Fun Dynamic Modding..Mhmm.

Moderator: Halo Moderators

nil
Halo Moderator
Halo Moderator
Posts: 1090
Joined: Sat Jul 05, 2008 8:38 am
Location: null zone

Re: Fun Dynamic Modding..Mhmm.

Post by nil » Mon Dec 21, 2009 9:08 pm

After talking to Pielogist and fixing his problem, I found out some issues with python + 64-bitness compiling on some particular machines so I'm going to revert to compiling as 32 bit universal binaries for now, unfortunately. I've updated and uploaded the demo memory template and the mod samples as such.
olly12345 wrote:Are these the scripts used in CE or different ones?
EDIT: I don't know anything about this but i suggest making a Memory Hacking sticky with everyones findings.
I'm not too familiar with CE scripting, but this is scripting in terms of altering virtual memory. I would imagine it's not quite the same thing.

About everyone's findings with memory hacking, maybe there should be a sticky, but I created a wiki-page where I posted many of my findings (especially see "Halo Demo Memory Documentation" section).
I am no longer active to Halo or MGM, and don't guarantee a response on the forums or through email. I will however linger around the discord room for general chatting. It's been fun!

Altimit01
Eschaton Dev
Eschaton Dev
Posts: 2108
Joined: Sun Apr 15, 2007 7:43 pm

Re: Fun Dynamic Modding..Mhmm.

Post by Altimit01 » Mon Dec 21, 2009 9:12 pm

So for those who need a TL;DR
nil made a template and interface for modifying Halo demo memory. You just write a script in python and it gets turned into an app that does said memhacking.
Disclaimer: I am no longer active. Any posts, PMs or other communication I use has no guarantee of accuracy or follow up.
Download Eschaton: Mediafire

Mac Hacker
Ranger
Posts: 1787
Joined: Tue Jul 10, 2007 9:07 pm

Re: Fun Dynamic Modding..Mhmm.

Post by Mac Hacker » Wed Jan 27, 2010 6:38 pm

so if i happen to leak the portal app source nil could do make said port app? hmm genius tho using python its universal its a nice change XD and py is an easy to learn language
TsGh

002
Ranger
Posts: 944
Joined: Wed Aug 16, 2006 5:48 pm
Location: ::1

Re: Fun Dynamic Modding..Mhmm.

Post by 002 » Fri May 07, 2010 4:52 pm

So, back to the topic of this app.

Since it can read from the memory of Halo Demo, apparently you can actually cause a player to instantly die when they get within 1 unit from a point, like the rocket laucher. Everyone likes to see banshee noobs die. Also, have it coded so only the host can get it.

nil
Halo Moderator
Halo Moderator
Posts: 1090
Joined: Sat Jul 05, 2008 8:38 am
Location: null zone

Re: Fun Dynamic Modding..Mhmm.

Post by nil » Mon Jun 07, 2010 8:18 pm

@Tyler777, modfox is in the works of making a portal thing but he's stuck on something so maybe the source would be useful.

@002, that's quite possible. The only way I know of killing someone in memory is moving them off the map though, but it works. I'm sure there's a better way, I just don't know it. Anyway, it would just involve iterating through all the dynamic player structures except the host and grabbing their player location (a bit tricky but it's been done in my demos), calculating if their location is near a point (distance formula), then decide to kill them or not by moving them off the map.

This thread is kind of hard to track for me... Stickies are hard to notice.
I am no longer active to Halo or MGM, and don't guarantee a response on the forums or through email. I will however linger around the discord room for general chatting. It's been fun!

Amy
Green Beret
Posts: 3628
Joined: Mon Nov 17, 2008 6:22 pm
Location: Mota-Lev's house.
Contact:

Re: Fun Dynamic Modding..Mhmm.

Post by Amy » Tue Jun 08, 2010 4:06 am

I want to be able to pick things up... with a gun.

Like when you shoot it gets picked up and you can move it around

Is that possible?
MGM Sig
Mota-Lev wrote:Its like watching an Asian girl crush a cats brain through its eye socket with high heels.. Its horrible but I just can't look away :/.

nil
Halo Moderator
Halo Moderator
Posts: 1090
Joined: Sat Jul 05, 2008 8:38 am
Location: null zone

Re: Fun Dynamic Modding..Mhmm.

