Halo 3 Retail Game Research

[Anthony]

Also here is a bit of code to help some people read the tag paths since ive gotten a few people asking me how I do it

also I came up with something I call "HeaderMagic" Because the string table is always after the header I just subtract the header size from the string table offset to get a sort of magic value

then i use that to find the offsets to other stuff that you can get from the header such as the file table

Some variables that will help you

Code: Select all

        public int stringTableOffset;//352

        public int fileCount;//692
        public int fileTableStringsOffset;//696
        public int fileTableStringsSize;//700
        public int fileTableOffset;//704

        public int HeaderMagic { get { return stringTableOffset - 0x3000; } }

Some code to help you read the file table

Code: Select all

            
            //String Offsets from the file table
            int[] stringOffsets = new int[fileCount];

            //Move to the table and read all the string offsets
            br.SeekTo(fileTableOffset - HeaderMagic);
            for (int x = 0; x < fileCount; x++)
            {
                stringOffsets[x] = br.ReadInt32();
            }

            //Read all the file strings
            tagPaths = new string[fileCount];
            for (int x = 1; x < fileCount - 1; x++)
            {
                //Move to the string
                br.SeekTo((fileTableStringsOffset - HeaderMagic) + stringOffsets[x]);

                //Figure out the string size
                int stringSize = 0;
                if (x == fileCount - 1)
                    stringSize = stringOffsets[x] - fileTableStringsSize;
                else
                    stringSize = stringOffsets[x + 1] - stringOffsets[x];

                //Read in the string
                tagPaths[x] = new string(br.ReadChars(stringSize));
            }

so now that you have a solid way to read the tag paths good luck


also prey here is the map types

Code: Select all

        public mapTypes mapType;//316
        public enum mapTypes : short
        {
            Singleplayer = 0x0000,
            Multiplayer = 0x0001,
            Mainmenu = 0x0002,
            Shared = 0x0003,
        }

maybe later ill post more

[LuxuriousMeat]

Cool, you released it .

[shade45]

Ah "Header Magic" that will be usefull. As if i didnt think of doing that I've been doing it the hard way

[Anthony]

Ah "Header Magic" that will be usefull. As if i didnt think of doing that I've been doing it the hard way

haha yeah everyone is doing it that way

also here is the halo 3 versions enum

Code: Select all

        public versions version;//4
        public enum versions : int
        {
            Halo3Beta = 0x00000009,
            Halo3Retail = 0x0000000B,
        }

I was gonna put all the halo versions but I figured this is a Halo 3 topic haha


also, lets not call anything a "hash" until we figured out more of the header... because you have that big section of data labeled as "hash" which is where I found the base address for the unicode tables so I suggest you label it as unkown instead

[stevo3463]

Thanks Anthony for your help!

[Prey]

prey you should convert them to hex instead of dec, it would make it a bit easier to read. and also it helps find any values taht are in the header unless you have yours set to display dec instead of hex =p

Lul, I'll post a converted version later then.

[...]Some code to help you read the file table[...]

Here, I optimised it slightly so you don't have to do that annoying if statement everytime in the second for loop:

Code: Select all

            //String Offsets from the file table
            int[] stringOffsets = new int[fileCount + 1];

            //Move to the table and read all the string offsets
            br.SeekTo(fileTableOffset - HeaderMagic);
            int indx;
            for (indx = 0; indx < fileCount; indx++)
            {
                stringOffsets[indx] = br.ReadInt32();
            }
            stringOffsets[indx] = fileTableStringsSize;

            //Read all the file strings
            tagPaths = new string[fileCount];
            for (int x = 0; x < fileCount; x++)
            {
                //Move to the string
                br.SeekTo((fileTableStringsOffset - HeaderMagic) + stringOffsets[x]);

                //Get the string size
                int stringSize = stringOffsets[x + 1] - stringOffsets[x];

                //Read in the string
                tagPaths[x] = new string(br.ReadChars(stringSize));
            }

Edit: And I fixed the second for loop so it iterates through all of the items, lul.

also prey here is the map types[...]

Nice. I'll update the post later.

also, lets not call anything a "hash" until we figured out more of the header... because you have that big section of data labeled as "hash" which is where I found the base address for the unicode tables so I suggest you label it as unkown instead

Done.

