfclub when you enter a caddy). I''ll be posting everything at once in the next day or so, once i get it all organized, and get some sleep */

Edited March 13, 2005 by ashdexx

[JernejL]

but how did you change the light colors??

 

[random_download]

 

Squad cars, FBI, swat, and other EM vehicles are next on the list, hopefully i'll get the colors too

Ashdexx hasn't changed them yet has he? The firetruck lights are yellow and red normally.

[J-Fox.GEMM]

Any ideas for the menu text colors (pink)?

[jacob.]

I think those have some sort of 'texture' that is packed in GTA-VC.EXE, perhaps extractable with Reshack - all though you may not recognize it even if you see it.

[DexX]

 

I think those have some sort of 'texture' that is packed in GTA-VC.EXE, perhaps extractable with Reshack - all though you may not recognize it even if you see it.

/* no, it uses the standard font in the fonts.txd. there's nothing useful you can grab form the exe with reshack.

 

@ delfi - those are the standard firetruck light colors.

 

Some of the menu colors are listed in the sourcecocde to the GTA:LC trainer, check that out. */

[ModelingMan]

Any ideas for the menu text colors (pink)? 

Hammer already got those addresses for GTA:LC, one minor drawback is that the memory addresses must be edited before the function they are in is called, ergo you must edit the values while the intro is playing.

 

 

I think those have some sort of 'texture' that is packed in GTA-VC.EXE

They are in RGBA format, e.g.:

 

push 0FFh; Apush 0E1h; Bpush 96h ; Gpush 0FFh; Rcall <blah>

 

The above colour is the menu text, which is: ▲▼▲▼

Edited March 14, 2005 by ModelingMan

[jacob.]

RGB A? Whats the A stand for?

 

 

[Kryptos]

Alpha, it's the transparency (00 is completely transparent, FF is completely solid). You can refer to DirectX's D3DCOLOR (0xFFFFFFFF where the first FF is the alpha, the second is the blue, the third is the green and the last is the red, i.e. it's stored as ABGR opposed to RGBA which is why they are pushed onto the stack in that order):

 

 

push 0FFh; Apush 0E1h; Bpush 96h; Gpush 0FFh; Rcall <blah>

 

So if you plan on using hex color codes in spookie's DLL make sure you start off with the transparency and then reverse the code, i.e. the hex color code #2C5D3F would become 0xFF3F5D2C.

[ModelingMan]

push 0FFh; Apush 0E1h; Bpush 96h; Gpush 0FFh; Rcall <blah>

 

So if you plan on using hex color codes in spookie's DLL make sure you start off with the transparency and then reverse the code, i.e. the hex color code #2C5D3F would become 0xFF3F5D2C.

Yeah, Smithers is the one who is doing the DX code with spookies source, but yeah I was aware of that but thanks for pointing it out.

[DexX]

/* sorry for the delay, ill post those address when i get home. some of the sutff doesn't translate from one vehicle to another though, all the work i did for the firetruck, the corresponding addresses in the same blocks, that *look to be* from the ambulance, dont change jack sh*t

 

got the rhino mapped out though. part of the police car.

 

question @ all who know anything about the ped blocks; while messing around with the memory yesterday, i stumbled across part of the ped block, that looks like its holds SCM information (they were custom actors from my scm, not just random peds). Anyway, by altering part of the commands, i was able to re-direct the ped to do something else. the ped i was messing with had instructions to watch to a certain set of coordinates, and sure enough, when i changed those coords in memory, he walked to the new coords instead

mmm....realtime scripting?

 

Is this similar too, or the same method as things like MTA and GEMM and GTA:C are using? i don't recall seeing any mention of it (what i just posted) in here. */

[Kryptos]

Yeah, currently they define actors in the SCM which they then control via memory injection. Most groups are shifting towards SCM injection now, the method which spookie and [sheep] released in their spooshdemo and DX/SCM DLL (and don't flame me MTA, I know Kyeman was working on this stuff a year ago). You'll also probably see low level calls using modules loaded into the executable to allow full access to the engine's functions.

Edited March 16, 2005 by Kryptos

[jacob.]

(and don't flame me MTA, I know Kyeman was working on this stuff a year ago)

Really? Did you mean that kyeman was helping spooky or was working on a seperate one alone?