Halo Custom Edition [1.08] Interesting Addresses

**Dwood** · November 11th, 2009 11:15 AM

[1.09] Devmode addresses:

00651F71 - Inclined to believe that's the console
006BD17E - That is Dev mode.

I will look into making my own Dev mode. Someone teach me how to pattern scan?

IF YOU DON'T want to wait, Get Cheat Engine. Start halo CE 1.09, open Cheat Engine, go to process and find haloce.exe.

Go to 'add address manually'. Add both of the above addresses, double click on the type of each of the addys and change to 'Byte'

The values for each should now be 0. changing those addresses to 1 will turn on and 0 will turn off.

Turn on console before you join a game and then turn on Dev when you are ingame.

**Skyline** · November 11th, 2009 02:12 PM

Boredom.

**Dwood** · November 11th, 2009 02:52 PM

Originally Posted by skyline

Boredom.

Thanks!!!! Too bad it won't detect Halo? :P

**Limited** · November 11th, 2009 03:28 PM

Originally Posted by Dwood

Thanks!!!! Too bad it won't detect Halo? :P

Gosh, learn your API's skyline

Code:

bool FindHaloPlease(){
    DWORD pid;
    HWND halo_w;
    
    HWND halo_w2;    
    halo_w = FindWindow(NULL, "Halo");
    halo_w2 = FindWindow(NULL, "Halo H4x'd by Limited");
    BOOL tog = false;
    
    if(halo_w != NULL && tog == false)
    {
       SetWindowText(halo_w, "Halo H4x'd by Limited"); 
       tog = true;
    }    
    
    if(halo_w2 != NULL){
        SetWindowText(halo_w2, "Halo H4x'd by Limited");
        GetWindowThreadProcessId(halo_w2, &pid);
        halo_h = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
        if(halo_h == NULL){
            return false;
        }
        return true;
    }
    return false;
}

**Skyline** · November 11th, 2009 03:50 PM

Stop using windows 98

.

**Limited** · November 11th, 2009 04:00 PM

Pfft, legacy ftw.

Code:

#include <tchar.h>
#include <windows.h>
#include <stdio.h>

bool FindHaloPlease();


byte buffer;
HANDLE halo_h;

int _tmain(int argc, _TCHAR* argv[])
{
    while(true){
       printf("Limited always has to fix shit huh?\n");
        if(!FindHaloPlease()){
        
            printf("Failed to Locate Halo CE; Sleeping for 5 Seconds...\n");
            Sleep(1000);
            printf("5\n");
            Sleep(1000);
            printf("4\n");
            Sleep(1000);
            printf("3\n");
            Sleep(1000);
            printf("2\n");
            Sleep(1000);
            printf("1\n");
                
        }
        else{
            printf("Working...\n");
            //Check if Consoles open...
            ReadProcessMemory(halo_h, (LPVOID)0x651F70, &buffer, 1, NULL); 
            if(buffer == 1){
                //Check if it needs to be changed.
                ReadProcessMemory(halo_h, (LPVOID)0x6BD17E, &buffer, 1, NULL);
                if(buffer == 0){
                    //Turn on Devmode
                    buffer = 1;
                    WriteProcessMemory(halo_h, (LPVOID)0x6BD17E, &buffer, 1, NULL);
                }
                
            }
            else if(buffer == 0){
                //Console isn't open
                ReadProcessMemory(halo_h, (LPVOID)0x6BD17E, &buffer, 1, NULL);
                if(buffer == 1){
                    //Turn off Devmode if on.
                    buffer = 0;
                    WriteProcessMemory(halo_h, (LPVOID)0x6BD17E, &buffer, 1, NULL);
                }
            }
            
            Sleep(1500);
        }
        
    }
    return 0;
}

bool FindHaloPlease(){
    DWORD pid;
    HWND halo_w;
    
    HWND halo_w2;    
    halo_w = FindWindow(NULL, "Halo");
    
