Halo CE Modding Research Thread

[iBotPeaches]

On first glance, the initial disc structure is very different. I attribute this to the kinect features, and the ability to revert back to the "orginal" mode at any time.

 

http://i40.tinypic.com/2emfqkg.jpg

 

Gonna look into those fancy s3dpaks. I'm too scared to look at the .map right now.

 

 

Notes:

• Requires updated (13604 kernel) ? link
  
• CFG Files explained link
  

[fattwam]

Un-rar'ing mine now =]

Though i have no idea how to use my JTAG, lol this is gonna be a struggle.

Last time i used it it said the HDD was full even though there is nothing on it.

[iBotPeaches]

Wow.

 

There is the maps folder for those Halo CE maps remade for Reach, but then maps_original could possibly be another .map structure. Promising.

 

Un-rar'ing mine now =]

Though i have no idea how to use my JTAG, lol this is gonna be a struggle.

Last time i used it it said the HDD was full even though there is nothing on it.

 

All those HDDs programs out there corrupt drives like crazy. I bought Eaton's lol. Never bought a modding tool, but I don't have to worry about unallocated space and stupid other programs effing up my drive.

[fattwam]

Any idea how to fix ? Or at least how to tell WTF my JTAG is ? lol

*Shame... Sub admin of iBotModz is a total noob I miss the old days

[iBotPeaches]

You gotta reformat the drive and start over. The allocation of used/free space is effed up.

[fattwam]

Dam... I PM'ed ya

[deadcanadian]

i wish my download was faster to get this game. i plan to check a bunch of the files for the .maps and see whats different in them. as well as the original maps. cause if they use part of the old engine some of the format should be the same such as how they are saved. so hopefully modding should be similar to before.

 

and xex with map encryptions removed i can easily make once i get my hands on one. i just need to decompile it and find out where its function is and break a branch to make it skip it like ive done in previous games.

 

EDIT: thx fattwam, decompiling it now. ill update once i find some things for the time being

EDIT2: that xex makes no sense, no individual variables at the top, and no Xecrypt. so apperently theres no checks if thats true. but no variables leads me to think the xex is wrong.

Edited November 11, 2011 by deadcanadian

[iBotPeaches]

Very strange.

 

My IDA is crashing trying to open it. So wow. Gotta fix that.

 

 

EDIT: Its open now, but I don't know what the hell I'm doing. So forgot it.

[AMD]

Can somebody send me one of those s3dpak files? I'd like to take a look but the ISO is still downloading...

[iBotPeaches]

Can somebody send me one of those s3dpak files? I'd like to take a look but the ISO is still downloading...

 

The file deletes in 1 hour

 

http://minecraft.ibotmodz.net/a50.rar

[iBotPeaches]

GameOpt = {
  DefaultDifficulty = 1
  ConstReticle = No
  HideHUD = No
  Blood = Yes
  Subtitles = No
  Time_hints = 1
  Def_hints = Yes
  ShowHints = Yes
  WeaponBar = Yes
  AutoSwitch = Yes
  CameraShake = Yes
  ScreenFlashes = Yes
  TimeShortcuts = No
  ToggleCrouch = Yes
  Skulls = {
  BonusSkullUnlocked = No
  skull01 = FALSE
  skull02 = FALSE
  skull03 = FALSE
  skull04 = FALSE
  skull05 = FALSE
  skull06 = FALSE
  skull07 = FALSE
  skull08 = FALSE
  skull09 = FALSE
  skull10 = FALSE	 
  skull11 = FALSE
  skull12 = FALSE
  skull13 = FALSE
  skull14 = FALSE
  skull15 = FALSE
  }
}

 

This code was in user.cfg. Then boom, I changed all the skull things to TRUE. Seems too easy.

[iBotPeaches]

Wait is it possible we have a non-retail rip?

