Halo 3 Retail Game Research

Discussion about modding Halo 3.
-DeToX-




Illusionist Recreator Connoisseur Acolyte
Sigma Decryptor Droplet Pyre
Blacksmith Socialist New Age System Engineer
ONI

Posts: 4589
Joined: Sun Jun 18, 2006 3:58 pm
Location: ...

Re: Halo 3 Retail Game Research

Post by -DeToX- »

True that.

Had it in my app for a while, Anthony put it in.. I thought it was posted here and could've sworn it was.

Regardless, OBGJFIOYO.
Image
Gruntlord5





Posts: 78
Joined: Thu Aug 21, 2008 5:59 pm

Re: Halo 3 Retail Game Research

Post by Gruntlord5 »

Anyone know the enum for the sandbox skull?
User avatar
DarkShallFall




Artisan Recreator Trickster Connoisseur
Advisor Pyre Renovator Sigma
Snitch! Enthraller New Age Miner

Posts: 1992
Joined: Fri Jan 20, 2006 2:49 pm
Location: MI, USA
Contact:

Re: Halo 3 Retail Game Research

Post by DarkShallFall »

Gruntlord5 wrote:Anyone know the enum for the sandbox skull?
Chunk 16 of Weapon Placement, and chunk 17 of Weapon Pallette.(In scnr)
Weapon name: objects\levels\dlc\shared\forge_ball\forge_ball
Placement Coordinates:
X:6.410174
Y:-118.1021
Z:-15.05817
Yaw:-1.563581
Pitch:0.1191015
Roll:-0.5361507
Image
Iron_Forge wrote:I assume I won?..I should get an emblem...
User avatar
HaLo2FrEeEk





Posts: 170
Joined: Fri Aug 10, 2007 9:25 pm

Re: Halo 3 Retail Game Research

Post by HaLo2FrEeEk »

I have some questions about the BLF files contained inside CON files for Halo 3 screenshots, or just blf files in general.

The first post says that the EOF footer is always 273 bytes long, but opening up the CON file with a screenshot in it and extracting it out gives me an EOF footer that is only 17 bytes long. It's like that every time, I've tried multiple different CON files.

I also don't really understand the header information, either. From what I've read about the syntax for C#, an int is 4 bytes, a short is 2 bytes, a long is 8 bytes, and a string and byte[] is variable length (which is why you include the length in the structure table in the first post). So what's getting me is there seems to be some inconsistencies.

I opened up a .blf image from the Images folder on the Halo 3 disk and took a look at it. I selected the first 4 bytes, string Word_blf, and bookmarked it in Hex Workshop. Then I bookmarked the next 4 bytes, int HeaderSize. Then 2 bytes for short Unk8, another 2 for short Unk10, and another 2 for short Unk12. Then I did 34 bytes for string FileDescription. Another 4 for int Filesize, 8 for byte[] Unk52, and finally 4 for int FileContentsSize. The problem is, there's 4 bytes left over.

4+4+2+2+2+34+4+8+4 = 64, not 68. Where am I missing bytes?

Something seems to be off, when I select the 34 bytes for FileDescription, the 4 bytes directly after those 34 are mapi, which I'm assuming means Map Image, I would think that would go in the file description and that it's somewhere before that where the 4 missing bytes are. Can someone help me out. I can't get Anthony's screenshot tool to work so I want to make my own.

Also, can someone explain to me why there seem to be 2 file list tables in the CON file? One at 0xC000 that just has the screen.shot name, and another at 0xD000 that actually contains file list information like starting cluster and filesize.

