JernejL Posted December 23, 2003 Author Share Posted December 23, 2003 the player data is at same active block pointer as for car - if you are not in a car.. Link to comment Share on other sites More sharing options...
JernejL Posted December 25, 2003 Author Share Posted December 25, 2003 more: note: all decimal. ashdexx posted only the hours for game time, here are the minutes: 10554258 > longword (4 byte unsigned integer) carpointer + 581 1 byte switch > alternate siren works on any car, specials like ambulance will have the siren and lights, but on ordinary cars the car will have double horn Link to comment Share on other sites More sharing options...
Stretchnutter Posted February 26, 2004 Share Posted February 26, 2004 68f5f0 - Gravity (Float) Link to comment Share on other sites More sharing options...
DexX Posted February 27, 2004 Share Posted February 27, 2004 (edited) lmfao, you can set it to whatever you want, set it to zero and make tommy jump. he doesnt come down, ever here'e a pic (brightness raised for clarity) Side effects- peds are stuck in the sidewalk, and cant walk, even when they get out of the car if you accelerate too fast, you do wheelies, even in that idaho, which is exactly how that happened also, if you exit the car midair, the player stays in that spot, he doesnt fall down Edit: i clicked start new game by accident, with no grav on, and decided to let it play out. this is a BAD thing to do, when ken drives you to the office, he cant stop! the car flys into, and through the camera, and the cutscene doesnt end, i needed to close vice via the task manager to get out of the game. just a warning... Edit 2: as odd as it may sound, you can make tommy swim with this! seriously. i failed at a jump on the docks with my pcj, and tommy plummeted to the water, except he didnt drown, he just keeps doing the falling animation and never goes into the water, and while he's falling i can control which direction he falls, so i steered him back to the shore. damn. @stretchnutter - damn good find here with that address! thanks you! More stuff to do with it... -hit bikes, the people fly much farther -get into more fights with cops, and use weapons that make bodies fly, like grenades or rockets, the bodies get mad air -stay by bridges and piss cars off by shooting at them -do pretty much anything that onvoles an object leaving the area and travelling vertically... here's my gravity settings orig - 6f 12 01 3c change 3c, to 3b, to keep the game playable, but much more interesting. Edited February 27, 2004 by ashdexx Link to comment Share on other sites More sharing options...
steve-m Posted February 28, 2004 Share Posted February 28, 2004 Congrats Stretchnutter, an awesome discovery! What happens, when you set the gravity to a very high value like 1? This: With this value it is impossible to jump, you will land the same moment you jumped off. Running and then jumping results in immediate death. And the best of all: If peds are spawned higher than ground level (e.g. when paths aren't set exactly), they don't survive the few centimeters falling distance! The same happens to .scm-placed cars, they fly through the air burning and exploding. Another nice effect is setting the gravity to a negative value, jumping results in infinite rising, and not only for the player. If you let some people take off and then set the gravity back positive again, they fall down and crash into the ground, another way to kill peds... ² Some common values: Hex Bytes Float Description 6F 12 03 3C 0.008 default gravity 6F 12 83 3B 0.004 half gravity 6F 12 03 3B 0.002 quater gravity 6F 12 83 3C 0.016 double gravity 6F 12 03 3D 0.032 fourfold gravity 6F 12 03 BC -0.008 negative gravity 00 00 80 3F 1.0 very high gravity 17 B7 D1 38 0.0001 very low gravity Low gravity (1/2 or 1/4) makes you jump wider, higher and longer and makes doing wheelies damn easy. I've no idea what a gravity value of 0.008 could stand for. Normally it is defined as m/s² with values like 9.8 (Earth) or 1.62 (Moon). Either the hundredth of the slightly changed original gravity or an undefined invention by R*. Link to comment Share on other sites More sharing options...
DexX Posted February 28, 2004 Share Posted February 28, 2004 man oh man....i do the oddest things. im not even sure of *exactly* what it was this time, but ill give my instrucstions nonethless, vague though they are. from 69b1c0 to 69b21f, fill it with zeros. this will have 2 effects ingame, one, all the parked cars will be facing one direction, the other is every time you press a key on the keyboard, it will spawn a blooding, i sh*t you not. pic - im unable to narrow down the address(es?) any more, because im about to pass out. if anyone wants too, have at it. btw, DO NOT hold down a key, it WILL start raining bloodrings, and drop your fps to less than 1. and i literally mean "rain", there will be that many if you press a key for too long. i made the mistake of holding a key down for a solid 5 seconds. 2 minutes later, when my game resumed, i had about 1/4 of a frame per second, before vice crashed. oops time for Link to comment Share on other sites More sharing options...
AJH Posted February 28, 2004 Share Posted February 28, 2004 Thats is cool Here's the adres: 69B1D8 Link to comment Share on other sites More sharing options...
