Extending the Life of Halo Modding

[Zanghfei]

[off topic]You know the little dashboard widget that is one of those slider puzzles? 10.5 is a leopard, 10.6 is a snow leopard, and guess what 10.7 is? A SNOW LEOPARD SAHRAKHE.[/off topic]

http://en.wikipedia.org/wiki/Mac_OS_X_Lion
10.7 is Lion :3.

[Sparky]

May I suggest if it is possible to have a second option, a second map that just links to a dupe bloodgulch.map renamed custom.map?
Just so you could use that instead of the default bloodgulch, and if people did use that instead, you could tell the difference between a stock and custom map.

I suggest something similar: I'm guessing that in the executable you have string values used as paths to the map files, just like we have string values that are paths to each tag within each map file. Given the stability of the game engine, the game might still work if you change those to nonexistent paths, or change them to ... ... string values for modded map files.

EDIT: I found the strings inside the executable, but what I suggested was unnecessarily complicated. It would be much easier just to make some modded map files and place them inside the Maps folder, just like we do now. Also, the maps are listed by name twice, with two bytes of 00's between them.

EDIT2: Forget what I said, it's easier to modify the Hex:

Navigate inside the UB package contents until you find the Halo executable. Open the Halo executable in Hex Edit and find the ASCII value "bloodgulch". Then, in overwrite mode, write 00's over the names of the other maps, until it looks like this:


Modified UB executable:
http://www.halodemomods.com/wiki/File:H ... h_Only.zip

Result:

CREATE GAME and JOIN GAME only let you play Bloodgulch. In the first image, you can see it says "OK" but when the button is pressed while Beavercreek is selected, it gives an error sound and does nothing.

[nil]

May I suggest if it is possible to have a second option, a second map that just links to a dupe bloodgulch.map renamed custom.map?
Just so you could use that instead of the default bloodgulch, and if people did use that instead, you could tell the difference between a stock and custom map.

Hmm, this really does seem like a good idea. So, when you install a mod, you'd usually not want to swap with bloodgulch.map, but custom.map instead.

I've found the general area of code being executed in memory that does the serial key check when creating a server, but it's quite bizarre to me. Closest thing I got to behave differently was making the invalid cd key prompt up when hosting a LAN game (not normal behavior), by jumping over a function call.

I will state that I think it should be possible to create games that still show up in the lobby without any restrictions and that allow any bad cd key users to join, as people have done this on the PC versions.

[Modzy]

I've found the general area of code being executed in memory that does the serial key check when creating a server, but it's quite bizarre to me. Closest thing I got to behave differently was making the invalid cd key prompt up when hosting a LAN game (not normal behavior), by jumping over a function call.

I will state that I think it should be possible to create games that still show up in the lobby without any restrictions and that allow any bad cd key users to join, as people have done this on the PC versions.

In the exec. 0x007C5BF3 change the next byte from 0x00 to 0x01. Internet games will not prompt an invalid key. However, I've only got it listed in the master server once.

Sparky:

The effect you're looking for is done with a combination of app editing and ui editing. As seen here:

[Sparky]

I was able to successfully modify the executable so that it only lets you play The Silent Cartographer. Instead of telling you what to do this time, I'm just uploading the modified executable along with the ui.map file with the fixed strings so it actually says "The Silent Cartographer" when you load any (saved or new) singleplayer game, rather than the original map name.

However, I think I may need to change something else having to do with the shaders, because I'm getting this weird shader glitch:


Anyway, here is a .zip file with the Single Player and Multiplayer changes made to the executable so that only The Silent Cartographer and Bloodgulch are playable (and so that they appear at the top of the list and work as they should), and the coordinated ui.map file with fixed string values for map names in-game.

Ah wait no. I played through the level and at the end, you hear the pelican and the ambient sounds of the inside of the Halo facility, but it's just a black screen. What I should do instead is have the b30 map reload over and over, or have it load some modded SP maps...


So yeah, here's the deal: I made it so that only B30 and Bloodgulch are playable, and that it works and looks alright, but the question remains: should we simply replace the existing campaign with a modded set of campaign levels (like different variations of B30... ooh there's an idea, make it harder each time ) and replace the existing multiplayer maps with a set of modded maps (only accessible to people using the new Halo Demo) ?

EDIT: yeah, modzy, that's what I did, basically.

[Mgalekgolo]

straying from all this but has this even ever been done before?

[Sparky]

What kinds of maps would we include in the Halo Demo UB? All the mods we have at HDM are demo mods, not full mods... So apart from converting the header with DemoHack and internalizing everything with Eschaton... and Pearl only converts to demo, right?

[Modzy]

Making the UI look like demo was the very first thing I did when I began this project.
As it looks, the first release would include bloodgulch and b30, with a new multiplayer option for a custom map. The plan is to use the existing full version bloodgulch and b30, and use Pearl's indexes to change the bitmap and sound data offsets of tags in both maps to that of demo bitmaps/sounds, and then use demo's resources.

Pearl 2 already has significant Demo > Full converting capabilities, it wouldn't be hard to polish them up.

[nil]

In the exec. 0x007C5BF3 change the next byte from 0x00 to 0x01. Internet games will not prompt an invalid key. However, I've only got it listed in the master server once.