Post by nil » Tue Jun 08, 2010 12:54 pm

Probably possible but definitely not easy to figure out.
I am no longer active to Halo or MGM, and don't guarantee a response on the forums or through email. I will however linger around the discord room for general chatting. It's been fun!

Amy
Green Beret
Posts: 3628
Joined: Mon Nov 17, 2008 6:22 pm
Location: Mota-Lev's house.
Contact:

Re: Fun Dynamic Modding..Mhmm.

Post by Amy » Tue Jun 08, 2010 2:36 pm

nil wrote:Probably possible but definitely not easy to figure out.
That's why i asked here first, so i didn't try for a year to get it and learn it's impossible...
MGM Sig
Mota-Lev wrote:Its like watching an Asian girl crush a cats brain through its eye socket with high heels.. Its horrible but I just can't look away :/.

002
Ranger
Posts: 944
Joined: Wed Aug 16, 2006 5:48 pm
Location: ::1

Re: Fun Dynamic Modding..Mhmm.

Post by 002 » Tue Aug 03, 2010 3:38 pm

By the way, you can use the random number function for integers:

Code: Select all

import random
import math
randomThingy = random.randint(minimum,maximum)
using it in this hack

Code: Select all

from VirtualMemory import *
from Debug import *
import math
import random

WINDOW_TITLE = "Wrath of the Heavens"
DESCRIPTION = "God is not happy today. This hack randomly kills a player every two minutes."
EXECUTION_TIME_INTERVAL = 120

#Halo Demo constants
FIRST_STATIC_PLAYER_ADDRESS = 0x4BD7AFD0
STATIC_PLAYER_SIZE = 0x200
PLAYER_OBJECT_ID_OFFSET = 0x32
INVALID_PLAYER_OBJECT_ID = 0xFFFF

FIRST_TABLE_OBJECT_ADDRESS = 0x4BB206EC
OBJECT_TABLE_SIZE = 12
OFFSET_TO_HALO_OBJECT_POINTER = 0x8

OFFSET_TO_PLAYER_Z_COORDINATE = 0x64

MAX_HALO_PLAYERS = 16

def execute(timeElapsed):
	if timeElapsed == 7:
		#Let's randomly pick someone to die. We need to somehow count all of the lving players.
		livingPlayerCounter = 0
		writeToLog("All living players have joined red.")
		for playerIndex in range (0, MAX_HALO_PLAYERS):
			playerObjectID = readUInt16(FIRST_STATIC_PLAYER_ADDRESS + PLAYER_OBJECT_ID_OFFSET + STATIC_PLAYER_SIZE * playerIndex)
			if playerObjectID != 0 and playerObjectID != INVALID_PLAYER_OBJECT_ID:
				livingPlayerCounter = livingPlayerCounter + 1
		#A player has been picked. Their team will be switched to blue.
		killingThisPlayer = random.randint(0,livingPlayerCounter - 1)
		if livingPlayerCounter == 1:
			writeToLog("There is 1 living player detected. This might be a boring game.")
		if livingPlayerCounter != 1:
			writeToLog("There are " + str(livingPlayerCounter) + " living players detected.")
		#Getting object id to kill...
		playerObjectID = readUInt16(FIRST_STATIC_PLAYER_ADDRESS + PLAYER_OBJECT_ID_OFFSET + STATIC_PLAYER_SIZE * killingThisPlayer)
		#Found it. Now to get the object's address.
		playerAddress = readUInt32(FIRST_TABLE_OBJECT_ADDRESS + OBJECT_TABLE_SIZE * playerObjectID + OFFSET_TO_HALO_OBJECT_POINTER)
		#okay, now to set the object's z to negative fifty to kill the player.
		writeFloat(playerAddress + OFFSET_TO_PLAYER_Z_COORDINATE,-50)
		#now let's write this.
		writeToLog(readUTF16String(FIRST_STATIC_PLAYER_ADDRESS + STATIC_PLAYER_SIZE * killingThisPlayer) + " has been randomly picked to die.")
I figured out how to have it read the last message ever sent by a player. Problem is that it might not be universal. If it is, it can be used to kill someone. So, if the host said "kill #", it would kill that player.


