Real Time Halo Pointer Formula

[grimdoomer]

I can't remeber the formula for finding a tags offset in memory, I belive it was:

Code: Select all

(TagMetaOffset + ValueOffset) -/+ PrimaryMagic

Can any help?

[kornman00]

The value stored in the tag data IS the memory address

[grimdoomer]

I don't think I understand. Are you saying that I read the value in the map, and that is the memory address?

[LuxuriousMeat]

I don't think I understand. Are you saying that I read the value in the map, and that is the memory address?

The offset in the tag index is the address to it's tag data in memory. The "magic" values are used to find the offset in the file.

[grimdoomer]

I don't think I understand. Are you saying that I read the value in the map, and that is the memory address?

The offset in the tag index is the address to it's tag data in memory. The "magic" values are used to find the offset in the file.

So I should goto the tags RawOffset + valueoffset?

Well I went to the tags RawMetaOffset + ValueOffset and all I get is 0s. I don't think its actually reading anything. Here is the code im using:

Code: Select all

public float ReadSingle(int Address)
{
    byte[] buffer = new byte[4];
    ReadProcessMemory(m_hProcess, new IntPtr((Address + map.SelectedTag.RawMetaOffset)), buffer, 4, out Out);
    return BitConverter.ToSingle(buffer, 0);
}

//		BOOL ReadProcessMemory(
        //			HANDLE hProcess,              // handle to the process
        //			LPCVOID lpBaseAddress,        // base of memory area
        //			LPVOID lpBuffer,              // data buffer
        //			SIZE_T nSize,                 // number of bytes to read
        //			SIZE_T * lpNumberOfBytesRead  // number of bytes read
        //			);
        [DllImport("kernel32.dll")]
        public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);

[grimdoomer]

I finally figured it out. Each map gets loaded at a constant address. To get the offset of the index in memory you simply read 4 bytes at that constant address - 4. Then you can goto the index offset in memory + the tags raw meta offset.

[kornman00]

the value calculated for "magic" would be better termed as a "address mask" IMHO.

but yeah, back in 05 I think it was, I worked on a C++ codebase for dealing with halo 2 maps and other related data on the PC but by designing the implementation after how the game deals with content and memory so in the end I'm just loading the map into the base address and saving me hours of extra work writing fixup code and processor power running that code.

[grimdoomer]

the value calculated for "magic" would be better termed as a "address mask" IMHO.

but yeah, back in 05 I think it was, I worked on a C++ codebase for dealing with halo 2 maps and other related data on the PC but by designing the implementation after how the game deals with content and memory so in the end I'm just loading the map into the base address and saving me hours of extra work writing fixup code and processor power running that code.

So you basically made a "emulator" for halo 2 maps?

[kornman00]

basically, but I didn't have to worry about console constraints in my code since i was on the PC

[grimdoomer]

Thats awesome. I've been thinking about making a "Game Faker". I would basically write a dll on how to open and render any renderable data in variuse game files, then add it in a folder. When you launch it it would search for any dlls, then allow you to open those files. Maybe some player code too.