Pointers not working in Halo 2

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
User avatar
SilentRunner
Expert Cheater
Expert Cheater
Posts: 215
Joined: Fri May 29, 2020 11:37 am
Reputation: 108

Pointers not working in Halo 2

Post by SilentRunner »

Hi



New to the forum, Im currently working on Halo 2 and I have been trying for days to find a static address for health and shields in Halo 2 MCC. The pointers in all of the Halo games never seem to stay the same like in other games I've tryed. I have used pointer scanning and manual hunting for pointers, but no matter how deep I go with the pointers and even if the address shows as green its not not valid when I restart the game.



If anyone could help would really appreciate it trying to learn but feel like Im not making any progress. Im currently working on all MCC titles and willing to share everything I have for help not that most of you pros will probably need it.



Thanks
Last edited by SilentRunner on Sat May 30, 2020 12:13 am, edited 1 time in total.

TimFun13
Expert Cheater
Expert Cheater
Posts: 1353
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 7

Pointers not working in Halo 2

Post by TimFun13 »

If you can find an instruction that only accesses the player health you can just hook the instruction and store the base to make your own pointer.

Say this is the code that accesses the health:

[CODE]

movss xmm2,[rbx]

movss xmm1,[rsi+00000148] <<-- Access player health

mov rdx,[rcx]

[/CODE]

You could create a script like this:

[CODE=cea]

define(bytes, F3 0F 10 8E 48 01 00 00)



////

//// ------------------------------ ENABLE ------------------------------

[ENABLE]

aobScanModule(aobHealthHook, Game.exe, F3xxxxxxF3xxxxxxxxxxxxxx48xxxxFFxxxx44)

define(injHealthHook, aobHealthHook+4)

assert(injHealthHook, bytes)

registerSymbol(injHealthHook)



alloc(memHealthHook, 0x400, injHealthHook)



label(ptrHealthHook)

registerSymbol(ptrHealthHook)



label(n_code)

label(o_code)

label(exit)

label(return)



memHealthHook:

ptrHealthHook:

dq 0

align 10 CC

n_code:

mov [ptrHealthHook],rsi

o_code:

movss xmm1,[rsi+00000148]

exit:

jmp return





////

//// ---------- Injection Point ----------

injHealthHook:

jmp n_code

nop

nop

nop

return:





////

//// ------------------------------ DISABLE ------------------------------

[DISABLE]

////

//// ---------- Injection Point ----------

injHealthHook:

db bytes



unregisterSymbol(injHealthHook)



unregisterSymbol(ptrHealthHook)



dealloc(memHealthHook)[/CODE]

Then create a pointer like this:

[CODE=xml]







1

"+148 - Health"



000000

Float

ptrHealthHook




148









[/CODE]

User avatar
Dread_Pony_Roberts
Table Makers
Table Makers
Posts: 525
Joined: Sun Dec 09, 2018 8:46 am
Reputation: 388

Pointers not working in Halo 2

Post by Dread_Pony_Roberts »

^

That's basically what I did.



Here's my hook to the instruction in it's simplest form.

[CODE=cea][ENABLE]





aobscanmodule(Player_Base_Reader,halo2.dll,0F B7 86 10 02 00 00 66 89 44) // should be unique



alloc(newmem,$100,Player_Base_Reader)



alloc(p_base,8)



registersymbol(p_base)





label(code)



label(return)





newmem:



mov [p_base],rsi





code:



movsxd rcx,dword ptr [rax+rcx*8+08]



jmp return1





Player_Base_Reader+2E:



jmp newmem



return:



registersymbol(Player_Base_Reader)





[DISABLE]





Player_Base_Reader+2E:



db 48 63 4C C8 08





unregistersymbol(Player_Base_Reader)



dealloc(newmem1)



dealloc(p_base)



unregistersymbol(p_base)[/CODE]



From there I made my pointers using p_base as the base. You can look at my table for reference if you'd like.



