Hacking Grand Theft Auto IV: Part II

One of the features the Games For Windows API provides is protected buffers. These buffers can be allocated by games that use the API, and data can be copied back and forth from them. GTA IV uses this for a bunch of the game memory, for example, your current cash.

The following functions (thanks, xlive.pdb!), are what provide this feature to games:

  • int XLivePBufferAllocate(int size, XLiveProtectedBuffer **pbuffer)
  • int XLivePBufferGetByte(XLiveProtectedBuffer *pbuffer, int offset, unsigned char *value)
  • int XLivePBufferGetDWORD(XLiveProtectedBuffer *pbuffer, int offset, unsigned int *value)
  • int XLivePBufferGetByteArray(XLiveProtectedBuffer *pbuffer, int offset, void *destination, int size)
  • int XLivePBufferSetByte(XLiveProtectedBuffer *pbuffer, int offset, unsigned char value)
  • int XLivePBufferSetDWORD(XLiveProtectedBuffer *pbuffer, int offset, unsigned int value)
  • int XLivePBufferSetByteArray(XLiveProtectedBuffer *pbuffer, int offset, void *source, int size)
  • int XLivePBufferFree(XLiveProtectedBuffer *pbuffer)

By creating a fake xlive.dll which wraps the real xlive.dll, we can serve ‘unprotected’ versions of these 8 functions. In doing this, we can now freely modify at runtime the data that the game wants to be protected, including your current cash.

XLive Wrapper for GTA IV 1.0.0.1

Drop this into your GTA IV game directory (where GTAIV.exe resides), start the game, viola, unprotected memory!

(The first time you run the game, the wrapper will prompt you if it is OK to copy the original xlive.dll/xlive.dll.CAT unmodified to another location with a new name)

If you encounter any issues with the wrapper aside from the UI issue, please let me know!

The only side effect that I’ve seen so far is that the in-game UI for Games For Windows no longer appears, although the game continues to function normally (including multiplayer).

Part III will talk about save validation and include version 1.1.0.0 of the wrapper with this disabled :).

Tags: ,

109 Responses to “Hacking Grand Theft Auto IV: Part II”

  1. LinkZ says:

    x3x, you can use ArtMoney to find values decreased by unknown amount.
    sorry for my english..

  2. the hubster says:

    For those qsking hoz to get money and health through this, there is a thread on gtaforums here with memory addresses; http://www.gtaforums.com/index.php?showtopic=378631&st=20

    Search google for a tsearch tutorial to find out how to use these values or find your own.

  3. ZomBuster says:

    Thanks, I got infinite health working with this.

    Now I just want it in an easy exe

  4. TomAlek says:

    ZomBuster: how?! 🙂 Maybe u can upload a file with this cheat?

  5. ZomBuster says:

    I just did what Rick described

    “200.0, float, is your max health, so, heal up, search 200.0 float, get hurt, search decreased, etc, until you have a small amount of values.”

    With Cheat Engine

  6. Zerox says:

    Any news about the save validation?

  7. otaired2 says:

    Well at least it work but it still crash when try to find what write to this addreas thing…
    Hope Part 3 fix this too

  8. Kontra says:

    I got it to work. First you have to have a program called Tsearch

    I uploaded it to my rapidshare premium account for easy access

    http://rapidshare.com/files/174938438/tsearch.zip.html

    Make sure you have full health and body armor

    Download and run it.

    First click open process, and find gtaiv.exe

    make sure search and cheat list are selected

    right under the open process click initiate new search

    search: exact value, value: 200. , type: float. this is with full health and body armor. I found 2969

    I then got in a fist fight and did no damage to anyone , then, search next: has decreased type: float . i found 25

    Got hit a few more times , then search next: has decreased type: float found 4

    double clicked all of them and added them to my cheat list I just added 200 to 3 of them with same value and became bulletproof

  9. nocookies says:

    doesn’t work on vista x64.

