[JernejL]

after seeing how hard it is to find any info on memory adresses in gta: vice city
for memory hacking - and creating trainers (telporters, vehicle spawning etc.. )
and the experiences with MTA team which appears to be nice only from oudside -
they use others stuff but don't share their!! i've decided to push this little doc into
the public, it is intend to be read by anyone interested into how gta:vc works
internaly and for wasting your and my free time.

memory offsets:

teleporter - same for as ped and as any other vehicle:
8276416 > pointer = 72083480, + 52 bytes = 72083532 where is x, y, z of the object as 4 byte float values
72083532 > float x next is y and then z

texts - they are UNICODE format:

outputing text on the left - up display
9670696 > text
8207936 > text
- 2 copies, so the game sees one has changed and if so then updates it to that one..
the text fades out by itself.

center of screen (mission failed etc...)
7917312 > text
- this text also fades out by itself

busted / wasted texts in lower right corner, this text STAYS there until you make the first char ZEROED
7917824 > text

rampage middle screen texts, i can't get these to work "by manual":
7918336 > text
7918592 > text
9670440 > text

for texts you can use gxt color codings

infinite run:
5467949

any car spawning:
4901238 = car code for romero's hearse cheat, change this number and type the romero cheat (thelastride)
to spawn a specific car.. ids are same as in default.ide file

player model changing:
to change your ped model into another change one of cheat model and txd name references near 6877748 (there are duplicates at 6842396 but are just memory mirrors)
then type in that cheat code, beware, you are limited by the existing character length there..
MTA must know a better way of doing this.. but they don't want to help..

model name references:
offset len reference
6877748 > 7 - buddy
6877708 > 7 - ?
6877716 > 5 - ken rosenberg
6877724 > 7 - hilary
6877732 > 6 - jezz - lovefist?
6877740 > 6 > phil
6877748 > 7 > sonny
6877760 > 6 > mercedes
6877768 > 6 > dick ???
6877776 > 6 > diaz
6877844 > 6 > player ????????

and you have only these useful for 5 - 6 - 7 length named models..
for other lengths it would need to hack the assembler code..
6877716 > 6842396 > 5 - igken
6877740 > 6842412 > 6 > igphil
6877748 > 6842444 > 7 > igsonny

a note: if you use a model that is used in the IDE file the game will crash.

gxt color codes:
a = gray
b = blue
c = light blue cyan ?
d
e
f
g = pink
h
i = white
j
k
l
m
n
o = orange
p = purple
q = purple & some pink
r = purple & even more pink
s = silver
t = green
u = green
v
w
x = fading blue
y = yellow
z

whatever - a hacker could find this useful

[JernejL]

QUOTE (ZanderZ @ Nov 1 2003, 17:37)

QUOTE (brokenfish @ Nov 1 2003, 14:59) QUOTE (Opius @ Nov 1 2003, 07:44) Opius   crosses fingers brokenfish crosses fingers too ZanderZ hopes that too although LithJoe's Ultimate Trainer is great too. Delfi, have you contacted LithJoe? I think he programs in Delphi too and he might know more offsets and stuff.

he does, but his website is d.o.w.n..

ok, here is a nice litle something:



*note here: the background loader is from spooky's path editor
*another note: setup the keys before you run the game
*and another one: it is still unstable..
*and it loads / saves lithjoe's teleport tables
*place it to the gta-vc-exe dir, as it loads the images from img file and the default.ide..

baa:

http://www.infofeast.com/delfi/will_be_del...p/p_trainer.zip

[DexX]

ooo, coolness. a few ideas though, do the addresses change if you change the main.scm?

also, alot of vehicle characteristics, ie weapons, emergency lights, police radio, whoopee music, hydraulics, flame exhaust, sirens, etc, are hardcoded per vehicle, ive been searching for these, to no avail. might you have any idea on their addresses?

good work on the rest though, its a shame MTA wont share what they've learned, prats...