[Anthony]

[...]Some code to help you read the file table[...]

Here, I optimised it slightly so you don't have to do that annoying if statement everytime in the second for loop

dang beat me to the fix

right before i feel asleep last night it just popped in my head lol

[shade45]

also, lets not call anything a "hash" until we figured out more of the header... because you have that big section of data labeled as "hash" which is where I found the base address for the unicode tables so I suggest you label it as unkown instead

Done.

In the 3 Mp maps I have on my computer bytes 712 through 744 are constants so that can be ruled out as a hash.

[Prey]

In the 3 Mp maps I have on my computer bytes 712 through 744 are constants so that can be ruled out as a hash.

Yea I noticed that too, anyone know the meaning behind "VH9" ? >_>

Also Ant I took a look at how your calculating the magic, and noticed that you are calling one of your variables "string table offset". I did a bit of poking and found that that is actually the string table index offset your using, the string table offset actually comes afterward.

Anyway they both require the same magic you calc'ed, so we can cross those addresses off the list now too =P

Edit: First post updated.

[Anthony]

In the 3 Mp maps I have on my computer bytes 712 through 744 are constants so that can be ruled out as a hash.

Yea I noticed that too, anyone know the meaning behind "VH9" ? >_>

Also Ant I took a look at how your calculating the magic, and noticed that you are calling one of your variables "string table offset". I did a bit of poking and found that that is actually the string table index offset your using, the string table offset actually comes afterward.

Anyway they both require the same magic you calc'ed, so we can cross those addresses off the list now too =P

Edit: First post updated.

na i name it the table offset as it is a "table" then after is the strings, Idk if you noticed but i also did the same with the file table and file strings

and I have all the header layout, but i didnt do the research so I cannot share sorry so im just letting you know now why im not going to be posting anymore info. so again sorry

[StephenMalone]

I am sorry to see you go Anthony. You have contributed a lot. Thanks.

[StalkingGrunt911]

What? Anthony ain't leaving. He just said he has the header layout but he didn't do the research so he can't share which means he ain't posting anymore information relevant to the Header layout.

[StephenMalone]

What? Anthony ain't leaving. He just said he has the header layout but he didn't do the research so he can't share which means he ain't posting anymore information relevant to the Header layout.

I am sorry. I meant go as in not contributing anymore, sorry if i was hard to understand.

[JacksonCougAr]

I think its odd that his research person wouldn't want to share this information. Unless he has legitimate reasons like not wanting to create Live Modding problems? But seriously I think its odd. Then again maybe you programmer types have different "quirks" then us modders... (I mean the terms only as far as they mean in this site...) I have to go now >_<

[xbox7887]

I havne't seen a retail map, but the beta hash was located from 784 to 1040 (256 bytes). A hash like that should be fairly obvious to pick out from the header

[kornman00]

I'm pretty sure mike is still on a 56k, so I don't think that would be the best option.

[shade45]

I havne't seen a retail map, but the beta hash was located from 784 to 1040 (256 bytes). A hash like that should be fairly obvious to pick out from the header

I think its now located between offsets 876 and 1132 (256 bytes).

Check out the shared.map you'll see what I mean.

[LuxuriousMeat]

@Prey

I don't know if you've noticed yet, but in your app 'Mango' when your reading the embedded JFIF image from the .blf, your doing it wrong... When your app finds "JFIF" in the file you make the BLF header length equal to the offset of the first F in JFIF when you actually need to bring it back another 7 bytes and then the image will show correctly...

[Digital Marine]

Hrm...I was thinking. Does the game really read the build information? If it doesn't, that means we SHOULD beable to change it, correct?

What would be the point of trying this and burning it?
Well, this could be useful to see if there is indeed a hash that is 256 (Dec) length over offsets 0-876. Because, technically if you changed the build info. you wouldn't break the CRC checksum since that's generated after the header (or footer if you want to call it). So, if the map doesn't load then there IS a hash that runs over offsets 0-876. I've checked SHA256 and it doesn't seem to work.

I'd hate to waste a disk on this to try it though

[Shadow LAG]

I volunteered to help more then once. Get me a ppf and I will test it myself.