Legend

This page and the pages linkied here contain the full list of important memory addresses that you will want to edit to modify the game.
For an instruction on how to use HxD, please visit this page.

1. All the hexadecimal values, shown on this page, will have prefix $ for clarity.
2. All the hexadecimal values, which are addresses in HxD, will have prefix @. To get an address in Cheat Engine, add $400000 to it.
3. Names of the registers, instructions and such will be written in ALL CAPS.
4. Since that OG Plants vs Zombies release is a 32-bit executable, the maximum capacity of the registers will be 32-bit.
5. The pages are divided into the following topics:

1. General
2. Seed packets
3. Levels
4. Plants
5. Zombies

To navigate trough the pages, refer to the color coding of each topic.

AND ALSO: BEFORE MAKING ANY CHANGES TO THE GAME, HIGHLY CONSIDER MAKING A BACKUP. EVEN BETTER, MAKE A BACKUP BEFORE EVERY CHANGE YOU MAKE.

General

File structure (+ text strings)

@000000 - DOS header
@0001F0 - Section header
@000290 - Empty space No.1
@001000 - Start of the .text section
@25108C - Empty space No.2
@252000 - Start of the .rdata section
@252C08 - Random text
@252E78 - Random text, fonts
@2531AA - Empty space No.3
@2538D9 - Text from DLLs, fonts
@254B6C - Text from DLLs
@255410 - Text from PVZ definitions and resources
@256924 - Text from PVZ definitions and resources
@258C0C - Gibberish
@265790 - Text from PVZ definitions and resources (reanim)
@26DEC4 - Text from PVZ definitions and resources
@271840 - Probably some stuff from the Sexy Framework
@2747C0 - Pop Cap text
@275490 - Text from bass.dll
@27C420 - Gibberish
@2979D2 - Text from DLLs
@29D140 - Controls text
@2A34F0 - Empty space No.4 (possibly start of .data)
@2DE537 - End of the file

Note: locations of sections are based on assumptions from the section header.
Note: editing any of the DLL, resource or macro texts will likely result in a crash.

Gameplay strings

Note: you cannot make string longer, you can only truncate it. To truncate it, write $00 in place of it's last character.

User related
@2674E0 - "Plants vs. Zombies"
@2675A8 - "Please enter your name to create a new user profile for storing high score data and game progress"
@26760C - "Enter Your Name"
@26880C - "Please enter your name:"
@267620 - "The name you entered is already being used. Please enter a unique player name"
@267680 - "This will permanently remove '%s' from the player roster!"
@2676BB - "Are You Sure?"
@267AC8 - "click to continue"
@267544 - "Leave Game?"
@267529 - "Your game will be saved"
@267670 - "Name Conflict"
@26E4D4 - "(Create a New User)"
@26E4C4 - "Rename"
@26E4CC - "Delete"

Menu related
@267500 - "Do you want to return to the main menu?"
@267578 - "Resume Game"
@267584 - "Click to resume game"
@26759C - "GAME PAUSED"
@2686A8 - "RESTART"
@268824 - "RENAME USER"
@268830 - "NEW USER"
@26E4B4 - "WHO ARE YOU?"
@267EA4 - "Yes"
@267EA8 - "No"
@267EAC - "Ok"
@267EB0 - "Cancel"

Options related
@268344 - "Options"
@268378 - "Music"
@268380 - "Sound FX"
@26838C - "3D Acceleration"
@26839C - "Fullscreen"
@2676CC - "Sexy Cache"
@2676D8 - "Start SexyCache now?"

Shop related
@26D9A0 - "You can't afford this item yet."
@26D9C0 - "Earn more coins by killing zombies!"
@26D9E4 - "Not enough money"
@26D9F8 - "Are you sure you want to buy this item?"
@26DA20 - "Buy this item?"
@26DA30 - "Now you can choose to take %d seeds with you per level!"
@26DA68 - "More slots!"

