OrionSR Posted May 26, 2008 Author Share Posted May 26, 2008 (edited) I think I have got solution to Ped riot cheat. Block 19 data changes only 6-7 times throghout the game. I have made uploader that replace whole currupt BLOCK 19 with proper one and don't care about individual ped data. It worked properly with Tanker Commander and Madd Dogg. If you want to see that, here is a link : http://hmvartak.110mb.com/fix.htm Interesting. That's pretty much what I've been doing for my hex edit fixes so I suspect the fix will be safe and effective. The other main advantage (I assume since you are posting this in a PS2 cheat topic) is the possibility that the same repair can be applied to PS2 and PC. I'll see if I can put together some good test saves for PS2v1 and PS2v2. The main problem with this method is that the idea of manipulating save files in this manner is not an established procedure for PS2 players. Instructions will need to be very basic and detailed to be useful. The other problem is that ric-013 began the investigation into these settings in an attempt to gain more allies for CJ during gang wars, so we may still pursue a method of changing this data will cheat codes. Still, it's exciting news that a Madd Dogg fix is finally available, nice work hmvartak. Edited May 26, 2008 by OrionSR Link to comment Share on other sites More sharing options...
Gantons Most Wanted Posted May 26, 2008 Share Posted May 26, 2008 Orion could you break down some of the codes you just posted like the vehicles codes and the save discs what do they do??? Link to comment Share on other sites More sharing options...
OrionSR Posted May 27, 2008 Author Share Posted May 27, 2008 (edited) Orion could you break down some of the codes you just posted like the vehicles codes and the save discs what do they do??? Um... I can try. It'll be a good test of my current understanding. Enable all Save Disks - v1 D0700942 0000FEEF - Joker. If (D) buttons pressed (0700942) equals L2+Up (FEEF) then execute the next line. 206B2DC4 00000012 - Write 32bit (2) the following data (00000012) to global variable $885 (06B2DC4). The global variable location is calculated as 006B1FF0 + 4 * Global Variable number. 0x12 = 18, the last save disk at 4 Dragons. It helps that I have the scripts decompiled and examples from PC modders to work from. I've got a pretty good idea how many of these variable influence the game. Sanny has a list of common names for many of the variables so the scripts are easier to understand; 885=Total_Available_Save_Pickups. This setting will be reset by Green Sabre, the Catalina Strand, Are You Going, Yay Ka-Boom, or the phone call after, and the call from Woozie that opens the LV strand. The reason it needs to be used outdoors is that CJ will warp to Angel Pine for some reason. If he's inside when this happens he won't be able to see much of anything except the footcops that spawn with the 4 star wanted level. I think this only happens the first time the code is used. Unhide and Unlock Cars - PS2v1 407BC788 00FF0008 - 32bit Multi-Write (4) starting at 7BC788. Write data 255 times (FF). Skip 64 bytes between writes (4*0008). FFFFFFFF 00000000 - Data to write (FFFF = Generate All, FFFF = Unknown Activity word usually set to -1). Start of Car Generator Data = 007BC770. Cars to generate field is a word at offset 0x1A, but I don't have a 16bit multi-write command. The two bytes after the Cars to Generate field can't be changed without seriously messing things up, so instead I write over some Unknown Activity information in the preceding word. This might confuse currently spawned or random model generators if it is lef running all the time. The code would probably be best running under a joker. 407BC77C 00FF0008 - 32bit multi-write. 255 writes skip 4 * 8 bytes. Same as before but different offset. 00001A00 00000000 - Data to write. 00 = Lock%, 1A = 0x10 mission flag + 0x08 player owned, + 0x02 force spawn, 0000 = unknown setting (word). The goal is to change the lock (+0x0C) and flag (+0x0D) bytes. The preceding 2 bytes are Angle and Alarm. Since I don't want to change the angle on all cars or split the bytes on the following word I decided to overwrite the whole unknown setting. The binary vehicles from IPL streams have FFFF where saved vehicles have 0000. I'm not sure how this will influence the game if code is left running - I suggest saving the changes and then reload without using the code. Edited May 27, 2008 by OrionSR Link to comment Share on other sites More sharing options...
OrionSR Posted May 27, 2008 Author Share Posted May 27, 2008 (edited) All Clothes and Stores in Wardrobe - PS2v1 Jokered with L1+Up - probably not needed now that it's working RAW NTSC/UC PS2v1 E006FBEF 00700942 4085B39C 003D0001 01010101 00000000 1085B3A0 00000101 0085B3A3 00000001 406B47C4 000E0001 00000001 00000000 AR-Max NTSC/UC PS2v1 6UVK-9RMC-7XWQC PAXV-DH2H-HNVY9 B3K6-GTWC-9RXEV WZJ1-1VA6-XU6R4 EHHM-VB7Q-Z0KVB YATT-WP9A-5F264 MD44-N2PD-1KMZA ZAMW-X2DW-VDQUP 03AH-5PBC-9K2T7 0085B2F0 - v1 Start of Shopping Data (I think) E006FBEF 00700942 - Multi-Line Joker (E). Execute 0x006 lines if L1+Up (FBEF) is pressed (00700942) 4085B39C 003D0001 - 32bit Multi-write (4) starting address 085B39C. Write 0x3D times. Skip 1*4 bytes per write (fill block). 01010101 00000000 - Write 01s on all the byte flags (01010101). 0000000 completes the line but isn't used. 1085B3A0 00000101 - 16bit Write. Filling in 2 of the 3 remaining clothes (0101). 0085B3A3 00000001 - 8bit Write. 01 on the Checkered shirt at Bincos. I'm not sure what the next byte is for. 406B47C4 000E0001 - 32bit Multi-write and starting address. Writes 0000001 at the location of the global variables 00000001 00000000 - that control which stores are available in the wardrobe, and the special outfits. PS2v1 and PC Global Variables $2549 = Binco $2550 = Pro-Laps $2551 = Sub Urban $2552 = Zip $2553 = Victim $2554 = Didier Sachs $2555 = Gimp_Suit_Available $2556 = Valet_Uniform_Available $2557 = Croupier_Uniform_Available $2558 = Cop_Uniform_Available $2559 = Rural_Clothes_Available $2560 = Racing_Suit_Available $2561 = Medic_Uniform_Available $2562 = Pimp_Suit_Available Edited May 27, 2008 by OrionSR Link to comment Share on other sites More sharing options...
