Armies Of Exigo v1.4 (+3 Trainer)

Trainer was written in VC++ 2005.
Sources are included. You can use them freely, except lame things like
recompiling them with your nick inside and claiming you did it.
How it works:
[F5] Makes your resources 100000/100000/100000
[SHIFT+F5/F6/F7] Max your units limit to 200 (F5 must be activated for this to work)
[F6/F7] Changes the selected unit health or the first one in selection.
How it was made - read the techinfo file.
p.s. if you want to watch the game videofiles, then just change their code using avic tool from
xvid package to DIVX and play them as normal avi's as they are.
EOD //[UCF]Armies Of Exigo v1.4
trainer technical info
How the selected unit stats was trained:
I have found where selected unit health is located in the memory.
It was float.
Then breakpoint on memory access.
Found which one is used to show you the health stats on the screen for the selected unit.
Then look how address of the health info is got by the program...
The program gets the index of the unit selected, then it gets the offset of its stats using
short calculation.
.text:004A8B30                 sub     esp, 8
.text:004A8B33                 push    esi
.text:004A8B34                 push    edi
.text:004A8B35                 lea     eax, [esp+10h+var_8]  //here the index of unit will be written
.text:004A8B39                 mov     esi, ecx
.text:004A8B3B                 push    eax
.text:004A8B3C                 mov     ecx, offset unk_B33E70  //using this buffer
.text:004A8B41                 call    sub_44FAB0
.text:004A8B46                 mov     ecx, [eax+4]
.text:004A8B49                 test    ecx, ecx
.text:004A8B4B                 jz      short loc_4A8B64
.text:004A8B4D                 movzx   edx, word ptr [eax+2]
.text:004A8B51                 mov     eax, dword_FEEE80
.text:004A8B56                 imul    edx, 1E8h
.text:004A8B5C                 lea     edi, [edx+eax]
.text:004A8B5F                 cmp     ecx, [edi+40h]
.text:004A8B62                 jz      short loc_4A8B66
-------------------------
.text:0044FAB0                 mov     eax, ecx
.text:0044FAB2                 mov     edx, [eax+0D8h]
.text:0044FAB8                 lea     ecx, [eax+0D8h] //our buf + 0D8h
.text:0044FABE                 mov     eax, [eax+58h]
.text:0044FAC1                 sub     esp, 8
.text:0044FAC4                 cmp     eax, edx
.text:0044FAC6                 jl      short loc_44FAE4
.text:0044FAC8                 test    edx, edx
.text:0044FACA                 lea     eax, [esp+8+var_8]
.text:0044FACD                 jz      short loc_44FAD9
.text:0044FACF                 push    0
.text:0044FAD1                 push    eax
.text:0044FAD2                 call    sub_42D970
.text:0044FAD7                 jmp     short loc_44FB01
.text:0044FAD9 ; ---------------------------------------------------------------------------
.text:0044FAD9
.text:0044FAD9 loc_44FAD9:                             ; CODE XREF: sub_44FAB0+1Dj
.text:0044FAD9                 xor     ecx, ecx
.text:0044FADB                 mov     [esp+8+var_8], ecx
.text:0044FADE                 mov     [esp+8+var_4], ecx
.text:0044FAE2                 jmp     short loc_44FB01
.text:0044FAE4 ; ---------------------------------------------------------------------------
.text:0044FAE4
.text:0044FAE4 loc_44FAE4:                             ; CODE XREF: sub_44FAB0+16j
.text:0044FAE4                 test    edx, edx
.text:0044FAE6                 jz      short loc_44FAF5
.text:0044FAE8                 push    eax
.text:0044FAE9                 lea     edx, [esp+0Ch+var_8]
.text:0044FAED                 push    edx
.text:0044FAEE                 call    sub_42D970            //get the unit index
.text:0044FAF3                 jmp     short loc_44FB01
--------------------------
.text:0042D970                 mov     eax, [esp+arg_4]
.text:0042D974                 mov     edx, [ecx]
.text:0042D976                 sub     esp, 8
.text:0042D979                 cmp     eax, edx
.text:0042D97B                 jge     short loc_42D997
.text:0042D97D                 mov     edx, [ecx+eax*8+4]   //from here - eax=0
.text:0042D981                 lea     ecx, [ecx+eax*8+4]
.text:0042D985                 mov     eax, [esp+8+arg_0]
.text:0042D989                 mov     [eax], edx           //our index
.text:0042D98B                 mov     ecx, [ecx+4]
.text:0042D98E                 mov     [eax+4], ecx
.text:0042D991                 add     esp, 8
.text:0042D994                 retn    8
so unit index lies here: 0xB33E70+0xD8+4
we get unit stats address by this:
.text:004A8B4D                 movzx   edx, word ptr [eax+2] //eax points to our copied index
.text:004A8B51                 mov     eax, dword_FEEE80
.text:004A8B56                 imul    edx, 1E8h
.text:004A8B5C                 lea     edi, [edx+eax] //here we have our pointer
pointer+4 points to structure:
DWORD current unit health
DWORD max unit health
DWORD current unit mana
DWORD max unit mana
If you will set health to -1 the unit will be invisible to enemy and will not be attacked
(invalid target).
Game resources are trained easily - they are at static adresses:
0xB27614 - human units limit
0xB27614 - 3rd race units limit
0xB2761C - fallen units limit
0xB27240 - Gold
0xB27244 - Wood
0xB2724C - Gems
Enjoy!
p.s. if you write your own trainer don't forget to use RegisterHotKey instead of GetAsyncKeyState.
EOD //[UCF]