Halo 2 Vista XLiveless

Halo 2 Vista XLiveless
By: Skarma

Description:
Anti-debug protections are stripped and XLive is rendered useless, thus allowing developers to now easily analyze the Halo 2 for Windows Vista. You may only attach a debugger in single player mode, multi player is completely disabled! Source code is included, coded in C++ with MSVC++ Express 2008.

Usage:
Copy xlive.dll into the Halo 2 Vista directory, where halo2.exe is. Start the game!

Creds:
Listener, Rick, and Seemaan. I don't know any of them, but Listeners GTA IV wrapper helped me and props to me for reversing the rest of the exports and stripping unneeded ones.

Note: This app is only good to programmers and reverse engineers, everyone else will find this useless. PLEASE REPORT ANY BUGS!

Download Here

Holyshit, I would recommend posting this on all those other sites I listed k9dev.com allenthinks.com remnantmods.com etc

Nice!

This looks awesome.
Just wondering are there any plans on making a tool to extract SP content such as bipeds and other tags?
I remember ghost and korn working on a tool set years ago which never really saw the light of day.

I like this. I found a way around it along time ago. But now I can finally do some assembly patching and camera researching.

To the generic user its worthless but to a dev. You get the idea.

I said this to Shock120 over aim. Quick Funny.

Quote:

---

h2v says "wtf dud li3k s0m3 hax0r just st0l3 meh live nao wut??"

---

Hmm, could this possibly lead to hamachi?

Quote:

---

Originally Posted by =sw=warlord

This looks awesome.
Just wondering are there any plans on making a tool to extract SP content such as bipeds and other tags?
I remember ghost and korn working on a tool set years ago which never really saw the light of day.

---

Sure, I just recently started working on h2v and still working on reversing all the tag structures. I was never really into the modding scene, but it's really interesting stuff and fun as hell when dissecting everything and making use of it all. What exactly does 'extracting content' outline? Like, just output binary files of a maps entire tag structures? Like HMT? Sorry, I'm still virgin modder, these things need explained! :D

Quote:

---

Originally Posted by KIWIDOGGIE

I like this. I found a way around it along time ago. But now I can finally do some assembly patching and camera researching.

To the generic user its worthless but to a dev. You get the idea.

I said this to Shock120 over aim. Quick Funny.

---

How'd you manage that? Cuz, both xlive and halo2 modules call IsDebuggerPresent twice and check the debug port. This is most basic method to bypass, but once you get past that, there is a more advance anti-debug feature. Now don't quote me on this, because I am still learning about this stuff... I think h2v is debugging itself and setting random software breakpoints (usually int41). When a breakpoint is hit, the exception handler decides what to do from there. Since Halo is debugging itself and you also have a debugger attached, your debugger catches the breakpoint instead of Halo catching it. How Halo handles all this is still a mystery to me, but it has to do with the exception handler for sure. Not sure how you got past this, but good job!

Quote:

---

Originally Posted by Pyong Kawaguchi

Hmm, could this possibly lead to hamachi?

---

What's dat?

Hamachi = lan over internet.

I've only did it once over CE many years ago tho!

Yes, I'm sure that is all possible, but what leads to it not working with h2v like with any other game? Server just not show up for clients or you can see the server, you just can't join? Whats up?

What it is, is that it won't even notice it.
I have a few theories:
1. H2v detects that a tunneling program (like hamachi) is running, and disables all lan in general
2. H2v doesn't detect the emulated network adapter that hamachi is running, and therefore the servers do not start
3. Windows live is using the 30ms check to see if someone is attempting to tunnel the network.

For no. 3, It turns out that for GTA4 pc that a trick/hack was made/found to bypass the 30ms limit, it could be if that was bypassed, it would work.

Talk to me if you are curious, I used to do a bit of h2v and H2x modding, so I know quite a bit.

You might wanna read up on some of the H2X documentation and plugins for H2X and see if there is anything there that would help you edit the tag structure.

Good luck.