  10. Kontra says:

    Statistics
    Average FPS: 34.01
    Duration: 5.82 sec
    CPU Usage: 85%
    System memory usage: 58%
    Video memory usage: 95%

    Graphics Settings
    Video Mode: 1024 x 768 (75 Hz)
    Texture Quality: Medium
    Render Quality: Medium
    View Distance: 21
    Detail Distance: 37

    Hardware
    Microsoft(R) Windows(R) XP Professional x64 Edition
    Service Pack 2
    Video Adapter: NVIDIA GeForce 8800 GS
    Video Driver version: 180.84
    Audio Adapter: Realtek HD Audio output
    AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
    AMD Athlon(tm) 64 X2 Dual Core Processor 6000+

    File ID: Benchmark.cli

  11. Kontra says:

    Well it works with just health body armor has nothing to do with it. Except when I got hit by a car, my body armor increased and i was laying on the ground, couldn’t get up

  12. Jake says:

    Can somebody provide the original .dll or can I get it somewhere?

  13. Kontra says:

    Just use that one, it will work the same if you dont have it

  14. Jake says:

    I can’t get multiplayer working with this one >:(

  15. Alex says:

    For some reason this crashes my game, but works when I don’t sign into live. Does it require the latest version of gta/live?

  16. Andi says:

    i copied over the .dll but i cannot edit the money value :/
    they still seem to be protected

  17. Kontra says:

    Im not sure how to edit the money i just got the health to work

  18. x3x says:

    Kontra what do you mean search next and has a decreased to 25 ? when u click search next u have to put in a value to be able to make the next search, so what did u put in there ? 200. ?

  19. x3x says:

    lol kontra u got the health work and i cant, i got the money work and u cant haha da hek ? use tsearch , find 4 bytes ( put in the amount of money you have now ) after that run to gun store and buy some ammo..ur money decreased..go back to tsearch put in da money u have now..go back buy ammo, back to tsearch again keep doing that until u got 3 address w/ the right value = your money , add to cheatlist change value to 99999999 something like that and freeze them.

  20. DS says:

    When I try to run the game I get: “GTA IV requires a sound card in order to run.”

  21. Kontra says:

    Oh i didn’t bother with the money, rather earn my money xD well i can’t get achievements cause its a cracked version xD,

    But you choose “has decreased” not “decreased by”

    look proof below about
    http://i239.photobucket.com/albums/ff2/WhiteDrone/CompStuff/x3x.jpg

  22. […] another mod that doesn’t require you to pay, however It’s located here. You’ll have to put that DLL in your game dir. This .dll will wrap the real xlive.dll so you […]

  23. Jake says:

    Where can I get the original .dll? I’m too lazy to re-install the game

  24. x3x says:

    thx kontra i got it working now, someone gotta make this into a .exe file or something its frustrating wheneer u play and have to locate the address and change the value…

  25. i hope no one will make a exe for download. go write your own.

  26. ASM says:

    Where did you get the xlive.pdb from?
    I’ve tried to download it from MS symbol server using symchk but it doesn’t seem to be hosted there.

  27. Kontra says:

    http://blog.gib.me/wp-content/uploads/2008/12/xlive_wrapper_1001.zip

    click that link and add it to where your gtaiv.exe,

    I did not have the original xlive.dll biut add this one still and it worked for me

  28. Kontra says:

    either this died, or i helped everyone with any possible questions

  29. C06alt says:

    Thanks rick. x3x you need to search for a (float) type value for health. And if you ever need money Kontra you need to look for an (int). same process, enter your current money in the first search (you can check on pc by pressing T). then spend some and enter the new value in the next search.

  30. Kontra says:

    I know how to get it just dont need it really

  31. Bleedthefreek says:

    same as other poster. using vista 64x. put your .dll in gta IV root folder, get copy files pop, run either RGSC/GTAIV.exe and BLAMMO.

