Re: Phasmophobia
Posted: Mon Apr 26, 2021 4:20 pm
Guys, are there any scripts for the current version of phasmorphobia? now version like 0.27.2. is it possible to wind up money and experience?
Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/
Address will change all the time after a game update so it's normalFrankySahwit wrote: ↑Mon May 10, 2021 9:57 pmPlayers info, being a feature I was most expecting (since the old one would always bug out and show me info for a different player), is ironically the one that doesn't work on current Beta for me. It says "error in line 13... The bytes at "GameAssembly.dll" + 1415CA7 are not what was expected".
Code: Select all
{ Game : Phasmophobia
Version:
Date : 2021-04-09
Author : Coderbox1
Mono : Assembly-CSharp.dll -> GameController:GetAveragePlayerInsanity()
}
define(address,"GameController.GetAveragePlayerInsanity"+D7)
define(bytes,F3 0F 58 70 28)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000,"GameController.GetAveragePlayerInsanity"+D7)
label(code)
label(return)
label(sort)
label(put1)
label(put2)
label(put3)
label(put4)
label(P1)
label(P2)
label(P3)
label(P4)
registersymbol(P1)
registersymbol(P2)
registersymbol(P3)
registersymbol(P4)
globalalloc(P1,8)
globalalloc(P2,8)
globalalloc(P3,8)
globalalloc(P4,8)
newmem:
jmp sort
P1:
dq 0
P2:
dq 0
P3:
dq 0
P4:
dq 0
sort:
cmp rsi,0
je put1
cmp rsi,1
je put2
cmp rsi,2
je put3
cmp rsi,3
je put4
put1:
mov [P1],rax
jmp code
put2:
mov [P2],rax
jmp code
put3:
mov [P3],rax
jmp code
put4:
mov [P4],rax
jmp code
code:
addss xmm6,[rax+28]
jmp return
address:
jmp newmem
return:
[DISABLE]
unregistersymbol(P1)
unregistersymbol(P2)
unregistersymbol(P3)
unregistersymbol(P4)
address:
db bytes
// addss xmm6,[rax+28]
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll.il2cpp+112EBC7
GameAssembly.dll.il2cpp+112EBA6: 8B D7 - mov edx,edi
GameAssembly.dll.il2cpp+112EBA8: E8 83 92 C6 FE - call GameAssembly.il2cpp_custom_attrs_free+2740
GameAssembly.dll.il2cpp+112EBAD: 48 85 C0 - test rax,rax
GameAssembly.dll.il2cpp+112EBB0: 74 70 - je GameAssembly.dll.il2cpp+112EC22
GameAssembly.dll.il2cpp+112EBB2: 48 8B 40 10 - mov rax,[rax+10]
GameAssembly.dll.il2cpp+112EBB6: 48 85 C0 - test rax,rax
GameAssembly.dll.il2cpp+112EBB9: 74 67 - je GameAssembly.dll.il2cpp+112EC22
GameAssembly.dll.il2cpp+112EBBB: 48 8B 80 C0 00 00 00 - mov rax,[rax+000000C0]
GameAssembly.dll.il2cpp+112EBC2: 48 85 C0 - test rax,rax
GameAssembly.dll.il2cpp+112EBC5: 74 5B - je GameAssembly.dll.il2cpp+112EC22
// ---------- INJECTING HERE ----------
GameAssembly.dll.il2cpp+112EBC7: F3 0F 58 70 28 - addss xmm6,[rax+28]
// ==> "GameAssembly.dll"+139CBC7
// ---------- DONE INJECTING ----------
GameAssembly.dll.il2cpp+112EBCC: FF C6 - inc esi
GameAssembly.dll.il2cpp+112EBCE: 48 8B 45 48 - mov rax,[rbp+48]
GameAssembly.dll.il2cpp+112EBD2: FF C7 - inc edi
GameAssembly.dll.il2cpp+112EBD4: 49 83 C6 08 - add r14,08
GameAssembly.dll.il2cpp+112EBD8: 8B CF - mov ecx,edi
GameAssembly.dll.il2cpp+112EBDA: 48 8B D8 - mov rbx,rax
GameAssembly.dll.il2cpp+112EBDD: 48 85 C0 - test rax,rax
GameAssembly.dll.il2cpp+112EBE0: 74 40 - je GameAssembly.dll.il2cpp+112EC22
GameAssembly.dll.il2cpp+112EBE2: E9 69 FF FF FF - jmp GameAssembly.dll.il2cpp+112EB50
GameAssembly.dll.il2cpp+112EBE7: 85 F6 - test esi,esi
}
Code: Select all
{ Game : Phasmophobia
Version:
Date : 2021-04-09
Author : Coderbox1
Mono : Assembly-CSharp.dll -> GameController:GetAveragePlayerInsanity()
}
[ENABLE]
aobscanregion(PInfo, GameController.GetAveragePlayerInsanity, GameController.GetAveragePlayerInsanity+500, F3 0F 58 70 28) // should be unique
alloc(newmem,$1000,PInfo)
label(code)
label(return)
label(sort)
label(put1)
label(put2)
label(put3)
label(put4)
label(P1)
label(P2)
label(P3)
label(P4)
registersymbol(P1)
registersymbol(P2)
registersymbol(P3)
registersymbol(P4)
globalalloc(P1,8)
globalalloc(P2,8)
globalalloc(P3,8)
globalalloc(P4,8)
newmem:
jmp sort
P1:
dq 0
P2:
dq 0
P3:
dq 0
P4:
dq 0
sort:
cmp rsi,0
je put1
cmp rsi,1
je put2
cmp rsi,2
je put3
cmp rsi,3
je put4
put1:
mov [P1],rax
jmp code
put2:
mov [P2],rax
jmp code
put3:
mov [P3],rax
jmp code
put4:
mov [P4],rax
jmp code
code:
addss xmm6,[rax+28]
jmp return
PInfo:
jmp newmem
return:
[DISABLE]
unregistersymbol(P1)
unregistersymbol(P2)
unregistersymbol(P3)
unregistersymbol(P4)
PInfo:
db F3 0F 58 70 28
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+B0B427
GameAssembly.dll+B0B406: 8B D7 - mov edx,edi
GameAssembly.dll+B0B408: E8 23 AA 4F FF - call GameAssembly.il2cpp_custom_attrs_free+2740
GameAssembly.dll+B0B40D: 48 85 C0 - test rax,rax
GameAssembly.dll+B0B410: 74 70 - je GameAssembly.dll+B0B482
GameAssembly.dll+B0B412: 48 8B 40 10 - mov rax,[rax+10]
GameAssembly.dll+B0B416: 48 85 C0 - test rax,rax
GameAssembly.dll+B0B419: 74 67 - je GameAssembly.dll+B0B482
GameAssembly.dll+B0B41B: 48 8B 80 C8 00 00 00 - mov rax,[rax+000000C8]
GameAssembly.dll+B0B422: 48 85 C0 - test rax,rax
GameAssembly.dll+B0B425: 74 5B - je GameAssembly.dll+B0B482
// ---------- INJECTING HERE ----------
GameAssembly.dll+B0B427: F3 0F 58 70 28 - addss xmm6,[rax+28]
// ---------- DONE INJECTING ----------
GameAssembly.dll+B0B42C: FF C6 - inc esi
GameAssembly.dll+B0B42E: 48 8B 45 48 - mov rax,[rbp+48]
GameAssembly.dll+B0B432: FF C7 - inc edi
GameAssembly.dll+B0B434: 49 83 C6 08 - add r14,08
GameAssembly.dll+B0B438: 8B CF - mov ecx,edi
GameAssembly.dll+B0B43A: 48 8B D8 - mov rbx,rax
GameAssembly.dll+B0B43D: 48 85 C0 - test rax,rax
GameAssembly.dll+B0B440: 74 40 - je GameAssembly.dll+B0B482
GameAssembly.dll+B0B442: E9 69 FF FF FF - jmp GameAssembly.dll+B0B3B0
GameAssembly.dll+B0B447: 85 F6 - test esi,esi
}
what we doing with this code ?zephirot wrote: ↑Tue May 11, 2021 4:57 pmAddress will change all the time after a game update so it's normalFrankySahwit wrote: ↑Mon May 10, 2021 9:57 pmPlayers info, being a feature I was most expecting (since the old one would always bug out and show me info for a different player), is ironically the one that doesn't work on current Beta for me. It says "error in line 13... The bytes at "GameAssembly.dll" + 1415CA7 are not what was expected".
"GameAssembly.dll" + 1415CA7 is not good anymore and you won't find the bytes F3 0F 58 70 28 at this address.
For v0.28.6.5 it's "GameAssembly.dll" + B0B427
Instead of using the current full injection, you can use this alternate version with a mono address ("GameController.GetAveragePlayerInsanity"+D7)
If the code inside the method "GetAveragePlayerInsanity" do not change, D7 (offset to reach the bytes) should not change either...
Otherwise, you could use an AOB script, won't have the problem with the address anymore.Code: Select all
{ Game : Phasmophobia Version: Date : 2021-04-09 Author : Coderbox1 Mono : Assembly-CSharp.dll -> GameController:GetAveragePlayerInsanity() } define(address,"GameController.GetAveragePlayerInsanity"+D7) define(bytes,F3 0F 58 70 28) [ENABLE] assert(address,bytes) alloc(newmem,$1000,"GameController.GetAveragePlayerInsanity"+D7) label(code) label(return) label(sort) label(put1) label(put2) label(put3) label(put4) label(P1) label(P2) label(P3) label(P4) registersymbol(P1) registersymbol(P2) registersymbol(P3) registersymbol(P4) globalalloc(P1,8) globalalloc(P2,8) globalalloc(P3,8) globalalloc(P4,8) newmem: jmp sort P1: dq 0 P2: dq 0 P3: dq 0 P4: dq 0 sort: cmp rsi,0 je put1 cmp rsi,1 je put2 cmp rsi,2 je put3 cmp rsi,3 je put4 put1: mov [P1],rax jmp code put2: mov [P2],rax jmp code put3: mov [P3],rax jmp code put4: mov [P4],rax jmp code code: addss xmm6,[rax+28] jmp return address: jmp newmem return: [DISABLE] unregistersymbol(P1) unregistersymbol(P2) unregistersymbol(P3) unregistersymbol(P4) address: db bytes // addss xmm6,[rax+28] dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll.il2cpp+112EBC7 GameAssembly.dll.il2cpp+112EBA6: 8B D7 - mov edx,edi GameAssembly.dll.il2cpp+112EBA8: E8 83 92 C6 FE - call GameAssembly.il2cpp_custom_attrs_free+2740 GameAssembly.dll.il2cpp+112EBAD: 48 85 C0 - test rax,rax GameAssembly.dll.il2cpp+112EBB0: 74 70 - je GameAssembly.dll.il2cpp+112EC22 GameAssembly.dll.il2cpp+112EBB2: 48 8B 40 10 - mov rax,[rax+10] GameAssembly.dll.il2cpp+112EBB6: 48 85 C0 - test rax,rax GameAssembly.dll.il2cpp+112EBB9: 74 67 - je GameAssembly.dll.il2cpp+112EC22 GameAssembly.dll.il2cpp+112EBBB: 48 8B 80 C0 00 00 00 - mov rax,[rax+000000C0] GameAssembly.dll.il2cpp+112EBC2: 48 85 C0 - test rax,rax GameAssembly.dll.il2cpp+112EBC5: 74 5B - je GameAssembly.dll.il2cpp+112EC22 // ---------- INJECTING HERE ---------- GameAssembly.dll.il2cpp+112EBC7: F3 0F 58 70 28 - addss xmm6,[rax+28] // ==> "GameAssembly.dll"+139CBC7 // ---------- DONE INJECTING ---------- GameAssembly.dll.il2cpp+112EBCC: FF C6 - inc esi GameAssembly.dll.il2cpp+112EBCE: 48 8B 45 48 - mov rax,[rbp+48] GameAssembly.dll.il2cpp+112EBD2: FF C7 - inc edi GameAssembly.dll.il2cpp+112EBD4: 49 83 C6 08 - add r14,08 GameAssembly.dll.il2cpp+112EBD8: 8B CF - mov ecx,edi GameAssembly.dll.il2cpp+112EBDA: 48 8B D8 - mov rbx,rax GameAssembly.dll.il2cpp+112EBDD: 48 85 C0 - test rax,rax GameAssembly.dll.il2cpp+112EBE0: 74 40 - je GameAssembly.dll.il2cpp+112EC22 GameAssembly.dll.il2cpp+112EBE2: E9 69 FF FF FF - jmp GameAssembly.dll.il2cpp+112EB50 GameAssembly.dll.il2cpp+112EBE7: 85 F6 - test esi,esi }
You will search the bytes F3 0F 58 70 28 between the beginning of the method and for example 500 after to be sure to not miss them (offset D7 = 215)
Can't deactivate the script tho...
Code: Select all
{ Game : Phasmophobia Version: Date : 2021-04-09 Author : Coderbox1 Mono : Assembly-CSharp.dll -> GameController:GetAveragePlayerInsanity() } [ENABLE] aobscanregion(PInfo, GameController.GetAveragePlayerInsanity, GameController.GetAveragePlayerInsanity+500, F3 0F 58 70 28) // should be unique alloc(newmem,$1000,PInfo) label(code) label(return) label(sort) label(put1) label(put2) label(put3) label(put4) label(P1) label(P2) label(P3) label(P4) registersymbol(P1) registersymbol(P2) registersymbol(P3) registersymbol(P4) globalalloc(P1,8) globalalloc(P2,8) globalalloc(P3,8) globalalloc(P4,8) newmem: jmp sort P1: dq 0 P2: dq 0 P3: dq 0 P4: dq 0 sort: cmp rsi,0 je put1 cmp rsi,1 je put2 cmp rsi,2 je put3 cmp rsi,3 je put4 put1: mov [P1],rax jmp code put2: mov [P2],rax jmp code put3: mov [P3],rax jmp code put4: mov [P4],rax jmp code code: addss xmm6,[rax+28] jmp return PInfo: jmp newmem return: [DISABLE] unregistersymbol(P1) unregistersymbol(P2) unregistersymbol(P3) unregistersymbol(P4) PInfo: db F3 0F 58 70 28 dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: GameAssembly.dll+B0B427 GameAssembly.dll+B0B406: 8B D7 - mov edx,edi GameAssembly.dll+B0B408: E8 23 AA 4F FF - call GameAssembly.il2cpp_custom_attrs_free+2740 GameAssembly.dll+B0B40D: 48 85 C0 - test rax,rax GameAssembly.dll+B0B410: 74 70 - je GameAssembly.dll+B0B482 GameAssembly.dll+B0B412: 48 8B 40 10 - mov rax,[rax+10] GameAssembly.dll+B0B416: 48 85 C0 - test rax,rax GameAssembly.dll+B0B419: 74 67 - je GameAssembly.dll+B0B482 GameAssembly.dll+B0B41B: 48 8B 80 C8 00 00 00 - mov rax,[rax+000000C8] GameAssembly.dll+B0B422: 48 85 C0 - test rax,rax GameAssembly.dll+B0B425: 74 5B - je GameAssembly.dll+B0B482 // ---------- INJECTING HERE ---------- GameAssembly.dll+B0B427: F3 0F 58 70 28 - addss xmm6,[rax+28] // ---------- DONE INJECTING ---------- GameAssembly.dll+B0B42C: FF C6 - inc esi GameAssembly.dll+B0B42E: 48 8B 45 48 - mov rax,[rbp+48] GameAssembly.dll+B0B432: FF C7 - inc edi GameAssembly.dll+B0B434: 49 83 C6 08 - add r14,08 GameAssembly.dll+B0B438: 8B CF - mov ecx,edi GameAssembly.dll+B0B43A: 48 8B D8 - mov rbx,rax GameAssembly.dll+B0B43D: 48 85 C0 - test rax,rax GameAssembly.dll+B0B440: 74 40 - je GameAssembly.dll+B0B482 GameAssembly.dll+B0B442: E9 69 FF FF FF - jmp GameAssembly.dll+B0B3B0 GameAssembly.dll+B0B447: 85 F6 - test esi,esi }
Code: Select all
1|0:Null
2|1:Spirit
3|2:Wraith
4|3:Phantom
Code: Select all
13:Yokai
14:Hantu
Code: Select all
12|11:Yurei
13|12:Oni
14|13:Yokai
15|14:Hantu
Oh Really? That's weird..lee_terry_jr wrote: ↑Mon Jun 14, 2021 9:29 pmDamn, looks like they patched the game again in beta and this time it almost seems like they were trying to break this because most of the cheats are broken (they all say error in some line or that they fail to determine what something means). The speed hack still works, the show ghost seems to work, the teleport codes work, the camera hack partially works (inf photos but can not disable cooldown timer), every other cheat seems to be broken. The good news is that the table @coderbox1 seems to have working cheats for ghost info, sanity modifier, and mission info. Although neither the ghost info or the player info has as many options as yours did it does work (his ghost info is not updated to show the names of newer ghosts and player info is just sanity which may not work in a group). I will be testing a few of his options and merging both tables to make 1 that I can use but I will not release it here because it would be stealing the work @coderbox1 put into making it. I do suggest seeing if they will let you take the ones they made tho since it would save you most of the trouble. That being said some of the hacks in that 1 do not work (did not test the store hacker bc it is not needed but that speed hack did not work for me) and so you should test it yourself before moving it into yours.