Edit again, you posted the address in decimal, not hex, my bad
missed the UNICODE at first glance...

This post has been edited by ashdexx on Sunday, Nov 2 2003, 07:50

[JernejL]

QUOTE (ashdexx @ Nov 2 2003, 07:15)

ooo, coolness. a few ideas though, do the addresses change if you change the main.scm? also, alot of vehicle characteristics, ie weapons, emergency lights, police radio, whoopee music, hydraulics, flame exhaust, sirens, etc, are hardcoded per vehicle, ive been searching for these, to no avail. might you have any idea on their addresses? good work on the rest though, its a shame MTA wont share what they've learned, prats... Edit again, you posted the address in decimal, not hex, my bad missed the UNICODE at first glance...

these adresses don't, they are the fixed memory regions
except the player coords, those change alaways you die or load a game
they are solved with a pointer...

and yes, i am not a hex nut, i like decimals better
as the numbers are easier to calculate by hand..

yeah, the vehicle characteristic are to be hacked soon

anyone helping?

[DexX]

ill lend a hand wherever i can. i want extended vehicle characteristics as much as everyone else.

im also gonna append your hearse-cheat..
Unicode!
4901238 - Romero's hearse cheat, thanks for the start point
4901286 - Love fist limo vehicle spawn cheat
4901334 - Trashmaster vehicle spawn cheat
4901382 - Sabre turbo vehicle spawn cheat
4901430 - Caddy vehicle spawn cheat

[Stretchnutter]

excellent, couldnt find text b4

ill do my addresses in HEX

btw, delfi: i tried your trainer but it doesn't spawn bikes
also you forgot to mention that the GXT color codes are used like this: "~w~" had to figure it out meself

CODE

Camera Stuff 7E48E0 - Zoom Thresh (Car) float 7E48BC - Look Up/Down(foot) float 7E48CC - Look Left/Right(foot) float 7E48C4 - FOV float 7E48D4 - Zoom On-Foot float 7E4688 - 7E46B4 - Camera Rotations (quaternions)  3x3 matrix floats 7E46B8 - Camera X float 7E46BC - Camera Y float 7E46C0 - Camera Z float 7E4764 - Currently Selected View (Car) float 7E47EC - Currently Selected View (Foot, Classic Controls) float 7E47C4 - Amount of clipping for cinematic view? float 7E48DC - Distance from vehicle before camera starts turning around; float

CODE

Some Controls -?? i had more?! 7E46B0 - Right (0-255) byte 7E46B1 - Left (0-255) byte 7E46B2 - Up (0-255) byte 7E46B3 - Down (0-255) byte

CODE

Options Menu 86964C, 690220 - Draw Distance, float 869655 - Frame Limiter, byte (0 off 1 on) 869650 - Subtitles ^ 869652 - Wide Screen ^ 86963A - Hud Mode?! ^

CODE

821F7C - Current Car Speed (multiply by 4 for kmh), float

CODE

Stuff i used for weapons vibration for Force Feedback gOffset = Pointer to player block  (dec 8276876) pGunOffset = gOffset + 1284 cGun = Get(GameName, pGunOffset, 1) (find current gun (1-9) byte) pGunOffset = (gOffset + 1036) + (cGun * 24) (a byte changes above 1 when current gun is fired) pOffset = generic pointer (7e49c0) whatever is in control pCollideOffset = pOffset + 260  // Collision (float)

Lots lots more but dont have them handy

anything more i can do?

visit my site for a host of vc hacks

This post has been edited by Stretchnutter on Monday, Nov 3 2003, 06:48

[JernejL]

wow, i am impressd by the reaction

i will post the new garage and stats stuff i have when i get home

and about typing cheats:

you can use winapi keyb_event to fool the keyb driver that a key was pressed
use keyb_up and down to fake a keystroke
the keystrokes can be also typed in windows with gta:vc inactive,
it is still checking for the cheats being typed

[ZanderZ]

QUOTE (Stretchnutter @ Nov 3 2003, 05:47)

CODE 821F7C - Current Car Speed (multiply by 4 for kmh), float

Are you sure it's 4 and not 3.6?
3.6 makes more sense, since that's the conversion factor for m/s -> km/h but maybe VC doesn't handle it that way...

