Documenting GTA3/VC memory addresses

[xNCx]

 

write mem 0x428EA7 size 4 value 0x90909090

write mem 0x428EAB size 4 value 0x90909090

Are you sure? When I set it in cleo (with or without virtual protect) it always crash at 0x428EA7. And if I set it manually via a memory editing tool, it don't crash immediately, but after few seconds (crash at 0x428EAF hmm...).

 

 

Ideas, suggestions, requests related to this and my other mods are highly appreciated.

Maybe peds should start to throw Katanas too ?

[maxorator]

 

To nop something is to replace the value with 0x90. So

write mem 0x428EA7 size 4 value 0x90909090

write mem 0x428EAB size 4 value 0x90909090

will do

It's not 8 bytes, it's 7. Why are you nopping a cmp instruction though? You should be doing something about the jump instead. The Zero Flag is used for the jump, and just out of luck, there is exactly 127/128 chance that this works, since Zero Flag can also be set in the previous cmp at 428EA3h. The proper way is to nop two bytes at 428EAEh.

 

 

Ideas, suggestions, requests related to this and my other mods are highly appreciated.

Maybe peds should start to throw Katanas too ?

Wouldn't be that interesting though I guess.

 

Which reminds me about AI, the byte at 0x428EC7 represents how much is added to the AI speed limit for a new car when Miami Traffic cheat is on. Try setting that to a higher value, for example 100. Then the traffic will be insane.

 

Oh and I've noticed some silly mods that try to keep the player on a bike with SCM, but only manage to do it partially. 522D07h to 0EBh (1 byte), 6148C2h to 9090h (2 bytes) to make sure the player never falls off. Values 75h and 0C75h respectively to revert.

 

Most of this memory address stuff is trivial to find, so there's no point for me to post random stuff, if anyone needs something, just ask.

 

By the way, anyone interested in class definitions? I haven't seen any proper post in this thread that fully documents a class in the game. Like this:

 

struct CObjectVC {   CPhysical phys; // 0-288   //physical structure of this object   CMatrix matDummyInitial; // 288-360   //initial matrix, when converted from a dummy object   float fAttachForce; // 360-34   //how strongly the object is attached to the ground   uint8_t byteObjectType; // 364-365   //0 - default, not used, 1 - map object, 2 - projectiles, pickups, script objects, 3 - dead car parts and roadblocks, 4 - cutscene object, 5 - spiketraps + ?   uint8_t bIsPickupObject:1; // 365.0-365.1   //is a pickup object   uint8_t bDoCircleEffect:1; // 365.1-365.2   //do the circle blinking effect for pickups   uint8_t bRenderPickupQuantity:1; // 365.2-365.3   //render pickup quantity as dollars   uint8_t bRenderPickupAvailability:1; // 365.3-365.4   //render pickup ammunation quantity   uint8_t bWindowMinorCollisionDamage:1; // 365.4-365.5   //window has received minor collision damage   uint8_t bHasWindowBeenBrokenByMelee:1; // 365.5-365.6   //window has been broken by melee   uint8_t bHasObjectExplosionTriggered:1; // 365.6-365.7   //has object explosion been triggered (barrels, water hydrants)   uint8_t bIsVehicleComponent:1; // 365.7-366.0   //is this a separated vehicle component   uint8_t bSpecialLighting:1; // 366.0-366.1   //used for weapon models   uint8_t bNoVehicleCollisionWhenDetached:1; // 366.1-366.2   //used for traffic light objects   uint8_t bPadFlags:6; // 366.2-367.0   uint8_t bytePickupObjectBonusType; // 367-368   //used for bonus and clothes pickups   uint16_t wPickupObjectQuantity; // 368-370   //used for money pickups   _pad(__fxpad00, 2); // 370-372   float fDamageMultiplier; // 372-376   //object damage multiplier - how easily it breaks   uint8_t byteCollisionDamageType; // 376-377   //what happens when the object receives damage   uint8_t byteSpecialCollisionType; // 377-378   //special collision type for some objects   uint8_t byteCameraAvoids; // 378-379   //whether the camera avoids this object   uint8_t byteBounceScore; // 379-380   //how many times the player has hit this with his head (beachball)   _pad(__fxpad01, 4); // 380-384   uint32_t dwObjectTimer; // 384-388   //for some objects this shows when it will disappear (car parts)   uint16_t wRefModelId; // 388-390   //the ID of the model this object is a part of (car parts)   _pad(__fxpad02, 2); // 390-392   CEntity* pInitialSurface; // 392-396   //the surface the object is on when created   CPhysical* pContactPhysical; // 396-400   //a physical that is currently in contact with this object   uint8_t byteVehicleMainColor; // 400-401   //main color for vehicle parts   uint8_t byteVehicleExtraColor; // 401-402   //extra color for vehicle parts   _pad(__fxpad03, 2); // 402-404};struct CPickupVC {   CVector vecPos; // 0-12   //position of the pickup   float fStandProximity; // 12-16   //how close the player is standing to the pickup?   CObjectVC* pObject; // 16-20   //entity associated with the pickup   CObjectVC* pExtraObject; // 20-24   //extra entity (for minigun for example)   uint32_t dwPickupQuantity; // 24-28   //used for weapons and money   uint32_t dwTimer; // 28-32   //either the time it was created or when it should disappear   uint16_t wMoneyGenerationRate; // 32-34   //how quickly this pickup generates money   uint16_t wModelId; // 34-36   //model ID of the pickup   uint16_t wUniqueId; // 36-38   //unique identifier of this pickup   char szPickupTextKey[8]; // 38-46   //key of the text that is shown when on this pickup   uint8_t bytePickupType; // 46-47   //shows if pickup slot is in use and its type   uint8_t byteRemoved; // 47-48   //pickup has been removed   uint8_t byteEffects; // 48-49   //which kind of visual effects this pickup has (values 0/1)   _pad(__fxpad02, 3); // 49-52};

