Yelo: Halo 2 (Xbox)

[slayer410]

xbox7887 has any research been done in making bigger bsps in a map, or execding the 70 megs limit? Just wanted to know.

It's a 79.9 meg limit... and I guess you could say there has been...

[Shalted]

xbox7887 has any research been done in making bigger bsps in a map, or execding the 70 megs limit? Just wanted to know.

has there been?

One Theory:
http://www.haloplugins.com/forums/index ... wtopic=417

[scynide]

There is a WIP in the Picture section that xheadshotmastax posted. It was about him breaking the BSP size limit. http://files.halomods.com/viewtopic.php?t=58145

[xbox7887]

xbox7887 has any research been done in making bigger bsps in a map, or execding the 70 megs limit? Just wanted to know.

has there been?

Not by me...I'm busy researching something else much more important

[baseball1332]

xbox7887 has any research been done in making bigger bsps in a map, or execding the 70 megs limit? Just wanted to know.

has there been?

Not by me...I'm busy researching something else much more important

w00000t!

[xbox7887]

Meh, did a quick followup on mapsizes...

Code: Select all

.text:001228A3                 mov     ax, [esi+140h]  ; gets maptype
.text:001228AA                 test    ax, ax          ; checks maptype
.text:001228AD                 jl      short fail_to_load
.text:001228AF                 cmp     ax, 5           ; checks for any other value
.text:001228B3                 jge     short fail_to_load
.text:001228B5                 movsx   ecx, ax
.text:001228B8                 call    get_map_type_size ; switch case to set maximum map size
.text:001228BD                 cmp     edx, eax        ; checks mapsize
.text:001228BF                 jg      short fail_to_load

Code: Select all

.text:00214ED0 get_map_type_size proc near             ; CODE XREF: sub_122870+48p
.text:00214ED0                 xor     eax, eax
.text:00214ED2                 cmp     ecx, 4          ; switch 5 cases
.text:00214ED5                 ja      short locret_214EF5 ; default
.text:00214ED7                 jmp     ds:off_214EF8[ecx*4] ; switch jump
.text:00214EDE
.text:00214EDE loc_214EDE:                             ; DATA XREF: .text:off_214EF8o
.text:00214EDE                 mov     eax, 5000000h   ; limit mapsize to 80MB
.text:00214EE3                 retn
.text:00214EE4 ; ---------------------------------------------------------------------------
.text:00214EE4
.text:00214EE4 loc_214EE4:                             ; CODE XREF: get_map_type_size+7j
.text:00214EE4                                         ; DATA XREF: .text:off_214EF8o
.text:00214EE4                 mov     eax, 11800000h  ; limit mapsize to 280MB
.text:00214EE9                 retn
.text:00214EEA ; ---------------------------------------------------------------------------
.text:00214EEA
.text:00214EEA loc_214EEA:                             ; CODE XREF: get_map_type_size+7j
.text:00214EEA                                         ; DATA XREF: .text:off_214EF8o
.text:00214EEA                 mov     eax, 0B400000h  ; limit mapsize to 180MB
.text:00214EEF                 retn
.text:00214EF0 ; ---------------------------------------------------------------------------
.text:00214EF0
.text:00214EF0 loc_214EF0:                             ; CODE XREF: get_map_type_size+7j
.text:00214EF0                                         ; DATA XREF: .text:off_214EF8o
.text:00214EF0                 mov     eax, 20800000h  ; limit mapsize to 520MB
.text:00214EF5
.text:00214EF5 locret_214EF5:                          ; CODE XREF: get_map_type_size+5j
.text:00214EF5                 retn                    ; default
.text:00214EF5 get_map_type_size endp

You can see that 0x140 in the map header indicates a maps type...in coag it's 0100 which indicates a max size of 80MB. Try changing the value at 0x140 to 0400 which 'should' increase the max size to 520MB

[latinomodder]

so we have got bigger map sizes?

[xbox7887]

Test and find out...

[Monkey Terd]

Mike is so cool

[StalkingGrunt911]

Mike is so cool

I agree.

[xbox7887]

What do you all think about a small xbe patch which would enable the execution of code embedded in your map files...would it be more or less demanding than a trainer? I'm thinking specifically about enabling ai in mp through the maps themselves but until I can find a buffer overflow exploit in the mapcode, it will require a patched xbe to function.

[DoorM4n]

That would be awesome! No more trainer to load AI in MP. It is already there!

[scynide]

What do you all think about a small xbe patch which would enable the execution of code embedded in your map files...would it be more or less demanding than a trainer? I'm thinking specifically about enabling ai in mp through the maps themselves but until I can find a buffer overflow exploit in the mapcode, it will require a patched xbe to function.

Sounds like a plan! DO IT! I am sure lots of people here would appreciate a patch like this.

[xbox7887]

Well, the patch itself wouldn't enable ai in mp...it would just provide me a loader template to use when executing code from mapfiles.

[OwnZ joO]

Damn you're good at what you do... Wonders what the bigger more important thing he's working on are.

[xbox7887]

The important thing would be the ability to execute code embedded in mapfiles, without any sort of patch or trainer

[r0tten]

this is a great idea, i mentioned the same thing about 15 pages back

[LuxuriousMeat]

by executing code within the map file do you mean trainer like functions without a trainer

[xbox7887]

Yes, it's a complicated process finding exploitable code but if/when it does happen, you won't need a trainer or patch to run custom code.

[LuxuriousMeat]

cool when/if you find it will the code we run be assembly