OrionSR Posted May 27, 2008 Author Share Posted May 27, 2008 Success! I cracked the enex code; most of it anyway. Enex Switching Test Code - PS2v1 4 Line Joker L1+Down Mulholland connects to LA Big House 69cent Unity Warps to El Que Barber Dillimore PD has SFPD Interior Unlock El Que Barber so CJ can return E004FBBF 00700942 20C9900C 00C9D8B8 20C98904 00C9B0E0 20C9B76C 00C9CFD0 10C9B110 00004042 AR-Max NTSC/UC PS2v1 FTFD-F2TW-QJFER H38V-FVW4-ZVMGZ 81QH-QQTD-T786T KGNE-R516-FUAAJ AARY-DEMT-GNE3V 5XWT-EKAT-JAT27 03AH-5PBC-9K2T7 00C986B0 - v1 Start of Enex Data 00C99230 - v2 Start of Enex Data Record size = 60 bytes. The destination of an enex is contained in the last 4 bytes (offset 0x38). The destination dword holds starting address of the destination record. The starting address of a record can be determined by Start of Enex Data + 60 * Destination Handle The destination handle is determined by the sequence in which the enex connections are read from disk (plain text). The door flags are the word at offset 0x30. See details below. BIT HEX DEC NAME DESCRIPTION00 0001 1 unknown interior Only used for interior markers01 0002 2 unknown pairing Used mostly for interior markers; also Big Ear & LS Skyscraper02 0004 4 create linked pair Pair with unflagged mate during new game start03 0008 8 reward interior Sets flag 0010 on pair mate when used04 0010 16 used reward entrance Set by accessing reward interior05 0020 32 cars and aircraft Enable for cars and aircraft06 0040 64 bikes and motorcycles Enable for bikes and motorcycles07 0080 128 disable on foot No foot traffic (use for cars and/or bikes only)08 0100 256 accept NPC group Group members accepted at destination of pair09 0200 512 food date flag Set and cleared by food date (cut-scene related)10 0400 1024 unknown burglary Set on Bayside and Temporary Burglary doors11 0800 2048 disable exit Player can enter but cannot exit a two-way pair12 1000 4096 burglary access Enabled and disabled during Burglary13 2000 8192 entered without exit Set by Entrance, Cleared by Exit; Applies to one side of a two-way pair14 4000 16384 enable access Enabled by default; often cleared by scripts15 8000 32768 delete enex Enex is deleted when used If there is interest in developing this further I can try to finish my list of IPL connections in a form that can be used for this purpose. It's actually fairly easy with a list of enexes and a spreadsheet calculating all of the address. Link to comment Share on other sites More sharing options...
OrionSR Posted May 27, 2008 Author Share Posted May 27, 2008 (edited) Structure NTSC/UC v1 NTSC/UC v2 PAL v1 PAL v2 Record Length Maximum Records Start of Global Variable Space 006B1FF0 006B2770 - - 4 bytes - Start of Garage Zone Structure 0080AE90 0080BA20 - - - - Start of Pickup Pool 00803170 00803D00 - - 32 bytes 620 Records Start of Marker Pool (radar blips) 00701F00 00702A80 - - - - Start of main ZoneInfo 007B7800 007B8390 - - - - Start of ZonePop 007BA7F0 007BB380 - - - - Start of GrayZone 007BA780 007BB310 - - - - Start of Gang Weapons Data 0081B280 0081BE00 - - - - Start of Car Generator Data 007BC770 007BD300 - - 32 bytes - Pointer to Ped Acquaintances 0066B3E8 0066BB68 - - - - Pointer to IPL Data 008C3110 008C3C90 - - - - Start of Shopping Data 0085B2F0 0085BE70 - - - - Pointer to Unique Jump Data 008C2FD0 008C3B50 - - - - Start of Enex Data 00C986B0 00C99230 - - - - - - - - - - - Useful Addresses SA PS2v1 SA PS2v2 - - - - Enable Gang Wars 0066C7A4 0066CF24 - - - - Territories Under Control Stat 337 00802614 008031A4 - - - - Joker Address NTSC/UC 00700942 007014C2 - - - - Basketball Glitch Global 006B3E10 - - - - - Basketballs Enabled Global 006B3DAC - - - - - - - - - - - - Edited May 27, 2008 by OrionSR Link to comment Share on other sites More sharing options...
Gantons Most Wanted Posted May 27, 2008 Share Posted May 27, 2008 nice work could you convert the enex codes and some of the gangs weapon codes to AR Max PAL??? i'll test them for you and give you some idea how they worked in action. Link to comment Share on other sites More sharing options...
OrionSR Posted May 27, 2008 Author Share Posted May 27, 2008 nice work could you convert the enex codes and some of the gangs weapon codes to AR Max PAL??? i'll test them for you and give you some idea how they worked in action. Actually, I'm not at all sure about the PAL conversions. I'm working with addresses specific to version 1, the original addition, and version 2, which I'm pretty sure includes the Greatest Hits, Platinum, or any other version released since the recall. I have a utility that can convert the code to PAL, but I can't test it so I'm posting the RAW codes and PAL players will need to figure out their own conversions and tests. Link to comment Share on other sites More sharing options...
Gantons Most Wanted Posted May 27, 2008 Share Posted May 27, 2008 well i can't do it then. Because atm i don't have that much time to do stuff like this and second i've tried converting and understanding codes alongtime ago and couldn't understand it one bit. But the gang wars codes worked when it was converted i've had no problems so wouldn;t this work the same??? Link to comment Share on other sites More sharing options...