Is this just a boolean or something Halo uses? Do you know of the memory address too? *Looks into this*

[edit]: I changed the int8 at 0x007C5BF3 in the executable from 0 to 1... Tried to create an internet game with my invalid cd key, and still got the invalid cd key prompt.

[Sparky]

Making the UI look like demo was the very first thing I did when I began this project.
As it looks, the first release would include bloodgulch and b30, with a new multiplayer option for a custom map. The plan is to use the existing full version bloodgulch and b30, and use Pearl's indexes to change the bitmap and sound data offsets of tags in both maps to that of demo bitmaps/sounds, and then use demo's resources.

Pearl 2 already has significant Demo > Full converting capabilities, it wouldn't be hard to polish them up.

There are a few ways to make it act like demo also.

I did what you did with mutliplayer and the UI.map file.
With Singleplayer, you can change all the links to b30s, or make only the first link b30 and all the others 00's. If you change them all to b30, then you can play b30 10 times in a row (or indefinitely, I don't know - I tried cheating to make the spartan run fast and jump high, but the game has shader issues and crashes often on me). If you delete the other maps in the list, then you get a black screen and have to quit the game after your first run through b30. I therefore think the best option is to include various Halo CE conversions to Halo Full, and rename each of these map files to a10, a30, etc. Also rename the ui.map file strings to match the name of each new map. That way, you can play up to 10 SP mods and 18 (?) MP mods. And the best part is that as long as the map file names sync, the gamespy server will only list the map files with the same name listed in those offsets whose pictures I posted earlier... not the names of the maps as they are in the ui.map file as string values. So you can see the second picture I posted that has only the Blood Gulch servers, because I deleted all the other MP map references in the executable. So name those to the name of each mod, like "Crossing.map" for example would be named "Crossing" in the executable data, and the gamespy server will include all games hosting the Crossing mod.

[Modzy]

In the exec. 0x007C5BF3 change the next byte from 0x00 to 0x01. Internet games will not prompt an invalid key. However, I've only got it listed in the master server once.

Is this just a boolean or something Halo uses? Do you know of the memory address too? *Looks into this*

[edit]: I changed the int8 at 0x007C5BF3 in the executable from 0 to 1... Tried to create an internet game with my invalid cd key, and still got the invalid cd key prompt.

Using Halo 2.0.4 right?



It's not a boolean. It's part of some address, haven't looked into if it is for memory or some such. If the address is changed too radically, it will cause Halo to crash when starting internet games, if not changed enough you will still get an invalid key prompt. Changing it to 0x01 or 0x02 works.

I'm only about half in this effort at the moment, as I've been at work most of the time and school starts up in two days. Help, like nil's, is great as this should be a community matter.

[nil]

Okay, I figured out what you're doing. Yes, you are modifying a memory address, which is technically wrong here. It's a coincidence that modifying the memory address for you works like that.

The memory address in the executable we're looking at is 0x005B4660 (which you get from the four bytes 60 46 5B 00 taking little endian in account).

In memory, 0x005B4660 is the address of what I think is a boolean. The value at that address you will find to be 0. If you change it to something else like 1, I can then reproduce the effect you've achieved (by the way, I don't think it shows up in the lobby for me).

Changing 60 46 5B 00 to 60 46 5B 01 in the executable like you suggest changes the memory address to 0x015B4660, which is like a made up address . This works for you because the value at 0x015B4660 in memory is actually non-zero for you, but not for me.

[Modzy]

Okay, I figured out what you're doing. Yes, you are modifying a memory address, which is technically wrong here. It's a coincidence that modifying the memory address for you works like that.

The memory address in the executable we're looking at is 0x005B4660 (which you get from the four bytes 60 46 5B 00 taking little endian in account).

In memory, 0x005B4660 is the address of what I think is a boolean. The value at that address you will find to be 0. If you change it to something else like 1, I can then reproduce the effect you've achieved (by the way, I don't think it shows up in the lobby for me).

Changing 60 46 5B 00 to 60 46 5B 01 in the executable like you suggest changes the memory address to 0x015B4660, which is like a made up address . This works for you because the value at 0x015B4660 in memory is actually non-zero for you, but not for me.

That is what I expected. I did do a ranged memory dump of 0x005B4660 to 0x005C4660 when I first made the modification, and was unable to determine a structure to that portion of memory in the short time I tried. So I just passed it off as "some" address as I was unsure if it was in memory or exec. itself (which sounds silly).

I was only able to produce a server in the lobby once. As this is a memory address, and memory tends to change quite a bit from machine to machine, and even from relaunching an app, I'm guessing whatever conditions in memory caused that was just a lucky shot.

EDITEDITEDIT screw proof reading

[Mgalekgolo]

I know this has nothing to do with the port but will this crack thing work for just bypassing the cd key check for servers anyway? I also tried the hex and It didn't work for me.

edit: Extending sparky's idea, we could make a whole campaign where you play as a different biped each time on silent cartographer (my trusty bipeds with huds .) i.e.

Code: Select all

A10:marine
A30:elite
A50:grunt
B30:spartan[derp]
B40:jackal
C10:floodcombat human
C20:floodcombat elite
C40:Hunter
D20:Grunt specops
D40:Keyes [deedum]

Or something like that. I will make them all.

[Modzy]

0x005B4660 is nothing but 0x0s for 9A0 in memory. No structure I can see.

There is some interesting stuff before it though. Including the CD key.