Edit: I applied my bookmark file to an extracted Halo 3 .shot file and it's doing the same thing. Here's what I get for my screenshot, in hex/value:

Code: Select all

    struct BLFHeader
    {
        string Word_blf = 5F 62 6C 66 / _blf;        // Len4
        int HeaderSize = 00 00 00 30 / ...0;
        short Unk8 = 00 01 / ..;
        short Unk10 = 00 02 / ..;
        short Unk12 = FF FE / ..;
        string FileDescription = 68 61 6C 6F 20 33 20 73 61 76 65 64 20 73 63 72 65 65 6E 73 68 6F 74 00 00 00 00 00 00 00 00 00 00 00 / halo 3 saved screenshot...........; // Len34, Not present in all files.
        int Filesize = 63 68 64 72 / chdr;
        byte[] Unk52 = 00 00 01 08 00 09 00 02 / ........;           // Len8
        int FileContentsSize = 2E 4F 00 00 / .O..;
    }
So what am I doing wrong?In this file after all the bookmarks there's still 8 bytes before the name of the actual screenshot file (.F.o.r.g.e. .0.0.4.............., or something similar). What the heck am I missing? It seems that Anthony's screenshot tool could easily be fixed for it's most common problem (having more thanone profile with Halo 3 screenshots on it) by simply reading all the screenshots and just reading the creator's name from the files at offset 0xE8 (relative to the start of the blf file).
dschu012





Posts: 3
Joined: Wed Mar 19, 2008 11:03 am

Re: Halo 3 Retail Game Research

Post by dschu012 »

Can't be positive about this being valid but it says that the BLF Header is

Always 68 bytes long.

However from what I have seen and read the BLF Header is only 48 bytes for a Usermap.
User avatar
kornman00




ONI New Age

Posts: 146
Joined: Fri Dec 12, 2003 6:30 pm
Contact:

Re: Halo 3 Retail Game Research

Post by kornman00 »

A '_blf' data block is a 48 byte structure, nothing more, nothing less.
User avatar
HaLo2FrEeEk





Posts: 170
Joined: Fri Aug 10, 2007 9:25 pm

Re: Halo 3 Retail Game Research

Post by HaLo2FrEeEk »

Then why does the first post in this thread say always 68 bytes long, the header size int always reads 48, and I'm only getting 64 bytes when I follow the structure from the first post...something is wrong somewhere.

I need to know the best way to extract out Halo 3 screenshots from the BLF files, but I guess first I have to extract the .shot file, then extract the image from it. And mine always seem to be different than the other account on my xbox (my fiancee's), mine seems to have some sort of extra data attached to it. Upon further investigation I have 1 screenshot on my computer that uses a different format and it was taken on 6/26/08, this is all the information from the _blf string up to the start of the JPG file:

Code: Select all

_blf...0......halo 3 saved screenshot..
.........chdr.........~..A.....l..F.i.e
.r.y. .W.r.e.c.k..........Forge on Ghos
t Town, 06/26/08.......................
.......................................
.....................................ho
ckeylevys15................UG........*.
...Hf`y...........N.............. .>...
scnd...:.......*
And the same info (from the _blf string to the start of the JPG) for a screenshot taken more recently:

Code: Select all

_blf...0......halo 3 saved screenshot..
.........chdr......../&........i..F.o.r
.g.e. .0.0.8..............Forge on Sand
box, 03/28/09..........................
.......................................
.....................................Ha
Lo2FrEeEk..................-'.......)..
...I..$........................+..{.HC.
scnc...p......).@).9...GBI.....1.w....5
...1C.D0.=..)....?B[&?H........... .9.`
.F............. .9.`.F.....8..<...F ...
...................?[m..[m.>.w.>.I%....
?.""....?...?....D.m..1D=..2?..G.D0.:w.
..~..=..)?.5.A.?3..=..I8k?....D.m?..G.~
....1D.D0.=..)=..2:w..?.5.@).9...GBI...
5`.?5....CK>.CK?.y-................@ k.
........:.......5L..............<......
.Da.xDa.x..7...7)scnd..).......).
The first is 328 bytes and the only thing I can tell that is different between the first 328 bytes between the 2 (apart from the abvious different name and gamertag, etc.) is the older one has scnd at byte 312 and the newer one is scnc. I know Bungie changed the way they put screenshots in the files, so it's probably that.