OrionSR Posted May 27, 2008 Author Share Posted May 27, 2008 (edited) I wouldn't know. I can't test it so I'm not posting converted code. Eventually I might get around to testing AR Max code for version 2 but in the meantime I'm only posting the RAW code for v2. I'll never be able to test PAL. If you want to test the codes then: Download MAXConvert or OmniConvert (see ric's post on 1st page) Paste the RAW code on the left pane Select the output format (AR Max or a bunch of other programs) Enter your game code (NTSC/UC v1 is 069C) Select the Region Hit the Convert button Type the output into a new cheat Test it out, report the results, and post the working code Update: I think I figured out why the Madd Dogg Fix isn't working. It doesn't look like the data stays in the same place in memory and a pointer is used to find the required information. Pointer to Ped Acquaintances v1 = 0066B3E8. Without the fancy new pointer commands it doesn't look like we'll be able to change the ped behaviors. I'm finding it particularly useful to check 3 different versions of my v1 memory dumps. One is a Fresh Start, another is a Restart new game, and the 3rd is the End of the Line save I managed to load just long enough to make the required save state. Edited May 27, 2008 by OrionSR Link to comment Share on other sites More sharing options...
ric-013 Posted May 27, 2008 Share Posted May 27, 2008 (edited) OMG...ORIONSR, astonishing work,you'v done so much in 2 days...your getting very good at this ok first iv tested the jokered "CIVMALE" edit code and your were right it it didnt work...as a matter of fact any mods i tryed on gangs didnt stick either...in a previous post you labeled them as "pointers",that seems right.sadly neither of us can use pointer command on our cheat device...but i may have found a clue: Enabler200C2100 3C080089200C2104 9508D760200C2558 03E000082059D368 000000002059D380 000000002059D3A4 0C030840Press L1 then L2 to activate chaos mode(peds riot but like in the los santos riots)200C2444 20013132200C2448 51010043200C244C 8C820114 i dont quite understand that code,maybe becuz i did not look into "enabler codes" yet (im still learning all that stuff) but maybe we can use a enabler code to edit block 19 ??? i hope it leads to something. nice work could you convert the enex codes and some of the gangs weapon codes to AR Max PAL??? i'll test them for you and give you some idea how they worked in action. i wanted to post you the armax pal test codes but i forgot,...i posted untested "possible" raw pal weapon mod in territory glitch codes topic 2 days ago,so post me a few settings you would want and we should try it out....keep reading to know why i say "possible". Actually, I'm not at all sure about the PAL conversions. I have a utility that can convert the code to PAL, but I can't test it so I'm posting the RAW codes and PAL players will need to figure out their own conversions and tests. Download MAXConvert or OmniConvert (see ric's post on 1st page) Paste the RAW code on the left pane Select the output format (AR Max or a bunch of other programs) Enter your game code (NTSC/UC v1 is 069C) Select the Region Hit the Convert button Type the output into a new cheat Test it out, report the results, and post the working code Update: no....maxconvert and omniconvert CANT PORT CODES TO PAL FORMAT,its more like in between versions. by looking around at pal & ntsc raw codes i found out lots of pal codes had a + 0x0100 in its adresses (but not always) i tryed it out and sent the test code "territory glitch v1" tru PM to "ganton most wanted" it ended up working...i was lucky! so it was how i ported them. if you look at pal codes youll see some differance in the adresses is not always the same and sometimes the pal & ntsc codes are exacly the same..so to port codes you need a PAL savedump (sadly i dont have one yet,im still looking) and then compare them to figure it out..just like you did with versions.btw PAL GAME I.D = 06A3 Success! I cracked the enex code; most of it anyway. Enex Switching Test Code - PS2v1 4 Line Joker L1+Down Mulholland connects to LA Big House 69cent Unity Warps to El Que Barber Dillimore PD has SFPD Interior Unlock El Que Barber so CJ can return E004FBBF 00700942 20C9900C 00C9D8B8 20C98904 00C9B0E0 20C9B76C 00C9CFD0 10C9B110 00004042 AR-Max NTSC/UC PS2v1 FTFD-F2TW-QJFER H38V-FVW4-ZVMGZ 81QH-QQTD-T786T KGNE-R516-FUAAJ AARY-DEMT-GNE3V 5XWT-EKAT-JAT27 03AH-5PBC-9K2T7 00C986B0 - v1 Start of Enex Data 00C99230 - v2 Start of Enex Data Record size = 60 bytes. The destination of an enex is contained in the last 4 bytes (offset 0x38). The destination dword holds starting address of the destination record. The starting address of a record can be determined by Start of Enex Data + 60 * Destination Handle The destination handle is determined by the sequence in which the enex connections are read from disk (plain text). The door flags are the word at offset 0x30. See details below. CODE BIT HEX DEC NAME DESCRIPTION 00 0001 1 unknown interior Only used for interior markers 01 0002 2 unknown pairing Used mostly for interior markers; also Big Ear & LS Skyscraper 02 0004 4 create linked pair Pair with unflagged mate during new game start 03 0008 8 reward interior Sets flag 0010 on pair mate when used 04 0010 16 used reward entrance Set by accessing reward interior 05 0020 32 cars and aircraft Enable for cars and aircraft 06 0040 64 bikes and motorcycles Enable for bikes and motorcycles 07 0080 128 disable on foot No foot traffic (use for cars and/or bikes only) 08 0100 256 accept NPC group Group members accepted at destination of pair 09 0200 512 food date flag Set and cleared by food date (cut-scene related) 10 0400 1024 unknown burglary Set on Bayside and Temporary Burglary doors 11 0800 2048 disable exit Player can enter but cannot exit a two-way pair 12 1000 4096 burglary access Enabled and disabled during Burglary 13 2000 8192 entered without exit Set by Entrance, Cleared by Exit; Applies to one side of a two-way pair 14 4000 16384 enable access Enabled by default; often cleared by scripts 15 8000 32768 delete enex Enex is deleted when used If there is interest in developing this further I can try to finish my list of IPL connections in a form that can be used for this purpose. It's actually fairly easy with a list of enexes and a spreadsheet calculating all of the address. this looks interesting..so if i understand this right we could add markers to get in and out of unused interiors and it would be savable ??? if so this is crazy,it would be much better than thoses by edisoncarter Interior ReplacementsWarning: These are one-way trips. You can only get out by killing yourself.GameShark/CodeBreaker/AR2 NTSC: Hidden Tattoo via LS Tattoo D0C9C1E4 0000A1CA 20C9C1E4 C107837B Liberty City via Zip 20C9D590 C4370000 20C9D594 43FC0000 20C9D598 44AB9000 10C9D5A2 00000001 Rusty Brown's Donuts via Burgershot 20C9D374 43BC8CAC 20C9D378 C34070A3 20C9D37C 447A2937 10C9D386 00000011 Brothel 0 via LV Sex Shop 20C9C384 443A22C0 20C9C388 44B3B570 20C9C38C 4489D7AE 10C9C396 00000106 Brothel 1 via Dance Club 20C9D464 446B3B02 20C9D468 C1880E56 20C9D46C 447A4B85 10C9D476 00000103 Brothel 2 via Ten Green Bottles Bar or Mistys or Crow Bar 20C9D554 447106D9 20C9D558 C254D26E 20C9D55C 447A4B85 10C9D566 00000103 Pleasure Domes via Camel's Toe Casino Hotel Suite 20C9D9C8 C524D733 20C9D9CC 44AF9428 20C9D9D0 44629D4F 10C9D9DA 00000B03there,s much more... he