Jump to content

Let's see helious's ending already

Recommended Posts

(I was not sure where to put this, but this is related to the helious video, so I guess this fits in here)

 

I've been devoting a lot of time to trying to hack Helious II lately. I don't believe in the whole alien story, but the prospect of seeing the ending to a game that noone's beaten before gives me enough passion to continue. I have little programming knowledge or experience with hacking games, so I'm not the most qualified person to do this, which is the reason I'm posting this here instead of continuing to try on my own. I would try to beat the game legitimately if it didn't lag so much on my pc.

 

So far using cheat engine I found four addresses that relate to your health. I can't write them down here because they change each time (probably due to running the game in dosbox). Here's how you find them - enter a level, make sure not to get hit or waste any fuel. Search for the value '10' (make sure to select 'all' in the 'type' dropdown). Then hit some walls or whatever to waste your fuel a bit untill your sprite changes, then search '9' and click 'next scan'. The four addresses you're looking for will always have 'F1', 'F3', '85D' and '86B' on the end.

(This is not tested well, but I think F3 controls the size of the ball, while others keep track of your health in some way)

 

While it seemed easy at first to keep refilling your health to cheat through the game, it isn't. I have no idea why, but even if you change the value and deactivate the addresses, they keep springing back to the correct value and killing you. I think that indicates that either there's a part of code preventing you from getting your health back or I don't freeze the values correctly. I tried to disable the code that writes into these addresses, but that just crashes the whole game. If you have any idea how to fix this, please write in.

 

That was sadly all I could find for three days already, so I started to feel down on the whole thing. But just about half an hour ago I came across a VERY exciting thing that made me write all this in the first place.

 

So do the above steps to get to the four health addresses. Go to a stage and don't do anything. Then right click on the address that ends with '86B' and press 'Find out what writes to this address'. You'll see only one instruction. Right click on it and click 'show in the disassembler'. Then right click on it in the disassembler and click 'find out what addresses this instruction accesses'. You'll see a lot of different addresses. You've got to find one that ends with 14 (it's close to the beggining, and its 'count' increases by one each milisecond). Right click on it, copy it to the clipboard, then close everything you just opened. Click 'add address manually', and press ctrl+v. Then disable the address (checkbox on the left). Go to the tentacle screen (level select). Note that sometimes that crashes the game and shows 'Internal error: SLS'

 

Now there are balls flying at the tentacle, just like at the end of the first game!

So this is either a portion of the ending, a visual bug, or just a function left over from the first game that was accidentaly left in.

Whatever it is, I'm sure if we dig around that address, we'll find the ending or at least some of it.

 

Other things I've tried included using a decompiler, but it's one thing reading someone else's code, and another reading someone else's code on a language you don't know that was used two decades ago and may or may not have been written by aliens. If you know 1995 Borland C++, you can use the 'reko decompiler' to look at the code.

 

I'll keep working on this and update the post each time I find something new. If you'd like to join, have input on something I've found or want to wish me good luck or call me a moron, go ahead and post. Hopefully the ending of this game won't be a mistery for much longer.

 

Download helious II here - http://www.allabout.com/afs/software/games/helious.htm

Run it through DOSbox (just drag helious.exe onto dosbox.exe, that's way faster than mounting stuff through the console) - http://www.dosbox.com/download.php?main=1

Edited by Guest

Share this post


Link to post

Sounds like it's using a pointer address, and ASM anti-cheat coding... I might be able to find a way around the ASM code if I could get a look at the game, but I don't have it, or DOSbox at the moment. (and I don't find the game fun enough to beat)

Share this post


Link to post

Thanks for the response. Google didn't tell me anything about ASM anti-cheat coding or how to disable it (as I said, I'm less than an amateur at this). Can you please write a short instruction on how to recognise and disable it?

 

I think what's happening is this: there are a lot of addresses that access the function that I'm trying to disable, and one or more of them crashes the game.