Stretchnutter Posted March 4, 2004 Share Posted March 4, 2004 (edited) 7838D1 - Current Gear (Byte) apparently you can force it to change gears, but the sound type relies on switches... the offsets around that one contain nothing but 1's and 0's interesting. changing the gear doesn't have an effect on the vehicle speed, but the sound definately changes (you have to do some ASM hacking to disable the instructions that are updating the gear offset, or you can just FREEZE the value) This works perfectly next to a speedometer Ill have to play around with this a bit more later EDIT: Ok, more is now known. 7838E0 (dword) - Timer for when sound starts playing, gear changed? Compare to global timer @ 974B2C 7838D8 (dword) - frequency of sound when in 'overdrive' (just increases with time if above certain speed until it reaches 800(dec) then it starts decreasing if over) 7838DD (byte?) - some kinda 'overdrive' switch _text:005F1625 080 mov ds:dword_0_7838D8, 0_text:005F162F 080 jmp loc_0_5F1D9A ; Jump_text:005F1634 ; --------------------------------------------------------------------------- if you NOP out the Jump @ 005F162F by setting it to hex 9090909090 (size?) you can have overdrive on all the time and control the frequency. I used the speed to control the frequency and it sounded like it had one gear Edited March 5, 2004 by Stretchnutter Link to comment Share on other sites More sharing options...
DexX Posted March 8, 2004 Share Posted March 8, 2004 more info, these change the text thats entered to activte a cheat, kinda. like some kind of cheat identifer keypad-thingy Example, if you type in TRAVELINSTYLE, you spawn a bloodring, soo.. [carname] [address] [cheat text] Bloodring - 69B1D8, thats the offset for TRAVELINSTYLE Romero's Hearse - 69b1e8 - THELASTRIDE Love Fist Limo - 69b1f4 - ROCKANDROLLCAR Trashmaster - 69b204 - RUBBISHCAR Sabre Turbo - 69b210 - GETTHEREFAST Now, if you swap around the values of say romero's hearse, and the bloodring, then typing in TRAVELINSTYLE, will spawn a hearse, instead of a bloodring, ive tested this. If you fill the value with zero, as mentioned before, it will spawn that car when you press ANY a-z key thanks to AJH for narrowing it down mate This is one i'm still exploring, but if you mess with it, there is no door animation, the door (driver side, front door) is EITHER open or closed, but when tommy gets in / out of a vehicle, it skips the animation and all the frames, and just becomes open / closed. 69b34a Link to comment Share on other sites More sharing options...
JernejL Posted March 9, 2004 Author Share Posted March 9, 2004 in the ped control block: start + #256 = your speed force Link to comment Share on other sites More sharing options...
JernejL Posted March 15, 2004 Author Share Posted March 15, 2004 O, please someone help me with memory adress in Visual basic OMG! HE IS A INTERPRETED VB FREAK!!! sorry.. i just had to do it.. if you can't figure out how to memory hack in vb, then ask stretchnutter, he uses vb. ..or get a better programming tool. edit: skimmer uses tire inflation status for propeller animation - if you zero-fill all 4 tire status bytes the propeller halts and re-runs. a interesting thing here is that this isn't true for helicopters, and hunter actualy uses front 2 tires.. i also believe that in one of files in xbox \NEO\ folder claims that skimmer is technicaly a BOAT. btw, don't edit tire status on a BIKE, it WILL crash. for car tire status see my post on one of previous pages. take a look at: -713.967529296875 -1643.58801269531 42.3484268188477 seems there is face orientation bug on that crane.. -797.999328613281 -1593.70751953125 31.3741073608398 but the very same crane here doesn't have that bug ?? Link to comment Share on other sites More sharing options...
JasonB Posted March 26, 2004 Share Posted March 26, 2004 although this topic seems to have died i will post here anyway. as you probably dont know I am coding an EXE for GTA: LC, while it is not very complicated and i have almost finished there are a few things im stumped on. The first and most important is this: In my program i can read and write data to vices memory, no problem. But this documentation of sorts is only for new stuff for vice, so i downloaded the source for the admin console so that i could get the missing memory addreses i needed. I opened it up, and began to look for basic addresses, when i thought i had found them i tried to use the memory addreses in my program, it didnt work, i tried many times using different addreses found in the admin console and all returned null results. What the hell am i doing wrong. THere are some other problems but they arent that bad, ill figure it out myself. Im pretty new at this, so i may be wrong Link to comment Share on other sites More sharing options...
JernejL Posted March 26, 2004 Author Share Posted March 26, 2004 did you change any of gta3 window title / class names? maybe gta3 admin console can't fond the gta3 window.. Link to comment Share on other sites More sharing options...