seemed to use x,y,z coordinate to teleport to thoses using existing markers.speaking of x,y,z coordinate,if you ever need to know them from a in game point of view, here' some very usefull copybyte codes from edisoncarter...they tell you where you are. X,Y,Z CoordinatesWeapon, Fashion, Property Budget Stats = X,Y,Z Coordinates506FE7EC 0000000C00802194 00000000--------------------------------------------------------------------------------Heaven Number IndicatorMoney Equals Heaven Number5066B868 00000004007096B8 000000005066B868 00000004007096B4 00000000 also,ill start porting territory glitch codes to version 2 (special ed & greatest hits ) using the info's you posted,they will be posted in my topic soon. much thanks again edit: here's my first ps2v2 port raw NTSC TERRITORY GLITCH CODE v1.1 (will give all 381 territory,s...colors will overlap) -press select- E008FFFE 007014C2 407BB390 00600011 0000320F 00000000 407BB3A4 005F0011 00000032 00000000 407BB3B4 005F0011 00003200 00000000 407BA3C4 005F0011 00000032 00000000 dealers almost everywhere -press L3- E008FFFD 007014C2 407BB398 00600011 0A000000 00000000 407BB3AC 005F0011 0000000A 00000000 407BB3BC 005F0011 00000A00 00000000 407BB3CC 005F0011 000A0000 00000000 note: to anyone testing thoses code on ps2v2 please post report. btw,orionsr...do you want me post all the codes i made out of block 10 into a post here ? also i still have a few plans for gangs-related codes, like using gang 9 & 10 various settings to implant 2 new gangs in SA and to restore mafia and triads into LV ( beta version had gangs in all city's )...im almost done writting them,ill start testing when im done. Edited May 27, 2008 by ric-013 Link to comment Share on other sites More sharing options...
OrionSR Posted May 27, 2008 Author Share Posted May 27, 2008 this looks interesting..so if i understand this right we could add markers to get in and out of unused interiors and it would be savable ??? if so this is crazy,it would be much better than thoses by edisoncarter A few notes on the limits of the Enex codes: The only information that is retained in the save file are the door flags (word), and the destination index/handle. All other information is read from disk when the game starts. It might be possible to create temporary enex connections by overwriting some of the burglary door records. The links might get saved but will probably be forgotten on a reload when the game doesn't find enough enex lines - I think. The main problem is that I haven't figured out how to calculate some of the required fields using the text information from disk. There's a little math going on that I don't understand. However, the limits to this type of edit would seem to restrict the possible uses so I'm not sure it's worth the effort to decode the unknown fields. For just goofing around the Edison Carter codes should be effective as there are no permanent changes to the save. The calculations are simplified since only the destination is altered and... heaven number, or is that angle? Maybe he's using interiors with matching heaven numbers. I can't tell without poking around a little more. A much easier alternative for visiting hidden interiors is to create a special save file for this purpose. One of my first enex edits was to reconnect all the doors in LS to hidden interiors. The game can't be played normally but there are lots of options for exploring. I especially enjoyed driving a Sandking around the dirt track course - no way out other than to reload or suicide. Enabler: I'm lost. Perhaps I'll revisit this if you make any more progress. Conversions: It looks like I'd better go ahead and add PAL v1 and PAL v2 to the address database table. I guess we'll need to recruit someone able to make the appropriate memory dumps. I'll see if I can get mine online for examples and perhaps that will help with the recruiting effort. btw,orionsr...do you want me post all the codes i made out of block 10 into a post here ? A report listing many of the base addresses and a small sample code would be appropriate. Eventually I'll need to rework that first post, or perhaps start another topic with less misinformation. My format for these codes is mostly get something working for each type of modification and then move on to something else. This seems a bit removed from posting a well considered set of codes. Link to comment Share on other sites More sharing options...
ric-013 Posted May 27, 2008 Share Posted May 27, 2008 (edited) A few notes on the limits of the Enex codes: The only information that is retained in the save file are the door flags (word), and the destination index/handle. All other information is read from disk when the game starts.It might be possible to create temporary enex connections by overwriting some of the burglary door records. The links might get saved but will probably be forgotten on a reload when the game doesn't find enough enex lines - I think. The main problem is that I haven't figured out how to calculate some of the required fields using the text information from disk. There's a little math going on that I don't understand. However, the limits to this type of edit would seem to restrict the possible uses so I'm not sure it's worth the effort to decode the unknown fields. it dosnt matter much if codes are not savable...we can create codes that needs to be activated tru the cheatdevice before playing, most of the codes are not savable anyways and ppl are used to that...so we can do a code that ex: would link a marker to the hidden tattoo shop and another to get out the same way you get in,using bulgar houses marker would be just ok that would had the hidden tattoo interior when the code is activated (constant write) see them as patch codes that get saved into the cheatdevice savefile instead of the game savefile. A report listing many of the base addresses and a small sample code would be appropriate. Eventually I'll need to rework that first post, or perhaps start another topic with less misinformation. My format for these codes is mostly get something working for each type of modification and then move on to something else. This seems a bit removed from posting a well considered set of codes. since you will re-do that 1st post eventually,ill let you do it...or even easier just post a link in your 1st post under block 10...i just tought that it belongs to both topics... Block 1: Script Contains Global Variables (major version differences). All Global Variables are 4 bytes in length. Finding the right spot to edit is simple enough, but identifying which variable need adjusting is still a challenge. Possible Project: Reviving Dead or Ignored Girlfriends here,s the enable girlfriends code...they are savable, i dont know who did them,tought it would help. ENABLE ALL GIRLFRIENDS 006B2648 0000003F GIRLFRIENDS PROGRESS (folder) DENISE 100% 006B258C 00000064 008024C0 00000064 MICHELLE 100% 006B2590 00000064 008024C4 00000064 HELENA 100% 006B2594 00000064 008024C8 00000064 BARBARA 100% 006B2598 00000064 008024CC 00000064 KATIE 100% 006B259C 00000064 008024D0 00000064 MILLIE 100% 006B25A0 00000064 008024D4 00000064 NOTE:if you use the enable all girlfriends...you may to go around their houses to activate them..also special costume given from girlfriends may not all be in your closet..wait awhile or go date them once to get it. Edited May 27, 2008 by ric-013 Link to comment Share on other sites More sharing options...