Another thing I've noticed is that in the newer ones there is what seems to be a dummy file list at 0xC000 then the real file list at 0xD000, what's up with that?
User avatar
kornman00




ONI New Age

Posts: 146
Joined: Fri Dec 12, 2003 6:30 pm
Contact:

Re: Halo 3 Retail Game Research

Post by kornman00 »

HaLo2FrEeEk wrote:Then why does the first post in this thread say always 68 bytes long
Probably because its wrong due to a misunderstanding of the BLF format

If someone posted that the moon was still made of cheese would you quote them for truth? :P

yes, you read right, *still*
User avatar
xbox




Blacksmith

Posts: 2022
Joined: Wed Jul 28, 2004 3:28 pm
Location: Hi.

Re: Halo 3 Retail Game Research

Post by xbox »

Yes.
User avatar
HaLo2FrEeEk





Posts: 170
Joined: Fri Aug 10, 2007 9:25 pm

Re: Halo 3 Retail Game Research

Post by HaLo2FrEeEk »

Ok, so all that aside, is there a way for me to easily differentiate between the two different styles? If I wanted to make another screenshot tool since Anthony's doesn't work, how would I easily tell the difference between the 2 types of screenshot containers? The older style only has one file list, at 0xC000, the new type has one at 0xC000 that doesn't point to anything and another at 0xD000 that is the real thing.
User avatar
grimdoomer




System Engineer

Posts: 1440
Joined: Mon Oct 09, 2006 4:36 pm

Re: Halo 3 Retail Game Research

Post by grimdoomer »

HaLo2FrEeEk wrote:Ok, so all that aside, is there a way for me to easily differentiate between the two different styles? If I wanted to make another screenshot tool since Anthony's doesn't work, how would I easily tell the difference between the 2 types of screenshot containers? The older style only has one file list, at 0xC000, the new type has one at 0xC000 that doesn't point to anything and another at 0xD000 that is the real thing.
There aren't two styles. The second table is there for some memory caching functions if I remember correctly. Veegie explained it to me a while back.
Image
AI Zones in MP | Ambiance | Gravemind Beta v1.1
Aumaan Anubis wrote:Grimdoomer. The first person ever to mod Halo 2 Vista.
User avatar
Veegie




Socialist Architect Coroner Golden Age
Mad Hatter Acolyte Translator New Age
ONI

Posts: 3638
Joined: Wed Nov 26, 2003 2:28 pm
Location: Redmond, WA

Re: Halo 3 Retail Game Research

Post by Veegie »

Yeah.
In case you turn off your console or remove your memory card while it's saving, it'll have a backup to refer to.
Image
Hijikata wrote:The fact you love Jesus doesn't change the fact you're a *** mental patient. It just means you're a mental patient with a great imaginary friend.
User avatar
HaLo2FrEeEk





Posts: 170
Joined: Fri Aug 10, 2007 9:25 pm

Re: Halo 3 Retail Game Research

Post by HaLo2FrEeEk »

I'm 100% positive I read somewhere that when Bungie released the first title update that patched the screenshot function so that it would be harder for people to mod screenshots. What else would explain why I've got pre-title update 1 screenshots and post-TU1 screenshots that have 2 different styles? Pre ones just have 1 file list. I've checked about 10 different pre-TU1 screenies and they're all like that. I also checked more than that many post-TU1 screens and they all have the second file list.