 

Edited April 28, 2011 by maxorator

[PlatinumSerb]

 

Most of this memory address stuff is trivial to find, so there's no point for me to post random stuff, if anyone needs something, just ask.

 

 

Since you offered, here I come!

 

First I must admit that I don't have much experience with mem hacking, but recently I have been playing around trying to hack the path limits(Peds and Vehicles). Now with my ability this is definitely a difficult task, one which I don't think I can achieve, but based on what you have posted it doesn't seem like it would be as hard for you. So it would be greatly appreciated if you or anyone that still looks at this topic could help me!

 

I would really love to see this limit finally hacked! Along with the actual number of paths allowed, it would also be nice if it was possible to spawn paths beyond the original game bounds. Andy was able to do this by removing the x16 multiplier at 0x687c88, but I think that was just a work around. ( Check this post: http://www.gtaforums.com/index.php?act=ST&...post&p=3939633)

 

I found a few old posts about paths that might help;

 

"The path memory starts at 0x9B6E5C, and there are several places in that block (many of them adjacent or close to adjacent) that are directly addressed (example: 0x2F1F0 bytes after 0x9B6E5C - there are places in code with 0x2F1F0 and 0x9E604C). If you write the code and it works, you get points (and credit as stated above)." - (Andy's challenge : http://www.gtaforums.com/index.php?showtopic=265552 (I believe, the 2 other challenges in that topic have already been hacked)

 

 

Also, an interesting post by Hammer: http://www.gtaforums.com/index.php?showtopic=182383&st=20#

 

Thanks in advance for any help!!

 

[xNCx]

 

Which reminds me about AI, the byte at 0x428EC7 represents how much is added to the AI speed limit for a new car when Miami Traffic cheat is on. Try setting that to a higher value, for example 100. Then the traffic will be insane.

 

Very interesting. Now they drive so fast that they can't even turn left/right or brake now . Tommy while someone crashed into him: "Why don't you use the brake idiot?"

 

Could you post the memory address that represents the water level? And how to disable the fake Airtrain and other bots planes flying around VC ?

Edited April 29, 2011 by krasiejow

[MW_29]

 

Ideas, suggestions, requests related to this and my other mods are highly appreciated.

So i have seen your vid on YT, exactly this one:

so this way i guess You could arm any vehicle, and what i am counting on, on example maverick, or sparrow (which i got replaced with ah6 littlebird model) with RPGs or even miniguns, yes? That would be really awesome mod, so if it is not problem for You and if You have some free time, i would request such a mod. Cause there are plenty of mods for SA with arms vehicles with any weapons and for VC there is no such a thing, or at least there was not until now, so i hope You could make it possible someday and i am sure people would really like that idea

[towncivilian]

And how to disable the fake Airtrain and other bots planes flying around VC ?

nop 0x4A4515 *5

(credit to vice-players team; I didn't test this)

[xNCx]

Wow VC players team did something, that wasn't in VCMP 0.1c . Yes it works, the plane doesn't move longer, but it stands where it was .

 

Here is my nub find:

 

car pointer + 0x23C = current radio station

 

 

As there is no opcode to get current radio station in VC, we can use this way. What is interesting, it is possible to set the Kaufman and Police radio for "normal" cars, but it's not working in the opposite direction. Every time you change the radio station while in police vehicle, it will change back to 23. However it doesn't change back, when setting the radio station id to 10 (off) but the police radio plays still .

[maxorator]

 

First I must admit that I don't have much experience with mem hacking, but recently I have been playing around trying to hack the path limits(Peds and Vehicles). Now with my ability this is definitely a difficult task, one which I don't think I can achieve, but based on what you have posted it doesn't seem like it would be as hard for you. So it would be greatly appreciated if you or anyone that still looks at this topic could help me!

I usually document the structures I'm going to modify thoroughly, but since path data seems quite boring to me and I can expand the limits without actually knowing what each element in the CPathFind class means, I guess I'll just do it without much preparation. Currently I'm a bit busy so I can't really tell when I'm going to do it, but I looked a bit at the functions dealing with paths and there shouldn't be anything too difficult about raising the limit. Looks like it can be done pretty much the same way I dealt with increasing audio entity limit.

 

Ideas, suggestions, requests related to this and my other mods are highly appreciated.

