So, no trainer for this lovely game - The only thing most people want is just infinite money.
Well, it's the lucky day of the few people who read this who are likely experienced enough to handle their own skin.
What you need:
The Movies: S&E - Any version.
Game in Windowed Mode - Google.com
CoSMOS 5.X - Download from CoSMOS.org
A basic grasp of ASM - Research on google.com
A brain - Download not availabe
Opening
Start up the game, load a level and pause.
**** MAKE SURE YOU ARE RUNNING IN WINDOWED MODE ****
I'll cut straight to the chase - Your normal memory search methods will. Not. Work.
The game displays your money in the top right corner ("150,000". You can locate this by doing a known value float search but changing it does nothing. This is just a display figure, your real money is buried deep within the game, hidden away from prying eyes. But this is still important - Afterall, in order for this dummy display value to work it must have been fed the real value once upon a time.
So, to start up - Search type "Float" and do repeated exact value searches until you hit the memory address which holds the display value for your currency. This is as far as most people get before they give up, but I'm not going to abandon you just yet...
The next step
so, we already know something is feeding your dummy display value with your real amount of currency. How do we go about tracing that back to the source, then?
First of all we have to find some part of the game's code where your money is updated - Now even while paused the game is constantly doing checks and calculations on the displayed currency. With the game paused - Right click your memory value and "Find out what writes to this address". Almost immediately you'll get something pop up. I had "00639551 - 89 86 44 03 00 00 - mov [esi+00000344],eax" and this is the first part of our great adventure. I'm assuming everyone else only got one thing here too, by the way - So just right click it (or the most similar one to it if you got multiple) and show in the disassembler.
To those familiar with assembley, you should be right at home. To those who aren't... Well, you may be screwed for the rest of this guide. What we're aiming to do is find some way of tracing back to our original money value, so this means trawling through the assembley backwards.
In my version I had "mov [esi+00000344],eax" - The value in the eax register was moved to the memory address we found earlier. A step above I had "mov eax,[esp+04]". At some point [esp+04] was told the our true currency too. Just above this opcode there's also a CALL - Running through this it compared my current currency to various breakpoints (1000, 1000000) and was obviously a part of formatting the currency (1000 formatted as 1,000 or 1000000 formatted as 1,000,000). Nothing otherwise useful to us, though. A few lines more up we have a "fstp dword ptr [esp+04]" though - Long story short this opcode is telling [esp+04] what our current currency is. One step above that "fmul dword ptr [00d195bc]" - Before being stored, our currency was a number that was multiplied by the value in 00d195bc. Add the memory address you get in your game manually and set the type to float. You'll notice it's an insanely small number - "1.19209289550781E-7" in standard notation is actually ".000000119209289550781".
This is a big hint that your currency is not a standard number. Infact, it's very large. If you had a displayed currency of 150,000 then the actual number that represents your "real" money would be in the billions. Now we could divide our floating point display currency by our multiplier but it's just not exact enough and chances are the search wouldn't work too well. We need to go even deeper still.
So what is the source of the currency? At what value does it all start before it's multiplied by a number so small? Well...
"fild qword ptr [eax]" - This brings the integer value located at the memory address contained within eax and pushes it to the top of the FPU stack. What does that mean? Well, this contains the number that is the source of our currency.
Set a breakpoint (F5) on this opcode, unpause the game. It'll immediately trigger, so move back to CoSMOS. Manually add the memory address contained in the eax register - A word is 2 bytes, a dword (doubleword) is 4 bytes. This opcode brought in the value as a qword (quadword) which is a whopping 8 bytes. Set it to the type 8 bytes.
Now this huge value you see - This is your real money, but the address it's held in is again just a filler. It'll change as soon as you let the game continue. What you want to do is run an exact value 8 byte search for the number contained in the memory address you just added.
You should have no more than 3 results - 1 you've already got on your list and the other two you should add yourself.
Go back to the memory viewer where you were reading all the assembley and push F9 to restart the game, then close the memory viewer part.
Unpause the game, go to CoSMOS and add a 0 to the end of your two new values. The one that immediately changes your on-screen currency is the address you're after.
The Movies uses dynamic memory so this address won't point to your cash next time you run the game. I've run out of characters so you'll have to find the pointers on your own - Needless to say there should be some good, solid level 2 pointers you can use with a maximum offset of 255.
This guide was advanced for the average, every-day layman but for people who know how to work their way around a memory editor you should be able to work with this guide just fine.
Good luck!
[Edited by jetlaw, 2/24/2010 2:13:01 AM]
Important Board Topics
Trending Topics