Jump to content

Let's see helious's ending already

Recommended Posts

(I was not sure where to put this, but this is related to the helious video, so I guess this fits in here)

 

I've been devoting a lot of time to trying to hack Helious II lately. I don't believe in the whole alien story, but the prospect of seeing the ending to a game that noone's beaten before gives me enough passion to continue. I have little programming knowledge or experience with hacking games, so I'm not the most qualified person to do this, which is the reason I'm posting this here instead of continuing to try on my own. I would try to beat the game legitimately if it didn't lag so much on my pc.

 

So far using cheat engine I found four addresses that relate to your health. I can't write them down here because they change each time (probably due to running the game in dosbox). Here's how you find them - enter a level, make sure not to get hit or waste any fuel. Search for the value '10' (make sure to select 'all' in the 'type' dropdown). Then hit some walls or whatever to waste your fuel a bit untill your sprite changes, then search '9' and click 'next scan'. The four addresses you're looking for will always have 'F1', 'F3', '85D' and '86B' on the end.

(This is not tested well, but I think F3 controls the size of the ball, while others keep track of your health in some way)

 

While it seemed easy at first to keep refilling your health to cheat through the game, it isn't. I have no idea why, but even if you change the value and deactivate the addresses, they keep springing back to the correct value and killing you. I think that indicates that either there's a part of code preventing you from getting your health back or I don't freeze the values correctly. I tried to disable the code that writes into these addresses, but that just crashes the whole game. If you have any idea how to fix this, please write in.

 

That was sadly all I could find for three days already, so I started to feel down on the whole thing. But just about half an hour ago I came across a VERY exciting thing that made me write all this in the first place.

 

So do the above steps to get to the four health addresses. Go to a stage and don't do anything. Then right click on the address that ends with '86B' and press 'Find out what writes to this address'. You'll see only one instruction. Right click on it and click 'show in the disassembler'. Then right click on it in the disassembler and click 'find out what addresses this instruction accesses'. You'll see a lot of different addresses. You've got to find one that ends with 14 (it's close to the beggining, and its 'count' increases by one each milisecond). Right click on it, copy it to the clipboard, then close everything you just opened. Click 'add address manually', and press ctrl+v. Then disable the address (checkbox on the left). Go to the tentacle screen (level select). Note that sometimes that crashes the game and shows 'Internal error: SLS'

 

Now there are balls flying at the tentacle, just like at the end of the first game!

So this is either a portion of the ending, a visual bug, or just a function left over from the first game that was accidentaly left in.

Whatever it is, I'm sure if we dig around that address, we'll find the ending or at least some of it.

 

Other things I've tried included using a decompiler, but it's one thing reading someone else's code, and another reading someone else's code on a language you don't know that was used two decades ago and may or may not have been written by aliens. If you know 1995 Borland C++, you can use the 'reko decompiler' to look at the code.

 

I'll keep working on this and update the post each time I find something new. If you'd like to join, have input on something I've found or want to wish me good luck or call me a moron, go ahead and post. Hopefully the ending of this game won't be a mistery for much longer.

 

Download helious II here - http://www.allabout.com/afs/software/games/helious.htm

Run it through DOSbox (just drag helious.exe onto dosbox.exe, that's way faster than mounting stuff through the console) - http://www.dosbox.com/download.php?main=1

Edited by Guest (see edit history)

Share this post


Link to post

Sounds like it's using a pointer address, and ASM anti-cheat coding... I might be able to find a way around the ASM code if I could get a look at the game, but I don't have it, or DOSbox at the moment. (and I don't find the game fun enough to beat)

Don't insult me. I have trained professionals to do that.

Share this post


Link to post

Thanks for the response. Google didn't tell me anything about ASM anti-cheat coding or how to disable it (as I said, I'm less than an amateur at this). Can you please write a short instruction on how to recognise and disable it?

 

I think what's happening is this: there are a lot of addresses that access the function that I'm trying to disable, and one or more of them crashes the game.

If I'm right (and the Cheat Engine disassembler does show a lot of addresses connected to that function), then I have no idea how to go around that. So far all the addresses I tried to disable crashed the game in their own weird way (even the one that made the balls appear). It may be required to try a different route altogether.

 

I'll post the links to both the game and DOSbox in the original post, so that they're easily accessable to anyone who wants to give them a spin.