So i have seen your vid on YT, exactly this one:

so this way i guess You could arm any vehicle, and what i am counting on, on example maverick, or sparrow (which i got replaced with ah6 littlebird model) with RPGs or even miniguns, yes? That would be really awesome mod, so if it is not problem for You and if You have some free time, i would request such a mod. Cause there are plenty of mods for SA with arms vehicles with any weapons and for VC there is no such a thing, or at least there was not until now, so i hope You could make it possible someday and i am sure people would really like that idea

Sure, I can attach anything to anything.

Edited May 5, 2011 by maxorator

[Shagg_E]

maxorator, may be it's stupid question, but where we can find your mods/plagins? That is awesome!

 

 

 

sorry for bad english

[PlatinumSerb]

First I must admit that I don't have much experience with mem hacking, but recently I have been playing around trying to hack the path limits(Peds and Vehicles). Now with my ability this is definitely a difficult task, one which I don't think I can achieve, but based on what you have posted it doesn't seem like it would be as hard for you. So it would be greatly appreciated if you or anyone that still looks at this topic could help me!

I usually document the structures I'm going to modify thoroughly, but since path data seems quite boring to me and I can expand the limits without actually knowing what each element in the CPathFind class means, I guess I'll just do it without much preparation. Currently I'm a bit busy so I can't really tell when I'm going to do it, but I looked a bit at the functions dealing with paths and there shouldn't be anything too difficult about raising the limit. Looks like it can be done pretty much the same way I dealt with increasing audio entity limit.

 

Sounds great man. I would really appreciate it if you got the limits hacked! No pressure!!

[MW_29]

First I must admit that I don't have much experience with mem hacking, but recently I have been playing around trying to hack the path limits(Peds and Vehicles). Now with my ability this is definitely a difficult task, one which I don't think I can achieve, but based on what you have posted it doesn't seem like it would be as hard for you. So it would be greatly appreciated if you or anyone that still looks at this topic could help me!

I usually document the structures I'm going to modify thoroughly, but since path data seems quite boring to me and I can expand the limits without actually knowing what each element in the CPathFind class means, I guess I'll just do it without much preparation. Currently I'm a bit busy so I can't really tell when I'm going to do it, but I looked a bit at the functions dealing with paths and there shouldn't be anything too difficult about raising the limit. Looks like it can be done pretty much the same way I dealt with increasing audio entity limit.

 

Ideas, suggestions, requests related to this and my other mods are highly appreciated.

So i have seen your vid on YT, exactly this one:

so this way i guess You could arm any vehicle, and what i am counting on, on example maverick, or sparrow (which i got replaced with ah6 littlebird model) with RPGs or even miniguns, yes? That would be really awesome mod, so if it is not problem for You and if You have some free time, i would request such a mod. Cause there are plenty of mods for SA with arms vehicles with any weapons and for VC there is no such a thing, or at least there was not until now, so i hope You could make it possible someday and i am sure people would really like that idea

Sure, I can attach anything to anything.

Yeah, sounds cool So we are politely waiting for some mods releases, to be honest noone had done such modifications before as i know, or at least i haven't seen any of this kind modifications, and these are f*ckin awesome, so keep it up in further modding

[spaceeinstein]

@maxorator I have little knowledge on how to read this language so I just poke it until something works. With time, I will learn like I did with SCM coding, but these days I don't have the time to do so. You have the ability to create amazing stuff, you should keep up at it. Why not publicize them in the "mod showroom"?

[maxorator]

 

First I must admit that I don't have much experience with mem hacking, but recently I have been playing around trying to hack the path limits(Peds and Vehicles). Now with my ability this is definitely a difficult task, one which I don't think I can achieve, but based on what you have posted it doesn't seem like it would be as hard for you. So it would be greatly appreciated if you or anyone that still looks at this topic could help me!

I usually document the structures I'm going to modify thoroughly, but since path data seems quite boring to me and I can expand the limits without actually knowing what each element in the CPathFind class means, I guess I'll just do it without much preparation. Currently I'm a bit busy so I can't really tell when I'm going to do it, but I looked a bit at the functions dealing with paths and there shouldn't be anything too difficult about raising the limit. Looks like it can be done pretty much the same way I dealt with increasing audio entity limit.

 

Sounds great man. I would really appreciate it if you got the limits hacked! No pressure!!

Do you happen to have some files with path descriptions I could test it on?

 

Never mind, tried paths.ipl with double content. Doesn't crash. Not entirely sure they are all loaded though. Anyway, here is the code (doubles the limit):

 

