Jump to content

Documenting GTA3/VC memory addresses


JernejL

Recommended Posts

more:

 

note: all decimal.

 

ashdexx posted only the hours for game time, here are the minutes:

10554258 > longword (4 byte unsigned integer)

 

carpointer + 581

1 byte switch > alternate siren

works on any car, specials like ambulance will have the siren and lights,

but on ordinary cars the car will have double horn biggrin.gif

Link to comment
Share on other sites

  • 2 months later...

lmfao, you can set it to whatever you want, set it to zero and make tommy jump. he doesnt come down, ever tounge.gif

 

here'e a pic (brightness raised for clarity)

user posted image

 

Side effects-

peds are stuck in the sidewalk, and cant walk, even when they get out of the car

if you accelerate too fast, you do wheelies, even in that idaho, which is exactly how that happened

also, if you exit the car midair, the player stays in that spot, he doesnt fall down

 

Edit: i clicked start new game by accident, with no grav on, and decided to let it play out. this is a BAD thing to do, when ken drives you to the office, he cant stop! the car flys into, and through the camera, and the cutscene doesnt end, i needed to close vice via the task manager to get out of the game. just a warning...

 

Edit 2: as odd as it may sound, you can make tommy swim with this! seriously. i failed at a jump on the docks with my pcj, and tommy plummeted to the water, except he didnt drown, he just keeps doing the falling animation and never goes into the water, and while he's falling i can control which direction he falls, so i steered him back to the shore. damn.

 

@stretchnutter - damn good find here with that address! thanks you!

 

More stuff to do with it...

-hit bikes, the people fly much farther

-get into more fights with cops, and use weapons that make bodies fly, like grenades or rockets, the bodies get mad air

-stay by bridges and piss cars off by shooting at them

-do pretty much anything that onvoles an object leaving the area and travelling vertically...

 

here's my gravity settings

orig -

6f 12 01 3c

change 3c, to 3b, to keep the game playable, but much more interesting.

Edited by ashdexx
Link to comment
Share on other sites

Congrats Stretchnutter, an awesome discovery!

 

What happens, when you set the gravity to a very high value like 1? This: wink.gif

 

user posted image

With this value it is impossible to jump, you will land the same moment you jumped off. Running and then jumping results in immediate death. And the best of all: If peds are spawned higher than ground level (e.g. when paths aren't set exactly), they don't survive the few centimeters falling distance! devil.gif

The same happens to .scm-placed cars, they fly through the air burning and exploding.

 

Another nice effect is setting the gravity to a negative value, jumping results in infinite rising, and not only for the player. If you let some people take off and then set the gravity back positive again, they fall down and crash into the ground, another way to kill peds... devil.gif²

 

Some common values:

 

Hex Bytes Float Description
6F 12 03 3C 0.008 default gravity
6F 12 83 3B 0.004 half gravity
6F 12 03 3B 0.002 quater gravity
6F 12 83 3C 0.016 double gravity
6F 12 03 3D 0.032 fourfold gravity
6F 12 03 BC -0.008 negative gravity
00 00 80 3F 1.0 very high gravity
17 B7 D1 38 0.0001 very low gravity

 

Low gravity (1/2 or 1/4) makes you jump wider, higher and longer and makes doing wheelies damn easy.

 

I've no idea what a gravity value of 0.008 could stand for. Normally it is defined as m/s² with values like 9.8 (Earth) or 1.62 (Moon). Either the hundredth of the slightly changed original gravity or an undefined invention by R*.

Link to comment
Share on other sites

man oh man....i do the oddest things. im not even sure of *exactly* what it was this time, but ill give my instrucstions nonethless, vague though they are. from 69b1c0 to 69b21f, fill it with zeros. this will have 2 effects ingame, one, all the parked cars will be facing one direction, the other is every time you press a key on the keyboard, it will spawn a blooding, i sh*t you not. pic -

user posted image

 

im unable to narrow down the address(es?) any more, because im about to pass out. if anyone wants too, have at it. btw, DO NOT hold down a key, it WILL start raining bloodrings, and drop your fps to less than 1. and i literally mean "rain", there will be that many if you press a key for too long. i made the mistake of holding a key down for a solid 5 seconds. 2 minutes later, when my game resumed, i had about 1/4 of a frame per second, before vice crashed. oops tounge2.gif

 

time for sleepy.gif

Link to comment
Share on other sites

Stretchnutter

7838D1 - Current Gear (Byte)

 

apparently you can force it to change gears, but the sound type relies on switches... the offsets around that one contain nothing but 1's and 0's interesting.

