Reading from Halo's memory in 40 lines of C#

app.csx

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

// define struct
[StructLayout(LayoutKind.Sequential)] public struct IndexHeaderStruct {
    public uint MemoryOffset;
    public uint MapID;
    public uint TagCount;
    public uint VerticieCount;
    public uint VerticieOffset;
    public uint IndicieCount;
    public uint IndicieOffset;
    public uint ModelDataLength;
    private uint Buffer;
}

// open Halo
[DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
const uint ProcessAllAccess = 0x1F0FFF;
var processesByName = Process.GetProcessesByName("halo");
var processId = OpenProcess(ProcessAllAccess, false, processesByName[0].Id);

// read memory
[DllImport("kernel32.dll", SetLastError = true)] public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);
var buf = new byte[256];
int bytesWritten;
ReadProcessMemory(processId, (IntPtr)0x40440000, buf, 256, out bytesWritten);

// cast to struct
var pinnedIndexHeader = GCHandle.Alloc(buf, GCHandleType.Pinned);
var addrOfIndexHeader = pinnedIndexHeader.AddrOfPinnedObject();
var indexHeaderStruct = (IndexHeaderStruct)Marshal.PtrToStructure(addrOfIndexHeader, typeof(IndexHeaderStruct));

// print
Array.ForEach(indexHeaderStruct.GetType().GetFields(), (field) => {
    Console.WriteLine(string.Format("{0}: {1}", field.Name, field.GetValue(indexHeaderStruct)));
    });

pinnedIndexHeader.Free();

I ran this file as-is using ScriptCS. Otherwise you may copy+paste this as-needed into a full C# project.

I ran this file as-is using ScriptCS. Otherwise you may copy+paste this as-needed into a full C# project.