Quote:

---

Originally Posted by Skarma

Sure, I just recently started working on h2v and still working on reversing all the tag structures. I was never really into the modding scene, but it's really interesting stuff and fun as hell when dissecting everything and making use of it all. What exactly does 'extracting content' outline? Like, just output binary files of a maps entire tag structures? Like HMT? Sorry, I'm still virgin modder, these things need explained! :D

---

What i mean by extracting content is output the tags in their native form much like HEK+ does for custom edition maps.
Im not entirely sure on the dev side of it but my understanding is the program reads the cache files determines the tag clusters and outputs the data to their basic tag form in the same arrangement they would be compiled into a cache form in the first place.

Quote:

---

both xlive and halo2 modules call IsDebuggerPresent twice and check the debug port. This is most basic method to bypass, but once you get past that, there is a more advance anti-debug feature.

---

You could use a built in plugin for OllyDBG to bypass the isDebuggerPresent. Also the Debug Port check is real easy to pass. Most of the other checks rely on that. Google around for the Battlefield 2: Debug Port Reset.

That is how you would bypass it. Also xliveless has been done for GTA4.

Also the H2EK is freaking useless for all getout.

Quote:

---

Originally Posted by =sw=warlord

What i mean by extracting content is output the tags in their native form much like HEK+ does for custom edition maps.
Im not entirely sure on the dev side of it but my understanding is the program reads the cache files determines the tag clusters and outputs the data to their basic tag form in the same arrangement they would be compiled into a cache form in the first place.

---

Not sure what native cache form encapsulates.. could you explain the format difference of this from a tag struct that is already in a map file? I know that the tags folder in HEK are all weird and have a weird format compared to what they are in the actual map file, I don't get why they do that. I just finished a tool that extracts all tags from a map into the respective paths, but they are the same format as they are in the map file, so idk how to get them into this "native form"... if anyone could explain how and WHY I can whip something out.

Quote:

---

Originally Posted by KIWIDOGGIE

You could use a built in plugin for OllyDBG to bypass the isDebuggerPresent. Also the Debug Port check is real easy to pass. Most of the other checks rely on that. Google around for the Battlefield 2: Debug Port Reset.

That is how you would bypass it. Also xliveless has been done for GTA4.

Also the H2EK is freaking useless for all getout.

---

Like I said the IsDebuggerPresent() check is basic and easy to bypass, but that doesn't help anything. There is more than that... their exception handler seems to do some sort of anti debug. And also as I said in my first post, I credited the guy who did the wrapper for gta4, because that's where I got the idea.. and someone already unlocked Guerilla at least for full functionality, which is helping me with tag reversing, so I'd say it's garbage with all the locked stuff. Thanks for re-posting what I already stated! :embarrassed:

Skarma: im not too sure on alot of things about coding but it could be you already have extracted the tags in their native form if you have extracted them into their directories, your best bet would be to contact kornman or theghost and see if they could give any pointers to you.
I am only decribing on tidbits i read from when HEK+ was released a few years back.

I don't exactly know how to do this but, if I was in your position and I did, I would deconstruct the stock tool.exe and figure out how it compiles tags, and do the reverse.

Quote:

---

Originally Posted by Pyong Kawaguchi

I don't exactly know how to do this but, if I was in your position and I did, I would deconstruct the stock tool.exe and figure out how it compiles tags, and do the reverse.

---

Because it's just that easy, right?

Quote:

---

Originally Posted by =sw=warlord

Skarma: im not too sure on alot of things about coding but it could be you already have extracted the tags in their native form if you have extracted them into their directories, your best bet would be to contact kornman or theghost and see if they could give any pointers to you.
I am only decribing on tidbits i read from when HEK+ was released a few years back.

---

TheGhost did not work on Guerilla Radio, so he would be of no help. And I doubt Kornman would help him with it. Skarma has not extracted the tags into their "native" format, it sounds like the only thing he has done is save the tag data from the map file directly...which is really not that hard to do. Tag extraction is a lot more complicated than that, which is why only a few people have done tag extraction for H2V.