Browser related
@26782A - "For your convenience, this URL has already been copied to your clipboard"
@267874 - "Please open the following URL in your browser"
@2678A4 - "Open Browser"
@2678B4 - "Opening Browser"

Hardware related
@2683A8 - "Windowed mode is only available if your desktop was running in either 16 bit or 32 bit color mode when you started the game"
@268426 - "If you'd like to run in Windowed mode then you need to quit the game and switch your desktop to 16 or 32 bit color mode"
@2684A0 - "No Windowed Mode"
@2684B8 - "Hardware Acceleration cannot be enabled on this computer"
@2684F3 - "Your video card does not meet the minimum requirements for this game"
@26853B - "Not Supported"
@268550 - "Your video card may not fully support this feature"
@268585 - "If you experience slower performance, please disable Hardware Acceleration"
@2685D4 - "Warning"
@27069C - "Hardware Acceleration Confirmation"
@2706E0 - "Hardware Acceleration was switched on during this session"
@27071C - "If this resulted in slower performance, it should be switched off"
@270760 - "Would you like to keep Hardware Acceleration switched on?"
@2707B8 - "Hardware Acceleration may not have been working correctly during this session"
@270808 - "If you noticed graphics problems, you may want to turn off Hardware Acceleration"
@27085B - "Would you like to keep Hardware Acceleration switched on?"

Characters
$00 - Blank
$0A - User input
$10 - New line
$20 - Space
$2564 - %d (number variable)
$2573 - %s (string variable)

Wisdom Tree cheat codes

@26772C - mustache
@267738 - moustache
@267744 - trickedout
@267750 - tricked out
@26775C - future
@267738 - pinata
@26776C - dance
@267774 - daisies
@26777C - sukhbir

Misc.

@2DCD48 - XML information
@2DCA82 - Meta information
@2D8F40 - Possible icon bitmap location No.1
@29C600 - Possible icon bitmap location No.2
@2D46DA - Possible icon bitmap location No.3

Functions

The following are ingame funcions that can be called when injecting a script in Cheat Engine.
The values are pushed through the stack, and the return value is stored in EAX register.

PutZombie
PUSH row
PUSH zombieType
MOV EAX, [$2A9EC0]
MOV EAX, [EAX + $557C]
CALL @DDC0
RETURNS:
EAX = ZombieObject

PutProjectile
PUSH type
PUSH projType
PUSH y
PUSH x
MOV EAX, [$2A9EC0]
MOV EAX, [EAX + $768]
CALL @D620
RETURNS:
EAX = ProjectileObject

PutPItem
PUSH animation
PUSH itemType
PUSH y
PUSH x
MOV ECX, [$2A9EC0]
MOV ECX, [ECX + $768]
CALL @CB10
RETURNS:
EAX = ItemObject

PutGrave
MOV EAX, [$2A9EC0]
MOV EAX, [EAX + $768]
MOV EAX, [EAX + $160]
MOV EBX, row
MOV EDI, column
CALL @26620


PutPlant
PUSH isImitated
PUSH plantType
MOV EAX, row
MOV EDX, [$2A9EC0]
MOV EDX, [EDX + $768]
PUSH EDX
PUSH column
CALL @D120
RETURNS:
EAX = PlantObject

Values
$(0...4) row - Lawn Y position.
$(0...9) column - Lawn X position.

$(0...18) itemType - silver coin, golden coin, diamond, suns, trophy, level awards, seed pocket, etc.
$(0...20) zombieType - from basic one to giga gargantua
$(0...4B) plantType - from peashooter to cob cannon + special seed packets
BOOL isImitated - equals 1 if plant is imitated by an imitater

Script injection

Tutorial is located in here.

Script injection is, usually, replacing an instrcution with a jump to an empty space (code cave) in the executable, where your own instructions are executed before jumping back.
However, based on my own testing, doing this in HxD will likely result in a segmentation fault and crash of the program. This probably (correct me if I am wrong) happens because during execution the empty memory segment isn't actually allocated to the process so jumping here is a big no-no rom your OS.

To avoid this, you better only perform script injection with Cheat Engine, then write the script to the game with Olly DBG.
If you can only use HxD, the tutorial I linked above provides a method for correctly injecting scripts here by using CFF Explorer, even though it can still result in a crash