Quantcast
Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
    1. Welcome to GTAForums!   (84,716 visits to this link)

    2. News

    1. GTA Online

      1. Find Lobbies & Players
      2. Guides & Strategies
      3. Vehicles
      4. Content Creator
      5. Help & Support
    2. Crews

      1. Events
      2. Recruitment
    1. Grand Theft Auto Series

    2. GTA Next

    3. GTA V

      1. PC
      2. Guides & Strategies
      3. Help & Support
    4. GTA IV

      1. Episodes from Liberty City
      2. Multiplayer
      3. Guides & Strategies
      4. Help & Support
      5. GTA Mods
    5. GTA Chinatown Wars

    6. GTA Vice City Stories

    7. GTA Liberty City Stories

    8. GTA San Andreas

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    9. GTA Vice City

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    10. GTA III

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    11. Top Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    12. Wiki

      1. Merchandising
    1. GTA Modding

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    3. Featured Mods

      1. DYOM
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Red Dead Redemption 2

    2. Red Dead Redemption

    3. Rockstar Games

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Programming
      5. Movies & TV
      6. Music
      7. Sports
      8. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    1. Forum Support

    2. Site Suggestions

Sign in to follow this  
the hubster

Documenting GTAIV memory addresses

Recommended Posts

man2104

for the native command handler posted by Seemann

It is incompatible with 1.0.1 exe

 

new addresses should be used for 1.0.1:

 

f_null = 0x00859B90;

f_reg = 0x00615790;

f_hash = 0x00616E10;

Share this post


Link to post
Share on other sites
stefanACM
Can anybody HACK max ping in LAN NETWORK !!!

Go away pirate. icon13.gif

I am not pirat

I need it for play over LAN with my friend because signal is low and ping is 30-40

Share this post


Link to post
Share on other sites
BWARazor

Deleted

Edited by BWARazor

Share this post


Link to post
Share on other sites
Sacky

Objects:

 

0x8D8290 : int __cdecl allocateObject()

 

0x9C4700 : int __cdecl setObjectOnFire(int objectID)

0x9C479B : int __stdcall isValidObject(int objectID) (With objectPool in ECX)

0x9C47B0 : int __cdecl isObjectOnFire(int objectID)

0x9C5410 : int __cdecl hasObjectBeenDamagedByWeapon(int objectID, int weaponID)

0x96A3C0 : int __stdcall extinguishObjectFire(int objectID) (With objectFirePool in ECX)

0x9D2D80 : int __cdecl createObject(int modelID, float x, float y, float z, int* handle, int flags)

 

0x11E73E8 : objectPool

0x12825C0 : objectFirePool (256 elements)

 

+0x1E4 : (byte) Last Weapon Damage

Edited by Sacky

Share this post


Link to post
Share on other sites
Sacky

Native Injector:

 

http://pastebin.com/m64adee56

 

For use like this:

 

NATIVE n_ABSF = { "ABSF", 1 };

NATIVE n_CREATE_OBJECT = { "CREATE_OBJECT", 6 };

DWORD objectHandle;

 

scripting->injectNative(&n_CREATE_OBJECT,0x6F0783F5,12.0f,12.0f,12.0f,&objectHandle,1);

scripting->injectNative(&n_ABSF,54.367f);

 

Still very experimental... so it's highly likely the limited testing I've done with it hasn't ironed out all the bugs

Share this post


Link to post
Share on other sites
Mechan

Hi

I'm beginner in game memory editing, and I tried to call createObject from C# code: http://pastebin.com/f44842901 but I'm getting AccessViolationException: "Attempted to read or write protected memory. This is often an indication that other memory is corrupt." at line 77.

It's impossible to edit memory just like that or I'm doing it wrong? Maybe I have to inject dll or something like that?

 

With simple memory reading (Rick posted code couple posts above) it works fine.

I've got Rick's XLive Wrapper.

Share this post


Link to post
Share on other sites
Sacky

Mechan, I think your offset might be wrong. Since 0x9D2D80 is assuming a 0x400000 base, try the offset 0x5D2D80. I'd also like to point out calling createObject will fail unless you do REQUEST_MODEL first.