 

 

changing the gear doesn't have an effect on the vehicle speed, but the sound definately changes (you have to do some ASM hacking to disable the instructions that are updating the gear offset, or you can just FREEZE the value)

 

This works perfectly next to a speedometer rah.gif

 

Ill have to play around with this a bit more later devil.gif

 

EDIT: Ok, more is now known.

 

7838E0 (dword) - Timer for when sound starts playing, gear changed?

Compare to global timer @ 974B2C

 

7838D8 (dword) - frequency of sound when in 'overdrive' (just increases with time if above certain speed until it reaches 800(dec) then it starts decreasing if over)

 

7838DD (byte?) - some kinda 'overdrive' switch

 

 

 

_text:005F1625 080                 mov     ds:dword_0_7838D8, 0_text:005F162F 080                 jmp     loc_0_5F1D9A  ; Jump_text:005F1634    ; ---------------------------------------------------------------------------

 

 

if you NOP out the Jump @ 005F162F by setting it to hex 9090909090 (size?) you can have overdrive on all the time and control the frequency.

 

I used the speed to control the frequency and it sounded like it had one gear tounge.gif

Edited by Stretchnutter
Link to comment
Share on other sites

more info, these change the text thats entered to activte a cheat, kinda. like some kind of cheat identifer keypad-thingy tounge.gif

Example, if you type in TRAVELINSTYLE, you spawn a bloodring, soo..

 

[carname] [address] [cheat text]

Bloodring - 69B1D8, thats the offset for TRAVELINSTYLE

Romero's Hearse - 69b1e8 - THELASTRIDE

Love Fist Limo - 69b1f4 - ROCKANDROLLCAR

Trashmaster - 69b204 - RUBBISHCAR

Sabre Turbo - 69b210 - GETTHEREFAST

 

Now, if you swap around the values of say romero's hearse, and the bloodring, then typing in TRAVELINSTYLE, will spawn a hearse, instead of a bloodring, ive tested this.

If you fill the value with zero, as mentioned before, it will spawn that car when you press ANY a-z key

 

thanks to AJH for narrowing it down mate smile.gif

 

This is one i'm still exploring, but if you mess with it, there is no door animation, the door (driver side, front door) is EITHER open or closed, but when tommy gets in / out of a vehicle, it skips the animation and all the frames, and just becomes open / closed.

69b34a

Link to comment
Share on other sites

 

O, please someone help me with memory adress in Visual basic

OMG! HE IS A INTERPRETED VB FREAK!!!

 

sorry.. i just had to do it..

 

if you can't figure out how to memory hack in vb, then

ask stretchnutter, he uses vb.

 

..or get a better programming tool.

 

edit:

 

skimmer uses tire inflation status for propeller animation - if you

zero-fill all 4 tire status bytes the propeller halts and re-runs.

 

a interesting thing here is that this isn't true for helicopters, and hunter actualy uses front 2 tires..

i also believe that in one of files in xbox \NEO\ folder claims that skimmer is technicaly a BOAT.

 

btw, don't edit tire status on a BIKE, it WILL crash.

 

for car tire status see my post on one of previous pages.

 

take a look at:

 

-713.967529296875

-1643.58801269531

42.3484268188477

 

seems there is face orientation bug on that crane..

 

-797.999328613281

-1593.70751953125

31.3741073608398

but the very same crane here doesn't have that bug ??

Link to comment
Share on other sites

  • 2 weeks later...

although this topic seems to have died i will post here anyway. as you probably dont know I am coding an EXE for GTA: LC, while it is not very complicated and i have almost finished there are a few things im stumped on. The first and most important is this:

In my program i can read and write data to vices memory, no problem. But this documentation of sorts is only for new stuff for vice, so i downloaded the source for the admin console so that i could get the missing memory addreses i needed. I opened it up, and began to look for basic addresses, when i thought i had found them i tried to use the memory addreses in my program, it didnt work, i tried many times using different addreses found in the admin console and all returned null results. What the hell am i doing wrong.

 

THere are some other problems but they arent that bad, ill figure it out myself. Im pretty new at this, so i may be wrong

Link to comment
Share on other sites

did you change any of gta3 window title / class names?

maybe gta3 admin console can't fond the gta3 window..