JasonB Posted March 27, 2004 Share Posted March 27, 2004 did you change any of gta3 window title / class names? maybe gta3 admin console can't fond the gta3 window.. nothing changed, just downloaded the source code and wham didnt work, compiled it, ran it and set it to use GTA3 1.1, tried it and WHAM nothing. after isolating base addreses (or what i think are) and trying to use my code with the addreses still yielded Null results. Link to comment Share on other sites More sharing options...
DexX Posted March 27, 2004 Share Posted March 27, 2004 hold up a second, isnt GTA:LC, a port of gta3, running on the Vice exe? setting it to run on gta3 1.1 doesnt eman anything if you have the wrong exe altogether, all the addresses between the games are different. Link to comment Share on other sites More sharing options...
JasonB Posted March 27, 2004 Share Posted March 27, 2004 hold up a second, isnt GTA:LC, a port of gta3, running on the Vice exe?setting it to run on gta3 1.1 doesnt eman anything if you have the wrong exe altogether, all the addresses between the games are different. when i said i compiled it i was testing i meant that i was testing using GTA3 not VC Link to comment Share on other sites More sharing options...
DexX Posted March 27, 2004 Share Posted March 27, 2004 ooohhh, my bad, sorry. carry on Link to comment Share on other sites More sharing options...
JasonB Posted March 27, 2004 Share Posted March 27, 2004 no need to apologize, i should have said that in the first place. Quick Question before i disappear for a while in my many projects i have to finish (myriad lots, LC EXE, my scm mod, my UT2k4 mod, blablabla): How exactly do you get the memory addreses, i dont know because personally i have never tried, but i would like to, i think i need to give something back to the community and im interested in this so any help/advice would be swell Link to comment Share on other sites More sharing options...
DexX Posted March 27, 2004 Share Posted March 27, 2004 I do it the old-fashioned, slow, painful way. do something, do a search, do something else, do another search, view the results. be warned, this method can cause insanity to some people, you were warned. Tsearch is the program i do it with... http://membres.lycos.fr/tsearch/ Free, simple, and gets the job done. certainly there are other programs and methods out there, but this is good enough for me, considering my knowledge of the subject. ashdexx ponders his gameshark/pro action replay pro days on his psx and n64 ahhh, good times, good times... Link to comment Share on other sites More sharing options...
JasonB Posted March 27, 2004 Share Posted March 27, 2004 thanks ashdexx, your the man I had an action replay for my N64, never used it much, good fun when i did though Link to comment Share on other sites More sharing options...
Cray Posted March 27, 2004 Share Posted March 27, 2004 ArtMoney is another great tool for finding addresses (detecting change). So if you can't used to TSearch, give it a shot. Link to comment Share on other sites More sharing options...
[mta]kyeman Posted March 28, 2004 Share Posted March 28, 2004 0x7DBCB0 - Base pointer to player controls structures (276 bytes in length). 1 word (2 bytes) represents 1 keystate. At first I thought maybe each (scm)create_player might have their own structure for keystates, but no such luck. PlayerControls[0] seems to be the player ingame controls and PlayerControls[1] (0x7DBCB0+276) seems to be the menu controls (I think). I also do not know why these structures are 276 bytes long when there's only about 17 known keystates. Anyway, here is a list I did up from Barton's list. (Since it's the same from the scm calls) 0x7DBCB0 + (Key * 2) = keystate.Keys:KEY_ONFOOT_TURNLR 2KEY_ONFOOT_LOOKLR 3KEY_ONFOOT_ACTION 4KEY_ONFOOT_PREVWEAPON 5KEY_ONFOOT_AIMTARGET 6KEY_ONFOOT_NEXTWEAPON 7KEY_ONFOOT_FORWARD 8KEY_ONFOOT_BACKWARD 9KEY_ONFOOT_STRAFEL 10KEY_ONFOOT_STRAFER 11KEY_ONFOOT_EXITMODE 12KEY_ONFOOT_CAMERA 13KEY_ONFOOT_JUMP 14KEY_ONFOOT_ENTERVEHICLE 15KEY_ONFOOT_SPRINT 16KEY_ONFOOT_ATTACK 17KEY_ONFOOT_CROUCH 18KEY_ONFOOT_LOOKBEHIND 19KEY_INCAR_TURRETLR 2KEY_INCAR_TURRETUD 3KEY_INCAR_RADIO 4KEY_INCAR_LOOKLBEHIND 5KEY_INCAR_HANDBRAKE 6KEY_INCAR_LOOKRBEHIND 7KEY_INCAR_TURNL 10KEY_INCAR_TURNR 11KEY_INCAR_CAMERA 13KEY_INCAR_BRAKE 14KEY_INCAR_EXITVEHICLE 15KEY_INCAR_ACCELERATOR 16KEY_INCAR_ATTACK 17KEY_INCAR_HORN 18KEY_INCAR_SUBMISSION 19 Link to comment Share on other sites More sharing options...