If I'm right (and the Cheat Engine disassembler does show a lot of addresses connected to that function), then I have no idea how to go around that. So far all the addresses I tried to disable crashed the game in their own weird way (even the one that made the balls appear). It may be required to try a different route altogether.

 

I'll post the links to both the game and DOSbox in the original post, so that they're easily accessable to anyone who wants to give them a spin.

Share this post


Link to post

Finding pointers is usually just a time and RAM intensive process... CE has an integrated pointer scanner, but I only ever used that once. (used to find an elusive infinite HP cheat in the pre-release beta of Deus Ex Human Revolution, but I never got around to including it in my trainer) I highly recommend using the Cheat Engine tutorial to learn that aspect of the program.

 

Anti-cheat in ASM usually involves bouncing around the program using jmp commands, and compares. (and sometimes compares of compares) It usually takes a while, and the full ASM disassembly to bypass them, (along with adding a few dozen or hundred lines of code) but it can produce some of the most interesting results it's possible to get. (including hacks the 'pros' don't even dare to try) If you don't have the knack for it, or know what you're doing, ASM can become quite daunting. It is essentially talking directly to the CPU in its own language, and you definitely don't want to give it too many insults, lest it cause certain system-wide instabilities. (or in the case of certain programs, stabilities) There's no extensive tutorial to the language that I have ever found, just a set of basic dictionaries that seem to change sites every few months. I recommend trying to find a site that has a listing of the OPcodes for your specific CPU, (there are differences between Intel and AMD, HUGE differences between x86 and x64, and even some differences between generations and models of CPUs) or just sticking to the pointer scanner. (ASM usually is extremely difficult to get the full hang of)

 

Good idea including links.

Share this post


Link to post

I'm not sure about anti cheating measures, and I'm hardly well versed in how memory is handled, but I do think you're overthinking health a little. I haven't tried to get adventureus's ending/bug, but here's how to get unlimited health consistently and without error:

 

  • Load up the game and boot up Cheat Engine
  • Scan for four byte unknown initial value
  • Expend some air in game, then search for a decreased value
  • Repeat until you have gotten it down to a few dozen addresses. Most of these will just be continuously decreasing variables, which are best left alone.

 

In order to whittle it down to a smaller set of addresses, I then went and found a yellow gem, which will put you back up to max health.

Then, after this if you've done it right you should only have a few addresses, just put the DOSBox and the Cheat Engine windows where you can see both and note which address reacts to moving the ball about. That's your health value, in the range of 0 - ~860000000. I suspect the values adventurus found simply corresponded to the sprite of the ball, and perhaps other aesthetic effects.

 

I've managed to do this without the game freezing, though since memory seems to be randomly reassigned, if the health address changes to one which probably shouldn't be frozen things could go badly. I've had this issue in a lot of other software and I've always dismissed it as being above my skill level.

 

Now, this health value is for the level you found it on, only. For each level, you'll have to repeat the above process in order to get infinite health again. However, they stay the same, so if you quit out of a level and come back, it'll still be the same address.

I think the yellow gem just resets you to maximum health (or after freezing the address, tries to) so I doubt you have to worry about dying from over inflation here. However, the game does have instakills which will work regardless of infinite health. One of them is this spike thing: dzynBwM.gif, and the other is the coloured gate: R4tqOtE.gif. This is particularly important on the last level which contains teleporter traps including these, so try to take unknown teleporters slowly as you keep your momentum going through them. For many parts of the game, I would recommend holding the air brake key (default z) so you will only move while holding one of the movement keys.

 

 

 

As for actually playing the game, I don't think health is the only factor one has to worry about. As was said in the video, the game is a slog, and you are meant to get through it in one sitting as it has no save states. The game's instructions (Press i on menu) are worth the read:

 

PjPXJl8.png

 

At the end of the third paragraph here, Sean Puckett states that there is no ending for Helious 2. Ross brought this up in the video, and went on to explain it might secretly notify the aliens about the game's completion. I am a skeptic, but at any rate I don't have much time on my hands, so I would like to see what will happen after beating every level. In order to help with that, it would be best for someone to beat it and share a save state here.

