local function findExecutableSegment(lib) local ranges=gg.getRangesList(lib) for _,v in ipairs(ranges) do if v.type:find("-x") then return v.start end end return nil end local function readValue(address,flags) return gg.getValues({[1]={address=address,flags=flags}})[1].value end local function writeValue(address,flags,value,freeze) local item={address=address,flags=flags,value=value,freeze=freeze} if freeze then gg.addListItems({item}) else gg.setValues({item}) end end function setvalue(address,flags,value,freeze) if address == 0 then return end local tt={} tt[1]={} tt[1].address=address tt[1].flags=flags tt[1].value=value tt[1].freeze=freeze if freeze==false then gg.setValues(tt) end gg.addListItems(tt) end function getvalue(address,flags,value,freeze) if address == 0 then return end local tt={} tt[1]={} tt[1].address=address tt[1].flags=flags gg.addListItems(tt) end function autovalue(address,flags,_o,_v,freeze) if address == 0 then return end local tt={} tt[1]={} tt[1].address=address tt[1].flags=flags tt[1].freeze=freeze local _v_ = gg.getValues(tt)[1].value if math.abs(_v_-_o) < 1e-7 then tt[1].value=_v else tt[1].value=_o end if freeze==false then gg.setValues(tt) end gg.addListItems(tt) end function readD(address) return gg.getValues({{address = address, flags = 4}})[1].value end function S_Pointer(t_So, t_Offset, _bit) local function getRanges() local ranges = {} local t = gg.getRangesList('^/data/*.so*$') for i, v in pairs(t) do if v.type:sub(2, 2) == 'w' then table.insert(ranges, v) end end return ranges end local function Get_Address(N_So, Offset, ti_bit) local ti = gg.getTargetInfo() local _Q = tonumber(0x167ba0fe) local t = {} local _t local _S = nil if ti_bit then _t = 32 else _t = 4 end local _S = gg.getRangesList(N_So[1])[1] if _S then t[#t + 1] = {} t[#t].address = _S.start + Offset[1] t[#t].flags = _t if #Offset ~= 1 then for i = 2, #Offset do local S = gg.getValues(t) t = {} for _ in pairs(S) do if not ti.x64 then S[_].value = S[_].value & 0xFFFFFFFF else S[_].value = S[_].value & 0xFFFFFFFFFF end t[#t + 1] = {} t[#t].address = S[_].value + Offset[i] t[#t].flags = _t end end end _S = t[#t].address end return _S end local ttt = Get_Address(t_So, t_Offset, _bit) if ttt ~= nil then local _A = string.format('0x%X', ttt) return _A end return 0 end function RDI(address) return gg.getValues({{address = address, flags = 4}})[1].value & 0xFFFFFFFF end function RQI(address) return gg.getValues({{address = address, flags = gg.TYPE_QWORD}})[1].value end --搬运请尊重原作者 @fqzcnb by.奉秋 local t = {"libtersafe.so"} local t = {"libUE4.so"} local tt = {0x43B2CC}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 RET",true)--无异常xa段检验 --登出vm local tt = {0x1E14EC}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 B [PC,#0x40]",true) local tt = {0x1E1558}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 MOVZ W0, #0x0",true) --VM完整性创建 local tt = {0x4CD9B8}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 MOVZ W0, #0x0",true) --内存扫描上报 local tt = {0x4E1A58}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 MOVZ W0, #0x0",true) local tt = {0x4E197C}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 MOVZ W0, #0x0",true) --vm字符串解密 local tt = {0x1E14EC}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 RET",true) local tt = {0x2E5D4C}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 RET",true) --Vm_Engine_Scan local tt = {0x31C7B4}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 MOVZ W0, #0x0",true) --Vm Auto Defense local tt = {0x4A1E7C}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 RET",true) --注入检测 local tt = {0x3DF384}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 ret",true) --data1 local tt = {0x4E5D70}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 RET",true) --text段无异常 local tt = {0x46CEE8}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 ret", true) local tt = {0x4C74A0}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 ret", true) local tt = {0x4C7540}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 ret", true) --mrpcsinit local tt = {0x37B3cc}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 ret", true) --hashc35 local tt = {0x460150}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 NOP", true) --hash上下文 local tt = {0x376CA0}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 RET", true) --crc32 local tt = {0x48937C}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 LDRB W9, [X0]", true) local tt = {0x489518}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 LDRB W10, [X19]", true) local tt = {0x3234D8}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 LDRB W15, [X0]", true) local tt = {0x37c838}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 RET", true) --openid local tt = {0x4C06A4}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 NOP", true) local tt = {0x4C06AC}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 NOP", true) --扫描 local tt = {0x4B6918}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 MOV W0, WZR", true) local tt = {0x4B691C}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 RET", true) -- hash计算 local tt = {0x40E9F4}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 MOV W0, WZR", true) --memcpy扫描 local tt = {0x43b2f0}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 NOP", true) local tt = {0x376cf8}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 NOP", true) local tt = {0x443d04}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4, "~A8 NOP", true) local t = {"libtprt.so"} --完整性 local tt = {0xe057c}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 RET",true) local tt = {0x12adf8}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 RET",true) local tt = {0x11d054}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 NOP",true) local tt = {0x122a54}local ttt = S_Pointer(t,tt,true) setvalue(ttt,4,"~A8 LDRB w9, [x0]",true) --by.奉秋