I proudly present my "Plants vs Zombies + 2" game trainer. The trainer is capable of breaking the DMA of "Plants vs Zombies" and injecting its own code. I could locate only one static address to patch the money, but I could also detect the specific writing pointer for the amount of sunpower. So I isolated this one and injected my own assembly code into a codecave. And here it is, my PvZ +2 trainer, featuring the following two (what an astonishing amount - lol) hacks:

- Infinite Amount of Sunpower
- Infinite Cash

Download:  Plants vs Zombies +2 Trainer Win32
Download:  Plants vs Zombies +2 Trainer Winx64

Hopefully, there is more to come in further versions of the trainer. Till now, I haven't spent that much time in searching through the memory of the game. If you are interested in seeing the opcodes and the assembled code to inject, feel free to read on:

To hack the amount of sunpower, I detected the following static pointer:

496595: mov eax,[edi+0x5578] 

Injecting the following code into the memory of the Plants vs Zombies process (popcapgame1.exe), I could break the DMA and control the amount of suns:

offset 0x00010ABF
mov dword ptr [edi+0x5578],0x26F7
mov eax,[edi+0x5578]
jmp 0x49659b
offset 0x496595
jmp 0x00010ABF
nop

The assembled code to write into the memory of the process in hex looks the following:

0x00010ABF : 0xC78778550000F72600008B (Note: 11 Bytes)
0x00010ACA: 0x8778550000E9C75A4800 (Note: 10 Bytes)
0x00496595: 0xE925A5B7FF90 (Note: 6 Bytes) 

To switch back to the normal state, I used the following code:

offset 0x496595
mov eax,[edi+0x5578]

Again, in hex, it looks like this:

0x00496595: 0x8B8778550000 (Note: 6 Bytes) 

Searching for the address containing the money, I detected the following static address:

0x650608C

The only thing to do was to patch the value contained by this address, e.g. to 99999. That's it. Thanks.

Annotation: The trainer was created for the Steam-Version of Plants vs. Zombies. I don't know if it works for the non-Steam version as well. Just figure it out yourself. 

YAEC is an abbreviation and stands for "Yet Another Evil Clickbot". Nevermind the word "Evil", it does not suggest anything except for the fact, that you can do some pretty "mean" things with YAEC.

What actually is YAEC? 

YAEC is a clickbot. This means it is an application that will fetch your mouse cursor (just as if it was magic!), move it to a specified position on your screen and will simulate mouse clicks, just as if you clicked by yourself, but YAEC does that automatically. In YAEC, you cannot only specifiy the position you want the cursor to move to and perform the clicks, but also the delay between each simulated click, the duration of time you want the clickbot to run and also the delay before it starts moving to the specified position and before it starts clicking.

YAEC is very self-explanatory. For instance, you can just press the "Sample"-button and some sample data will be inserted for you. Using the "How To"-button, YAEC will tell you a hint how to analyze the x and y position on your screen where you want the clickbot to perform clicks. 

When is it useful? 

Just too mention a very light example: Imagine you want to play a JavaScript based Game in your browser where you have to prove how many clicks you can do within a certain period of time. Then you could just let YAEC do the work for you. It will click automatically, and if you specified the value of 0 for the delay between each click, YAEC will click extremely fast.

Download 

YAEC 0.2 Win32

YAEC 0.2 Win64