Share this post


Link to post

Finding pointers is usually just a time and RAM intensive process... CE has an integrated pointer scanner, but I only ever used that once. (used to find an elusive infinite HP cheat in the pre-release beta of Deus Ex Human Revolution, but I never got around to including it in my trainer) I highly recommend using the Cheat Engine tutorial to learn that aspect of the program.

 

Anti-cheat in ASM usually involves bouncing around the program using jmp commands, and compares. (and sometimes compares of compares) It usually takes a while, and the full ASM disassembly to bypass them, (along with adding a few dozen or hundred lines of code) but it can produce some of the most interesting results it's possible to get. (including hacks the 'pros' don't even dare to try) If you don't have the knack for it, or know what you're doing, ASM can become quite daunting. It is essentially talking directly to the CPU in its own language, and you definitely don't want to give it too many insults, lest it cause certain system-wide instabilities. (or in the case of certain programs, stabilities) There's no extensive tutorial to the language that I have ever found, just a set of basic dictionaries that seem to change sites every few months. I recommend trying to find a site that has a listing of the OPcodes for your specific CPU, (there are differences between Intel and AMD, HUGE differences between x86 and x64, and even some differences between generations and models of CPUs) or just sticking to the pointer scanner. (ASM usually is extremely difficult to get the full hang of)

 

Good idea including links.

Don't insult me. I have trained professionals to do that.

Share this post


Link to post

I'm not sure about anti cheating measures, and I'm hardly well versed in how memory is handled, but I do think you're overthinking health a little. I haven't tried to get adventureus's ending/bug, but here's how to get unlimited health consistently and without error:

 

  • Load up the game and boot up Cheat Engine
  • Scan for four byte unknown initial value
  • Expend some air in game, then search for a decreased value
  • Repeat until you have gotten it down to a few dozen addresses. Most of these will just be continuously decreasing variables, which are best left alone.

 

In order to whittle it down to a smaller set of addresses, I then went and found a yellow gem, which will put you back up to max health.

Then, after this if you've done it right you should only have a few addresses, just put the DOSBox and the Cheat Engine windows where you can see both and note which address reacts to moving the ball about. That's your health value, in the range of 0 - ~860000000. I suspect the values adventurus found simply corresponded to the sprite of the ball, and perhaps other aesthetic effects.

 

I've managed to do this without the game freezing, though since memory seems to be randomly reassigned, if the health address changes to one which probably shouldn't be frozen things could go badly. I've had this issue in a lot of other software and I've always dismissed it as being above my skill level.

 

Now, this health value is for the level you found it on, only. For each level, you'll have to repeat the above process in order to get infinite health again. However, they stay the same, so if you quit out of a level and come back, it'll still be the same address.

I think the yellow gem just resets you to maximum health (or after freezing the address, tries to) so I doubt you have to worry about dying from over inflation here. However, the game does have instakills which will work regardless of infinite health. One of them is this spike thing: dzynBwM.gif, and the other is the coloured gate: R4tqOtE.gif. This is particularly important on the last level which contains teleporter traps including these, so try to take unknown teleporters slowly as you keep your momentum going through them. For many parts of the game, I would recommend holding the air brake key (default z) so you will only move while holding one of the movement keys.

 

 

 

As for actually playing the game, I don't think health is the only factor one has to worry about. As was said in the video, the game is a slog, and you are meant to get through it in one sitting as it has no save states. The game's instructions (Press i on menu) are worth the read:

 

PjPXJl8.png

 

At the end of the third paragraph here, Sean Puckett states that there is no ending for Helious 2. Ross brought this up in the video, and went on to explain it might secretly notify the aliens about the game's completion. I am a skeptic, but at any rate I don't have much time on my hands, so I would like to see what will happen after beating every level. In order to help with that, it would be best for someone to beat it and share a save state here.

 

The official DOSBox doesn't have support for Save States like you might see in other emulators, but there is a modified version of it called DOSBox SVN-Daum which allows saving by a simple hotkey. You can download it here (E: Official Website, can't believe I missed that one), and read a forum thread about it here.

