Halo 3 [Beta] Mod Discussion

[GametagAeonFlux]

This is your only warning, there is no discussing of how or where to get these files. No hinting, "check your PMs", or anything. You will be banned for discussing these things.

Anyways, post any relevant Halo 3 related modding discussion/findings here...I suggest that people who don't have anything intelligent to say would stay out of this thread.

DO NOT POST ANY UNANNOUNCED FEATURES OR CONTENT! Have respect for Bungie's information, and their decisions to withold said information at their discretion.

[shade45]

Alright cool, I'll start it off.

How to properly look at a halo 3 map in hex workshop:

If you just open a halo 3 map file in hex workshop you wont get to far, because now all the values are stored in Big Endian.

To Fix:
1.)Open your map in hex workshop.
2.)Go to Options--> Byte Order then select "Big Endian".

3.)Now close Hex Workshop and re open your map.
4.)Hex Workshop will now display the proper pointer values


Map Header:

Here is the for the map header format. I will update as more values are discovered.

Code: Select all

struct map_header //2048 bytes
{
    string head; //offset 0
    int game_version; //offset 4
    int map_size; //offset 8
    string time_stamp; //offset 284
    int string_table_offset; //offset 364
    string map_name; //offset 404
    string scenario_name; //offset 440
    int file_table_offset; //offset 704
    int file_index_offset; //offset 712
}

[Prey]

Heres what i posted back on xbl-hackers..

What we know so far.. (offset, type, endian, name, description)

Header - the first 2048 bytes of the map
0 - string - little - head - 4 letters that spell out 'head'
4 - int32 - big - version - the map version, halo3 maps are v9
8 - int32 - big - filesize - the total count of bytes that make up the map

28 - byte[] - ? - origin - 256 bytes of space for storing info when in cache (at least it was in Halo2 anyway)
284 - string - little - timeStamp - 32 letters that make of the time stamp of the map

316 - int16 - big - mapType - a number representing the type of the map (Halo2: 0=sp 1=mp 2=mm 3=shared 4=spshared)

348 - int32 - big - stringsOffset128 - strings that are each within 128 byte blocks
352 - int32 - big - stringCount - the amount of strings
356 - int32 - big - stringsSize - the total count of bytes that make up the strings
360 - int32 - big - stringsIndexOffset - the beginning of the strings index in the map
364 - int32 - big - stringsOffset - the beginning of the strings in the map

404 - string - little - internalName - 32 letters that make up the internal name of the map - e.g. snowbound
440 - string - little - scenarioName - 256 letters that make up the scenario name of the map - e.g. levels\multi\snowbound\snowbound

700 - int32 - big - fileTableCount - the amount of strings within the table
704 - int32 - big - fileTableOffset - the beginning of the table in the map
708 - int32 - big - fileTableSize - the total count of bytes that make up the table
712 - int32 - big - fileTableIndexOffset - the beginning of the tables index in the map
716 - int32 - little/big - checksum - maps safecheck, its every byte after the header(2048bytes) xored

2044 - string - little - foot - 4 letters that spell out 'foot'

..and an application i made using this infomation i had found:

Edit* - Version 1.01, maptype bug fixed.

• Can open multiple maps
• Can resign
• Displays Header info
• Displays Tagpaths
• Displays Strings

-> Download

Enjoy!

..and its not 'tmode', classes are still four chars long - the 't' is part of something else, just because it can be a char doesnt mean it is one.
Also the index offset is possible found at offset 20. Im still looking into that. Apart from that, words are no longer reversed in the map (its 'bipd' now, not 'dpib').. and the unicode table, whilst still in the same format, seems to have moved alot higher up.

Had to come back to help you nubs

[Tural]

From the tag list, is it possible for someone (Prey =x) to find the offset at which the tag's actual data is located? Having the offsets, it would be rather simple to extract some basic stuff (Images, copy and paste the data to a blank dds file).

[Prey]

From the tag list, is it possible for someone (Prey =x) to find the offset at which the tag's actual data is located? Having the offsets, it would be rather simple to extract some basic stuff (Images, copy and paste the data to a blank dds file).

Well with Halo 2 to get to a bitmaps image, put simply: Header -> Index -> Tags -> bitmap tag -> Meta Offset -> Use plugin to find pointer to the rawdata (the image) and its size -> Extract.

..and we're only on the header bit btw

[-DeToX-]

All of this was already known though, all that header stuff could have been guessed by looking at halo 2's Map header and looking that some things are only shifted a bit(mostly by 4 bytes) and big endian.

What we really need is to calculate the index offset.

It seems that the TagClasses are a list, with an ident behind them( a short) and the meta table references this ident to show its type of class instead of writing the tagclass each time. This saves space, as each is written as a short(2 bytes) instead of long(4).

and Loading tagnames is a different thing than loading offsets, two different tables, so when people think because someone can load tag names, they can load offsets, your wrong >_> ;x. If you want I can give you meta offsets and all, but it would be more preferred for one to learn to calculate the pointer to the index. From the index its all pretty much easy.

Alot of Halo 3 is really obvious though. We should go far.

[Prey]

Deadlocks indexOffset is 151587228, heres some info on it ive found..

Relevant Offset = Name
0 = constantly 168
4 = unk
8 = object count
12 = unk
16 = constanly 5
20 - unk
24 = 0000 0000
28 = unk
32 = unk
36 = 'tags'

Updated^^

[-DeToX-]

Cool. Your missing quite alot there

[Prey]

The index header barely has any changes, you're missing quite alot there.