 

The official DOSBox doesn't have support for Save States like you might see in other emulators, but there is a modified version of it called DOSBox SVN-Daum which allows saving by a simple hotkey. You can download it here (E: Official Website, can't believe I missed that one), and read a forum thread about it here.

I found the documentation on it a little inconsistent so here are some instructions for use of the mod:-

 

After running the game, you can save with alt-f5 and load with alt-f9, nice and simple. The save file will be under the DOSBox's program files/SAVE/ and the numbers 1 - 10 will correspond to which save you were using. You have to boot up the game again before loading. This would be fine for playing through but if you wanted to play a save you downloaded from someone else, you can use the commandline option -savedin followed by the path from your mounted directory to the savestate file named "memory". I don't know how well that will work between different users as I haven't bothered to try loading a save on the different PC, but I can't imagine that it will be too much of a problem.

The mod also has added dropdown menus, from which you can easily change things like clock speed, and you can pick which save file you want to use from there. You can also capture video and screenshots using the capture menu.

 

 

This is what I've learnt so far. I'm not convinced there will be an ending but for those of you who are more dedicated than me, good luck, and please share it before your abduction! If you manage to get part way through it but lose hope, share your save anyway! I'm sure someone will pick it up.

 

E: The default health is 655294464. This should make finding it a lot easier.

Edited by Guest

Share this post


Link to post

Hey, thanks for the response, I'm glad that someone else's interested. I can't believe I didn't think of searching for decreasing values to find the fuel level. It's great that you can now have infinite health. I couldn't find the addresses you were talking about, but I did find something better - an address that starts at 39 each time that keeps track of your health and works for every level. Just search for 39 and decreasing value each time and you'll find it. I'll try to beat the game with it and write back. The problem seems to be the size of the ball, as you sometimes have to deinflate to go through tiny gaps. Maybe I can somehow use the addresses I found to control the size without changing health. I'll test that.

 

No idea how I missed the part where he says that there's no ending, I did read the instructions. But if there's no end, what's the ball graphic I found? It's incredibly simillar to the end of helious I. There's only one way to find out.

 

 

Edit - if you get the health value down to 10 or something and then press the checkbox to deactivate it, it remains the same size and invincible. Still afraid of instadeath, but this is way easier now.

Edit edit - I literally did that a second before BTGbullseye posted it =)

Edit edit edit - something weird just happened. I died on a level due to instadeath, reentered it, and my ball was the right size. I looked at the first four health values I found, and they were stuck at 34. I quit the level, and for some reason now there's a new knuckle joint added to my tentacle thing. No idea what happened there, I'm going to try to replicate the events.

Edit edit edit edit - Did that again just now, nothing happened and it took away my knuckle joint. 'Nice'.

Edit edit edit edit edit - I realized what causes the anomaly. For some reason, the purple and yellow levels don't work like all the others. When I enter them, my ball is big, takes damage like normal, and the four health values are stuck at 34 for purple and 80 for yellow (except for F3, which is stuck at 8 and 0 respectively. I have no earthly clue why these levels are different, but they are. Maybe they use a different address? The knuckle joint no longer appears.

Edit edit edit edit edit edit - Just got the flag on the blue level. Nothing happend for a while and I hit escape to go back to the tentacle screen. Do I have to do something else? It didn't give me a knuckle joint. When I reenter the level the flag is still there. I remember someone reporting the same problem in the comment section of the helious video here on the forums. No clue what's going on.

Edit edit edit edit edit edit edit - I went ahead and completed the pink level just to make sure. It did give me a knuckle joint. I think the problem is that the first time I stuck around for a bit too long and I was supposed to press escape right after I got the flag. Too bad I didn't download the version with savestates yet, but the pink one is easy to beat with infinite health, so that won't be a problem.

 

Okay, I'm done for the day, but that was a good hour or so. The problems now are the purple and yellow levels and the occasional lack of knuckle joints.

