Mafia 3 Modding (Mega Thread)

Download Mods for the Mafia Games Forums Mod Creation Mafia 3 Modding (Mega Thread)

Viewing 15 posts - 1 through 15 (of 192 total)
  • Author
  • #162740

    Hi everybody,

    I just started to reverse engineer Mafia 3 and wanted to share all information of myself with you guys. Also if you want you can also post your information and reversed stuff.


    So far Mafia 3 seems to be based on Mafia 2’s codebase. A lot of Strings, Functions, Function calls (hierachy) and xrefs are equal to Mafia2’s (except Mafia3’s running on x64, not like Mafia 2 on x86).

    I’m currently trying to port Gibbets Mafia 2 tool ( to Mafia 3, so far it’s looking good (and promising), it seems that the SDS base structure (platform, version, XML etc.) hasn’t really changed. The version got incremented from 19 to 20. I’m current reversing the TEA keys of Mafia 3 at the moment.


    In case you also want to reverse engineer Mafia 3, you need to dump the executable. From my point of view Denuvo got used in the shipped executable (A lot of jumps inside the codebase, my experience tells me that  it’s Denuvo because the same structure appeared on previous reverse engineering projects (e.g. GTA5)). So in order to dump it, open the executable, as soon as you’re in singleplayer (spawned), go to Desktop and run Scylla x64 ( Simply press dump and you get a (nearly) decrypted executable which is ready to be loaded into IDA.



    Used libraries(dependencies): Havok, wWise

    Used LUA versions seems to be 5.2.1 (at least in havok)



    Still they seem to be using LUA for scripting (same as in Mafia 2).



    When looking deeper into scripting (let’s take SetTime function), we can see that the function itself has lua calls inside.


    Looking even deeper, you can see that Mafia 2 and Mafia 3’s script engine system has some similarities. (Don’t mind the //get top , the compiler just inlined the function (compile config, compiler version etc. caused this))



    Update 8.10

    If you want to patch loading screens, simply patch these bytes on the following address:

    Bytes: 0xB000C3  (ASM code: mov al(B0), 0(00); retn(C3);) Note: If you patch the address directly, don't forget to write bytecode in reverse order, so it's 0xC300B0

    Address: 0x0000000143850B30 (Imagebase 0x140000000, so ImgBase + 0x3850B30)


    Furthermore here is a list of class instances (Imagebase is 0x140000000)

    Name Address Description
    VAR_C_GameScriptModule 0x00000001462F5ED8 To be done.
    VAR_C_GameCamera 0x000000014608C120 To be done.
    VAR_C_Game 0x00000001461E5828 To be done.
    VAR_C_FlowNodeLogicQuestEvaluateImpl 0x00000001461E6968 To be done.
    VAR_C_CityOwnersManager 0x00000001461E5A38
    VAR_C_CharacterTable 0x00000001461E5898
    VAR_C_ActorSubdivObj 0x00000001461E6008
    M3Malloc  0x000000014293D770 Thread safe malloc inside Mafia 3


    About hashing:

    Mafia 3 is using the same hashing methods as Mafia 2. Used hash methods are fnv32 and fnv64. Screenshot attached below. (The reason the function body is inside the parent function is caused by the compiler (optimisations), who inline the function to improve performance (optimizations at compiletime))


    About SDS structure:

    In previous SDS version (Mafia 2, version 19), the SDS archive header contained a XML offset (also the XML content was not encrypted/encoded). In SDS version 20 (Mafia 3), XML offset seem to no longer exist (always 0), also the content seems to be encrypted / compressed.


    At the time being, I’ m reversing the script engine in order we can create a scripthook and run own lua content. Instead of just hooking loadbuffer function, I’m reversing the whole Script Engine (so we can adjust everything). This are the base structure at the moment:


    Also here are the LUA function addresses (these are not the ones from HavokScript hksi, these are the plain Lua functions)

    lua_close 0x00000001446D10E0
    lua_newstate 0x00000001446D1380
    lua_pushfstring 0x00000001446D14F0
    luaL_addsize 0x00000001446DAE40
    luaL_callmeta 0x00000001446DB3F0
    luaL_argcheck 0x00000001446DB0B0
    luaL_checkany 0x00000001446DB570
    luaL_checkinteger 0x00000001446DB600
    luaL_checknumber 0x00000001446DB750
    luaL_checkoption 0x00000001446DB800
    luaL_checkudata 0x00000001446DBBA0
    luaL_error 0x00000001446DBD70
    luaL_findtable 0x00000001446DC3A0
    luaL_getmetatable 0x00000001446DC260
    luaL_gsub 0x00000001446DC6D0
    luaL_loadfile 0x00000001446DC9B0
    luaL_newmetatable 0x00000001446DCAC0
    luaL_openlibs 0x00000001446DEB90
    luaL_optinteger 0x00000001446DCCC0
    luaL_optnumber 0x00000001446DCFC0
     More coming soon…




    8 users thanked author for this post.