Ok.. heres a bit more:

0 = constantly 168
4 = unk - primaryMagicConstant
8 = object count
12 = unk - objectIndexPointer
16 = constantly 5
20 - unk
24 = 0000 0000
28 = unk - scnrID
32 = unk - firstID
36 = 'tags'

And i get pointed to 151530236 for the tags if anyone wants to look.

[-DeToX-]

That pointer for tags Im really sure is wrong.

How were you lead to that? Your objectIndexPointer?

[shade45]

What we really need is to calculate the index offset.

I found this out, its not a direct pointer to the index header but its close.
If you add (offset 20 + offset 764) it will bring you to a an index(dont know which one yet) and if you scroll up from there you will find the index header. Only problem is the space between the index header and the index that the value brings you to is always different.

[pokecancer]

0x10 A6E4B19C memory address modifier

index header - starts at 0x909099C in deadlock

0000 00A8 tagtype count
A6E4 A71C tagtypes index 908FF1C
0000 1BD8 meta count (7128)
A6E3 C85C tag info 908205C
0000 0005
A6E3 C834 main tags 9082034
0000 0000
A6E3 C834 main tags 2
B13D 95F2


magic=int 0x10 - index header offset
9DDBA800 primary magic

tag info chunk
{
short tagclass index
short salt
int memory_address
}

int salt=BR.ReadInt16();
salt<<=16;
int ident=tagnumber|salt



I really need to know how the index offset is calculated.

[-DeToX-]

Yeah, we need the IndexHeader offset calculation. =x.

[GametagAeonFlux]

Alright guys...I want everyone to re-read my first post before posting after this. Some things were said that were not meant to be seen by the public, and they need to stay that way. So from now on, this is your one and only warning.

Do not post anything that Bungie themselves have not confirmed. We are not going to be held responsible for, nor shall we partake in the leaking of information. If you have to ask about something, it's best to just not post it.

Keep things related to the development of modding, not the content itself.

[Prey]

Ah nice work poke on finding some of that stuff out!

So for the record,

Header
16 - PrimaryMagicConstant
PrimaryMagic = (PrimaryMagicConstant - IndexOffset)

Index
0 - tagTypeCount
4 - tagTypeIndexOffset (-PrimaryMagic)
8 - objectCount

12 - objectIndexPointer
offsetOfObjectIndex = (objectIndexPointer - PrimaryMagic)

16 - Always 5?
20 - Points just above index (-PrimaryMagic)
24 - Always 0000 0000?
28 - Points just above index as offset 20 (-PrimaryMagic)
32 - unk
36 - 'tags'

TagTypes Index
This consists of 16-byte blocks with the 4 letters (bipd, matg) being the first 4 bytes. The other 12 bytes is something ive yet to look in to.

Tags Info
This consists of 8-byte blocks, that 'i think' follow this structure:
0 - int16 - Index of the tags Type
2 - int16 - The tag number?
4 - int32 - The tags ident

The Index Offset
It is possible that Bungie have simply stored the indexOffset of each map within the .xex somewhere (the bit that contains all the code). For now ive hardcoded them into the app below.

The Application


-> http://www.filesend.net/download.php?f= ... ffc71f2638

[shade45]

You got the Tag Info wrong its actually this

Tags Info
This consists of 8-byte blocks, that 'i think' follow this structure:
0 - int16 - Index of the tags type
2 - int16 - The tags ident
4 - int32 - Tag offset

[pokecancer]

found how to get index:
var a=map header offset 0x10 (Address Modifier)
var b=map header offset 0x14 (Meta Start)
var c=map header offset 0x2F0 (Base Address)
var d=map header offset 0x300 (unknown Address)
var e=map header offset 0x308 (unknown Address)

a-c+b=index offset;
d-c+b=unknown stuff;
e-c+b=unknown stuff;

now we need to figure out secondary magic, cause my reflexives are real messed up once it gets to meta editing. the primary magic seems fine though.

prey do you have aim or msn?

[Prey]

found how to get index:
var a=map header offset 0x10 (Address Modifier)
var b=map header offset 0x14 (Meta Start)
var c=map header offset 0x2F0 (Base Address)
var d=map header offset 0x300 (unknown Address)
var e=map header offset 0x308 (unknown Address)

a-c+b=index offset;
d-c+b=unknown stuff;
e-c+b=unknown stuff;

now we need to figure out secondary magic, cause my reflexives are real messed up once it gets to meta editing. the primary magic seems fine though.

prey do you have aim or msn?

Ah nice work with the indexOffset.. and yea my aim screenname is Prey074

[LuxuriousMeat]

0x10 A6E4B19C memory address modifier

index header - starts at 0x909099C in deadlock

0000 00A8 tagtype count
A6E4 A71C tagtypes index 908FF1C
0000 1BD8 meta count (7128)
A6E3 C85C tag info 908205C

You sure about the one in bold? It's always negative for me and yes I'm reading in big endian.

[Prey]

0x10 A6E4B19C memory address modifier

index header - starts at 0x909099C in deadlock

0000 00A8 tagtype count
A6E4 A71C tagtypes index 908FF1C
0000 1BD8 meta count (7128)
A6E3 C85C tag info 908205C

You sure about the one in bold? It's always negative for me and yes I'm reading in big endian.

You have to minus the primaryMagic.