PDA

View Full Version : HCE Getting started with Cheat Engine, C++ and Halo [PC/CE]



Sean Aero
April 4th, 2012, 07:51 AM
Hello and welcome to a small guide on how to get started with Cheat Engine, C++ and coding for Halo [PC/CE].
As you might have noticed, my name is Sean Aero and I'll be your guide for today, but before we get stared there are is one things you need to know about this tutorial and two things you need to know about my C++ programming level.
First, once you are done with this small guide, you'll have a very basic understanding on how to code a very tiny app for Halo [CE/PC].
So sorry to crush your hopes, but don't expect you'll learn how to create a super awesome, anti-legit, lame-bot, ClosedSauce, Stats Nuking application after you are done reading this.
This guide just helps you to "get started" nothing more.
Second, my C++ programming skill, it's basically non-existent. I'm probably the worst person to teach you how to do get started, but I'll try any way.
Third, I haven't touched C++ in over 2 year, sad but true.


So why am I, the guy with such bad C++ skills, writing a small starting guide with C++ and coding for Halo [PC/CE].
To be honest, no clue, but let's assume the better programmers have "better" things to do for now.
No worries, I'm sure we'll meet them a bit later on as this topic grows, I'm sure they have constructive comments on how bad this tutorial was and how you and I should do it properly.
A win/win situation for you and me both!


So why do I even bother?
Well let's just say that I'm able to count the amount of people that are currently programming apps for Halo [PC/CE] on one hand, and I'm missing my index finger... (>.<)
Okay maybe not, but still, I hope I can get some people interested in just playing around with Halo [PC/CE] and even learn the trade of programming in C++ as this can be quite usefull in life.
Enough sentimental bullcrap, let's get started.


The topics, I'll be handeling are the following and should be done in the order as they are listed.
(keep in mind, it's all just a starting guide and doesn't come close to awesomeness, but it sure is fun!)


1. Halo's Memory.
2. How to access and find a memory address in Halo with Cheat Engine?
3. How to access, READ and WRITE a memory address with C++?
4. How to program your first Halo C++ app!


And finally
5. My bankaccount number for donation, just kidding, a simple reply to this topic is cool enough.


Just one last thing before we get started.
For this tutorial I'll make use of the following programs, I recommand you install them before reading on.
These are:


Halo Custom Edition v1.09 [English]
http://hce.halomaps.org/index.cfm?fid=410
It's important for this small guide that you use the same version as well as the same language version of HaloCE as me.
The reason for this is that each version of Halo [PC/CE] as well as each language version of Halo [PC/CE] is a bit different.
These differences can cause certain information that was stored in location "A" in version 1 to be stored in location "B" in version 2.
This is not always the case, but it is something to keep in mind.


Microsoft Visual Studio 2010 or the free "Express" version:
http://www.microsoft.com/visualstudio/en-us/products/2010-editions/visual-cpp-express
We'll use MSVS10 (short name) for the actual C++ programming and compiling of your Halo[CE/PC] app.


Cheat Engine
http://www.cheatengine.org/downloads.php
What is Cheat Engine?
Cheat Engine is an open source tool designed to help you with modifying single player games running under window so you can make them harder or easier depending on your preference(e.g: Find that 100hp is too easy, try playing a game with a max of 1 HP), but also contains other usefull tools to help debugging games and even normal applications.
We'll use this tool to play around with Halo's memory.


Alright now with everything installed, let's get started!


1. Halo's Memory.
For obvious reasons I assume that you have actually played Halo [PC/CE] and therefor you probably messed around with a few Halo [CE/PC] apps.
So you must probably have wondered, "ARRGG... How do they work?".
Well the answer for most of these Halo apps is quite simpel.
The apps READ and/or WRITE data into and/or from Halo's Memory.


So let me explain a bit more what I mean by Halo's Memory and why it's "so important" in this small guide.
Take a look at the definition found on the web of the word "memory" within computer science: "A unit of a computer that preserves data for retrieval."
Okay, so it's basically saying that, memory in general, is something where information is stored so we can access and retrieve it later.
This means that when I speak of "Halo's Memory", I'm basically speaking of a unit of memory that is dedicated to store all information related to the Halo [CE/PC] game, at least while it's running.
You probably figured out by now why Halo's memory must be important and quite interesting but just to be a bit more clear a small example.
If I told you to remember your current Halo score of 14 for now because I want you to add additional scores later then I'm quite sure you would either do 2 things.
You would write your score down on paper/notepad/whatever or just keep it in mind.
Both actions are a hands on example of storing certain values(scores) in memory.