DWORD dwPathDataRefs[] = {   0x41C4BD, 0x41C6BD, 0x41C6DD, 0x41CE23, 0x41CECF, 0x41CF21, 0x41CF59, 0x41CF87,    0x41D03E, 0x41F015, 0x41F094, 0x41F352, 0x41F844, 0x420DB5, 0x420E10, 0x42112E,    0x421168, 0x421427, 0x4214E9, 0x421502, 0x42154E, 0x421565, 0x421AE4, 0x421B1E,    0x421FFE, 0x422021, 0x4220CD, 0x422167, 0x422187, 0x4221F3, 0x422333, 0x422428,    0x422620, 0x42264E, 0x422782, 0x4227BC, 0x425D7C, 0x425DD6, 0x4272F0, 0x4275DF,    0x427B1C, 0x427B5C, 0x427DC1, 0x427E0E, 0x427F5D, 0x4280C0, 0x42859B, 0x4285A8,    0x4286CC, 0x4286EE, 0x437375, 0x437396, 0x4373D7, 0x43741A, 0x437431, 0x437477,    0x437495, 0x4374C6, 0x4374E7, 0x437529, 0x43758A, 0x4375F5, 0x437616, 0x43763C,    0x43765E, 0x43769D, 0x4376D9, 0x4376F7, 0x437725, 0x437746, 0x437769, 0x43778A,    0x4377C7, 0x438E96, 0x438EB7, 0x438F3D, 0x439255, 0x439273, 0x439364, 0x439383,    0x43C26F, 0x442BB7, 0x442BE3, 0x442E79, 0x442EA7, 0x444475, 0x4444AD, 0x444AB3,    0x45335E, 0x453423, 0x45510E, 0x45525E, 0x455297, 0x45842B, 0x458505, 0x45ACCA,    0x45ACE4, 0x45AD20, 0x465C2C, 0x465DFE, 0x465FE0, 0x46631A, 0x4666B0, 0x46674D,    0x46687A, 0x4668C3, 0x4668FE, 0x466931, 0x48AE89, 0x48B550, 0x48B9E1, 0x48CD10,    0x48CD96, 0x48CF49, 0x48D27C, 0x48D474, 0x4A4C08, 0x4A4C12, 0x4A4CE0, 0x4AE993,    0x4BD66D, 0x4BD687, 0x4BE6A3, 0x4D4945, 0x4D4AD1, 0x4F9BB5, 0x4FA8EA, 0x4FAB49,    0x4FAC36, 0x4FAC5D, 0x4FAEEA, 0x4FB064, 0x4FB42B, 0x506F47, 0x5072E0, 0x50AC91,    0x51228C, 0x513E2D, 0x513ED4, 0x513F64, 0x514068, 0x514172, 0x51F6F8, 0x51F859,    0x53C2C0, 0x53C391, 0x53C396, 0x61B14E, 0x61CA59, 0x630943, 0x6309DF, 0x630A35,    0x63129B, 0x6312D2, 0x41CD94, 0x41D0E0, 0x41D120, 0x41D1E2, 0x41D205, 0x42142E,    0x421653, 0x421685, 0x421DD8, 0x421E12, 0x421E4C, 0x44431C, 0x4445A2, 0x4446FD,    0x444814, 0x45514B, 0x466357, 0x46646B, 0x4664B1, 0x466779, 0x4AE9EA, 0x4D4975,    0x4D4B01, 0x5071D1, 0x50741D, 0x5074A1, 0x507525, 0x5122CF, 0x51F773, 0x41CDA3,    0x41D0F1, 0x41D12F, 0x41D1F1, 0x41D219, 0x421445, 0x421664, 0x421696, 0x421DF1,    0x421E25, 0x421E61, 0x44437F, 0x4445B3, 0x444721, 0x44482A, 0x455152, 0x466370,    0x466480, 0x4664D4, 0x46678E, 0x4AE9F7, 0x4D498A, 0x4D4B16, 0x5071B2, 0x5073FE,    0x507482, 0x507506, 0x5122D6, 0x51F754, 0x41CDB4, 0x421460, 0x4445EA, 0x444732,    0x444863, 0x455159, 0x466388, 0x466494, 0x4664FB, 0x4AEA07, 0x4D4991, 0x4D4B1D,    0x507193, 0x5073DF, 0x507463, 0x5074E7, 0x5122C8, 0x51F735, 0x41CC59, 0x41CC88,    0x41CCDE, 0x41CD13, 0x41CE47, 0x41CE6C, 0x41D0C4, 0x420E8E, 0x421521, 0x42157B,    0x42161B, 0x42182D, 0x4220F4, 0x422139, 0x422296, 0x4222BE, 0x4223A3, 0x4223CB,    0x42251A, 0x42764B, 0x42766E, 0x427D31, 0x427D6F, 0x4355DB, 0x4355FF, 0x43565D,    0x43567F, 0x444457, 0x466427, 0x466847, 0x44457A, 0x41CCD1, 0x41D08F, 0x4215DB,    0x421FCE, 0x427631, 0x427CCC, 0x427D23, 0x4355BE, 0x435644, 0x4666D5, 0x41C4F7,    0x422A24, 0x422AC3, 0x427386, 0x427530, 0x427547, 0x427342, 0x427356, 0x53C320,    0x53C334, 0x418DCE, 0x418E4B, 0x41F0D5, 0x41F13D, 0x41F393, 0x41F554, 0x41F8C4,    0x421018, 0x42102F, 0x4211C3, 0x42121F, 0x4219A3, 0x4219BA, 0x421B7E, 0x421BE1,    0x42281C, 0x422878, 0x425F17, 0x425F6F, 0x42812C, 0x4281BA, 0x42848D, 0x428504,    0x444521, 0x444536, 0x465D63, 0x465F33, 0x466123, 0x418D7C, 0x418E2E, 0x41F0EA,    0x41F152, 0x41F3A8, 0x41F533, 0x41F889, 0x420FF8, 0x421007, 