z Evil Genius 2 [DX12]

[dogandcar678]

Instant Research not work

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[dogandcar678]

cheat engine 7.4?

[alked]

can update for vulkan?

[FFlavius]

Really interested in this table. Anyone able to fix it?

[KDAAkali]

Only hope is either @HeathenGator or @Zanzer, as the rest of us are too pleb at CE editing

(Let us pray, that they can aid us in our search for an updated table)

[GRU]

i am no expert in making table but i can get some pointers and so far i only managed to get 2
intel and broadcast strength

(note: change the values in the table and buy or spend some intel or broadcast strength to see the effects
broadcast strength changes are not permanent and will change on restart of the game)

hope this helps in your world domination schemes

[Mumpy]

Me no read thread.
Me just leave this here.

evilgenius_vulkan.exe v1.13.0
.Set intel to 98 on change (This also effects Tech points and Submarines, Turrets. ups)
.No Heat generation (Fixed the one from OP's v1.8.0 table)

OK, Don't use this table. It is very likely that "Set intel to 98 on change" may fuck up some internal quest counter.
I've got my two playthroughs with main quest deadlock. I don't know if the game is still buggy as hell or it was my doing.
Be warned.

[dogandcar678]

i can't click Full Signal

[dogandcar678]

What do you mean? The table I provided works just fine. I'm not gonna fix Drain Gold, if it bothers you, you can simply use Player Pointer and just freeze your current gold at whatever value you want and be done with it. The rest of the options work.

Assuming you have the correct version of the game of course. This table and earlier version of it are for the legit Steam versions.

Ah, there's working versions of those options farther down. Thanks again for the new table.

[Mikzkael]

Instant Research Doesn't Work

[anonymouz]

sadly only half of the table is working, i hope you guys update this, when you can spare some time for us

[ShaRose]

Just going to replace this since as said above, the edit for unlimited turret types breaks... many things.

I do have some fixes though!

For Full Durability which was broken, I found the new offset (evilgenius_dx12.exe+5CD5CC: F3 0F 5D CE - minss xmm1,xmm6 which can easily update the full durability script in zanzer's code), but as a slight alteration my change just forces everything to max health whenever it's touched: For example, things like power generators instantly go to max health, but turrets (which don't lower in health normally) only update when something tries to damage them. If it's at 800/1000 health with a FOJ shoots it, it will instantly jump to 1000/1000.

And now it's an actual script.

Code: Select all

{ Game   : evilgenius_dx12.exe
  Version: 
  Date   : 2022-07-10
  Author : ShaRose

  This script revamps full durability to jump to max, not just stop decreasing.
}

define(address,"evilgenius_dx12.exe"+5CD5D3)
define(bytes,F3 0F 11 8B 58 01 00 00)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000,"evilgenius_dx12.exe"+5CD5D3)

label(code)
label(return)

newmem:

code:
  movss xmm1,[rbx+00000154]
  movss [rbx+00000158],xmm1
  jmp return

address:
  jmp newmem
  nop 3
return:

[DISABLE]

address:
  db bytes
  // movss [rbx+00000158],xmm1

dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: evilgenius_dx12.exe+5CD5D3