OrionSR Posted May 27, 2008 Author Share Posted May 27, 2008 (edited) ENABLE ALL GIRLFRIENDS006B2648 0000003F Interesting. One of the things I had considered was a code to revive Denise or Millie if killed or ignored. I have a template for an unavailable GF fix but I'm not familiar enough with the problem to attempt a repair. Do you think there is any interest in this? Also, I might be able to help add a few stats to the girlfriends by examining the code for the all oysters collected bonus. Another fix I think I can make is for the gym glitch, but I don't have a glitched save or know how to make the glitch so I'm not sure how to test the theory. Memory Dumps archive for version 1 New Game, Restart Game, and EoL (not very complete) is uploaded. Notes that these were originally PCSX2 SaveStates. The sstates were uncompresses with WinRAR, and then the first 4 bytes were removed so the address would align as expected. http://files.filefront.com/sa+uc+v1zip/;10...;/fileinfo.html I want to make new v2 memory dumps. The previous pair was to compare the enex connecting before and after using the Jefferson Wardrobe (successful strategy for enex codes). I want to make another comparison set using a cheat so I can try to hunt for the flag that pops the annoying warning when saving (has this been found?). I was going to do the Madd Dogg glitch but I think we know what the problem is there. Can you think of another cheat that might provide useful information? Or, a cheat that can be deactivated and make the least changes to memory before saving? I think I've got a plan that will provide a PAL memory dump - don't ask. I'll get back to you later if it works. It would be a lot easier if a PAL player could make the memory dumps for us, so keep an eye out for volunteers with a good PC. The problem with the enex edits is that you need to be very careful not to mix and match the settings that are saved or not. Easy Enex fix if someone is interest. The unused Barbers were attached on v2 and PC versions of SA; Playa de Seville and/or Hemlock in Hashbury I think. These changes can be safely made permanent similar to the Dillimore SFPD Interior. I tried to move a save disk before but missed. I might try again now that I'm having better luck targeting my globals. Some of the codes are starting to tie together. Attach the LA Big House to different locations and move a save disk to the coffee table. Perhaps enable Catalina's disk for this purpose. I'd like to add several pickups to the Big House "armory" but I'm not sure how to do this safely when the pickups tend to be loaded in different locations. I think I can write code that check for the 2 conditions. A global variable for a pickup should only have 2 different settings, so 2 multi-line "joker" codes should do the trick. Unfortunately, I lost 4 of the easily recycled pickups when I enabled the SFPD interior. Edited May 27, 2008 by OrionSR Link to comment Share on other sites More sharing options...
ric-013 Posted May 27, 2008 Share Posted May 27, 2008 (edited) Another fix I think I can make is for the gym glitch, but I don't have a glitched save or know how to make the glitch so I'm not sure how to test the theory. the gym glitch may be made by something your familliar with "GRAYBOT" or related to it...see the gym glitch happen for ps2 user when doing the " territory glitch"...yup! flying/sailing way-off the map for hours.i dont remember any other cause.lol One of the things I had considered was a code to revive Denise or Millie if killed or ignored. I have a template for an unavailable GF fix but I'm not familiar enough with the problem to attempt a repair. Do you think there is any interest in this? yes...killing a GF is quite irreversible,some ppl might have killed them by accident and would want them back.btw i didnt test if the enable all girlfriend would revive a dead one,it could be that simple...girlfriends added stats seems interesting too. Memory Dumps archive for version 1 New Game, Restart Game, and EoL (not very complete) is uploaded.http://files.filefront.com/sa+uc+v1zip/;10...;/fileinfo.html cool,thanks...but where is it,link leads to main page. I want to make another comparison set using a cheat so I can try to hunt for the flag that pops the annoying warning when saving (has this been found?). i dont think so,ill look around... I was going to do the Madd Dogg glitch but I think we know what the problem is there. Can you think of another cheat that might provide useful information? Or, a cheat that can be deactivated and make the least changes to memory before saving? a button cheat codes ?? or cheat device codes?? cuz i think both can trigger the "warning cheat activated" . the only code that could be somehow related to this is Times Cheated (0) 208022f4 00000000 but i doubt it helps...anyways if you want to use a button cheat to find it, id go with: -no muscle or fat triangle,up,up,left,right,square,circle,right brings cj back to default weight...so if used at "in the beginning" no big change in memory should occur,but i think it cannot be deactivated -freeze wanted level circle,right,circle,rightleft,square,triangle,up can be deactivated by entering it twice...should not do lots of changes Edited May 27, 2008 by ric-013 Link to comment Share on other sites More sharing options...
OrionSR Posted May 27, 2008 Author Share Posted May 27, 2008 GTAF shortens long links automatically. You need to click the link or copy and past link location. Or, this should get you to my main host files, follow the link to the memory dumps. http://hosted.filefront.com/OrionSR/ I'm not sure what the different circumstances are. Millie and Denise are different because they cannot be re-met if CJ ignores them too long. I think if the other girls reach 0% then CJ can go back to the original location to meet them again. And I guess if CJ kills them then they are gone forever. I forget what the other GF stats are. Something like "progress to invite" after a date, and expectations for body type etc. Times Cheated (0)208022f4 00000000 Yeah, I think that's just the cheat count and is stored in a global variable. The "has ever cheated" flag that provides the warning message gets written to the Misc Block 0 so I'm not sure where it might be hidden. So far, the max wanted level codes seem most likely to be related. -freeze wanted levelcircle,right,circle,rightleft,square,triangle,up This should work out nicely. Thanks. The other problem with my v2 dumps is I used slightly modified enex connection for the Jefferson house so it's not quite in original condition. Link to comment Share on other sites More sharing options...