 

Link to comment
Share on other sites

did you change any of gta3 window title / class names?

maybe gta3 admin console can't fond the gta3 window..

nothing changed, just downloaded the source code and wham didnt work, compiled it, ran it and set it to use GTA3 1.1, tried it and WHAM nothing. after isolating base addreses (or what i think are) and trying to use my code with the addreses still yielded Null results.

Link to comment
Share on other sites

hold up a second, isnt GTA:LC, a port of gta3, running on the Vice exe?

setting it to run on gta3 1.1 doesnt eman anything if you have the wrong exe altogether, all the addresses between the games are different.

Link to comment
Share on other sites

hold up a second, isnt GTA:LC, a port of gta3, running on the Vice exe?

setting it to run on gta3 1.1 doesnt eman anything if you have the wrong exe altogether, all the addresses between the games are different.

when i said i compiled it i was testing i meant that i was testing using GTA3 not VC

Link to comment
Share on other sites

no need to apologize, i should have said that in the first place. Quick Question before i disappear for a while in my many projects i have to finish (myriad lots, LC EXE, my scm mod, my UT2k4 mod, blablabla): How exactly do you get the memory addreses, i dont know because personally i have never tried, but i would like to, i think i need to give something back to the community and im interested in this so any help/advice would be swell biggrin.gif

Link to comment
Share on other sites

I do it the old-fashioned, slow, painful way. do something, do a search, do something else, do another search, view the results. be warned, this method can cause insanity to some people, you were warned. Tsearch is the program i do it with...

http://membres.lycos.fr/tsearch/

Free, simple, and gets the job done. certainly there are other programs and methods out there, but this is good enough for me, considering my knowledge of the subject.

 

 

ashdexx ponders his gameshark/pro action replay pro days on his psx and n64

ahhh, good times, good times...

Link to comment
Share on other sites

thanks ashdexx, your the man wink.gif I had an action replay for my N64, never used it much, good fun when i did though smile.gif

Link to comment
Share on other sites

ArtMoney is another great tool for finding addresses (detecting change). So if you can't used to TSearch, give it a shot.

Link to comment
Share on other sites

[mta]kyeman

0x7DBCB0 - Base pointer to player controls structures (276 bytes in length).

1 word (2 bytes) represents 1 keystate.

 

At first I thought maybe each (scm)create_player might have their own

structure for keystates, but no such luck. PlayerControls[0] seems to be

the player ingame controls and PlayerControls[1] (0x7DBCB0+276) seems to be

the menu controls (I think). I also do not know why these structures are 276

bytes long when there's only about 17 known keystates.

 

Anyway, here is a list I did up from Barton's list. (Since it's the same

from the scm calls)

 

 

0x7DBCB0 + (Key * 2) = keystate.Keys:KEY_ONFOOT_TURNLR	2KEY_ONFOOT_LOOKLR	3KEY_ONFOOT_ACTION	4KEY_ONFOOT_PREVWEAPON	5KEY_ONFOOT_AIMTARGET	6KEY_ONFOOT_NEXTWEAPON	7KEY_ONFOOT_FORWARD	8KEY_ONFOOT_BACKWARD	9KEY_ONFOOT_STRAFEL	10KEY_ONFOOT_STRAFER	11KEY_ONFOOT_EXITMODE	12KEY_ONFOOT_CAMERA	13KEY_ONFOOT_JUMP  14KEY_ONFOOT_ENTERVEHICLE	15KEY_ONFOOT_SPRINT       16KEY_ONFOOT_ATTACK       17KEY_ONFOOT_CROUCH       18KEY_ONFOOT_LOOKBEHIND   19KEY_INCAR_TURRETLR      2KEY_INCAR_TURRETUD      3KEY_INCAR_RADIO         4KEY_INCAR_LOOKLBEHIND   5KEY_INCAR_HANDBRAKE     6KEY_INCAR_LOOKRBEHIND   7KEY_INCAR_TURNL         10KEY_INCAR_TURNR         11KEY_INCAR_CAMERA        13KEY_INCAR_BRAKE         14KEY_INCAR_EXITVEHICLE   15KEY_INCAR_ACCELERATOR   16KEY_INCAR_ATTACK        17KEY_INCAR_HORN          18KEY_INCAR_SUBMISSION    19

 

 

 

Link to comment
Share on other sites

Stretchnutter

some of these have direction switches that become 255 in one direction, and 0 in the other direction. a number next to the switch would represent direction speed/amount.

