One of the features the Games For Windows API provides is protected buffers. These buffers can be allocated by games that use the API, and data can be copied back and forth from them. GTA IV uses this for a bunch of the game memory, for example, your current cash.
The following functions (thanks, xlive.pdb!), are what provide this feature to games:
int XLivePBufferAllocate(int size, XLiveProtectedBuffer **pbuffer)
ProtectedBuffer *pbuffer, int offset, unsigned char *value)
ProtectedBuffer *pbuffer, int offset, unsigned int *value)
ProtectedBuffer *pbuffer, int offset, void *destination, int size)
ProtectedBuffer *pbuffer, int offset, unsigned char value)
ProtectedBuffer *pbuffer, int offset, unsigned int value)
ProtectedBuffer *pbuffer, int offset, void *source, int size)
By creating a fake xlive.dll which wraps the real xlive.dll, we can serve ‘unprotected’ versions of these 8 functions. In doing this, we can now freely modify at runtime the data that the game wants to be protected, including your current cash.
Drop this into your GTA IV game directory (where GTAIV.exe resides), start the game, viola, unprotected memory!
(The first time you run the game, the wrapper will prompt you if it is OK to copy the original xlive.dll/xlive.dll.CAT unmodified to another location with a new name)
If you encounter any issues with the wrapper aside from the UI issue, please let me know!
The only side effect that I’ve seen so far is that the in-game UI for Games For Windows no longer appears, although the game continues to function normally (including multiplayer).
Part III will talk about save validation and include version 22.214.171.124 of the wrapper with this disabled :).