Gantons Most Wanted Posted May 28, 2008 Share Posted May 28, 2008 0 times cheated might prevent it i use it all the time so that my rating doesn't go down because i use cheats quite frequently and i have the king of san andreas rating. Link to comment Share on other sites More sharing options...
OrionSR Posted May 28, 2008 Author Share Posted May 28, 2008 Sorry, the rating still gets hit when using button cheats, however this code should clear the "has ever cheated" flag so the warning is not displayed when saving. Never Cheated Cheat RAW NTSC/UC v1 0066CB08 00000000 AR-Max NTSC/UC v1 JG1P-YXYB-5XT8R 333B-X67X-ZE4QZ RAW NTSC/UC v2 0066D288 00000000 Integer Stat 137 v1 Times Cheated (0) 208022f4 00000000 008020D0 - False Base Address + IntegerStat# *4 I've got more notes on calculating the locations of global variables, float stats, and integer stats, but I'm too tired tonight. I was looking into the Girlfriend cheats and reviving dead girlfiends. If the current cheat doesn't do the trick then I suspect the only thing than needs adjusting is that lone code at the top that does all the bitmasking. However, I suspect it will work just fine. There are still a few other oyster type bonuses that can be applied. Link to comment Share on other sites More sharing options...
ric-013 Posted May 28, 2008 Share Posted May 28, 2008 If the current cheat doesn't do the trick then I suspect the only thing than needs adjusting is that lone code at the top that does all the bitmasking i have some testing to do today, ill kill all GF's and save...then ill try if "enable all GF's" code bring them back There are still a few other oyster type bonuses that can be applied. this would make some GF's easier to date...id like the body type one,so all GF's likes all of cj body shape. ill be back later... Link to comment Share on other sites More sharing options...
OrionSR Posted May 28, 2008 Author Share Posted May 28, 2008 (edited) Here's the information I was accumulating on the girlfriends until I figured that the current code would probably work just fine. About the only thing I can think to add would be the Oyster settings that should make the girls easier to date. Omitted are all of the bitmask settings which still have me a bit baffled. Address Global Variable multiplied by 4 bytes006B1FF0 0 Start of Global Variable Space 6B2648 406 Girls_Gifts_bitmask 6B258C 359 Denise 0 6B2590 360 Michelle 1 6B2594 361 Helena 2 6B2598 362 Barbara 3 6B259C 363 Katie 4 6B25A0 364 Millie 5Address Float Stats multiplied by 4 bytes00802160 0 Start of Float StatsAddress Integer Stat multiplied by 4 bytes008020D0 0 False Base Address 8024C0 252 Progress with Denise 8024C4 253 Progress with Michelle 8024C8 254 Progress with Helena 8024CC 255 Progress with Barbara 8024D0 256 Progress with Katie 8024D4 257 Progress with Millie ; array 6 $353-$358353=Girl_Desired_Progress_To_Invite 359=Girl_Progress ; array 6 $365-$370 365=Girl_Desired_SexAppeal ;371=Girl_Bitmask1 ; array 6 $377-$382 ;377=Girl_Bitmask2 ; array 6 $383-$388 ;383=Girl_Bitmask3 393=Girl_Dated_Now 406=Girls_Gifts_bitmask ; array 6 $1204-$1209 1204=GirlRespect $GIRL_DESIRED_SEXAPPEAL[0] = -100$GIRL_DESIRED_PROGRESS_TO_INVITE[0] = 1 // $GIRLRESPECT[0] = 200 (example copied from GF Initialization) Save States for SA NTSC/UC v2, and SA PAL v1 have been added to my host at filefront. http://hosted.filefront.com/OrionSR/ Edited May 28, 2008 by OrionSR Link to comment Share on other sites More sharing options...
OrionSR Posted May 28, 2008 Author Share Posted May 28, 2008 (edited) I'm testing a spreadsheet to table conversion method for calculating standard address for Globals and Stats. Test Table moved to the top of the first page. NTSC/UC v2 is missing garage 32. Offsets for subsequent garages will need to be adjustedUpdate for Game ID Codes: Confirmed by converting codejunkies codes from AR-Max to RAW 069C = NTSC/UC v1 08B0 = NTSC/UC v2 06A3 = PAL 06A4 = PAL (French) 06B0 = PAL (DE/German) 0A0F = PAL (French) v2 So it looks like there is no PAL v2, but there's a German version and two French versions to consider. For now I think I'll just drop the PAL v2 support and we'll just wait and see about the other languages. Edited May 30, 2008 by OrionSR Link to comment Share on other sites More sharing options...
Gantons Most Wanted Posted May 28, 2008 Share Posted May 28, 2008 You 2 are very good at this (y) its impressive everything you've accomplished within the last few weeks if only more people worked at this rate Link to comment Share on other sites More sharing options...