 

Multiplayer = {
  Mode = Single
  ServerIP = 192.168.1.40
  ServerLocation = multiplayer1
  Difficulty = 1
  TrafficLogging = 0
  EventLogging = 0
  ServerModeIdx = 0
  GameTypeStandard = 1
  StandardModifier = 1
  ServerTypeNum = 0
  ServerMapId = 2
}

 

All these cfgs files, I've never ever seen in any other game and its just weird.

[iBotPeaches]

Dashboard Kernels and the Game

 

Okay,

 

It appears the game requires above or at the 13604 kernel. It has the kernel update included (like all games), but this game won't run on anything older. It will simply fail to load. I tested this by flashing old kernels on my JTAG and they would fail to load. However, on this kernel (13604) it runs perfectly. It seems they must be using something new in that XEX? The XEX doesn't really match the structure of other games XEXs. Its almost like its a new revision of them. Then again, I'm an idiot with this stuff. Just commenting what I see.

[iBotPeaches]

CFG Files

 

Okay, we have user.cfg and game.cfg in the root of our game. Most of these configs are just settings and controls that can be changed in game, so its actually more difficult to change them via this files. As this makes them the default.

 

For example, you set all the skull values in user.cfg to TRUE, and before you start a game. It will say "15 Skulls Enabled" as that is now the default. So we at least know our changes are taking effect.

 

There are video sections and DEBUG sections located in the game.cfg file, that I'm trying to get mapped out and seeing all the effects they have.

 

 

 

Video = {
  VIDEO_SizeX = 1024
  VIDEO_SizeY = 768
  VIDEO_BPP = 32
  VIDEO_OFF_Flares = No
  VIDEO_Show = 1
  VIDEO_FullScr = Yes
  VIDEO_TripleBuf = No
  VIDEO_MipMapFilter = Yes
  VIDEO_LowShatterQual = No
  VIDEO_Detail = Yes
  VIDEO_UseDOT3_Diffuse = Yes
  VIDEO_UseDOT3_Specular = Yes
  VIDEO_Mirror = Yes
  VIDEO_Reflections = Yes
  VIDEO_UseHDR_Debug = 0
  VIDEO_TreeQual = 0
  VIDEO_IgnoreVidMemCheck = 0
  VIDEO_Diffuse_Dbg_Show_Lights = 0
  VIDEO_ShadowMapType = 0
  VIDEO_UseSSAONormals = 1
  VIDEO_ShaderLodDistance = 100.0
  VIDEO_Drv = "Xbox"
  check_sdr_cache_db = 0  
  VIDEO_SSAOAmount = 1.2
  VIDEO_SSAOAmbient = 0.3
  VIDEO_ScaleCompName = ""  
  VIDEO_VidMemQuota = 235
}

Debug = {
  LoadFromDisk = 0
  UnlockSkulls = 1
  UnlockBonusSkull = 1  
  UnlockTerminals = 1
  UnlockKinect = 0
  UnlockLibrary = 0
  PlayStartingVideo = 1  
  UseCPoint = ""
  EnableSplitScreen = TRUE
  Difficulty = 1  
  ScrShotPath = "D:\\shots"
  Decomp_OFF_DrawLine = 1
  ShowSoundsStatInfo = 1
  logAsserts = 0
  CheckUserSaves = 1
}

 

 

 

These are interesting due to the fact they say "Unlock Skulls, Bonus Skulls, Terminals, Kinect & Library". All in all, these are a fun little quick way to experiment instead of diving right into the .map files. There seems to be around 200 lines total between these 2 files, so there are plenty variables to change. I'll start going through the important looking ones and see if we can get any cool effects or changes.

 

EDIT: Confirming that unlocking the Terminals does unlock them. I don't know what unlocking the library is. So no clue what it did.

Edited November 12, 2011 by iBotPeaches
added unlocking terminals

[deadcanadian]

for those two cfg files. the game.cfg should be the main one youll mod. however if you didnt know you can add code into them that can correspond with the code in the xex. so if you knew where things were you could add other things. as well for the debug functions i was wondering if you would be able to call some of the old halo 1 ones such as teleporttocamera and so forth.