Edited by Guest

Share this post


Link to post

If you have a set value that controls the health, you can set CE to freeze it at whatever value you want... You can even set hotkeys for different values.

Share this post


Link to post

I'm actually not sure if the knuckle joint always corresponds with completing the level, I just decided to assume that for the sake of the video.

Share this post


Link to post

I'll look into this starting tonight. I've been game hacking since 1998 and I'll be damned if a DOS game can stop me from cheating.

 

FYI the game definitely does not have anti-cheating code in it, that didn't even exist until well after the year 2000. DOSBox is an emulator/VM and the instructions you are modifying are the emulation code and not the game itself. It's a frequent problem people run into when trying to cheat in games written in Java, C#, or ROM's played in emulators (NES, SNES, etc). But that doesn't matter much, old games like this wont need code changes, freezing some values will be enough.

Edited by kuntz

Share this post


Link to post

here's a clean version of cheat engine, if anyone wants it (just... avoid the official website, please)

https://ratchet302.gitlab.io/content/guides/c/cheat-engine/instructions/downloads/Cheat Engine (6.8.1).7z

 

Uh, for anyone who reads this, if you find the health value, make sure to right click on it, select "what accesses this value", take some damage, and then select everything you see in that window, and click some button called "add to the code list" or something, and click OK.

 

If you restart the game, it should make it easier to find the health value again.

 

You can also use the dissasembler, to NOP out the functions, so you should be able to disable the insta kill spikes, but you probably need to die once, so that you can get the right bytes to show up.

 

Here's where that assembly gets saved.

On the bottom left, select advanced options.

aeqLOVO.png

 

Pretend that you have a bunch of stuff.

g68KHEF.png

 

Double click on the text you'll have added here.

Select the adress, right click, select "what values this adress uses", or something, i don't remember exactly

you can find the health value again very easily, no pointer scan needed, or anything

 

right click on functions and NOP them out to turn them off

Edited by RaTcHeT302

Share this post


Link to post

Cheat Engine Settings

should keep mem_mapped checked

eC4Ej1U.png

 

If cheat engine crashes use the VEH debugger

hHd39El.png

 

Here are more examples for a cheat table I made for Prototype.

Spoiler

 

Kk3j92w.png

 

To fill up this window, and to get the values, do something in the game (take damage, heal yourself, deflate, etc)

V5Zk0cS.png

 

 

Storing a value permanently without pointers. (you can ignore the P-> in the screenshot, i was just being lazy, it works with normal values you find too)

GBzDtJ2.png

 

you have to get hurt, or this menu will stay empty - select all the text, click on "add to the code list"

y33QjOF.png

 

to find the old values again, click on this menu on the bottom left

aeqLOVO.png

 

double click on your function

9AR3J9e.png

 

a new window will open, right click on the highlighted text, select what accesses this value

jR80xDm.png

 

take some damage, or get healed up

V1P5ZEn.png

 

Disabling functions (so like, if you don't want to take damage anymore, try this)

zKgkDdr.png

 

sorry this post is a mess, i wasn't sure how to present this information

 

if the assembly has a mov, you can do mov #50000, [Stuff] or mov [Stuff], #50000

 

mov = copying data

 

# = decimal

50000 = the value 50,000

 

i forgot what float was like, i think (float)50000.0 or something? you'll have to look that up

 

for add, if there's a -1, that's likely a decrease

for dec, it could be a 1, i think? i'm not sure

 

edi, esi, esp, edx, you can ignore these, they are just registers, some hold an adress, some are used for simple things, like the number 0, i think

 

you can ignore pop, mov is where data is usually

ret is where the function stops, so like a loop, or something

 

fld, fstp - for floats? i forgot

the ones with the "J" in them are comparisons usually, i forgot , you can nope those out if you are stuck, right click and select "replace with original code" if you want to undo the NOPs

 

if you see EDX+10, the +10 is an offset, that's not data, you can ignore that - EDX is where the data will get sent to

 

example

mov eax,[esi+10]

copy the value, stored in EAX, to the new location

(+10 is the offset, for the pointers, or something, i forgot - if you see a +, it means that it's memory, or that stuff is loaded in RAM?)

