Armies Of Exigo v1.4 (+3 Trainer)
Text file description:
Trainer was written in VC++ 2005. Sources are included. You can use them freely, except lame things like recompiling them with your nick inside and claiming you did it. How it works: [F5] Makes your resources 100000/100000/100000 [SHIFT+F5/F6/F7] Max your units limit to 200 (F5 must be activated for this to work) [F6/F7] Changes the selected unit health or the first one in selection. How it was made - read the techinfo file. p.s. if you want to watch the game videofiles, then just change their code using avic tool from xvid package to DIVX and play them as normal avi's as they are. EOD //[UCF]Armies Of Exigo v1.4 trainer technical info How the selected unit stats was trained: I have found where selected unit health is located in the memory. It was float. Then breakpoint on memory access. Found which one is used to show you the health stats on the screen for the selected unit. Then look how address of the health info is got by the program... The program gets the index of the unit selected, then it gets the offset of its stats using short calculation. .text:004A8B30 sub esp, 8 .text:004A8B33 push esi .text:004A8B34 push edi .text:004A8B35 lea eax, [esp+10h+var_8] //here the index of unit will be written .text:004A8B39 mov esi, ecx .text:004A8B3B push eax .text:004A8B3C mov ecx, offset unk_B33E70 //using this buffer .text:004A8B41 call sub_44FAB0 .text:004A8B46 mov ecx, [eax+4] .text:004A8B49 test ecx, ecx .text:004A8B4B jz short loc_4A8B64 .text:004A8B4D movzx edx, word ptr [eax+2] .text:004A8B51 mov eax, dword_FEEE80 .text:004A8B56 imul edx, 1E8h .text:004A8B5C lea edi, [edx+eax] .text:004A8B5F cmp ecx, [edi+40h] .text:004A8B62 jz short loc_4A8B66 ------------------------- .text:0044FAB0 mov eax, ecx .text:0044FAB2 mov edx, [eax+0D8h] .text:0044FAB8 lea ecx, [eax+0D8h] //our buf + 0D8h .text:0044FABE mov eax, [eax+58h] .text:0044FAC1 sub esp, 8 .text:0044FAC4 cmp eax, edx .text:0044FAC6 jl short loc_44FAE4 .text:0044FAC8 test edx, edx .text:0044FACA lea eax, [esp+8+var_8] .text:0044FACD jz short loc_44FAD9 .text:0044FACF push 0 .text:0044FAD1 push eax .text:0044FAD2 call sub_42D970 .text:0044FAD7 jmp short loc_44FB01 .text:0044FAD9 ; --------------------------------------------------------------------------- .text:0044FAD9 .text:0044FAD9 loc_44FAD9: ; CODE XREF: sub_44FAB0+1Dj .text:0044FAD9 xor ecx, ecx .text:0044FADB mov [esp+8+var_8], ecx .text:0044FADE mov [esp+8+var_4], ecx .text:0044FAE2 jmp short loc_44FB01 .text:0044FAE4 ; --------------------------------------------------------------------------- .text:0044FAE4 .text:0044FAE4 loc_44FAE4: ; CODE XREF: sub_44FAB0+16j .text:0044FAE4 test edx, edx .text:0044FAE6 jz short loc_44FAF5 .text:0044FAE8 push eax .text:0044FAE9 lea edx, [esp+0Ch+var_8] .text:0044FAED push edx .text:0044FAEE call sub_42D970 //get the unit index .text:0044FAF3 jmp short loc_44FB01 -------------------------- .text:0042D970 mov eax, [esp+arg_4] .text:0042D974 mov edx, [ecx] .text:0042D976 sub esp, 8 .text:0042D979 cmp eax, edx .text:0042D97B jge short loc_42D997 .text:0042D97D mov edx, [ecx+eax*8+4] //from here - eax=0 .text:0042D981 lea ecx, [ecx+eax*8+4] .text:0042D985 mov eax, [esp+8+arg_0] .text:0042D989 mov [eax], edx //our index .text:0042D98B mov ecx, [ecx+4] .text:0042D98E mov [eax+4], ecx .text:0042D991 add esp, 8 .text:0042D994 retn 8 so unit index lies here: 0xB33E70+0xD8+4 we get unit stats address by this: .text:004A8B4D movzx edx, word ptr [eax+2] //eax points to our copied index .text:004A8B51 mov eax, dword_FEEE80 .text:004A8B56 imul edx, 1E8h .text:004A8B5C lea edi, [edx+eax] //here we have our pointer pointer+4 points to structure: DWORD current unit health DWORD max unit health DWORD current unit mana DWORD max unit mana If you will set health to -1 the unit will be invisible to enemy and will not be attacked (invalid target). Game resources are trained easily - they are at static adresses: 0xB27614 - human units limit 0xB27614 - 3rd race units limit 0xB2761C - fallen units limit 0xB27240 - Gold 0xB27244 - Wood 0xB2724C - Gems Enjoy! p.s. if you write your own trainer don't forget to use RegisterHotKey instead of GetAsyncKeyState. EOD //[UCF]
File information
Trainers are memory resident programs that alter the behaviour of a game.
Your anti-virus software and web browser may detect them as malware (viruses, worms, trojans, bots etc.).
This is almost always a false alarm.
File size: 170 KB
Mime type: application/x-rar; charset=binary compressed-encoding=application/zip; charset=binary
May 30, 2006 - 9:00pm