    Description:
    Critical runtime problem

    Problem signature:
    Problem Event Name: APPLICATION CRASH
    System RAM: -2478080
    Available RAM: -1402748928
    Number of CPUs: 2
    Video Card Manufacturer: NVIDIA
    Video Card Description: NVIDIA GeForce 8800 GTS 512
    Video Card Driver Version: 7.15.0011.8084
    OS Version: 6.0.6001.2.1.0.256.1
    Locale ID: 1033

  32. unknow says:

    wheres the GTA IV’s directory.. sorry im new to this.

  33. Qbert says:

    Hello sir. I’m attempting to resume my savegame from another computer. I have only the contents of this folder: C:\Users\Qbert\AppData\Local\Rockstar Games from the original system. Original system was 32-bit Vista (Home Premium). New system is 64-bit Vista (Home Premium). It is my understanding that your software can correct my error of not acquiring the data from the folder: C:\Documents and Settings\Qbert\Local Settings\Application Data\Microsoft\XLive. Is that indeed the case? If so, may I ask your kind assistance in accomplishing this task? Thanking you (and anyone who might offer a friendly reply) in advance… 🙂

  34. Qbert says:

    PS I only played offline, using the account ‘Player1’.

  35. Qbert says:

    PPS And only wish to play offline.

  36. Qbert says:

    PPPS Is there perhaps some way to reverse-engineer the data required for the XLive directory from the data in the Rockstar directory? 😉

  37. Sam Fisher says:

    i cant log on to social club anymore……..why is that?

  38. Kontra says:

    Sam, before you were suppose to do this, you were suppose to set the log in to, remember me. Then you wont have that problem. For me, the login is now showing up again.

  39. Leon Saunders says:

    Where did you find xlive.pdb? I need it for… a project, It seems that it uses STFS just like Xbox 😀
    If you could mail it to me, I would be very thankful 🙂

  40. Ovidiu says:

    I ran xlivewrapper on gta 4 1.0.4.0 hoping it will work for using my previous savegames, but know i get an error gta has stopped responding. How can i undo the changes that xlivewrapper did without reinstalling gta 4?

  41. James says:

    To Rick:
    How did you get the xlive.pdb file ?

    Would it be possible for me to take a peek at the xlive wrapper source code ?

    What is your e-mail address ? I couldn’t find it 🙁

  42. lucky says:

    my game crashes after copying the xlive wrapper in game directory any suggestions please

    i hv los my 73% game

  43. Daniel says:

    Seems that the wrapper dosn’t work on 1.0.4.0. I’ve lost all my savegames so I’m really hoping for a wrapper that works for the latest gta patch, so I can use a downloadet savegame. Does anybody know if this by any chance is in the pipeline?

  44. david says:

    hey i just downloaded GTA and i donwloaded a save file from a certain mission im using the razor 1991 crack
    by the way im runnnig windows 7 RTM
    so i but your xlive.dll file in my gta directory and run gta then i get the usual black msdos screen coz of the razor crack
    then the screen goes gray and the game crashes..
    what should i do?

  45. shakazahn says:

    hi, i got a problem with the wrapper!
    when i put the live.dll file in the game directory, the game crashes, but the game runs fine without the file there. you know what’s the problem is and how i can fix it?

    im running vista premium 64-bit

  46. hellyeah says:

    Same problem here with windows 7 64 bits RC , game crashes when i install the xlive ….can anyone help us

  47. FioleX Mephisto says:

    Hi,

    I istalled “Games For Windows – LIVE” And I Get An Error Message When Starts Says I Need To Download A Hotfix For Windows XP .

    My Question Is,
    Is This Wrapper Used For Disappearing That Message ?

    Thanks For Your Help ..

  48. AliReza says:

    Hi,
    I ran xlivewrapper on gta 4 1.0.4.0 hoping it will work for using my previous savegames, but know i get an error gta has stopped responding. How can i undo the changes that xlivewrapper did without reinstalling gta 4?

  49. Zami says:

    Hi Rick,

    if I wanted to copy the data from C:\Windows\system32\xlive.dll to C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\xlive.dll , does come the error message “Could not write C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\xlive.dll”.
    What has operated?
    Thank you for your help!