I found the documentation on it a little inconsistent so here are some instructions for use of the mod:-

 

After running the game, you can save with alt-f5 and load with alt-f9, nice and simple. The save file will be under the DOSBox's program files/SAVE/ and the numbers 1 - 10 will correspond to which save you were using. You have to boot up the game again before loading. This would be fine for playing through but if you wanted to play a save you downloaded from someone else, you can use the commandline option -savedin followed by the path from your mounted directory to the savestate file named "memory". I don't know how well that will work between different users as I haven't bothered to try loading a save on the different PC, but I can't imagine that it will be too much of a problem.

The mod also has added dropdown menus, from which you can easily change things like clock speed, and you can pick which save file you want to use from there. You can also capture video and screenshots using the capture menu.

 

 

This is what I've learnt so far. I'm not convinced there will be an ending but for those of you who are more dedicated than me, good luck, and please share it before your abduction! If you manage to get part way through it but lose hope, share your save anyway! I'm sure someone will pick it up.

 

E: The default health is 655294464. This should make finding it a lot easier.

Edited by Guest (see edit history)

Share this post


Link to post

Hey, thanks for the response, I'm glad that someone else's interested. I can't believe I didn't think of searching for decreasing values to find the fuel level. It's great that you can now have infinite health. I couldn't find the addresses you were talking about, but I did find something better - an address that starts at 39 each time that keeps track of your health and works for every level. Just search for 39 and decreasing value each time and you'll find it. I'll try to beat the game with it and write back. The problem seems to be the size of the ball, as you sometimes have to deinflate to go through tiny gaps. Maybe I can somehow use the addresses I found to control the size without changing health. I'll test that.

 

No idea how I missed the part where he says that there's no ending, I did read the instructions. But if there's no end, what's the ball graphic I found? It's incredibly simillar to the end of helious I. There's only one way to find out.

 

 

Edit - if you get the health value down to 10 or something and then press the checkbox to deactivate it, it remains the same size and invincible. Still afraid of instadeath, but this is way easier now.

Edit edit - I literally did that a second before BTGbullseye posted it =)

Edit edit edit - something weird just happened. I died on a level due to instadeath, reentered it, and my ball was the right size. I looked at the first four health values I found, and they were stuck at 34. I quit the level, and for some reason now there's a new knuckle joint added to my tentacle thing. No idea what happened there, I'm going to try to replicate the events.

Edit edit edit edit - Did that again just now, nothing happened and it took away my knuckle joint. 'Nice'.

Edit edit edit edit edit - I realized what causes the anomaly. For some reason, the purple and yellow levels don't work like all the others. When I enter them, my ball is big, takes damage like normal, and the four health values are stuck at 34 for purple and 80 for yellow (except for F3, which is stuck at 8 and 0 respectively. I have no earthly clue why these levels are different, but they are. Maybe they use a different address? The knuckle joint no longer appears.

Edit edit edit edit edit edit - Just got the flag on the blue level. Nothing happend for a while and I hit escape to go back to the tentacle screen. Do I have to do something else? It didn't give me a knuckle joint. When I reenter the level the flag is still there. I remember someone reporting the same problem in the comment section of the helious video here on the forums. No clue what's going on.

Edit edit edit edit edit edit edit - I went ahead and completed the pink level just to make sure. It did give me a knuckle joint. I think the problem is that the first time I stuck around for a bit too long and I was supposed to press escape right after I got the flag. Too bad I didn't download the version with savestates yet, but the pink one is easy to beat with infinite health, so that won't be a problem.

 

Okay, I'm done for the day, but that was a good hour or so. The problems now are the purple and yellow levels and the occasional lack of knuckle joints.

Edited by Guest (see edit history)

Share this post


Link to post

If you have a set value that controls the health, you can set CE to freeze it at whatever value you want... You can even set hotkeys for different values.

Don't insult me. I have trained professionals to do that.

Share this post


Link to post

I'm actually not sure if the knuckle joint always corresponds with completing the level, I just decided to assume that for the sake of the video.

Share this post


Link to post

I'll look into this starting tonight. I've been game hacking since 1998 and I'll be damned if a DOS game can stop me from cheating.

 

FYI the game definitely does not have anti-cheating code in it, that didn't even exist until well after the year 2000. DOSBox is an emulator/VM and the instructions you are modifying are the emulation code and not the game itself. It's a frequent problem people run into when trying to cheat in games written in Java, C#, or ROM's played in emulators (NES, SNES, etc). But that doesn't matter much, old games like this wont need code changes, freezing some values will be enough.

