I just started to take a look through the RAM for the game using Cheat Engine. I'll document my findings as I come across them. I already have some interesting things, it looks like.
First off, what I'll explain some things at a higher level of what I've found out. It looks to me that the Stamina isn't placed in the player struct like health and respect are. I've found offsets for health, respect, player coordinates and plenty other things. Some of which I only have a vague idea about and others which I have a clue as to what they are. The time of day interestingly seems to be in the player struct. Alternatively, it just might happen that the player struct has been laid out in memory close to other structures so what I actually see is different structs with different data. The reason I believe if to be all in a player struct is that the respect is referenced from the struct base with an offset (addr+1200). At the top of that struct is some pointers and then what are clearly player coordinates.
Interestingly, stamina doesn't seem to be included here and is in a place in memory before the player struct. This is part of the reason that I believe the infinite sprint glitch works. It might not have anything ¤real¤ to do with it in the end, since it could easily be some kind of check to see if a condition has been met but the fact that it's in another location in memory is still interesting.
Furthermore, stamina is CONSTANTLY being written to. If you're running, it's being overwritten decreased. If you stop, it's being increased. As soon as you're at max, it's being overwritten with the same value (9000). If you have infinite sprint, this is only slightly different. When you're running, it goes up to 10,000 and stays steady, constantly writing that. When you stop, it drops back to 9000 and writes that repeatedly.
On top of that, in either case, it also writes using a different function whenever you stop running. I haven't figured out the case of that one but the other two are exactly what you'd expect given what I've said. When running, it's a load-increment (or decrement)-store. Otherwise, just a constant load-store. From the start, that seems like weird unnecessary programming but who am I to judge. I've needed some funky work arounds, myself.
Using cheat engine, I've been able to dynamically modify how much respect of money I've been given and I've also been able to make myself (along with all NPCs) invincible.
I have quite a bit more work ahead of me, trying to understand this assembly and make heads or tails of it all but this is a halfway decent start.
EDIT 1: I have most definitely figured out a boolean value that dictates whether or not the Tornado is on the map. Addr 0x02FCE538+0x7C if you want to try it for yourself with Cheat Engine. The struct at 0x02FCE538 is the struct specifically for the Tornado. Looking at offset 0x80, it says heli_fight as a string and a little further down, there's another string that says Tornado. This is preeeeeetty good news, I think. We can analyze this struct and see if there's any way to exploit randomness. Right now, I'm trying to find if there's any particular thing that causes the Tornado to come up with a 1 in offset 0x7C. Atm, I've just figured out that it simply does happen. I've tested with the Police Station spawn and a garage spawn. Also note that changing this value directly doesn't appear to cause a spawn but simply tells you whether it's there or not so it's likely being called in a function that spawns it and sets that.
I got some changing RAM values during the rarer Tornado spawn (isn't there until you turn around and look back). I'm not sure if this tells us anything we didn't know but it's cool to see exactly when it spawns.
Just a thought, could you possibly look into how the “random tasks” in escort and fuzz are allocated? Are they just pure RNG or can they be manipulated to get nicer outcomes. That is a few mins in time save in any% and a boatload in 100% if they can be.
Also area selection in mayhems. There are times where I feel doing certain things, such as ending facing certain directions, help get better outcomes not sure if it is just wishful thinking.
Yeah, I can give it a shot. My guess is that it's RNG from a pool. For instance, the 3 mayhem levels we get, the first is always Truck Yard, I believe it is. Then it's one of 3: Downtown, Red Light, or Projects. The third is always one of those two is hasn't chosen from yet. And the fourth seems to always be the Hotels and Marina but we don't do that.
I'll see if the randomness for anything is something we might control.