EDIT: Why must I pass an argument?
Last edited by 002 on Mon Aug 09, 2010 4:18 pm, edited 1 time in total.

nil
Halo Moderator
Halo Moderator
Posts: 1090
Joined: Sat Jul 05, 2008 8:38 am
Location: null zone

Re: Fun Dynamic Modding..Mhmm.

Post by nil » Tue Aug 03, 2010 6:01 pm

Are you sure to use NATIVE_ENDIAN_BYTE_ORDER for reading that UTF16 string? Either I wouldn't think that would work correctly on an intel machine or I'd think that there's a bug in the template engine (which I thought I squashed before).

Also, what's the address you found for the last said message? I could perhaps see if it's the same for me. I assume it's a UTF-16 encoded string.
I am no longer active to Halo or MGM, and don't guarantee a response on the forums or through email. I will however linger around the discord room for general chatting. It's been fun!

002
Ranger
Posts: 944
Joined: Wed Aug 16, 2006 5:48 pm
Location: ::1

Re: Fun Dynamic Modding..Mhmm.

Post by 002 » Mon Aug 09, 2010 4:23 pm

It is a UTF-16 string. I wonder if it can be used to make memory mods more interactive. Or maybe it can be used to display a chat message. Halo Demo is very memory-leakish so it doesn't null out the text after it has faded out.

0x4BAD03C4 is the text (UTF-16 / UNICODE)
0x4BAD03C0 has something to do with the delay of it being kept up on-screen. It doesn't change until the entire message has been faded out completely and when you set the value to 0xFFFF, it will stay up. (Float)

I asked Mota-Lev and MrBunny to join a game and they could not see a modification. Modifying it is not CSS (goddamn it).


You can still use it as a variable.

TaxiService
Night Stalker
Posts: 6887
Joined: Thu May 24, 2007 5:52 am
Location: 41.896198, 12.4165945
Contact:

Re: Fun Dynamic Modding..Mhmm.

Post by TaxiService » Mon Aug 09, 2010 10:36 pm

i'm uhh... encountering a problem!

- i start the app
- start halo demo
- create a server (i tried both LAN and internet) in slayer
- switch back to the app to push the button...

...but it is greyed out. D: like, am i doing something wrong? /me is ignorant
  • TaxiService! Shitposting since 2007!
MGM Sig

nil
Halo Moderator
Halo Moderator
Posts: 1090
Joined: Sat Jul 05, 2008 8:38 am
Location: null zone

Re: Fun Dynamic Modding..Mhmm.

Post by nil » Tue Aug 10, 2010 11:35 am

002, for me on one of my computers (intel, though that might not matter), if I'm using the name nil and type "who knows" in-game then:

"nil: who knows" is located at 0x4BAD03C5, "who knows" substring is located at 0x4BAD03CF. Pretty close, but not the same offsets.

TaxiService, it won't recognize Halo is open if your Halo Demo executable isn't named Halo Demo - and you shouldn't name it to anything else including incredibly silly names like Halo Demo.app
I am no longer active to Halo or MGM, and don't guarantee a response on the forums or through email. I will however linger around the discord room for general chatting. It's been fun!

TaxiService
Night Stalker
Posts: 6887
Joined: Thu May 24, 2007 5:52 am
Location: 41.896198, 12.4165945
Contact:

Re: Fun Dynamic Modding..Mhmm.

Post by TaxiService » Tue Aug 10, 2010 10:21 pm

wow, thanks! that appears to have fixed the problem! (i wonder who renamed HD in the first place... -.-)

Annoying Warthog Chaser: what is this i don't even
  • TaxiService! Shitposting since 2007!
MGM Sig

Samucos

Re: Fun Dynamic Modding..Mhmm.

Post by Samucos » Fri Sep 10, 2010 8:29 pm

Just tested the chat message thing. 002's offset works perfectly for me ;)

Post Reply

Who is online

Users browsing this forum: No registered users and 20 guests