    BOOL tog = false;
    
    if(halo_w != NULL && tog == false)
    {
       SetWindowText(halo_w, "Halo H4x'd by Limited"); 
       tog = true;
    }    
    halo_w2 = FindWindow(NULL, "Halo H4x'd by Limited");
    if(halo_w2 != NULL){
        SetWindowText(halo_w2, "Halo H4x'd by Limited");
        GetWindowThreadProcessId(halo_w2, &pid);
        halo_h = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
        if(halo_h == NULL){
            return false;
        }
        return true;
    }
    return false;
}

**chrisk123999** · November 11th, 2009 07:40 PM

Originally Posted by Fairchild (E3PO) on Halomaps

As seen on http://wmclan.net/main/

Download: http://wmclan.net/main/downloads.php...download_id=14
Virus total: http://www.virustotal.com/analisis/7...6cc-1257907300
DIG: http://digg.com/pc_games/Halo_Custom...n_Devmode_1_09
Video: http://digg.com/d319l98

This was posted on Halomaps yesterday. The program seems safe. I used it today and nothing bad happened.

jcap edit: If it comes up as a keylogger, it's probably the same false positive that several apps use to monitor your keyboard for button presses. It's necessary because otherwise pressing "page up" would not do anything. Even the original AllDev for CE by Paulus (right?) dropped what some apps considered a keylogger on your computer.

**Dwood** · November 12th, 2009 06:28 PM

After that stint.... I will be grabbing a reference that skarma oh-so-encouragingly sent me, and taking a look at Halo when it loads Map Cache files. If anyone already has stuff on that subject, I'd appreciate it if you'd share.

**Dwood** · November 19th, 2009 03:16 PM

Oh hey what's this? A few addresses from Brainz? Have fun.

Code:

      PLAYER_SIZE                    = 0x200;
      PLAYER_OFFSET_TEAM             = 0x1C;
      PLAYER_OFFSET_RESPAWN_TIMER    = 0x28;
      PLAYER_OFFSET_OBJIND           = 0x30;
      PLAYER_OFFSET_OBJID            = 0x32;
      PLAYER_OFFSET_NAME             = 0x44;
      PLAYER_OFFSET_SPEED            = 0x68;
      PLAYER_OFFSET_KILLS            = 0x98;
      PLAYER_OFFSET_DEATHS           = 0xAA;
      PLAYER_OFFSET_CTF              = 0xC4;
      PLAYER_OFFSET_PING             = 0xD8;

**ShadowSpartan** · November 19th, 2009 03:31 PM

Originally Posted by Dwood

Oh hey what's this? A few addresses from Brainz? Have fun.

Code:

      PLAYER_SIZE                    = 0x200;
      PLAYER_OFFSET_TEAM             = 0x1C;
      PLAYER_OFFSET_RESPAWN_TIMER    = 0x28;
      PLAYER_OFFSET_OBJIND           = 0x30;
      PLAYER_OFFSET_OBJID            = 0x32;
      PLAYER_OFFSET_NAME             = 0x44;
      PLAYER_OFFSET_SPEED            = 0x68;
      PLAYER_OFFSET_KILLS            = 0x98;
      PLAYER_OFFSET_DEATHS           = 0xAA;
      PLAYER_OFFSET_CTF              = 0xC4;
      PLAYER_OFFSET_PING             = 0xD8;

That doesn't help anybody without any context whatsoever, you might as well not even post them. It looks like the player_datum struct in OS (the only one not in OS is "PLAYER_OFFSET_CTF"), but all of these offsets are 0x4 lower than they should be, why is that?

Thread: Halo Custom Edition [1.08] Interesting Addresses

Thread Tools

Search Thread

Display

Re: Halo Custom Edition [1.08] Interesting Addresses

Re: Halo Custom Edition [1.08] Interesting Addresses

Re: Halo Custom Edition [1.08] Interesting Addresses

Re: Halo Custom Edition [1.08] Interesting Addresses

Re: Halo Custom Edition [1.08] Interesting Addresses

Re: Halo Custom Edition [1.08] Interesting Addresses

Re: Halo Custom Edition [1.08] Interesting Addresses

Re: Halo Custom Edition [1.08] Interesting Addresses

Re: Halo Custom Edition [1.08] Interesting Addresses

Re: Halo Custom Edition [1.08] Interesting Addresses

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions