1337094244
"Phasmophobia"
68ABDD
Auto Assembler Script
{$lua}
if syntaxcheck then return end
[ENABLE]
updater=decodeFunction('c-nnb,in_07?iGN,qL2pskxzuYT7y_#;7?aNP/)VK6@tNC5]PS*U.@q8GAR]-En7TV[OxHeG;^=as{61?EDGeTq*u*?(Y[TncYnwh;DTy_9qPH^^8T:i*-M6pJLHFQ5b:d$lxjX:PdSf8qgGT#{}t8[2-F_Tn;:Y2vkQCFrEO#1Ffa;cPDeBQ.-LL/jz2Ttbq$K)taHQfYk3Uh;fO]JP2t85Fd^}IA55[k7qz!Rk,9j?E[aRH5)^@3svt.=sv[jkqJ1Rf,9Gd6u/LnuJk(POW)i4[lGGcgV4AP(cWE^(%yLZpXMsBed?*HDnL66fr=fIr{-+Sb!Vods=vo$UYi0Pgz_dO-(mgspXoE6^$nr#aW)sUzx=c-KOe![E_pu3q{-trhLzCRe=0%SA!Scw)rJ$Ssjevvx8){T,e_q,GSy}wx?*n%(4fr74T_Mb9k)nh)l$1o@qzr+(3XoFnHc$o@i#?)$)*oNNO*5,$F+CO!.p/-,kkL@B.mYGZN]V3wizei5Nc6L.Vsoqo*Aujcx)y?KT]6J?3-(!6@11$,T83)l@jNjoDx$C7]xs9jJQ35C0(NM,g!CuuP1/WTcXOD,tVo}lxrHCy[Ru4vu9B)C^n^CX).MvBEe7yI_K!dDx*b7b7f#:4uzp2vlzeq[7a;_U97,x@/j@}[fKTrl]Jm:wN*,-!!@I@^M,BOAmUZra]CsZsM$ec:tw,h8=:4wwc#L6rOO;e9TJPiqRq17[4C}0gDP2}rX#fCI(E*]#ry3gXF2U:Sz}q0SUh-ke6X..?p5.(pVgWE:*piwHU;=ZEF^+BN+Ph2r1qfsJiBMDOS)G9kp05.5-paPRezD),t{UH2}8Xxz1,65##,[h*XTl$#.2x!xMmoQFYhH2ymQ/rCbB$@4;#=VPnyRo$tQ:e,-C*e+D@#tiSHap^Mlf$dDzHwYYn,j!+0I3k]!C[7C--?NmkaauS^pj;26lb]f7PS@(,8nN:KdhiK[t?6W+^0S+)pMBvBRxZ)BEQ$}[{OGUdbiMA??wIneAnzJpS9uC7L2Iuj{,XTu.=VNn4wl}+n(*bqxcpt0!HeV0t{[l3]_K73fTO!YE53I,?+grbJuBT[FnWG+5maU^YDNo44oO$q001!;%,B?/h$3m57J/tjiRj2zkz?D)kwzGE;:Q},^VAKtQMkvScctF]g*e#36/Zo]-]sAZK0wCzedzkjv4!PfrIs(eXMTcj:3tB]4OS=yozn/}}{RNxcp2l+e19kt;W#%)xTQ}F=lWq7k/TGYWd*xf+XUjvQCAO')
updater()
[DISABLE]
521
"Enable Version: 0.7.1.1"
8080FF
Auto Assembler Script
{$lua}
if syntaxcheck then return end
[ENABLE]
if monopipe ~= nil then
monopipe.destroy()
monopipe=nil
return
end
if getProcessIDFromProcessName("Phasmophobia.exe") then mono_initialize() LaunchMonoDataCollector()
else messageDialog( "Open The Game, attach to it and try again", mtError, mbOK) return 'nop'
end
local CEVersion = 7.4
if CEVersion > getCEVersion() then
if messageDialog( "This table was made with Cheat Engine " .. CEVersion .. "\r\nYou are running Cheat Engine " .. getCEVersion() .. " \r\n\rSome cheats may not work correctly.\rDownload The Latest version?", mtConfirmation, mbYes, mbNo ) == mrYes then ShellExecute("https://cheatengine.org/downloads.php")
end
end
[DISABLE]
70063
"Scripts to Activate Before Starting Maps (will see info after joining a map)"
FF8000
1
44030
"Mission Info"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Zephirot
Mono : Assembly-CSharp.dll -> MissionManager:Start()
}
define(address,"MissionManager.Start")
define(bytes,40 53 48 83 EC 20)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,"MissionManager.Start")
label(code)
label(return)
label(_mission)
registersymbol(_mission)
newmem:
code:
push rbx
sub rsp,20
mov [_mission],rcx
jmp return
_mission:
dq 0
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,20
dealloc(newmem)
unregistersymbol(_mission)
{
// ORIGINAL CODE - INJECTION POINT: MissionManager.Start
GameAssembly.dll+10A3726: CC - int 3
GameAssembly.dll+10A3727: CC - int 3
GameAssembly.dll+10A3728: CC - int 3
GameAssembly.dll+10A3729: CC - int 3
GameAssembly.dll+10A372A: CC - int 3
GameAssembly.dll+10A372B: CC - int 3
GameAssembly.dll+10A372C: CC - int 3
GameAssembly.dll+10A372D: CC - int 3
GameAssembly.dll+10A372E: CC - int 3
GameAssembly.dll+10A372F: CC - int 3
// ---------- INJECTING HERE ----------
MissionManager.Start: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+10A3732: 48 83 EC 20 - sub rsp,20
GameAssembly.dll+10A3736: 80 3D 2F 1D 9D 01 00 - cmp byte ptr [GameAssembly.dll+2A7546C],00
GameAssembly.dll+10A373D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+10A3740: 75 12 - jne GameAssembly.dll+10A3754
GameAssembly.dll+10A3742: 8B 0D 44 E4 24 01 - mov ecx,[GameAssembly.dll+22F1B8C]
GameAssembly.dll+10A3748: E8 13 0E 03 FF - call GameAssembly.dll+D4560
GameAssembly.dll+10A374D: C6 05 18 1D 9D 01 01 - mov byte ptr [GameAssembly.dll+2A7546C],01
GameAssembly.dll+10A3754: 33 C9 - xor ecx,ecx
GameAssembly.dll+10A3756: E8 E5 AD 61 FF - call UnityEngine.Application.get_isEditor
GameAssembly.dll+10A375B: 48 8B CB - mov rcx,rbx
}
1337094243
"Mission Summary"
0
B7B700
String
400
1
0
1
_mission
14
E0
48
44032
"Mission 1"
0
B7B700
String
100
1
0
1
_mission
14
E0
28
44033
"Completed?"
0:NO
1:YES
0
FFFF00
Byte
_mission
24
20
10
50
44034
"Mission 2"
0
B7B700
String
100
1
0
1
_mission
14
E0
30
44035
"Completed?"
0:NO
1:YES
0
FFFF00
Byte
_mission
24
28
10
50
44036
"Mission 3"
0
B7B700
String
100
1
0
1
_mission
14
E0
38
44037
"Completed?"
0:NO
1:YES
0
FFFF00
Byte
_mission
24
30
10
50
44038
"Mission 4"
0
B7B700
String
100
1
0
1
_mission
14
E0
40
44039
"Completed?"
0:NO
1:YES
0
FFFF00
Byte
_mission
24
38
10
50
44326
"Player & Ghost's Current Room (real-time)"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Zephirot
Mono : Assembly-CSharp.dll -> LevelController:SyncCurrentGhostRoom()
}
[ENABLE]
aobscanregion(GhostRoom,LevelController.SyncCurrentGhostRoom,LevelController.SyncCurrentGhostRoom+200, 48 8B 5C 24 40 48 8B 7C 24 48) // should be unique
alloc(newmem,$100,GhostRoom)
label(code)
label(return)
label(_GCR)
registersymbol(_GCR)
newmem:
code:
mov [_GCR],rbp
mov rbx,[rsp+40]
jmp return
_GCR:
dq 0
GhostRoom:
jmp newmem
return:
registersymbol(GhostRoom)
[DISABLE]
GhostRoom:
db 48 8B 5C 24 40
unregistersymbol(GhostRoom)
unregistersymbol(_GCR)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+11E222B
GameAssembly.dll+11E2204: 33 C9 - xor ecx,ecx
GameAssembly.dll+11E2206: E8 35 F8 41 FF - call Photon.Pun.PhotonNetwork.get_PlayerListOthers
GameAssembly.dll+11E220B: 48 85 C0 - test rax,rax
GameAssembly.dll+11E220E: 0F 84 44 01 00 00 - je GameAssembly.dll+11E2358
GameAssembly.dll+11E2214: 48 83 78 18 00 - cmp qword ptr [rax+18],00
GameAssembly.dll+11E2219: 75 25 - jne GameAssembly.dll+11E2240
GameAssembly.dll+11E221B: 48 8B D6 - mov rdx,rsi
GameAssembly.dll+11E221E: 48 89 75 28 - mov [rbp+28],rsi
GameAssembly.dll+11E2222: 48 8D 4D 28 - lea rcx,[rbp+28]
GameAssembly.dll+11E2226: E8 45 28 F1 FE - call GameAssembly.dll+F4A70
// ---------- INJECTING HERE ----------
GameAssembly.dll+11E222B: 48 8B 5C 24 40 - mov rbx,[rsp+40]
// ---------- DONE INJECTING ----------
GameAssembly.dll+11E2230: 48 8B 7C 24 48 - mov rdi,[rsp+48]
GameAssembly.dll+11E2235: 48 8B 6C 24 50 - mov rbp,[rsp+50]
GameAssembly.dll+11E223A: 48 83 C4 30 - add rsp,30
GameAssembly.dll+11E223E: 5E - pop rsi
GameAssembly.dll+11E223F: C3 - ret
GameAssembly.dll+11E2240: 48 8B 45 40 - mov rax,[rbp+40]
GameAssembly.dll+11E2244: 33 DB - xor ebx,ebx
GameAssembly.dll+11E2246: 33 D2 - xor edx,edx
GameAssembly.dll+11E2248: 48 85 C0 - test rax,rax
GameAssembly.dll+11E224B: 0F 84 07 01 00 00 - je GameAssembly.dll+11E2358
}
70042
"Ghost Current Room"
0
FFFF00
String
128
1
0
1
_GCR
14
58
28
44335
"Your Current Room"
0
FFFF00
String
128
1
0
1
_GCR
14
58
20
45400
"Force Ghost Type (Host)"
0080FF
Auto Assembler Script
//define(ghosttypeforce,GhostController.੪੫ੴ੭੪੨ੳ੩੭੯ੰ+3D8)
//define(bytes,44 89 47 24 44 89 47 20)
[ENABLE]
aobscanmodule(ghosttypeforce,GameAssembly.dll,44 89 ? ? 44 89 ? ? E8 ? ? ? ? 45 33 ? BA)
alloc(newmem,64,ghosttypeforce)
alloc(GType,8)
registersymbol(ghosttypeforce GType)
label(return)
newmem:
mov r8d,[GType]
mov [rdi+24],r8d
mov [rdi+20],r8d
jmp return
GType:
dq 0
ghosttypeforce:
jmp newmem
db 90 90 90
return:
[DISABLE]
ghosttypeforce:
db 44 89 47 24 44 89 47 20
dealloc(*)
unregistersymbol(*)
{ old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+27B6F5B
GameAssembly.dll+2B44377: E8 24 33 5C FD - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+2B4437C: 33 D2 - xor edx,edx
GameAssembly.dll+2B4437E: 48 8B CB - mov rcx,rbx
GameAssembly.dll+2B44381: E8 9A A9 C7 FD - call System.Enum.GetNames
GameAssembly.dll+2B44386: 48 85 C0 - test rax,rax
GameAssembly.dll+2B44389: 0F 84 D8 04 00 00 - je GameAssembly.dll+2B44867
GameAssembly.dll+2B4438F: 8B 50 18 - mov edx,[rax+18]
GameAssembly.dll+2B44392: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2B44395: 33 C9 - xor ecx,ecx
GameAssembly.dll+2B44397: E8 A4 DB CF FD - call UnityEngine.Random.Range
// ---------- INJECTING HERE ----------
GameAssembly.dll+2B4439C: 89 47 24 - mov [rdi+24],eax
// ---------- DONE INJECTING ----------
GameAssembly.dll+2B4439F: 33 D2 - xor edx,edx
GameAssembly.dll+2B443A1: 48 8B CF - mov rcx,rdi
GameAssembly.dll+2B443A4: 89 47 20 - mov [rdi+20],eax
GameAssembly.dll+2B443A7: E8 64 06 00 00 - call GhostController.੦੩੫੩੪੮੦ੱ੦ੱ
GameAssembly.dll+2B443AC: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2B443AF: BA E8 03 00 00 - mov edx,000003E8
GameAssembly.dll+2B443B4: 41 8D 48 32 - lea ecx,[r8+32]
GameAssembly.dll+2B443B8: E8 83 DB CF FD - call UnityEngine.Random.Range
GameAssembly.dll+2B443BD: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2B443C0: 89 47 4C - mov [rdi+4C],eax
}
{ old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+2A5883B
GameAssembly.dll+2A58812: 48 8B CB - mov rcx,rbx
GameAssembly.dll+2A58815: E8 C6 30 43 FE - call GameAssembly.dll+E8B8E0
GameAssembly.dll+2A5881A: 4C 8B 05 E7 BF E9 00 - mov r8,[GameAssembly.dll+38F4808]
GameAssembly.dll+2A58821: BA 17 00 00 00 - mov edx,00000017
GameAssembly.dll+2A58826: 48 8B CB - mov rcx,rbx
GameAssembly.dll+2A58829: E8 B2 30 43 FE - call GameAssembly.dll+E8B8E0
GameAssembly.dll+2A5882E: 8B 53 18 - mov edx,[rbx+18]
GameAssembly.dll+2A58831: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2A58834: 33 C9 - xor ecx,ecx
GameAssembly.dll+2A58836: E8 05 95 D6 FD - call UnityEngine.Random.Range
// ---------- INJECTING HERE ----------
GameAssembly.dll+2A5883B: 48 63 F0 - movsxd rsi,eax
// ---------- DONE INJECTING ----------
GameAssembly.dll+2A5883E: 3B 73 18 - cmp esi,[rbx+18]
GameAssembly.dll+2A58841: 72 07 - jb GameAssembly.dll+2A5884A
GameAssembly.dll+2A58843: 33 C9 - xor ecx,ecx
GameAssembly.dll+2A58845: E8 76 32 E6 FD - call System.ThrowHelper.ThrowArgumentOutOfRangeException
GameAssembly.dll+2A5884A: 48 8B 43 10 - mov rax,[rbx+10]
GameAssembly.dll+2A5884E: 33 D2 - xor edx,edx
GameAssembly.dll+2A58850: 48 8B CF - mov rcx,rdi
GameAssembly.dll+2A58853: 44 8B 44 B0 20 - mov r8d,[rax+rsi*4+20]
GameAssembly.dll+2A58858: 44 89 47 24 - mov [rdi+24],r8d
GameAssembly.dll+2A5885C: 44 89 47 20 - mov [rdi+20],r8d
}
{ old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+2C7769B
GameAssembly.dll+2C7763E: 4C 8B 05 03 6E D6 00 - mov r8,[GameAssembly.dll+39DE448]
GameAssembly.dll+2C77645: BA 16 00 00 00 - mov edx,00000016
GameAssembly.dll+2C7764A: 48 8B CB - mov rcx,rbx
GameAssembly.dll+2C7764D: E8 2E 3B 21 FE - call GameAssembly.dll+E8B180
GameAssembly.dll+2C77652: 4C 8B 05 EF 6D D6 00 - mov r8,[GameAssembly.dll+39DE448]
GameAssembly.dll+2C77659: BA 16 00 00 00 - mov edx,00000016
GameAssembly.dll+2C7765E: 48 8B CB - mov rcx,rbx
GameAssembly.dll+2C77661: E8 1A 3B 21 FE - call GameAssembly.dll+E8B180
GameAssembly.dll+2C77666: 4C 8B 05 DB 6D D6 00 - mov r8,[GameAssembly.dll+39DE448]
GameAssembly.dll+2C7766D: BA 17 00 00 00 - mov edx,00000017
GameAssembly.dll+2C77672: 48 8B CB - mov rcx,rbx
GameAssembly.dll+2C77675: E8 06 3B 21 FE - call GameAssembly.dll+E8B180
GameAssembly.dll+2C7767A: 4C 8B 05 C7 6D D6 00 - mov r8,[GameAssembly.dll+39DE448]
GameAssembly.dll+2C77681: BA 17 00 00 00 - mov edx,00000017
GameAssembly.dll+2C77686: 48 8B CB - mov rcx,rbx
GameAssembly.dll+2C77689: E8 F2 3A 21 FE - call GameAssembly.dll+E8B180
GameAssembly.dll+2C7768E: 8B 53 18 - mov edx,[rbx+18]
GameAssembly.dll+2C77691: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2C77694: 33 C9 - xor ecx,ecx
GameAssembly.dll+2C77696: E8 A5 96 B4 FD - call UnityEngine.Random.Range
// ---------- INJECTING HERE ----------
GameAssembly.dll+2C7769B: 48 63 F0 - movsxd rsi,eax
// ---------- DONE INJECTING ----------
GameAssembly.dll+2C7769E: 3B 73 18 - cmp esi,[rbx+18]
GameAssembly.dll+2C776A1: 72 07 - jb GameAssembly.dll+2C776AA
GameAssembly.dll+2C776A3: 33 C9 - xor ecx,ecx
GameAssembly.dll+2C776A5: E8 16 34 C4 FD - call System.ThrowHelper.ThrowArgumentOutOfRangeException
GameAssembly.dll+2C776AA: 48 8B 43 10 - mov rax,[rbx+10]
GameAssembly.dll+2C776AE: 33 D2 - xor edx,edx
GameAssembly.dll+2C776B0: 48 8B CF - mov rcx,rdi
GameAssembly.dll+2C776B3: 44 8B 44 B0 20 - mov r8d,[rax+rsi*4+20]
GameAssembly.dll+2C776B8: 44 89 47 24 - mov [rdi+24],r8d
GameAssembly.dll+2C776BC: 44 89 47 20 - mov [rdi+20],r8d
GameAssembly.dll+2C776C0: E8 0B 14 00 00 - call GhostController.੪੬੩ੱ੯ੱ੧੭੭੫੮
GameAssembly.dll+2C776C5: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2C776C8: BA E8 03 00 00 - mov edx,000003E8
GameAssembly.dll+2C776CD: 41 8D 48 32 - lea ecx,[r8+32]
GameAssembly.dll+2C776D1: E8 6A 96 B4 FD - call UnityEngine.Random.Range
GameAssembly.dll+2C776D6: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2C776D9: 89 47 4C - mov [rdi+4C],eax
GameAssembly.dll+2C776DC: 41 8D 50 5A - lea edx,[r8+5A]
GameAssembly.dll+2C776E0: 8D 4A B0 - lea ecx,[rdx-50]
GameAssembly.dll+2C776E3: E8 58 96 B4 FD - call UnityEngine.Random.Range
}
{ 0.6.2.2
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+2729928
GameAssembly.dll+2729906: E8 35 A4 09 FE - call UnityEngine.Random.Range
GameAssembly.dll+272990B: 48 63 F0 - movsxd rsi,eax
GameAssembly.dll+272990E: 3B 73 18 - cmp esi,[rbx+18]
GameAssembly.dll+2729911: 72 07 - jb GameAssembly.dll+272991A
GameAssembly.dll+2729913: 33 C9 - xor ecx,ecx
GameAssembly.dll+2729915: E8 A6 41 19 FE - call System.ThrowHelper.ThrowArgumentOutOfRangeException
GameAssembly.dll+272991A: 48 8B 43 10 - mov rax,[rbx+10]
GameAssembly.dll+272991E: 33 D2 - xor edx,edx
GameAssembly.dll+2729920: 48 8B CF - mov rcx,rdi
GameAssembly.dll+2729923: 44 8B 44 B0 20 - mov r8d,[rax+rsi*4+20]
// ---------- INJECTING HERE ----------
GameAssembly.dll+2729928: 44 89 47 24 - mov [rdi+24],r8d
// ---------- DONE INJECTING ----------
GameAssembly.dll+272992C: 44 89 47 20 - mov [rdi+20],r8d
GameAssembly.dll+2729930: E8 EB 05 00 00 - call GhostController.੫੭ੳ੬੨ੰੰ੮੮ੱ
GameAssembly.dll+2729935: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2729938: BA E8 03 00 00 - mov edx,000003E8
GameAssembly.dll+272993D: 41 8D 48 32 - lea ecx,[r8+32]
GameAssembly.dll+2729941: E8 FA A3 09 FE - call UnityEngine.Random.Range
GameAssembly.dll+2729946: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2729949: 89 47 4C - mov [rdi+4C],eax
GameAssembly.dll+272994C: 41 8D 50 5A - lea edx,[r8+5A]
GameAssembly.dll+2729950: 8D 4A B0 - lea ecx,[rdx-50]
}
45401
"Type"
0:Spirit
1:Wraith
2:Phantom
3:Poltergeist
4:Banshee
5:Jinn
6:Mare
7:Revenant
8:Shade
9:Demon
10:Yurei
11:Oni
12:Yokai
13:Hantu
14:Goryo
15:Myling
16:Onryo
17:The Twins
18:Raiju
19:Obake
20:The Mimic
21:Moroi
22:Deogen
23:Thaye
0
FFFF00
4 Bytes
GType
70169
"Force Cursed Item (Host)"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Author: PappyG
}
//define(ForceCursedItem,CursedItemsController.੪੯ੰ੯੯ੳ੦੭ੴ੯ੴ+63)
//define(bytes,83 F8 05 77 33)
[ENABLE]
//assert(ForceCursedItem,bytes)
aobscanmodule(ForceCursedItem,GameAssembly.dll,83 ? ? 0F 87 ? ? ? ? 48 89 ? ? ? 48 8D ? ? ? ? ? 48 98 48 89)
alloc(newmem,64,ForceCursedItem)
alloc(CursedItem,8)
alloc(forcecurseorig,9)
registersymbol(ForceCursedItem CursedItem forcecurseorig)
label(return)
forcecurseorig:
readmem(ForceCursedItem,9)
newmem:
mov eax,[CursedItem]
cmp eax,05
reassemble(ForceCursedItem+03)
jmp return
CursedItem:
dq 0
ForceCursedItem:
jmp newmem
db 90 90 90 90
return:
[DISABLE]
ForceCursedItem:
readmem(forcecurseorig,9)
unregistersymbol(*)
dealloc(*)
{ old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1E02A62
GameAssembly.dll+1E02A42: 75 05 - jne GameAssembly.dll+1E02A49
GameAssembly.dll+1E02A44: E8 37 67 26 FE - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+1E02A49: 33 C9 - xor ecx,ecx
GameAssembly.dll+1E02A4B: E8 00 72 84 FE - call Photon.Pun.PhotonNetwork.get_IsMasterClient
GameAssembly.dll+1E02A50: 84 C0 - test al,al
GameAssembly.dll+1E02A52: 74 46 - je GameAssembly.dll+1E02A9A
GameAssembly.dll+1E02A54: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+1E02A57: 33 C9 - xor ecx,ecx
GameAssembly.dll+1E02A59: 41 8D 50 06 - lea edx,[r8+06]
GameAssembly.dll+1E02A5D: E8 1E 3A CF FE - call UnityEngine.Random.Range
// ---------- INJECTING HERE ----------
GameAssembly.dll+1E02A62: 83 F8 05 - cmp eax,05
// ---------- DONE INJECTING ----------
GameAssembly.dll+1E02A65: 77 33 - ja GameAssembly.dll+1E02A9A
GameAssembly.dll+1E02A67: 48 89 74 24 50 - mov [rsp+50],rsi
GameAssembly.dll+1E02A6C: 48 8D 15 8D D5 1F FE - lea rdx,[GameAssembly.dll]
GameAssembly.dll+1E02A73: 48 98 - cdqe
GameAssembly.dll+1E02A75: 48 89 7C 24 58 - mov [rsp+58],rdi
GameAssembly.dll+1E02A7A: 8B 8C 82 08 30 E0 01 - mov ecx,[rdx+rax*4+01E03008]
GameAssembly.dll+1E02A81: 48 03 CA - add rcx,rdx
GameAssembly.dll+1E02A84: FF E1 - jmp rcx
GameAssembly.dll+1E02A86: 33 D2 - xor edx,edx
GameAssembly.dll+1E02A88: 48 8B CB - mov rcx,rbx
}
{ 0.6.2.1
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+2A432A7
GameAssembly.dll+2A43283: 75 05 - jne GameAssembly.dll+2A4328A
GameAssembly.dll+2A43285: E8 76 7E 6C FD - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+2A4328A: 33 C9 - xor ecx,ecx
GameAssembly.dll+2A4328C: E8 BF A9 E6 FD - call Photon.Pun.PhotonNetwork.get_IsMasterClient
GameAssembly.dll+2A43291: 84 C0 - test al,al
GameAssembly.dll+2A43293: 0F 84 70 03 00 00 - je GameAssembly.dll+2A43609
GameAssembly.dll+2A43299: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2A4329C: 33 C9 - xor ecx,ecx
GameAssembly.dll+2A4329E: 41 8D 50 06 - lea edx,[r8+06]
GameAssembly.dll+2A432A2: E8 99 EA D7 FD - call UnityEngine.Random.Range
// ---------- INJECTING HERE ----------
GameAssembly.dll+2A432A7: 83 F8 05 - cmp eax,05
// ---------- DONE INJECTING ----------
GameAssembly.dll+2A432AA: 0F 87 59 03 00 00 - ja GameAssembly.dll+2A43609
GameAssembly.dll+2A432B0: 48 89 74 24 50 - mov [rsp+50],rsi
GameAssembly.dll+2A432B5: 48 8D 15 44 CD 5B FD - lea rdx,[GameAssembly.dll]
GameAssembly.dll+2A432BC: 48 98 - cdqe
GameAssembly.dll+2A432BE: 48 89 7C 24 58 - mov [rsp+58],rdi
GameAssembly.dll+2A432C3: 8B 8C 82 4C 36 A4 02 - mov ecx,[rdx+rax*4+02A4364C]
GameAssembly.dll+2A432CA: 48 03 CA - add rcx,rdx
GameAssembly.dll+2A432CD: FF E1 - jmp rcx
GameAssembly.dll+2A432CF: 33 D2 - xor edx,edx
GameAssembly.dll+2A432D1: 48 8B CB - mov rcx,rbx
}
{ 0.6.2.2
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+2BE26B3
GameAssembly.dll+2BE2693: 75 05 - jne GameAssembly.dll+2BE269A
GameAssembly.dll+2BE2695: E8 76 C1 51 FD - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+2BE269A: 33 C9 - xor ecx,ecx
GameAssembly.dll+2BE269C: E8 AF D5 CC FD - call Photon.Pun.PhotonNetwork.get_IsMasterClient
GameAssembly.dll+2BE26A1: 84 C0 - test al,al
GameAssembly.dll+2BE26A3: 74 46 - je GameAssembly.dll+2BE26EB
GameAssembly.dll+2BE26A5: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2BE26A8: 33 C9 - xor ecx,ecx
GameAssembly.dll+2BE26AA: 41 8D 50 06 - lea edx,[r8+06]
GameAssembly.dll+2BE26AE: E8 8D 16 BE FD - call UnityEngine.Random.Range
// ---------- INJECTING HERE ----------
GameAssembly.dll+2BE26B3: 83 F8 05 - cmp eax,05
// ---------- DONE INJECTING ----------
GameAssembly.dll+2BE26B6: 77 33 - ja GameAssembly.dll+2BE26EB
GameAssembly.dll+2BE26B8: 48 89 74 24 50 - mov [rsp+50],rsi
GameAssembly.dll+2BE26BD: 48 8D 15 3C D9 41 FD - lea rdx,[GameAssembly.dll]
GameAssembly.dll+2BE26C4: 48 98 - cdqe
GameAssembly.dll+2BE26C6: 48 89 7C 24 58 - mov [rsp+58],rdi
GameAssembly.dll+2BE26CB: 8B 8C 82 48 2A BE 02 - mov ecx,[rdx+rax*4+02BE2A48]
GameAssembly.dll+2BE26D2: 48 03 CA - add rcx,rdx
GameAssembly.dll+2BE26D5: FF E1 - jmp rcx
GameAssembly.dll+2BE26D7: 33 D2 - xor edx,edx
GameAssembly.dll+2BE26D9: 48 8B CB - mov rcx,rbx
}
70170
"Item"
0:Ouija Board
1:Music Box
2:Tarot Cards
3:Summoning Circle
4:Haunted Mirror
5:Voodoo Doll
0
FFFF00
4 Bytes
CursedItem
70083
"Cursed Items (show which ones are present on the map)"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Zephirot
Mono : Assembly-CSharp.dll -> CursedItemsController:Start()
}
define(address,CursedItemsController.Start)
define(bytes,40 53 48 83 EC 20)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,CursedItemsController.Start)
label(code)
label(return)
label(_cursedcontroller)
registersymbol(_cursedcontroller)
newmem:
code:
push rbx
sub rsp,20
mov [_cursedcontroller],rcx
jmp return
_cursedcontroller:
dq 0
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,20
unregistersymbol(_cursedcontroller)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: CursedItemsController.Start
GameAssembly.dll+1E8CA9E: E9 1D ED 1D FF - jmp UnityEngine.AudioSource.set_outputAudioMixerGroup
GameAssembly.dll+1E8CAA3: E8 D8 4B 26 FE - call GameAssembly.dll+F1680
GameAssembly.dll+1E8CAA8: CC - int 3
GameAssembly.dll+1E8CAA9: CC - int 3
GameAssembly.dll+1E8CAAA: CC - int 3
GameAssembly.dll+1E8CAAB: CC - int 3
GameAssembly.dll+1E8CAAC: CC - int 3
GameAssembly.dll+1E8CAAD: CC - int 3
GameAssembly.dll+1E8CAAE: CC - int 3
GameAssembly.dll+1E8CAAF: CC - int 3
// ---------- INJECTING HERE ----------
CursedItemsController.Start: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+1E8CAB2: 48 83 EC 20 - sub rsp,20
GameAssembly.dll+1E8CAB6: 80 3D 8D 09 DC 01 00 - cmp byte ptr [GameAssembly.dll+3C4D44A],00
GameAssembly.dll+1E8CABD: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+1E8CAC0: 75 12 - jne GameAssembly.dll+1E8CAD4
GameAssembly.dll+1E8CAC2: 8B 0D 58 C1 3C 01 - mov ecx,[GameAssembly.dll+3258C20]
GameAssembly.dll+1E8CAC8: E8 43 4A 26 FE - call GameAssembly.dll+F1510
GameAssembly.dll+1E8CACD: C6 05 76 09 DC 01 01 - mov byte ptr [GameAssembly.dll+3C4D44A],01
GameAssembly.dll+1E8CAD4: 48 89 74 24 30 - mov [rsp+30],rsi
GameAssembly.dll+1E8CAD9: 33 C9 - xor ecx,ecx
GameAssembly.dll+1E8CADB: 48 89 7C 24 38 - mov [rsp+38],rdi
}
70085
"Ouija Board"
0:NO
1:YES
0
FFFF00
Byte
_cursedcontroller
32
18
70090
"Music Box"
0:NO
1:YES
0
FFFF00
Byte
_cursedcontroller
32
20
70089
"Tarot Cards"
0:NO
1:YES
0
FFFF00
Byte
_cursedcontroller
32
28
70163
"Prevent Pulling"
0:NO
1:YES
0
FFFF00
Byte
_cursedcontroller
31
28
70162
"Pulling Animation"
0:NO
1:YES
0
FFFF00
Byte
_cursedcontroller
30
28
70161
"Cards In Deck"
1:1 Card
2:2 Cards
3:3 Cards
4:4 Cards
5:5 Cards
6:6 Cards
7:7 Cards
8:8 Cards
9:9 Cards
10:10 Cards
0
FFFF00
Byte
_cursedcontroller
18
60
28
70088
"Summoning Circle"
0:NO
1:YES
0
FFFF00
Byte
_cursedcontroller
32
30
70087
"Haunted Mirror"
0:NO
1:YES
0
FFFF00
Byte
_cursedcontroller
32
38
70086
"Voodoo Doll"
0:NO
1:YES
0
FFFF00
Byte
_cursedcontroller
32
40
44336
"Fuse Box Always Starts Turned On"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Zephirot
Mono : Assembly-CSharp.dll -> FuseBox.Start
}
[ENABLE]
aobscanregion(PROFUSEBOX, FuseBox.Start, FuseBox.Start+200, 83 78 20 00 0F 85 9D 00 00 00)
alloc(newmem,64,PROFUSEBOX)
label(code)
label(return)
alloc(Ori_PROFUSEBOX_bytes,10)
registersymbol(Ori_PROFUSEBOX_bytes)
Ori_PROFUSEBOX_bytes:
readmem(PROFUSEBOX,10)
newmem:
code:
cmp dword ptr [rax+20],00 //Amateur
je return
cmp dword ptr [rax+20],01 //Intermediate
je return
cmp dword ptr [rax+20],02 //Professional
je return
cmp dword ptr [rax+20],03 //Nightmare
je return
jmp return
PROFUSEBOX:
jmp newmem
db 90 90 90 90 90
return:
registersymbol(PROFUSEBOX)
[DISABLE]
PROFUSEBOX:
readmem(Ori_PROFUSEBOX_bytes,10)
//db 83 78 20 00 0F 85 9D 00 00 00
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+195FF74
GameAssembly.dll+195FF40: 75 22 - jne GameAssembly.dll+195FF64
GameAssembly.dll+195FF42: C7 83 8C 00 00 00 08 00 00 00 - mov [rbx+0000008C],00000008
GameAssembly.dll+195FF4C: EB 16 - jmp GameAssembly.dll+195FF64
GameAssembly.dll+195FF4E: C7 83 8C 00 00 00 09 00 00 00 - mov [rbx+0000008C],00000009
GameAssembly.dll+195FF58: EB 0A - jmp GameAssembly.dll+195FF64
GameAssembly.dll+195FF5A: C7 83 8C 00 00 00 0A 00 00 00 - mov [rbx+0000008C],0000000A
GameAssembly.dll+195FF64: 33 C9 - xor ecx,ecx
GameAssembly.dll+195FF66: E8 95 7B 22 01 - call LevelValues.get_instance
GameAssembly.dll+195FF6B: 48 85 C0 - test rax,rax
GameAssembly.dll+195FF6E: 0F 84 BE 00 00 00 - je GameAssembly.dll+1960032
// ---------- INJECTING HERE ----------
GameAssembly.dll+195FF74: 83 78 20 00 - cmp dword ptr [rax+20],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+195FF78: 0F 85 9D 00 00 00 - jne GameAssembly.dll+196001B
GameAssembly.dll+195FF7E: 48 89 7C 24 50 - mov [rsp+50],rdi
GameAssembly.dll+195FF83: 48 8B 0D 96 60 1B 02 - mov rcx,[GameAssembly.dll+3B16020]
GameAssembly.dll+195FF8A: 48 8B BB 98 00 00 00 - mov rdi,[rbx+00000098]
GameAssembly.dll+195FF91: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+195FF98: 74 0E - je GameAssembly.dll+195FFA8
GameAssembly.dll+195FF9A: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+195FFA1: 75 05 - jne GameAssembly.dll+195FFA8
GameAssembly.dll+195FFA3: E8 E8 AC 72 FE - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+195FFA8: 45 33 C0 - xor r8d,r8d
}
328
"Lobby"
FF8000
1
1337094229
"Hoop Score Hook (Score to Update)"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 2021-09-20
Author : joeyc
}
[ENABLE]
aobscanregion(Hoop,HoopCounter.OnTriggerExit,HoopCounter.OnTriggerExit+150,FF 43 28 48 8D 4B 28)
alloc(newmem,$100,Hoop)
alloc(find_hoopscore,8)
registersymbol(Hoop find_hoopscore)
label(return)
find_hoopscore:
dq 0
newmem:
mov [find_hoopscore],rbx
inc [rbx+28]
lea rcx,[rbx+28]
jmp return
Hoop:
jmp newmem
db 90 90
return:
[DISABLE]
Hoop:
db FF 43 28 48 8D 4B 28
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1A9DADF
GameAssembly.dll+1A9DAB6: 48 8B 0D A3 91 AC 01 - mov rcx,[GameAssembly.dll+3566C60]
GameAssembly.dll+1A9DABD: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+1A9DAC4: 74 0E - je GameAssembly.dll+1A9DAD4
GameAssembly.dll+1A9DAC6: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+1A9DACD: 75 05 - jne GameAssembly.dll+1A9DAD4
GameAssembly.dll+1A9DACF: E8 AC BE 5D FE - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+1A9DAD4: 33 C9 - xor ecx,ecx
GameAssembly.dll+1A9DAD6: E8 D5 4F B8 FE - call Photon.Pun.PhotonNetwork.get_InRoom
GameAssembly.dll+1A9DADB: 84 C0 - test al,al
GameAssembly.dll+1A9DADD: 75 69 - jne GameAssembly.dll+1A9DB48
// ---------- INJECTING HERE ----------
GameAssembly.dll+1A9DADF: FF 47 18 - inc [rdi+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+1A9DAE2: 48 8D 4F 18 - lea rcx,[rdi+18]
GameAssembly.dll+1A9DAE6: 48 8B 77 20 - mov rsi,[rdi+20]
GameAssembly.dll+1A9DAEA: 33 D2 - xor edx,edx
GameAssembly.dll+1A9DAEC: E8 DF 1A DA FE - call GameAssembly.dll+83F5D0
GameAssembly.dll+1A9DAF1: 48 85 F6 - test rsi,rsi
GameAssembly.dll+1A9DAF4: 74 62 - je GameAssembly.dll+1A9DB58
GameAssembly.dll+1A9DAF6: 4C 8B 0E - mov r9,[rsi]
GameAssembly.dll+1A9DAF9: 48 8B D0 - mov rdx,rax
GameAssembly.dll+1A9DAFC: 48 8B CE - mov rcx,rsi
GameAssembly.dll+1A9DAFF: 4D 8B 81 E8 05 00 00 - mov r8,[r9+000005E8]
}
{ latest
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1A2BC81
GameAssembly.dll+1A2BC58: 48 8B 0D A1 D5 E8 01 - mov rcx,[GameAssembly.dll+38B9200]
GameAssembly.dll+1A2BC5F: F6 81 33 01 00 00 04 - test byte ptr [rcx+00000133],04
GameAssembly.dll+1A2BC66: 74 0E - je GameAssembly.dll+1A2BC76
GameAssembly.dll+1A2BC68: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+1A2BC6F: 75 05 - jne GameAssembly.dll+1A2BC76
GameAssembly.dll+1A2BC71: E8 2A BA 6D FE - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+1A2BC76: 33 C9 - xor ecx,ecx
GameAssembly.dll+1A2BC78: E8 F3 C8 E7 FE - call Photon.Pun.PhotonNetwork.get_InRoom
GameAssembly.dll+1A2BC7D: 84 C0 - test al,al
GameAssembly.dll+1A2BC7F: 75 59 - jne GameAssembly.dll+1A2BCDA
// ---------- INJECTING HERE ----------
GameAssembly.dll+1A2BC81: FF 47 18 - inc [rdi+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+1A2BC84: 48 8D 4F 18 - lea rcx,[rdi+18]
GameAssembly.dll+1A2BC88: 48 8B 77 20 - mov rsi,[rdi+20]
GameAssembly.dll+1A2BC8C: 33 D2 - xor edx,edx
GameAssembly.dll+1A2BC8E: E8 6D C9 D3 FE - call GameAssembly.dll+768600
GameAssembly.dll+1A2BC93: 48 85 F6 - test rsi,rsi
GameAssembly.dll+1A2BC96: 74 52 - je GameAssembly.dll+1A2BCEA
GameAssembly.dll+1A2BC98: 4C 8B 0E - mov r9,[rsi]
GameAssembly.dll+1A2BC9B: 48 8B D0 - mov rdx,rax
GameAssembly.dll+1A2BC9E: 48 8B CE - mov rcx,rsi
GameAssembly.dll+1A2BCA1: 4D 8B 81 F0 05 00 00 - mov r8,[r9+000005F0]
}
1337094230
"Hoop Score"
0
FFFF00
4 Bytes
find_hoopscore
28
1337094231
"Set Price to Buy"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2021-09-20
Author : joeyc
This script does blah blah blah
}
define(address,StoreManager.BuyButton+70)
define(bytes,3B 41 18 0F 8C C2 00 00 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,StoreManager.BuyButton+70)
alloc(buy_value,10)
label(code)
label(return)
buy_value:
dq 0
newmem:
push rsi
mov rsi,[buy_value]
mov [rcx+18],rsi
pop rsi
jmp code
code:
cmp eax,[rcx+18]
reassemble(address+03)
jmp return
address:
jmp newmem
db 90 90 90 90
return:
registersymbol(buy_value)
[DISABLE]
address:
db bytes
// cmp eax,[rcx+18]
// jl GameAssembly.dll+177386B
unregistersymbol(buy_value)
dealloc(newmem buy_value)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+15DE2BB
GameAssembly.dll+15DE288: E8 13 69 B1 FE - call GameAssembly.dll+F4BA0
GameAssembly.dll+15DE28D: C6 05 8A D6 F2 01 01 - mov byte ptr [GameAssembly.dll+350B91E],01
GameAssembly.dll+15DE294: 4C 8B 05 7D B6 F6 01 - mov r8,[GameAssembly.dll+3549918]
GameAssembly.dll+15DE29B: 33 D2 - xor edx,edx
GameAssembly.dll+15DE29D: 48 8B 0D BC B4 F3 01 - mov rcx,[GameAssembly.dll+3519760]
GameAssembly.dll+15DE2A4: 48 89 7C 24 30 - mov [rsp+30],rdi
GameAssembly.dll+15DE2A9: E8 D2 DD EF FF - call GameAssembly.dll+14DC080
GameAssembly.dll+15DE2AE: 48 8B 4B 28 - mov rcx,[rbx+28]
GameAssembly.dll+15DE2B2: 48 85 C9 - test rcx,rcx
GameAssembly.dll+15DE2B5: 0F 84 DC 00 00 00 - je GameAssembly.dll+15DE397
// ---------- INJECTING HERE ----------
GameAssembly.dll+15DE2BB: 3B 41 18 - cmp eax,[rcx+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+15DE2BE: 0F 8C C2 00 00 00 - jl GameAssembly.dll+15DE386
GameAssembly.dll+15DE2C4: 48 8B 15 05 0D F9 01 - mov rdx,[GameAssembly.dll+356EFD0]
GameAssembly.dll+15DE2CB: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+15DE2CE: 48 8B 49 38 - mov rcx,[rcx+38]
GameAssembly.dll+15DE2D2: E8 49 97 3D FF - call System.String.Concat
GameAssembly.dll+15DE2D7: 48 8B 4B 28 - mov rcx,[rbx+28]
GameAssembly.dll+15DE2DB: 48 8B F8 - mov rdi,rax
GameAssembly.dll+15DE2DE: 48 85 C9 - test rcx,rcx
GameAssembly.dll+15DE2E1: 0F 84 B0 00 00 00 - je GameAssembly.dll+15DE397
GameAssembly.dll+15DE2E7: 48 8B 15 E2 0C F9 01 - mov rdx,[GameAssembly.dll+356EFD0]
}
{ latest
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+17737A0
GameAssembly.dll+177376D: E8 FE 07 A1 FE - call GameAssembly.dll+183F70
GameAssembly.dll+1773772: C6 05 F7 EE 1C 02 01 - mov byte ptr [GameAssembly.dll+3942670],01
GameAssembly.dll+1773779: 4C 8B 05 E0 D9 14 02 - mov r8,[GameAssembly.dll+38C1160]
GameAssembly.dll+1773780: 33 D2 - xor edx,edx
GameAssembly.dll+1773782: 48 8B 0D DF 5D 12 02 - mov rcx,[GameAssembly.dll+3899568]
GameAssembly.dll+1773789: 48 89 7C 24 30 - mov [rsp+30],rdi
GameAssembly.dll+177378E: E8 FD 1A 9F FF - call GameAssembly.dll+1165290
GameAssembly.dll+1773793: 48 8B 4B 28 - mov rcx,[rbx+28]
GameAssembly.dll+1773797: 48 85 C9 - test rcx,rcx
GameAssembly.dll+177379A: 0F 84 DC 00 00 00 - je GameAssembly.dll+177387C
// ---------- INJECTING HERE ----------
GameAssembly.dll+17737A0: 3B 41 18 - cmp eax,[rcx+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+17737A3: 0F 8C C2 00 00 00 - jl GameAssembly.dll+177386B
GameAssembly.dll+17737A9: 48 8B 15 B8 F3 13 02 - mov rdx,[GameAssembly.dll+38B2B68]
GameAssembly.dll+17737B0: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+17737B3: 48 8B 49 38 - mov rcx,[rcx+38]
GameAssembly.dll+17737B7: E8 E4 CC 2B FF - call System.String.Concat
GameAssembly.dll+17737BC: 48 8B 4B 28 - mov rcx,[rbx+28]
GameAssembly.dll+17737C0: 48 8B F8 - mov rdi,rax
GameAssembly.dll+17737C3: 48 85 C9 - test rcx,rcx
GameAssembly.dll+17737C6: 0F 84 B0 00 00 00 - je GameAssembly.dll+177387C
GameAssembly.dll+17737CC: 48 8B 15 95 F3 13 02 - mov rdx,[GameAssembly.dll+38B2B68]
}
1337094232
"Buy Price"
0
FFFF00
4 Bytes
buy_value
1337094233
"Set Price to Sell"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2021-09-20
Author : joeyc
This script does blah blah blah
}
define(address,StoreManager.SellButton+10B)
define(bytes,74 43 8B 40 18)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,StoreManager.SellButton+10B)
alloc(sell_amount,10)
label(code)
label(return)
sell_amount:
dq 0
newmem:
push rsi
mov rsi,[sell_amount]
mov [rax+18],rsi
pop rsi
jmp code
code:
reassemble(address)
mov eax,[rax+18]
jmp return
address:
jmp newmem
return:
registersymbol(sell_amount)
[DISABLE]
address:
db bytes
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+15DE8D8
GameAssembly.dll+15DE8B0: 8D 50 FF - lea edx,[rax-01]
GameAssembly.dll+15DE8B3: E8 18 1B 69 00 - call GameAssembly.dll+1C703D0
GameAssembly.dll+15DE8B8: 4C 8B 05 59 B0 F6 01 - mov r8,[GameAssembly.dll+3549918]
GameAssembly.dll+15DE8BF: 33 D2 - xor edx,edx
GameAssembly.dll+15DE8C1: 48 8B 0D 98 AE F3 01 - mov rcx,[GameAssembly.dll+3519760]
GameAssembly.dll+15DE8C8: E8 B3 D7 EF FF - call GameAssembly.dll+14DC080
GameAssembly.dll+15DE8CD: 8B C8 - mov ecx,eax
GameAssembly.dll+15DE8CF: 48 8B 43 28 - mov rax,[rbx+28]
GameAssembly.dll+15DE8D3: 48 85 C0 - test rax,rax
GameAssembly.dll+15DE8D6: 74 44 - je GameAssembly.dll+15DE91C
// ---------- INJECTING HERE ----------
GameAssembly.dll+15DE8D8: 8B 40 18 - mov eax,[rax+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+15DE8DB: 4C 8B 05 66 C0 F5 01 - mov r8,[GameAssembly.dll+353A948]
GameAssembly.dll+15DE8E2: 99 - cdq
GameAssembly.dll+15DE8E3: 2B C2 - sub eax,edx
GameAssembly.dll+15DE8E5: D1 F8 - sar eax,1
GameAssembly.dll+15DE8E7: 8D 14 01 - lea edx,[rcx+rax]
GameAssembly.dll+15DE8EA: 48 8B 0D 6F AE F3 01 - mov rcx,[GameAssembly.dll+3519760]
GameAssembly.dll+15DE8F1: E8 DA 1A 69 00 - call GameAssembly.dll+1C703D0
GameAssembly.dll+15DE8F6: 33 D2 - xor edx,edx
GameAssembly.dll+15DE8F8: 48 8B CB - mov rcx,rbx
GameAssembly.dll+15DE8FB: E8 D0 62 00 00 - call StoreManager.UpdatePlayerMoneyText
}
{ latest
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1773DEB
GameAssembly.dll+1773DC2: 48 8B CF - mov rcx,rdi
GameAssembly.dll+1773DC5: 8D 50 FF - lea edx,[rax-01]
GameAssembly.dll+1773DC8: E8 63 23 9F FF - call GameAssembly.dll+1166130
GameAssembly.dll+1773DCD: 4C 8B 05 8C D3 14 02 - mov r8,[GameAssembly.dll+38C1160]
GameAssembly.dll+1773DD4: 33 D2 - xor edx,edx
GameAssembly.dll+1773DD6: 48 8B 0D 8B 57 12 02 - mov rcx,[GameAssembly.dll+3899568]
GameAssembly.dll+1773DDD: E8 AE 14 9F FF - call GameAssembly.dll+1165290
GameAssembly.dll+1773DE2: 8B C8 - mov ecx,eax
GameAssembly.dll+1773DE4: 48 8B 43 28 - mov rax,[rbx+28]
GameAssembly.dll+1773DE8: 48 85 C0 - test rax,rax
// ---------- INJECTING HERE ----------
GameAssembly.dll+1773DEB: 74 43 - je GameAssembly.dll+1773E30
// ---------- DONE INJECTING ----------
GameAssembly.dll+1773DED: 8B 40 18 - mov eax,[rax+18]
GameAssembly.dll+1773DF0: 4C 8B 05 C9 D6 14 02 - mov r8,[GameAssembly.dll+38C14C0]
GameAssembly.dll+1773DF7: 99 - cdq
GameAssembly.dll+1773DF8: 2B C2 - sub eax,edx
GameAssembly.dll+1773DFA: D1 F8 - sar eax,1
GameAssembly.dll+1773DFC: 8D 14 01 - lea edx,[rcx+rax]
GameAssembly.dll+1773DFF: 48 8B 0D 62 57 12 02 - mov rcx,[GameAssembly.dll+3899568]
GameAssembly.dll+1773E06: E8 25 23 9F FF - call GameAssembly.dll+1166130
GameAssembly.dll+1773E0B: 33 D2 - xor edx,edx
GameAssembly.dll+1773E0D: 48 8B CB - mov rcx,rbx
}
1337094234
"Sell Price"
0
FFFF00
4 Bytes
sell_amount
1337094235
"All Buttons Pressable When Not Host"
008000
Auto Assembler Script
define(address,UnityEngine.UI.Selectable.IsInteractable+c)
define(bytes,0F B6 81 D0 00 00 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,UnityEngine.UI.Selectable.IsInteractable+c)
label(return)
newmem:
mov eax,1
jmp return
address:
jmp newmem
db 90 90
return:
[DISABLE]
address:
db bytes
// movzx eax,byte ptr [rcx+000000C8]
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+5FA56C
GameAssembly.dll+5FA556: 32 C0 - xor al,al
GameAssembly.dll+5FA558: 48 83 C4 20 - add rsp,20
GameAssembly.dll+5FA55C: 5B - pop rbx
GameAssembly.dll+5FA55D: C3 - ret
GameAssembly.dll+5FA55E: CC - int 3
GameAssembly.dll+5FA55F: CC - int 3
UnityEngine.UI.Selectable.IsInteractable: 80 B9 D8 00 00 00 00 - cmp byte ptr [rcx+000000D8],00
GameAssembly.dll+5FA567: 75 03 - jne GameAssembly.dll+5FA56C
GameAssembly.dll+5FA569: 32 C0 - xor al,al
GameAssembly.dll+5FA56B: C3 - ret
// ---------- INJECTING HERE ----------
GameAssembly.dll+5FA56C: 0F B6 81 D0 00 00 00 - movzx eax,byte ptr [rcx+000000C8]
// ---------- DONE INJECTING ----------
GameAssembly.dll+5FA573: C3 - ret
GameAssembly.dll+5FA574: CC - int 3
GameAssembly.dll+5FA575: CC - int 3
GameAssembly.dll+5FA576: CC - int 3
GameAssembly.dll+5FA577: CC - int 3
GameAssembly.dll+5FA578: CC - int 3
GameAssembly.dll+5FA579: CC - int 3
GameAssembly.dll+5FA57A: CC - int 3
GameAssembly.dll+5FA57B: CC - int 3
GameAssembly.dll+5FA57C: CC - int 3
}
1337094236
"Server Info Hook (for multiplayer lobbies NOT SINGLEPLAYER Join server then activate)"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 2021-09-22
Author : joeyc
}
[ENABLE]
aobscanregion(sihook,Photon.Pun.PhotonNetwork.get_IsMasterClient,Photon.Pun.PhotonNetwork.get_IsMasterClient+130,8B 58 48 33 C9)
alloc(newmem,128,sihook)
alloc(server_info,8)
registersymbol(sihook server_info)
label(return)
server_info:
dq 0
newmem:
mov [server_info],rax
mov ebx,[rax+48]
xor ecx,ecx
jmp return
sihook:
jmp newmem
return:
[DISABLE]
sihook:
db 8B 58 48 33 C9
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+616518
GameAssembly.dll+6164EE: 75 0C - jne GameAssembly.dll+6164FC
GameAssembly.dll+6164F0: E8 2B A4 A6 FF - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+6164F5: 48 8B 0D 8C B6 FD 02 - mov rcx,[GameAssembly.dll+35F1B88]
GameAssembly.dll+6164FC: 48 8B 81 B8 00 00 00 - mov rax,[rcx+000000B8]
GameAssembly.dll+616503: 48 8B 48 08 - mov rcx,[rax+08]
GameAssembly.dll+616507: 48 85 C9 - test rcx,rcx
GameAssembly.dll+61650A: 74 32 - je GameAssembly.dll+61653E
GameAssembly.dll+61650C: 48 8B 81 08 01 00 00 - mov rax,[rcx+00000108]
GameAssembly.dll+616513: 48 85 C0 - test rax,rax
GameAssembly.dll+616516: 74 26 - je GameAssembly.dll+61653E
// ---------- INJECTING HERE ----------
GameAssembly.dll+616518: 8B 58 48 - mov ebx,[rax+48]
// ---------- DONE INJECTING ----------
GameAssembly.dll+61651B: 33 C9 - xor ecx,ecx
GameAssembly.dll+61651D: E8 2E 03 00 00 - call Photon.Pun.PhotonNetwork.get_LocalPlayer
GameAssembly.dll+616522: 48 85 C0 - test rax,rax
GameAssembly.dll+616525: 74 17 - je GameAssembly.dll+61653E
GameAssembly.dll+616527: 3B 58 18 - cmp ebx,[rax+18]
GameAssembly.dll+61652A: 48 8B 5C 24 20 - mov rbx,[rsp+20]
GameAssembly.dll+61652F: 0F 94 C0 - sete al
GameAssembly.dll+616532: 48 83 C4 28 - add rsp,28
GameAssembly.dll+616536: C3 - ret
GameAssembly.dll+616537: B0 01 - mov al,01
}
1337094237
"Max Players"
0
4 Bytes
server_info
20
1337094238
"Master Client ID (change to match Client ID and change character to become host)"
0
FFFF00
4 Bytes
server_info
48
1337094239
"Invite Code Info"
FF8000
1
1337094240
"Invite Code"
0
FFFF00
String
36
1
0
1
server_info
14
40
1337094241
"Invite Code Length (increase number as needed for longer codes)"
0
FFFF00
4 Bytes
server_info
10
40
1337094242
"Client ID"
0
FFFF00
4 Bytes
[server_info]+60
18
100
1337094215
"Player"
FF8000
1
70010
"Solo Player Info"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Zephirot
Mono : Assembly-CSharp.dll -> Player:Update()
}
[ENABLE]
aobscanregion(SoloPlayer,Player.Update,Player.Update+100,48 8B 43 18 48 89 7C 24 50) // should be unique
alloc(newmem,100,SoloPlayer)
label(code return _Player00)
registersymbol(_Player00 SoloPlayer)
newmem:
code:
mov rax,[rbx+18]
mov [rsp+50],rdi
mov [_Player00],rcx
jmp return
_Player00:
dq 0
SoloPlayer:
jmp newmem
db 90 90
return:
[DISABLE]
SoloPlayer:
db 48 8B 43 18 48 85 C0
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+15E0C44
GameAssembly.dll+15E0C1E: CC - int 3
GameAssembly.dll+15E0C1F: CC - int 3
Player.Update: 40 53 - push rbx
GameAssembly.dll+15E0C22: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+15E0C26: 80 3D C0 81 66 02 00 - cmp byte ptr [GameAssembly.dll+3C48DED],00
GameAssembly.dll+15E0C2D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+15E0C30: 75 12 - jne GameAssembly.dll+15E0C44
GameAssembly.dll+15E0C32: 8B 0D 00 FD C4 01 - mov ecx,[GameAssembly.dll+3230938]
GameAssembly.dll+15E0C38: E8 D3 08 B1 FE - call GameAssembly.dll+F1510
GameAssembly.dll+15E0C3D: C6 05 A9 81 66 02 01 - mov byte ptr [GameAssembly.dll+3C48DED],01
// ---------- INJECTING HERE ----------
GameAssembly.dll+15E0C44: 48 8B 43 18 - mov rax,[rbx+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+15E0C48: 48 89 7C 24 50 - mov [rsp+50],rdi
GameAssembly.dll+15E0C4D: 48 85 C0 - test rax,rax
GameAssembly.dll+15E0C50: 0F 84 DC 00 00 00 - je GameAssembly.dll+15E0D32
GameAssembly.dll+15E0C56: 80 78 60 00 - cmp byte ptr [rax+60],00
GameAssembly.dll+15E0C5A: 0F 84 C7 00 00 00 - je GameAssembly.dll+15E0D27
GameAssembly.dll+15E0C60: 48 8B 0D 71 AF 67 02 - mov rcx,[GameAssembly.dll+3C5BBD8]
GameAssembly.dll+15E0C67: 48 8B BB F0 00 00 00 - mov rdi,[rbx+000000F0]
GameAssembly.dll+15E0C6E: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+15E0C75: 74 0E - je GameAssembly.dll+15E0C85
GameAssembly.dll+15E0C77: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
}
70011
"Player Name (Change Character to activate change)"
0
FFFF00
String
25
1
0
1
_Player00
14
20
78
18
1337094210
"Player Name Length"
0
FFFF00
4 Bytes
_Player00
10
20
78
18
70012
"Current Room"
??:Somewhere
0
D500D5
String
25
1
0
1
_Player00
14
60
60
70017
"Inventory Size (3 or 4)"
0
FFFF00
4 Bytes
_Player00
18
58
110
70178
"Inventory Size (3 or 4)"
0
FFFF00
4 Bytes
_Player00
18
10
58
110
70013
"Interaction Distance (Default = 1.600000024)"
0
FFFF00
Float
GameAssembly.dll+3EAD8D4
70014
"Insanity Level"
0
FFFF00
Float
_Player00
28
C0
70029
"Player Is in Light?"
0:NO
1:YES
0
D500D5
Byte
_Player00
40
C0
70015
"Dead?"
0:ALIVE
1:DEAD
0
D500D5
Byte
_Player00
20
70027
"Able to Sprint? (Infinite Sprint if locked at YES)"
1:YES
0:NO
0
FFFF00
Byte
_Player00
1B
108
70021
"Crosshair Colour (ABGR: Alpha/Blue/Green/Red)"
FF8000
1
70022
"Active Crosshair Color"
FFFFFFFF:White
FF808080:Gray
FF000000:Black
FF0000FF:Red
FF0080FF:Orange
FF00FFFF:Yellow
FF00FF00:Green
FFFF0000:Blue
FF800080:Purple
1
0
FFFF00
4 Bytes
_Player00
44
120
70023
"Passive Crosshair Color"
FFFFFFFF:White
FF808080:Gray
FF000000:Black
FF0000FF:Red
FF0080FF:Orange
FF00FFFF:Yellow
FF00FF00:Green
FFFF0000:Blue
FF800080:Purple
1
0
FFFF00
4 Bytes
_Player00
40
120
70028
"Additional"
FF8000
1
70030
"Game Difficulty Rate"
1:Amateur
1.5:Intermediate
2:Professional/Nightmare
0
D500D5
Float
_Player00
44
C0
70031
"Player Current Speed (for info)"
0
D500D5
Float
_Player00
90
108
44059
"Co-Op Player Info"
0080FF
Auto Assembler Script
{ Game : Phasmophobia
Version:
Date : 2021-04-09
Author : Coderbox1
Updated/edited By: Glowmoss
Mono : Assembly-CSharp.dll -> GameController:GetAveragePlayerInsanity()
}
define(address,"GameController.GetAveragePlayerInsanity"+DD)
define(bytes,F3 0F 58 70 28)
[ENABLE]
assert(address,bytes)
alloc(newmem,256,"GameController.GetAveragePlayerInsanity"+DD)
alloc(P1,10)
alloc(P2,10)
alloc(P3,10)
alloc(P4,10)
label(code return put1 put2 put3 put4)
registersymbol(P1 P2 P3 P4)
newmem:
cmp rsi,0
je put1
cmp rsi,1
je put2
cmp rsi,2
je put3
cmp rsi,3
je put4
put1:
mov [P1],rax
jmp code
put2:
mov [P2],rax
jmp code
put3:
mov [P3],rax
jmp code
put4:
mov [P4],rax
jmp code
code:
addss xmm6,[rax+28]
jmp return
P1:
dq 0
P2:
dq 0
P3:
dq 0
P4:
dq 0
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll.il2cpp+112EBC7
GameAssembly.dll.il2cpp+112EBA6: 8B D7 - mov edx,edi
GameAssembly.dll.il2cpp+112EBA8: E8 83 92 C6 FE - call GameAssembly.il2cpp_custom_attrs_free+2740
GameAssembly.dll.il2cpp+112EBAD: 48 85 C0 - test rax,rax
GameAssembly.dll.il2cpp+112EBB0: 74 70 - je GameAssembly.dll.il2cpp+112EC22
GameAssembly.dll.il2cpp+112EBB2: 48 8B 40 10 - mov rax,[rax+10]
GameAssembly.dll.il2cpp+112EBB6: 48 85 C0 - test rax,rax
GameAssembly.dll.il2cpp+112EBB9: 74 67 - je GameAssembly.dll.il2cpp+112EC22
GameAssembly.dll.il2cpp+112EBBB: 48 8B 80 C0 00 00 00 - mov rax,[rax+000000C0]
GameAssembly.dll.il2cpp+112EBC2: 48 85 C0 - test rax,rax
GameAssembly.dll.il2cpp+112EBC5: 74 5B - je GameAssembly.dll.il2cpp+112EC22
// ---------- INJECTING HERE ----------
GameAssembly.dll.il2cpp+112EBC7: F3 0F 58 70 28 - addss xmm6,[rax+28]
// ==> "GameAssembly.dll"+139CBC7
// ---------- DONE INJECTING ----------
GameAssembly.dll.il2cpp+112EBCC: FF C6 - inc esi
GameAssembly.dll.il2cpp+112EBCE: 48 8B 45 48 - mov rax,[rbp+48]
GameAssembly.dll.il2cpp+112EBD2: FF C7 - inc edi
GameAssembly.dll.il2cpp+112EBD4: 49 83 C6 08 - add r14,08
GameAssembly.dll.il2cpp+112EBD8: 8B CF - mov ecx,edi
GameAssembly.dll.il2cpp+112EBDA: 48 8B D8 - mov rbx,rax
GameAssembly.dll.il2cpp+112EBDD: 48 85 C0 - test rax,rax
GameAssembly.dll.il2cpp+112EBE0: 74 40 - je GameAssembly.dll.il2cpp+112EC22
GameAssembly.dll.il2cpp+112EBE2: E9 69 FF FF FF - jmp GameAssembly.dll.il2cpp+112EB50
GameAssembly.dll.il2cpp+112EBE7: 85 F6 - test esi,esi
}
1337094204
"Player 1 (activate to see more options)"
FF8000
1
44062
"Player Name"
0
FFFF00
String
25
1
0
1
P1
14
20
78
18
20
1337094211
"Player Name Length"
0
FFFF00
4 Bytes
P1
10
20
78
18
20
44073
"Current Room"
0
D500D5
String
25
1
0
1
P1
14
58
60
20
44068
"Inventory Size (3 or 4)"
0
FFFF00
4 Bytes
P1
18
60
118
20
70235
"Inventory Size (3 or 4)"
0
FFFF00
4 Bytes
P1
18
10
60
118
20
44066
"Interaction Distance (Default = 1.6)"
0
FFFF00
Float
P1
18
118
20
44075
"Insanity Level"
0
D500D5
Float
P1
28
C8
20
44074
"Dead?"
0:ALIVE
1:DEAD
0
D500D5
Byte
P1
20
20
44063
"Crosshair Colour (ABGR: Alpha/Blue/Green/Red)"
FF8000
1
44064
"Active Crosshair Color"
FFFFFFFF:White
FF808080:Gray
FF000000:Black
FF0000FF:Red
FF0080FF:Orange
FF00FFFF:Yellow
FF00FF00:Green
FFFF0000:Blue
FF800080:Purple
1
0
FFFF00
4 Bytes
P1
44
128
20
44065
"Passive Crosshair Color"
FFFFFFFF:White
FF808080:Gray
FF000000:Black
FF0000FF:Red
FF0080FF:Orange
FF00FFFF:Yellow
FF00FF00:Green
FFFF0000:Blue
FF800080:Purple
1
0
FFFF00
4 Bytes
P1
40
128
20
1337094207
"Player 2 (activate to see more options)"
FF8000
1
44078
"Player Name"
0
FFFF00
String
25
1
0
1
P2
14
20
78
18
20
1337094212
"Player Name Length"
0
FFFF00
4 Bytes
P2
10
20
78
18
20
44225
"Current Room"
0
D500D5
String
25
1
0
1
P2
14
58
60
20
44231
"Inventory Size (3 or 4)"
0
FFFF00
4 Bytes
P2
18
60
118
20
70236
"Inventory Size (3 or 4)"
0
FFFF00
4 Bytes
P2
18
10
60
118
20
44226
"Interaction Distance (Default = 1.6)"
0
FFFF00
Float
P2
18
118
20
44227
"Insanity Level"
0
D500D5
Float
P2
28
C8
20
44228
"Dead?"
0:ALIVE
1:DEAD
0
D500D5
Byte
P2
20
20
44235
"Crosshair Colour (ABGR: Alpha/Blue/Green/Red)"
FF8000
1
44236
"Active Crosshair Color"
FFFFFFFF:White
FF808080:Gray
FF000000:Black
FF0000FF:Red
FF0080FF:Orange
FF00FFFF:Yellow
FF00FF00:Green
FFFF0000:Blue
FF800080:Purple
1
0
FFFF00
4 Bytes
P2
44
128
20
44237
"Passive Crosshair Color"
FFFFFFFF:White
FF808080:Gray
FF000000:Black
FF0000FF:Red
FF0080FF:Orange
FF00FFFF:Yellow
FF00FF00:Green
FFFF0000:Blue
FF800080:Purple
1
0
FFFF00
4 Bytes
P2
40
128
20
1337094206
"Player 3 (activate to see more options)"
FF8000
1
44224
"Player Name"
0
FFFF00
String
25
1
0
1
P3
14
20
78
18
20
1337094213
"Player Name Length"
0
FFFF00
4 Bytes
P3
10
20
78
18
20
44238
"Current Room"
0
D500D5
String
25
1
0
1
P3
14
58
60
20
44244
"Inventory Size (3 or 4)"
0
FFFF00
4 Bytes
P3
18
60
118
20
70237
"Inventory Size (3 or 4)"
0
FFFF00
4 Bytes
P3
18
10
60
118
20
44239
"Interaction Distance (Default = 1.6)"
0
FFFF00
Float
P3
18
118
20
44240
"Insanity Level"
0
D500D5
Float
P3
28
C8
20
44241
"Dead?"
0:ALIVE
1:DEAD
0
D500D5
Byte
P3
20
20
44248
"Crosshair Colour (ABGR: Alpha/Blue/Green/Red)"
FF8000
1
44249
"Active Crosshair Color"
FFFFFFFF:White
FF808080:Gray
FF000000:Black
FF0000FF:Red
FF0080FF:Orange
FF00FFFF:Yellow
FF00FF00:Green
FFFF0000:Blue
FF800080:Purple
1
0
FFFF00
4 Bytes
P3
44
128
20
44250
"Passive Crosshair Color"
FFFFFFFF:White
FF808080:Gray
FF000000:Black
FF0000FF:Red
FF0080FF:Orange
FF00FFFF:Yellow
FF00FF00:Green
FFFF0000:Blue
FF800080:Purple
1
0
FFFF00
4 Bytes
P3
40
128
20
1337094205
"Player 4 (activate to see more options)"
FF8000
1
44110
"Player Name"
0
FFFF00
String
25
1
0
1
P4
14
20
78
18
20
1337094214
"Player Name Length"
0
FFFF00
4 Bytes
P4
10
20
78
18
20
44251
"Current Room"
0
D500D5
String
25
1
0
1
P4
14
58
60
20
44257
"Inventory Size (3 or 4)"
0
FFFF00
4 Bytes
P4
18
60
118
20
70238
"Inventory Size (3 or 4)"
0
FFFF00
4 Bytes
P4
18
10
60
118
20
44252
"Interaction Distance (Default = 1.6)"
0
FFFF00
Float
P4
18
118
20
44253
"Insanity Level"
0
D500D5
Float
P4
28
C8
20
44254
"Dead?"
0:ALIVE
1:DEAD
0
D500D5
Byte
P4
20
20
44261
"Crosshair Colour (ABGR: Alpha/Blue/Green/Red)"
FF8000
1
44262
"Active Crosshair Color"
FFFFFFFF:White
FF808080:Gray
FF000000:Black
FF0000FF:Red
FF0080FF:Orange
FF00FFFF:Yellow
FF00FF00:Green
FFFF0000:Blue
FF800080:Purple
1
0
FFFF00
4 Bytes
P4
44
128
20
44263
"Passive Crosshair Color"
FFFFFFFF:White
FF808080:Gray
FF000000:Black
FF0000FF:Red
FF0080FF:Orange
FF00FFFF:Yellow
FF00FF00:Green
FFFF0000:Blue
FF800080:Purple
1
0
FFFF00
4 Bytes
P4
40
128
20
70043
"Team Sanity (Visual) [ig]"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Zephirot
Mono : Assembly-CSharp.dll -> GameController:GetAveragePlayerInsanity()
}
[ENABLE]
aobscanregion(TEAMINSANITY,GameController.GetAveragePlayerInsanity,GameController.GetAveragePlayerInsanity+20, 48 89 6C 24 18)
alloc(newmem,$100,TEAMINSANITY)
label(code)
label(return)
label(_TSAN)
registersymbol(_TSAN)
label(_AVGI)
registersymbol(_AVGI)
label(PVAL)
registerSymbol(PVAL)
newmem:
code:
mov [rsp+18],rbp
mov [_AVGI],rcx
push rbx
mov rbx,[rcx]
mov rbx,[rcx+70]
mov [_TSAN],rbx
pop rbx
movss xmm0,[PVAL]
movss xmm1,[_TSAN]
subss xmm0,xmm1
movss [_TSAN],xmm0
jmp return
_AVGI:
dq 0
_TSAN:
dq 0
PVAL:
dq (float)100.0
TEAMINSANITY:
jmp newmem
return:
registersymbol(TEAMINSANITY)
[DISABLE]
TEAMINSANITY:
db 48 89 6C 24 18
unregistersymbol(TEAMINSANITY)
unregistersymbol(_AVGI)
unregistersymbol(_TSAN)
unregistersymbol(PVAL)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameController.GetAveragePlayerInsanity
GameAssembly.dll+8AFC96: CC - int 3
GameAssembly.dll+8AFC97: CC - int 3
GameAssembly.dll+8AFC98: CC - int 3
GameAssembly.dll+8AFC99: CC - int 3
GameAssembly.dll+8AFC9A: CC - int 3
GameAssembly.dll+8AFC9B: CC - int 3
GameAssembly.dll+8AFC9C: CC - int 3
GameAssembly.dll+8AFC9D: CC - int 3
GameAssembly.dll+8AFC9E: CC - int 3
GameAssembly.dll+8AFC9F: CC - int 3
// ---------- INJECTING HERE ----------
GameController.GetAveragePlayerInsanity: 48 89 6C 24 18 - mov [rsp+18],rbp
// ---------- DONE INJECTING ----------
GameAssembly.dll+8AFCA5: 48 89 74 24 20 - mov [rsp+20],rsi
GameAssembly.dll+8AFCAA: 57 - push rdi
GameAssembly.dll+8AFCAB: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+8AFCAF: 80 3D 0F 64 30 03 00 - cmp byte ptr [GameAssembly.dll+3BB60C5],00
GameAssembly.dll+8AFCB6: 48 8B E9 - mov rbp,rcx
GameAssembly.dll+8AFCB9: 0F 29 74 24 20 - movaps [rsp+20],xmm6
GameAssembly.dll+8AFCBE: 75 12 - jne GameAssembly.dll+8AFCD2
GameAssembly.dll+8AFCC0: 8B 0D 22 C1 8C 02 - mov ecx,[GameAssembly.dll+317BDE8]
GameAssembly.dll+8AFCC6: E8 25 81 9F FF - call GameAssembly.dll+2A7DF0
GameAssembly.dll+8AFCCB: C6 05 F3 63 30 03 01 - mov byte ptr [GameAssembly.dll+3BB60C5],01
}
70044
"Insanity Value"
0
D500D5
Float
_AVGI
70
70045
"Team Sanity % Value"
0
D500D5
Float
_TSAN
70118
"Sanity Changer [ig]"
0080FF
1
70071
"100 Sanity"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2021-09-20
This script does blah blah blah
}
define(address,GameController.GetAveragePlayerInsanity+DD)
define(bytes,F3 0F 58 70 28)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,GameController.GetAveragePlayerInsanity+DD)
label(code)
label(return)
newmem:
mov [rax+28],(float)0
jmp code
code:
addss xmm6,[rax+28]
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// addss xmm6,[rax+28]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1300897
GameAssembly.dll+1300876: 8B D7 - mov edx,edi
GameAssembly.dll+1300878: E8 83 59 D0 FE - call GameAssembly.il2cpp_custom_attrs_free+2B00
GameAssembly.dll+130087D: 48 85 C0 - test rax,rax
GameAssembly.dll+1300880: 74 70 - je GameAssembly.dll+13008F2
GameAssembly.dll+1300882: 48 8B 40 10 - mov rax,[rax+10]
GameAssembly.dll+1300886: 48 85 C0 - test rax,rax
GameAssembly.dll+1300889: 74 67 - je GameAssembly.dll+13008F2
GameAssembly.dll+130088B: 48 8B 80 B0 00 00 00 - mov rax,[rax+000000B0]
GameAssembly.dll+1300892: 48 85 C0 - test rax,rax
GameAssembly.dll+1300895: 74 5B - je GameAssembly.dll+13008F2
// ---------- INJECTING HERE ----------
GameAssembly.dll+1300897: F3 0F 58 70 28 - addss xmm6,[rax+28]
// ---------- DONE INJECTING ----------
GameAssembly.dll+130089C: FF C6 - inc esi
GameAssembly.dll+130089E: 48 8B 45 58 - mov rax,[rbp+58]
GameAssembly.dll+13008A2: FF C7 - inc edi
GameAssembly.dll+13008A4: 49 83 C6 08 - add r14,08
GameAssembly.dll+13008A8: 8B CF - mov ecx,edi
GameAssembly.dll+13008AA: 48 8B D8 - mov rbx,rax
GameAssembly.dll+13008AD: 48 85 C0 - test rax,rax
GameAssembly.dll+13008B0: 74 40 - je GameAssembly.dll+13008F2
GameAssembly.dll+13008B2: E9 69 FF FF FF - jmp GameAssembly.dll+1300820
GameAssembly.dll+13008B7: 85 F6 - test esi,esi
}
70119
"75 Sanity"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2021-09-20
Author : joeyc
This script does blah blah blah
}
define(address,GameController.GetAveragePlayerInsanity+DD)
define(bytes,F3 0F 58 70 28)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,GameController.GetAveragePlayerInsanity+DD)
label(code)
label(return)
newmem:
mov [rax+28],(float)25
jmp code
code:
addss xmm6,[rax+28]
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// addss xmm6,[rax+28]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1300897
GameAssembly.dll+1300876: 8B D7 - mov edx,edi
GameAssembly.dll+1300878: E8 83 59 D0 FE - call GameAssembly.il2cpp_custom_attrs_free+2B00
GameAssembly.dll+130087D: 48 85 C0 - test rax,rax
GameAssembly.dll+1300880: 74 70 - je GameAssembly.dll+13008F2
GameAssembly.dll+1300882: 48 8B 40 10 - mov rax,[rax+10]
GameAssembly.dll+1300886: 48 85 C0 - test rax,rax
GameAssembly.dll+1300889: 74 67 - je GameAssembly.dll+13008F2
GameAssembly.dll+130088B: 48 8B 80 B0 00 00 00 - mov rax,[rax+000000B0]
GameAssembly.dll+1300892: 48 85 C0 - test rax,rax
GameAssembly.dll+1300895: 74 5B - je GameAssembly.dll+13008F2
// ---------- INJECTING HERE ----------
GameAssembly.dll+1300897: F3 0F 58 70 28 - addss xmm6,[rax+28]
// ---------- DONE INJECTING ----------
GameAssembly.dll+130089C: FF C6 - inc esi
GameAssembly.dll+130089E: 48 8B 45 58 - mov rax,[rbp+58]
GameAssembly.dll+13008A2: FF C7 - inc edi
GameAssembly.dll+13008A4: 49 83 C6 08 - add r14,08
GameAssembly.dll+13008A8: 8B CF - mov ecx,edi
GameAssembly.dll+13008AA: 48 8B D8 - mov rbx,rax
GameAssembly.dll+13008AD: 48 85 C0 - test rax,rax
GameAssembly.dll+13008B0: 74 40 - je GameAssembly.dll+13008F2
GameAssembly.dll+13008B2: E9 69 FF FF FF - jmp GameAssembly.dll+1300820
GameAssembly.dll+13008B7: 85 F6 - test esi,esi
}
70113
"50 Sanity"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2021-09-20
Author : joeyc
This script does blah blah blah
}
define(address,GameController.GetAveragePlayerInsanity+DD)
define(bytes,F3 0F 58 70 28)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,GameController.GetAveragePlayerInsanity+DD)
label(code)
label(return)
newmem:
mov [rax+28],(float)50
jmp code
code:
addss xmm6,[rax+28]
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// addss xmm6,[rax+28]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1300897
GameAssembly.dll+1300876: 8B D7 - mov edx,edi
GameAssembly.dll+1300878: E8 83 59 D0 FE - call GameAssembly.il2cpp_custom_attrs_free+2B00
GameAssembly.dll+130087D: 48 85 C0 - test rax,rax
GameAssembly.dll+1300880: 74 70 - je GameAssembly.dll+13008F2
GameAssembly.dll+1300882: 48 8B 40 10 - mov rax,[rax+10]
GameAssembly.dll+1300886: 48 85 C0 - test rax,rax
GameAssembly.dll+1300889: 74 67 - je GameAssembly.dll+13008F2
GameAssembly.dll+130088B: 48 8B 80 B0 00 00 00 - mov rax,[rax+000000B0]
GameAssembly.dll+1300892: 48 85 C0 - test rax,rax
GameAssembly.dll+1300895: 74 5B - je GameAssembly.dll+13008F2
// ---------- INJECTING HERE ----------
GameAssembly.dll+1300897: F3 0F 58 70 28 - addss xmm6,[rax+28]
// ---------- DONE INJECTING ----------
GameAssembly.dll+130089C: FF C6 - inc esi
GameAssembly.dll+130089E: 48 8B 45 58 - mov rax,[rbp+58]
GameAssembly.dll+13008A2: FF C7 - inc edi
GameAssembly.dll+13008A4: 49 83 C6 08 - add r14,08
GameAssembly.dll+13008A8: 8B CF - mov ecx,edi
GameAssembly.dll+13008AA: 48 8B D8 - mov rbx,rax
GameAssembly.dll+13008AD: 48 85 C0 - test rax,rax
GameAssembly.dll+13008B0: 74 40 - je GameAssembly.dll+13008F2
GameAssembly.dll+13008B2: E9 69 FF FF FF - jmp GameAssembly.dll+1300820
GameAssembly.dll+13008B7: 85 F6 - test esi,esi
}
70120
"25 Sanity"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2021-09-20
Author : joeyc
This script does blah blah blah
}
define(address,GameController.GetAveragePlayerInsanity+DD)
define(bytes,F3 0F 58 70 28)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,GameController.GetAveragePlayerInsanity+DD)
label(code)
label(return)
newmem:
mov [rax+28],(float)75
jmp code
code:
addss xmm6,[rax+28]
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// addss xmm6,[rax+28]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1300897
GameAssembly.dll+1300876: 8B D7 - mov edx,edi
GameAssembly.dll+1300878: E8 83 59 D0 FE - call GameAssembly.il2cpp_custom_attrs_free+2B00
GameAssembly.dll+130087D: 48 85 C0 - test rax,rax
GameAssembly.dll+1300880: 74 70 - je GameAssembly.dll+13008F2
GameAssembly.dll+1300882: 48 8B 40 10 - mov rax,[rax+10]
GameAssembly.dll+1300886: 48 85 C0 - test rax,rax
GameAssembly.dll+1300889: 74 67 - je GameAssembly.dll+13008F2
GameAssembly.dll+130088B: 48 8B 80 B0 00 00 00 - mov rax,[rax+000000B0]
GameAssembly.dll+1300892: 48 85 C0 - test rax,rax
GameAssembly.dll+1300895: 74 5B - je GameAssembly.dll+13008F2
// ---------- INJECTING HERE ----------
GameAssembly.dll+1300897: F3 0F 58 70 28 - addss xmm6,[rax+28]
// ---------- DONE INJECTING ----------
GameAssembly.dll+130089C: FF C6 - inc esi
GameAssembly.dll+130089E: 48 8B 45 58 - mov rax,[rbp+58]
GameAssembly.dll+13008A2: FF C7 - inc edi
GameAssembly.dll+13008A4: 49 83 C6 08 - add r14,08
GameAssembly.dll+13008A8: 8B CF - mov ecx,edi
GameAssembly.dll+13008AA: 48 8B D8 - mov rbx,rax
GameAssembly.dll+13008AD: 48 85 C0 - test rax,rax
GameAssembly.dll+13008B0: 74 40 - je GameAssembly.dll+13008F2
GameAssembly.dll+13008B2: E9 69 FF FF FF - jmp GameAssembly.dll+1300820
GameAssembly.dll+13008B7: 85 F6 - test esi,esi
}
44300
"0 Sanity"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2021-09-20
Author : joeyc
This script does blah blah blah
}
define(address,GameController.GetAveragePlayerInsanity+DD)
define(bytes,F3 0F 58 70 28)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,GameController.GetAveragePlayerInsanity+DD)
label(code)
label(return)
newmem:
mov [rax+28],(float)99
jmp code
code:
addss xmm6,[rax+28]
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
// addss xmm6,[rax+28]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1300897
GameAssembly.dll+1300876: 8B D7 - mov edx,edi
GameAssembly.dll+1300878: E8 83 59 D0 FE - call GameAssembly.il2cpp_custom_attrs_free+2B00
GameAssembly.dll+130087D: 48 85 C0 - test rax,rax
GameAssembly.dll+1300880: 74 70 - je GameAssembly.dll+13008F2
GameAssembly.dll+1300882: 48 8B 40 10 - mov rax,[rax+10]
GameAssembly.dll+1300886: 48 85 C0 - test rax,rax
GameAssembly.dll+1300889: 74 67 - je GameAssembly.dll+13008F2
GameAssembly.dll+130088B: 48 8B 80 B0 00 00 00 - mov rax,[rax+000000B0]
GameAssembly.dll+1300892: 48 85 C0 - test rax,rax
GameAssembly.dll+1300895: 74 5B - je GameAssembly.dll+13008F2
// ---------- INJECTING HERE ----------
GameAssembly.dll+1300897: F3 0F 58 70 28 - addss xmm6,[rax+28]
// ---------- DONE INJECTING ----------
GameAssembly.dll+130089C: FF C6 - inc esi
GameAssembly.dll+130089E: 48 8B 45 58 - mov rax,[rbp+58]
GameAssembly.dll+13008A2: FF C7 - inc edi
GameAssembly.dll+13008A4: 49 83 C6 08 - add r14,08
GameAssembly.dll+13008A8: 8B CF - mov ecx,edi
GameAssembly.dll+13008AA: 48 8B D8 - mov rbx,rax
GameAssembly.dll+13008AD: 48 85 C0 - test rax,rax
GameAssembly.dll+13008B0: 74 40 - je GameAssembly.dll+13008F2
GameAssembly.dll+13008B2: E9 69 FF FF FF - jmp GameAssembly.dll+1300820
GameAssembly.dll+13008B7: 85 F6 - test esi,esi
}
70072
"4-Slot Inventory [ig]"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2021-10-02
Author : joeyc
This script does blah blah blah
}
define(address,Player.Update+3F)
define(bytes,48 89 7C 24 50)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 100,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,Player.Update+3F)
label(code)
label(return)
newmem:
push rbp
push r12
mov rbp,[rbx+118]
mov rbp,[rbp+60]
mov [rbp+18],04
mov rbp,[rbp+10]
mov [rbp+18],04
jmp code
code:
pop rbp
pop r12
mov [rsp+50],rdi
jmp return
address:
jmp newmem
return:
[DISABLE]
address:
db bytes
dealloc(newmem)
{ old area
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+14918E4
GameAssembly.dll+14918BA: 5F - pop rdi
GameAssembly.dll+14918BB: E9 70 8A FF FF - jmp Player.੮੫ੰੱ੯ੲੰ੬
Player.Update: 40 53 - push rbx
GameAssembly.dll+14918C2: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+14918C6: 80 3D B6 24 17 02 00 - cmp byte ptr [GameAssembly.dll+3603D83],00
GameAssembly.dll+14918CD: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+14918D0: 75 12 - jne GameAssembly.dll+14918E4
GameAssembly.dll+14918D2: 8B 0D 94 D8 88 01 - mov ecx,[GameAssembly.dll+2D1F16C]
GameAssembly.dll+14918D8: E8 F3 91 C7 FE - call GameAssembly.dll+10AAD0
GameAssembly.dll+14918DD: C6 05 9F 24 17 02 01 - mov byte ptr [GameAssembly.dll+3603D83],01
// ---------- INJECTING HERE ----------
GameAssembly.dll+14918E4: 48 8B 43 18 - mov rax,[rbx+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+14918E8: 48 89 7C 24 50 - mov [rsp+50],rdi
GameAssembly.dll+14918ED: 48 85 C0 - test rax,rax
GameAssembly.dll+14918F0: 0F 84 DC 00 00 00 - je GameAssembly.dll+14919D2
GameAssembly.dll+14918F6: 80 78 60 00 - cmp byte ptr [rax+60],00
GameAssembly.dll+14918FA: 0F 84 C7 00 00 00 - je GameAssembly.dll+14919C7
GameAssembly.dll+1491900: 48 8B 0D B1 35 18 02 - mov rcx,[GameAssembly.dll+3614EB8]
GameAssembly.dll+1491907: 48 8B BB E8 00 00 00 - mov rdi,[rbx+000000E8]
GameAssembly.dll+149190E: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+1491915: 74 0E - je GameAssembly.dll+1491925
GameAssembly.dll+1491917: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
}
{ latest
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+2025EDD
GameAssembly.dll+2025EA9: E8 C2 E0 15 FE - call GameAssembly.dll+183F70
GameAssembly.dll+2025EAE: 48 8D 0D B3 D4 85 01 - lea rcx,[GameAssembly.dll+3883368]
GameAssembly.dll+2025EB5: E8 B6 E0 15 FE - call GameAssembly.dll+183F70
GameAssembly.dll+2025EBA: 48 8D 0D 17 FC 84 01 - lea rcx,[GameAssembly.dll+3875AD8]
GameAssembly.dll+2025EC1: E8 AA E0 15 FE - call GameAssembly.dll+183F70
GameAssembly.dll+2025EC6: C6 05 9D 06 92 01 01 - mov byte ptr [GameAssembly.dll+394656A],01
GameAssembly.dll+2025ECD: 33 C0 - xor eax,eax
GameAssembly.dll+2025ECF: 48 89 7C 24 50 - mov [rsp+50],rdi
GameAssembly.dll+2025ED4: 48 89 44 24 20 - mov [rsp+20],rax
GameAssembly.dll+2025ED9: 89 44 24 28 - mov [rsp+28],eax
// ---------- INJECTING HERE ----------
GameAssembly.dll+2025EDD: 48 8B 43 18 - mov rax,[rbx+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+2025EE1: 48 85 C0 - test rax,rax
GameAssembly.dll+2025EE4: 0F 84 CF 00 00 00 - je GameAssembly.dll+2025FB9
GameAssembly.dll+2025EEA: 80 78 60 00 - cmp byte ptr [rax+60],00
GameAssembly.dll+2025EEE: 0F 84 BA 00 00 00 - je GameAssembly.dll+2025FAE
GameAssembly.dll+2025EF4: 48 8B 0D 4D F6 88 01 - mov rcx,[GameAssembly.dll+38B5548]
GameAssembly.dll+2025EFB: 48 8B BB 50 01 00 00 - mov rdi,[rbx+00000150]
GameAssembly.dll+2025F02: F6 81 33 01 00 00 04 - test byte ptr [rcx+00000133],04
GameAssembly.dll+2025F09: 74 0E - je GameAssembly.dll+2025F19
GameAssembly.dll+2025F0B: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+2025F12: 75 05 - jne GameAssembly.dll+2025F19
}
{ new area so it doesn't interfere with the solo section
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+2025ECF
GameAssembly.dll+2025E9D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+2025EA0: 75 2B - jne GameAssembly.dll+2025ECD
GameAssembly.dll+2025EA2: 48 8D 0D 9F F6 88 01 - lea rcx,[GameAssembly.dll+38B5548]
GameAssembly.dll+2025EA9: E8 C2 E0 15 FE - call GameAssembly.dll+183F70
GameAssembly.dll+2025EAE: 48 8D 0D B3 D4 85 01 - lea rcx,[GameAssembly.dll+3883368]
GameAssembly.dll+2025EB5: E8 B6 E0 15 FE - call GameAssembly.dll+183F70
GameAssembly.dll+2025EBA: 48 8D 0D 17 FC 84 01 - lea rcx,[GameAssembly.dll+3875AD8]
GameAssembly.dll+2025EC1: E8 AA E0 15 FE - call GameAssembly.dll+183F70
GameAssembly.dll+2025EC6: C6 05 9D 06 92 01 01 - mov byte ptr [GameAssembly.dll+394656A],01
GameAssembly.dll+2025ECD: 33 C0 - xor eax,eax
// ---------- INJECTING HERE ----------
GameAssembly.dll+2025ECF: 48 89 7C 24 50 - mov [rsp+50],rdi
// ---------- DONE INJECTING ----------
GameAssembly.dll+2025ED4: 48 89 44 24 20 - mov [rsp+20],rax
GameAssembly.dll+2025ED9: 89 44 24 28 - mov [rsp+28],eax
GameAssembly.dll+2025EDD: 48 8B 43 18 - mov rax,[rbx+18]
GameAssembly.dll+2025EE1: 48 85 C0 - test rax,rax
GameAssembly.dll+2025EE4: 0F 84 CF 00 00 00 - je GameAssembly.dll+2025FB9
GameAssembly.dll+2025EEA: 80 78 60 00 - cmp byte ptr [rax+60],00
GameAssembly.dll+2025EEE: 0F 84 BA 00 00 00 - je GameAssembly.dll+2025FAE
GameAssembly.dll+2025EF4: 48 8B 0D 4D F6 88 01 - mov rcx,[GameAssembly.dll+38B5548]
GameAssembly.dll+2025EFB: 48 8B BB 50 01 00 00 - mov rdi,[rbx+00000150]
GameAssembly.dll+2025F02: F6 81 33 01 00 00 04 - test byte ptr [rcx+00000133],04
}
70024
"Movement Speed"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Zephirot
Mono : Assembly-CSharp-firstpass.dll -> FirstPersonController:GetInput()
}
[ENABLE]
aobscanregion(WalkSpeed,FirstPersonController.GetInput,FirstPersonController.GetInput+100,F3 0F 10 05 ? ? ? ? F3 0F 11) // should be unique
alloc(newmem,$100,WalkSpeed)
alloc(original_walk_bytes,8)
registersymbol(original_walk_bytes)
label(code)
label(return)
label(_WSpeed)
registersymbol(_WSpeed)
original_walk_bytes:
readmem(WalkSpeed,8)
newmem:
code:
//movss xmm0,[GameAssembly.dll+2B0800C] (1.60)
push rax
mov rax,[_WSpeed]
movd xmm0,rax
pop rax
jmp return
_WSpeed:
dd (float)2.4
WalkSpeed:
jmp newmem
db 90 90 90
return:
registersymbol(WalkSpeed)
aobscanregion(RunSpeed,FirstPersonController.GetInput,FirstPersonController.GetInput+100,F3 0F 10 05 ? ? ? ? EB 08 F3 0F 10 05) // should be unique
alloc(newmem2,$100,RunSpeed)
alloc(original_run_bytes,8)
registersymbol(original_run_bytes)
label(code2)
label(return2)
label(_RSpeed)
registersymbol(_RSpeed)
original_run_bytes:
readmem(RunSpeed,8)
newmem2:
code2:
//movss xmm0,[GameAssembly.dll+2B08010] (3.00)
push ebx
mov ebx,[_RSpeed]
movd xmm0,ebx
pop ebx
jmp return2
_RSpeed:
dd (float)4.8
RunSpeed:
jmp newmem2
db 90 90 90
return2:
registersymbol(RunSpeed)
[DISABLE]
WalkSpeed:
readmem(original_walk_bytes,8)
//db F3 0F 10 05 A6 05 7C 02
unregistersymbol(WalkSpeed)
unregistersymbol(_WSpeed)
unregistersymbol(original_walk_bytes)
dealloc(newmem)
{ walk old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+347A5E
GameAssembly.dll+347A34: 75 12 - jne GameAssembly.dll+347A48
GameAssembly.dll+347A36: 8B 0D 28 91 86 02 - mov ecx,[GameAssembly.dll+2BB0B64]
GameAssembly.dll+347A3C: E8 EF C0 D9 FF - call GameAssembly.dll+E3B30
GameAssembly.dll+347A41: C6 05 C4 E0 1B 03 01 - mov byte ptr [GameAssembly.dll+3505B0C],01
GameAssembly.dll+347A48: 80 7B 19 00 - cmp byte ptr [rbx+19],00
GameAssembly.dll+347A4C: 75 10 - jne GameAssembly.dll+347A5E
GameAssembly.dll+347A4E: 80 7B 1A 00 - cmp byte ptr [rbx+1A],00
GameAssembly.dll+347A52: 74 0A - je GameAssembly.dll+347A5E
GameAssembly.dll+347A54: F3 0F 10 05 B4 05 7C 02 - movss xmm0,[GameAssembly.dll+2B08010]
GameAssembly.dll+347A5C: EB 08 - jmp GameAssembly.dll+347A66
// ---------- INJECTING HERE ----------
GameAssembly.dll+347A5E: F3 0F 10 05 A6 05 7C 02 - movss xmm0,[GameAssembly.dll+2B0800C]
// ---------- DONE INJECTING ----------
GameAssembly.dll+347A66: F3 0F 11 83 B8 00 00 00 - movss [rbx+000000B8],xmm0
GameAssembly.dll+347A6E: 80 7B 18 00 - cmp byte ptr [rbx+18],00
GameAssembly.dll+347A72: 74 0A - je GameAssembly.dll+347A7E
GameAssembly.dll+347A74: C7 83 B8 00 00 00 00 00 00 00 - mov [rbx+000000B8],00000000
GameAssembly.dll+347A7E: 33 D2 - xor edx,edx
GameAssembly.dll+347A80: 48 8D 4B 78 - lea rcx,[rbx+78]
GameAssembly.dll+347A84: E8 87 A2 AF 00 - call GameAssembly.dll+E41D10
GameAssembly.dll+347A89: 0F 2F 05 D0 04 7C 02 - comiss xmm0,[GameAssembly.dll+2B07F60]
GameAssembly.dll+347A90: 76 0B - jna GameAssembly.dll+347A9D
GameAssembly.dll+347A92: 33 D2 - xor edx,edx
}
RunSpeed:
readmem(original_run_bytes,8)
//db F3 0F 10 05 B4 05 7C 02
unregistersymbol(RunSpeed)
unregistersymbol(_RSpeed)
unregistersymbol(original_run_bytes)
dealloc(newmem2)
{ run old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+347A54
GameAssembly.dll+347A2A: 80 3D DB E0 1B 03 00 - cmp byte ptr [GameAssembly.dll+3505B0C],00
GameAssembly.dll+347A31: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+347A34: 75 12 - jne GameAssembly.dll+347A48
GameAssembly.dll+347A36: 8B 0D 28 91 86 02 - mov ecx,[GameAssembly.dll+2BB0B64]
GameAssembly.dll+347A3C: E8 EF C0 D9 FF - call GameAssembly.dll+E3B30
GameAssembly.dll+347A41: C6 05 C4 E0 1B 03 01 - mov byte ptr [GameAssembly.dll+3505B0C],01
GameAssembly.dll+347A48: 80 7B 19 00 - cmp byte ptr [rbx+19],00
GameAssembly.dll+347A4C: 75 10 - jne GameAssembly.dll+347A5E
GameAssembly.dll+347A4E: 80 7B 1A 00 - cmp byte ptr [rbx+1A],00
GameAssembly.dll+347A52: 74 0A - je GameAssembly.dll+347A5E
// ---------- INJECTING HERE ----------
GameAssembly.dll+347A54: F3 0F 10 05 B4 05 7C 02 - movss xmm0,[GameAssembly.dll+2B08010]
// ---------- DONE INJECTING ----------
GameAssembly.dll+347A5C: EB 08 - jmp GameAssembly.dll+347A66
GameAssembly.dll+347A5E: F3 0F 10 05 A6 05 7C 02 - movss xmm0,[GameAssembly.dll+2B0800C]
GameAssembly.dll+347A66: F3 0F 11 83 B8 00 00 00 - movss [rbx+000000B8],xmm0
GameAssembly.dll+347A6E: 80 7B 18 00 - cmp byte ptr [rbx+18],00
GameAssembly.dll+347A72: 74 0A - je GameAssembly.dll+347A7E
GameAssembly.dll+347A74: C7 83 B8 00 00 00 00 00 00 00 - mov [rbx+000000B8],00000000
GameAssembly.dll+347A7E: 33 D2 - xor edx,edx
GameAssembly.dll+347A80: 48 8D 4B 78 - lea rcx,[rbx+78]
GameAssembly.dll+347A84: E8 87 A2 AF 00 - call GameAssembly.dll+E41D10
GameAssembly.dll+347A89: 0F 2F 05 D0 04 7C 02 - comiss xmm0,[GameAssembly.dll+2B07F60]
}
{ run latest
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+AFD519
GameAssembly.dll+AFD4FE: CC - int 3
GameAssembly.dll+AFD4FF: CC - int 3
FirstPersonController.GetInput: 48 89 5C 24 10 - mov [rsp+10],rbx
GameAssembly.dll+AFD505: 57 - push rdi
GameAssembly.dll+AFD506: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+AFD50A: 80 79 19 00 - cmp byte ptr [rcx+19],00
GameAssembly.dll+AFD50E: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+AFD511: 75 10 - jne GameAssembly.dll+AFD523
GameAssembly.dll+AFD513: 80 79 1A 00 - cmp byte ptr [rcx+1A],00
GameAssembly.dll+AFD517: 74 0A - je GameAssembly.dll+AFD523
// ---------- INJECTING HERE ----------
GameAssembly.dll+AFD519: F3 0F 10 05 B7 DE 5A 02 - movss xmm0,[GameAssembly.dll+30AB3D8]
// ---------- DONE INJECTING ----------
GameAssembly.dll+AFD521: EB 08 - jmp GameAssembly.dll+AFD52B
GameAssembly.dll+AFD523: F3 0F 10 05 9D DE 5A 02 - movss xmm0,[GameAssembly.dll+30AB3C8]
GameAssembly.dll+AFD52B: F3 0F 11 81 90 00 00 00 - movss [rcx+00000090],xmm0
GameAssembly.dll+AFD533: 80 79 18 00 - cmp byte ptr [rcx+18],00
GameAssembly.dll+AFD537: 74 0A - je GameAssembly.dll+AFD543
GameAssembly.dll+AFD539: C7 81 90 00 00 00 00 00 00 00 - mov [rcx+00000090],00000000
GameAssembly.dll+AFD543: 33 D2 - xor edx,edx
GameAssembly.dll+AFD545: 48 83 C1 60 - add rcx,60
GameAssembly.dll+AFD549: E8 F2 47 D5 FF - call GameAssembly.dll+851D40
GameAss
70025
"Walk Speed (Default = 1.6)"
0
FFFF00
Float
_WSpeed
70026
"Run Speed (Default = 3.0)"
0
FFFF00
Float
_RSpeed
44619
"Immortality"
93CD32
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 02-07-2022
Author : Glowmoss
}
[ENABLE]
assert(Player.StartKillingPlayer,40)
assert(DeadZoneController.SpawnDeathRoomNetworked,40)
Player.StartKillingPlayer:
db C3
DeadZoneController.SpawnDeathRoomNetworked:
db C3
[DISABLE]
Player.StartKillingPlayer:
db 40
DeadZoneController.SpawnDeathRoomNetworked:
db 40
70160
"Revive Players (Tarot Cards must be the cursed items)"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
}
define(address,Player.Update)
define(bytes,40 53 48 83 EC 40)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 1,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,Player.Update)
label(code)
label(return)
newmem:
code:
jmp Player.RevivePlayer
push rbx
sub rsp,40
jmp return
address:
jmp newmem
db 90
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,40
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Player.Update
GameAssembly.dll+126CED2: C3 - ret
GameAssembly.dll+126CED3: E8 88 77 E7 FE - call GameAssembly.dll+E4660
GameAssembly.dll+126CED8: CC - int 3
GameAssembly.dll+126CED9: CC - int 3
GameAssembly.dll+126CEDA: CC - int 3
GameAssembly.dll+126CEDB: CC - int 3
GameAssembly.dll+126CEDC: CC - int 3
GameAssembly.dll+126CEDD: CC - int 3
GameAssembly.dll+126CEDE: CC - int 3
GameAssembly.dll+126CEDF: CC - int 3
// ---------- INJECTING HERE ----------
Player.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+126CEE2: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+126CEE6: 80 3D B1 85 92 02 00 - cmp byte ptr [GameAssembly.dll+3B9549E],00
GameAssembly.dll+126CEED: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+126CEF0: 75 12 - jne GameAssembly.dll+126CF04
GameAssembly.dll+126CEF2: 8B 0D EC A0 F9 01 - mov ecx,[GameAssembly.dll+3206FE4]
GameAssembly.dll+126CEF8: E8 F3 75 E7 FE - call GameAssembly.dll+E44F0
GameAssembly.dll+126CEFD: C6 05 9A 85 92 02 01 - mov byte ptr [GameAssembly.dll+3B9549E],01
GameAssembly.dll+126CF04: 48 8B 43 18 - mov rax,[rbx+18]
GameAssembly.dll+126CF08: 48 89 7C 24 50 - mov [rsp+50],rdi
GameAssembly.dll+126CF0D: 48 85 C0 - test rax,rax
}
70147
"Kill Everyone (Host Only)"
93CD32
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2022-02-09
Author : Mortal991
}
define(address,Player.Update)
define(bytes,40 53 48 83 EC 40)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 1,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,Player.Update)
label(code)
label(return)
newmem:
code:
jmp Player.StartKillingPlayer
push rbx
sub rsp,40
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,40
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Player.Update
GameAssembly.dll+14E6E17: E8 54 A2 58 FF - call UnityEngine.GameObject.SetActive
GameAssembly.dll+14E6E1C: 48 8B 5C 24 30 - mov rbx,[rsp+30]
GameAssembly.dll+14E6E21: 48 83 C4 20 - add rsp,20
GameAssembly.dll+14E6E25: 5F - pop rdi
GameAssembly.dll+14E6E26: C3 - ret
GameAssembly.dll+14E6E27: E8 F4 9B C1 FE - call GameAssembly.dll+100A20
GameAssembly.dll+14E6E2C: CC - int 3
GameAssembly.dll+14E6E2D: CC - int 3
GameAssembly.dll+14E6E2E: CC - int 3
GameAssembly.dll+14E6E2F: CC - int 3
// ---------- INJECTING HERE ----------
Player.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+14E6E32: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+14E6E36: 80 3D 6B 06 6D 02 00 - cmp byte ptr [GameAssembly.dll+3BB74A8],00
GameAssembly.dll+14E6E3D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+14E6E40: 75 12 - jne GameAssembly.dll+14E6E54
GameAssembly.dll+14E6E42: 8B 0D EC C2 D3 01 - mov ecx,[GameAssembly.dll+3223134]
GameAssembly.dll+14E6E48: E8 63 9A C1 FE - call GameAssembly.dll+1008B0
GameAssembly.dll+14E6E4D: C6 05 54 06 6D 02 01 - mov byte ptr [GameAssembly.dll+3BB74A8],01
GameAssembly.dll+14E6E54: E9 A7 91 13 FE - jmp 7FFAB9350000
GameAssembly.dll+14E6E59: 0F 1F 40 00 - nop dword ptr [rax+00]
GameAssembly.dll+14E6E5D: 48 85 C0 - test rax,rax
}
70149
"Suicide"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
}
define(address,Player.Update)
define(bytes,40 53 48 83 EC 40)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 10,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,Player.Update)
label(code)
label(return)
newmem:
code:
jmp Player.KillPlayer
push rbx
sub rsp,40
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,40
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Player.Update
GameAssembly.dll+14E6E17: E8 54 A2 58 FF - call UnityEngine.GameObject.SetActive
GameAssembly.dll+14E6E1C: 48 8B 5C 24 30 - mov rbx,[rsp+30]
GameAssembly.dll+14E6E21: 48 83 C4 20 - add rsp,20
GameAssembly.dll+14E6E25: 5F - pop rdi
GameAssembly.dll+14E6E26: C3 - ret
GameAssembly.dll+14E6E27: E8 F4 9B C1 FE - call GameAssembly.dll+100A20
GameAssembly.dll+14E6E2C: CC - int 3
GameAssembly.dll+14E6E2D: CC - int 3
GameAssembly.dll+14E6E2E: CC - int 3
GameAssembly.dll+14E6E2F: CC - int 3
// ---------- INJECTING HERE ----------
Player.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+14E6E32: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+14E6E36: 80 3D 6B 06 6D 02 00 - cmp byte ptr [GameAssembly.dll+3BB74A8],00
GameAssembly.dll+14E6E3D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+14E6E40: 75 12 - jne GameAssembly.dll+14E6E54
GameAssembly.dll+14E6E42: 8B 0D EC C2 D3 01 - mov ecx,[GameAssembly.dll+3223134]
GameAssembly.dll+14E6E48: E8 63 9A C1 FE - call GameAssembly.dll+1008B0
GameAssembly.dll+14E6E4D: C6 05 54 06 6D 02 01 - mov byte ptr [GameAssembly.dll+3BB74A8],01
GameAssembly.dll+14E6E54: E9 A7 91 CC FD - jmp 7FFAB8EE0000
GameAssembly.dll+14E6E59: 0F 1F 40 00 - nop dword ptr [rax+00]
GameAssembly.dll+14E6E5D: 48 85 C0 - test rax,rax
}
70125
"Freeze Player Location (doesn't stop you from moving just tells the game you are somewhere else)"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
Edited/Updated by: Glowmoss
}
define(freezeloc,Player.IsPlayerCollider+8C)
define(bytes,48 85 FF 0F 84 4B 02 00 00)
[ENABLE]
assert(freezeloc,bytes)
registersymbol(freezeloc)
freezeloc+04:
db 85
[DISABLE]
freezeloc+04:
db 84
unregistersymbol(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+14DFDB7
GameAssembly.dll+14DFD8A: 80 3D EB 76 6D 02 00 - cmp byte ptr [GameAssembly.dll+3BB747C],00
GameAssembly.dll+14DFD91: 48 8B FA - mov rdi,rdx
GameAssembly.dll+14DFD94: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+14DFD97: 75 12 - jne GameAssembly.dll+14DFDAB
GameAssembly.dll+14DFD99: 8B 0D 91 26 D4 01 - mov ecx,[GameAssembly.dll+3222430]
GameAssembly.dll+14DFD9F: E8 0C 0B C2 FE - call GameAssembly.dll+1008B0
GameAssembly.dll+14DFDA4: C6 05 D1 76 6D 02 01 - mov byte ptr [GameAssembly.dll+3BB747C],01
GameAssembly.dll+14DFDAB: 33 C0 - xor eax,eax
GameAssembly.dll+14DFDAD: 48 89 44 24 48 - mov [rsp+48],rax
GameAssembly.dll+14DFDB2: 48 89 44 24 38 - mov [rsp+38],rax
// ---------- INJECTING HERE ----------
GameAssembly.dll+14DFDB7: 48 85 FF - test rdi,rdi
// ---------- DONE INJECTING ----------
GameAssembly.dll+14DFDBA: 0F 84 4B 02 00 00 - je GameAssembly.dll+14E000B
GameAssembly.dll+14DFDC0: 33 D2 - xor edx,edx
GameAssembly.dll+14DFDC2: 48 8B CF - mov rcx,rdi
GameAssembly.dll+14DFDC5: E8 D6 BD 58 FF - call UnityEngine.Component.get_transform
GameAssembly.dll+14DFDCA: 48 85 C0 - test rax,rax
GameAssembly.dll+14DFDCD: 0F 84 38 02 00 00 - je GameAssembly.dll+14E000B
GameAssembly.dll+14DFDD3: 33 D2 - xor edx,edx
GameAssembly.dll+14DFDD5: 48 89 74 24 30 - mov [rsp+30],rsi
GameAssembly.dll+14DFDDA: 48 8B C8 - mov rcx,rax
GameAssembly.dll+14DFDDD: E8 9E 46 B4 FF - call UnityEngine.Transform.GetRoot
}
45731
"Pick Up Nearly anything interactable (Can break stuff so be careful)"
008000
Auto Assembler Script
define(PickUpNearlyAnything,PCPropGrab.OnPickup+152)
define(bytes,80 7A 38 00 74 0B)
[ENABLE]
assert(PickUpNearlyAnything,bytes)
alloc(newmem,128,PickUpNearlyAnything)
registersymbol(PickUpNearlyAnything)
label(return)
newmem:
mov byte ptr [rdx+38],1
mov byte ptr [rdx+39],1
mov byte ptr [rdx+3A],1
mov byte ptr [rdx+3B],1
mov byte ptr [rdx+F4],1 //switch F4 and F5 for a no gravity place of the item instead of a throw
mov byte ptr [rdx+F5],0
cmp byte ptr [rdx+38],0
reassemble(PickUpNearlyAnything+04)
jmp return
PickUpNearlyAnything:
jmp newmem
db 90
return:
[DISABLE]
PickUpNearlyAnything:
db bytes
dealloc(*)
unregistersymbol(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+6DD252
GameAssembly.dll+6DD228: 74 42 - je GameAssembly.dll+6DD26C
GameAssembly.dll+6DD22A: 4C 8B 05 57 10 27 04 - mov r8,[GameAssembly.dll+494E288]
GameAssembly.dll+6DD231: 48 8D 94 24 B8 00 00 00 - lea rdx,[rsp+000000B8]
GameAssembly.dll+6DD239: 48 8B C8 - mov rcx,rax
GameAssembly.dll+6DD23C: E8 CF FA B4 01 - call GameAssembly.dll+222CD10
GameAssembly.dll+6DD241: 84 C0 - test al,al
GameAssembly.dll+6DD243: 74 1E - je GameAssembly.dll+6DD263
GameAssembly.dll+6DD245: 48 8B 94 24 B8 00 00 00 - mov rdx,[rsp+000000B8]
GameAssembly.dll+6DD24D: 48 85 D2 - test rdx,rdx
GameAssembly.dll+6DD250: 74 1A - je GameAssembly.dll+6DD26C
// ---------- INJECTING HERE ----------
GameAssembly.dll+6DD252: 80 7A 38 00 - cmp byte ptr [rdx+38],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+6DD256: 74 0B - je GameAssembly.dll+6DD263
GameAssembly.dll+6DD258: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+6DD25B: 48 8B CB - mov rcx,rbx
GameAssembly.dll+6DD25E: E8 3D CC 00 00 - call PCPropGrab.ഫഺദഩജറഷബമ
GameAssembly.dll+6DD263: 48 81 C4 90 00 00 00 - add rsp,00000090
GameAssembly.dll+6DD26A: 5B - pop rbx
GameAssembly.dll+6DD26B: C3 - ret
GameAssembly.dll+6DD26C: E8 BF F6 BA FF - call GameAssembly.mono_type_is_struct+7560
GameAssembly.dll+6DD271: CC - int 3
GameAssembly.dll+6DD272: CC - int 3
}
1337094310
"Can be used to pickup the jackolantern's candle to light it if you have trouble lighting it normally"
D500D5
1
44293
"Throw Strength Hook"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 2021-09-20
Author : joeyc
Updated/Edited By: Glowmoss
}
define(StrengthHook,PCPropGrab.Drop+C6D)
define(bytes,F3 0F 10 50 58)
[ENABLE]
assert(StrengthHook,bytes)
alloc(newmem,32,StrengthHook)
alloc(throw_strength,8)
registersymbol(StrengthHook throw_strength)
label(return)
newmem:
movss xmm2,[throw_strength]
jmp return
throw_strength:
dq (float)3
StrengthHook:
jmp newmem
return:
[DISABLE]
StrengthHook:
db bytes
unregistersymbol(*)
dealloc(*)
{ old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+182CD88
GameAssembly.dll+182CD5B: 48 8B D0 - mov rdx,rax
GameAssembly.dll+182CD5E: E8 5D 77 30 FF - call UnityEngine.Transform.get_forward
GameAssembly.dll+182CD63: 48 8B 0D D6 E5 CE 01 - mov rcx,[GameAssembly.dll+351B340]
GameAssembly.dll+182CD6A: F2 0F 10 30 - movsd xmm6,[rax]
GameAssembly.dll+182CD6E: F6 81 2F 01 00 00 02 - test byte ptr [rcx+0000012F],02
GameAssembly.dll+182CD75: 44 8B 70 08 - mov r14d,[rax+08]
GameAssembly.dll+182CD79: 74 0D - je GameAssembly.dll+182CD88
GameAssembly.dll+182CD7B: 39 B9 E0 00 00 00 - cmp [rcx+000000E0],edi
GameAssembly.dll+182CD81: 75 05 - jne GameAssembly.dll+182CD88
GameAssembly.dll+182CD83: E8 F8 CB 84 FE - call GameAssembly.il2cpp_runtime_class_init
// ---------- INJECTING HERE ----------
GameAssembly.dll+182CD88: F3 0F 10 15 80 A2 2C 01 - movss xmm2,[GameAssembly.dll+2AF7010]
// ---------- DONE INJECTING ----------
GameAssembly.dll+182CD90: 48 8D 55 F7 - lea rdx,[rbp-09]
GameAssembly.dll+182CD94: 45 33 C9 - xor r9d,r9d
GameAssembly.dll+182CD97: F2 0F 11 75 F7 - movsd [rbp-09],xmm6
GameAssembly.dll+182CD9C: 48 8D 4D 07 - lea rcx,[rbp+07]
GameAssembly.dll+182CDA0: 44 89 75 FF - mov [rbp-01],r14d
GameAssembly.dll+182CDA4: E8 F7 2B 78 FF - call UnityEngine.Vector3.op_Multiply
GameAssembly.dll+182CDA9: 48 85 F6 - test rsi,rsi
GameAssembly.dll+182CDAC: 0F 84 B0 01 00 00 - je GameAssembly.dll+182CF62
GameAssembly.dll+182CDB2: F2 0F 10 00 - movsd xmm0,[rax]
GameAssembly.dll+182CDB6: 48 8D 55 F7 - lea rdx,[rbp-09]
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+198DE48
GameAssembly.dll+198DE22: 33 D2 - xor edx,edx
GameAssembly.dll+198DE24: E8 D7 56 CA FE - call UnityEngine.Component.get_transform
GameAssembly.dll+198DE29: 48 85 C0 - test rax,rax
GameAssembly.dll+198DE2C: 0F 84 C2 04 00 00 - je GameAssembly.dll+198E2F4
GameAssembly.dll+198DE32: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+198DE35: 48 8D 4D E7 - lea rcx,[rbp-19]
GameAssembly.dll+198DE39: 48 8B D0 - mov rdx,rax
GameAssembly.dll+198DE3C: E8 CF EA EB FE - call UnityEngine.Transform.get_forward
GameAssembly.dll+198DE41: F2 0F 10 18 - movsd xmm3,[rax]
GameAssembly.dll+198DE45: 0F 28 D3 - movaps xmm2,xmm3
// ---------- INJECTING HERE ----------
GameAssembly.dll+198DE48: F3 0F 10 05 DC B2 74 01 - movss xmm0,[GameAssembly.dll+30D912C]
// ---------- DONE INJECTING ----------
GameAssembly.dll+198DE50: F3 0F 10 48 08 - movss xmm1,[rax+08]
GameAssembly.dll+198DE55: 0F C6 D2 55 - shufps xmm2,xmm2,55
GameAssembly.dll+198DE59: F3 0F 59 D8 - mulss xmm3,xmm0
GameAssembly.dll+198DE5D: F3 0F 59 D0 - mulss xmm2,xmm0
GameAssembly.dll+198DE61: F3 0F 59 C8 - mulss xmm1,xmm0
GameAssembly.dll+198DE65: F3 0F 58 DF - addss xmm3,xmm7
GameAssembly.dll+198DE69: F3 0F 58 D6 - addss xmm2,xmm6
GameAssembly.dll+198DE6D: F3 41 0F 58 C8 - addss xmm1,xmm8
GameAssembly.dll+198DE72: 48 85 FF - test rdi,rdi
GameAssembly.dll+198DE75: 0F 84 79 04 00 00 - je GameAssembly.dll+198E2F4
}
{ new
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+66A0ED
GameAssembly.dll+66A0C1: 8B 40 08 - mov eax,[rax+08]
GameAssembly.dll+66A0C4: F2 0F 11 45 B7 - movsd [rbp-49],xmm0
GameAssembly.dll+66A0C9: 89 45 BF - mov [rbp-41],eax
GameAssembly.dll+66A0CC: 48 85 C9 - test rcx,rcx
GameAssembly.dll+66A0CF: 0F 84 2B 01 00 00 - je GameAssembly.dll+66A200
GameAssembly.dll+66A0D5: 4C 8B 05 CC 56 28 04 - mov r8,[GameAssembly.dll+48EF7A8]
GameAssembly.dll+66A0DC: 8B 53 60 - mov edx,[rbx+60]
GameAssembly.dll+66A0DF: E8 CC 55 24 02 - call GameAssembly.dll+28AF6B0
GameAssembly.dll+66A0E4: 48 85 C0 - test rax,rax
GameAssembly.dll+66A0E7: 0F 84 13 01 00 00 - je GameAssembly.dll+66A200
// ---------- INJECTING HERE ----------
GameAssembly.dll+66A0ED: F3 0F 10 50 58 - movss xmm2,[rax+58]
// ---------- DONE INJECTING ----------
GameAssembly.dll+66A0F2: F3 0F 10 45 B7 - movss xmm0,[rbp-49]
GameAssembly.dll+66A0F7: F3 0F 10 4D BB - movss xmm1,[rbp-45]
GameAssembly.dll+66A0FC: F3 0F 59 C2 - mulss xmm0,xmm2
GameAssembly.dll+66A100: F3 0F 59 CA - mulss xmm1,xmm2
GameAssembly.dll+66A104: F3 0F 11 45 C7 - movss [rbp-39],xmm0
GameAssembly.dll+66A109: F3 0F 10 45 BF - movss xmm0,[rbp-41]
GameAssembly.dll+66A10E: F3 0F 59 C2 - mulss xmm0,xmm2
GameAssembly.dll+66A112: F3 0F 11 4D CB - movss [rbp-35],xmm1
GameAssembly.dll+66A117: F3 0F 11 45 CF - movss [rbp-31],xmm0
GameAssembly.dll+66A11C: 48 85 FF - test rdi,rdi
}
1507
"Throw Strength"
0
FFFF00
Float
throw_strength
70117
"Infinite Stamina"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 2022-01-21
Author : Mortal991
Edited/Updated by: Glowmoss
}
define(InfStam,PlayerStamina.തയധഩഞളഢ഻ഡ)
define(bytes,80 79 40 00 75 0F)
[ENABLE]
assert(InfStam,bytes)
registersymbol(InfStam)
InfStam+04:
db EB
[DISABLE]
InfStam+04:
db 75
unregistersymbol(*)
{oldest
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+167D246
GameAssembly.dll+167D238: CC - int 3
GameAssembly.dll+167D239: CC - int 3
GameAssembly.dll+167D23A: CC - int 3
GameAssembly.dll+167D23B: CC - int 3
GameAssembly.dll+167D23C: CC - int 3
GameAssembly.dll+167D23D: CC - int 3
GameAssembly.dll+167D23E: CC - int 3
GameAssembly.dll+167D23F: CC - int 3
PlayerStamina.StartDraining: 80 79 3F 00 - cmp byte ptr [rcx+3F],00
GameAssembly.dll+167D244: 75 0F - jne GameAssembly.dll+167D255
// ---------- INJECTING HERE ----------
GameAssembly.dll+167D246: C6 41 3C 01 - mov byte ptr [rcx+3C],01
// ---------- DONE INJECTING ----------
GameAssembly.dll+167D24A: C6 41 40 00 - mov byte ptr [rcx+40],00
GameAssembly.dll+167D24E: C7 41 54 00 00 00 40 - mov [rcx+54],40000000
GameAssembly.dll+167D255: C3 - ret
GameAssembly.dll+167D256: CC - int 3
GameAssembly.dll+167D257: CC - int 3
GameAssembly.dll+167D258: CC - int 3
GameAssembly.dll+167D259: CC - int 3
GameAssembly.dll+167D25A: CC - int 3
GameAssembly.dll+167D25B: CC - int 3
GameAssembly.dll+167D25C: CC - int 3
}
{ old
// ORIGINAL CODE - INJECTION POINT: PlayerStamina.ੳੲ੩੧੭ੰ੭ੰ੨
GameAssembly.dll+2EA052D: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2EA0530: 48 8B D6 - mov rdx,rsi
GameAssembly.dll+2EA0533: 48 8B CF - mov rcx,rdi
GameAssembly.dll+2EA0536: 48 8B 5C 24 30 - mov rbx,[rsp+30]
GameAssembly.dll+2EA053B: 48 8B 74 24 38 - mov rsi,[rsp+38]
GameAssembly.dll+2EA0540: 48 83 C4 20 - add rsp,20
GameAssembly.dll+2EA0544: 5F - pop rdi
GameAssembly.dll+2EA0545: E9 E6 38 89 FD - jmp UnityEngine.Events.UnityEvent.AddListener
GameAssembly.dll+2EA054A: E8 91 3B 2E FD - call GameAssembly.dll+1840E0
GameAssembly.dll+2EA054F: CC - int 3
// ---------- INJECTING HERE ----------
PlayerStamina.ੳੲ੩੧੭ੰ੭ੰ੨: 80 79 40 00 - cmp byte ptr [rcx+40],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+2EA0554: 75 0F - jne GameAssembly.dll+2EA0565
GameAssembly.dll+2EA0556: C6 41 3D 01 - mov byte ptr [rcx+3D],01
GameAssembly.dll+2EA055A: C6 41 41 00 - mov byte ptr [rcx+41],00
GameAssembly.dll+2EA055E: C7 41 54 00 00 00 40 - mov [rcx+54],40000000
GameAssembly.dll+2EA0565: C3 - ret
GameAssembly.dll+2EA0566: CC - int 3
GameAssembly.dll+2EA0567: CC - int 3
GameAssembly.dll+2EA0568: CC - int 3
GameAssembly.dll+2EA0569: CC - int 3
GameAssembly.dll+2EA056A: CC - int 3
}
{ 0.6.3.1
// ORIGINAL CODE - INJECTION POINT: PlayerStamina.੦੨੨ੳ੭੦੫੩੫੯ੲ
GameAssembly.dll+287AC56: CC - int 3
GameAssembly.dll+287AC57: CC - int 3
GameAssembly.dll+287AC58: CC - int 3
GameAssembly.dll+287AC59: CC - int 3
GameAssembly.dll+287AC5A: CC - int 3
GameAssembly.dll+287AC5B: CC - int 3
GameAssembly.dll+287AC5C: CC - int 3
GameAssembly.dll+287AC5D: CC - int 3
GameAssembly.dll+287AC5E: CC - int 3
GameAssembly.dll+287AC5F: CC - int 3
// ---------- INJECTING HERE ----------
PlayerStamina.੦੨੨ੳ੭੦੫੩੫੯ੲ: 80 79 40 00 - cmp byte ptr [rcx+40],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+287AC64: 75 0F - jne GameAssembly.dll+287AC75
GameAssembly.dll+287AC66: C6 41 3D 00 - mov byte ptr [rcx+3D],00
GameAssembly.dll+287AC6A: C6 41 41 00 - mov byte ptr [rcx+41],00
GameAssembly.dll+287AC6E: C7 41 54 00 C0 15 44 - mov [rcx+54],4415C000
GameAssembly.dll+287AC75: C3 - ret
GameAssembly.dll+287AC76: CC - int 3
GameAssembly.dll+287AC77: CC - int 3
GameAssembly.dll+287AC78: CC - int 3
GameAssembly.dll+287AC79: CC - int 3
GameAssembly.dll+287AC7A: CC - int 3
}
487
"Player Coordinates Hook"
008000
Auto Assembler Script
[ENABLE]
aobscanmodule(PlayerPosition_address, UnityPlayer.dll, F2 0F 10 30 F2 0F 10 78 08) // should be unique
alloc(newmem, $1000, PlayerPosition_address)
alloc(find_coords, 10)
alloc(storecoords, 256)
alloc(storecoords2, 256)
alloc(storecoords4, 256)
alloc(storecoords3, 256)
label(PlayerPosition_code)
label(PlayerPosition_exit)
label(save1)
label(save3)
label(save4)
label(load3)
label(load4)
label(load1)
label(save2)
label(load2)
label(xpos)
label(xpos3)
label(xpos4)
label(ypos)
label(ypos3)
label(ypos4)
label(zpos)
label(zpos3)
label(zpos4)
label(xpos2)
label(ypos2)
label(zpos2)
label(enable_save_slot1)
label(enable_load_slot1)
label(enable_save_slot2)
label(enable_load_slot2)
label(enable_save_slot3)
label(enable_load_slot3)
label(enable_save_slot4)
label(enable_load_slot4)
find_coords:
dd 0
storecoords:
xpos:
dd 0
ypos:
dd 0
zpos:
dd 0
enable_save_slot1:
dd 0
enable_load_slot1:
dd 0
storecoords2:
xpos2:
dd 0
ypos2:
dd 0
zpos2:
dd 0
enable_save_slot2:
dd 0
enable_load_slot2:
dd 0
storecoords3:
xpos3:
dd 0
ypos3:
dd 0
zpos3:
dd 0
enable_save_slot3:
dd 0
enable_load_slot3:
dd 0
storecoords4:
xpos4:
dd 0
ypos4:
dd 0
zpos4:
dd 0
enable_save_slot4:
dd 0
enable_load_slot4:
dd 0
newmem:
mov [find_coords],rax
cmp [enable_save_slot1],1
je save1
cmp [enable_load_slot1],1
je load1
cmp [enable_save_slot2],1
je save2
cmp [enable_load_slot2],1
je load2
cmp [enable_save_slot3],1
je save3
cmp [enable_load_slot3],1
je load3
cmp [enable_save_slot4],1
je save4
cmp [enable_load_slot4],1
je load4
jmp PlayerPosition_code
save1:
mov [enable_save_slot1],0
push rbx
mov rbx,[rax+14]
mov [xpos],rbx
mov rbx,[rax+0C]
mov [ypos],rbx
mov rbx,[rax+4]
mov [zpos],rbx
pop rbx
jmp PlayerPosition_code
load1:
mov [enable_load_slot1],0
push rbx
mov rbx,[xpos]
mov [rax+14],rbx
mov rbx,[ypos]
mov [rax+0C],rbx
mov rbx,[zpos]
mov [rax+4],rbx
pop rbx
jmp PlayerPosition_code
save2:
mov [enable_save_slot2],0
push rdx
mov rdx,[rax+14]
mov [xpos2],rdx
mov rdx,[rax+0C]
mov [ypos2],rdx
mov rdx,[rax+4]
mov [zpos2],rdx
pop rdx
jmp PlayerPosition_code
load2:
mov [enable_load_slot2],0
push rdx
mov rdx,[xpos2]
mov [rax+14],rdx
mov rdx,[ypos2]
mov [rax+0C],rdx
mov rdx,[zpos2]
mov [rax+4],rdx
pop rdx
jmp PlayerPosition_code
save3:
mov [enable_save_slot3],0
push rdx
mov rdx,[rax+14]
mov [xpos3],rdx
mov rdx,[rax+0C]
mov [ypos3],rdx
mov rdx,[rax+4]
mov [zpos3],rdx
pop rdx
jmp PlayerPosition_code
load3:
mov [enable_load_slot3],0
push rdx
mov rdx,[xpos3]
mov [rax+14],rdx
mov rdx,[ypos3]
mov [rax+0C],rdx
mov rdx,[zpos3]
mov [rax+4],rdx
pop rdx
jmp PlayerPosition_code
save4:
mov [enable_save_slot4],0
push rdx
mov rdx,[rax+14]
mov [xpos4],rdx
mov rdx,[rax+0C]
mov [ypos4],rdx
mov rdx,[rax+4]
mov [zpos4],rdx
pop rdx
jmp PlayerPosition_code
load4:
mov [enable_load_slot4],0
push rdx
mov rdx,[xpos4]
mov [rax+14],rdx
mov rdx,[ypos4]
mov [rax+0C],rdx
mov rdx,[zpos4]
mov [rax+4],rdx
pop rdx
jmp PlayerPosition_code
PlayerPosition_code:
movsd xmm6,[rax]
movsd xmm7,[rax+08]
jmp PlayerPosition_exit
PlayerPosition_address:
jmp newmem
nop 4
PlayerPosition_exit:
registersymbol(PlayerPosition_address find_coords xpos ypos zpos xpos2 ypos2 zpos2 xpos3 ypos3 zpos3 xpos4 ypos4 zpos4 enable_save_slot1 enable_load_slot1 enable_save_slot2 enable_load_slot2 enable_save_slot3 enable_load_slot3 enable_save_slot4 enable_load_slot4)
[DISABLE]
PlayerPosition_address:
db F2 0F 10 30 F2 0F 10 78 08
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: UnityPlayer.dll+846CBD
UnityPlayer.dll+846C95: E8 A6 E8 FE FF - call UnityPlayer.dll+835540
UnityPlayer.dll+846C9A: 48 8B C8 - mov rcx,rax
UnityPlayer.dll+846C9D: E8 AE 14 FF FF - call UnityPlayer.dll+838150
UnityPlayer.dll+846CA2: E8 99 E8 FE FF - call UnityPlayer.dll+835540
UnityPlayer.dll+846CA7: 48 8B C8 - mov rcx,rax
UnityPlayer.dll+846CAA: E8 01 CA FE FF - call UnityPlayer.dll+8336B0
UnityPlayer.dll+846CAF: 49 8B 4D 70 - mov rcx,[r13+70]
UnityPlayer.dll+846CB3: 48 8B 01 - mov rax,[rcx]
UnityPlayer.dll+846CB6: FF 50 20 - call qword ptr [rax+20]
UnityPlayer.dll+846CB9: 49 8B 4D 70 - mov rcx,[r13+70]
// ---------- INJECTING HERE ----------
UnityPlayer.dll+846CBD: F2 0F 10 30 - movsd xmm6,[rax]
// ---------- DONE INJECTING ----------
UnityPlayer.dll+846CC1: F2 0F 10 78 08 - movsd xmm7,[rax+08]
UnityPlayer.dll+846CC6: F2 44 0F 10 40 10 - movsd xmm8,[rax+10]
UnityPlayer.dll+846CCC: 48 8B 01 - mov rax,[rcx]
UnityPlayer.dll+846CCF: 66 0F 5A F6 - cvtpd2ps xmm6,xmm6
UnityPlayer.dll+846CD3: 66 0F 5A FF - cvtpd2ps xmm7,xmm7
UnityPlayer.dll+846CD7: 66 45 0F 5A C0 - cvtpd2ps xmm8,xmm8
UnityPlayer.dll+846CDC: FF 90 90 00 00 00 - call qword ptr [rax+00000090]
UnityPlayer.dll+846CE2: 49 8B 4D 48 - mov rcx,[r13+48]
UnityPlayer.dll+846CE6: 48 8D 55 20 - lea rdx,[rbp+20]
UnityPlayer.dll+846CEA: 48 8B 01 - mov rax,[rcx]
}
488
"Save Position Slot1 (F1)"
*:Saved
0:Off
1
008000
Byte
enable_save_slot1
Set Value
112
1
0
Activate
489
"Load Slot1 (Insert)"
1:Loaded
0:Off
1
008000
Byte
enable_load_slot1
Set Value
45
1
0
Activate
490
"Save Position Slot2 (F2)"
Save Position Slot1 (F1)
1
008000
Byte
enable_save_slot2
Set Value
113
1
0
Activate
491
"Load Slot2 (Home)"
Load Slot1 (Insert)
1
008000
Byte
enable_load_slot2
Set Value
36
1
0
Activate
70109
"Save Position Slot3 (F3)"
Save Position Slot1 (F1)
0
008000
Byte
enable_save_slot3
Set Value
114
1
0
Activate
70110
"Load Slot3 (Page Up)"
Load Slot1 (Insert)
0
008000
Byte
enable_load_slot3
Set Value
33
1
0
Activate
70111
"Save Position Slot4 (F4)"
Save Position Slot1 (F1)
0
008000
Byte
enable_save_slot4
Set Value
115
1
0
Activate
70112
"Load Slot4 (Page Down)"
1:Loaded
0:Off
0
008000
Byte
enable_load_slot4
Set Value
34
1
0
Activate
492
"Xpos"
1
FFFF00
Float
find_coords
14
493
"Ypos"
1
FFFF00
Float
find_coords
c
494
"Zpos"
1
FFFF00
Float
find_coords
4
1337094208
"NO OUT OF BOUNDS TELEPORT TO TRUCK"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2022-05-19
Author : joeyc
Updated/Edited By: Glowmoss
}
[ENABLE]
aobscanmodule(xoutof,UnityPlayer.dll,F2 ? ? ? ? ? ? ? 8B ? ? 89 ? ? ? ? ? 8B ? ? 89 ? ? ? ? ? 8B ? ? 89 ? ? ? ? ? 0F B6)
registersymbol(xoutof)
xoutof:
db 90 90 90 90 90 90 90 90
xoutof-0C:
db 90 90 90 90 90 90 90
[DISABLE]
xoutof:
db F2 0F 11 8F 00 02 00 00
xoutof-0C:
db 0F 11 87 F0 01 00 00
unregistersymbol(xoutof)
{ xoutof
// ORIGINAL CODE - INJECTION POINT: UnityPlayer.dll+1184567
UnityPlayer.dll+1184539: 48 8B CF - mov rcx,rdi
UnityPlayer.dll+118453C: 48 89 47 50 - mov [rdi+50],rax
UnityPlayer.dll+1184540: 48 8B 46 58 - mov rax,[rsi+58]
UnityPlayer.dll+1184544: 48 89 47 58 - mov [rdi+58],rax
UnityPlayer.dll+1184548: 48 8B 46 78 - mov rax,[rsi+78]
UnityPlayer.dll+118454C: 48 89 47 60 - mov [rdi+60],rax
UnityPlayer.dll+1184550: 4C 89 BF E8 01 00 00 - mov [rdi+000001E8],r15
UnityPlayer.dll+1184557: 0F 10 46 08 - movups xmm0,[rsi+08]
UnityPlayer.dll+118455B: 0F 11 87 F0 01 00 00 - movups [rdi+000001F0],xmm0
UnityPlayer.dll+1184562: F2 0F 10 4E 18 - movsd xmm1,[rsi+18]
// ---------- INJECTING HERE ----------
UnityPlayer.dll+1184567: F2 0F 11 8F 00 02 00 00 - movsd [rdi+00000200],xmm1
// ---------- DONE INJECTING ----------
UnityPlayer.dll+118456F: 8B 46 40 - mov eax,[rsi+40]
UnityPlayer.dll+1184572: 89 87 40 02 00 00 - mov [rdi+00000240],eax
UnityPlayer.dll+1184578: 8B 46 44 - mov eax,[rsi+44]
UnityPlayer.dll+118457B: 89 87 44 02 00 00 - mov [rdi+00000244],eax
UnityPlayer.dll+1184581: 8B 46 48 - mov eax,[rsi+48]
UnityPlayer.dll+1184584: 89 87 C0 01 00 00 - mov [rdi+000001C0],eax
UnityPlayer.dll+118458A: 0F B6 46 64 - movzx eax,byte ptr [rsi+64]
UnityPlayer.dll+118458E: 88 87 4A 02 00 00 - mov [rdi+0000024A],al
UnityPlayer.dll+1184594: 0F B6 46 70 - movzx eax,byte ptr [rsi+70]
UnityPlayer.dll+1184598: 88 87 4B 02 00 00 - mov [rdi+0000024B],al
}
1337094219
"Equipment"
FF8000
1
1410
"Flashlights/Glowstick Control Hook"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2022-05-04
Author : joeyc
Updated/edited By: Glowmoss
}
[ENABLE]
aobscanmodule(LIGHT,UnityPlayer.dll,F3 ? ? ? ? 88 ? ? ? ? ? F3 ? ? ? ? ? ? ? E8)
alloc(newmem,$100,LIGHT)
alloc(find_UV,10)
alloc(find_Sflashlight,10)
alloc(find_flashlight,10)
alloc(find_glowstick,10)
alloc(find_shoulderlight,10)
alloc(find_otherlight,10)
registersymbol(LIGHT find_UV find_Sflashlight find_flashlight find_glowstick find_shoulderlight find_otherlight)
label(code return UVlight strongflashlight weakflashlight glow shoulder other)
find_UV:
dq 0
find_Sflashlight:
dq 0
find_flashlight:
dq 0
find_glowstick:
dq 0
find_shoulderlight:
dq 0
find_otherlight:
dq 0
find_randomlight:
dq 0
newmem:
cmp [rdi+50],(float)81.16493225
je shoulder
cmp [rdi+50],(float)45.07401276
je strongflashlight
cmp [rdi+50],(float)37.05804062
je weakflashlight
cmp [rdi+A0],(float)512
je UVlight
cmp [rdi+3C],(float)1.2
jae glow
cmp [rdi+3C],(float)0.6000000238
je code
cmp [rdi+3C],(float)0.8999999762
je code
cmp [rdi+40],(float)0.5
je code
cmp [rdi+3C],(float)0.009999999776
je code
jmp other
UVlight:
mov [find_UV],rdi
jmp code
strongflashlight:
mov [find_Sflashlight],rdi
jmp code
glow:
mov [find_glowstick],rdi
jmp code
shoulder:
mov [find_shoulderlight],rdi
jmp code
other:
mov [find_otherlight],rdi
jmp code
weakflashlight:
mov [find_flashlight],rdi
jmp code
code:
mulss xmm2,[rdi+3C]
jmp return
LIGHT:
jmp newmem
return:
[DISABLE]
LIGHT:
db F3 0F 59 57 3C
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: UnityPlayer.dll+60CEB9
UnityPlayer.dll+60CE7E: 0F 11 8B B4 00 00 00 - movups [rbx+000000B4],xmm1
UnityPlayer.dll+60CE85: F3 0F 10 57 20 - movss xmm2,[rdi+20]
UnityPlayer.dll+60CE8A: F3 0F 10 47 1C - movss xmm0,[rdi+1C]
UnityPlayer.dll+60CE8F: F3 0F 59 15 F1 95 07 01 - mulss xmm2,[UnityPlayer.dll+1686488]
UnityPlayer.dll+60CE97: F3 0F 59 05 BD 70 FE 00 - mulss xmm0,[UnityPlayer.dll+15F3F5C]
UnityPlayer.dll+60CE9F: 0F 11 4C 24 20 - movups [rsp+20],xmm1
UnityPlayer.dll+60CEA4: F3 0F 10 4F 24 - movss xmm1,[rdi+24]
UnityPlayer.dll+60CEA9: F3 0F 58 D0 - addss xmm2,xmm0
UnityPlayer.dll+60CEAD: F3 0F 59 0D CF 95 07 01 - mulss xmm1,[UnityPlayer.dll+1686484]
UnityPlayer.dll+60CEB5: F3 0F 58 D1 - addss xmm2,xmm1
// ---------- INJECTING HERE ----------
UnityPlayer.dll+60CEB9: F3 0F 59 57 3C - mulss xmm2,[rdi+3C]
// ---------- DONE INJECTING ----------
UnityPlayer.dll+60CEBE: 88 93 C8 00 00 00 - mov [rbx+000000C8],dl
UnityPlayer.dll+60CEC4: F3 0F 11 93 C4 00 00 00 - movss [rbx+000000C4],xmm2
UnityPlayer.dll+60CECC: E8 4F 44 00 00 - call UnityPlayer.dll+611320
UnityPlayer.dll+60CED1: 89 43 24 - mov [rbx+24],eax
UnityPlayer.dll+60CED4: 0F 10 47 64 - movups xmm0,[rdi+64]
UnityPlayer.dll+60CED8: 0F 11 43 08 - movups [rbx+08],xmm0
UnityPlayer.dll+60CEDC: 8B 47 74 - mov eax,[rdi+74]
UnityPlayer.dll+60CEDF: 89 43 18 - mov [rbx+18],eax
UnityPlayer.dll+60CEE2: 8B 47 2C - mov eax,[rdi+2C]
UnityPlayer.dll+60CEE5: 89 43 28 - mov [rbx+28],eax
}
1337094209
"Pick Up the Item you want to modify and change the attributes"
0000FF
1
1412
"Currently Held Flashlight"
008000
1
1411
"Intensity"
1
FFFF00
Float
find_flashlight
3C
1413
"Range"
1
FFFF00
Float
find_flashlight
40
1414
"Spot Angle"
1
FFFF00
Float
find_flashlight
4C
70183
"Currently Held Strong Flashlight"
008000
1
70184
"Intensity"
1
FFFF00
Float
find_Sflashlight
3C
70185
"Range"
1
FFFF00
Float
find_Sflashlight
40
70186
"Spot Angle"
1
FFFF00
Float
find_Sflashlight
4C
70187
"Currently Held UV"
008000
1
70188
"Intensity"
1
FFFF00
Float
find_UV
3C
70189
"Range"
1
FFFF00
Float
find_UV
40
70190
"Spot Angle"
1
FFFF00
Float
find_UV
4C
70179
"Shoulder Light"
008000
1
1337094287
"FullBright"
008000
Auto Assembler Script
{$lua}
if syntaxcheck then return end
[ENABLE]
writeFloat("[find_shoulderlight]+40",0x2710)
writeFloat("[find_shoulderlight]+4C",0x96)
fb = createTimer()
fb.Interval = 5000
fb.OnTimer = function(fb1)
writeFloat("[find_shoulderlight]+40",0x2710)
writeFloat("[find_shoulderlight]+4C",0x96)
end
[DISABLE]
fb.destroy()
writeFloat("[find_shoulderlight]+40",0x1)
writeFloat("[find_shoulderlight]+4C",0x64)
70180
"Intensity"
1
FFFF00
Float
find_shoulderlight
3C
70181
"Range"
1
FFFF00
Float
find_shoulderlight
40
70182
"Spot Angle"
1
FFFF00
Float
find_shoulderlight
4C
1423
"Currently Held Glowstick"
008000
1
1424
"Glowstick Intensity"
1
FFFF00
Float
find_glowstick
3C
1425
"Glowstick Range"
1
FFFF00
Float
find_glowstick
40
1426
"Glowstick Spot Angle"
1
FFFF00
Float
find_glowstick
4C
70231
"Currently Held Candle/Lighter"
008000
1
70232
"Intensity (cant change)"
1
FFFF00
Float
find_otherlight
3C
70233
"Range"
1
FFFF00
Float
find_otherlight
40
70234
"Angle"
1
FFFF00
Float
find_otherlight
4C
70103
"Infinite Pictures [ig]"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 2022-01-11
Edited/Updated by: Glowmoss
}
[ENABLE]
aobscanregion(InfCamPic,HandCamera.Use,HandCamera.Use+B0,83 BB 88 01 00 00 00 7E)
aobscanregion(InfCamVis,HandCamera.NetworkTakePhoto,HandCamera.NetworkTakePhoto+63,83 B9 88 01 00 00 00 48)
alloc(newmem,128,InfCamPic)
alloc(newmem1,128,InfCamVis)
registersymbol(InfCamPic InfCamVis)
label(return return1)
newmem:
mov [rcx+00000188],A
cmp dword ptr [rcx+00000188],00
jmp return
newmem1:
mov [rcx+00000188],A
cmp dword ptr [rcx+00000188],00
jmp return1
InfCamPic:
jmp newmem
db 90 90
return:
InfCamVis:
jmp newmem1
db 90 90
return1:
[DISABLE]
InfCamPic:
db 83 BB 88 01 00 00 00
InfCamVis:
db 83 B9 88 01 00 00 00
unregistersymbol(*)
dealloc(*)
{ old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1453A16
GameAssembly.dll+1453A01: 48 83 C4 20 - add rsp,20
GameAssembly.dll+1453A05: 5F - pop rdi
GameAssembly.dll+1453A06: C3 - ret
GameAssembly.dll+1453A07: E8 A4 6B CA FE - call GameAssembly.dll+FA5B0
GameAssembly.dll+1453A0C: CC - int 3
GameAssembly.dll+1453A0D: CC - int 3
GameAssembly.dll+1453A0E: CC - int 3
GameAssembly.dll+1453A0F: CC - int 3
HandCamera.NetworkTakePhoto: 40 53 - push rbx
GameAssembly.dll+1453A12: 48 83 EC 20 - sub rsp,20
// ---------- INJECTING HERE ----------
GameAssembly.dll+1453A16: 83 79 68 00 - cmp dword ptr [rcx+68],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+1453A1A: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+1453A1D: C6 41 64 00 - mov byte ptr [rcx+64],00
GameAssembly.dll+1453A21: 7E 4C - jle GameAssembly.dll+1453A6F
GameAssembly.dll+1453A23: 33 D2 - xor edx,edx
GameAssembly.dll+1453A25: E8 96 58 00 00 - call HandCamera.੭ੱ੯ੰ੭ੱ੬੭ੲ੨
GameAssembly.dll+1453A2A: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+1453A2D: 48 8B D0 - mov rdx,rax
GameAssembly.dll+1453A30: 48 8B CB - mov rcx,rbx
GameAssembly.dll+1453A33: E8 88 77 6B FF - call UnityEngine.MonoBehaviour.StartCoroutine
GameAssembly.dll+1453A38: 48 8B 4B 58 - mov rcx,[rbx+58]
}
{ latest
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1D1BC2F
GameAssembly.dll+1D1BC03: 48 89 74 24 50 - mov [rsp+50],rsi
GameAssembly.dll+1D1BC08: 0F 11 44 24 20 - movups [rsp+20],xmm0
GameAssembly.dll+1D1BC0D: 48 85 D2 - test rdx,rdx
GameAssembly.dll+1D1BC10: 0F 84 C3 00 00 00 - je GameAssembly.dll+1D1BCD9
GameAssembly.dll+1D1BC16: 48 8B 52 78 - mov rdx,[rdx+78]
GameAssembly.dll+1D1BC1A: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+1D1BC1D: 48 8B 4C 24 28 - mov rcx,[rsp+28]
GameAssembly.dll+1D1BC22: E8 39 A0 60 FF - call ੱੳ੦੧੮੬੨੯੫.੦੪੦੯੫ੲੴ੫੪
GameAssembly.dll+1D1BC27: 84 C0 - test al,al
GameAssembly.dll+1D1BC29: 0F 84 9A 00 00 00 - je GameAssembly.dll+1D1BCC9
// ---------- INJECTING HERE ----------
GameAssembly.dll+1D1BC2F: 83 7B 70 00 - cmp dword ptr [rbx+70],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+1D1BC33: C6 43 6C 00 - mov byte ptr [rbx+6C],00
GameAssembly.dll+1D1BC37: 0F 8E 8C 00 00 00 - jng GameAssembly.dll+1D1BCC9
GameAssembly.dll+1D1BC3D: 33 D2 - xor edx,edx
GameAssembly.dll+1D1BC3F: 48 8B CB - mov rcx,rbx
GameAssembly.dll+1D1BC42: E8 C9 74 00 00 - call HandCamera.੬੪ੴ੨੬੩੩ੲੰ
GameAssembly.dll+1D1BC47: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+1D1BC4A: 48 8B D0 - mov rdx,rax
GameAssembly.dll+1D1BC4D: 48 8B CB - mov rcx,rbx
GameAssembly.dll+1D1BC50: E8 1B B3 A9 FE - call UnityEngine.MonoBehaviour.StartCoroutine
GameAssembly.dll+1D1BC55: 48 8B 4B 60 - mov rcx,[rbx+60]
}
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+18C3D76
GameAssembly.dll+18C3D68: CC - int 3
GameAssembly.dll+18C3D69: CC - int 3
GameAssembly.dll+18C3D6A: CC - int 3
GameAssembly.dll+18C3D6B: CC - int 3
GameAssembly.dll+18C3D6C: CC - int 3
GameAssembly.dll+18C3D6D: CC - int 3
GameAssembly.dll+18C3D6E: CC - int 3
GameAssembly.dll+18C3D6F: CC - int 3
HandCamera.NetworkTakePhoto: 40 53 - push rbx
GameAssembly.dll+18C3D72: 48 83 EC 20 - sub rsp,20
// ---------- INJECTING HERE ----------
GameAssembly.dll+18C3D76: 83 B9 88 01 00 00 00 - cmp dword ptr [rcx+00000188],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+18C3D7D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+18C3D80: C6 81 84 01 00 00 00 - mov byte ptr [rcx+00000184],00
GameAssembly.dll+18C3D87: 7E 3F - jle GameAssembly.dll+18C3DC8
GameAssembly.dll+18C3D89: 33 D2 - xor edx,edx
GameAssembly.dll+18C3D8B: E8 D0 14 00 00 - call HandCamera.ടഡസഹധഭഹസള
GameAssembly.dll+18C3D90: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+18C3D93: 48 8B D0 - mov rdx,rax
GameAssembly.dll+18C3D96: 48 8B CB - mov rcx,rbx
GameAssembly.dll+18C3D99: E8 C2 77 35 02 - call UnityEngine.MonoBehaviour.StartCoroutine
GameAssembly.dll+18C3D9E: 48 8B 8B 70 01 00 00 - mov rcx,[rbx+00000170]
}
44297
"Rapid Photos [ig]"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2021-09-20
Author : joeyc
}
[ENABLE]
aobscanregion(RapidFire,HandCamera.NetworkTakePhoto,HandCamera.NetworkTakePhoto+63,C6 81 84 01 00 00 00)
registersymbol(RapidFire)
RapidFire:
db 90 90 90 90 90 90 90
[DISABLE]
RapidFire:
db C6 81 84 01 00 00 00
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+11C3EA5
GameAssembly.dll+11C3E7C: 80 7B 64 00 - cmp byte ptr [rbx+64],00
GameAssembly.dll+11C3E80: 0F 57 FF - xorps xmm7,xmm7
GameAssembly.dll+11C3E83: 0F 29 B4 24 80 00 00 00 - movaps [rsp+00000080],xmm6
GameAssembly.dll+11C3E8B: 75 25 - jne GameAssembly.dll+11C3EB2
GameAssembly.dll+11C3E8D: F3 0F 10 73 60 - movss xmm6,[rbx+60]
GameAssembly.dll+11C3E92: 33 C9 - xor ecx,ecx
GameAssembly.dll+11C3E94: E8 17 DB 96 FF - call UnityEngine.Time.get_deltaTime
GameAssembly.dll+11C3E99: F3 0F 5C F0 - subss xmm6,xmm0
GameAssembly.dll+11C3E9D: 0F 2F FE - comiss xmm7,xmm6
GameAssembly.dll+11C3EA0: F3 0F 11 73 60 - movss [rbx+60],xmm6
// ---------- INJECTING HERE ----------
GameAssembly.dll+11C3EA5: 76 0B - jna GameAssembly.dll+11C3EB2
// ---------- DONE INJECTING ----------
GameAssembly.dll+11C3EA7: C6 43 64 01 - mov byte ptr [rbx+64],01
GameAssembly.dll+11C3EAB: C7 43 60 00 00 40 40 - mov [rbx+60],40400000
GameAssembly.dll+11C3EB2: 48 8B 43 40 - mov rax,[rbx+40]
GameAssembly.dll+11C3EB6: 48 89 AC 24 A0 00 00 00 - mov [rsp+000000A0],rbp
GameAssembly.dll+11C3EBE: 48 89 B4 24 A8 00 00 00 - mov [rsp+000000A8],rsi
GameAssembly.dll+11C3EC6: 48 89 BC 24 B0 00 00 00 - mov [rsp+000000B0],rdi
GameAssembly.dll+11C3ECE: 44 0F 29 44 24 60 - movaps [rsp+60],xmm8
GameAssembly.dll+11C3ED4: 44 0F 29 4C 24 50 - movaps [rsp+50],xmm9
GameAssembly.dll+11C3EDA: 48 85 C0 - test rax,rax
GameAssembly.dll+11C3EDD: 0F 84 7A 02 00 00 - je GameAssembly.dll+11C415D
}
70102
"Infinite Salt (only 9 visible spots max) [ig]"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 2022-01-11
Edited/Updated by: Glowmoss
}
define(SaltShake,SaltShaker.ഞരഷതഩഠധറദ)
define(bytes,83 B9 48 01 00 00 00)
[ENABLE]
assert(SaltShake,bytes)
alloc(newmem,128,SaltShake)
registersymbol(SaltShake)
label(return)
newmem:
mov [rcx+00000148],A
cmp dword ptr [rcx+00000148],00
jmp return
SaltShake:
jmp newmem
db 90 90
return:
[DISABLE]
SaltShake:
db bytes
unregistersymbol(*)
{oldest
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1DA12FE
GameAssembly.dll+1DA12D3: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+1DA12D6: 48 8B 4D E7 - mov rcx,[rbp-19]
GameAssembly.dll+1DA12DA: E8 A1 D6 8E FF - call ੭੧੭ੱ੧੯ੲ੨੯੫੪.੩ੳ੭੨੯੩੭ੰੲੴ੫
GameAssembly.dll+1DA12DF: 84 C0 - test al,al
GameAssembly.dll+1DA12E1: 0F 84 1E 03 00 00 - je GameAssembly.dll+1DA1605
GameAssembly.dll+1DA12E7: 8B 47 50 - mov eax,[rdi+50]
GameAssembly.dll+1DA12EA: 85 C0 - test eax,eax
GameAssembly.dll+1DA12EC: 0F 8E 13 03 00 00 - jng GameAssembly.dll+1DA1605
GameAssembly.dll+1DA12F2: 4C 89 BC 24 E0 00 00 00 - mov [rsp+000000E0],r15
GameAssembly.dll+1DA12FA: 48 8B 4F 28 - mov rcx,[rdi+28]
// ---------- INJECTING HERE ----------
GameAssembly.dll+1DA12FE: FF C8 - dec eax
// ---------- DONE INJECTING ----------
GameAssembly.dll+1DA1300: 89 47 50 - mov [rdi+50],eax
GameAssembly.dll+1DA1303: 48 85 C9 - test rcx,rcx
GameAssembly.dll+1DA1306: 0F 84 17 03 00 00 - je GameAssembly.dll+1DA1623
GameAssembly.dll+1DA130C: 33 D2 - xor edx,edx
GameAssembly.dll+1DA130E: E8 6D 66 27 FF - call UnityEngine.AudioSource.Play
GameAssembly.dll+1DA1313: 80 3D 78 40 EA 01 00 - cmp byte ptr [GameAssembly.dll+3C45392],00
GameAssembly.dll+1DA131A: 75 12 - jne GameAssembly.dll+1DA132E
GameAssembly.dll+1DA131C: 8B 0D 8A 7F 4B 01 - mov ecx,[GameAssembly.dll+32592AC]
GameAssembly.dll+1DA1322: E8 19 91 35 FE - call GameAssembly.dll+FA440
GameAssembly.dll+1DA1327: C6 05 64 40 EA 01 01 - mov byte ptr [GameAssembly.dll+3C45392],01
}
{ new spot
// ORIGINAL CODE - INJECTION POINT: SaltShaker.ഞരഷതഩഠധറദ
GameAssembly.dll+195CE06: CC - int 3
GameAssembly.dll+195CE07: CC - int 3
GameAssembly.dll+195CE08: CC - int 3
GameAssembly.dll+195CE09: CC - int 3
GameAssembly.dll+195CE0A: CC - int 3
GameAssembly.dll+195CE0B: CC - int 3
GameAssembly.dll+195CE0C: CC - int 3
GameAssembly.dll+195CE0D: CC - int 3
GameAssembly.dll+195CE0E: CC - int 3
GameAssembly.dll+195CE0F: CC - int 3
// ---------- INJECTING HERE ----------
SaltShaker.ഞരഷതഩഠധറദ: 83 B9 48 01 00 00 00 - cmp dword ptr [rcx+00000148],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+195CE17: 7F 03 - jg GameAssembly.dll+195CE1C
GameAssembly.dll+195CE19: 32 C0 - xor al,al
GameAssembly.dll+195CE1B: C3 - ret
GameAssembly.dll+195CE1C: 33 D2 - xor edx,edx
GameAssembly.dll+195CE1E: E9 6D D8 F2 FF - jmp Equipment.ഞരഷതഩഠധറദ
GameAssembly.dll+195CE23: CC - int 3
GameAssembly.dll+195CE24: CC - int 3
GameAssembly.dll+195CE25: CC - int 3
GameAssembly.dll+195CE26: CC - int 3
GameAssembly.dll+195CE27: CC - int 3
}
{ old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+209B357
GameAssembly.dll+209B330: 48 8B 52 78 - mov rdx,[rdx+78]
GameAssembly.dll+209B334: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+209B337: 48 8B 4D F7 - mov rcx,[rbp-09]
GameAssembly.dll+209B33B: E8 20 F3 E0 FF - call ੯ੱ੩੮੧ੱ੫੯੯ੴ.੨ੰੰੳ੧ੰੳ੯੯ੱ੫
GameAssembly.dll+209B340: 84 C0 - test al,al
GameAssembly.dll+209B342: 0F 84 5A 02 00 00 - je GameAssembly.dll+209B5A2
GameAssembly.dll+209B348: 8B 43 58 - mov eax,[rbx+58]
GameAssembly.dll+209B34B: 85 C0 - test eax,eax
GameAssembly.dll+209B34D: 0F 8E 4F 02 00 00 - jng GameAssembly.dll+209B5A2
GameAssembly.dll+209B353: 48 8B 4B 28 - mov rcx,[rbx+28]
// ---------- INJECTING HERE ----------
GameAssembly.dll+209B357: FF C8 - dec eax
// ---------- DONE INJECTING ----------
GameAssembly.dll+209B359: 89 43 58 - mov [rbx+58],eax
GameAssembly.dll+209B35C: 48 85 C9 - test rcx,rcx
GameAssembly.dll+209B35F: 0F 84 56 02 00 00 - je GameAssembly.dll+209B5BB
GameAssembly.dll+209B365: 33 D2 - xor edx,edx
GameAssembly.dll+209B367: E8 74 F8 E7 FE - call UnityEngine.AudioSource.Play
GameAssembly.dll+209B36C: 33 D2 - xor edx,edx
GameAssembly.dll+209B36E: 48 8B CB - mov rcx,rbx
GameAssembly.dll+209B371: E8 7A BE 00 00 - call SaltShaker.੭ੲੲ੭ੱ੭੦੮ੳ੫੦
GameAssembly.dll+209B376: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+209B379: 48 8B D0 - mov rdx,rax
}
{ 0.6.3.1
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+2ABE28A
GameAssembly.dll+2ABE236: 48 8B 53 18 - mov rdx,[rbx+18]
GameAssembly.dll+2ABE23A: 0F 57 C0 - xorps xmm0,xmm0
GameAssembly.dll+2ABE23D: 0F 11 45 0F - movups [rbp+0F],xmm0
GameAssembly.dll+2ABE241: F2 0F 10 47 10 - movsd xmm0,[rdi+10]
GameAssembly.dll+2ABE246: 48 8B BC 24 B0 00 00 00 - mov rdi,[rsp+000000B0]
GameAssembly.dll+2ABE24E: F2 0F 11 45 FF - movsd [rbp-01],xmm0
GameAssembly.dll+2ABE253: 0F 11 4D EF - movups [rbp-11],xmm1
GameAssembly.dll+2ABE257: 48 85 D2 - test rdx,rdx
GameAssembly.dll+2ABE25A: 0F 84 8E 02 00 00 - je GameAssembly.dll+2ABE4EE
GameAssembly.dll+2ABE260: 48 8B 52 78 - mov rdx,[rdx+78]
GameAssembly.dll+2ABE264: 45 33 C9 - xor r9d,r9d
GameAssembly.dll+2ABE267: 48 8B 4D F7 - mov rcx,[rbp-09]
GameAssembly.dll+2ABE26B: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2ABE26E: E8 BD 1E BF FF - call ੧੫੫ੲ੦੨ੴ੦੨ੴ੭.੪੭੧੫੩੯੮ੳ੬੮
GameAssembly.dll+2ABE273: 84 C0 - test al,al
GameAssembly.dll+2ABE275: 0F 84 5A 02 00 00 - je GameAssembly.dll+2ABE4D5
GameAssembly.dll+2ABE27B: 8B 43 58 - mov eax,[rbx+58]
GameAssembly.dll+2ABE27E: 85 C0 - test eax,eax
GameAssembly.dll+2ABE280: 0F 8E 4F 02 00 00 - jng GameAssembly.dll+2ABE4D5
GameAssembly.dll+2ABE286: 48 8B 4B 28 - mov rcx,[rbx+28]
// ---------- INJECTING HERE ----------
GameAssembly.dll+2ABE28A: FF C8 - dec eax
// ---------- DONE INJECTING ----------
GameAssembly.dll+2ABE28C: 89 43 58 - mov [rbx+58],eax
GameAssembly.dll+2ABE28F: 48 85 C9 - test rcx,rcx
GameAssembly.dll+2ABE292: 0F 84 56 02 00 00 - je GameAssembly.dll+2ABE4EE
GameAssembly.dll+2ABE298: 33 D2 - xor edx,edx
GameAssembly.dll+2ABE29A: E8 C1 55 44 FE - call UnityEngine.AudioSource.Play
GameAssembly.dll+2ABE29F: 33 D2 - xor edx,edx
GameAssembly.dll+2ABE2A1: 48 8B CB - mov rcx,rbx
GameAssembly.dll+2ABE2A4: E8 07 92 00 00 - call SaltShaker.੯ੰ੮ੳੱ੬੭ੳ੭੮
GameAssembly.dll+2ABE2A9: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2ABE2AC: 48 8B D0 - mov rdx,rax
GameAssembly.dll+2ABE2AF: 48 8B CB - mov rcx,rbx
GameAssembly.dll+2ABE2B2: E8 49 A9 D8 FD - call UnityEngine.MonoBehaviour.StartCoroutine
GameAssembly.dll+2ABE2B7: 48 8B 4B 38 - mov rcx,[rbx+38]
GameAssembly.dll+2ABE2BB: 48 85 C9 - test rcx,rcx
GameAssembly.dll+2ABE2BE: 0F 84 2A 02 00 00 - je GameAssembly.dll+2ABE4EE
GameAssembly.dll+2ABE2C4: 33 D2 - xor edx,edx
GameAssembly.dll+2ABE2C6: E8 55 C5 B9 FD - call UnityEngine.GameObject.get_transform
GameAssembly.dll+2ABE2CB: 48 85 C0 - test rax,rax
GameAssembly.dll+2ABE2CE: 0F 84 1A 02 00 00 - je GameAssembly.dll+2ABE4EE
GameAssembly.dll+2ABE2D4: 0F 29 B4 24 90 00 00 00 - movaps [rsp+00000090],xmm6
}
44345
"No Flickering Flashlights When Ghost is Hunting"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Zephirot
Mono : Assembly-CSharp.dll -> Torch:Update()
}
[ENABLE]
aobscanmodule(TNOBLINK,GameAssembly.dll,75 ? 38 ? ? 75 ? 48 8B ? ? 48 85 ? 0F 84 ? ? ? ? F3 ? ? ? ? 45 33 ? E8 ? ? ? ? 33 ? 48 8B ? E8 ? ? ? ? C6 ? ? ? 0F 28 ? ? ? 0F 28)
registersymbol(TNOBLINK)
TNOBLINK:
db 90 90
[DISABLE]
TNOBLINK:
db 75 42
unregistersymbol(*)
{ old in different area
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+167876B
GameAssembly.dll+1678746: F3 0F 10 73 54 - movss xmm6,[rbx+54]
GameAssembly.dll+167874B: E8 60 13 49 FF - call UnityEngine.Time.get_deltaTime
GameAssembly.dll+1678750: F3 0F 5C F0 - subss xmm6,xmm0
GameAssembly.dll+1678754: 0F 57 C0 - xorps xmm0,xmm0
GameAssembly.dll+1678757: F3 0F 11 73 54 - movss [rbx+54],xmm6
GameAssembly.dll+167875C: 0F 2F C6 - comiss xmm0,xmm6
GameAssembly.dll+167875F: 0F 28 74 24 40 - movaps xmm6,[rsp+40]
GameAssembly.dll+1678764: 76 CE - jna GameAssembly.dll+1678734
GameAssembly.dll+1678766: 33 D2 - xor edx,edx
GameAssembly.dll+1678768: 48 8B CB - mov rcx,rbx
// ---------- INJECTING HERE ----------
GameAssembly.dll+167876B: E8 70 C1 FF FF - call Torch.੪ੰ੬੯੭ੴ੦ੰੲ੦
// ---------- DONE INJECTING ----------
GameAssembly.dll+1678770: F3 0F 10 0D 0C C8 A2 01 - movss xmm1,[GameAssembly.dll+30A4F84]
GameAssembly.dll+1678778: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+167877B: F3 0F 10 05 F5 C7 A2 01 - movss xmm0,[GameAssembly.dll+30A4F78]
GameAssembly.dll+1678783: C6 43 68 00 - mov byte ptr [rbx+68],00
GameAssembly.dll+1678787: E8 64 8F 47 FF - call UnityEngine.Random.Range
GameAssembly.dll+167878C: 48 8B 7C 24 60 - mov rdi,[rsp+60]
GameAssembly.dll+1678791: F3 0F 11 43 54 - movss [rbx+54],xmm0
GameAssembly.dll+1678796: 48 83 C4 50 - add rsp,50
GameAssembly.dll+167879A: 5B - pop rbx
GameAssembly.dll+167879B: C3 - ret
}
{ 0.6.2.1 in diff area
// ORIGINAL CODE - INJECTION POINT: Torch.੨੬੦੩ੳ੬੨੩ੱ੯੫
GameAssembly.dll+1FFD522: 48 83 EC 20 - sub rsp,20
GameAssembly.dll+1FFD526: 80 79 68 00 - cmp byte ptr [rcx+68],00
GameAssembly.dll+1FFD52A: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+1FFD52D: 75 24 - jne GameAssembly.dll+1FFD553
GameAssembly.dll+1FFD52F: 48 8B 49 18 - mov rcx,[rcx+18]
GameAssembly.dll+1FFD533: 48 85 C9 - test rcx,rcx
GameAssembly.dll+1FFD536: 74 21 - je GameAssembly.dll+1FFD559
GameAssembly.dll+1FFD538: F3 0F 10 4B 50 - movss xmm1,[rbx+50]
GameAssembly.dll+1FFD53D: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+1FFD540: E8 EB 18 64 FE - call UnityEngine.Light.set_intensity
GameAssembly.dll+1FFD545: 33 D2 - xor edx,edx
GameAssembly.dll+1FFD547: 48 8B CB - mov rcx,rbx
GameAssembly.dll+1FFD54A: E8 C1 F0 FF FF - call Torch.੦੧੧ੳੴ੪੪੦੨੭ੰ
GameAssembly.dll+1FFD54F: C6 43 68 00 - mov byte ptr [rbx+68],00
GameAssembly.dll+1FFD553: 48 83 C4 20 - add rsp,20
GameAssembly.dll+1FFD557: 5B - pop rbx
GameAssembly.dll+1FFD558: C3 - ret
GameAssembly.dll+1FFD559: E8 12 93 18 FE - call GameAssembly.dll+186870
GameAssembly.dll+1FFD55E: CC - int 3
GameAssembly.dll+1FFD55F: CC - int 3
// ---------- INJECTING HERE ----------
Torch.੨੬੦੩ੳ੬੨੩ੱ੯੫: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+1FFD562: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+1FFD566: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+1FFD569: 0F 29 74 24 20 - movaps [rsp+20],xmm6
GameAssembly.dll+1FFD56E: 48 8B 49 18 - mov rcx,[rcx+18]
GameAssembly.dll+1FFD572: 48 85 C9 - test rcx,rcx
GameAssembly.dll+1FFD575: 0F 84 F0 00 00 00 - je GameAssembly.dll+1FFD66B
GameAssembly.dll+1FFD57B: 33 D2 - xor edx,edx
GameAssembly.dll+1FFD57D: E8 5E B4 62 FE - call UnityEngine.Behaviour.get_enabled
GameAssembly.dll+1FFD582: 84 C0 - test al,al
GameAssembly.dll+1FFD584: 0F 84 D6 00 00 00 - je GameAssembly.dll+1FFD660
GameAssembly.dll+1FFD58A: 48 8B 4B 18 - mov rcx,[rbx+18]
GameAssembly.dll+1FFD58E: 48 85 C9 - test rcx,rcx
GameAssembly.dll+1FFD591: 0F 84 D4 00 00 00 - je GameAssembly.dll+1FFD66B
GameAssembly.dll+1FFD597: F3 0F 10 4B 50 - movss xmm1,[rbx+50]
GameAssembly.dll+1FFD59C: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+1FFD59F: E8 8C 18 64 FE - call UnityEngine.Light.set_intensity
GameAssembly.dll+1FFD5A4: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+1FFD5A7: 33 C9 - xor ecx,ecx
GameAssembly.dll+1FFD5A9: 41 8D 50 02 - lea edx,[r8+02]
GameAssembly.dll+1FFD5AD: E8 8E 37 7C FE - call UnityEngine.Random.Range
}
{ 0.6.3.1
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+230AD36
GameAssembly.dll+230AD0B: F2 0F 10 00 - movsd xmm0,[rax]
GameAssembly.dll+230AD0F: 48 8D 54 24 20 - lea rdx,[rsp+20]
GameAssembly.dll+230AD14: 8B 40 08 - mov eax,[rax+08]
GameAssembly.dll+230AD17: 45 33 C9 - xor r9d,r9d
GameAssembly.dll+230AD1A: F3 0F 10 15 D2 66 E6 00 - movss xmm2,[GameAssembly.dll+31713F4]
GameAssembly.dll+230AD22: 48 8B CF - mov rcx,rdi
GameAssembly.dll+230AD25: F2 0F 11 44 24 20 - movsd [rsp+20],xmm0
GameAssembly.dll+230AD2B: 89 44 24 28 - mov [rsp+28],eax
GameAssembly.dll+230AD2F: E8 3C 47 56 FF - call GhostAI.IsNearActiveGhost
GameAssembly.dll+230AD34: 84 C0 - test al,al
// ---------- INJECTING HERE ----------
GameAssembly.dll+230AD36: 75 42 - jne GameAssembly.dll+230AD7A
// ---------- DONE INJECTING ----------
GameAssembly.dll+230AD38: 38 43 68 - cmp [rbx+68],al
GameAssembly.dll+230AD3B: 75 28 - jne GameAssembly.dll+230AD65
GameAssembly.dll+230AD3D: 48 8B 4B 18 - mov rcx,[rbx+18]
GameAssembly.dll+230AD41: 48 85 C9 - test rcx,rcx
GameAssembly.dll+230AD44: 0F 84 69 01 00 00 - je GameAssembly.dll+230AEB3
GameAssembly.dll+230AD4A: F3 0F 10 4B 50 - movss xmm1,[rbx+50]
GameAssembly.dll+230AD4F: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+230AD52: E8 59 69 35 FE - call UnityEngine.Light.set_intensity
GameAssembly.dll+230AD57: 33 D2 - xor edx,edx
GameAssembly.dll+230AD59: 48 8B CB - mov rcx,rbx
}
1337094216
"Ghost"
FF8000
1
313
"Ghost Info [ig]"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version: 0.2
Date : 2020-12-12
Author : Zephirot
Mono : Assembly-CSharp.dll -> GhostAI:Update()
}
define(GhostAI_address,GhostAI.Update)
define(GhostAI_bytes,40 53 48 83 EC 30)
[ENABLE]
assert(GhostAI_address,GhostAI_bytes)
alloc(newmem,$100,GhostAI.Update)
label(GhostAI_code)
label(GhostAI_exit)
label(_GhostAI)
registersymbol(_GhostAI)
newmem:
GhostAI_code:
push rdi
sub rsp,30
mov [_GhostAI],rcx
jmp GhostAI_exit
_GhostAI:
dq 0
GhostAI_address:
jmp GhostAI_code
db 90
GhostAI_exit:
[DISABLE]
GhostAI_address:
db GhostAI_bytes
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GhostAI
GameAssembly.dll+F49946: CC - int 3
GameAssembly.dll+F49947: CC - int 3
GameAssembly.dll+F49948: CC - int 3
GameAssembly.dll+F49949: CC - int 3
GameAssembly.dll+F4994A: CC - int 3
GameAssembly.dll+F4994B: CC - int 3
GameAssembly.dll+F4994C: CC - int 3
GameAssembly.dll+F4994D: CC - int 3
GameAssembly.dll+F4994E: CC - int 3
GameAssembly.dll+F4994F: CC - int 3
// ---------- INJECTING HERE ----------
GhostAI: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+F49952: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+F49956: 80 3D 49 3E 9D 01 00 - cmp byte ptr [GameAssembly.dll+291D7A6],00
GameAssembly.dll+F4995D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+F49960: 75 12 - jne GameAssembly.dll+F49974
GameAssembly.dll+F49962: 8B 0D 34 98 29 01 - mov ecx,[GameAssembly.dll+21E319C]
GameAssembly.dll+F49968: E8 73 FD 19 FF - call GameAssembly.dll+E96E0
GameAssembly.dll+F4996D: C6 05 32 3E 9D 01 01 - mov byte ptr [GameAssembly.dll+291D7A6],01
GameAssembly.dll+F49974: 48 8B 4B 28 - mov rcx,[rbx+28]
GameAssembly.dll+F49978: 48 89 7C 24 50 - mov [rsp+50],rdi
GameAssembly.dll+F4997D: 0F 29 74 24 30 - movaps [rsp+30],xmm6
}
314
"Name"
0:null
1:Spirit
2:Wraith
3:Phantom
4:Poltergeist
5:Banshee
6:Jinn
7:Mare
8:Revenant
9:Shade
10:Demon
11:Yurei
12:Oni
0
D500D5
String
25
1
0
1
_GhostAI
14
38
38
316
"Favourite Room"
0
D500D5
String
25
1
0
1
_GhostAI
14
60
60
38
317
"Type (English)"
0:Spirit
1:Wraith
2:Phantom
3:Poltergeist
4:Banshee
5:Jinn
6:Mare
7:Revenant
8:Shade
9:Demon
10:Yurei
11:Oni
12:Yokai
13:Hantu
14:Goryo
15:Myling
16:Onryo
17:The Twins
18:Raiju
19:Obake
20:The Mimic
21:Moroi
22:Deogen
23:Thaye
0
D500D5
4 Bytes
_GhostAI
20
38
1406
"Hunting (Visual)"
1:On
0:Off
1
93CD32
Byte
_GhostAI
C0
1407
"Ghost Speed (Host Only)"
1
93CD32
Float
_GhostAI
A0
1337094200
"Ghost Event"
93CD32
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
}
define(address,GhostActivity.Update)
define(bytes,40 53 48 83 EC 30)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 1,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,GhostActivity.Update)
label(code)
label(return)
newmem:
code:
jmp GhostActivity.GhostAbility
push rbx
sub rsp,30
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,30
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GhostActivity.Update
GameAssembly.dll+1839CC3: E8 78 3B 5F FF - call GameAssembly.dll+E2D840
GameAssembly.dll+1839CC8: 48 8B 74 24 30 - mov rsi,[rsp+30]
GameAssembly.dll+1839CCD: 48 8B 5C 24 40 - mov rbx,[rsp+40]
GameAssembly.dll+1839CD2: 48 83 C4 20 - add rsp,20
GameAssembly.dll+1839CD6: 5F - pop rdi
GameAssembly.dll+1839CD7: C3 - ret
GameAssembly.dll+1839CD8: E8 43 6D 8C FE - call GameAssembly.dll+100A20
GameAssembly.dll+1839CDD: CC - int 3
GameAssembly.dll+1839CDE: CC - int 3
GameAssembly.dll+1839CDF: CC - int 3
// ---------- INJECTING HERE ----------
GhostActivity.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+1839CE2: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+1839CE6: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+1839CE9: 0F 29 74 24 20 - movaps [rsp+20],xmm6
GameAssembly.dll+1839CEE: F3 0F 10 71 30 - movss xmm6,[rcx+30]
GameAssembly.dll+1839CF3: 33 C9 - xor ecx,ecx
GameAssembly.dll+1839CF5: E8 D6 30 30 FF - call UnityEngine.Time.get_deltaTime
GameAssembly.dll+1839CFA: F3 0F 5C F0 - subss xmm6,xmm0
GameAssembly.dll+1839CFE: 0F 57 C0 - xorps xmm0,xmm0
GameAssembly.dll+1839D01: 0F 2F C6 - comiss xmm0,xmm6
GameAssembly.dll+1839D04: F3 0F 11 73 30 - movss [rbx+30],xmm6
}
70156
"Ghost Evidence Interact"
93CD32
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
This script does blah blah blah
}
define(address,GhostActivity.Update)
define(bytes,40 53 48 83 EC 30)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 1,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,GhostActivity.Update)
label(code)
label(return)
newmem:
code:
jmp GhostActivity.InteractWithEvidence
push rbx
sub rsp,30
jmp return
address:
jmp newmem
db 90
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,30
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GhostActivity.Update
GameAssembly.dll+1839CC3: E8 78 3B 5F FF - call GameAssembly.dll+E2D840
GameAssembly.dll+1839CC8: 48 8B 74 24 30 - mov rsi,[rsp+30]
GameAssembly.dll+1839CCD: 48 8B 5C 24 40 - mov rbx,[rsp+40]
GameAssembly.dll+1839CD2: 48 83 C4 20 - add rsp,20
GameAssembly.dll+1839CD6: 5F - pop rdi
GameAssembly.dll+1839CD7: C3 - ret
GameAssembly.dll+1839CD8: E8 43 6D 8C FE - call GameAssembly.dll+100A20
GameAssembly.dll+1839CDD: CC - int 3
GameAssembly.dll+1839CDE: CC - int 3
GameAssembly.dll+1839CDF: CC - int 3
// ---------- INJECTING HERE ----------
GhostActivity.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+1839CE2: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+1839CE6: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+1839CE9: 0F 29 74 24 20 - movaps [rsp+20],xmm6
GameAssembly.dll+1839CEE: F3 0F 10 71 30 - movss xmm6,[rcx+30]
GameAssembly.dll+1839CF3: 33 C9 - xor ecx,ecx
GameAssembly.dll+1839CF5: E8 D6 30 30 FF - call UnityEngine.Time.get_deltaTime
GameAssembly.dll+1839CFA: F3 0F 5C F0 - subss xmm6,xmm0
GameAssembly.dll+1839CFE: 0F 57 C0 - xorps xmm0,xmm0
GameAssembly.dll+1839D01: 0F 2F C6 - comiss xmm0,xmm6
GameAssembly.dll+1839D04: F3 0F 11 73 30 - movss [rbx+30],xmm6
}
70154
"Ghost Interaction"
93CD32
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
This script does blah blah blah
}
define(address,GhostActivity.Update)
define(bytes,40 53 48 83 EC 30)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 1,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,GhostActivity.Update)
label(code)
label(return)
newmem:
code:
jmp GhostActivity.Interact
jmp GhostActivity.ForceInteractWithProp
jmp GhostActivity.InteractWithARandomProp
jmp GhostActivity.NormalInteraction
//jmp GhostActivity.TwinInteraction
push rbx
sub rsp,30
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,30
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GhostActivity.Update
GameAssembly.dll+1839CC3: E8 78 3B 5F FF - call GameAssembly.dll+E2D840
GameAssembly.dll+1839CC8: 48 8B 74 24 30 - mov rsi,[rsp+30]
GameAssembly.dll+1839CCD: 48 8B 5C 24 40 - mov rbx,[rsp+40]
GameAssembly.dll+1839CD2: 48 83 C4 20 - add rsp,20
GameAssembly.dll+1839CD6: 5F - pop rdi
GameAssembly.dll+1839CD7: C3 - ret
GameAssembly.dll+1839CD8: E8 43 6D 8C FE - call GameAssembly.dll+100A20
GameAssembly.dll+1839CDD: CC - int 3
GameAssembly.dll+1839CDE: CC - int 3
GameAssembly.dll+1839CDF: CC - int 3
// ---------- INJECTING HERE ----------
GhostActivity.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+1839CE2: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+1839CE6: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+1839CE9: 0F 29 74 24 20 - movaps [rsp+20],xmm6
GameAssembly.dll+1839CEE: F3 0F 10 71 30 - movss xmm6,[rcx+30]
GameAssembly.dll+1839CF3: 33 C9 - xor ecx,ecx
GameAssembly.dll+1839CF5: E8 D6 30 30 FF - call UnityEngine.Time.get_deltaTime
GameAssembly.dll+1839CFA: F3 0F 5C F0 - subss xmm6,xmm0
GameAssembly.dll+1839CFE: 0F 57 C0 - xorps xmm0,xmm0
GameAssembly.dll+1839D01: 0F 2F C6 - comiss xmm0,xmm6
GameAssembly.dll+1839D04: F3 0F 11 73 30 - movss [rbx+30],xmm6
}
1337094189
"^^^sometimes have to click a couple of times and be near the ghost to see the interaction"
0000FF
1
1337094190
"Ghost Interaction Insanity"
93CD32
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
This script does blah blah blah
}
define(address,GhostActivity.Update)
define(bytes,40 53 48 83 EC 30)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,GhostActivity.Update)
label(code)
label(return)
newmem:
code:
jmp GhostActivity.Interact
jmp GhostActivity.ForceInteractWithProp
jmp GhostActivity.InteractWithARandomProp
jmp GhostActivity.NormalInteraction
jmp GhostActivity.TwinInteraction
push rbx
sub rsp,30
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,30
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GhostActivity.Update
GameAssembly.dll+1839CC3: E8 78 3B 5F FF - call GameAssembly.dll+E2D840
GameAssembly.dll+1839CC8: 48 8B 74 24 30 - mov rsi,[rsp+30]
GameAssembly.dll+1839CCD: 48 8B 5C 24 40 - mov rbx,[rsp+40]
GameAssembly.dll+1839CD2: 48 83 C4 20 - add rsp,20
GameAssembly.dll+1839CD6: 5F - pop rdi
GameAssembly.dll+1839CD7: C3 - ret
GameAssembly.dll+1839CD8: E8 43 6D 8C FE - call GameAssembly.dll+100A20
GameAssembly.dll+1839CDD: CC - int 3
GameAssembly.dll+1839CDE: CC - int 3
GameAssembly.dll+1839CDF: CC - int 3
// ---------- INJECTING HERE ----------
GhostActivity.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+1839CE2: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+1839CE6: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+1839CE9: 0F 29 74 24 20 - movaps [rsp+20],xmm6
GameAssembly.dll+1839CEE: F3 0F 10 71 30 - movss xmm6,[rcx+30]
GameAssembly.dll+1839CF3: 33 C9 - xor ecx,ecx
GameAssembly.dll+1839CF5: E8 D6 30 30 FF - call UnityEngine.Time.get_deltaTime
GameAssembly.dll+1839CFA: F3 0F 5C F0 - subss xmm6,xmm0
GameAssembly.dll+1839CFE: 0F 57 C0 - xorps xmm0,xmm0
GameAssembly.dll+1839D01: 0F 2F C6 - comiss xmm0,xmm6
GameAssembly.dll+1839D04: F3 0F 11 73 30 - movss [rbx+30],xmm6
}
44867
"Ghost visible and generally frozen"
93CD32
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 2022-05-06
Author : Glowmoss
}
define(address,GhostAI.Update+A)
define(bytes,48 8B D9 48 85 C0)
[ENABLE]
assert(address,bytes)
alloc(newmem,128,GhostAI.Update)
label(return)
newmem:
jmp GhostAI.Appear
mov rbx,rcx
test rax,rax
jmp return
address:
jmp newmem
db 90
return:
[DISABLE]
address:
db bytes
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GhostAI.Update
GameAssembly.dll+148B3DB: E8 90 90 C5 FE - call GameAssembly.dll+E4470
GameAssembly.dll+148B3E0: 48 8B C8 - mov rcx,rax
GameAssembly.dll+148B3E3: 33 D2 - xor edx,edx
GameAssembly.dll+148B3E5: E8 46 92 C5 FE - call GameAssembly.dll+E4630
GameAssembly.dll+148B3EA: CC - int 3
GameAssembly.dll+148B3EB: CC - int 3
GameAssembly.dll+148B3EC: CC - int 3
GameAssembly.dll+148B3ED: CC - int 3
GameAssembly.dll+148B3EE: CC - int 3
GameAssembly.dll+148B3EF: CC - int 3
// ---------- INJECTING HERE ----------
GhostAI.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+148B3F2: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+148B3F6: 80 3D 86 B3 70 02 00 - cmp byte ptr [GameAssembly.dll+3B96783],00
GameAssembly.dll+148B3FD: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+148B400: 75 12 - jne GameAssembly.dll+148B414
GameAssembly.dll+148B402: 8B 0D C0 09 CD 01 - mov ecx,[GameAssembly.dll+315BDC8]
GameAssembly.dll+148B408: E8 E3 90 C5 FE - call GameAssembly.dll+E44F0
GameAssembly.dll+148B40D: C6 05 6F B3 70 02 01 - mov byte ptr [GameAssembly.dll+3B96783],01
GameAssembly.dll+148B414: 48 8B 43 28 - mov rax,[rbx+28]
GameAssembly.dll+148B418: 48 89 7C 24 40 - mov [rsp+40],rdi
GameAssembly.dll+148B41D: 48 85 C0 - test rax,rax
}
1337094222
"^^^uses same address as ghost info so you can only use 1 of them at a time"
0000FF
1
44952
"Ghost Write works only if the type has it as evidence"
93CD32
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
}
define(Writing,GhostWriting.Update)
define(bytes1,48 89 5C 24 10)
define(Reset,GhostWriting.Use+55)
define(bytes,80 BB B0 00 00 00 00)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 100,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(Reset,bytes)
assert(Writing,bytes1)
alloc(newmem,$100,Reset)
alloc(newmem1,$100,Writing)
label(return return1)
newmem:
mov byte ptr [rbx+000000B0],00
cmp byte ptr [rbx+000000B0],00
jmp return
newmem1:
jmp GhostWriting.Use
mov [rsp+10],rbx
jmp return1
Reset:
jmp newmem
db 90 90
return:
Writing:
jmp newmem1
return1:
[DISABLE]
Reset:
db bytes
Writing:
db bytes1
dealloc(*)
{ Writing
// ORIGINAL CODE - INJECTION POINT: GhostWriting.Update
GameAssembly.dll+194B6FB: E8 30 51 7B FE - call GameAssembly.dll+100830
GameAssembly.dll+194B700: 48 8B C8 - mov rcx,rax
GameAssembly.dll+194B703: 33 D2 - xor edx,edx
GameAssembly.dll+194B705: E8 E6 52 7B FE - call GameAssembly.dll+1009F0
GameAssembly.dll+194B70A: CC - int 3
GameAssembly.dll+194B70B: CC - int 3
GameAssembly.dll+194B70C: CC - int 3
GameAssembly.dll+194B70D: CC - int 3
GameAssembly.dll+194B70E: CC - int 3
GameAssembly.dll+194B70F: CC - int 3
// ---------- INJECTING HERE ----------
GhostWriting.Update: 48 89 5C 24 10 - mov [rsp+10],rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+194B715: 55 - push rbp
GameAssembly.dll+194B716: 48 8D 6C 24 A9 - lea rbp,[rsp-57]
GameAssembly.dll+194B71B: 48 81 EC E0 00 00 00 - sub rsp,000000E0
GameAssembly.dll+194B722: 80 3D B6 E0 26 02 00 - cmp byte ptr [GameAssembly.dll+3BB97DF],00
GameAssembly.dll+194B729: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+194B72C: 75 12 - jne GameAssembly.dll+194B740
GameAssembly.dll+194B72E: 8B 0D 54 2A 83 01 - mov ecx,[GameAssembly.dll+317E188]
GameAssembly.dll+194B734: E8 77 51 7B FE - call GameAssembly.dll+1008B0
GameAssembly.dll+194B739: C6 05 9F E0 26 02 01 - mov byte ptr [GameAssembly.dll+3BB97DF],01
GameAssembly.dll+194B740: 33 C0 - xor eax,eax
}
{ latest Writing
// ORIGINAL CODE - INJECTION POINT: GhostWriting.Update
GameAssembly.dll+19D66F6: CC - int 3
GameAssembly.dll+19D66F7: CC - int 3
GameAssembly.dll+19D66F8: CC - int 3
GameAssembly.dll+19D66F9: CC - int 3
GameAssembly.dll+19D66FA: CC - int 3
GameAssembly.dll+19D66FB: CC - int 3
GameAssembly.dll+19D66FC: CC - int 3
GameAssembly.dll+19D66FD: CC - int 3
GameAssembly.dll+19D66FE: CC - int 3
GameAssembly.dll+19D66FF: CC - int 3
// ---------- INJECTING HERE ----------
GhostWriting.Update: 48 89 5C 24 10 - mov [rsp+10],rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+19D6705: 55 - push rbp
GameAssembly.dll+19D6706: 48 8D 6C 24 A9 - lea rbp,[rsp-57]
GameAssembly.dll+19D670B: 48 81 EC C0 00 00 00 - sub rsp,000000C0
GameAssembly.dll+19D6712: 80 3D F6 D0 F6 01 00 - cmp byte ptr [GameAssembly.dll+394380F],00
GameAssembly.dll+19D6719: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+19D671C: 75 1F - jne GameAssembly.dll+19D673D
GameAssembly.dll+19D671E: 48 8D 0D FB 28 EC 01 - lea rcx,[GameAssembly.dll+3899020]
GameAssembly.dll+19D6725: E8 46 D8 7A FE - call GameAssembly.dll+183F70
GameAssembly.dll+19D672A: 48 8D 0D 37 CC EA 01 - lea rcx,[GameAssembly.dll+3883368]
GameAssembly.dll+19D6731: E8 3A D8 7A FE - call GameAssembly.dll+183F70
}
{ latest Reset
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+19D6A45
GameAssembly.dll+19D6A09: E8 62 D5 7A FE - call GameAssembly.dll+183F70
GameAssembly.dll+19D6A0E: 48 8D 0D 9B 3A ED 01 - lea rcx,[GameAssembly.dll+38AA4B0]
GameAssembly.dll+19D6A15: E8 56 D5 7A FE - call GameAssembly.dll+183F70
GameAssembly.dll+19D6A1A: 48 8D 0D EF EB EC 01 - lea rcx,[GameAssembly.dll+38A5610]
GameAssembly.dll+19D6A21: E8 4A D5 7A FE - call GameAssembly.dll+183F70
GameAssembly.dll+19D6A26: 48 8D 0D 13 78 E9 01 - lea rcx,[GameAssembly.dll+386E240]
GameAssembly.dll+19D6A2D: E8 3E D5 7A FE - call GameAssembly.dll+183F70
GameAssembly.dll+19D6A32: 48 8D 0D E7 DA EC 01 - lea rcx,[GameAssembly.dll+38A4520]
GameAssembly.dll+19D6A39: E8 32 D5 7A FE - call GameAssembly.dll+183F70
GameAssembly.dll+19D6A3E: C6 05 AD CD F6 01 01 - mov byte ptr [GameAssembly.dll+39437F2],01
// ---------- INJECTING HERE ----------
GameAssembly.dll+19D6A45: 80 BB B0 00 00 00 00 - cmp byte ptr [rbx+000000B0],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+19D6A4C: 0F 85 BF 01 00 00 - jne GameAssembly.dll+19D6C11
GameAssembly.dll+19D6A52: 80 BB B2 00 00 00 00 - cmp byte ptr [rbx+000000B2],00
GameAssembly.dll+19D6A59: 0F 84 B2 01 00 00 - je GameAssembly.dll+19D6C11
GameAssembly.dll+19D6A5F: 48 8B 05 4A 3A ED 01 - mov rax,[GameAssembly.dll+38AA4B0]
GameAssembly.dll+19D6A66: 48 8B 88 B8 00 00 00 - mov rcx,[rax+000000B8]
GameAssembly.dll+19D6A6D: 48 8B 01 - mov rax,[rcx]
GameAssembly.dll+19D6A70: 48 85 C0 - test rax,rax
GameAssembly.dll+19D6A73: 0F 84 9E 01 00 00 - je GameAssembly.dll+19D6C17
GameAssembly.dll+19D6A79: 48 8B 40 30 - mov rax,[rax+30]
GameAssembly.dll+19D6A7D: 48 85 C0 - test rax,rax
}
70152
"Harmless Ghost"
93CD32
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
}
define(address,Player.StartKillingPlayer+8D)
define(bytes,48 85 ED 0F 84 80 01 00 00)
[ENABLE]
assert(address,bytes)
address+04:
db 85
[DISABLE]
address+04:
db 84
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+14E0551
GameAssembly.dll+14E0525: 57 - push rdi
GameAssembly.dll+14E0526: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+14E052A: 80 3D 86 6F 6D 02 00 - cmp byte ptr [GameAssembly.dll+3BB74B7],00
GameAssembly.dll+14E0531: 48 8B F9 - mov rdi,rcx
GameAssembly.dll+14E0534: 75 12 - jne GameAssembly.dll+14E0548
GameAssembly.dll+14E0536: 8B 0D F8 20 D4 01 - mov ecx,[GameAssembly.dll+3222634]
GameAssembly.dll+14E053C: E8 6F 03 C2 FE - call GameAssembly.dll+1008B0
GameAssembly.dll+14E0541: C6 05 6F 6F 6D 02 01 - mov byte ptr [GameAssembly.dll+3BB74B7],01
GameAssembly.dll+14E0548: 48 8B 77 18 - mov rsi,[rdi+18]
GameAssembly.dll+14E054C: 48 89 5C 24 40 - mov [rsp+40],rbx
// ---------- INJECTING HERE ----------
GameAssembly.dll+14E0551: 48 85 F6 - test rsi,rsi
// ---------- DONE INJECTING ----------
GameAssembly.dll+14E0554: 0F 84 EE 00 00 00 - je GameAssembly.dll+14E0648
GameAssembly.dll+14E055A: 48 8B 0D 7F BC 6F 02 - mov rcx,[GameAssembly.dll+3BDC1E0]
GameAssembly.dll+14E0561: 48 8B 5E 78 - mov rbx,[rsi+78]
GameAssembly.dll+14E0565: E8 D6 FC B3 FE - call GameAssembly.dll+20240
GameAssembly.dll+14E056A: 48 8B 15 67 3C 72 02 - mov rdx,[GameAssembly.dll+3C041D8]
GameAssembly.dll+14E0571: 4C 8B C8 - mov r9,rax
GameAssembly.dll+14E0574: 4C 8B C3 - mov r8,rbx
GameAssembly.dll+14E0577: 48 C7 44 24 20 00 00 00 00 - mov qword ptr [rsp+20],00000000
GameAssembly.dll+14E0580: 48 8B CE - mov rcx,rsi
GameAssembly.dll+14E0583: E8 F8 AA 96 01 - call Photon.Pun.PhotonView.RPC
}
329
"Other"
FF8000
1
70127
"Truck Keypad Ends Mission while people are outside (Host Only)"
93CD32
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
Edited/Updated by: Glowmoss
}
[ENABLE]
aobscanregion(TruckKeypad,ExitLevel.ThereAreAlivePlayersOutsideTheTruck,ExitLevel.ThereAreAlivePlayersOutsideTheTruck+210,3B 79 18 0F 8D)
registersymbol(TruckKeypad)
TruckKeypad+04:
db 85
[DISABLE]
TruckKeypad+04:
db 8D
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+18D470F
GameAssembly.dll+18D46E5: 48 8B 88 B8 00 00 00 - mov rcx,[rax+000000B8]
GameAssembly.dll+18D46EC: 48 8B 01 - mov rax,[rcx]
GameAssembly.dll+18D46EF: 48 8B C8 - mov rcx,rax
GameAssembly.dll+18D46F2: 48 85 C0 - test rax,rax
GameAssembly.dll+18D46F5: 0F 84 C1 01 00 00 - je GameAssembly.dll+18D48BC
GameAssembly.dll+18D46FB: 8D 73 20 - lea esi,[rbx+20]
GameAssembly.dll+18D46FE: 44 8D 7B 01 - lea r15d,[rbx+01]
GameAssembly.dll+18D4702: 48 8B 51 68 - mov rdx,[rcx+68]
GameAssembly.dll+18D4706: 48 85 D2 - test rdx,rdx
GameAssembly.dll+18D4709: 0F 84 AD 01 00 00 - je GameAssembly.dll+18D48BC
// ---------- INJECTING HERE ----------
GameAssembly.dll+18D470F: 44 3B 42 18 - cmp r8d,[rdx+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+18D4713: 0F 8D 87 01 00 00 - jnl GameAssembly.dll+18D48A0
GameAssembly.dll+18D4719: 48 85 C0 - test rax,rax
GameAssembly.dll+18D471C: 0F 84 9A 01 00 00 - je GameAssembly.dll+18D48BC
GameAssembly.dll+18D4722: 48 8B 78 68 - mov rdi,[rax+68]
GameAssembly.dll+18D4726: 48 85 FF - test rdi,rdi
GameAssembly.dll+18D4729: 0F 84 8D 01 00 00 - je GameAssembly.dll+18D48BC
GameAssembly.dll+18D472F: 3B 5F 18 - cmp ebx,[rdi+18]
GameAssembly.dll+18D4732: 72 07 - jb GameAssembly.dll+18D473B
GameAssembly.dll+18D4734: 33 C9 - xor ecx,ecx
GameAssembly.dll+18D4736: E8 95 11 BF FE - call System.ThrowHelper.ThrowArgumentOutOfRangeException
}
1337094202
"^^You Need to press the button it doesn't auto end"
0000FF
1
70124
"Hunt Anti-Close Door Not Fully Tested On 0.7.1.1"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Mortal991
Edited/Updated by: Glowmoss
}
[ENABLE]
aobscanregion(DoorAntiClose,Door.HuntingCloseDoorNetworked,Door.HuntingCloseDoorNetworked+150,84 C0 0F 84)
registersymbol(DoorAntiClose)
DoorAntiClose+03:
db 85
[DISABLE]
DoorAntiClose+03:
db 84
unregistersymbol(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1189F0D
GameAssembly.dll+1189EEE: CC - int 3
GameAssembly.dll+1189EEF: CC - int 3
Door.HuntingCloseDoorNetworked: 40 53 - push rbx
GameAssembly.dll+1189EF2: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+1189EF6: 0F 10 0A - movups xmm1,[rdx]
GameAssembly.dll+1189EF9: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+1189EFC: 33 D2 - xor edx,edx
GameAssembly.dll+1189EFE: 66 0F 73 D9 08 - psrldq xmm1,08
GameAssembly.dll+1189F03: 66 48 0F 7E C9 - movq rcx,xmm1
GameAssembly.dll+1189F08: E8 83 1A 28 01 - call ੳ੭੦੬ੰ੮੬ੳ੧ੲੰ.੫੫੦ੳੴ੦੩੫ੲੴ੮
// ---------- INJECTING HERE ----------
GameAssembly.dll+1189F0D: 84 C0 - test al,al
// ---------- DONE INJECTING ----------
GameAssembly.dll+1189F0F: 0F 84 BE 00 00 00 - je GameAssembly.dll+1189FD3
GameAssembly.dll+1189F15: 80 3D A2 BB A2 02 00 - cmp byte ptr [GameAssembly.dll+3BB5ABE],00
GameAssembly.dll+1189F1C: 75 12 - jne GameAssembly.dll+1189F30
GameAssembly.dll+1189F1E: 8B 0D 30 14 09 02 - mov ecx,[GameAssembly.dll+321B354]
GameAssembly.dll+1189F24: E8 87 69 F7 FE - call GameAssembly.dll+1008B0
GameAssembly.dll+1189F29: C6 05 8E BB A2 02 01 - mov byte ptr [GameAssembly.dll+3BB5ABE],01
GameAssembly.dll+1189F30: 48 8B 05 71 0B A8 02 - mov rax,[GameAssembly.dll+3C0AAA8]
GameAssembly.dll+1189F37: 48 8B 88 B8 00 00 00 - mov rcx,[rax+000000B8]
GameAssembly.dll+1189F3E: 48 8B 01 - mov rax,[rcx]
GameAssembly.dll+1189F41: 48 85 C0 - test rax,rax
}
70150
"Lock All Doors"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
}
define(address,Door.Update)
define(bytes,40 53 48 83 EC 40)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 100,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,Door.Update)
label(code)
label(return)
newmem:
code:
jmp Door.LockDoor
push rbx
sub rsp,40
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,40
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Door.Update
GameAssembly.dll+118FD92: E8 59 0C F7 FE - call GameAssembly.dll+1009F0
GameAssembly.dll+118FD97: CC - int 3
GameAssembly.dll+118FD98: CC - int 3
GameAssembly.dll+118FD99: CC - int 3
GameAssembly.dll+118FD9A: CC - int 3
GameAssembly.dll+118FD9B: CC - int 3
GameAssembly.dll+118FD9C: CC - int 3
GameAssembly.dll+118FD9D: CC - int 3
GameAssembly.dll+118FD9E: CC - int 3
GameAssembly.dll+118FD9F: CC - int 3
// ---------- INJECTING HERE ----------
Door.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+118FDA2: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+118FDA6: 80 3D 2C 5D A2 02 00 - cmp byte ptr [GameAssembly.dll+3BB5AD9],00
GameAssembly.dll+118FDAD: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+118FDB0: 75 12 - jne GameAssembly.dll+118FDC4
GameAssembly.dll+118FDB2: 8B 0D 54 BF 08 02 - mov ecx,[GameAssembly.dll+321BD0C]
GameAssembly.dll+118FDB8: E8 F3 0A F7 FE - call GameAssembly.dll+1008B0
GameAssembly.dll+118FDBD: C6 05 15 5D A2 02 01 - mov byte ptr [GameAssembly.dll+3BB5AD9],01
GameAssembly.dll+118FDC4: 80 7B 18 00 - cmp byte ptr [rbx+18],00
GameAssembly.dll+118FDC8: 0F 85 8D 00 00 00 - jne GameAssembly.dll+118FE5B
GameAssembly.dll+118FDCE: 48 8B 0D 73 A9 A3 02 - mov rcx,[GameAssembly.dll+3BCA748]
}
70151
"Unlock All Doors"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
}
define(address,Door.Update)
define(bytes,40 53 48 83 EC 40)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 100,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,Door.Update)
label(code)
label(return)
newmem:
code:
jmp Door.UnlockDoor
push rbx
sub rsp,40
jmp return
address:
jmp newmem
nop
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,40
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Door.Update
GameAssembly.dll+118FD92: E8 59 0C F7 FE - call GameAssembly.dll+1009F0
GameAssembly.dll+118FD97: CC - int 3
GameAssembly.dll+118FD98: CC - int 3
GameAssembly.dll+118FD99: CC - int 3
GameAssembly.dll+118FD9A: CC - int 3
GameAssembly.dll+118FD9B: CC - int 3
GameAssembly.dll+118FD9C: CC - int 3
GameAssembly.dll+118FD9D: CC - int 3
GameAssembly.dll+118FD9E: CC - int 3
GameAssembly.dll+118FD9F: CC - int 3
// ---------- INJECTING HERE ----------
Door.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+118FDA2: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+118FDA6: 80 3D 2C 5D A2 02 00 - cmp byte ptr [GameAssembly.dll+3BB5AD9],00
GameAssembly.dll+118FDAD: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+118FDB0: 75 12 - jne GameAssembly.dll+118FDC4
GameAssembly.dll+118FDB2: 8B 0D 54 BF 08 02 - mov ecx,[GameAssembly.dll+321BD0C]
GameAssembly.dll+118FDB8: E8 F3 0A F7 FE - call GameAssembly.dll+1008B0
GameAssembly.dll+118FDBD: C6 05 15 5D A2 02 01 - mov byte ptr [GameAssembly.dll+3BB5AD9],01
GameAssembly.dll+118FDC4: 80 7B 18 00 - cmp byte ptr [rbx+18],00
GameAssembly.dll+118FDC8: 0F 85 8D 00 00 00 - jne GameAssembly.dll+118FE5B
GameAssembly.dll+118FDCE: 48 8B 0D 73 A9 A3 02 - mov rcx,[GameAssembly.dll+3BCA748]
}
1337094196
"Open all Unlocked Doors (Can make doors disappear when used a lot)"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2022-05-06
Author : Glowmoss
}
define(address,Door.Update)
define(bytes,40 53 48 83 EC 40)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 100,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,Door.Update)
label(code)
label(return)
newmem:
code:
jmp Door.OpenDoor
push rbx
sub rsp,40
jmp return
address:
jmp newmem
db 90
return:
[DISABLE]
address:
db bytes
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Door.Update
GameAssembly.dll+16E9BE6: CC - int 3
GameAssembly.dll+16E9BE7: CC - int 3
GameAssembly.dll+16E9BE8: CC - int 3
GameAssembly.dll+16E9BE9: CC - int 3
GameAssembly.dll+16E9BEA: CC - int 3
GameAssembly.dll+16E9BEB: CC - int 3
GameAssembly.dll+16E9BEC: CC - int 3
GameAssembly.dll+16E9BED: CC - int 3
GameAssembly.dll+16E9BEE: CC - int 3
GameAssembly.dll+16E9BEF: CC - int 3
// ---------- INJECTING HERE ----------
Door.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+16E9BF2: 48 83 EC 40 - sub rsp,40
GameAssembly.dll+16E9BF6: 80 3D 0E 87 25 02 00 - cmp byte ptr [GameAssembly.dll+394230B],00
GameAssembly.dll+16E9BFD: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+16E9C00: 75 13 - jne GameAssembly.dll+16E9C15
GameAssembly.dll+16E9C02: 48 8D 0D 3F B9 1C 02 - lea rcx,[GameAssembly.dll+38B5548]
GameAssembly.dll+16E9C09: E8 62 A3 A9 FE - call GameAssembly.dll+183F70
GameAssembly.dll+16E9C0E: C6 05 F6 86 25 02 01 - mov byte ptr [GameAssembly.dll+394230B],01
GameAssembly.dll+16E9C15: 33 C0 - xor eax,eax
GameAssembly.dll+16E9C17: 48 89 44 24 20 - mov [rsp+20],rax
GameAssembly.dll+16E9C1C: 89 44 24 28 - mov [rsp+28],eax
}
1337094193
"Turn on all lights/TVs on the map"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2022-05-06
Author : Glowmoss
}
define(address,LightSource.Update)
define(bytes,40 53 48 83 EC 30)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 100,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,Door.Update)
label(code)
label(return)
newmem:
code:
jmp LightSource.TurnOn
push rbx
sub rsp,30
jmp return
address:
jmp newmem
db 90
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,40
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: LightSource.Update
GameAssembly.dll+235CB16: CC - int 3
GameAssembly.dll+235CB17: CC - int 3
GameAssembly.dll+235CB18: CC - int 3
GameAssembly.dll+235CB19: CC - int 3
GameAssembly.dll+235CB1A: CC - int 3
GameAssembly.dll+235CB1B: CC - int 3
GameAssembly.dll+235CB1C: CC - int 3
GameAssembly.dll+235CB1D: CC - int 3
GameAssembly.dll+235CB1E: CC - int 3
GameAssembly.dll+235CB1F: CC - int 3
// ---------- INJECTING HERE ----------
LightSource.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+235CB22: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+235CB26: 80 3D 96 B2 5E 01 00 - cmp byte ptr [GameAssembly.dll+3947DC3],00
GameAssembly.dll+235CB2D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+235CB30: 75 1F - jne GameAssembly.dll+235CB51
GameAssembly.dll+235CB32: 48 8D 0D 77 D9 54 01 - lea rcx,[GameAssembly.dll+38AA4B0]
GameAssembly.dll+235CB39: E8 32 74 E2 FD - call GameAssembly.dll+183F70
GameAssembly.dll+235CB3E: 48 8D 0D 03 8A 55 01 - lea rcx,[GameAssembly.dll+38B5548]
GameAssembly.dll+235CB45: E8 26 74 E2 FD - call GameAssembly.dll+183F70
GameAssembly.dll+235CB4A: C6 05 72 B2 5E 01 01 - mov byte ptr [GameAssembly.dll+3947DC3],01
GameAssembly.dll+235CB51: 80 7B 6D 00 - cmp byte ptr [rbx+6D],00
}
1337094194
"Turn off all lights/TVs on the map"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2022-05-06
Author : Glowmoss
}
define(address,LightSource.Update)
define(bytes,40 53 48 83 EC 30)
[ENABLE]
{$lua}
if not syntaxcheck then
synchronize(function()
local t = createTimer()
t.Interval,t.OnTimer = 100,function(tm)
tm.Destroy()
memrec.Active = false
end
end)
end
{$asm}
assert(address,bytes)
alloc(newmem,$100,Door.Update)
label(code)
label(return)
newmem:
code:
jmp LightSource.TurnOff
push rbx
sub rsp,30
jmp return
address:
jmp newmem
db 90
return:
[DISABLE]
address:
db bytes
// push rbx
// sub rsp,40
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: LightSource.Update
GameAssembly.dll+235CB16: CC - int 3
GameAssembly.dll+235CB17: CC - int 3
GameAssembly.dll+235CB18: CC - int 3
GameAssembly.dll+235CB19: CC - int 3
GameAssembly.dll+235CB1A: CC - int 3
GameAssembly.dll+235CB1B: CC - int 3
GameAssembly.dll+235CB1C: CC - int 3
GameAssembly.dll+235CB1D: CC - int 3
GameAssembly.dll+235CB1E: CC - int 3
GameAssembly.dll+235CB1F: CC - int 3
// ---------- INJECTING HERE ----------
LightSource.Update: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+235CB22: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+235CB26: 80 3D 96 B2 5E 01 00 - cmp byte ptr [GameAssembly.dll+3947DC3],00
GameAssembly.dll+235CB2D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+235CB30: 75 1F - jne GameAssembly.dll+235CB51
GameAssembly.dll+235CB32: 48 8D 0D 77 D9 54 01 - lea rcx,[GameAssembly.dll+38AA4B0]
GameAssembly.dll+235CB39: E8 32 74 E2 FD - call GameAssembly.dll+183F70
GameAssembly.dll+235CB3E: 48 8D 0D 03 8A 55 01 - lea rcx,[GameAssembly.dll+38B5548]
GameAssembly.dll+235CB45: E8 26 74 E2 FD - call GameAssembly.dll+183F70
GameAssembly.dll+235CB4A: C6 05 72 B2 5E 01 01 - mov byte ptr [GameAssembly.dll+3947DC3],01
GameAssembly.dll+235CB51: 80 7B 6D 00 - cmp byte ptr [rbx+6D],00
}
1337094197
"^^^This is just for lights that you can switch on or off It affects a light in the lobby as well"
0000FF
1
70159
"Disable End Game (game doesn't end If you die)"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
Edited/Updated by: Glowmoss
}
define(disabledeathend,GameController.PlayerDied+41)
define(bytes,84 C0 74 2B 33 D2)
[ENABLE]
assert(disabledeathend,bytes)
registersymbol(disabledeathend)
disabledeathend+02:
db 75
[DISABLE]
disabledeathend+02:
db 74
unregistersymbol(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+14A7F01
GameAssembly.dll+14A7ED0: 75 13 - jne GameAssembly.dll+14A7EE5
GameAssembly.dll+14A7ED2: 48 8D 0D AF 85 46 03 - lea rcx,[GameAssembly.dll+4910488]
GameAssembly.dll+14A7ED9: E8 E2 48 DE FE - call GameAssembly.mono_type_is_struct+73F0
GameAssembly.dll+14A7EDE: C6 05 81 2B 61 03 01 - mov byte ptr [GameAssembly.dll+4ABAA66],01
GameAssembly.dll+14A7EE5: 48 8B 0D 9C 85 46 03 - mov rcx,[GameAssembly.dll+4910488]
GameAssembly.dll+14A7EEC: 83 B9 E0 00 00 00 00 - cmp dword ptr [rcx+000000E0],00
GameAssembly.dll+14A7EF3: 75 05 - jne GameAssembly.dll+14A7EFA
GameAssembly.dll+14A7EF5: E8 F6 C4 DD FE - call GameAssembly.il2cpp_runtime_class_init
GameAssembly.dll+14A7EFA: 33 C9 - xor ecx,ecx
GameAssembly.dll+14A7EFC: E8 BF 1C F6 01 - call Photon.Pun.PhotonNetwork.get_IsMasterClient
// ---------- INJECTING HERE ----------
GameAssembly.dll+14A7F01: 84 C0 - test al,al
// ---------- DONE INJECTING ----------
GameAssembly.dll+14A7F03: 74 2B - je GameAssembly.dll+14A7F30
GameAssembly.dll+14A7F05: 33 D2 - xor edx,edx
GameAssembly.dll+14A7F07: 48 8B CB - mov rcx,rbx
GameAssembly.dll+14A7F0A: E8 01 8C 00 00 - call GameController.഻ഩഺമറഹഴധഫ
GameAssembly.dll+14A7F0F: 84 C0 - test al,al
GameAssembly.dll+14A7F11: 74 1D - je GameAssembly.dll+14A7F30
GameAssembly.dll+14A7F13: 33 D2 - xor edx,edx
GameAssembly.dll+14A7F15: 48 8B CB - mov rcx,rbx
GameAssembly.dll+14A7F18: E8 33 72 00 00 - call GameController.വവണലയഡ഻രത
GameAssembly.dll+14A7F1D: 45 33 C0 - xor r8d,r8d
}
70099
"Cursed Items Anti-Break (Host Only) [ig] Not Fully Tested On 0.7.1.1"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 2022-01-09
Edited/Updated by: Glowmoss
}
[ENABLE]
aobscanregion(MusicBoxB,MusicBox.BreakMusicBox,MusicBox.BreakMusicBox+290,80 ? ? ? 0F 85 ? ? ? ? 80 ? ? ? 0F 84 ? ? ? ? 48 89)
aobscanregion(OuijaBoardB,OuijaBoard.BreakBoard,OuijaBoard.BreakBoard+700,80 ? ? ? 0F 85 ? ? ? ? 80 ? ? ? 0F 84 ? ? ? ? 48 89)
aobscanregion(HauntedMirrorB,HauntedMirror.BreakItem,HauntedMirror.BreakItem+2D0,80 ? ? ? 0F 85 ? ? ? ? 80 ? ? ? 0F 84 ? ? ? ? 33)
registersymbol(MusicBoxB OuijaBoardB HauntedMirrorB)
MusicBoxB+03:
db 02
OuijaBoardB+03:
db 02
HauntedMirrorB+03:
db 01
[DISABLE]
MusicBoxB+03:
db 00
OuijaBoardB+03:
db 00
HauntedMirrorB+03:
db 00
unregistersymbol(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1EC862B
MusicBox.BreakMusicBox: 48 89 5C 24 18 - mov [rsp+18],rbx
GameAssembly.dll+1EC8605: 57 - push rdi
GameAssembly.dll+1EC8606: 48 83 EC 50 - sub rsp,50
GameAssembly.dll+1EC860A: 80 3D 2A 50 D8 01 00 - cmp byte ptr [GameAssembly.dll+3C4D63B],00
GameAssembly.dll+1EC8611: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+1EC8614: 0F B6 FA - movzx edi,dl
GameAssembly.dll+1EC8617: 75 12 - jne GameAssembly.dll+1EC862B
GameAssembly.dll+1EC8619: 8B 0D 85 58 41 01 - mov ecx,[GameAssembly.dll+32DDEA4]
GameAssembly.dll+1EC861F: E8 EC 8E 22 FE - call GameAssembly.dll+F1510
GameAssembly.dll+1EC8624: C6 05 10 50 D8 01 01 - mov byte ptr [GameAssembly.dll+3C4D63B],01
// ---------- INJECTING HERE ----------
GameAssembly.dll+1EC862B: 80 7B 31 00 - cmp byte ptr [rbx+31],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+1EC862F: 0F 85 EA 01 00 00 - jne GameAssembly.dll+1EC881F
GameAssembly.dll+1EC8635: 80 7B 32 00 - cmp byte ptr [rbx+32],00
GameAssembly.dll+1EC8639: 0F 84 E0 01 00 00 - je GameAssembly.dll+1EC881F
GameAssembly.dll+1EC863F: 48 89 6C 24 60 - mov [rsp+60],rbp
GameAssembly.dll+1EC8644: 48 89 74 24 68 - mov [rsp+68],rsi
GameAssembly.dll+1EC8649: 48 8B 43 38 - mov rax,[rbx+38]
GameAssembly.dll+1EC864D: 48 85 C0 - test rax,rax
GameAssembly.dll+1EC8650: 0F 84 D4 01 00 00 - je GameAssembly.dll+1EC882A
GameAssembly.dll+1EC8656: 48 8B 50 30 - mov rdx,[rax+30]
GameAssembly.dll+1EC865A: 48 85 D2 - test rdx,rdx
}
70165
"Choose Specific Tarot Card [ig]"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Author : Mortal991
}
define(Cards,TarotCard.SetCard+4A)
define(bytes,89 AB 30 01 00 00)
[ENABLE]
assert(Cards,bytes)
alloc(newmem,128,Cards)
registersymbol(Card)
label(return Card)
newmem:
mov ebp,[Card]
mov [rdi+00000130],ebp
jmp return
Card:
dq 0
Cards:
jmp newmem
db 90
return:
[DISABLE]
Cards:
db bytes
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1E939ED
GameAssembly.dll+1E939C0: 48 83 EC 20 - sub rsp,20
GameAssembly.dll+1E939C4: 80 3D 62 83 D0 01 00 - cmp byte ptr [GameAssembly.dll+3B9BD2D],00
GameAssembly.dll+1E939CB: 48 8B F1 - mov rsi,rcx
GameAssembly.dll+1E939CE: 48 63 FA - movsxd rdi,edx
GameAssembly.dll+1E939D1: 75 12 - jne GameAssembly.dll+1E939E5
GameAssembly.dll+1E939D3: 8B 0D F7 05 2D 01 - mov ecx,[GameAssembly.dll+3163FD0]
GameAssembly.dll+1E939D9: E8 12 0B 25 FE - call GameAssembly.dll+E44F0
GameAssembly.dll+1E939DE: C6 05 48 83 D0 01 01 - mov byte ptr [GameAssembly.dll+3B9BD2D],01
GameAssembly.dll+1E939E5: 48 8B 6E 20 - mov rbp,[rsi+20]
GameAssembly.dll+1E939E9: 48 8B 5E 40 - mov rbx,[rsi+40]
// ---------- INJECTING HERE ----------
GameAssembly.dll+1E939ED: 89 BE 30 01 00 00 - mov [rsi+00000130],edi
// ---------- DONE INJECTING ----------
GameAssembly.dll+1E939F3: 85 FF - test edi,edi
GameAssembly.dll+1E939F5: 75 33 - jne GameAssembly.dll+1E93A2A
GameAssembly.dll+1E939F7: 48 85 DB - test rbx,rbx
GameAssembly.dll+1E939FA: 0F 84 BA 00 00 00 - je GameAssembly.dll+1E93ABA
GameAssembly.dll+1E93A00: 8B 53 18 - mov edx,[rbx+18]
GameAssembly.dll+1E93A03: 8D 4F 01 - lea ecx,[rdi+01]
GameAssembly.dll+1E93A06: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+1E93A09: E8 72 2A C6 FE - call UnityEngine.Random.Range
GameAssembly.dll+1E93A0E: 48 63 D0 - movsxd rdx,eax
GameAssembly.dll+1E93A11: 3B 53 18 - cmp edx,[rbx+18]
}
70166
"Card"
0:Fool
1:Wheel Of Fortune
2:Tower
3:Devil
4:Death
5:Hermit
6:Moon
7:Sun
8:High Priestess
9:Hanged Man
0
FFFF00
4 Bytes
Card
1337094201
"Inf Tarot Cards (The Deck will turn invisible after 10 but you can still pull cards) [ig]"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 2022-05-17
Author : Glowmoss
}
define(inftarot,TarotCards.ഢ഻ണഷഢഫഺവഫ+6D)
define(bytes,83 78 18 00)
[ENABLE]
assert(inftarot,bytes)
alloc(newmem,64,inftarot)
alloc(inftarot_orig,10)
registersymbol(inftarot inftarot_orig)
label(return)
inftarot_orig:
readmem(inftarot,10)
newmem:
mov [rax+18],A
cmp dword ptr [rax+18],00
reassemble(inftarot+04)
jmp return
inftarot:
jmp newmem
db 90 90 90 90 90
return:
[DISABLE]
inftarot:
readmem(inftarot_orig,10)
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+199671D
GameAssembly.dll+19966F2: C6 05 2F 65 12 03 01 - mov byte ptr [GameAssembly.dll+4ABCC28],01
GameAssembly.dll+19966F9: 33 D2 - xor edx,edx
GameAssembly.dll+19966FB: 48 8B CB - mov rcx,rbx
GameAssembly.dll+19966FE: E8 FD F3 ED FF - call CursedItem.ഢഺഷഴസഥഫഩഺ
GameAssembly.dll+1996703: 84 C0 - test al,al
GameAssembly.dll+1996705: 0F 84 62 01 00 00 - je GameAssembly.dll+199686D
GameAssembly.dll+199670B: 48 8B 43 60 - mov rax,[rbx+60]
GameAssembly.dll+199670F: 48 89 7C 24 40 - mov [rsp+40],rdi
GameAssembly.dll+1996714: 48 85 C0 - test rax,rax
GameAssembly.dll+1996717: 0F 84 56 01 00 00 - je GameAssembly.dll+1996873
// ---------- INJECTING HERE ----------
GameAssembly.dll+199671D: 83 78 18 00 - cmp dword ptr [rax+18],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+1996721: 0F 84 41 01 00 00 - je GameAssembly.dll+1996868
GameAssembly.dll+1996727: 33 C9 - xor ecx,ecx
GameAssembly.dll+1996729: E8 B2 6A CA FE - call Network.get_Instance
GameAssembly.dll+199672E: 48 85 C0 - test rax,rax
GameAssembly.dll+1996731: 0F 84 3C 01 00 00 - je GameAssembly.dll+1996873
GameAssembly.dll+1996737: 48 8B 40 20 - mov rax,[rax+20]
GameAssembly.dll+199673B: 48 85 C0 - test rax,rax
GameAssembly.dll+199673E: 0F 84 2F 01 00 00 - je GameAssembly.dll+1996873
GameAssembly.dll+1996744: 48 8B 40 60 - mov rax,[rax+60]
GameAssembly.dll+1996748: 48 85 C0 - test rax,rax
}
70130
"Evidence Controller [ig]"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Zephirot
}
define(address,EvidenceController.Update)
define(bytes,40 57 48 83 EC 30)
[ENABLE]
assert(address,bytes)
alloc(newmem,128,EvidenceController.Update)
label(return _evidencecontroller)
registersymbol(_evidencecontroller)
newmem:
push rdi
sub rsp,30
mov [_evidencecontroller],rcx
jmp return
_evidencecontroller:
dq 0
address:
jmp newmem
db 90
return:
[DISABLE]
address:
db bytes
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: EvidenceController.Start
GameAssembly.dll+17AD446: 84 C0 - test al,al
GameAssembly.dll+17AD448: 74 04 - je GameAssembly.dll+17AD44E
GameAssembly.dll+17AD44A: C6 47 58 01 - mov byte ptr [rdi+58],01
GameAssembly.dll+17AD44E: 48 8B 5C 24 70 - mov rbx,[rsp+70]
GameAssembly.dll+17AD453: 48 83 C4 60 - add rsp,60
GameAssembly.dll+17AD457: 5F - pop rdi
GameAssembly.dll+17AD458: C3 - ret
GameAssembly.dll+17AD459: E8 52 A6 95 FE - call GameAssembly.dll+107AB0
GameAssembly.dll+17AD45E: CC - int 3
GameAssembly.dll+17AD45F: CC - int 3
// ---------- INJECTING HERE ----------
EvidenceController.Start: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+17AD462: 48 83 EC 20 - sub rsp,20
GameAssembly.dll+17AD466: 80 3D E3 D3 40 02 00 - cmp byte ptr [GameAssembly.dll+3BBA850],00
GameAssembly.dll+17AD46D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+17AD470: 75 12 - jne GameAssembly.dll+17AD484
GameAssembly.dll+17AD472: 8B 0D DC FD A9 01 - mov ecx,[GameAssembly.dll+324D254]
GameAssembly.dll+17AD478: E8 C3 A4 95 FE - call GameAssembly.dll+107940
GameAssembly.dll+17AD47D: C6 05 CC D3 40 02 01 - mov byte ptr [GameAssembly.dll+3BBA850],01
GameAssembly.dll+17AD484: 48 8B 05 BD EE 45 02 - mov rax,[GameAssembly.dll+3C0C348]
GameAssembly.dll+17AD48B: 48 8D 4B 50 - lea rcx,[rbx+50]
GameAssembly.dll+17AD48F: 48 8B 90 B8 00 00 00 - mov rdx,[rax+000000B8]
}
1337094220
" Shows if Bones, Ouija Board, Dirty Water, Fingerprints, Interactions, and so on are present on the map "
0000FF
1
1337094221
"and where the bone is"
0000FF
1
1337094199
"Bone Location"
0
D500D5
String
20
1
0
1
_evidencecontroller
14
60
40
30
70131
"Item 1"
0
D500D5
String
30
1
0
1
_evidencecontroller
14
20
20
20
10
18
1337094288
"Item 2"
0
D500D5
String
30
1
0
1
_evidencecontroller
14
20
20
28
10
18
1337094296
"Item 3"
0
D500D5
String
30
1
0
1
_evidencecontroller
14
20
20
30
10
18
1337094295
"Item 4"
0
D500D5
String
30
1
0
1
_evidencecontroller
14
20
20
38
10
18
1337094294
"Item 5"
0
D500D5
String
30
1
0
1
_evidencecontroller
14
20
20
40
10
18
1337094293
"Item 6"
0
D500D5
String
30
1
0
1
_evidencecontroller
14
20
20
48
10
18
1337094292
"Item 7"
0
D500D5
String
30
1
0
1
_evidencecontroller
14
20
20
50
10
18
1337094291
"Item 8"
0
D500D5
String
30
1
0
1
_evidencecontroller
14
20
20
58
10
18
1337094290
"Item 9"
0
D500D5
String
30
1
0
1
_evidencecontroller
14
20
20
60
10
18
1337094289
"Item 10"
0
D500D5
String
30
1
0
1
_evidencecontroller
14
20
20
68
10
18
70070
"Power & Light Info (use a switch to see values) [ig]"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Author : Zephirot
Mono : Assembly-CSharp.dll -> FuseBox:ChangeOnLights()
Edited/Updated by: Glowmoss
}
define(Fuses,"FuseBox.ChangeOnLights")
//define(bytes,40 53 48 83 EC 20)
[ENABLE]
alloc(newmem,$100,"FuseBox.ChangeOnLights")
alloc(_FuseBox,8)
alloc(FuseOrig,6)
label(return)
registersymbol(Fuses _FuseBox FuseOrig)
FuseOrig:
readmem(Fuses,6)
newmem:
reassemble(Fuses)
reassemble(Fuses+02)
mov [_FuseBox],rcx
jmp return
_FuseBox:
dq 0
Fuses:
jmp newmem
db 90
return:
[DISABLE]
Fuses:
readmem(FuseOrig,6)
dealloc(*)
unregistersymbol(*)
{
// ORIGINAL CODE - INJECTION POINT: FuseBox.ChangeOnLights
GameAssembly.dll+143A243: 48 8B 5C 24 30 - mov rbx,[rsp+30]
GameAssembly.dll+143A248: 48 8B 74 24 38 - mov rsi,[rsp+38]
GameAssembly.dll+143A24D: 48 83 C4 20 - add rsp,20
GameAssembly.dll+143A251: 5F - pop rdi
GameAssembly.dll+143A252: E9 49 A8 35 00 - jmp PhotonObjectInteract.੮੫੯੫ੳ੫੪੬੨੨੮
GameAssembly.dll+143A257: E8 F4 66 CC FE - call GameAssembly.dll+100950
GameAssembly.dll+143A25C: CC - int 3
GameAssembly.dll+143A25D: CC - int 3
GameAssembly.dll+143A25E: CC - int 3
GameAssembly.dll+143A25F: CC - int 3
// ---------- INJECTING HERE ----------
FuseBox.ChangeOnLights: 48 89 5C 24 10 - mov [rsp+10],rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+143A265: 48 89 74 24 18 - mov [rsp+18],rsi
GameAssembly.dll+143A26A: 57 - push rdi
GameAssembly.dll+143A26B: 48 83 EC 20 - sub rsp,20
GameAssembly.dll+143A26F: 80 3D 46 C9 74 02 00 - cmp byte ptr [GameAssembly.dll+3B86BBC],00
GameAssembly.dll+143A276: 8B DA - mov ebx,edx
GameAssembly.dll+143A278: 48 8B F9 - mov rdi,rcx
GameAssembly.dll+143A27B: 75 12 - jne GameAssembly.dll+143A28F
GameAssembly.dll+143A27D: 8B 0D 49 56 DC 01 - mov ecx,[GameAssembly.dll+31FF8CC]
GameAssembly.dll+143A283: E8 58 65 CC FE - call GameAssembly.dll+1007E0
GameAssembly.dll+143A288: C6 05 2D C9 74 02 01 - mov byte ptr [GameAssembly.dll+3B86BBC],01
}
{ 0.6.2.0
// ORIGINAL CODE - INJECTION POINT: FuseBox.ChangeOnLights
GameAssembly.dll+13AFAFE: 5F - pop rdi
GameAssembly.dll+13AFAFF: E9 6C 1D A1 00 - jmp PhotonObjectInteract.AddUseEvent
GameAssembly.dll+13AFB04: E8 D7 45 DD FE - call GameAssembly.dll+1840E0
GameAssembly.dll+13AFB09: CC - int 3
GameAssembly.dll+13AFB0A: CC - int 3
GameAssembly.dll+13AFB0B: CC - int 3
GameAssembly.dll+13AFB0C: CC - int 3
GameAssembly.dll+13AFB0D: CC - int 3
GameAssembly.dll+13AFB0E: CC - int 3
GameAssembly.dll+13AFB0F: CC - int 3
// ---------- INJECTING HERE ----------
FuseBox.ChangeOnLights: 40 53 - push rbx
// ---------- DONE INJECTING ----------
GameAssembly.dll+13AFB12: 48 83 EC 20 - sub rsp,20
GameAssembly.dll+13AFB16: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+13AFB19: 45 33 C9 - xor r9d,r9d
GameAssembly.dll+13AFB1C: 8B 89 80 00 00 00 - mov ecx,[rcx+00000080]
GameAssembly.dll+13AFB22: 03 CA - add ecx,edx
GameAssembly.dll+13AFB24: 33 D2 - xor edx,edx
GameAssembly.dll+13AFB26: 44 8B 83 84 00 00 00 - mov r8d,[rbx+00000084]
GameAssembly.dll+13AFB2D: 89 8B 80 00 00 00 - mov [rbx+00000080],ecx
GameAssembly.dll+13AFB33: E8 58 E0 47 FF - call UnityEngine.Mathf.Clamp
GameAssembly.dll+13AFB38: 89 83 80 00 00 00 - mov [rbx+00000080],eax
}
{ latest
// ORIGINAL CODE - INJECTION POINT: FuseBox.ChangeOnLights
GameAssembly.dll+24BBFDA: 48 8B F0 - mov rsi,rax
GameAssembly.dll+24BBFDD: E8 AE 7E F6 FD - call System.Xml.Serialization.XmlSerializationReadCallback..ctor
GameAssembly.dll+24BBFE2: 48 85 FF - test rdi,rdi
GameAssembly.dll+24BBFE5: 74 1D - je GameAssembly.dll+24BC004
GameAssembly.dll+24BBFE7: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+24BBFEA: 48 8B D6 - mov rdx,rsi
GameAssembly.dll+24BBFED: 48 8B CF - mov rcx,rdi
GameAssembly.dll+24BBFF0: 48 8B 5C 24 30 - mov rbx,[rsp+30]
GameAssembly.dll+24BBFF5: 48 8B 74 24 38 - mov rsi,[rsp+38]
GameAssembly.dll+24BBFFA: 48 83 C4 20 - add rsp,20
GameAssembly.dll+24BBFFE: 5F - pop rdi
GameAssembly.dll+24BBFFF: E9 2C 70 60 FF - jmp PhotonObjectInteract.AddUseEvent
GameAssembly.dll+24BC004: E8 F7 DF CB FD - call GameAssembly.dll+17A000
GameAssembly.dll+24BC009: CC - int 3
GameAssembly.dll+24BC00A: CC - int 3
GameAssembly.dll+24BC00B: CC - int 3
GameAssembly.dll+24BC00C: CC - int 3
GameAssembly.dll+24BC00D: CC - int 3
GameAssembly.dll+24BC00E: CC - int 3
GameAssembly.dll+24BC00F: CC - int 3
// ---------- INJECTING HERE ----------
FuseBox.ChangeOnLights: 40 55 - push rbp
// ---------- DONE INJECTING ----------
GameAssembly.dll+24BC012: 48 83 EC 20 - sub rsp,20
GameAssembly.dll+24BC016: 48 8B E9 - mov rbp,rcx
GameAssembly.dll+24BC019: 45 33 C9 - xor r9d,r9d
GameAssembly.dll+24BC01C: 8B 89 80 00 00 00 - mov ecx,[rcx+00000080]
GameAssembly.dll+24BC022: 03 CA - add ecx,edx
GameAssembly.dll+24BC024: 33 D2 - xor edx,edx
GameAssembly.dll+24BC026: 44 8B 85 84 00 00 00 - mov r8d,[rbp+00000084]
GameAssembly.dll+24BC02D: 89 8D 80 00 00 00 - mov [rbp+00000080],ecx
GameAssembly.dll+24BC033: E8 C8 CF 18 FE - call UnityEngine.Mathf.Clamp
GameAssembly.dll+24BC038: 89 85 80 00 00 00 - mov [rbp+00000080],eax
GameAssembly.dll+24BC03E: 3B 85 84 00 00 00 - cmp eax,[rbp+00000084]
GameAssembly.dll+24BC044: 0F 8C F5 00 00 00 - jl GameAssembly.dll+24BC13F
GameAssembly.dll+24BC04A: 80 3D AD 25 5D 01 00 - cmp byte ptr [GameAssembly.dll+3A8E5FE],00
GameAssembly.dll+24BC051: 75 2B - jne GameAssembly.dll+24BC07E
GameAssembly.dll+24BC053: 48 8D 0D 86 4C 4A 01 - lea rcx,[GameAssembly.dll+3960CE0]
GameAssembly.dll+24BC05A: E8 31 DE CB FD - call GameAssembly.dll+179E90
GameAssembly.dll+24BC05F: 48 8D 0D 12 4D 4A 01 - lea rcx,[GameAssembly.dll+3960D78]
GameAssembly.dll+24BC066: E8 25 DE CB FD - call GameAssembly.dll+179E90
GameAssembly.dll+24BC06B: 48 8D 0D 0E 32 4D 01 - lea rcx,[GameAssembly.dll+398F280]
GameAssembly.dll+24BC072: E8 19 DE CB FD - call GameAssembly.dll+179E90
}
44192
"Power Status"
0:OFF
1:ON
0
FFFF00
Byte
_FuseBox
78
44193
"Amount of Enabled Switches (Freeze it to keep change)"
0
FFFF00
4 Bytes
_FuseBox
90
44194
"Max Number of Enabled Lights Before Power Goes Out"
0
FFFF00
4 Bytes
_FuseBox
94
44864
"Complete All Missions"
008000
Auto Assembler Script
[ENABLE]
aobscanregion(MissionsComplete,ObjectiveManager.GetCompletedObjectivesAmount,ObjectiveManager.GetCompletedObjectivesAmount+FD,0F B6 58 20 FF C6)
aobscanregion(GhostComplete,ExitLevel.CheckMissions,ExitLevel.CheckMissions+D0,3B 41 20 75 32)
alloc(newmem,128,MissionsComplete)
alloc(newmem,128,GhostComplete)
registersymbol(MissionsComplete GhostComplete)
label(return return1)
newmem:
mov byte ptr [rax+20],1
movzx ebx,byte ptr [rax+20]
inc esi
jmp return
newmem1:
mov rax,[rcx+20]
cmp eax,[rcx+20]
jne GameAssembly.dll+8C3C77
jmp return1
MissionsComplete:
jmp newmem
db 90 90
return:
GhostComplete:
jmp newmem1
return1:
[DISABLE]
MissionsComplete:
db 0F B6 58 20 FF C6
MissionsComplete:
db 3B 41 20 75 32
unregistersymbol(*)
dealloc(*)
{ old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+188F529
GameAssembly.dll+188F504: EB 8A - jmp GameAssembly.dll+188F490
GameAssembly.dll+188F506: 33 C9 - xor ecx,ecx
GameAssembly.dll+188F508: E8 B3 99 FC 00 - call LevelValues.get_Instance
GameAssembly.dll+188F50D: 0F B6 4B 24 - movzx ecx,byte ptr [rbx+24]
GameAssembly.dll+188F511: 48 85 C0 - test rax,rax
GameAssembly.dll+188F514: 0F 84 2D 01 00 00 - je GameAssembly.dll+188F647
GameAssembly.dll+188F51A: 88 48 29 - mov [rax+29],cl
GameAssembly.dll+188F51D: E9 6E FF FF FF - jmp GameAssembly.dll+188F490
GameAssembly.dll+188F522: 33 C9 - xor ecx,ecx
GameAssembly.dll+188F524: E8 97 99 FC 00 - call LevelValues.get_Instance
// ---------- INJECTING HERE ----------
GameAssembly.dll+188F529: 0F B6 4B 24 - movzx ecx,byte ptr [rbx+24]
// ---------- DONE INJECTING ----------
GameAssembly.dll+188F52D: 48 85 C0 - test rax,rax
GameAssembly.dll+188F530: 0F 84 16 01 00 00 - je GameAssembly.dll+188F64C
GameAssembly.dll+188F536: 88 48 28 - mov [rax+28],cl
GameAssembly.dll+188F539: E9 52 FF FF FF - jmp GameAssembly.dll+188F490
GameAssembly.dll+188F53E: C7 07 D3 00 00 00 - mov [rdi],000000D3
GameAssembly.dll+188F544: 48 8B 15 05 DE 34 02 - mov rdx,[GameAssembly.dll+3BDD350]
GameAssembly.dll+188F54B: 48 8D 4D 08 - lea rcx,[rbp+08]
GameAssembly.dll+188F54F: E8 4C 43 A5 FE - call ੯ੴ੭ੴ੪ੴ੪੫੪ੴ.ੲੲ੫੩੧ੳੳ੪
GameAssembly.dll+188F554: EB 1D - jmp GameAssembly.dll+188F573
GameAssembly.dll+188F556: 48 8B 15 F3 DD 34 02 - mov rdx,[GameAssembly.dll+3BDD350]
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+188F50D
GameAssembly.dll+188F4EB: EB A3 - jmp GameAssembly.dll+188F490
GameAssembly.dll+188F4ED: 33 C9 - xor ecx,ecx
GameAssembly.dll+188F4EF: E8 CC 99 FC 00 - call LevelValues.get_Instance
GameAssembly.dll+188F4F4: 0F B6 4B 24 - movzx ecx,byte ptr [rbx+24]
GameAssembly.dll+188F4F8: 48 85 C0 - test rax,rax
GameAssembly.dll+188F4FB: 0F 84 41 01 00 00 - je GameAssembly.dll+188F642
GameAssembly.dll+188F501: 88 48 2A - mov [rax+2A],cl
GameAssembly.dll+188F504: EB 8A - jmp GameAssembly.dll+188F490
GameAssembly.dll+188F506: 33 C9 - xor ecx,ecx
GameAssembly.dll+188F508: E8 B3 99 FC 00 - call LevelValues.get_Instance
// ---------- INJECTING HERE ----------
GameAssembly.dll+188F50D: 0F B6 4B 24 - movzx ecx,byte ptr [rbx+24]
// ---------- DONE INJECTING ----------
GameAssembly.dll+188F511: 48 85 C0 - test rax,rax
GameAssembly.dll+188F514: 0F 84 2D 01 00 00 - je GameAssembly.dll+188F647
GameAssembly.dll+188F51A: 88 48 29 - mov [rax+29],cl
GameAssembly.dll+188F51D: E9 6E FF FF FF - jmp GameAssembly.dll+188F490
GameAssembly.dll+188F522: 33 C9 - xor ecx,ecx
GameAssembly.dll+188F524: E8 97 99 FC 00 - call LevelValues.get_Instance
GameAssembly.dll+188F529: 0F B6 4B 24 - movzx ecx,byte ptr [rbx+24]
GameAssembly.dll+188F52D: 48 85 C0 - test rax,rax
GameAssembly.dll+188F530: 0F 84 16 01 00 00 - je GameAssembly.dll+188F64C
GameAssembly.dll+188F536: 88 48 28 - mov [rax+28],cl
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+188F4F4
GameAssembly.dll+188F4D2: 75 BC - jne GameAssembly.dll+188F490
GameAssembly.dll+188F4D4: 33 C9 - xor ecx,ecx
GameAssembly.dll+188F4D6: E8 E5 99 FC 00 - call LevelValues.get_Instance
GameAssembly.dll+188F4DB: 0F B6 4B 24 - movzx ecx,byte ptr [rbx+24]
GameAssembly.dll+188F4DF: 48 85 C0 - test rax,rax
GameAssembly.dll+188F4E2: 0F 84 54 01 00 00 - je GameAssembly.dll+188F63C
GameAssembly.dll+188F4E8: 88 48 2B - mov [rax+2B],cl
GameAssembly.dll+188F4EB: EB A3 - jmp GameAssembly.dll+188F490
GameAssembly.dll+188F4ED: 33 C9 - xor ecx,ecx
GameAssembly.dll+188F4EF: E8 CC 99 FC 00 - call LevelValues.get_Instance
// ---------- INJECTING HERE ----------
GameAssembly.dll+188F4F4: 0F B6 4B 24 - movzx ecx,byte ptr [rbx+24]
// ---------- DONE INJECTING ----------
GameAssembly.dll+188F4F8: 48 85 C0 - test rax,rax
GameAssembly.dll+188F4FB: 0F 84 41 01 00 00 - je GameAssembly.dll+188F642
GameAssembly.dll+188F501: 88 48 2A - mov [rax+2A],cl
GameAssembly.dll+188F504: EB 8A - jmp GameAssembly.dll+188F490
GameAssembly.dll+188F506: 33 C9 - xor ecx,ecx
GameAssembly.dll+188F508: E8 B3 99 FC 00 - call LevelValues.get_Instance
GameAssembly.dll+188F50D: 0F B6 4B 24 - movzx ecx,byte ptr [rbx+24]
GameAssembly.dll+188F511: 48 85 C0 - test rax,rax
GameAssembly.dll+188F514: 0F 84 2D 01 00 00 - je GameAssembly.dll+188F647
GameAssembly.dll+188F51A: 88 48 29 - mov [rax+29],cl
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+188F4DB
GameAssembly.dll+188F4C0: 75 CE - jne GameAssembly.dll+188F490
GameAssembly.dll+188F4C2: 8B 43 38 - mov eax,[rbx+38]
GameAssembly.dll+188F4C5: 83 F8 01 - cmp eax,01
GameAssembly.dll+188F4C8: 74 3C - je GameAssembly.dll+188F506
GameAssembly.dll+188F4CA: 83 F8 02 - cmp eax,02
GameAssembly.dll+188F4CD: 74 1E - je GameAssembly.dll+188F4ED
GameAssembly.dll+188F4CF: 83 F8 03 - cmp eax,03
GameAssembly.dll+188F4D2: 75 BC - jne GameAssembly.dll+188F490
GameAssembly.dll+188F4D4: 33 C9 - xor ecx,ecx
GameAssembly.dll+188F4D6: E8 E5 99 FC 00 - call LevelValues.get_Instance
// ---------- INJECTING HERE ----------
GameAssembly.dll+188F4DB: 0F B6 4B 24 - movzx ecx,byte ptr [rbx+24]
// ---------- DONE INJECTING ----------
GameAssembly.dll+188F4DF: 48 85 C0 - test rax,rax
GameAssembly.dll+188F4E2: 0F 84 54 01 00 00 - je GameAssembly.dll+188F63C
GameAssembly.dll+188F4E8: 88 48 2B - mov [rax+2B],cl
GameAssembly.dll+188F4EB: EB A3 - jmp GameAssembly.dll+188F490
GameAssembly.dll+188F4ED: 33 C9 - xor ecx,ecx
GameAssembly.dll+188F4EF: E8 CC 99 FC 00 - call LevelValues.get_Instance
GameAssembly.dll+188F4F4: 0F B6 4B 24 - movzx ecx,byte ptr [rbx+24]
GameAssembly.dll+188F4F8: 48 85 C0 - test rax,rax
GameAssembly.dll+188F4FB: 0F 84 41 01 00 00 - je GameAssembly.dll+188F642
GameAssembly.dll+188F501: 88 48 2A - mov [rax+2A],cl
}
{ GhostComplete 0.7.1
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+8C3C40
GameAssembly.dll+8C3C1F: 48 8B 91 B8 00 00 00 - mov rdx,[rcx+000000B8]
GameAssembly.dll+8C3C26: 48 8B 0A - mov rcx,[rdx]
GameAssembly.dll+8C3C29: 48 85 C9 - test rcx,rcx
GameAssembly.dll+8C3C2C: 74 4E - je GameAssembly.dll+8C3C7C
GameAssembly.dll+8C3C2E: 48 8B 49 38 - mov rcx,[rcx+38]
GameAssembly.dll+8C3C32: 48 85 C9 - test rcx,rcx
GameAssembly.dll+8C3C35: 74 45 - je GameAssembly.dll+8C3C7C
GameAssembly.dll+8C3C37: 48 8B 49 38 - mov rcx,[rcx+38]
GameAssembly.dll+8C3C3B: 48 85 C9 - test rcx,rcx
GameAssembly.dll+8C3C3E: 74 3C - je GameAssembly.dll+8C3C7C
// ---------- INJECTING HERE ----------
GameAssembly.dll+8C3C40: 3B 41 20 - cmp eax,[rcx+20]
// ---------- DONE INJECTING ----------
GameAssembly.dll+8C3C43: 75 32 - jne GameAssembly.dll+8C3C77
GameAssembly.dll+8C3C45: 48 8B 05 DC 63 04 04 - mov rax,[GameAssembly.dll+490A028]
GameAssembly.dll+8C3C4C: 48 8B 88 B8 00 00 00 - mov rcx,[rax+000000B8]
GameAssembly.dll+8C3C53: 48 8B 09 - mov rcx,[rcx]
GameAssembly.dll+8C3C56: 48 85 C9 - test rcx,rcx
GameAssembly.dll+8C3C59: 74 21 - je GameAssembly.dll+8C3C7C
GameAssembly.dll+8C3C5B: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+8C3C5E: 41 8D 50 05 - lea edx,[r8+05]
GameAssembly.dll+8C3C62: E8 C9 68 D8 FF - call ObjectiveManager.CompleteObjective
GameAssembly.dll+8C3C67: 33 C9 - xor ecx,ecx
}
{ MissionsComplete
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+64A860
GameAssembly.dll+64A83C: 48 85 C0 - test rax,rax
GameAssembly.dll+64A83F: 74 77 - je GameAssembly.dll+64A8B8
GameAssembly.dll+64A841: 48 8B 88 48 01 00 00 - mov rcx,[rax+00000148]
GameAssembly.dll+64A848: 48 85 C9 - test rcx,rcx
GameAssembly.dll+64A84B: 74 6B - je GameAssembly.dll+64A8B8
GameAssembly.dll+64A84D: 4C 8B 05 C4 F9 2A 04 - mov r8,[GameAssembly.dll+48FA218]
GameAssembly.dll+64A854: 8B D6 - mov edx,esi
GameAssembly.dll+64A856: E8 C5 BF 2B 02 - call GameAssembly.dll+2906820
GameAssembly.dll+64A85B: 48 85 C0 - test rax,rax
GameAssembly.dll+64A85E: 74 58 - je GameAssembly.dll+64A8B8
// ---------- INJECTING HERE ----------
GameAssembly.dll+64A860: 0F B6 58 20 - movzx ebx,byte ptr [rax+20]
// ---------- DONE INJECTING ----------
GameAssembly.dll+64A864: FF C6 - inc esi
GameAssembly.dll+64A866: 33 C9 - xor ecx,ecx
GameAssembly.dll+64A868: 8B EE - mov ebp,esi
GameAssembly.dll+64A86A: E8 31 2D F2 00 - call LevelValues.get_Instance
GameAssembly.dll+64A86F: 48 8B C8 - mov rcx,rax
GameAssembly.dll+64A872: 84 DB - test bl,bl
GameAssembly.dll+64A874: 8D 47 01 - lea eax,[rdi+01]
GameAssembly.dll+64A877: 0F 44 C7 - cmove eax,edi
GameAssembly.dll+64A87A: 8B F8 - mov edi,eax
GameAssembly.dll+64A87C: 48 85 C9 - test rcx,rcx
}
44301
"After Mission EXP Reward [ig]"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Version:
Date : 2021-09-20
Author : joeyc
This script does blah blah blah
}
define(address,ExitLevel.CheckExp+18A)
define(bytes,89 58 38 48 8B 5C 24 40)
[ENABLE]
assert(address,bytes)
alloc(newmem,$100,ExitLevel.CheckExp+18A)
alloc(set_exp,8)
registersymbol(set_exp)
label(return)
newmem:
mov rbx,[set_exp]
mov [rax+38],ebx
mov rbx,[rsp+40]
jmp return
set_exp:
dq 0
address:
jmp newmem
db 90
return:
[DISABLE]
address:
db bytes
unregistersymbol(*)
dealloc(*)
{ old
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1D32A2C
GameAssembly.dll+1D32A07: 8D 58 2B - lea ebx,[rax+2B]
GameAssembly.dll+1D32A0A: EB 0C - jmp GameAssembly.dll+1D32A18
GameAssembly.dll+1D32A0C: BB 23 00 00 00 - mov ebx,00000023
GameAssembly.dll+1D32A11: EB 05 - jmp GameAssembly.dll+1D32A18
GameAssembly.dll+1D32A13: BB 19 00 00 00 - mov ebx,00000019
GameAssembly.dll+1D32A18: 33 C9 - xor ecx,ecx
GameAssembly.dll+1D32A1A: E8 01 00 CF FF - call LevelValues.get_instance
GameAssembly.dll+1D32A1F: 48 85 C0 - test rax,rax
GameAssembly.dll+1D32A22: 0F 84 E7 00 00 00 - je GameAssembly.dll+1D32B0F
GameAssembly.dll+1D32A28: 80 78 29 00 - cmp byte ptr [rax+29],00
// ---------- INJECTING HERE ----------
GameAssembly.dll+1D32A2C: 8D 7B 14 - lea edi,[rbx+14]
// ---------- DONE INJECTING ----------
GameAssembly.dll+1D32A2F: 0F 44 FB - cmove edi,ebx
GameAssembly.dll+1D32A32: 33 C9 - xor ecx,ecx
GameAssembly.dll+1D32A34: E8 E7 FF CE FF - call LevelValues.get_instance
GameAssembly.dll+1D32A39: 48 85 C0 - test rax,rax
GameAssembly.dll+1D32A3C: 0F 84 CD 00 00 00 - je GameAssembly.dll+1D32B0F
GameAssembly.dll+1D32A42: 80 78 2A 00 - cmp byte ptr [rax+2A],00
GameAssembly.dll+1D32A46: 8D 77 14 - lea esi,[rdi+14]
GameAssembly.dll+1D32A49: 0F 44 F7 - cmove esi,edi
GameAssembly.dll+1D32A4C: 33 C9 - xor ecx,ecx
GameAssembly.dll+1D32A4E: E8 CD FF CE FF - call LevelValues.get_instance
}
{ new
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+1F73A7A
GameAssembly.dll+1F73A5D: 99 - cdq
GameAssembly.dll+1F73A5E: 2B C2 - sub eax,edx
GameAssembly.dll+1F73A60: D1 F8 - sar eax,1
GameAssembly.dll+1F73A62: 8B D8 - mov ebx,eax
GameAssembly.dll+1F73A64: 33 C9 - xor ecx,ecx
GameAssembly.dll+1F73A66: E8 25 CB 3C 00 - call LevelValues.get_Instance
GameAssembly.dll+1F73A6B: 48 85 C0 - test rax,rax
GameAssembly.dll+1F73A6E: 74 18 - je GameAssembly.dll+1F73A88
GameAssembly.dll+1F73A70: 48 8B 7C 24 38 - mov rdi,[rsp+38]
GameAssembly.dll+1F73A75: 48 8B 74 24 30 - mov rsi,[rsp+30]
// ---------- INJECTING HERE ----------
GameAssembly.dll+1F73A7A: 89 58 38 - mov [rax+38],ebx
// ---------- DONE INJECTING ----------
GameAssembly.dll+1F73A7D: 48 8B 5C 24 40 - mov rbx,[rsp+40]
GameAssembly.dll+1F73A82: 48 83 C4 20 - add rsp,20
GameAssembly.dll+1F73A86: 5D - pop rbp
GameAssembly.dll+1F73A87: C3 - ret
GameAssembly.dll+1F73A88: E8 53 06 21 FE - call GameAssembly.dll+1840E0
GameAssembly.dll+1F73A8D: CC - int 3
GameAssembly.dll+1F73A8E: CC - int 3
GameAssembly.dll+1F73A8F: CC - int 3
ExitLevel.CheckMissions: 48 89 5C 24 08 - mov [rsp+08],rbx
GameAssembly.dll+1F73A95: 48 89 74 24 18 - mov [rsp+18],rsi
}
1526
"Experience Gained"
0
FFFF00
4 Bytes
set_exp
1337094224
"Setup Phase Info V3 Not Tested Yet"
0080FF
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 2022-06-21
Author : Glowmoss
}
[ENABLE]
aobscanregion(SetupPhase,GhostController.Update,GhostController.Update+1B9,80 BB 9C 00 00 00 00)
alloc(newmem,128,SetupPhase)
alloc(SetupPhaseBase,8)
registersymbol(SetupPhase SetupPhaseBase)
label(return)
newmem:
mov [SetupPhaseBase],rbx
cmp byte ptr [rbx+9C],00
jmp return
SetupPhaseBase:
dq 0
SetupPhase:
jmp newmem
db 90 90
return:
[DISABLE]
SetupPhase:
db 80 BB 9C 00 00 00 00
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+2C7C999
GameAssembly.dll+2C7C959: CC - int 3
GameAssembly.dll+2C7C95A: CC - int 3
GameAssembly.dll+2C7C95B: CC - int 3
GameAssembly.dll+2C7C95C: CC - int 3
GameAssembly.dll+2C7C95D: CC - int 3
GameAssembly.dll+2C7C95E: CC - int 3
GameAssembly.dll+2C7C95F: CC - int 3
GhostController.Update: 40 53 - push rbx
GameAssembly.dll+2C7C962: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+2C7C966: 80 B9 9C 00 00 00 00 - cmp byte ptr [rcx+0000009C],00
GameAssembly.dll+2C7C96D: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+2C7C970: 0F 85 8A 00 00 00 - jne GameAssembly.dll+2C7CA00
GameAssembly.dll+2C7C976: 48 8B 41 70 - mov rax,[rcx+70]
GameAssembly.dll+2C7C97A: 48 85 C0 - test rax,rax
GameAssembly.dll+2C7C97D: 0F 84 BB 00 00 00 - je GameAssembly.dll+2C7CA3E
GameAssembly.dll+2C7C983: 80 B8 98 00 00 00 00 - cmp byte ptr [rax+00000098],00
GameAssembly.dll+2C7C98A: 74 74 - je GameAssembly.dll+2C7CA00
GameAssembly.dll+2C7C98C: 48 8B 41 78 - mov rax,[rcx+78]
GameAssembly.dll+2C7C990: 48 85 C0 - test rax,rax
GameAssembly.dll+2C7C993: 0F 84 A5 00 00 00 - je GameAssembly.dll+2C7CA3E
// ---------- INJECTING HERE ----------
GameAssembly.dll+2C7C999: 80 78 40 00 - cmp byte ptr [rax+40],00
// ---------- DONE INJECTING ----------
GameAssembly.dll+2C7C99D: 74 61 - je GameAssembly.dll+2C7CA00
GameAssembly.dll+2C7C99F: 8B 41 20 - mov eax,[rcx+20]
GameAssembly.dll+2C7C9A2: 0F 29 74 24 20 - movaps [rsp+20],xmm6
GameAssembly.dll+2C7C9A7: 83 F8 14 - cmp eax,14
GameAssembly.dll+2C7C9AA: 74 5A - je GameAssembly.dll+2C7CA06
GameAssembly.dll+2C7C9AC: 83 F8 17 - cmp eax,17
GameAssembly.dll+2C7C9AF: 75 4A - jne GameAssembly.dll+2C7C9FB
GameAssembly.dll+2C7C9B1: F3 0F 10 B1 A0 00 00 00 - movss xmm6,[rcx+000000A0]
GameAssembly.dll+2C7C9B9: 33 C9 - xor ecx,ecx
GameAssembly.dll+2C7C9BB: E8 50 C4 BC FD - call UnityEngine.Time.get_deltaTime
GameAssembly.dll+2C7C9C0: F3 0F 5C F0 - subss xmm6,xmm0
GameAssembly.dll+2C7C9C4: 0F 57 C0 - xorps xmm0,xmm0
GameAssembly.dll+2C7C9C7: 0F 2F C6 - comiss xmm0,xmm6
GameAssembly.dll+2C7C9CA: F3 0F 11 B3 A0 00 00 00 - movss [rbx+000000A0],xmm6
GameAssembly.dll+2C7C9D2: 76 27 - jna GameAssembly.dll+2C7C9FB
GameAssembly.dll+2C7C9D4: F3 0F 10 0D 7C 74 7B 00 - movss xmm1,[GameAssembly.dll+3433E58]
GameAssembly.dll+2C7C9DC: 45 33 C0 - xor r8d,r8d
GameAssembly.dll+2C7C9DF: F3 0F 10 05 31 8A 57 00 - movss xmm0,[GameAssembly.dll+31F5418]
GameAssembly.dll+2C7C9E7: E8 94 43 B4 FD - call UnityEngine.Random.Range
GameAssembly.dll+2C7C9EC: F3 0F 11 83 A0 00 00 00 - movss [rbx+000000A0],xmm0
}
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+14C32EC
GameAssembly.dll+14C32BF: CC - int 3
GhostController.Update: 40 53 - push rbx
GameAssembly.dll+14C32C2: 48 83 EC 30 - sub rsp,30
GameAssembly.dll+14C32C6: 80 3D F1 77 5F 03 00 - cmp byte ptr [GameAssembly.dll+4ABAABE],00
GameAssembly.dll+14C32CD: 48 8B D9 - mov rbx,rcx
GameAssembly.dll+14C32D0: 75 13 - jne GameAssembly.dll+14C32E5
GameAssembly.dll+14C32D2: 48 8D 0D 8F 60 44 03 - lea rcx,[GameAssembly.dll+4909368]
GameAssembly.dll+14C32D9: E8 E2 94 DC FE - call GameAssembly.mono_type_is_struct+73F0
GameAssembly.dll+14C32DE: C6 05 D9 77 5F 03 01 - mov byte ptr [GameAssembly.dll+4ABAABE],01
GameAssembly.dll+14C32E5: 80 BB 9C 00 00 00 00 - cmp byte ptr [rbx+0000009C],00
// ---------- INJECTING HERE ----------
GameAssembly.dll+14C32EC: 0F 29 74 24 20 - movaps [rsp+20],xmm6
// ---------- DONE INJECTING ----------
GameAssembly.dll+14C32F1: 0F 85 9A 00 00 00 - jne GameAssembly.dll+14C3391
GameAssembly.dll+14C32F7: 48 8B 43 78 - mov rax,[rbx+78]
GameAssembly.dll+14C32FB: 48 85 C0 - test rax,rax
GameAssembly.dll+14C32FE: 0F 84 70 01 00 00 - je GameAssembly.dll+14C3474
GameAssembly.dll+14C3304: 80 78 3C 00 - cmp byte ptr [rax+3C],00
GameAssembly.dll+14C3308: 0F 84 83 00 00 00 - je GameAssembly.dll+14C3391
GameAssembly.dll+14C330E: 83 7B 20 14 - cmp dword ptr [rbx+20],14
GameAssembly.dll+14C3312: 74 33 - je GameAssembly.dll+14C3347
GameAssembly.dll+14C3314: 83 7B 20 17 - cmp dword ptr [rbx+20],17
GameAssembly.dll+14C3318: 75 77 - jne GameAssembly.dll+14C3391
}
1337094225
"Minutes"
4294967295:TIME OUT
0
FFFF00
4 Bytes
SetupPhaseBase
3c
1337094226
"Seconds"
58.99583435:TIME OUT
58.99497604:TIME OUT
58.99306488:TIME OUT
58.99504471:TIME OUT
0
FFFF00
Float
SetupPhaseBase
38
1337094227
"Main Door Has Been Unlocked?"
0:NO
1:YES
0
FFFF00
4 Bytes
SetupPhaseBase
40
1337094228
"Is Setup Phase?"
0:NO
1:YES
0
FFFF00
4 Bytes
SetupPhaseBase
20
1337094281
"Complete Collectibles on collect"
008000
Auto Assembler Script
{ Game : Phasmophobia.exe
Date : 08-10-2022
Author : Glowmoss
}
[ENABLE]
aobscanregion(completecollectable,Collectable.CollectNetworked,Collectable.CollectNetworked+F5,8B 40 18 39 43 30)
alloc(newmem,128,completecollectable)
registersymbol(completecollectable)
label(code return)
newmem:
code:
mov eax,[rax+18]
mov [rbx+30],eax
cmp [rbx+30],eax
jmp return
completecollectable:
jmp newmem
db 90
return:
[DISABLE]
completecollectable:
db 8B 40 18 39 43 30
unregistersymbol(*)
dealloc(*)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+5D7489
GameAssembly.dll+5D7465: 48 85 DB - test rbx,rbx
GameAssembly.dll+5D7468: 74 46 - je GameAssembly.dll+5D74B0
GameAssembly.dll+5D746A: 48 8B 03 - mov rax,[rbx]
GameAssembly.dll+5D746D: 48 8B CB - mov rcx,rbx
GameAssembly.dll+5D7470: FF 43 30 - inc [rbx+30]
GameAssembly.dll+5D7473: 48 8B 90 D0 01 00 00 - mov rdx,[rax+000001D0]
GameAssembly.dll+5D747A: FF 90 C8 01 00 00 - call qword ptr [rax+000001C8]
GameAssembly.dll+5D7480: 48 8B 43 20 - mov rax,[rbx+20]
GameAssembly.dll+5D7484: 48 85 C0 - test rax,rax
GameAssembly.dll+5D7487: 74 27 - je GameAssembly.dll+5D74B0
// ---------- INJECTING HERE ----------
GameAssembly.dll+5D7489: 8B 40 18 - mov eax,[rax+18]
// ---------- DONE INJECTING ----------
GameAssembly.dll+5D748C: 39 43 30 - cmp [rbx+30],eax
GameAssembly.dll+5D748F: 75 19 - jne GameAssembly.dll+5D74AA
GameAssembly.dll+5D7491: 48 8B 03 - mov rax,[rbx]
GameAssembly.dll+5D7494: 48 8B CB - mov rcx,rbx
GameAssembly.dll+5D7497: 48 8B 90 F0 04 00 00 - mov rdx,[rax+000004F0]
GameAssembly.dll+5D749E: 48 83 C4 20 - add rsp,20
GameAssembly.dll+5D74A2: 5B - pop rbx
GameAssembly.dll+5D74A3: 48 FF A0 E8 04 00 00 - jmp qword ptr [rax+000004E8]
GameAssembly.dll+5D74AA: 48 83 C4 20 - add rsp,20
GameAssembly.dll+5D74AE: 5B - pop rbx
}
1337094304
"Open Game"
1BC7CB
Auto Assembler Script
{$lua}
if syntaxcheck then return end
[ENABLE]
if messageDialog( "Open " .. Gname .. " Now?", mtConfirmation, mbYes, mbNo ) == mrYes then
ShellExecute(Gpath)
end
D1S(memrec)
[DISABLE]
1337094305
"Attach to process"
1BC7CB
Auto Assembler Script
{$lua}
if syntaxcheck then return end
[ENABLE]
if openProcess(Gprocess) then
messageDialog("Successfully Attached to " .. Gname .. ".", mtInformation, mbOK)
end
if not getProcessIDFromProcessName(Gprocess) then
messageDialog(Gname .." Isn't Running\rPlease Open " .. Gname .. " And Try Again", mtError, mbOK)
end
D1S(memrec)
[DISABLE]
1337094306
"Night Mode"
1BC7CB
Auto Assembler Script
{$lua}
if syntaxcheck then return end
[ENABLE]
local al = getAddressList()
local bl = getMainForm()
local function setBackgroundColor()
if darkMode() == true then
al.Control[0].Color = 0x000000
bl.color= 0x000000
bl.Foundlist3.Color= 0x000000
al.CheckboxColor = 0xFF2222
al.CheckboxActiveColor =0xFF00FF
al.CheckboxSelectedColor =0xFF2222
al.CheckboxActiveSelectedColor =0xFF00FF
end
end
setBackgroundColor()
D1S(memrec)
[DISABLE]
1337094307
"Dark Mode"
1BC7CB
Auto Assembler Script
{$lua}
if syntaxcheck then return end
[ENABLE]
local al = getAddressList()
local bl = getMainForm()
local function setBackgroundColor()
if darkMode() == true then
al.Control[0].Color = 0x202020
bl.color= 0x202020
bl.Foundlist3.Color= 0x202020
al.CheckboxColor = 0xFFFFFF
al.CheckboxActiveColor =0x0000FF
al.CheckboxSelectedColor =0xFFFFFF
al.CheckboxActiveSelectedColor =0x0000FF
end
end
setBackgroundColor()
D1S(memrec)
[DISABLE]
44346
"Table Legend"
0000FF
1
67241
"Script to activate - working on current game version"
008000
1
69793
"Unstable Script - Currently not working properly or could crash your game"
0080FF
1
67242
"Deactivate All Scripts and more info"
0000FF
1
44449
"Everything with this color can be activated to expand it"
FF8000
1
44448
"Everything with this color can be edited"
FFFF00
1
1337094203
"Everything with this color can only be used or edited when you are host"
93CD32
1
69794
"Everything with this color is just for information - changing the value might not have any real impact"
D500D5
1
1337094218
"Everything with [ig] is a cheat that requires you to be in the match to work properly"
1
1337094308
"Deactivate All Scripts"
0000FF
Auto Assembler Script
{$lua}
if syntaxcheck then return end
[ENABLE]
local al = getAddressList()
for i = 0, al.Count - 1 do
if al[i].Type == vtAutoAssembler then al[i].Active = false end
end
D1S(memrec)
[DISABLE]
1337094187
"Credits"
B94939
Auto Assembler Script
{$lua}
if syntaxcheck then return end
[ENABLE]
messageDialog('Joeyc\rZephirot\rCoderbox1\rMortal991\rPappyG', mtInformation, mbOK)
D1S(memrec)
[DISABLE]
70241
"Joeyc"
4DD542
1
70242
"Zephirot"
4DD542
1
70243
"Coderbox1"
4DD542
1
70244
"Mortal991"
4DD542
1
70245
"PappyG"
4DD542
1
--If asked let the script run. I would recommend letting signed tables execute code
Gname="Phasmophobia"
Gpath="steam://rungameid/739630"
Gprocess="Phasmophobia.exe"
local MF=getMainForm()
getAutoAttachList().add(Gprocess)
MF.Caption=Gname .." CT"
getApplication().title=Gname .." CT"
if not getProcessIDFromProcessName(Gprocess) then
if messageDialog( "Open " .. Gname .. " Now?", mtConfirmation, mbYes, mbNo ) == mrYes then
ShellExecute(Gpath)
end
end
function D1S(memrec)
local t = createTimer()
t.Interval = 1
t.OnTimer = function(t1)
t1.destroy()
memrec.Active = false
end
end
function bid1()
if paexist then return end
local dds = createLabel(MF.Panel4)
dds.Caption="Build ID: 9676162 \r\nPatch Date: 7 October 2022"
dds.AnchorSideLeft.Control=MF.advancedbutton
dds.AnchorSideLeft.Side=asrRight
dds.AnchorSideTop.Side=MF.Panel4
dds.AnchorSideTop.Side=asrCenter
dds.Anchors="[akLeft, akTop]"
dds.BorderSpacing.Left=5
dds.ShowHint=true
dds.Hint="Click to Check Steamdb for Patch Information"
dds.OnClick = function()
shellExecute("https://steamdb.info/app/739630/patchnotes/") end
paexist = 1
end
function cycleFullCompact( sender, force )
local state = not( compactmenuitem.Caption == 'Small' )
if force ~= nil then
state = not force
end
compactmenuitem.Caption = state and 'Small' or 'Full'
MF.Splitter1.Visible = state
MF.Panel5.Visible = state
MF.advancedbutton.Visible = state
MF.CommentButton.Visible = state
AddressList.Header.Visible = state
end
function addCompactMenu()
if compactmenualreadyexists then return end
local parent = MF.Menu.Items
compactmenuitem = createMenuItem( parent )
parent.add( compactmenuitem )
compactmenuitem.Caption = 'Small'
compactmenuitem.OnClick = cycleFullCompact
compactmenualreadyexists = 'yes'
end
bid1()
addCompactMenu()
cycleFullCompact( nil, True )
local d = createTimer()
d.Interval = 1500
d.OnTimer = function(d1)
if getProcessIDFromProcessName(Gprocess) then
d1.destroy()
messageDialog("Successfully Attached to " .. Gname .. ".", mtInformation, mbOK)
end
end
updater=decodeFunction('c-nnb,in_07?iGN,qL2pskxzuYT7y_#;7?aNP/)VK6@tNC5]PS*U.@q8GAR]-En7TV[OxHeG;^=as{61?EDGeTq*u*?(Y[TncYnwh;DTy_9qPH^^8T:i*-M6pJLHFQ5b:d$lxjX:PdSf8qgGT#{}t8[2-F_Tn;:Y2vkQCFrEO#1Ffa;cPDeBQ.-LL/jz2Ttbq$K)taHQfYk3Uh;fO]JP2t85Fd^}IA55[k7qz!Rk,9j?E[aRH5)^@3svt.=sv[jkqJ1Rf,9Gd6u/LnuJk(POW)i4[lGGcgV4AP(cWE^(%yLZpXMsBed?*HDnL66fr=fIr{-+Sb!Vods=vo$UYi0Pgz_dO-(mgspXoE6^$nr#aW)sUzx=c-KOe![E_pu3q{-trhLzCRe=0%SA!Scw)rJ$Ssjevvx8){T,e_q,GSy}wx?*n%(4fr74T_Mb9k)nh)l$1o@qzr+(3XoFnHc$o@i#?)$)*oNNO*5,$F+CO!.p/-,kkL@B.mYGZN]V3wizei5Nc6L.Vsoqo*Aujcx)y?KT]6J?3-(!6@11$,T83)l@jNjoDx$C7]xs9jJQ35C0(NM,g!CuuP1/WTcXOD,tVo}lxrHCy[Ru4vu9B)C^n^CX).MvBEe7yI_K!dDx*b7b7f#:4uzp2vlzeq[7a;_U97,x@/j@}[fKTrl]Jm:wN*,-!!@I@^M,BOAmUZra]CsZsM$ec:tw,h8=:4wwc#L6rOO;e9TJPiqRq17[4C}0gDP2}rX#fCI(E*]#ry3gXF2U:Sz}q0SUh-ke6X..?p5.(pVgWE:*piwHU;=ZEF^+BN+Ph2r1qfsJiBMDOS)G9kp05.5-paPRezD),t{UH2}8Xxz1,65##,[h*XTl$#.2x!xMmoQFYhH2ymQ/rCbB$@4;#=VPnyRo$tQ:e,-C*e+D@#tiSHap^Mlf$dDzHwYYn,j!+0I3k]!C[7C--?NmkaauS^pj;26lb]f7PS@(,8nN:KdhiK[t?6W+^0S+)pMBvBRxZ)BEQ$}[{OGUdbiMA??wIneAnzJpS9uC7L2Iuj{,XTu.=VNn4wl}+n(*bqxcpt0!HeV0t{[l3]_K73fTO!YE53I,?+grbJuBT[FnWG+5maU^YDNo44oO$q001!;%,B?/h$3m57J/tjiRj2zkz?D)kwzGE;:Q},^VAKtQMkvScctF]g*e#36/Zo]-]sAZK0wCzedzkjv4!PfrIs(eXMTcj:3tB]4OS=yozn/}}{RNxcp2l+e19kt;W#%)xTQ}F=lWq7k/TGYWd*xf+XUjvQCAO')
updater()
0rYZZa,8O]Xp+X:Y}]69ZJ04o(EM_Acm38d1ascQ6x.?]edWO,A9O[1B+jpy288LT.xNYw-B:tZx0rA^7OnwVTFom9dB$YhdVz+K6/EJESLF8Z/VWXqI%2)+$j!5Ny}?Zn;PI$loIOWS!l)Fj$QC2+U#XzWuVf9A[D6vR
00000i}s?vMMG0HLI3}(0G/oEODp1JW.!.qISM+!]Cgz#tau+/R{aAtZ_u0rQh(i98YyVxbCLbN)4O.sM#bYf/5R^ChGn3uw%l.0l5PP+-z_4=,wptxmG_b}0efehYi+/F)+a:If#!u+2E-pi;%XzVXf]2e/AHr8GQCCD[din%6*8==Dn;S0EVKhW25lJt0EtjeM-2*Z3IG5A4M_8uQUCw_?Bjb,FbDzw005xhU}vEd00VPENmK_32.1RL-}a#sUwTwnbW(k:AaHVTW?(6=Aar=fWgtONP%!]i2$_zbPt8j$%1l-$D9TUE%t[?@00UzaE*z::OQS;s0_N@K2rx7-Fg65_MnJYXR4CB@1):wdr2)P2S,bcah_dK8Pr4Oo8!gz3000:eNkl/Zc%1EhU2,@plBWMeL{peMK!6e^[1[q?Yuo#;wgC461fTbT.0XksK-39HouJ7RG/5/3CurgX0v;n9R;aJ7OWhJFRH1)IC(JzLA.H={Di8z-O5HtEpTS[2S;ctD9$$EPxJP6nEV0BDaO1!JcOXP!H3c,N@=[GD]iMGtQ]HtND,(s{J^;guVQM0h09ZXJK;z@Qv8fqY2mukP$W+l(j:cBm95Sk?ssaKc03x9]AV5Px06:y]EU8g7$Bw+ne]9=t?edAB@UOZW48Xw9034-cu2eFn%!RxFfJgz2$Uvjk/I/uy:Rp-jJ#$P,;V{zPRf^U9fphE[5Wxsg(/qI4J3uF+V8HCivk_L]CItXuBBCXsm$)u[p8328Aw%cP*Bq(L6pcuI2pl^i8!8b3Vlycx!:WSg(Pj_2pdw7/oo^84$V4P1s.N#IV]RtVoXgm.10qo_0_PTc%yZ^LY8n#-5kw=g5[+ZNA;.*R#gtG*Opz$hatscM08B+@B;+,Gx}eDRF^(A8lBA,UM8s(2:bng}x-RR,Id5vDsxf+ZPp*cWYU/D[LNE7O:8aRT4TOl184w8[B7qSYE)yKF*nFE5l[U]_h]NyZ-U?gZV;B@HLT2bFmSq}Aq6z_lfhJM2EO/gh6HAQ_YOFmfktifa(,V5cgw_BCj;,XkabpbuV[8XRz$C={s$d2NYKEpuLN9S8G/B[Lh]/DZ2%sq=L^n8nL.yx*/l+U9CSyhf1VkeuF!Mx!pc,L]#GLmb1O$k6O@k?#Gz{4WLf0$mNok@4-bt{R:Ny6nnj{q.RLs/r6kti^C9Z?NOLhSr5it@{Xsk:JOho[ynb/kdgd(Ix2!Q5.XX3Ni1tA)bBJW*%E4oEt2$E6}X/^NG*g*rM=/MBRNxwT937Dh:0HB5/Y#.yz%7$P_LN9SuD54mks4yTBsYEGNBq1SZMXc+(5MvTCb^sOFg$xi4G%!2nK-BAYi!Ai:.*C@-s%biT]16aGO/f}W9h+s6YKq=Za(%fxCXfY?gocPfNX]:gY9cfsT;8+UTn)y/NPwuSj)}]fP-2R*4uRPffCy%ys$ktB?AX!gh;09y5warqUY2!:te5+v)FvJXNgu6W][0W8^lNeLei*qo]Nc@YBO!SX%(u5jttOMyG@pyBjhK/qYEXcm(gIzI,1cIQZ9i^pY.10Be){W?j},exi7vOq-wGn4DnNw9,3E]WpsFw[MIs]Sb4bYEXL,XHhY,0i-8@%S3,LC0PB,hbMPPPW:0fHiJG5j.3-4F55R;FtrlNm78I(/10RygncoX{BrkrS11=P-hN;Vq1s0crqg,4w$zI+rXPxRwU^QZE5(43X?k-Khz(THL)bL/:fSWFlQOeH2^20(3U08qn{f/wnh%z$7;A!MB+7fID+k_q(M!DO{9,xQhv;Sl6M7g:U82?twK-b[]+EQzWh5gOoS!ggC+Tie@*,uPf%p]HC_e{5kU[V*IkJbCidsB4M8clh9mnHXK3u?6KJ13IMWSYw?1LW2Yl;jn?[1p#78U;co@F=#P}jLgo:96M%?#Cbs=R!(MVKuIfk[VM-gmxDoA:@0u%7@I^rHkvfml{Q3ZP!m/Xn9%p^-^0Ncog=uqrZ#v/:;N1J3L-JpLRG}?ofST0h41vVC+yv9aykHzR7X%DB30F-K#;R$AV}s@B50/PIK?}YGPCoZ5LG3L5.39%CL(5@c^leNH,2oB0H7)wSQ^EEsT#e]/:EQVdh,DS1yr8J.o.#WPcHEv4.-;orWBhvJPla@c?GTP1:Sd/2r(g$R8oRO0{;?uA#^Mq%qb:YAOtW*lksSfWf{WCr8GGmikhj4nu1kz!^mgJvOK9GBZFfA@MO;%qz#+ho_jnJ,1Yve@y%eqso)FvKm9E64,dfaG:n6^0DwkdR#*X?G[I=OW0!TilkrHCI06C]Nq[.7kcgQ8G0$]7To![As-r-h5Q0cFNCrtnlK;DgGlV:!lHpL2As8khc3Iv+)-?/v+kai3TsA+]^CIC}?9@,(%H55Pjg5[s+0,B4=Ac{R^P[6zin=3k=,_rUCuzWx5FI/moJ5.g$EFTho({%xR/hIKX-Zi*XYWFub(Dc+UXuWls-:]da7mk^iOxCayh%jTHi9Ba6ewz/.LNe5sFFZUYk]!E+ttMRjjF1l^(m:HdwYA1%=AeuySuxKTs%HLK0ZFaB$cNk?20XP^,@,!MkMA8fJCCIs3fUtHq1Jmvj5{h@XGYy].aj,Gb3P3iXfR_Kmw$cB4EzUW.GKsV-yh*RWk*Mo;b,Flar8lqjyOZh+S)DNlZwpfQkqP00=tyIsWj6Kg:E.9UX0NZ}vUyS;hiKOfE0F=6_5+5ve9aFhDRwG:uWTAJgd6nu=ix?BlU#3/iS%AQg@[EUflA+YfPzXxQx)WmT/STXoJOf,[]H5T?a1EF!T/.8IMa0EkXiOvTiQ5KL7R0NAt55[(P}v9q(tm0LYJI:bYva)cP#=d]3tt:qS6w]UFx4h_0wpFDYT=i6!tYwPQ.zn)p[zrTNOo!8dZPEJl^(miKtbuhEp!{ay]e!t%aE=X}aZEfxL=b{oF-QC?tot/g4:jiC??bGYNZ+OmJZ{#f/?893v-k#pq^^H@q.o,l4k1jd:cw5aZVry$[cXxMVV]DBku*n^5e0.pOw_DMfdl?NJ?u6@eCPu,$DJ4S6vMkm}K=yNrxgt1p(bi?e+fe8AVxm!FgQ5IzLJsl9wbfsLc;Vjqa9Do;fO,uU.CsDZQDk0C5fM4Y:*2uX*v!_^Qe.E{GgT8cH3bj?!;Q8en+8zO$M@5wzl@e8hrPYMSw-Bsb=bH7f8#WCe{Dh{^rihf%N,mUHB8.!-kuwLTBgnwo9iJ+M?L(+TZ]vg?tvKW-}ayiudDFU)b3M%PQTxO]0)N9pMU/kVqbpw/-;.$U-vCsK^K/MYluah,t!zqy8hq)%j(fo#kF-c@LePsiimvhnt,%[_9UL[fq.R{vLYLg#-?=T(?9Dxef3(ZSL3qW[^A?N]_DqQ@QZ5Q_MV;(Ah{,+mqd^87i,7lz3z8Ep8V4XAC2nzn@:-[F6$[ORt+5QS$7ptiy%gA/reSfXG;G;=d]oWsB-u2-RIArFIwNnj}}ySX);2_MZt3o]JC,3${ZC7+_TRCuo)b0H#eU?e_}auasitG.K73j)+++HxQb=GtNO.2=YTF2X);{MX75{EK+Y_{q-q$!vG+(hO3+H;1B2i@5iw#n;u(t:SHJ!BZ#F+urT3wicYgWtN5A?T=fSKqqUgpX/8o3Id2sGzIBJp/S=)ZJlMyllGlq/[jPi[v:ir!GRV9kqD=-m^/ml,::b6J?MsZU-efo5,p0gu,i+ud,#gpe2n/MlzTeN7*-@!J]7[S:!uc)/8j},dmdMOuR(fj/_DJF7]fsq4.EYI[zbpir:CJIH4%.X#bc..W,[}65{YrVXid1t8@O-{1rd,$RC![)7l7Jhy6gY^nTH#a{LzS6bS@fLF,hwFym90%lVrI%EJ+btBj9U}$T8G?Nv5:rrl(}q+H@Q1,dJb5ywxUatY;ej7Wh:[:H=%Zip;$7/J@y%8#,VpVI@IK%/V#Xc-KK:C5#rn,3(UNX/nj9S,-Me:WU+XQ3I_l}]i?(,Qzklb;owm(S]uZ1Nd?*yGb8}ZJV]J^+*iu+%ZhV-nFe2W%b=dXwK07!#m?^5*C1n7Tq5+Ko$$3MRl,28n%#1=jeU:3eNGg(se+D4u$7]!M+H=ad@G2TMqq20*Wm%{Is.:Yu;RKT4gloOt$Lni1uB}40uH?durWUZ5u]*AAQBxx,N^o[^B^5MDZ95XddBgP2K/Mr5=KxIGe+AcMcXxW{XV0GP=CgB=*mL,Zb57?,+Rg2TUKgmDJ3q)!McY4%gM*+ut+zNIZEfd?wUg9ouj{^wj},ex=6c42ip;%FeQ9RyXTSXN%ek9sr/L2:,p_N@,e)SZc-WuxPwKiZo4Sb(fO,QywQMG{L?IJoQ/2GJa)X%{N8=WJSMnnBVKS-9Dlr8!Q]MAYZKe1hzy0lv[4OO.Yu8s-udl8aS!iODIUkvStV@c=rq/M2Pb5}-*Y3GPqKT3k84v)0[UxYlb3@UX)b2hs?1l!2XFuNPbxeQZ-o1Ml6q]Gon=lU;?N:UR^eFMZa4uqT-OHRod0)2DYt}D}tlmLNQk/N:9G__Z$ETWVA[TNp*m2%FMDQ#k%oIfj!{0039F=]2iRh?V4bRr:8ITzw@39tc^L=Rgabs:$!_T[x.LCDSH[i3cl@0cMilAmHph-2E7=[%:nkpm%J?cW?ok)4bt+tHlYrNGYa(2vG(Xis-+/T!^XUTW5+U=7V,RuA=d$U$.uBm1Z4-O9ID0_8H,FWH]HxD]2Ihj]YeQ9Q^6K-y99v(XPk*UraWdH}(QJY#+Oihzg*5JP8F,/AO7uVJ)(kcbP%NR#xIjowhX-4IERMy=zO1H;!7mB//gsQB}fE_m.cs%@EfAZt$P!#eaA4@0.05df,MNt4fbA!O);]!U(9$.bIdE.%vTP6Y+yU,zm$2Xd@Ij;^3QKv1?a%k3@(pEHNG/shVp4aK+g6^EtHS@[^U)OzGZf-t)]n0t@7g)^klEPO^G-{rvnVN{.CIDl041_E44=jfbi4c$+k-DiTP5s?Ale%g8^lV$!u-[m2]On]}b@XJOm+0Q=LyXPopnr1GADoWHb.-d@nx;Mogdi}=J0!:1%uIwx3]l2y@Yr?.Hv6rx]1:;M?f*q/T*W:BeS11=PRHez%5)n7l:@f2#;Ecwd(lezzF+BeeE9I))ctsXKmYpculM%$(TZ)olR[k-Gq:GEP00*lkPy),L^daVVzSnj5+p%gQjVLLREOiq%fXM_zWmF-fB+gQci*CQ9{G=hgJDcs#ngx-MMu70HRBku=K#ecEcYQW]Bxk@e3gPAIM0yGa@mkFhlhtpM?O=}rUae!H]**gO+OUOvqS1*Z2PCiPdWwP-rk/GxKrG^d-v/FzdqNcxx5rJJLe2Qk{xxvnFs;]KuW2R1Vro?nT-I5%uF:ZF*0FhAF;RYudT1$xOsDZ^d%X/QIT;oDXS^B%j{p;Qu=,k!OT=60Lf97L()fIBQ]]60YC!,#4]($M,i7=(M{9{On]nioNIcgG?XsX(6?M6n:xyl_Kn^_c:,)*ty^MiqarOHJa{+{r!Ohh;8)1SfdM/{6dmt95V3Q[OhgFiog.EYi}vYz22nvBappr7oa0VW5MXTT#@jGb^H2VsN-;#:ftU)flLrY_]#eZfWN/[dkN@.g,jKD#vvY*W7KdIOWPkU(-?U5;(,t_?^+7MyEEb29ITp=lde#kHr2g94,B9I-F2:ZgO?0PkQ8O)L4-a;Dch{d}($YV]9y}a:u]VOkUAgYF0zf.RUZ:Yf?:jKC$T;n{W,vhg,O4u]Mnps_DwK6/8mX$fZfftnsgBEXSXB,t7[F4pND=q*?3MS67(,(e0}i=q0Gf!Yp),9xAhTn}NQBI1gg$o}bj7+RTxwvpVHPJk7tEs/zgiSOK0cluWLknwqq)yr=*Uq%UPrs6dwTdcG0zvLims?cS,r_Q5OI.97YxW3OSzEcy.YZYvaBFv077DBCMHw!fFT6u,@_1LF;(x5LQ}g,^@?XVIv$MzQ!md5=8o77G%ip2rzfYQaUFr3%ZiY9n]r$%ep_gbaqIvX3^*ki1W}k)A[B.Sq:ZUnfHbZ2qVM=m:bvA3!QCuo3B70qFBlN!2E?gfT8lZ.J6rR*W{anjyOQqQuda=uj#0C7te-,N:L#-^^N7Q?akjF$@5MruJQ,[=ObAGXh@VGMgd*pNUcMZjoRFHSsVV_E20%r$m6cxMoQeeY9T(;c[}j2TlM!bf:kq$n7cYK5z_o77aeqK)4{er^Vv4l[AOHd:wA-)eXrgJw=%%)@:t*0*]t.*EVDF5?^(Oyw9zA,Am$-i2xG@U[t?h%DW}qPo=%gS(FHeX_.?yHp=[D$J..lAkTp(fvS)X+uo]8*.Ba4a26F80P$RWGu-,c3zKmG_3B+heC6C3Az2pIsbt+,i(ySCCPs,fvA(,}9=rI(=)NCqgXWm$;^02o+}9BUmBxy]Mp2^:VULxVOtt.safY}^_i#{6JnFtdjbAI;)/,S:L]S1(F0lTSbW@x3m#Q,jP_Y(=1LWG=%*zrX+wnA+8s2b_XibCcj^$qUT$C2j3^2?SnR%@V(cwhcE_vF,^cIrh*C:G#gkpkp;uNeKXfC=!z@Q2e,5@DjR/KjxIs%uFOTs0IK8ocZEfccl{2S)o4U2PdPlY?(C)va-@_Se9j7RThQFnHh,nNHrX%Dpr%S8BI[D5skpwfSmy)vt)_rexH2u$?AyW7q$H0!Gi{69xR?JXY}91d-v_mEswl=]{W,z/yjmY99--I=d_O=u0uMv16.mji%Z)tOBTC$p7+^qv$eIgxw+Nyxp_p{o8J4_O8w9OeOFXWRbm1)?B_2:fChj0+MBchht7GEgkS)?DJg+CjJ.z-28=x8Rn[^n70:!y5*%?qvYJdLCIX/I(Q]sfDI{:_r:jRHb(Z61w,O2ML:vNlwrL%jt76OP3v#pX5qo:kbL%TE!2bUJ8}1{Pn%LLH78kku-u.aW?W$1r==p4050A]V;usf*rczZ(B1woS(x6l:IXwOLn^UeDfC/(W,PsGusJ2fQMJ8r8GedOjR+JlvXXqJ2sGB$]%c=A6Q/)@u,F4o}08u5yrea4L/LIP,?}7_0lfKrK#m3aEO={Vd]1p8xd.8wKdy6jh1$ej7c5iR+lTSW+V?Uh6(px{%@z[[=;gSeRoO{Ju+{+sB;YBL;HII(t=%cUEd,%;6C9#Q3T}=)5@scRBozBaD]^Vcj@3O6jVNf+%RkL:ll(UHNNQ@3yF*;0,aa5I}x+jzRg]#TG$.pXGVgLke+D#s2e]aO=CMl)qfC-Q@NjVr,!-,IP:z^OO[Q@??#/-1+jh(sHt+xz%jg8qbT$]#mK0ZEtg+R(9bvQmgZZFaPzj%M%8=nE=Kf5a9f^M,Re78x]9NsEs^6/[,GtZtq]^Ii*,CckU2)^hR]0UxU#k,o6sVG9RNil+!Jsf{k(.Pgo=RSnD2sI?]0z?-2H3dUNA}F#,$h-rv.doNT*CpNq8.;Wd,Us/J:ccOF3:vheeH^@.IUWY8dgeDPDkxb}H]qktI*u+odqtO6.+$8*_GMR}q8=Sv;8Lp!LQ2MTMm$qOL{UX}Nesq{09fSN;dMO6%Bp87tMRyMy4^YdGCS^GEX$-=mSu^GiTdO5sELjli}vy02oZ?C(.URZA^)@NUjhJIJ_B9CE1@CamUTZSK}+AFhiC!?27rWMXeNMwfQD!W%,(4n?}m+_kkDn[*zCpSRS}hK)U;I0MnsU%%$k%CQOyv/fB,BxKot:b$%xp%ti9gy3I0o58O:DFs-XdbLHk@N1]sqeKtM2SH^zQC05Kx@.5%6cM2e@.O%oB35L68.nPP0BniA2Zu97Me8:Sp+v*w*jh?eKOim0!Ak?jy%:q0WOH3Cvq1wlYS5C8-O0K(6=TWeNL%=OAn#h4?[fSHLZ65+?YW_n2yG=gKMAp,J;45=,Tf(mcXSsuj?)2UxS?,u1Q_95;avBbMURm;C,5zhF[godq.](aBTGZA6ulE{Djk_bz)jG$(sOidCbr$7dTh:3UNtVgJxh3yQ$(:g+UJld-RzKVe=U5,KL1[Mi*5DBq.n}D*Jf+61T610y510+CMGi5=m8.;Ul:)9jXF:;pAsF,!bjjEy^d#+u}3L;?;OhZIa0K(5Y06,y+6(TPETRXla@b%J=yHBJwlZZGIFm4=KB0F:Wk(q0bea^epsE}+xNJ+1ON;M}otj(x$Ap5$F,yR^JT20darXsXE2@pu{dApzkU]gmDu86Z2Y[/X8SJSg.V$T4q4N]!anP,ZaxoL;w$s__x;]XP+@_%}0O?oNeIpWYXu[]M-HN_#9XljT=sA[0t3I,(BZ0!?%,wQY]t:ke.hnW!)0+FQcR8s/Dq.?{*nt[TLC[o-Un/X)ZGi[qK(8mHsmOAI!wRJ!!Dx(i00*PmBKxhca$N+plgxdC.X+U9Z^_6ir75O?=i$DMX002ovPDHLkV1k4I0003Q^U)ocS*@lwnjVm5RW7ksj^0nRYAT9DVC1QdqQa1SKo5]Y%ai1horCx[tZ*iF*o{k_(E,o16tS.(-gX_%0agTf64FG)rhg}h7}{Gqj/?PD.y$_^Ho(,}-Naf}X5S!Jz^!@Y.J;XgUHC$.])L+c2-Pw%6*-Oks{HEY(mj