Nice codes man
Delfi: looking forward to it Maybe you can add a 'Run VC' button, just like in LithJoe's trainer?

[Stretchnutter]

Im working on this camera hack tool of mine, thanks to your TEXT stuff I can now add a speedometer

And other stat displays




Thanks... and keep it up!

(about the multiply by 4, im unsure, but i used spinnies open & enhanced mod to do a comparison... looks like 4.)

This post has been edited by Stretchnutter on Monday, Nov 3 2003, 15:35

[JernejL]

here are some new offsets:

7898380 > players car in water
7898408 > players car in water
7899664 > players car in water
7899720 > players car in water
- maybe it is not for car, but separate tires?
9931224 > water has effect on player - player (or his vehicle) is in water
all these are variables set by the exe when game is checking things, you can't set them.
maybe they are for use in scripts.

don't kill me for the garage offsets yet, they are real pain in the ass :S

to mta:
i didn't actualy ask for source code, i just asked for
little help to do with character morphing - changing player model

i never asked fou your source code...


This post has been edited by Delfi on Wednesday, Nov 5 2003, 18:54

[Cray]

In all released versions of MTA:VC, the player model change occurs within the SCM. The Client tells the SCM when to change the player model and what model to change it to.

As far as I can tell, you cannot change the player model at run-time of a currently constructed character. I believe the player would have to be destroyed, created and then refreshed.

But again, I cannot speak for certain as to whether or not the player model can actually be changed ... as this is only from our findings way back when.

[Demarest]

@Cray: You might be interested in my most recent mod: Chameleon. In it, I followed VC's lead and added changing who you are to GTA3. It actually is a player model swap. No need to destroy. To read about it, the hurdels I encountered, and how I overcame them, just click here.

@Blokker: By that mentality, why do you leave the house at all? You never know when you're going to get hit by a car or something.

I think the back and forth "I have the logs to prove it" is just a bit less mature than what this thread has been thus far.

[ZanderZ]

QUOTE (Delfi @ Nov 5 2003, 19:51)

don't kill me for the garage offsets yet, they are real pain in the ass :S

Ask LithJoe, he can probably help you. His website still works at http://lithjoe.gta-vice.com
You can also find his email address there: lithjoe@gtaskins.com

[dans]

We (gtama team, LithJoe of ultimate vc trainer fame and Racer_s aka Stretchnutter, author of the infamous cam tool ) have decided to work on an extensive documentation of the vice memory layout.

We have a wiki set up and will start work on it this weekend.

Anyone interessted in helping out feel free to join in @

irc.game-editing.net
#Game-Editing.net

More info to follow...

[DexX]

QUOTE (dans @ Nov 7 2003, 11:49)

We (gtama team, LithJoe of ultimate vc trainer fame and Racer_s aka Stretchnutter, author of the infamous cam tool ) have decided to work on an extensive documentation of the vice memory layout. We have a wiki set up and will start work on it this weekend. Anyone interessted in helping out feel free to join in @ irc.game-editing.net #Game-Editing.net More info to follow...

indeed. i went to game-editing.net to see if anything had been posted about it there, to be met with a "The End" page, i assume the site is down, permanently?

if so, then where would such documention, be documented at?

@ Delfi, wahts going on with those garage addresses, i thought you were going to post them?