Share this post


Link to post
Share on other sites
man2104

How can you call the function in your own process, but not in GTA IV process?

Share this post


Link to post
Share on other sites
Oleg

--------- request from ZModeler developer ----------

Hi! I'm digging in *.wft files and need some assist to classify entries. There are VMT pointers stored in files and they seem to be the same in *.wft files. I'm not sure whether GTA dynamically writes proper addresses there when loading file, I suspect these addresses are already properly set and binded to some library or .exe file explicitly. I'll list these VMT pointers below and need someone to specify class-names or something that will make a sence what should I search for in associated class data.

 

Example:

0x006B223C, tMaterial, size 0x60

0x006B48F4, tPolyMesh, size 0x50

0x006B0234, tGeometryObject, size 0x1C

 

Unknown:

0x006A35F4, tUnkBlock14, variable size

0x0069A5BC, tUnkBlock15, size 0xC0

0x006A4678, tUnkStub, size 0x1C

 

********** tUnkBlock16Base, base class;

0x0069BBEC tUnkBlock16V0 : tUnkBlock16Base

0x0069D56C tUnkBlock16V0A : tUnkBlock16Base

0x0069D7F4 tUnkBlock16V0B : tUnkBlock16Base

0x0069BBEC tUnkBlock16V1 : tUnkBlock16V0

0x0069AAF4 tUnkBlock16V2 : tUnkBlock16V0

0x0069B41C tUnkBlock16V3 : tUnkBlock16V2

 

If you find out what these classes stand for, you can send a PM me, or e-mail, or post as guest in this thread of my forum:

 

http://forum.zmodeler2.com/viewtopic.php?t=3553

 

Thank You!

Share this post


Link to post
Share on other sites
TripleX87

Hello guys. I'm not an expierenced Trainer Programmer - but I am willing to be one.

 

But I've got a question. Could you please make a quick tutorial that explains, how you find all these adresses (and Functions) you are all talking about. What Program are you using? What have I got to search for?

 

I hope you can help me because i want to find the first adress on my own (and post them here) smile.gif

 

(sry for bad englisch)

 

Peace

Share this post


Link to post
Share on other sites
Sacky

GXT Hook:

 

.text:007E5F50 ; char *__stdcall convertGXTToString(char *key)

.data:00FE7568 gxtTable

.text:00458090 ; int __cdecl CRC32Hash(char *text, int textSize)

.text:007E5B00 ; char *__stdcall getGXTTextFromTable(int hash, int)

 

http://pastebin.com/m724466a0

Share this post


Link to post
Share on other sites
saracoglu

some startpoint memory locations for gta iv 1.0.2 patched:

 

(codebase is 0x400000)

 

 

0x1009798 (DWord) Pointer to CPlayer0x0FFCDA0 (Float) XPosition (stats only)0x0FFCDA4 (Float) YPosition (stats only)0x0FFCDA8 (Float) ZPosition (stats only)0x0F70154 (DWord) Current Money (stats only)0x10514C0 (DWord) Current Hours (read/write)0x10514BC (DWord) Current Minutes (read/write)0x10514D4 (DWord) GameDay (read/write)0x10514B8 (DWord) GameMonth (read/write)0x10375B0 (DWord) XLive Buffer Pointer for Float Stats starts here. This is the Game Progress Stat+0x4 (DWord) Next XLive Buffer Pointer, for the next Float Stat and so on. For the float stats enum, see aru's scripthook sdk, scriptenums.h

 

Share this post


Link to post
Share on other sites
Sacky

1.0.2.0

 

SCO Stuff:

 

class CSCO

{

#pragma pack(1)

public:

virtual void method () {};

 

BYTE zPadding1[4];

BYTE* scoBinary;

};

 

struct SCO_POOL

{

#pragma pack(1)

DWORD scriptName; // hash of name

CSCO* scoInst;

};

 

0xF6D0F4 : SCO_POOL*

0xF6D100 : (DWORD) SCO_POOL_COUNT

 