Quote:

---

Originally Posted by Pyong Kawaguchi

I don't exactly know how to do this but, if I was in your position and I did, I would deconstruct the stock tool.exe and figure out how it compiles tags, and do the reverse.

---

...it's not that easy.

steal the source from microsoft
:conspiracy:

but yeah it really isn't, i'm one of those people who read a tut on coding and was like woah wtf.

Well, thanks for paraphrasing what has already been said, now onto the why and how! As I said already, I'm still beginner with modding maps, so telling me how hard something is does not help at all, because everything has been a challenge so far, which I enjoy though else I wouldn't be trying.
I have not even gotten to reversing the tag data yet, I've just been focusing on extracting the tag data into files, so I can easily analyze it without calculating an offset every time I want to browse a tag in binary form. I was thinking of comparing the internal tag data to the tags that came with the H2 map editing tools to see what some of the differences might be. I could also reverse the functions used by the h2ek tools that manipulate the tag structures, not really that hard.
So, the purpose of changing the format of a tag to 'native form' is just so it can be used by the other tools in the h2ek? If so, why? Why can I not use the format that is already used by the map file to edit them with my own written tools? These are some answers I'm trying to get at, please help!

As much as i would love to help you skarma what i've said is about all i know however im guessing shadowspartan there might know a thing or two and could give some usefull information.

Nice work, +rep

Well this is useful for me by allowing me to use Paulus' little "dev"trainer (LIVE will not crash halo 2 anymore).

meant to lock this

several months later

skarma pm'd me asking to reopen this for an update, so okay skarma here is your thread

Quote:

---

Originally Posted by teh lag

meant to lock this

several months later

skarma pm'd me asking to reopen this for an update, so okay skarma here is your thread

---

Thank you so much man! I updated the broken download link. And shame on the tards that got my thread locked, thanks for deleting those posts.

Quote:

---

Originally Posted by Skarma

Thank you so much man! I updated the broken download link. And shame on the tards that got my thread locked, thanks for deleting those posts.

---

You know if you created the thread you can lock and unlock them.

Quote:

---

Originally Posted by Dwood

You know if you created the thread you can lock and unlock them.

---

That would defeat the purpose of me asking teh lag to delete the irrelevant flame war posts that got this thread locked in the first place. I wasn't even sure I could unlock it since a moderator locked it. I couldn't even edit my post. Moderators are moderators for a reason, this is their job.

By the way, this is something you could have PM'ed me, instead of cluttering my thread with irrelevance to the topic, which got it closed the first time.

Since this is related, I thought I'd note that I started work on a XLive wrapper in OpenSauce's codebase. Not that it's being used for anything in OS atm, I just thought it'd be a good inclusion for whatever the future may bring.

do you want the source to silent's xlive? or do you not need it?

Quote:

---

Originally Posted by supersniper

do you want the source to silent's xlive? or do you not need it?

---

No need, source already comes with the download file. :3

place a retn at the mem check done xD

Does anyone have one of the xlive pdb's? I am not sure what version it was for.

AFAIK, no developer has ever made the mistake of distributing a pdb for xlive with their game.

Rick, the guy who did the gta wrapper noted it in his blog: http://blog.gib.me/2008/12/16/hackin...to-iv-part-ii/
Some devs make mistakes like this :]

where did they get it from? no developer would be that stupid to bundle a 200mb file

I too would like to know where they got the pdb. Not even my pockets go that deep. And 200mb sounds too big for a native pdb file.

e: wow, he really likes to flaunt the fact that he has that pdb file doesn't he?

Just like you, he is probably taking his pdb ehrm idb to the grave with him. ;]
If it was released with a version of xlive, golly jee you think it would be all over the internet by now.. being a reversers best friend and all. Oh well, just have to ask him about it I guess.

Quote:

---

Originally Posted by Kornman00

And 200mb sounds too big for a native pdb file.

---

was thinking about idb there for a sec :S

oh btw Crisis 2 leaked has one