By Max_Power
Code:
NOTE: Halo incrementally linked, might help with injection?
Inf. Ammo:
4C215B 2B442424
Shield = float, 1.0 = full
NOTE: Inf shield hacks still vulnerable to explosions.
Inf. Shield (All):
4EAF4A D8642420
Inf. Shield (You);
At 4EAF4A jump to code cave at 63330C (or a different one)
check if esi is same value as dereferenced shield pointer [4BB2313C]. If same execute
FSTP DWORD PTR DS:[ESI+0E4]
then jump to 4EAF54 if not execute
FSUB DWORD PTR SS:[ESP+20]
FSTP DWORD PTR DS:[ESI+0E4]
then jump 4EAF54
4EAF4A code:
JMP 63330C
Opcodes:
E9 BD 83 14 00 90 90 90 90 90
63330C code:
CMP ESI,[4BB2313C]
JNE 633323
FSTP DWORD PTR DS:[ESI+0E4]
JMP 4EAF54
FSUB DWORD PTR SS:[ESP+20]
FSTP DWORD PTR DS:[ESI+0E4]
JMP 4EAF54
Opcodes:
3B 35 3C 31 B2 4B 75 0F 90 90 90 90 D9 9E E4 00 00 00 E9 31 7C EB FF D8 64 24 20 D9 9E E4 00 00 00 E9 22 7C EB FF
Auto-Shoot:
4AFD11 <--- sets the flag for red or blue crosshair
MOV DWORD PTR DS:[ESI+EBX*4],EAX
if eax is 1 then the crosshair is red (or the lock-on color) if it is 0 it is blue (or the default color).
Call function that calls 4C1FE0, so figure out what makes it be called when trigger pressed and make it always happen. 4C1530 is called whenever you shoot and calls 4C1FE0. 4C1530 is called at 4BFE80 when shooting, check it for params (push ebx is what matters, ebx is the address to a struct with info about the gun you are using). 4BAD08C4 and 4BAD0EC8 both seem to point to the gun structure for your current gun.
Change jump at 4AFC46 from JE 4AFD0E to JE 63330C (or another code cave).
Opcodes:
0F 84 C0 36 18 00
Code in code cave:
CMP AX, 1
JNE 4AFD0E
PUSHAD
PUSH 0
XOR EAX,EAX
PUSH EAX
MOV EAX,[4BAD08C4]
PUSH EAX
CALL 4C1530
ADD ESP, 0C
POPAD
JMP 4AFD0E
Opcodes:
66 83 F8 01 0F 85 F8 C9 E7 FF 60 6A 00 33 C0 50 A1 C4 08 AD 4B 50 E8 09 E2 E8 FF 83 C4 0C 61 E9 DE C9 E7 FF
Halo Demo Notes 
Linear Mode