I hope you realize by now that Halo's memory contains all values/information that are stored and related to the Halo [CE/PC] game.
This means, scores, positions, names, slots, ammo count, current weapons, devmode, etc., everything that Halo has to remember, is all stored in Halo's memory.
Sounds to me like a sweet vault that we want the access to!
Fortunate for us, there is a tool called Cheat Engine that allow us to do just that and I'll go into more details in the second part of this small guide.




2. How to access and find a memory address in Halo with Cheat Engine?
Of course you installed Cheat Engine, like I told you before. (-.-)
But before we start getting our hands dirty, I want to give you a few small suggestion as this will make the whole learning and doing process a bit more convinient.
Right click your HaloCE shortcut, click Properties and add the following parameters at the end of your "Target:" box -console -window.
On my 64-bit OS it looks like this: "C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe" -console -window
The -console parameter will allow us to open up the console screen in HaloCE and the -window parameter will allow us to start HaloCE in window-mode.
This is very convininient since we'll be switching between HaloCE and Cheat Engine quite a lot.


Second I suggest you don't have any custom maps present in your /maps folder, as we'll be restarting HaloCE quite a bit.
I'm not sure about you, but I'm not up for waiting a few hours for HaloCE to load while working on this small guide, unless you have a fast SSD drive like I do, it's only 10,000km away.


Third do read the "about" information on what Cheat Engine actually as previously mentioned as this will help you with your understanding why we are using Cheat Engine.


Okay so we basically have all the tools we need to access Halo's memory and instead of explaining all kinds of theoretical stuff before we get start, I think it's better to point out things as we encounter them.
So go ahead start-up HaloCE (make sure it's in window mode)
Once you see the main menu just let it be, press the Alt+Tab key to unfocus from Halo and open up Cheat Engine.
Just incase Cheat Engine asks you to do a tutorial, just say "No" for now.
You should be seeing an screen which looks like this:
http://dl.dropbox.com/u/19720044/Halo/tutorial/cheat_engine_step_1.png
As you can see there is a glowing box around the top left PC icon.
On mouseover it says "Select a process to open", we'll be clicking this icon in a second but before we click it I want to make things clear why we want to select a "process".
Here is a definition on the word "process" in computer science:
"A running software program or other computing operation."
In this case HaloCE is a running software program so it can be called a process.
Thus we want to select the "HaloCE process" in order to get access to it's memory.
Okay go ahead, click the computer icon.
Another smaller screen should pop-up called Process List.
http://dl.dropbox.com/u/19720044/Halo/tutorial/cheat_engine_step_2.png
Find the HaloCE process, it will have a combination of 8 digits consisting of letter and numbers, this combination makes up the "process ID" of the program.
As shown on my PC (Your number and digits could be different, nothing to worry)


This is how your Operating System refere to a process, by it's ID, not by it's full name.
With HaloCE selected click the "Open" Tab.
(If you don't see HaloCE in this list, please make sure HaloCE is actually running and you Alt+Tab, not Alt-F4 out of the game.)


http://dl.dropbox.com/u/19720044/Halo/tutorial/cheat_engine_step_3.png
Now the top center of Cheat Engine should display the process we have just selected.
This is a good sign and I should congratulate you, we just opened the vault! \o/ (read part 1 for reference)
We now have access to Halo's memory and can start doing some fun things. However there is a slight problem.
To stick a bit longer with the vault example, just like a real vault, it usually contains "numbered deposite boxes", but it's not like we know before hand which "numbered deposite box" contains the treasure we are looking for.
Going back to an actual memory example, a numbered deposite box is called a "memory address", by definition, it's the location where a certain memory is stored.
So as you can imagine while you are playing HaloCE online, all your scores, name, kills, deaths, x-position, y-position, etc. as well as all the data from other players and the data from the actual games are all stored at different memory addresses.
This means that before hand we have no clue which "memory address" we are suppose to target.
Fortunate for us, this is where Cheat Engine can help us.
Cheat Engine allows us to search the contant of each single box and it will return us the memory address of all memory addresses that contain the value we are looking for.
You are probably thinking well that's great, problem solved, well not exactly...


I'll show you why by an actual hands-on example:
Alt-Tab back into HaloCE (I assume you are still at the main menu)
Click Multiplayer -> Lan -> Bloodgulch -> Classic Rockets -> Start Game
Hold F1 and have a look at your score, you probably seeing the same things as me.
http://dl.dropbox.com/u/19720044/Halo/tutorial/cheat_engine_step_4.png
So assume we would like to figure out, at what memory address our "Death score" is stored.
Not the most interesting of scores, but it's easy to do, when you are alone in a server.
In this case we would search for a value of 0 since our death score is 0.
Hopefully your mind gave you a flag with the following problem indentification: "But my score, kills, assists are also all 0, this will give problem, right?."
Good job, young grasshoper! You just realised that there is actually a good chance that while searching for a certain value, more than 1 memory addresses could pop-up.
To stick with this example we are going to give it a try anyway.