 

i suck at explaining

 

really just, ignore everything which isn't "mov", and if it has a + in it, you can also ignore it

 

mov #50000,[esi+10]

copy the number 50000, into memory, all the time

 

db to allocate memory for a pointer? i forgot, i think you won't see that too often

 

what the weird + numbers mean esentially - if you see a plus, it's MEMORY

EWTCjUR.png

 

how to read easy - [esi+16] <-- MEMORY EXAMPLE

if you see square brackets, or a +, it's MEMORY

yBw49OV.png

 

i might be remembering the logic wrong, but that's roughly the idea - i'm pretty sure the second example is wrong, but whatever now, i can't be bothered to re do it

 

you'd probably crash something, or write NULL, or a null pointer, whatever, i forgot

Edited by RaTcHeT302

Share this post


Link to post
30 minutes ago, kuntz said:

 But that doesn't matter much, old games like this wont need code changes, freezing some values will be enough.

i think turning off the insta kills would probably simplify the process, it should be relatively easy to find, i posted some screenshots to help people out, the techniques are pretty generic, so you can apply them to any games (it took me forever to figure this stuff out though... it's kinda embarassing, i spent four days just to, mostly end up right clicking on a bunch of menus lol)

 

for pointer scans, uhh, just, get a new adress, for your health again - search that adress in the pointer scan (scan for adress or something, there should be a menu like that)

 

you found new pointers? ok, save the list, restart the game

repeat until you got the correct results

 

save each pointer scan as it's own file, that way, if you get no results, you can go back to the old progress, and try again

 

i don't remember exactly, but it's a very easy process if you save the correct assembly stuff to that "code list" thingy

 

sorry i explained this really poorly, i really need to documents this on my website, it's a very simple technique which works for me

Edited by RaTcHeT302

Share this post


Link to post
9 minutes ago, RaTcHeT302 said:

i think turning off the insta kills would probably simplify the process, it should be relatively easy to find, i posted some screenshots to help people out, the techniques are pretty generic, so you can apply them to any games (it took me forever to figure this stuff out though... it's kinda embarassing, i spent four days just to, mostly end up right clicking on a bunch of menus lol)

 

 

I haven't played the game before, so if there are many insta-kills driving me nuts I'll definitely disable them haha.

 

What is the easiest level in your opinion?

 

I'm also going to see if I can just go to the end asap and not collect the blue gems, that could be an easy hack too.

Edited by kuntz

Share this post


Link to post
16 minutes ago, kuntz said:

What is the easiest level in your opinion?

I'm also going to see if I can just go to the end asap and not collect the blue gems, that could be an easy hack too.

sorry, i didn't play the game, someone said that the game has some insta kill spikes, that's what i was basing that information off mostly

i was just sharing my dirty cheat engine knowledge with screenshots, to make things a bit easier for people (i wrote the info in a rush though, so it's kinda bad)

Edited by RaTcHeT302

Share this post


Link to post

Health is easily found, it's a static 16-bit integer that starts off at 9,999. I froze it at 2,500 to stay small and lean. This will not save you from instant-kills, but makes the levels really easy regardless. Hold down 'Z' on your keyboard for perma-brake, it makes controlling a bit easier. I'm now trying to cheat the blue gems so I don't have to capture more than 1 per level in order to complete them.

 

The location for health does not change each level, so you just need to final one memory location for it to beat all the Levels. Important the health location for the Levels is also used to draw the main tentacle on the Level Select screen, and the Y position of the Logo on the main Title Screen, so make sure to not fuck with it when you exit a level.

 

12,999 is your max Health, if you go to 13,000 you will pop and die.

 

If you freeze it at 1,000 for example, some things can kill you (they do 1,000+ dmg), so it seems 2,500 is a good amount to freeze it at.