GXT Table:

 

struct GXT_ENTRY

{

#pragma pack(1)

char* entry;

DWORD crc32Hash;

};

 

class GXTClass

{

#pragma pack(1)

public:

virtual void method() {};

 

int numGXTItems;

GXT_ENTRY GXTItems[200]; // I guessed the amount, it's probably thousands

};

 

0xFE0F88 : GXTClass (Statically Allocated)

Edited by Sacky

Share this post


Link to post
Share on other sites
MrGtaman

Has anybody found the address for player's FPS? I need it because I get 8-15fps(according to Fraps, the game's benchmark says my avg. fps is 11.**) with EVERYTHING on low and so I can't play MP in the city, the game kicks me saying "you've been disconnected because your computer is running too slowly", airport is actually the only map I can play without getting kicked unless there are too many vehicles around, effects or I get too close to Broker(too many trees and details, I think)... So I thought maybe if we knew that address we could have made some kind of FPS hack for MP smile.gif

 

There are so many trainers for those idiots who can't play fairly and no really useful things like FPS hack for those who can't afford a better pc sad.gif

Share this post


Link to post
Share on other sites
g4mGunner
Has anybody found the address for player's FPS? I need it because I get 8-15fps(according to Fraps, the game's benchmark says my avg. fps is 11.**) with EVERYTHING on low and so I can't play MP in the city, the game kicks me saying "you've been disconnected because your computer is running too slowly", airport is actually the only map I can play without getting kicked unless there are too many vehicles around, effects or I get too close to Broker(too many trees and details, I think)... So I thought maybe if we knew that address we could have made some kind of FPS hack for MP smile.gif

 

There are so many trainers for those idiots who can't play fairly and no really useful things like FPS hack for those who can't afford a better pc sad.gif

You don't need the address for FPS, you aren't able to edit it, only read it (unless is for a framelimiter). You are looking for a NOP so the game doesn't make you leave MP on low fps.

Share this post


Link to post
Share on other sites
MrGtaman
Has anybody found the address for player's FPS? I need it because I get 8-15fps(according to Fraps, the game's benchmark says my avg. fps is 11.**) with EVERYTHING on low and so I can't play MP in the city, the game kicks me saying "you've been disconnected because your computer is running too slowly", airport is actually the only map I can play without getting kicked unless there are too many vehicles around, effects or I get too close to Broker(too many trees and details, I think)... So I thought maybe if we knew that address we could have made some kind of FPS hack for MP smile.gif

 

There are so many trainers for those idiots who can't play fairly and no really useful things like FPS hack for those who can't afford a better pc sad.gif

You don't need the address for FPS, you aren't able to edit it, only read it (unless is for a framelimiter). You are looking for a NOP so the game doesn't make you leave MP on low fps.

Well, I didn't mean to make my performance better smile.gif Just want to avoid the fps auto-kicking. When my fps is 10 or higher, it's ok but when it drops below 10 I still have a couple of seconds to point the camera down so fps is "fine" again, otherwise the game kicks me... So I'm looking for a way to disable that auto-kicking function.

Share this post


Link to post
Share on other sites
stym

hey, how i find d3d9 and d3d9 device address?

Share this post


Link to post
Share on other sites
Sacky

 

0xF56BC4 : BYTE[32] Encrytion key used in AES (Note it's just a pointer not the actual encryption key)

Share this post


Link to post
Share on other sites
iGeo

Don't suppose anyone knows where the 'Exposure' value is?

Share this post


Link to post
Share on other sites
warclaw

hi there is new on that! what is it and how i open GTA IV .EXE and edit the doc?files? and how i change the traffic light time? to green can it be edit and how many parked cars ??? please give me some info about this XD tounge.gif sounds intresting!

and how i install it ?? and how it work i have lunch the program that i need Ricks games stuff.

 

I dont press OK when i come up SYSTEM copy to win 32 i copy to the GTA IV directory only and lunch the game and afther that it pop up .