    Thank you very much for sharing this via our forums, Barzakh! I’m glad to see that they didn’t deviate too far from Mafia II’s proprietary tech. Hopefully this means aspects of Mafia II can be ported into Mafia III.


    there are a bunch of cvars that can be found if you look at the memory strings, but im not sure how to make the game read them or get it to enable a debug console


    Sooo… This is the first look in the Script Hook for Mafia 3, first version should be out on sunday 😉 This version is thread safe and works with the Game Main Script Thread / Machine. Also I’ll add a list with available commands and parameters (all game sciprting functions, as far as possible).. D3D11 hook and maybe developer console coming later on
    (unfortunately i can’t embbed it with the video tag, keep on getting 403 not authorized, A potentially unsafe operation has been detected in your request to this site…)


    PS.: Some nice messing around screenshot 😉

    2 users thanked author for this post.

    Fucking awesome man. I cannot wait to make Mafia 3 script mods soon. Thank you for your work, I appreciate it!


    Thanks for reporting the embed error, Barzakh. We will look into it immediately.

    Looks like you weren’t joking about the codebase – that Lua script is the same one I used for the Teleport to Joe’s Apartment mod. Do any of the other scripts on the site work in Mafia III via your script hook?

    Nice choice of music on the video. Reminds of of when Wei sung it in Sleeping Dogs. Shame that game wasn’t moddable. 🙂


    Alright, first version of the scripthook is out now. (I’ll upload it here once I’ve finished some cleanups (adding icons to executable, writing tutorial, list of commands etc.))


    The Scripthook supports loading of library (.dll) and script (.lua) files. So you can either write your plugins with C++ (calling game functions directly) or simply use lua, or either use both.

    The library part of the Scripthook features all needed memory functionality (searching for patterns (writing them into a cache file so search is next time faster etc.)) including LUA (you get the lua_State ptr once the plugin start routine is called)

    Example can be seen here:


    The files need to be placed in the following directories:

    MAFIA III FOLDER/scripts/*.lua

    MAFIA III FOLDER/plugins/*.dll


    In order to allow quick development, you can reload the LUA scripts via F1 key press. Reload for .dll will be added soon


    Oh and by the way, I’ve uploaded the Mafia 3 font files (extracted from the Launcher) for you guys, you can download it at!l8NDVCKA (nearly 60MB because of chinese and japanese fonts)

    5 users thanked author for this post.

    Finally. I’m so glad this is starting off.


    Fucking awesome man. I cannot wait to make Mafia 3 script mods soon. Thank you for your work, I appreciate it!

    Knowing YOU are going to be working on stuff here. That reassures me. All we need now is model editing.

    1 user thanked author for this post.

    Alright guys, here are some functions (Once I wrote a script you get them prettyfied ;))

    Until then, please compare the variables (like – if they are correct) and take / guess the parameters from here






    Unknown yet, only class reversed:


    player (you can access it with )

    car (vehicle) (when you are in a car, you can access it with )

    boat (vehicle)  (when you are in a car, you can access it with )















    gamecam and mafiacam




    entity (wrapper)


    Little insight how many functions register these variables (like, game.hud etc.)

    8 users thanked author for this post.

    Awesome stuff!


    Any possibility of custom soundtracks? Would be dope to listen to my own music while driving around.


    any way to add a toggle button for lethal/nonlethal takedowns? In real time?


    @sic_null You will have to wait for the SDS Tool.

    There most likely is but not all functions are found yet.


    Fucking awesome man. I cannot wait to make Mafia 3 script mods soon. Thank you for your work, I appreciate it!

    Knowing YOU are going to be working on stuff here. That reassures me. All we need now is model editing.

    To be honest @jedijosh920 is pretty awesome when it comes to scripts and stuffs

Viewing 15 posts - 1 through 15 (of 192 total)
  • You must be logged in to reply to this topic.