If you do use this method, be aware that not all code will be reliable. I found some codes wouldn't work on legendary, others would reference some other base at random moments, ect. Though, they are still a very reliable method, especially compared to the pointermap method.
Last edited by Dread_Pony_Roberts on Thu Jan 01, 1970 12:00 am, edited 1 time in total.

User avatar
SilentRunner
Expert Cheater
Expert Cheater
Posts: 215
Joined: Fri May 29, 2020 11:37 am
Reputation: 108

Pointers not working in Halo 2

Post by SilentRunner »

Thank you for your detailed reply much appreciated. I have seen how useful scripting is but I have zero knowledge of how to do it.



Two questions

- With someone with little to no knowledge of coding besides some very basic visual basic stuff can I realistically learn scripting in Cheat Engine I've followed some tutorials but most seem to assume you know coding.

- Can these scripts be ported into my trainer which Im writing in visual basic with a memory module as they seem tied to Cheat Engine.



Thanks
Last edited by SilentRunner on Thu Jan 01, 1970 12:00 am, edited 1 time in total.

TimFun13
Expert Cheater
Expert Cheater
Posts: 1353
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 7

Pointers not working in Halo 2

Post by TimFun13 »

[QUOTE="silentrunner, post: 137503, member: 42248"]

Thank you for your detailed reply much appreciated. I have seen how useful scripting is but I have zero knowledge of how to do it.



Two questions

- With someone with little to no knowledge of coding besides some very basic visual basic stuff can I realistically learn scripting in Cheat Engine I've followed some tutorials but most seem to assume you know coding.

- Can these scripts be ported into my trainer which Im writing in visual basic with a memory module as they seem tied to Cheat Engine.



Thanks

[/QUOTE]

[LIST=1]

[*]Yeah, but you'll need to learn Assembly. ASM is the main thing you'll want/need to know, but it helps for reverse engineering to understand object structures. You can look in the Generice Tutorials section of the forum, there are a number of tutorials; ranging from beginner to more advanced stuff there, and the CE tutorial is really the best place to start.

[*]Directly, no not really; not without a library to convert the CE CEA code to ASM and handling the allocations and what not. But you can do more simple byte changing and code caves for code redirects/hooks. But for VB or C# you would need some imports to even allow you to read and write to raw memory. You could look into C++ as it's better suited for raw memory manipulation but UIs can be a bit more work. Or CE has a way to generate trainers from lua code, and with that you can use the CE scripts directly.

[/LIST]
Last edited by TimFun13 on Thu Jan 01, 1970 12:00 am, edited 3 times in total.

User avatar
SilentRunner
Expert Cheater
Expert Cheater
Posts: 215
Joined: Fri May 29, 2020 11:37 am
Reputation: 108

Pointers not working in Halo 2

Post by SilentRunner »

[QUOTE="Dread_Pony_Roberts, post: 137502, member: 24896"]

^

That's basically what I did.



Here's my hook to the instruction in it's simplest form.

[CODE=cea][ENABLE]





aobscanmodule(Player_Base_Reader,halo2.dll,0F B7 86 10 02 00 00 66 89 44) // should be unique



alloc(newmem,$100,Player_Base_Reader)



alloc(p_base,8)



registersymbol(p_base)





label(code)



label(return)





newmem:



mov [p_base],rsi





code:



movsxd rcx,dword ptr [rax+rcx*8+08]



jmp return1





Player_Base_Reader+2E:



jmp newmem



return:



registersymbol(Player_Base_Reader)





[DISABLE]





Player_Base_Reader+2E:



db 48 63 4C C8 08





unregistersymbol(Player_Base_Reader)



dealloc(newmem1)



dealloc(p_base)



unregistersymbol(p_base)[/CODE]



From there I made my pointers using p_base as the base. You can look at my table for reference if you'd like.



If you do use this method, be aware that not all code will be reliable. I found some codes wouldn't work on legendary, others would reference some other base at random moments, ect. Though, they are still a very reliable method, especially compared to the pointermap method.

[/QUOTE]



Great thanks for sharing. Any tips for finding hard values seem to be having alot of trouble in Halo Reach. I have been searching for unknown values then just searching for changes.