OrionSR Posted May 29, 2008 Author Share Posted May 29, 2008 (edited) Gym Glitch Fix (untested on any version) 2 Line Joker L1+Right 32bit Multi-Write 4*4 Sets Globals to -1 (default) NTSC/UC v1 RAW E002FBDF 00700942 406B7374 00040001 FFFFFFFF 00000000 AR-Max ID 069C PCTR-43X0-WQUPH 8QJQ-2AJD-MZVEP EVVF-5K9F-YA8HE 3T27-20DC-JXYZR NTSC/UC v2 RAW E002FBDF 007014C2 406B7B04 00040001 FFFFFFFF 00000000 AR-Max ID 08B0 VPRF-A409-GEYRR T4MN-PG56-J02C9 6QDJ-4RK6-4CF9Y 3T27-20DC-JXYZR PAL v1 RAW E002FBDF 00700A42 406B7470 00040001 FFFFFFFF 00000000 AR-Max ID 06A3 XXK9-Z241-EVZAU 5NB5-URYH-PZQWV 42DV-RGED-T79HC 3T27-20DC-JXYZR Description of Variables 5344=Current_Month_Day 5345=Current_Month 5346=GYM_Month_Day_When_Limit_Reached 5347=GYM_Month_When_Limit_Reached 5348=GYM_Day_Limit Notes from pdescobar indicate default settings of -1 should fix the glitch. I'm testing out my new conversion table, but I suppose I should have picked something that is easier to test. Move Madd Dogg’s Disk Prevents glitching of the Basketballs NTSC/UC v1 RAW - tested 206B2DCC 44A17999 206B2E14 C4477504 206B2E5C 44883000 206B2EA4 44A0D999 206B2EEC C4476C28 206B2F34 44882333 206B2F7C 42B40000 AR-Max ID 069C 8934-G5EV-RV897 9Y97-0E54-XF8CH NHRF-V15Q-9EUW2 MP6F-4W67-KRJN9 57FQ-RJH2-PXZZW J6AH-5FFV-ZPVFH 567U-E196-NMYX8 7GPG-NGKB-WAWBD NTSC/UC v2 RAW 206B3558 44A17999 206B35A0 C4477504 206B35E8 44883000 206B3630 44A0D999 206B3678 C4476C28 206B36C0 44882333 206B3708 42B40000 AR-Max ID 08B0 WMET-78KA-GH6U5 ARNB-1R6F-GE433 ZGDQ-CVH8-N7K9B CJ1V-NJU0-96JY4 D9T2-308N-T2CQ2 C659-AZRJ-6NPFZ 97QM-9361-D01FV R8NR-7XUY-PKRF0 PAL v1 RAW 206B2ECC 44A17999 206B2F14 C4477504 206B2F5C 44883000 206B2FA4 44A0D999 206B2FEC C4476C28 206B3034 44882333 206B307C 42B40000 AR-Max ID 06A3 X8ZE-J6H9-ATQQF FHU1-A8B1-QRH5W PT1X-CGRQ-TGK5T 3J37-YBG5-FKNDR P1DN-8WGT-7VPWG QHBA-G102-9Y137 QB0X-41K2-TM0P1 ER8F-134N-KVC18 The codes change the global variables that control where Madd Dogg’s disk is located. These settings move the disk to the Library; first room on the left. It may be necessary to touch another save disk to implement the changes. Never Cheated Cheats NTSC/UC v1 RAW 0066CB08 00000000 AR-Max ID 069C JG1P-YXYB-5XT8R 333B-X67X-ZE4QZ NTSC/UC v2 RAW 0066D288 00000000 AR-Max ID 08B0 WA8H-UF95-M64GT DF7N-1XDB-YRDBR PAL v1 RAW 0066CC08 00000000 AR-Max ID 06A3 TYME-MKJB-GU5DN YP2N-VET3-WHTN3 Edited November 10, 2019 by OrionSR Link to comment Share on other sites More sharing options...
ric-013 Posted May 29, 2008 Share Posted May 29, 2008 (edited) Here's the information I was accumulating on the girlfriends until I figured that the current code would probably work just fine. About the only thing I can think to add would be the Oyster settings that should make the girls easier to date. Omitted are all of the bitmask settings which still have me a bit baffled. Address Global Variable multiplied by 4 bytes006B1FF0 0 Start of Global Variable Space 6B2648 406 Girls_Gifts_bitmask 6B258C 359 Denise 0 6B2590 360 Michelle 1 6B2594 361 Helena 2 6B2598 362 Barbara 3 6B259C 363 Katie 4 6B25A0 364 Millie 5Address Float Stats multiplied by 4 bytes00802160 0 Start of Float StatsAddress Integer Stat multiplied by 4 bytes008020D0 0 False Base Address 8024C0 252 Progress with Denise 8024C4 253 Progress with Michelle 8024C8 254 Progress with Helena 8024CC 255 Progress with Barbara 8024D0 256 Progress with Katie 8024D4 257 Progress with Millie ; array 6 $353-$358353=Girl_Desired_Progress_To_Invite 359=Girl_Progress ; array 6 $365-$370 365=Girl_Desired_SexAppeal ;371=Girl_Bitmask1 ; array 6 $377-$382 ;377=Girl_Bitmask2 ; array 6 $383-$388 ;383=Girl_Bitmask3 393=Girl_Dated_Now 406=Girls_Gifts_bitmask ; array 6 $1204-$1209 1204=GirlRespect $GIRL_DESIRED_SEXAPPEAL[0] = -100$GIRL_DESIRED_PROGRESS_TO_INVITE[0] = 1 // $GIRLRESPECT[0] = 200 (example copied from GF Initialization) Save States for SA NTSC/UC v2, and SA PAL v1 have been added to my host at filefront. http://hosted.filefront.com/OrionSR/ every time i get back here you done so much its crazy...do you get any sleep??? thanks for GF's info's...and link to dumps...and the conversion table...and the new codes. iv tested reviving them yesterday using enable all GF's (main test subject: denise & millie) the code do revive them but they dont whant to date anymore...when you try to, you get the " i dumped you" cut-scene.then i tryed using the 100% progress to see what would happen,they now show interest into dating but you aint got enuff nice cloths for her desire...even after wearing the most expensive cloths,you aint good enuff.also the progress in the stats for killed girls are completely gone,the code didnt bring it back. 353=Girl_Desired_Progress_To_Invite 359=Girl_Progress; array 6 $365-$370 365=Girl_Desired_SexAppeal; 371=Girl_Bitmask1; array 6 $377-$382; 377=Girl_Bitmask2; array 6 $383-$388; 383=Girl_Bitmask3 393=Girl_Dated_Now one of thoses..if not all, is responsible for not being able to impress the girls.ill do a few try's editing somes and see what happen...ill also try doing a few small dumps (alive and dating,dead,revived) to compare values. as you aready notice, i cant work as fast as you do...you are really gifted at this and you probaly have more freetime than i do...im less busy on the weekends. btw ZonePop - ntsc v1 =007BA7F0 pal v1 =007BC870 thoses are from your conversion table...im confused, isnt PAL zonepop starting at 007BA8F0 ="SAN_AND" ?? i used this one in my territory glitch codes PAL conversion and "ganton most wanted" tested them perfecly working on is PALv1...? Edited May 29, 2008 by ric-013 Link to comment Share on other sites More sharing options...