0x4211B4, 0x421210,    0x421983, 0x421992, 0x421B6F, 0x421BD2, 0x42280D, 0x422869, 0x425F06, 0x425F60,    0x428117, 0x4281A5, 0x428478, 0x4284EF, 0x4444F7, 0x444508, 0x465D3D, 0x465F0D,    0x4660FD, 0x421FF3, 0x42215C, 0x4222D9, 0x4223E6, 0x42768D, 0x465C57, 0x465C6E,    0x465E27, 0x465E3E, 0x466009, 0x466020, 0x4666ED, 0x418D55, 0x418DAD, 0x418EEC,    0x418F48, 0x41EF7E, 0x41EFF8, 0x41F44E, 0x41F4C8, 0x420F3D, 0x420FA0, 0x4212A0,    0x421302, 0x4218C1, 0x421924, 0x421C67, 0x421CCA, 0x422597, 0x4225CB, 0x4228F2,    0x422954, 0x425CF4, 0x425D57, 0x427FB1, 0x428033, 0x428275, 0x4282EF, 0x465D73,    0x465F43, 0x466133, 0x418DF2, 0x418E7F, 0x418EC6, 0x418F22, 0x41EFAA, 0x41F02B,    0x41F47A, 0x41F4F4, 0x420F5D, 0x420FC0, 0x42127A, 0x4212DC, 0x4218E1, 0x421944,    0x421C41, 0x421CA4, 0x4228CC, 0x42292E, 0x425D0A, 0x425D6D, 0x427FE5, 0x42805F,    0x428243, 0x4282BD, 0x465D4D, 0x465F1D, 0x46610D, 0x420EE9, 0x420F08, 0x42186B,    0x42188A, 0x4222E5, 0x4222F2, 0x4223F2, 0x422402, 0x422550, 0x422573, 0x42769C,    0x4276AA, 0x435613, 0x435693, 0x41CC66, 0x41CD1D, 0x41CE78, 0x41D0D1, 0x420EAA,    0x42152D, 0x421596, 0x42162E, 0x422103, 0x4222A3, 0x4223B0, 0x427655, 0x427D7C,    0x4355E5, 0x435667, 0x466437, 0x466853, 0x4669DC, 0x513F4C, 0x51404F, 0x51415A,    0x41CC95, 0x41CCEE, 0x41CE53, 0x420EC4, 0x42183E, 0x42214B, 0x4222C8, 0x4223D5,    0x422527, 0x427678, 0x427D4C, 0x435609, 0x435689, 0x4444A8, 0x466630, 0x444469,    0x4060A5, 0x4060C7, 0x40612A, 0x40614C, 0x4067CC, 0x4067D6, 0x4067F8, 0x4060D7,    0x40615C, 0x406808, 0x4060DD, 0x406162, 0x40680E, 0x4060E5, 0x40616A, 0x406816,    0x4060EF, 0x406174, 0x406820, 0x4060FC, 0x406181, 0x40682A, 0x406106, 0x40618B,    0x406837, 0x466735, 0x466A08, 0x444AA5, 0x466748, 0x4373A6, 0x437406, 0x4374F6,    0x437552, 0x437671, 0x437799, 0x438CC0, 0x43C28A, 0x4373B0, 0x43740D, 0x437500,    0x43755C, 0x43767B, 0x4377A3, 0x438CB7};DWORD dwPathStructRefs[] = {   0x434F3B, 0x434F8E, 0x434FE0, 0x435020, 0x435056, 0x4350C3, 0x435129, 0x43532E,    0x43550A, 0x4356DA, 0x435748, 0x4357EC, 0x435895, 0x43598B, 0x435A8A, 0x435BD9,    0x4368A9, 0x4369D2, 0x4369DA, 0x4369E4, 0x436B94, 0x436EDA, 0x436EE2, 0x436EE8,    0x43708E, 0x437096, 0x43709C, 0x437196, 0x43719E, 0x4371A4, 0x437353, 0x4373F7,    0x437455, 0x43754A, 0x43757B, 0x4375A4, 0x4378FB, 0x4379A9, 0x437A10, 0x437B3C,    0x437B7E, 0x437B98, 0x437C91, 0x4382BB, 0x438335, 0x438410, 0x438848, 0x43889E,    0x438958, 0x438A0B, 0x438C5A, 0x438C62, 0x438C6C, 0x438D4D, 0x438ED2, 0x4391D5,    0x43922F, 0x4392B2, 0x4392C3, 0x43940F, 0x439417, 0x43956F, 0x43957D, 0x4395B3,    0x4395C1, 0x43968D, 0x43970F, 0x4397F2, 0x439808, 0x439820, 0x43984A, 0x43986F,    0x439897, 0x4398BC, 0x4398E4, 0x43990A, 0x43992B, 0x43999F, 0x439B1E, 0x439B68,    0x439BC5, 0x439CC4, 0x439CDC, 0x439CF4, 0x439D1E, 0x439D43, 0x439D6B, 0x439D90,    0x439DB8, 0x439DDE, 0x439DFF, 0x43A523, 0x43A5B7, 0x43A5CF, 0x43A5D8, 0x43A5E0,    0x43A5E7, 0x43A5EF, 0x43A723, 0x43A72B, 0x43A873, 0x43A881, 0x43A89A, 0x43A8A2,    0x43A8DB, 0x43A8F1, 0x43A94E, 0x43A9A2, 0x43A9AB, 0x43A9B3, 0x43A9B9, 0x43A9C0,    0x43A9E9, 0x43A9EF, 0x43AA04, 0x43AA45, 0x43AA5E, 0x43AAA4, 0x43AABD, 0x43AAC3,    0x43AAD6, 0x43AADC, 0x43AAF1, 0x43AB03, 0x43AB09, 0x43AB1E, 0x43AB2F, 0x43AB35,    0x43AB3F, 0x43AB48, 0x43AB4E, 0x43AB58, 0x43AB61, 0x43AB67, 0x43AB80, 