[QUOTE="ShyTwig16, post: 137520, member: 91"]

[LIST=1]

[*]Yeah, but you'll need to learn Assembly. ASM is the main thing you'll want/need to know, but it helps for reverse engineering to understand object structures. You can look in the Generice Tutorials section of the forum, there are a number of tutorials; ranging from beginner to more advanced stuff there, and the CE tutorial is really the best place to start.

[*]Directly, no not really; not without a library to convert the CE CEA code to ASM and handling the allocations and what not. But you can do more simple byte changing and code caves for code redirects/hooks. But for VB or C# you would need some imports to even allow you to read and write to raw memory. You could look into C++ as it's better suited for raw memory manipulation but UIs can be a bit more work. Or CE has a way to generate trainers from lua code, and with that you can use the CE scripts directly.

[/LIST]

[/QUOTE]



Ok I will have to do some more reading and see how much I pickup. Thanks for your help

User avatar
Dread_Pony_Roberts
Table Makers
Table Makers
Posts: 525
Joined: Sun Dec 09, 2018 8:46 am
Reputation: 388

Pointers not working in Halo 2

Post by Dread_Pony_Roberts »

[QUOTE="silentrunner, post: 137591, member: 42248"]

Great thanks for sharing. Any tips for finding hard values seem to be having alot of trouble in Halo Reach. I have been searching for unknown values then just searching for changes.

[/QUOTE]



Usually the best you can do is experiment until you have a result. Sometimes its as simple as changing the value type (grenades and team values in Halo games are 1 byte for instance). If that doesn't work, and if scanning for changed and unchanged is getting me too many results that are causing me crashes, I usually will do two scans based on the assumption that a value is as shown or inversed (for example, when a bar on screen is increasing, the true value might be decreasing). If the player base is known, you can search through the player structure directly for what you want, though for some games the player structure is divided across multiple areas in code (for instance, in Reach the player's structure with health is in an entirely separate structure from its coordinates).

User avatar
SilentRunner
Expert Cheater
Expert Cheater
Posts: 215
Joined: Fri May 29, 2020 11:37 am
Reputation: 108

Pointers not working in Halo 2

Post by SilentRunner »

[QUOTE="Dread_Pony_Roberts, post: 137600, member: 24896"]

Usually the best you can do is experiment until you have a result. Sometimes its as simple as changing the value type (grenades and team values in Halo games are 1 byte for instance). If that doesn't work, and if scanning for changed and unchanged is getting me too many results that are causing me crashes, I usually will do two scans based on the assumption that a value is as shown or inversed (for example, when a bar on screen is increasing, the true value might be decreasing). If the player base is known, you can search through the player structure directly for what you want, though for some games the player structure is divided across multiple areas in code (for instance, in Reach the player's structure with health is in an entirely separate structure from its coordinates).

[/QUOTE]



Ah that would explain a few things some of the games I can't find grenades on and health will give that a try. I have found some fun things by mistake just by digging through the code like rapid fire and even an address that if you nop it removes all the the projectiles from the game. Halo also seems really aggressive and changing addresses just randomly like player coordinates for example. I would love to make a create teleportation system, I made one awhile back from Call Of Duty were you could save different locations and give them names even share xml files with friends so they can use them in there trainer. Halo is proving tricky though....



Question have you done any digging for any sort of developer console, there was one in Halo CE as far as im aware with commands you could call like god mode and so on. I've seen some people manage to unlock hidden dev consoles in games before would be interesting if any of the Halo games had one hidden. Often you can find really cool stuff that is triggered easily with static addresses. I did this before and all the stuff worked online too not that I encourage that...



Thanks for your help

User avatar
Dread_Pony_Roberts
Table Makers
Table Makers
Posts: 525
Joined: Sun Dec 09, 2018 8:46 am
Reputation: 388

Pointers not working in Halo 2

Post by Dread_Pony_Roberts »

[QUOTE="silentrunner, post: 137605, member: 42248"]

Halo also seems really aggressive and changing addresses just randomly like player coordinates for example.