Edited by kuntz (see edit history)

Share this post


Link to post
9 minutes ago, RaTcHeT302 said:

i think turning off the insta kills would probably simplify the process, it should be relatively easy to find, i posted some screenshots to help people out, the techniques are pretty generic, so you can apply them to any games (it took me forever to figure this stuff out though... it's kinda embarassing, i spent four days just to, mostly end up right clicking on a bunch of menus lol)

 

 

I haven't played the game before, so if there are many insta-kills driving me nuts I'll definitely disable them haha.

 

What is the easiest level in your opinion?

 

I'm also going to see if I can just go to the end asap and not collect the blue gems, that could be an easy hack too.

Edited by kuntz (see edit history)

Share this post


Link to post

Health is easily found, it's a static 16-bit integer that starts off at 9,999. I froze it at 2,500 to stay small and lean. This will not save you from instant-kills, but makes the levels really easy regardless. Hold down 'Z' on your keyboard for perma-brake, it makes controlling a bit easier. I'm now trying to cheat the blue gems so I don't have to capture more than 1 per level in order to complete them.

 

The location for health does not change each level, so you just need to final one memory location for it to beat all the Levels. Important the health location for the Levels is also used to draw the main tentacle on the Level Select screen, and the Y position of the Logo on the main Title Screen, so make sure to not fuck with it when you exit a level.

 

12,999 is your max Health, if you go to 13,000 you will pop and die.

 

If you freeze it at 1,000 for example, some things can kill you (they do 1,000+ dmg), so it seems 2,500 is a good amount to freeze it at.

Edited by kuntz (see edit history)

Share this post


Link to post

This game is the epitome of awful. It's mostly just needing to be very slow and patient, and being decent at solving mazes. The instant-kills can be annoying in spots where stuff automatically moves your ship in random fashion. But my biggest gripe is that it can't be saved, so it may take a long long time to finish it without cheating, if that's even possible.

 

New Information Beep-Beep Boop-Boop

 

It does not look like this game was completed. You can collect the flags at the end of the levels, but nothing happens. The level does not end, you collect nothing, nothing happens. You still need to press ESC to leave the level to go back to the Tentacle but it doesn't even save the fact you completed the level. If you go back into a level you've completed, it's reset. So I highly doubt beating all of the Levels will do anything, the game does not seem to keep track of your progress in any way, shape, or form. I am probably going to load this game onto a VM over the weekend and beat it using save states & invincibility, that way I can take breaks and also not have to worry about it crashing on me. But I think it's going to be a huge waste of time, the instructions inside the game even state there is no ending to the levels or to the game.

 

But I will find out, and I will record it. Science must know the answers to these questions.

Edited by kuntz (see edit history)

Share this post


Link to post
1 minute ago, RaTcHeT302 said:

If anyone is confused, go to the tentacle screen menu, do a search for a 2 byte value, type 9999, do an exact search, set all the values to 2000.

You'll spawn with the new health. I don't think this is your actual health, it's just what you spawn with.

 

Also oh my god I want to die. I had fast scan ON, I finally found the stupid health value.

YnoAWFx.png

 

Fuck me I finally found it, I thought I was retarded for a second, but no, cheat engine was SKIPPING MEMORY. BLAAAH.

 

I edited my post with more accurate information:

 

1 hour ago, kuntz said:

Health is easily found, it's a static 16-bit integer that starts off at 9,999. I froze it at 2,500 to stay small and lean. This will not save you from instant-kills, but makes the levels really easy regardless. Hold down 'Z' on your keyboard for perma-brake, it makes controlling a bit easier. I'm now trying to cheat the blue gems so I don't have to capture more than 1 per level in order to complete them.

 

The location for health does not change each level, so you just need to final one memory location for it to beat all the Levels. Important the health location for the Levels is also used to draw the main tentacle on the Level Select screen, and the Y position of the Logo on the main Title Screen, so make sure to not fuck with it when you exit a level.

 

12,999 is your max Health, if you go to 13,000 you will pop and die.

 

If you freeze it at 1,000 for example, some things can kill you (they do 1,000+ dmg), so it seems 2,500 is a good amount to freeze it at.

