Difference between revisions of "Gamecheats:SimTower"

From Cheat Engine
Jump to navigation Jump to search
m (Reverted edits by 67.159.44.103 (Talk) to last revision by Tgp1994)
 
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
==Initial Research==
+
==About simtower==
  
So far, I cannot tell how in the heck you are supposed to find the money value. At first, I was able to find it by searching in the Text area, but now it is nowhere to be found. If anyone has any input on hacking SimTower, it would be great if you added.
+
Simtower is a 16-bit game designed for windows 3.1
 +
This causes 32-bit versions of windows to run it inside a virtual 8086 mode. In NT-Based OS'es this is the ntvdm.exe process. Because 64-bit versions of windows don't have a similar emulation layer the only way to run this game on there is through the use of virtual machines like vmware and install a 32-bit os on there
  
Just added: Windows runs SimTower through NTVDM, which is a "16-bit Virtual Machine", since SimTower was originally designed for Windows 95. NTVDM could be screwing with the memory addresses.
+
==Cheating==
 +
To cheat in simtower with Cheat Engine the first thing you have to do is go to settings->scan setting and tick the MEM_MAPPED box. (Probably because the image of the loaded .exe is mapped inside the virtual machine instead of actually loaded there, but not 100% sure. Correct if wrong)
  
Because it is running in the 16 bit virtual machine ntvdm the memory range to scan must be set to all (00000000-ffffffff) since the paging in ntvdm is memory mapped to simulate a real dos environment
+
Also, you have to set the range to scan to all (00000000 to FFFFFFFF)
  
===Big find===
+
Money is stored divided by 100. So if you have 175000 money, it is stored in memory as 1750<br>
I was able to find 8 different values that all either changed with the money changed, or didn't when the money didn't. Here's what they look like:
+
For scanning you can just use a 4 byte scan, but make sure that fastscan is off. The game aligns memory on a 2 byte boundary instead of 4 byte.
  
{|border="1"
+
Population is also stored as a 4 byte value, but there's nothing special about it. 100=100 (just don't do fastscan)
|-
+
 
! Memory Address
+
==Further research==
! Value Type
+
Memory address changes whenever the program is started up. Only memory address that writes to the money value is FFFFFFFF with an add[eax],al operation. The value of the EAX address seems unrelated to anything though.
! Value
 
|-
 
|02CCE4AB
 
|8 Bytes
 
|4899916395183079435
 
|-
 
|02CCE4AB
 
|Double
 
|3.68934930952215'''E19'''
 
|-
 
|02CCE4AC
 
|8 Bytes
 
|91197892456611840
 
|-
 
|02CCE4AC
 
|Double
 
|1.45822440452241'''E-302'''
 
|-
 
|02CCE4AD
 
|8 Bytes
 
|356241767408640
 
|-
 
|02CCE4AD
 
|Double
 
|1.76006818890377'''E-309'''
 
|-
 
|02CCE4AE
 
|8 Bytes
 
|1391569403940
 
|-
 
|02CCE4AE
 
|Double
 
|6.87526636290535'''E-312'''
 
|}
 
<br>
 
I'm sure most of you can see the first correlation. There are groups of two of the same memory addresses, each with an 8 Byte value and a Double value. As the memory addresses increase, the 8 byte value drops by two digits. Other correlations, or how this relates to my original money value, (which is '''2066500''') I cannot see. If there is some master code cracker out there, your help is still appreciated.
 

Latest revision as of 13:20, 5 October 2009

About simtower[edit]

Simtower is a 16-bit game designed for windows 3.1 This causes 32-bit versions of windows to run it inside a virtual 8086 mode. In NT-Based OS'es this is the ntvdm.exe process. Because 64-bit versions of windows don't have a similar emulation layer the only way to run this game on there is through the use of virtual machines like vmware and install a 32-bit os on there

Cheating[edit]

To cheat in simtower with Cheat Engine the first thing you have to do is go to settings->scan setting and tick the MEM_MAPPED box. (Probably because the image of the loaded .exe is mapped inside the virtual machine instead of actually loaded there, but not 100% sure. Correct if wrong)

Also, you have to set the range to scan to all (00000000 to FFFFFFFF)

Money is stored divided by 100. So if you have 175000 money, it is stored in memory as 1750
For scanning you can just use a 4 byte scan, but make sure that fastscan is off. The game aligns memory on a 2 byte boundary instead of 4 byte.

Population is also stored as a 4 byte value, but there's nothing special about it. 100=100 (just don't do fastscan)

Further research[edit]

Memory address changes whenever the program is started up. Only memory address that writes to the money value is FFFFFFFF with an add[eax],al operation. The value of the EAX address seems unrelated to anything though.