evilgenius_dx12.exe+5CD5AA: 80 BA B4 00 00 00 00     - cmp byte ptr [rdx+000000B4],00
evilgenius_dx12.exe+5CD5B1: 7D 0A                    - jnl evilgenius_dx12.exe+5CD5BD
evilgenius_dx12.exe+5CD5B3: F3 0F 10 05 29 8A 57 00  - movss xmm0,[evilgenius_dx12.exe+B45FE4]
evilgenius_dx12.exe+5CD5BB: EB 03                    - jmp evilgenius_dx12.exe+5CD5C0
evilgenius_dx12.exe+5CD5BD: 0F 57 C0                 - xorps xmm0,xmm0
evilgenius_dx12.exe+5CD5C0: 0F 28 CA                 - movaps xmm1,xmm2
evilgenius_dx12.exe+5CD5C3: F3 41 0F 58 C8           - addss xmm1,xmm8
evilgenius_dx12.exe+5CD5C8: F3 0F 5F C8              - maxss xmm1,xmm0
evilgenius_dx12.exe+5CD5CC: F3 0F 5D CE              - minss xmm1,xmm6
evilgenius_dx12.exe+5CD5D0: 0F 2E CA                 - ucomiss xmm1,xmm2
// ---------- INJECTING HERE ----------
evilgenius_dx12.exe+5CD5D3: F3 0F 11 8B 58 01 00 00  - movss [rbx+00000158],xmm1
// ---------- DONE INJECTING  ----------
evilgenius_dx12.exe+5CD5DB: 0F 84 02 02 00 00        - je evilgenius_dx12.exe+5CD7E3
evilgenius_dx12.exe+5CD5E1: 8B 83 38 01 00 00        - mov eax,[rbx+00000138]
evilgenius_dx12.exe+5CD5E7: 33 FF                    - xor edi,edi
evilgenius_dx12.exe+5CD5E9: 0F 2F F7                 - comiss xmm6,xmm7
evilgenius_dx12.exe+5CD5EC: 89 45 03                 - mov [rbp+03],eax
evilgenius_dx12.exe+5CD5EF: 48 8B 43 08              - mov rax,[rbx+08]
evilgenius_dx12.exe+5CD5F3: 48 C7 45 F7 01 00 00 00  - mov qword ptr [rbp-09],00000001
evilgenius_dx12.exe+5CD5FB: 89 7D FF                 - mov [rbp-01],edi
evilgenius_dx12.exe+5CD5FE: 48 63 48 04              - movsxd  rcx,dword ptr [rax+04]
evilgenius_dx12.exe+5CD602: 8B 44 19 18              - mov eax,[rcx+rbx+18]
}

Also, unlimited signal: With the caveat that the function I hook is right after what seems to be "update what signal strength / usage is", so for it to 'kick in' you'll need to turn a repeater or something off and on, or go upgrade a criminal network.

Oh, and the static pointer for signal is evilgenius_dx12.exe+1D6DE1C, but you can't seem to just freeze it since it will still fail the check for usage before CE can update it again.

Code: Select all

{ Game   : evilgenius_dx12.exe
  Version: 
  Date   : 2022-07-10
  Author : ShaRose

  This script forces any signal update to return 999
}

[ENABLE]

aobscanmodule(SIGNALJACK,evilgenius_dx12.exe,89 0D 12 FC 7B 01) // should be unique
alloc(newmem,$1000,SIGNALJACK)

label(code)
label(return)

newmem:

code:
  mov ecx,3E7
  mov [evilgenius_dx12.exe+1D6DE1C],ecx
  jmp return

SIGNALJACK:
  jmp newmem
  nop
return:
registersymbol(SIGNALJACK)

[DISABLE]

SIGNALJACK:
  db 89 0D 12 FC 7B 01

unregistersymbol(SIGNALJACK)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: evilgenius_dx12.exe+5AE204

evilgenius_dx12.exe+5AE1E1: B0 01              - mov al,01
evilgenius_dx12.exe+5AE1E3: E9 3B 0D 00 00     - jmp evilgenius_dx12.exe+5AEF23
evilgenius_dx12.exe+5AE1E8: 81 EF 4E 80 00 00  - sub edi,0000804E
evilgenius_dx12.exe+5AE1EE: 74 34              - je evilgenius_dx12.exe+5AE224
evilgenius_dx12.exe+5AE1F0: 83 FF 01           - cmp edi,01
evilgenius_dx12.exe+5AE1F3: 0F 85 28 0D 00 00  - jne evilgenius_dx12.exe+5AEF21
evilgenius_dx12.exe+5AE1F9: 49 8B 46 18        - mov rax,[r14+18]
evilgenius_dx12.exe+5AE1FD: 48 85 C0           - test rax,rax
evilgenius_dx12.exe+5AE200: 74 49              - je evilgenius_dx12.exe+5AE24B
evilgenius_dx12.exe+5AE202: 8B 08              - mov ecx,[rax]
// ---------- INJECTING HERE ----------
evilgenius_dx12.exe+5AE204: 89 0D 12 FC 7B 01  - mov [evilgenius_dx12.exe+1D6DE1C],ecx
// ---------- DONE INJECTING  ----------
evilgenius_dx12.exe+5AE20A: 8B 40 04           - mov eax,[rax+04]
evilgenius_dx12.exe+5AE20D: 2B C8              - sub ecx,eax
evilgenius_dx12.exe+5AE20F: 89 05 03 FC 7B 01  - mov [evilgenius_dx12.exe+1D6DE18],eax
evilgenius_dx12.exe+5AE215: 40 0F B6 C7        - movzx eax,dil
evilgenius_dx12.exe+5AE219: 89 0D F5 FB 7B 01  - mov [evilgenius_dx12.exe+1D6DE14],ecx
evilgenius_dx12.exe+5AE21F: E9 FF 0C 00 00     - jmp evilgenius_dx12.exe+5AEF23
evilgenius_dx12.exe+5AE224: 49 8B 7E 18        - mov rdi,[r14+18]
evilgenius_dx12.exe+5AE228: 48 85 FF           - test rdi,rdi
evilgenius_dx12.exe+5AE22B: 74 1E              - je evilgenius_dx12.exe+5AE24B
evilgenius_dx12.exe+5AE22D: 8B 17              - mov edx,[rdi]
}