Link to comment
Share on other sites

Death_Adder

 

some of these have direction switches that become 255 in one direction, and 0 in the other direction.  a number next to the switch would represent direction speed/amount.

Care to elaborate?

 

I made a thread (here) about a computer vision application that I am developing. I need the capability for a separate application to control Vice City (eg. simulate pressing up, down, left, and right). A suggestion was made to use a trainer to modify memory, which sounds like a really great idea. Using the offsets posted by [mta]kyeman, I can observe key presses. When I press the up key, I see 0x7DBCC0 (KEY_ONFOOT_FORWARD) go to 255 and it goes back to 0 when released, as expected. But here's the problem, when I write 255 to 0x7DBCC0, nothing happens. I even tried continually writing to the address in a loop, yet Tommy won't even budge. Am I missing something? Is there some other address that I need to be writing to in addition to this one?

Link to comment
Share on other sites

nop this address 0x4AB1C8 (909090) and it should work, you can try nopping this one too 0x4AB282 to correct some jerky movements, not sure yet

Edited by kipo
Link to comment
Share on other sites

*sigh* a quick search on google with GTA3 Admin Cosnole would have yielded instant result6s but here it isCLICK

Link to comment
Share on other sites

Barton Waterduck

Just wondering if anybody has put all the adresses in a file yet and where I can get it. ph34r.gif If not, I guess I could just read through all these pages.

 

Is anybody using my code creators for mission coding ? They work like memory hacking tools. The VC version could use some more stuff in it, like the car model the player is driving, car angle and other stuff that would be useful in an automated mission scripting tool. It should work for giddy / gtama too.

 

Link to comment
Share on other sites

Stretchnutter

 

some of these have direction switches that become 255 in one direction, and 0 in the other direction.  a number next to the switch would represent direction speed/amount.

Care to elaborate?

 

I made a thread (here) about a computer vision application that I am developing. I need the capability for a separate application to control Vice City (eg. simulate pressing up, down, left, and right). A suggestion was made to use a trainer to modify memory, which sounds like a really great idea. Using the offsets posted by [mta]kyeman, I can observe key presses. When I press the up key, I see 0x7DBCC0 (KEY_ONFOOT_FORWARD) go to 255 and it goes back to 0 when released, as expected. But here's the problem, when I write 255 to 0x7DBCC0, nothing happens. I even tried continually writing to the address in a loop, yet Tommy won't even budge. Am I missing something? Is there some other address that I need to be writing to in addition to this one?

You have to disable the ASM instructions that continually update those addresses. With TSearch you can use the Autohack feature to find the exact instruction you need to get rid of.

 

Then with TSearch you can make an EasyScript and generate a hex list to copy/paste into your app.

 

I've done this in the past, but i would do it much differently now.

 

It allows you to set the value to anything you want without it reverting to its desired state and will still have its effects on the player.

 

The instructions differ somewhat from v1.0/v1.1 i think.

 

You have to be careful when writing to asm instruction zones, one bad byte -crash n burn.

 

 

Edit: what programming language do you plan on using to make the trainer? it can be done easily with visual basic if you are a newbie to programming.

Edited by Stretchnutter
Link to comment
Share on other sites

Death_Adder

It's working flawlessly now. Thanks again, guys. In case anyone is interested, here's the addresses that I had to nop:

 

KEY_ONFOOT_FORWARD

0x4AB1C8

0x4AB1C9

0x4AB1CA

 

KEY_ONFOOT_BACKWARD

0x4AB1D0

0x4AB1D1

0x4AB1D2

 

KEY_ONFOOT_STRAFEL / KEY_INCAR_TURNL

0x4AB1D8

0x4AB1D9

0x4AB1DA

 

KEY_ONFOOT_STRAFER / KEY_ONCAR_TURNR

0x4AB1E0

0x4AB1E1

0x4AB1E2

 

KEY_INCAR_BRAKE

0x4AB1F8

0x4AB1F9

0x4AB1FA

 

KEY_INCAR_ACCELERATOR

0x4AB208

0x4AB209

0x4AB20A

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • 1 User Currently Viewing
    0 members, 0 Anonymous, 1 Guest

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.