0x43AB87,    0x43AB8E, 0x43AB96, 0x43AB9C, 0x43ABBA, 0x43AC07, 0x43AC2F, 0x43AE1B, 0x43AE28,    0x43B051, 0x43B05F, 0x43B1F9, 0x43B247, 0x43B296, 0x43B2E1, 0x43B2EA, 0x43B2F2,    0x43B2F8, 0x43B2FF, 0x43B35A, 0x43B393, 0x43B3AB, 0x43B3E4, 0x43B3FD, 0x43B436,    0x43B44F, 0x43B455, 0x43B468, 0x43B46E, 0x43B478, 0x43B483, 0x43B489, 0x43B493,    0x43B49E, 0x43B4A4, 0x43B4AE, 0x43B4B7, 0x43B4BD, 0x43B4C7, 0x43B4D0, 0x43B4D6,    0x43B4E4, 0x43B4EB, 0x43B4F2, 0x43B4FA, 0x43B500, 0x43B555, 0x43B55D, 0x43B57D,    0x43B593, 0x43B5D2, 0x43B64B, 0x43B653, 0x43B664, 0x43B68E, 0x43B6B1, 0x43B6EA,    0x43B7F9, 0x43B86B, 0x43B89A, 0x43B8F6, 0x43B96B, 0x43B9C4, 0x43BA99, 0x43BAB4,    0x43BACE, 0x43BAD6, 0x43BAE7, 0x43BAFB, 0x43BBD1, 0x43BF11, 0x43BF47, 0x43BF4D,    0x43BF7F, 0x43BF85, 0x43BF8B, 0x43C153, 0x43C15E, 0x43C165, 0x43C177, 0x43C182,    0x43C18B, 0x43C193, 0x43C19D, 0x465C38, 0x465C49, 0x465E0A, 0x465E19, 0x465FEC,    0x465FFB, 0x4666BE, 0x4666C9, 0x4666F9, 0x466703, 0x41F045, 0x41F09A, 0x41F358,    0x41F84A, 0x421134, 0x42116E, 0x421AEA, 0x421B24, 0x422006, 0x422029, 0x42216F,    0x42218F, 0x422788, 0x4227C2, 0x425D92, 0x425DDC, 0x427FC7, 0x4280C6, 0x43737B,    0x43747C, 0x4374CC, 0x4375FB, 0x437642, 0x4376DE, 0x43772B, 0x43776F, 0x4379BB,    0x438E9C, 0x43925A, 0x439369, 0x43B87D, 0x43B8AC, 0x444480, 0x4444BF};DWORD dwPathBlockMargins[] = {   0x000000, 0x02F1E8, 0x0395F8, 0x03A980, 0x0448E0, 0x049890, 0x0537F0, 0xFFFFFF};void* pNewPathFindBuffer = NULL;#define PATHLIMITMUL 2void IncreasePathLimit(void) {   DWORD dwVp, dwVp2, dwMod;   if(pNewPathFindBuffer) return;   VirtualProtect((void*)0x401000, 0x27CE00, PAGE_EXECUTE_READWRITE, &dwVp);   pNewPathFindBuffer = malloc(0x05600C*PATHLIMITMUL);   for(int i = 0; i < sizeof(dwPathDataRefs)/sizeof(DWORD); i++) {       if(*((DWORD*)dwPathDataRefs[i]) < 0x9B6E5C || *((DWORD*)dwPathDataRefs[i]) >= 0xA0CE68){           continue;       }       dwMod = *((DWORD*)dwPathDataRefs[i]);       dwMod -= 0x9B6E5C;       for(int j = 0; j < sizeof(dwPathBlockMargins)/sizeof(DWORD)-1; j++) {           if(dwMod < dwPathBlockMargins[j+1]) {               dwMod = (dwMod-dwPathBlockMargins[j]) + PATHLIMITMUL*dwPathBlockMargins[j];               break;           }       }       dwMod += (DWORD)pNewPathFindBuffer;       *((DWORD*)dwPathDataRefs[i]) = dwMod;   }   for(int i = 0; i < sizeof(dwPathStructRefs)/sizeof(DWORD); i++) {       if(*((DWORD*)dwPathStructRefs[i]) < 0x02F1E8 || *((DWORD*)dwPathStructRefs[i]) > 0x5380C) {           continue;       }       dwMod = *((DWORD*)dwPathStructRefs[i]);       for(int j = 0; j < sizeof(dwPathBlockMargins)/sizeof(DWORD)-1; j++) {           if(dwMod < dwPathBlockMargins[j+1]) {               dwMod = (dwMod-dwPathBlockMargins[j]) + PATHLIMITMUL*dwPathBlockMargins[j];               break;           }       }       *((DWORD*)dwPathStructRefs[i]) = dwMod;   }   *((DWORD*)0x436731) *= PATHLIMITMUL;   *((DWORD*)0x43674C) *= PATHLIMITMUL;   *((DWORD*)0x4367A5) *= PATHLIMITMUL;   *((DWORD*)0x4367C0) *= PATHLIMITMUL;   *((DWORD*)0x43680F) *= PATHLIMITMUL;   *((DWORD*)0x436801) *= PATHLIMITMUL;   *((DWORD*)0x435C3D) *= PATHLIMITMUL;   *((DWORD*)0x435FAD) *= PATHLIMITMUL;   *((DWORD*)0x43955D) *= PATHLIMITMUL;   _asm {       mov eax, 43C260h       call eax   }   VirtualProtect((void*)0x401000, 0x27CE00, dwVp, &dwVp2);}

