function cleanOffset(offset) if not offset or offset < 0 then return 0 end return offset end function getTimeText() local h = tonumber(os.date("%H")) if h >= 0 and h < 6 then return "凌晨" elseif h >= 6 and h < 10 then return "早上" elseif h >= 10 and h < 14 then return "中午" elseif h >= 14 and h < 18 then return "下午" elseif h >= 18 and h < 22 then return "晚上" else return "深夜" end end function addToFile(content) local filePath = "/storage/emulated/0/叶天_4.4.0_32Bit_偏移量.h" local file = io.open(filePath, "w") if file then file:write(content) file:close() end end function searchValue(name,searchStr,refineStr,range,dataType) gg.setRanges(range) gg.searchNumber(searchStr,dataType) if refineStr ~= "" then gg.refineNumber(refineStr,dataType) end end function getLibBase(libName) local ranges = gg.getRangesList(libName) if ranges and #ranges > 0 then return ranges[1].start end return nil end local UE4 = getLibBase("libUE4.so") local gameChineseName = "PUBG MOBILE" local packageName = gg.getTargetPackage() local gameInfo = gg.getTargetInfo() local gameVersionName = gameInfo and gameInfo.versionName or "未知" local versionCode = gameInfo and gameInfo.versionCode or "未知" local TB = "脚本已结束:\n" TB = TB .. "/*游戏进程: " .. gameChineseName .. "(" .. packageName .. ")\n" TB = TB .. "ABI架构: 32位 \n" TB = TB .. "版本/UID: " .. gameVersionName .. "/" .. versionCode .. "\n" TB = TB .. "抓取时间: " .. os.date("%Y年%m月%d日").." "..getTimeText().." "..os.date("%H时%M分%S秒").."\n" TB = TB .. "作者: 叶天 */\n" gg.clearResults() gg.setVisible(false) -- Gname偏移1 searchValue("Gname1","605;9187343235540844544;9187343237679939583;17179869188","17179869188",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,gg.TYPE_QWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local addr = _G[1].address local off = string.format("0x%x",addr-UE4-4) TB = TB .. string.format("\nGname Offsets : 0x%s)+0x88);",off) end gg.clearResults() -- Gname偏移2 searchValue("Gname2","605;9187343235540844544;9187343237679939583;17179869188","17179869188",gg.REGION_C_BSS,gg.TYPE_QWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local addr = _G[1].address local off = string.format("0x%x",addr-UE4-4) TB = TB .. string.format("\nGname Offsets :0x%s)+0x88);",off) end gg.clearResults() -- GWorld searchValue("GWorld","h 01 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 FF FF FF FF","h FF",gg.REGION_C_BSS,gg.TYPE_DWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>=4 then local addr = _G[4].address local off = string.format("0x%x",addr-UE4+0x49) TB = TB .. string.format("\nGWorld Offsets :0x%s)+0x3c);",off) end gg.clearResults() -- VMatrix searchValue("VMatrix","16384;90.0F","90.0F",gg.REGION_C_BSS,gg.TYPE_DWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local addr = _G[1].address local off = string.format("0x%x",addr-UE4+40-4) TB = TB .. string.format("\nVMatrix Offsets :0x%s)-0x7c);\n",off) end gg.clearResults() -- GNames_Offset searchValue("GNames","h 7D 00 00 0A 00 00 D5 E5","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,0) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4-0x30) TB = TB .. "\n#define GNames_Offset "..off end gg.clearResults() -- GEngine UEngine searchValue("GEngineUE","-10158236","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,gg.TYPE_DWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4-4) TB = TB .. "\n#define GEngine_Offset "..off.." //UEngine" end gg.clearResults() -- GEngine ULocalPlayer searchValue("GEngineLocal","70368744177664;4806466702311161856","70368744177664",gg.REGION_C_BSS,gg.TYPE_QWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local tempAddr = _G[1].address+40 local off = string.format("0x%x",tempAddr-UE4) TB = TB .. "\n#define GEngine_Offset "..off.." //UlocalPlayer" end gg.clearResults() -- ProccessSkin searchValue("ProccessSkin","h F0 4F 2D E9 1C B0 8D E2 6C D0 4D E2 00 50 A0 E1","h F0",gg.REGION_CODE_APP,0) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4) TB = TB .. "\n#define ProccessSkin_Offset "..off.."