Go ahead alt-tab back to Cheat Engine, type in a value of 0 in the "Value" box, leave the Scan Type setting to "Exact Value".
Now comes the difficult part, "Value Type" selection, the best practice for this comes with experience.
Usually before hand we have no clue how many bytes are "reserved" for certain scores or values.
There for selecting the wrong type can give you wrong results, but no fears I recommand to stick to either a Byte or 2-Bytes for an initial guess.
(Any one more experienced with better suggestion, feel free to comment)


For this example we'll stick to a "Value Type" of 2-Bytes, once selected hit the "First Scan" button.
(Note: Just incase if you don't see this button, because you were too eager to press buttons,hit the "New Search" button first and the "First Scan" button will automatically follow.)
Depending on your computer speed, Cheat Engine should search Halo's Memory quite fast and return all results in the column on the left.
Now read how many matches have been "Found:" on the top-left. On my screen it's 97,374,201.
http://dl.dropbox.com/u/19720044/Halo/tutorial/cheat_engine_step_5.png
Yeah exactly, it's over 90 Milion! (don't worry if your number is a bit off)
So which memory address is the one we are looking for? To be honest, I have no clue, we'd be better off playing the lottery.


But wait there is hope!
Now that we did our "First Scan", we have actually narrowed down all the memory addresses to those that only contain a value of 0 on the exact moment that we pressed the "First Scan" button.
On these narrowed down memory addresses, we can make another search! That's great news!
This means that if we can actually change our death score in-game, by "getting killed or accidently suiciding" to a death score of 1.
We can attempt a new search.
So yeah, go ahead, grab that rocket launcher and commit suicide... in-game ofcourse.
(please stick to suicides for now, as this will help you in this small guide)


Once your death score has changed from 0 to 1, alt-tab to Cheat Engine, type in a value 1 and press the "Next Scan" search button.
The "Next Scan" search button allows you to do a new search on the narrowed down memory addresses.
After the search my Cheat Engine narrowed the memory addresses down to 5,877 results.
So we are on the right track, we just went from over 90M down to 5,8k.
We'll keep repeating this same process for 2 more rounds.


It should narrow down from 5,8k, down to approx 40 ~ 50, down to eventually 6 results.
So at this stage we have 6 results left on the left column!
http://dl.dropbox.com/u/19720044/Halo/tutorial/cheat_engine_step_6.png
AWESOME!
As you may have noticed all 6 values seem to change according with every suicide we make.
So which one is the correct one?
Good question!
Before we move on, I want you to select all 6 memory addresses in the left column of Cheat Engine by pressing and dragging, once they are all selected, hit the small red arrow pointing South-East.
(Double clicking each memory address is also a possibility)
All memory addresses should now be in the middle bottom column which is called the "Address List".
The Address List is used to keep the addresses in a list for later use, so no matter what you search or how the left column changes, these addresses will always be present in the Address List.
At this stage, you could do 2 things, either just try changing them manually and see what happens in-game or try to deduct them even a bit further!
We'll go with option number 2 and try to deduct a bit further. You might ask, "Why do it the hard way?", well that's because we want to know and understand what the other values are.
So think about the repetitive method we have been using to get to this stage:
1. Cheat Engine search
2. Suicide ingame
3. Cheat Engine search
4. suicide ingame
5. Cheat Engine search
and so on.


What comes to mind?
Exactly, all our deaths have been caused by suicides, which could mean that Halo also keeps track of suicides(!).
In order to confirm this we'll have to think of a different method to die ingame other than suicide.
Try to think of all the ways a player can die in Halo. As a hint there are 2 possibilities, answer listed right in the next sentence.
There are basically 2 in this case still, asuming you are alone in the server, "Get Killed by a vehicle" or "Fall to your death".
I'll leave it to you to figure out how to do either one on bloodgulch.
So now we increased our death score once more, but we didn't commit suicide.
Do another search in Cheat Engine with your new Death score.
As you can see the number of addresses in the list went down to just 2!
http://dl.dropbox.com/u/19720044/Halo/tutorial/cheat_engine_step_7.png
These are:
- 0064BAF2
- 402AB07A


Now check the "Address List" (bottom middle column) what do you see?
The other values are unchanged, meaning that they are probably in some way related to suicides.
Good thing we stored them, so we can look into it a bit later if needed.
(not going to, but if you are interested to do it yourself feel free)


Back to the two remaining addresses, we are going to try to manually change them one by one and see what happens.
First let's try changing 0064BAF2, to let's say a value of 12 and see what happens.
Go to the Address List, double click the "Death score" number in the "Value column" of the row with address 0064BAF2.
Cheat Engine will pop-up a screen asking you: "what value to change this to?"
Type in 12, press ok.
What happened?
The moment you pressed Ok, the value changed for an instant to 12 and then changed back to your old score.
When you look in-game, nothing has changed.