Whatever though, all I want to really know is how to make a Halo 3 screenshot extractor. I pull out the shot file according to the file list and then what...how do I find where the screenshot starts? Will it always start at the same offset? I know where to find the file contents size, but what's with all the extra data after the 328th byte in the examples I posted above. The first is an older screenshot, there are 328 bytes starting from the _blf string and going to the JPG header. The second is newer and there is extra data after those 328 bytes before the JPG header.
User avatar
unknownv2





Posts: 1041
Joined: Sun Oct 14, 2007 8:31 am
Location: Florida

Re: Halo 3 Retail Game Research

Post by unknownv2 »

HaLo2FrEeEk wrote:I'm 100% positive I read somewhere that when Bungie released the first title update that patched the screenshot function so that it would be harder for people to mod screenshots. What else would explain why I've got pre-title update 1 screenshots and post-TU1 screenshots that have 2 different styles? Pre ones just have 1 file list. I've checked about 10 different pre-TU1 screenies and they're all like that. I also checked more than that many post-TU1 screens and they all have the second file list.

Whatever though, all I want to really know is how to make a Halo 3 screenshot extractor. I pull out the shot file according to the file list and then what...how do I find where the screenshot starts? Will it always start at the same offset? I know where to find the file contents size, but what's with all the extra data after the 328th byte in the examples I posted above. The first is an older screenshot, there are 328 bytes starting from the _blf string and going to the JPG header. The second is newer and there is extra data after those 328 bytes before the JPG header.
Veegie wrote:Yeah.
In case you turn off your console or remove your memory card while it's saving, it'll have a backup to refer to.
You make an if statement for those two types.
User avatar
HaLo2FrEeEk





Posts: 170
Joined: Fri Aug 10, 2007 9:25 pm

Re: Halo 3 Retail Game Research

Post by HaLo2FrEeEk »

But where in the blf header does it tell me where the actual jpg file starts? Does it always start at the same place (obviously different between the 2 styles) or is it different? I would think it'd be in the same place like the blfs in the maps/images folder, they always started at offset 0x44 and the filesize was the 4 bytes starting at 0x40, is it similar?
User avatar
shade45




Translator Artisan Enthraller Logistician
Stylist Wave Firestorm New Age

Posts: 2270
Joined: Fri Apr 01, 2005 1:04 pm

Re: Halo 3 Retail Game Research

Post by shade45 »

They always start at the same location, jpeg's are easy to spot in hex just look for the JFIF marker (0xFFE0).
User avatar
HaLo2FrEeEk





Posts: 170
Joined: Fri Aug 10, 2007 9:25 pm

Re: Halo 3 Retail Game Research

Post by HaLo2FrEeEk »

they're easy to spot to a human eye, not a program. But if they always start at the same offset then that means that the size starts at the same location every time, too, meaning I should just be able to write the program that reads from the filesize location for the jpg and then read that many bytes from the start of the jpg offset without even having to extract the .shot file. Now I just have to find a way to differentiate between the 2 different styles...
User avatar
Rogue_Modder





Posts: 284
Joined: Sat Mar 29, 2008 5:46 am
Location: London
Contact:

Re: Halo 3 Retail Game Research

Post by Rogue_Modder »

or get your app to start at 0xFFE0 and search for the end...
Image
{Rules}{Search}{Signature}
"Modding for xbox 1 is over, And modding for the 360 never began, So modding in general doesn't even exist"
User avatar
unknownv2





Posts: 1041
Joined: Sun Oct 14, 2007 8:31 am
Location: Florida

Re: Halo 3 Retail Game Research

Post by unknownv2 »

Rogue_Modder wrote:or get your app to start at 0xFFE0 and search for the end...
JPEG's start with 0xFFD8...

Also, you can use an if statement to determine where it starts. There's a lot of places to make one.
User avatar
Rogue_Modder





Posts: 284
Joined: Sat Mar 29, 2008 5:46 am
Location: London
Contact:

Re: Halo 3 Retail Game Research

Post by Rogue_Modder »

Oh, Shades post said 0xFFE0 so i assumed it was right lol.
Image
{Rules}{Search}{Signature}
"Modding for xbox 1 is over, And modding for the 360 never began, So modding in general doesn't even exist"
Post Reply