 

Share this post


Link to post
  1. Turn off Fast Scan; 16-bit search
  2. Start any level
  3. Search for 9999
  4. Move a tiny bit, hold Z to stop moving
  5. Search for Decreased
  6. There will only be 1 result, but if not, repeat steps 4 & 5
  7. Address should end in xxxxx871
  8. Freeze this at 2,500 while in a level, but unfreeze before pressing ESCAPE
Edited by kuntz (see edit history)

Share this post


Link to post
3 minutes ago, RaTcHeT302 said:

Yes but, I was only finding random garbage because of the fast scan checkbox.

Fast Scan works for newer games, 32-bit/64-bit+ compiled for Windows. Emulators and older games didn't compile with aligned memory since unaligned memory accesses didn't make a performance difference. When in doubt, or starting to cheat in a new game, disable Fast Scan. If you notice all the memory address's you're interested in end in even/aligned offsets, then you can turn it back on. But in today's day & age, Fast Scan isn't much faster than a full scan. It made a difference back when people had 512MB RAM and games used up most of it. DOSBox uses 16MB of RAM and I have 24GB so it makes nil difference haha

Share this post


Link to post

I've beaten the first 2 levels, and it seems like if we can just figure out how to bypass the Blue Gem mechanic so we only need to collect 0/1 per level, it should make completing the entire game feasible. As it stands the game is mind-numbingly tedious and boring, it's the equivalent of a Paint Drying Simulator.

Share this post


Link to post
7 minutes ago, RaTcHeT302 said:

I noticed that the enemies deal like 1000 damage, but I don't know what to do with that. Can you post a screenshot of the blue gem, and what level they are in?

 

Also you can set the Health to a hotkey, that way you can turn it off more easily, now that you have pointer + offset for it.

 

 

Start level 2, it has no enemies and no way to die. To win any level, you need to collect every Blue Gem on it, and then find the End Flag. On the main menu press 'i' to read the instructions for the game. The End Flag for Level 1 is right where you start, and in Level 2 it is in the top-left of the level.

 

Level 1 is the top-most one, and Level 2 is the next one in clock-wise order. The instructions say they increase in difficulty but imo Level 1 is much harder than 2 or 3 so I dunno.

 

Your patch wont allow people to beat most levels since you need to be a tiny ball. You might want to just freeze the health at 2,500 and go from there. Your ball will be small enough to beat the levels, but large enough to avoid dying to collisions with multiple enemies.

 

You can edit the freeze rate of Cheat Engine in the settings. I set mine to 50ms from 100ms, so that the memory address gets set back to 2,500 twenty times per second.

 

Dying isn't really the problem in this game, the problem is how long the levels take, how maze-like they are, and how annoying it is over-all to play this game. I might have to screenshot the levels piece by piece and make a map of each one. Ugh this game is so awful to play.

Edited by kuntz (see edit history)

Share this post


Link to post
43 minutes ago, RaTcHeT302 said:

Patch? No I was just adding pointers to the Health value, that way you only need to find the health once per level. You can still set it to 2,500 if you want to.

Ohh well the health location doesn't ever change, it's always in the same spot for every level, so I only have to find it once (takes like 5 seconds).

 

And like you, nothing in the main Level Selection changed for me when I completed the levels. The instructions do elude to "secrets" that can be collected and it said it wouldn't tell us what that meant. It also says that if some levels cannot be completed to try others one out first, and come back to them later. So maybe some Levels need to be beaten in a specific order, or maybe beating this game is in itself a secret that we need to figure out.

 

I have a full 3-day weekend coming up this weekend so I will devote my mini-vacation to beating this game. It wont be fun, but if aliens made this game, we owe it to them to complete it so when we tell them it's shit, we speak from our hearts.

Share this post


Link to post

Your CE file (patch) wont work since you're modifying the DOSBox code itself, and not the game. The game's code is 16-bit, and is not "run" by the computer. Each byte/instruction is interpreted by DOSBox and emulated. That's why all of your patches are on 32-bit code and 32-bit registers. When you modify that code, you're changing how DOSBox executes the 16-bit code, leading to strange issues and crashes.

 

https://en.wikipedia.org/wiki/DOSBox#Hardware_emulation

 

Just stick to finding & freezing memory addresses for now.

 

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in the community.

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

This website uses cookies, as do most websites since the 90s. By using this site, you consent to cookies. We have to say this or we get in trouble. Learn more.