Oh, and here's a proper scripted version of infinite turret ammo.

Code: Select all

{ Game   : evilgenius_dx12.exe
  Version:
  Date   : 2022-07-10
  Author : ShaRose

  This script makes it so turrets don't use ammo (They can still reload)
}


[ENABLE]
evilgenius_dx12.exe+61D55F:
db 90 90 90

[DISABLE]
evilgenius_dx12.exe+61D55F:
db 41 2B C1

{
// ORIGINAL CODE: evilgenius_dx12.exe+61D55F

evilgenius_dx12.exe+61D53D: EB 03                 - jmp evilgenius_dx12.exe+61D542
evilgenius_dx12.exe+61D53F: 44 8B CB              - mov r9d,ebx
evilgenius_dx12.exe+61D542: 41 8B 90 A4 01 00 00  - mov edx,[r8+000001A4]
evilgenius_dx12.exe+61D549: 03 D1                 - add edx,ecx
evilgenius_dx12.exe+61D54B: 41 3B D1              - cmp edx,r9d
evilgenius_dx12.exe+61D54E: 41 0F 43 D1           - cmovae edx,r9d
evilgenius_dx12.exe+61D552: EB 14                 - jmp evilgenius_dx12.exe+61D568
evilgenius_dx12.exe+61D554: 41 8B 88 A4 01 00 00  - mov ecx,[r8+000001A4]
evilgenius_dx12.exe+61D55B: 8B D3                 - mov edx,ebx
evilgenius_dx12.exe+61D55D: 8B C1                 - mov eax,ecx
// ---------- NOP HERE ----------
evilgenius_dx12.exe+61D55F: 41 2B C1              - sub eax,r9d
// ---------- DONE NOPPING  ----------
evilgenius_dx12.exe+61D562: 41 3B C9              - cmp ecx,r9d
evilgenius_dx12.exe+61D565: 0F 47 D0              - cmova edx,eax
evilgenius_dx12.exe+61D568: 41 89 90 A4 01 00 00  - mov [r8+000001A4],edx
evilgenius_dx12.exe+61D56F: 83 BF 98 02 00 00 00  - cmp dword ptr [rdi+00000298],00
evilgenius_dx12.exe+61D576: 0F 86 64 01 00 00     - jbe evilgenius_dx12.exe+61D6E0
evilgenius_dx12.exe+61D57C: 48 8B 17              - mov rdx,[rdi]
evilgenius_dx12.exe+61D57F: 83 BA A4 01 00 00 00  - cmp dword ptr [rdx+000001A4],00
evilgenius_dx12.exe+61D586: 0F 85 54 01 00 00     - jne evilgenius_dx12.exe+61D6E0
evilgenius_dx12.exe+61D58C: 8B 87 18 01 00 00     - mov eax,[rdi+00000118]
evilgenius_dx12.exe+61D592: 48 89 6C 24 40        - mov [rsp+40],rbp
}

I spent like... two hours trying to find a way to find the turret offsets specifically, but I don't know if I broke something but ALL my pointer scans just returned nothing, or the base address. And I couldn't find any hints as to finding a way to find them other ways either: I know the item structures are 56 bytes long, with a +18 offset for the number: But the only hint I has is "the first 8 bytes seem to be pointers" as everything else seems to be zero.