Edited by kuntz

Share this post


Link to post

This game is the epitome of awful. It's mostly just needing to be very slow and patient, and being decent at solving mazes. The instant-kills can be annoying in spots where stuff automatically moves your ship in random fashion. But my biggest gripe is that it can't be saved, so it may take a long long time to finish it without cheating, if that's even possible.

 

New Information Beep-Beep Boop-Boop

 

It does not look like this game was completed. You can collect the flags at the end of the levels, but nothing happens. The level does not end, you collect nothing, nothing happens. You still need to press ESC to leave the level to go back to the Tentacle but it doesn't even save the fact you completed the level. If you go back into a level you've completed, it's reset. So I highly doubt beating all of the Levels will do anything, the game does not seem to keep track of your progress in any way, shape, or form. I am probably going to load this game onto a VM over the weekend and beat it using save states & invincibility, that way I can take breaks and also not have to worry about it crashing on me. But I think it's going to be a huge waste of time, the instructions inside the game even state there is no ending to the levels or to the game.

 

But I will find out, and I will record it. Science must know the answers to these questions.

Edited by kuntz

Share this post


Link to post
1 hour ago, kuntz said:

Health is easily found, it's a static 16-bit integer that starts off at 9,999. I froze it at 2,000 to stay small and lean. This will not save you from instant-kills, but makes the levels really easy regardless. Hold down 'Z' on your keyboard for perma-brake, it makes controlling a bit easier. I'm now trying to cheat the blue gems so I don't have to capture more than 1 per level in order to complete them.

 

The location for health changes for each level AND *important* the health location for Level 1 is also used to draw the main tentacle on the Level Select screen, so make sure to not fuck with it when you exit a level. Other than that the memory location for your Health does not seem to change if you re-start the game, or re-start the level. This is pretty typical for DOS games, they rarely used dynamic memory since there was so little memory anyway.

 

12,999 is your max Health, if you go to 13,000 you will pop and die.

 

If anyone is confused, go to the tentacle screen menu, do a search for a 2 byte value, type 9999, do an exact search, set all the values to 2000.

You'll spawn with the new health. I don't think this is your actual health, it's just what you spawn with.

 

Also oh my god I want to die. I had fast scan ON, I finally found the stupid health value.

YnoAWFx.png

 

Fuck me I finally found it, I thought I was retarded for a second, but no, cheat engine was SKIPPING MEMORY. BLAAAH.

 

FOR THE LOVE OF GOD TURN THIS CHECKBOX OFF

ieN7Lrr.png

Edited by RaTcHeT302

Share this post


Link to post
1 minute ago, RaTcHeT302 said:

If anyone is confused, go to the tentacle screen menu, do a search for a 2 byte value, type 9999, do an exact search, set all the values to 2000.

You'll spawn with the new health. I don't think this is your actual health, it's just what you spawn with.

 

Also oh my god I want to die. I had fast scan ON, I finally found the stupid health value.

YnoAWFx.png

 

Fuck me I finally found it, I thought I was retarded for a second, but no, cheat engine was SKIPPING MEMORY. BLAAAH.

 

I edited my post with more accurate information:

 

1 hour ago, kuntz said:

Health is easily found, it's a static 16-bit integer that starts off at 9,999. I froze it at 2,500 to stay small and lean. This will not save you from instant-kills, but makes the levels really easy regardless. Hold down 'Z' on your keyboard for perma-brake, it makes controlling a bit easier. I'm now trying to cheat the blue gems so I don't have to capture more than 1 per level in order to complete them.

 

The location for health does not change each level, so you just need to final one memory location for it to beat all the Levels. Important the health location for the Levels is also used to draw the main tentacle on the Level Select screen, and the Y position of the Logo on the main Title Screen, so make sure to not fuck with it when you exit a level.

 

12,999 is your max Health, if you go to 13,000 you will pop and die.

 

If you freeze it at 1,000 for example, some things can kill you (they do 1,000+ dmg), so it seems 2,500 is a good amount to freeze it at.

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in the community.

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.