 

Need to exract xlive.dll froom windwos/win32 to GTA IV Directory how do there?? and are this safe ? wow.giftounge.gif

 

and how i start to copy in codes and change!? monocle.gif thanks for all help!

Edited by warclaw

Share this post


Link to post
Share on other sites
HazardX
hi there is new on that! what is it and how i open GTA IV .EXE and edit the doc?files? and how i change the traffic light time? to green can it be edit and how many parked cars ??? please give me some info about this XD tounge.gif sounds intresting!

and how i install it ?? and how it work i have lunch the program that i need Ricks games stuff.

 

I dont press OK when i come up SYSTEM copy to win 32 i copy to the GTA IV directory only and lunch the game and afther that it pop up .

 

Need to exract xlive.dll froom windwos/win32 to GTA IV Directory how do there?? and are this safe ? wow.giftounge.gif

 

and how i start to copy in codes and change!? monocle.gif thanks for all help!

meh. dozingoff.gif If you just want to spam requests do so in the Requests Thread!

If you really want to start looking for memory addresses open GTAIV.exe in IDA Pro. You'll find your way if you have got the basic knowledge to do this. If you don't know what IDA Pro is, what it does or how to use it: Let it be and come back when you've learned Assembler and some basics on Reverse Engineering and really understand it! Do not ask before this requirement is met, because noone will be able to help you.

Share this post


Link to post
Share on other sites
iGeo

I'm very new to finding memory addresses and the likes, but I did manage to find the memory address for the 'Exposure' value I was looking for. I was able to edit it, but then all of a sudden it stopped responding to edits, and I found that the address had changed. How do I overcome this? Someone mentioned something to me about 'Pointers' but I'm not sure how they work, or how I can get a way to always find the right memory value for this value, if it's forever changing.

Share this post


Link to post
Share on other sites
Sacky

OK the 'Exposure' value can be found like this:

 

0x10CAEB8 : (float) Exposure

 

Then add +0x1290 to that Memory Address and you get the next Exposure value. You can keep doing this for all the exposure values in timecyc.dat. I'll publish the structures here soon.

Share this post


Link to post
Share on other sites
Hergonan
I'm very new to finding memory addresses and the likes, but I did manage to find the memory address for the 'Exposure' value I was looking for. I was able to edit it, but then all of a sudden it stopped responding to edits, and I found that the address had changed. How do I overcome this? Someone mentioned something to me about 'Pointers' but I'm not sure how they work, or how I can get a way to always find the right memory value for this value, if it's forever changing.

Pointers...

They have always been a hard topic to me tounge.gif

What I understood is, the game has a header, and the header contains different pointers of settings, models it currently displays, functions, etc.

The header never changes. So you can go from header->settings to point to the container of "settings".

That container's location changes, but its shape doesn't. And it's always pointed from the header.

The place of the location is called the offset.

So, header has an offset for settings, settings has an offset for each setting. As the game goes on, the memory constantly changes, therefore the individual settings can move around too. However, since the structure of settings (usually)don't change, the pointer header->settings->individual always points to the correct offset.

 

I might not be correct, but that's how I understand it.

Share this post


Link to post
Share on other sites
Sacky

typedef cell DWORD;

 

0x15AD8B4 : (cell**) Global Variables Pool

Edited by Sacky

Share this post


Link to post
Share on other sites
HazardX

 

typedef cell DWORD;

 

0x15AD8B4 : (cell**) Global Variables Pool

Amazing! That's exactly what i've been looking for! happy.gif Do you have an idea where to find it for game version 1.0.1.0? I've been searching for known values in the expected memory range but didn't find it.

 

[EDIT] Got it. It's at 0x015B5A88. Was easier to find with IDA, actually. smile.gif

Edited by HazardX

Share this post


Link to post
Share on other sites
stym

for version 1.0.2.0

 

 

0x10AC530 - BYTE - Time Hour0x10AC52C - BYTE - Time Minute

 

Edited by stym

Share this post


Link to post
Share on other sites
Andrew

Unpinned topic, topic is included in the forum header.

Share this post


Link to post
Share on other sites
jenksta

....

Edited by JeNkStA

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.