OrionSR Posted May 29, 2008 Author Share Posted May 29, 2008 Oops. Thanks for checking. It looks like I scrambled the PAL addresses when I was sorting the data - fixed. The addresses pointed to the wrong structures. You were right about the offsets for PAL. +0x0100 seems to be very consistent so far. It would probably help if I rearranged the columns so PAL is next to NTSCv1 but I've gotten used to the current arrangement. Structure offsets for NTSCv2 are usually either +0x0780, +0x0B80, or +0x0B90. For static settings I suggest examining the save files rather than save dumps; the data is the same. The global variable space starts 4 bytes after the start of BLOCK 1: Script. Also, sometimes it's a lot easier to setup several saves with particular settings than to attempt changing the variables with cheats in the game. Coding the cheat is often the last part of the process. Much of the investigation into the proper settings is performed with save edits. Any edits to the save will require a checksum fix (or bypass). There's a utility for this purpose in my CG development folder at my filefront host. Drop the save on the application and it's all ready to go. You may also want to decompile your game scripts so you can see how the setting are used in game. Damn, I keep reviewing the girlfriend codes and the whole thing is a series of bitmask checks and setting. I can't tell what the hell is going on with these settings. I'll poke around and see what I can come up with. Link to comment Share on other sites More sharing options...
Gantons Most Wanted Posted May 29, 2008 Share Posted May 29, 2008 So does this mean conversions to Pal will work now??? and sorry if this is off topic but you've got to see this. its probably done on PC but its impressive. Link to comment Share on other sites More sharing options...
OrionSR Posted May 29, 2008 Author Share Posted May 29, 2008 (edited) So does this mean conversions to Pal will work now??? and sorry if this is off topic but you've got to see this. its probably done on PC but its impressive. The PAL codes should work, but they are untested. Would you care to try the codes I posted a few messages back and let me know how they worked? And as far as the video goes; we could probably do that on PS2. We have the technology, but it would be quite a chore to get all of the required codes in properly. It would be more practical if I could get the Code Update from USB feature working properly. Dead Girlfriends I played around with reviving Denise with save edits. Everything worked as expected using the standard codes. I can't figure out how to get rid of Denise without killing here. Abandoning the date isn't working. Even failed dates at 1% doesn't drop her off the map. I don't get it. What is this "I dumped cut-scene you" cut scene you mentioned? Can you be more specific about messages or conditions? It will help me identify which sections of the script are running. However, I'm really hoping for a solution that doesn't involve decoding the endless array of bitmasks. Disable Loose Stuff if: Wasted L1+Up Busted L1+Down NTSC/UCv1 RAW E001FBEF 00700942 00666c98 00000000 E001FBBF 00700942 00666c9c 00000000 AR-Max ID 069C BBCC-JXYF-2GMW1 4VKK-C2K7-ZFVPR 39KQ-NDFT-HNFJK JMKW-UGPM-U09D8 AQDT-3NMU-P28UM Just the test code for now so I don't lose it. This isn't what I was looking for but I'll take it. I don't understand how the other codes work. These setting appear to set the same flags are in the save file. Note the 01 (or maybe 00000001) is the standard setting, so it's a lose stuff flag not a keep stuff flag. PAL Emulation is working much better than the NTSCv1 testing I tried. I can load crafted saves with only a few adjustments and examine the difference in dumps with considerably less random variations. mymc-alpha-2.4 seems to have problems converting the MAX format to virtual memory card, the files are always corrupt. Conversions from Xport and Sharkport are working. See... there it is. Again, I'm not sure what the current codes do. This is a simple on/off flag similar to the flag in the save file that toggles the late game riots in Los Santos. LS Riot Mode On L1+Up Off L1+Dn NTSCv1 RAW E001FBEF 00700942 0066b88c 00000001 E001FBBF 00700942 0066b88c 00000000 AR-Max ID 069C ZJTF-YFEP-Q224W 4VKK-C2K7-ZFVPR MJHC-E16X-U3NAJ JMKW-UGPM-U09D8 N4Q0-HV6P-EQPRE Copying stuff from the first post while I edit. PCv1, PCv2, PS2v1 = $1928 PS2v2 = $1932 Basketball Fix v1 - RAW and AR Max PS2v1 NTSC 206B3E10 00000000 VGVP-QHC1-F1QA5 50Z7-B0G7-MJ5GX Basketball Fix v1 - AR Max PS2v1 PAL (untested) MAY3-UH15-F7UGD 50Z7-B0G7-MJ5GX Basketballs Enabled (Tagging Up Turf mission completed) PCv1, PCv2, PS2v1: $1903 = 1 PS2v2; $1907 = 1 Basketballs Enabled PS2v1 - RAW and AR Max PS2v1 NTSC 206B3DAC 00000001 NQVV-WRPQ-QHTJM 9RP8-511M-HZ6Q2 Edited May 30, 2008 by OrionSR Link to comment Share on other sites More sharing options...
Gantons Most Wanted Posted May 30, 2008 Share Posted May 30, 2008 i can test some codes within reason but the glitch fixes i can't due to my game save is not at that point in time. But the basketball glitch what i did was when i started the game before i got thrown out of the car i did the jetpack cheat so everything was open so i could save at Madd Doggs anytime. But i think what causes the glitch is if you save after home coming. Link to comment Share on other sites More sharing options...
OrionSR Posted May 30, 2008 Author Share Posted May 30, 2008 (edited) Interesting... it looks like I can't Quote and Table in the same post. The Basketball Glitch is caused by saving too close to an active basketball object. The flag that indicates that a basketball already exists is left enabled and it never gets reset. The Move Madd Dogg's Disk cheat prevents the glitch my moving the disk out of range of the basketball. At about 70 meters the object will unspawn whether CJ is watching it or not. The far wall is far enough, but the first room on the left looks better. Sorry I left you with so few codes to test, I'm just now coming up to speed on the PAL and NTSCv2 conversions. Testing a new table format for new cheats. Moved to top of next page My reply to GMW that got cut with the table edits. No, and I'm not sure that's possible with a wardrobe mod. I just filled in all the blanks for the clothes that are listed for the stores. I'm not exactly sure how they are assigned either. However, I did find the spot where the texture CRCs applied to CJ are stored. It should be possible to apply whatever tattoo, haircuts, clothes you wanted if you could figure out the CRC for the texture name - or something like that. Sorry, it's a field I've not looked into past getting the game to fill up the standard wardrobe since the process of buying everything takes forever. Edited May 30, 2008 by OrionSR Link to comment Share on other sites More sharing options...
Gantons Most Wanted Posted May 30, 2008 Share Posted May 30, 2008 hey OrionSR nice work dude. Does that clothes code even have the ones you couldn't get but were still in the game files??? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now