[Rogue Modder]

To add on to DeadCanadian, it seems CEA was built on-top of Gearbox's 2003 PC ported codebase, and not Bungie's 2001 Xbox Codebase. So that probably would in-fact work. Edited November 12, 2011 by Xerax

[Twis7eD]

Dashboard Kernels and the Game

 

Okay,

 

It appears the game requires above or at the 13604 kernel. It has the kernel update included (like all games), but this game won't run on anything older. It will simply fail to load. I tested this by flashing old kernels on my JTAG and they would fail to load. However, on this kernel (13604) it runs perfectly. It seems they must be using something new in that XEX? The XEX doesn't really match the structure of other games XEXs. Its almost like its a new revision of them. Then again, I'm an idiot with this stuff. Just commenting what I see.

That would make sense. I removed the library limit on the xex and DLL's like I normally do to allow the games to function on any kernel, but that didn't work. The multiplayer part of the disc (ReachTU1.xex) will run fine, but not the campaign. Hopefully other games don't start to do this as well or else everyone will have to keep up to date on the most recent kernel to be able to play all games.

[deadcanadian]

 

EDIT: Confirming that unlocking the Terminals does unlock them. I don't know what unlocking the library is. So no clue what it did.

i believe the library involves the new analyze feather they put in with kinect. such as unlocking the library will likely make everything already scanned.

[iBotPeaches]

I tried messing around with the s3dpak files, then no matter what I did I couldn't read the stream all the way though without it erroring out. xmt along with AMD made a nice little decompression tool.

 

source: http://www.halomods.com/ips/index.php?/topic/400-ha10-expectations/page__view__findpost__p__4716

hcea_decompress.zip

[iBotPeaches]

As I'm sitting in class I was browsing through IDA.

 

 

I changed all those offsets to 01 (which I think sets the bool/byte to true/1). However nothing changed in game. Damn, no aim assisting. This XEX stuff is fun, but quite overwhelming. A couple of weeks of this and reading up on assembly and I think I'll be able to pick some of this apart.

 

 

EDIT:

 

Question for those who know this. Say I find something in IDA at offset 825D5DC8. I was told to ignore the first 2 chars as those are part of the memory IDA something. So then I have 5D5DC8. I goto that offset in hXd (hex editor) and my data isn't there. I do a search for the string of hex values (about 4 will do) and sure enough I find the string of chars a few lines down. So the offset is off. I subtract the difference after locating the value and it was 98 (hex). I tried to add 98 to the next offset I found, and it wasn't right. It was 540 (hex) that time.

 

Sooo whats with the difference of offsets between IDA and HxD?

Edited November 15, 2011 by iBotPeaches
added question

[Rogue Modder]

Those are probably set to 0 be default, and link to a registry to store the value. I assume those are the modifiers, not used by default, but set/disabled by the skulls.

[iBotPeaches]

Well. Took a day reading lots of assembly stuff. Feeling more comfortable at least reading some of it.

 

Saw this picture retweeted by gabe. So wanna try and get that enabled. If its just an option some how, then hell yeah. Otherwise I'm trying anything and everything labeled debug in the XEX.

 

http://i.imgur.com/HQuZe.jpg

[deadcanadian]

well, my research to getting the map magic is getting confusing, cause i can see the format for the original maps and how i should be able to get certain offsets but its not getting accurate readings, however after messing around with alot i have managed to get somewhere with realtime editing.

 

heres a quick video of a simple weapon projectile realtime edit

[iBotPeaches]

heres a quick video of a simple weapon projectile realtime edit

 

Same effect as that other video you showed me? You were the secret guy who had already modded it

[iBotPeaches]

This is as far as I got today. Just a repeating nonstop text of "god mode On/Off"

 

http://i40.tinypic.com/28ugvn6.jpg