Ah, and I found by turning my cheat on (setting all to 255), placing one of every placable item (including subs), turning the cheat off, and reversing all placements, so only placeable items had 256 items. Then I watched what addresses evilgenius_dx12.exe+6FCC8D touched, exported it to a table, and did a bit of math with excel of all things.

Barring one jump where it jumped 'blocks', every single entry was 56 bytes apart. Turrets aren't evenly distributed in there, but they DO seem to correspond inside of the 'blocks' of memory.

Fun table I made over two separate launches of the game (Intel and Tech should also be in here, but I didn't actually give those a specific value when I was messing around previously which is how I tracked everything down, so oh well). Also, TIL FLR doesn't support tables in BBcode, so I had to waste time making this look readable in case someone wants it, which is unlikely. Yay for wasting time.

Code: Select all

╔═══════════╦════════════════╦═══════════════╦════════════╗
║ New Value ║ Original Value ║ Description   ║ Difference ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ EF9BAB08  ║ F8E984C8       ║ Heavy Bubbler ║ -156096960 ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ EF9BAEF8  ║ F8E988B8       ║ Heavy Chiller ║ -156096960 ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ EF9BAD70  ║ F8E98730       ║ Heavy Laser   ║ -156096960 ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ EF9BBB70  ║ F8E99530       ║ Heavy MG      ║ -156096960 ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ EF9B9988  ║ F8E97348       ║ Heavy Raygun  ║ -156096960 ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ EF9BB550  ║ F8E98F10       ║ Heavy Roaster ║ -156096960 ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ EF9BA5C8  ║ F8E97F88       ║ Heavy Rocket  ║ -156096960 ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ EF9BBF28  ║ F8E998E8       ║ Light Raygun  ║ -156096960 ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ EF9BB588  ║ F8E98F48       ║ Science Sub   ║ -156096960 ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ EF9BA948  ║ F8E98308       ║ Worker Sub    ║ -156096960 ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ 105AE2FB8 ║ F8E948C8       ║ Deception Sub ║ 214230768  ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ 105AE3098 ║ F8E949A8       ║ Light Bubbler ║ 214230768  ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ 105AE3488 ║ F8E94D98       ║ Light Chiller ║ 214230768  ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ 105AE3300 ║ F8E94C10       ║ Light Laser   ║ 214230768  ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ 105AE31E8 ║ F8E94AF8       ║ Light MG      ║ 214230768  ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ 105AE2F80 ║ F8E94890       ║ Light Roaster ║ 214230768  ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ 105AE2AB0 ║ F8E943C0       ║ Light Rocket  ║ 214230768  ║
╠═══════════╬════════════════╬═══════════════╬════════════╣
║ 105AE17E0 ║ F8E930F0       ║ Muscle Sub    ║ 214230768  ║
╚═══════════╩════════════════╩═══════════════╩════════════╝

[Csimbi]

Here are a few scripts from me.
Intended for 1.13.0 Vulkan.
These are AOB scripts, so they might work on different builds.
An updated version of this script can be found here.

- Unit Selection Grabber; exposes stats of the last a friendly unit clicked
- Enemy Unit Selection Grabber; exposes stats of the last enemy unit clicked
- Training; allows you to mod the training speed
- Smarts Drain; allows you to mod the speed at which minions lose Smarts, Vitality and Morale!
- Research Time; allows you to mod the research speed
- Durability; allows you to mod the durability loss (use) and gain rate (repair)
- Intel; allows you have a min. amount of Intel an Tech. Triggers on update (so, earn or spend to get the min. value).
- Engineering Time; allows you to mod the production speed
- Turret Ammo; allows your turrets to have infinite ammo (tried laser and freeze only, might work with others).

The game is nice, but ultimately has zero replay value, so, I don't expect any updates.

Enjoy!

[KDAAkali]

Anyone able to fix the instant research on the original Zanzer table for the current final version of the game? (Pls and thanks in advance!)

[CptSharkFin]

I'm hoping someone does. Basically half the entire table originally posted has been broken and unusable.