[/QUOTE]

Ah yes, that's another thing I remember from Reach and you could run across in other games. If you intend to experiment with teleportation and the like, I would suggest working on Halo CE since all player values are in the same structure (coordinates, health, ect). For Reach, you have to be in a calm environment and do your scanning fast or you risk the addresses changing on you.

[QUOTE="silentrunner, post: 137605, member: 42248"]

Question have you done any digging for any sort of developer console, there was one in Halo CE as far as im aware with commands you could call like god mode and so on. I've seen some people manage to unlock hidden dev consoles in games before would be interesting if any of the Halo games had one hidden. Often you can find really cool stuff that is triggered easily with static addresses. I did this before and all the stuff worked online too not that I encourage that...

[/QUOTE]

SunBeam actually did that here [URL]https://fearlessrevolution.com/threads/11818/post-124996[/URL]

Apparently the problem is not only will it not register key presses, but it is also based on standard Combat Evolved (which only has god mode as I recall) instead of Custom Edition (which is the version with all the good cheats).

User avatar
SilentRunner
Expert Cheater
Expert Cheater
Posts: 215
Joined: Fri May 29, 2020 11:37 am
Reputation: 108

Pointers not working in Halo 2

Post by SilentRunner »

[QUOTE="Dread_Pony_Roberts, post: 137608, member: 24896"]

Ah yes, that's another thing I remember from Reach and you could run across in other games. If you intend to experiment with teleportation and the like, I would suggest working on Halo CE since all player values are in the same structure (coordinates, health, ect). For Reach, you have to be in a calm environment and do your scanning fast or you risk the addresses changing on you.



SunBeam actually did that here [URL]https://fearlessrevolution.com/threads/11818/post-124996[/URL]

Apparently the problem is not only will it not register key presses, but it is also based on standard Combat Evolved (which only has god mode as I recall) instead of Custom Edition (which is the version with all the good cheats).

[/QUOTE]



Yes im beginning to really hate Halo Reach haha. Halo 2 isn't to bad for finding stuff but the others are proving more difficult, even trying what you said Im still struggling to find health in Reach and CE amongst many other things. We need like a mega thread were we can put everything we find for the games I will be digging into them for awhile to see what I can find so hopefully I learn as I go. Correct me if Im wrong I haven'tseen much stuff for the hud would like to see if we could get no hud and maybe no gun/hands for videos. Secondly there is a glitch you can do in Halo 2 which lets you take control of other AI wondering without mods... If we could somehow make that easier and more reliable to do using a trainer as the process is alittle time consuming.



Ah thats really cool shame theres not much you can enable with it.

User avatar
SunBeam
Administration
Administration
Posts: 4932
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4629

Pointers not working in Halo 2

Post by SunBeam »

Pardon me for posting.. I really love all the hype and enthusiasm, but as history has often proven to me.. that big thread where everyone posts their findings often ends-up in 2-3 posting and 200 saying "dun werk". If you plan on hacking Halo for the remainder of this year, then sure, I'm down. Why this long? Well, you said it yourself regarding your level of knowledge. Or do you expect, with that amount of yours, with just scanning and pointer maps to hack these games really fast? Let's be realistic here for a moment and ditch that fantasy wishful thinking.
Last edited by SunBeam on Thu Jan 01, 1970 12:00 am, edited 1 time in total.

User avatar
SilentRunner
Expert Cheater
Expert Cheater
Posts: 215
Joined: Fri May 29, 2020 11:37 am
Reputation: 108

Pointers not working in Halo 2

Post by SilentRunner »

Well Im already a member of a Discord channel were stuff is being shared. I found an address for thirdperson in Halo 1 which I haven't seen in any of your tables theres also one for Halo 2 which was found both static addresses. But I get your point I just wanted people to share stuff I figured the more we shared the faster we find stuff, if anyone is interested I will send my discord.



Thanks

Post Reply

Who is online

Users browsing this forum: No registered users