\n" end gg.clearResults() -- GUObject searchValue("GUObject","h 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,0) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4+0xC0) TB = TB .. "\n#define GUObject_Offset "..off end gg.clearResults() -- GetActorArray searchValue("GetActorArray","h 00 00 50 E3 2C 03 94 15","h E3",gg.REGION_CODE_APP,0) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>=2 then local off = string.format("0x%x",_G[2].address-UE4-19) TB = TB .. "\n#define GetActorArray_Offset "..off end gg.clearResults() -- Canvas_Map searchValue("Canvas_Map","h 04 00 00 00 00 00 80 3F 00 00 80 BF 00 00 80 3F 00 00 80 BF 00 00 80 3F 00 00 80 3F 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 3F 00 00 80 3F 00 00 80 BF 05 00 05 05 07 00 00 00 5B 02 00 00 00 00 00 00 00 00 80 3F 00 00 80 3F","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,0) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4+76) TB = TB .. "\n#define Canvas_Map_Offset "..off end gg.clearResults() -- ProcessEvent Child searchValue("ProcessEventChild","h F0 48 2D E9 10 B0 8D E2 00 60 A0 E1 01 50 A0 E1 00 00 90 E5","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,0) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4) TB = TB .. "\n#define ProcessEvent_Offset "..off.." //Child" end gg.clearResults() -- ProcessEvent Main searchValue("ProcessEventMain","h 4F 2D E9 1C B0 8D E2 74 D0 4D E2 94 93 9F E5 00 60 A0 E1 01 70 A0 E1 02","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,0) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4-1) TB = TB .. "\n#define ProcessEvent_Offset "..off.." //Main" end gg.clearResults() -- KillMessage searchValue("KillMessage","-2121846211204001808;720576163236282368;-1903896742303104973;-2125698642310262696","-2121846211204001808",gg.REGION_CODE_APP,gg.TYPE_QWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4) TB = TB .. "\n#define KillMessage_Offset "..off end gg.clearResults() -- GNativeAndroidApp 1 searchValue("GNativeApp1","h 05 00 05 05 07 00 00 00 5B 02 00 00 00 00 00 00","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,0) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4-0x128) TB = TB .. "\n#define GNativeAndroidApp_Offset "..off end gg.clearResults() -- GNativeAndroidApp 2 searchValue("GNativeApp2","h 05 00 05 05 07 00 00 00 5B 02 00 00 00 00 00 00","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,0) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4-0x13C) TB = TB .. "\n#define GNativeAndroidApp_Offset "..off end gg.clearResults() -- Actors searchValue("Actors","1374389534772;12884901892","12884901892",gg.REGION_C_DATA,gg.TYPE_QWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4+32) TB = TB .. "\n#define Actors_Offset "..off.."\n" end gg.clearResults() -- PostRender searchValue("PostRender","-2188679042007302060","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,gg.TYPE_QWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4-12) TB = TB .. "\n#define PostRender_Offset "..off end gg.clearResults() -- K2_DrawLine searchValue("K2_DrawLine","-1901715273244880824","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,gg.TYPE_QWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4-8) TB = TB .. "\n#define K2_DrawLine_Offset "..off end gg.clearResults() -- K2_DrawText searchValue("K2_DrawText","-1900776822902063103","",gg.REGION_CODE_APP|gg.REGION_C_DATA|gg.REGION_C_BSS,gg.TYPE_QWORD) _G = gg.getResults(gg.getResultsCount()) if _G and #_G>0 then local off = string.format("0x%x",_G[1].address-UE4-12) TB = TB .. "\n#define K2_DrawText_Offset "..off end gg.clearResults() TB = TB .. "\n\n退出.\nBy 叶天" addToFile(TB) gg.toast("偏移采集完成,已保存文件") print(TB)