This post has been edited by ashdexx on Friday, Nov 14 2003, 11:20

[dans]

the page is down, the irc server isn't. The wiki is hosted on one of JeyK's pages and I guess the final doc will be available there and on gtascripts.org

[JernejL]

more progress on the console:



here is the file:
http://www.infofeast.com/delfi/will_be_del...p/p_trainer.zip

to turn the console on / off use scroll lock key
there may be crap appearing in the console, use backspace to clear it
use the ¨ key (left to the "1", above the tab key) to execute text
parameters are separated with spaces

there is a speedometer on the options page, works alaways even on mission
and on foot , game units or multiplier (200 = km/h)

you touch the "extra hacker" on your own responsibility.

[JernejL]

more more MORE! :

CODE

this is new: car tire status: 677, 678, 679, 680 - 1 byte per wheel, i don't know which wheel is which offset the middle wheels use same as for the rear wheels the offsets are counted from car control block start offset - use generic pointer at 8276416! the status can be: 0 - normal 1 - poped 2 - no tire (used when car is blown up and tire fells off, but the tire             model attachment is stored independantly of this status, data about this is located around 892             so if you change this to no tire, the car acts like it has no tire, but the tire             model is still visible, except if car is blown up..)             anyone knowing anything with car blown up status-es and restoring cars from blown up will get a cookie! :) these are from from gta3 console docs, these are st same offsets, with some new flags from me: 80 word- Car Touching Surface Type: 311586 air / 835842 asphalt (also there are a lot of bit coding in this word) 82 longword special flags: ? ? ? exploded darkened texture (you can still drive the vehicle, "tommy" is "burned" too, try it on a bike! ) has driver visible (otherwise car is completely invisible and doesn't make any particle effects, smoke, tire tracks) explosion proof ? dent proof ? car totally blown up (if you are in that car and set this you die! ) ? ? ? ? damage proof fore proof ? ? ? ? ? ? boat related ? boat related ? ? ? ? ? ? ? ?

[DexX]

oh HELL no, this topic isnt going anywhere!! 2nd page my ass.
More addresses, and a suprise at the end...

CODE

Hex baby! Vice v1.0 Time of day: A10B6B The rest of these are all switches... 0 for off 1 for on Green Scanlines Enabled - A10B69 White Scanlines Enabled - A10B68 "Wheels Only" Cheat Activated - A10B30 "Smoking Tommy" (he smokes a cigarette) Cheat Enabled - A10B23 Slow Motion Gameplay - A10B98 Translucent Text Box OnScreen - A10B83 Show Credits - A10B9C Fast Time - A10B80 Completely Disable HUD (options menu still thinks its on) - A10B45 Funky Camera, not used normally (youll see why) - A10B4F

Now i said i had a suprise and i meant it. If youve ever looked through the exe, or the gxt tables, youll notice alot of text that looks like it could at one time been part of an editor, that was built into the game. Well, this has to be the defining proof of that.

and it doesnt work. NONE of the keys on my keyboard move the cursor, the mouse doesnt do jack, and neither does my controller. i can activate the menu, but not use it. i suspect the commands are not bound to any keys, that red one looks like its highlited.

Code to enable it:
Ingame, set the value to 1
A10B2D
When you enable it, the camera will fly way off into the distance, i dont know why, it just does. Anyway, VERY interesting info up there, i hope i can get some assitance looking into this...

This post has been edited by ashdexx on Saturday, Dec 6 2003, 16:53

[JernejL]

f*ckING sh*t!!!!!!!!

i was very VERY first thing i wanted to enable on gta-vc
i seen this text, and the stuff like "i told you i can't find the f*cking animation" and things
it must be all a part of something!

and the keys probably need to be binded trough the gta-vc.set file i guess

btw, anyone that knows what this in carcols.dat means:

"# Press START on controller to reload this file while the game is running."

theres still whole a lot of sh*t hidden in gta-vc
another is that the gta-vc looks for files: "gta3.ini" and another file in data dir i can't
remember which, "gta3.ini" file was there with gta3, but it is not with gta-vc
all it contained is two lines saying "1.0", it must be all connected somehow
and there are mentions to debug keys and scresnshoots in the exe file near the other
keys, they are probably just gxt pointers but could be more..