 

 

Same at pastebin: http://pastebin.com/qSTi2DFW

IDC script for generating the list of addresses: http://pastebin.com/MygTTTZp

Edited May 10, 2011 by maxorator

[X-Seti]

Problems I found trying to hack the limits.

 

Original hacked Exe we used. (Lack of paths)

 

I could increase the limits inside the original 4000^2 map boundaries 2 or 3 times over but I was not sure myself if this was really working.

 

I had put the paths in layers 10units Z from each other.

 

In game I could see at times a car driving above other traffic.

 

Where trying to spawn objects outside the original bounds, nothing would spawn?.

 

Hacking the map bounds was interesting, messing the water up too where I settled for just a single plain of water and as a result to is none of the tunnels could be used.

 

It has been sometime since I hacked those limits, 2 years have almost gone by.

 

All I have to show for this is the work put into GTASOL59.1 on GTAG.

[MAD BOSS]

 

Sure, I can attach anything to anything.

By "anything", do you include adding extra car parts? Like in SA, so that you can modify spoilers, bumpers and stuff. And one more. Can you hack the polygon limit for Vice City? Nowadays, modding this game is quite impossible, bcs you can't have hd cars (2MB+ dff) and to expect for it not to crash or smt...

[maxorator]

Sure, I can attach anything to anything.

By "anything", do you include adding extra car parts? Like in SA, so that you can modify spoilers, bumpers and stuff. And one more. Can you hack the polygon limit for Vice City? Nowadays, modding this game is quite impossible, bcs you can't have hd cars (2MB+ dff) and to expect for it not to crash or smt...

Yeah, it's definitely possible to add extra car parts. If someone can provide me with dff+txd for them, I could try adding them too.

 

Not sure about the polygon limit, because I don't know what part of the game engine limits it.

[X-Seti]

 

Sure, I can attach anything to anything.

By "anything", do you include adding extra car parts? Like in SA, so that you can modify spoilers, bumpers and stuff. And one more. Can you hack the polygon limit for Vice City? Nowadays, modding this game is quite impossible, bcs you can't have hd cars (2MB+ dff) and to expect for it not to crash or smt...

Yeah, it's definitely possible to add extra car parts. If someone can provide me with dff+txd for them, I could try adding them too.

 

Not sure about the polygon limit, because I don't know what part of the game engine limits it.

There is a RW3.2+ limit of 5Mb for all models and vehicles.

 

This is the max size any dff can be (exported) or otherwise as far as the dff version goes.

 

RW3.6 SA has a problem with large mash areas so all models must not be large but can be high polyed.

 

VC/GTAIII Only (This does not work with SA)

 

I have tried large dff with high polygon court, the trick here is to have a custom col.

 

The custom col would be the outer mask of the original model less then 1000 polys.

 

Steve Col edit 2 allows you to add boxes that replace of the high density mash.

[maxorator]

 

There is a RW3.2+ limit of 5Mb for all models and vehicles.

 

This is the max size any dff can be (exported) or otherwise as far as the dff version goes.

 

RW3.6 SA has a problem with large mash areas so all models must not be large but can be high polyed.

 

VC/GTAIII Only (This does not work with SA)

 

I have tried large dff with high polygon court, the trick here is to have a custom col.

 

The custom col would be the outer mask of the original model less then 1000 polys.

 

Steve Col edit 2 allows you to add boxes that replace of the high density mash.

I looked into it a bit and the only place where I can notice an explicit limit is in RpGeometryCreate, which limits the number of vertices to 65536, which is obvious since vertices are indexed by unsigned 16bit integers, which cannot hold any larger values.

 

RenderWare does not have anything to do with collisions though, they are entirely a custom feature in Vice City.

Edited May 21, 2011 by maxorator

[MAD BOSS]

 

Sure, I can attach anything to anything.