Stretchnutter Posted March 28, 2004 Share Posted March 28, 2004 some of these have direction switches that become 255 in one direction, and 0 in the other direction. a number next to the switch would represent direction speed/amount. Link to comment Share on other sites More sharing options...
Death_Adder Posted March 30, 2004 Share Posted March 30, 2004 some of these have direction switches that become 255 in one direction, and 0 in the other direction. a number next to the switch would represent direction speed/amount. Care to elaborate? I made a thread (here) about a computer vision application that I am developing. I need the capability for a separate application to control Vice City (eg. simulate pressing up, down, left, and right). A suggestion was made to use a trainer to modify memory, which sounds like a really great idea. Using the offsets posted by [mta]kyeman, I can observe key presses. When I press the up key, I see 0x7DBCC0 (KEY_ONFOOT_FORWARD) go to 255 and it goes back to 0 when released, as expected. But here's the problem, when I write 255 to 0x7DBCC0, nothing happens. I even tried continually writing to the address in a loop, yet Tommy won't even budge. Am I missing something? Is there some other address that I need to be writing to in addition to this one? Link to comment Share on other sites More sharing options...
kipo Posted March 30, 2004 Share Posted March 30, 2004 (edited) nop this address 0x4AB1C8 (909090) and it should work, you can try nopping this one too 0x4AB282 to correct some jerky movements, not sure yet Edited March 30, 2004 by kipo Link to comment Share on other sites More sharing options...
JasonB Posted March 30, 2004 Share Posted March 30, 2004 *sigh* a quick search on google with GTA3 Admin Cosnole would have yielded instant result6s but here it isCLICK Link to comment Share on other sites More sharing options...
Barton Waterduck Posted March 30, 2004 Share Posted March 30, 2004 Just wondering if anybody has put all the adresses in a file yet and where I can get it. If not, I guess I could just read through all these pages. Is anybody using my code creators for mission coding ? They work like memory hacking tools. The VC version could use some more stuff in it, like the car model the player is driving, car angle and other stuff that would be useful in an automated mission scripting tool. It should work for giddy / gtama too. Link to comment Share on other sites More sharing options...
Stretchnutter Posted March 30, 2004 Share Posted March 30, 2004 (edited) some of these have direction switches that become 255 in one direction, and 0 in the other direction. a number next to the switch would represent direction speed/amount. Care to elaborate? I made a thread (here) about a computer vision application that I am developing. I need the capability for a separate application to control Vice City (eg. simulate pressing up, down, left, and right). A suggestion was made to use a trainer to modify memory, which sounds like a really great idea. Using the offsets posted by [mta]kyeman, I can observe key presses. When I press the up key, I see 0x7DBCC0 (KEY_ONFOOT_FORWARD) go to 255 and it goes back to 0 when released, as expected. But here's the problem, when I write 255 to 0x7DBCC0, nothing happens. I even tried continually writing to the address in a loop, yet Tommy won't even budge. Am I missing something? Is there some other address that I need to be writing to in addition to this one? You have to disable the ASM instructions that continually update those addresses. With TSearch you can use the Autohack feature to find the exact instruction you need to get rid of. Then with TSearch you can make an EasyScript and generate a hex list to copy/paste into your app. I've done this in the past, but i would do it much differently now. It allows you to set the value to anything you want without it reverting to its desired state and will still have its effects on the player. The instructions differ somewhat from v1.0/v1.1 i think. You have to be careful when writing to asm instruction zones, one bad byte -crash n burn. Edit: what programming language do you plan on using to make the trainer? it can be done easily with visual basic if you are a newbie to programming. Edited March 30, 2004 by Stretchnutter Link to comment Share on other sites More sharing options...
Death_Adder Posted March 30, 2004 Share Posted March 30, 2004 Thanks for the suggestions, guys. The programming language is C++. Link to comment Share on other sites More sharing options...
Death_Adder Posted March 31, 2004 Share Posted March 31, 2004 It's working flawlessly now. Thanks again, guys. In case anyone is interested, here's the addresses that I had to nop: KEY_ONFOOT_FORWARD 0x4AB1C8 0x4AB1C9 0x4AB1CA KEY_ONFOOT_BACKWARD 0x4AB1D0 0x4AB1D1 0x4AB1D2 KEY_ONFOOT_STRAFEL / KEY_INCAR_TURNL 0x4AB1D8 0x4AB1D9 0x4AB1DA KEY_ONFOOT_STRAFER / KEY_ONCAR_TURNR 0x4AB1E0 0x4AB1E1 0x4AB1E2 KEY_INCAR_BRAKE 0x4AB1F8 0x4AB1F9 0x4AB1FA KEY_INCAR_ACCELERATOR 0x4AB208 0x4AB209 0x4AB20A Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now