So it seems this is not the address we are interested in.
Try changing the other address 402AB07A to a value of 12.
What happened?
It seems that both 0064BAF2 and 402AB07A changed to a value of 12.
Now check in-game, it seems we have 12 deaths now!
http://dl.dropbox.com/u/19720044/Halo/tutorial/cheat_engine_step_8.png
Congratulations you just cheated Death, boy he'll be pissed.
So starting with an initialy search which gave over 90 milion memory addresses, we deducted, with pure logics, all the way down to a single address.
Which allows us to cheat Death, pretty epic!


You succesfully, learned how to access Halo's memory and actually find a memory address with the use of Cheat Engine.
Just one more tip, at all times keep in mind under what condition you did the search.
For this small guide we did all our searches under LAN settings in a rocket type game-settings which we hosted, it could very well be that for online play different addresses are used.(*wink, wink*)
For now I recommand you play with Cheat Engine around quite a bit, until you are able to find the following addresses:
Suicides
Kills
Scores
and if you want to test yourself try finding:
Betrayels.


Feel free to comment in this topic with your findings and how you achieved them.
Other memory addresses are also welcome of course!


I would also recommand you get used to the Cheat Engine interface and make good use of the "Address List" and memory browsing(not explained in this small guide).
Try to make a nice Description with every memory address you find and save your "Address List" before closing as this will only help you as you find more and more memory addresses.


Other than just score related, I would like to give one more example on finding a memory address.
We are going to determine where the memory address of DevMode is located!
Sick, right? Not really.
But it's a bit of a different approach, because in this case we really have no clue on what the value of DevMode contains.
The best we could do is assume that it's either TRUE (1) or FALSE (0) but this would still just be a wishfull thinking and it could be totally wrong.


So instead we are going to assume we know nothing, there is only a single thing we can control and that is, turn devmode on or off at the start of the game by setting the -devmode parameter.
I'll give you the plan, it's up to you to try it out for yourself.
We'll use this devmode memory address later on to create our first Halo C++ app! So make sure you get it right!
(The actual answer address is given in chapter 4)


Here is the approach you should take to find devmode:


I assume you have both Cheat Engine and HaloCE closed for now.


1. Start HaloCE without devmode
2. Start Cheat Engine
3. Select HaloCE process with Cheat Engine
4. As a "Scan Type" select "Unknown Initial Value" (because we have no clue what the initial of devmode is)
5. Press First Scan
6. Close HaloCE
7. Open HaloCE with devmode
8. Select HaloCE process with Cheat Engine again, as the "process ID" has changed for HaloCE when we close and restarted HaloCE.
9. As a "Scan Type" select "Changed Value" as the value for devmode, should have been changed since our last scan.
10. Press Next Scan
11. Close HaloCE
12. Open HaloCE with or without devmode
13. Select HaloCE process with Cheat Engine again
14. As a "Scan Type" select either "Changed Value" or "Unchanged Value" depending on your last scan and how you start HaloCE.
15. Keep repeating this process until you notice no more changes in the number of "Found" addresses.
16. Manually try to change values according to what you observed, from running HaloCE with and without Devmode
17. Make me proud and make a small post if you managed to find it or if you have troubles or questions.


The answer for the actual address is given in Chapter 4.
If you can do this on your own, you're pretty much good to go!


3. How to access, READ and WRITE a memory address with C++?
Wow, it seems you are still reading after that long story on Cheat Engine, keep it up soldier because the next step ain't that easy!
C++, Ooh boy, here we go.
Let me put it this way, I'm not going to teach you the basics of C++, nor am I going to teach you how to code C++ well.
There are an enormous amount of resources available on the web to help to get you started.
The only thing I'll be doing is teach you how to access, READ and WRITE memory address with C++.
It's up to you to polish your code and skill to a level where you are actually able to fully understand what's going on and how to use it properly.
Again just a reminder, if you missed the introduction "my C++ programming skill, it's basically non-existent. I'm probably the worst person to teach you how to do get started, but I'll try any way.
and I haven't touched C++ in over 2 year, sad but true."
With that being said I wish you luck!


Of course you installed Microsoft Visual Studio 2010 (MSVS10), like I told you before. (-.-)
If not, you'd better get to it as you'll be needing this magical piece of software to follow along.
(ARGG I have to find my way in MSVS10 a bit, be back later with part-DUEX (II))


4. How to program your first Halo C++ app!
Coming a bit later.

Ryx
April 8th, 2012, 12:51 AM
MFC ftw, too bad free msvs doesn't come with it.