By "anything", do you include adding extra car parts? Like in SA, so that you can modify spoilers, bumpers and stuff. And one more. Can you hack the polygon limit for Vice City? Nowadays, modding this game is quite impossible, bcs you can't have hd cars (2MB+ dff) and to expect for it not to crash or smt...

Yeah, it's definitely possible to add extra car parts. If someone can provide me with dff+txd for them, I could try adding them too.

 

Not sure about the polygon limit, because I don't know what part of the game engine limits it.

I can add "extra1", "extra2" etc- but how do you plan on making the game engine to swap the car's bodyparts? Like for example, having a boot with and without a spoiler, or having multiple types of wheels for one vehicle.

[maxorator]

 

Yeah, it's definitely possible to add extra car parts. If someone can provide me with dff+txd for them, I could try adding them too.

I can add "extra1", "extra2" etc- but how do you plan on making the game engine to swap the car's bodyparts? Like for example, having a boot with and without a spoiler, or having multiple types of wheels for one vehicle.

Nothing difficult in that. Just replace the atomic. For example I replaced Oceanic's chassis with Romero's Hearse's:

 

 

Now with Sandking's bonnet:

 

 

The vehicle color for the replaced parts might not be correct at the moment, but that can be fixed. And yes, this is done on the fly and only for one car at a time.

Edited May 22, 2011 by maxorator

[MAD BOSS]

OMG, this is just a big wow concept! You could become famous for making a tuning mod for Vice City, it's the one thing it always felt missing! Can it be possible for the game engine (if you tweak it like that) so that in the model we have for like example:

 

• banshee

• chassis_dummy

• bonnet_dummy

• bonnet_hi_ok (with an air-intake)

• bonnet_hi_dam (with an air-intake)

• bonnet_hi_ok (stock)

• bonnet_hi_dam (stock)

...

 

 

So that we can either choose which one do we want in-game in some tunning shops, I mean - like in San Andreas.

[maxorator]

OMG, this is just a big wow concept! You could become famous for making a tuning mod for Vice City, it's the one thing it always felt missing! Can it be possible for the game engine (if you tweak it like that) so that in the model we have for like example:

• banshee

• chassis_dummy

• bonnet_dummy

• bonnet_hi_ok (with an air-intake)

• bonnet_hi_dam (with an air-intake)

• bonnet_hi_ok (stock)

• bonnet_hi_dam (stock)

...

 

 

So that we can either choose which one do we want in-game in some tunning shops, I mean - like in San Andreas.

I could implement that mod if someone creates some extra parts for that. Get me some .dff/.txd sets for vehicle components and I'll do it.

[Frank.s]

Seems awesome.

How are you doing this? RW Analyse? .scm scripting? cleo address editing? .asi/dll hooking?

Could you explain the whole process? C'mon spill the beans.

Edited May 22, 2011 by frank.s

[MAD BOSS]

@maxorator

How do you want them? In multiple dffs, or all packed in one?

[maxorator]

 

Seems awesome.

How are you doing this? RW Analyse? .scm scripting? cleo address editing? .asi/dll hooking?

Could you explain the whole process? C'mon spill the beans.

I might post the source code later. For now let's just say it's C++ code running inside the game. I believe it's what you call DLL hooking.

 

@maxorator

How do you want them? In multiple dffs, or all packed in one?

Separately for now, maybe later they can be merged into one, but this way is easier for testing.

Edited May 23, 2011 by maxorator

[spaceeinstein]

Some info on Tommy sprinting and getting tired from it:

 

Player pointer + 0x600 relates to the sprinting stamina for Tommy. In a new game, the value begins at 150. When Tommy sprints, the value decreases to -150. Negative values will mean when Tommy stops sprinting, he will go into a tired animation. The value increases when Tommy is not sprinting and increases faster if Tommy is not moving. When you tap the sprint button, the value will never go far below 0 so that is why Tommy can literally have infinite sprint by doing that.

 

Player pointer + 0x608 relates to the distance Tommy has sprinted, up to 500. At 500, the number resets to 0 and the upper stamina limit (150 at the start) is increased by 10, so that Tommy can sprint more before getting tired.

 

Enabling infinite sprint (0x94AE68) will skip all this stuff.

[xNCx]

Ahahaha spaceeinstein, are you reading in my mind? I was yesterday thinking about the power left for sprinting !

 

Nice find

[xNCx]

Here is my new found. I wanted to check if the player uses the key SHIFT for something, because I would like to bind to it a script feature. I don't use it, but I remember, that this is the default sprint key.

 

There is a way to check, if this is the sprint key.

 

 

0x9B5A94 - first associated SPRINT key0x9B5A98 (+ 0x4) - only 1 key for this action (returns 0), 2 keys for it (1)0x9B5A9C (+ 0x8) - second associated keyall 1 byte

 

 

It can be also used to change all keys It is very easy to find other key binds, just find the first associated key .

 

Btw. a small request. Can someone describe the weapon pointer? I was thinking about "manual weapon reload" and to disable the "automatic" one.

[Swoorup]

Can somebody compile the Code posted by Maxorator? About the path limits

Edited August 11, 2011 by Swoorup

[Swoorup]

@Maxorater is that the code for IDA dissassembler?

How do i use it?

Edited August 10, 2011 by Swoorup