function S_Pointer(t_So, t_Offset, _bit) local function getRanges() local ranges = {} local t = gg.getRangesList('^/data/*.so*$') for i, v in pairs(t) do if v.type:sub(2, 2) == 'w' then table.insert(ranges, v) end end return ranges end local function Get_Address(N_So, Offset, ti_bit) local ti = gg.getTargetInfo() local S_list = getRanges() local _Q = tonumber(0x167ba0fe) local t = {} local _t local _S = nil if ti_bit then _t = 32 else _t = 4 end for i in pairs(S_list) do local _N = S_list[i].internalName:gsub('^.*/', '') if N_So[1] == _N and N_So[2] == S_list[i].state then _S = S_list[i] break end end if _S then t[#t + 1] = {} t[#t].address = _S.start + Offset[1] t[#t].flags = _t if #Offset ~= 1 then for i = 2, #Offset do local S = gg.getValues(t) t = {} for _ in pairs(S) do if not ti.x64 then S[_].value = S[_].value & 0xFFFFFFFF end t[#t + 1] = {} t[#t].address = S[_].value + Offset[i] t[#t].flags = _t end end end _S = t[#t].address print(string.char(231,190,164,58).._Q) end return _S end local _A = string.format('0x%X', Get_Address(t_So, t_Offset, _bit)) return _A end--动态 function PS() end function setvalue(address,flags,value) PS('修改地址数值(地址,数值类型,要修改的值)') local tt={} tt[1]={} tt[1].address=address tt[1].flags=flags tt[1].value=value gg.setValues(tt) end local gurenya=gg.setValues--静态 function getRanges() local ranges = {} local tt = {} local t = gg.getRangesList('^/data/*.so*$') for i in pairs(t) do if t[i].type:sub(2, 2) == 'w' or t[i].type == "r-xp" then if not tt[t[i].internalName] then tt[t[i].internalName] = {} end if not tt[t[i].internalName][t[i].state] then tt[t[i].internalName][t[i].state] = 0 end tt[t[i].internalName][t[i].state] = tt[t[i].internalName][t[i].state] + 1 t[i].count = tt[t[i].internalName][t[i].state] table.insert(ranges, t[i]) end end return ranges end function Base_Address(N_So) local S_list = getRanges() local _S = {} for i in pairs(S_list) do local _N = S_list[i].internalName:gsub('^.*/', '') if N_So[1] == _N and N_So[2] == S_list[i].state and N_So[3] == S_list[i].count then _S = S_list[i] break end end return _S.start end function Get_Address(Address, Offset) local flags_bit = {[true] = 32, [false] = 4} local ti64 = gg.getTargetInfo().x64 local Type = flags_bit[ti64] local addr = 0 if Address then addr = Address + Offset[1] for _ = 2, #Offset do local pointer = gg.getValues({{address = addr, flags = Type}}) if not ti64 then pointer[1].value = pointer[1].value & 0xFFFFFFFF end addr = pointer[1].value + Offset[_] end end return addr end function SearchWrite(Search, Write, Type)gg.clearResults()gg.setVisible(false)gg.searchNumber(Search[1][1], Type)local count = gg.getResultCount()local result = gg.getResults(count)gg.clearResults()local data = {}local base = Search[1][2]if (count > 0) then for i, v in ipairs(result) do v.isUseful = true end for k=2, #Search do local tmp = {} local offset = Search[k][2] - base local num = Search[k][1] for i, v in ipairs(result) do tmp[#tmp+1] = {} tmp[#tmp].address = v.address + offset tmp[#tmp].flags = v.flags end tmp = gg.getValues(tmp) for i, v in ipairs(tmp) do if ( tostring(v.value) ~= tostring(num) ) then result[i].isUseful = false end end end for i, v in ipairs(result) do if (v.isUseful) then data[#data+1] = v.address end end if (#data > 0) then gg.toast("found "..#data.." data") local t = {} local base = Search[1][2] for i=1, #data do for k, w in ipairs(Write) do offset = w[2] - base t[#t+1] = {} t[#t].address = data[i] + offset t[#t].flags = Type t[#t].value = w[1] if (w[3] == true) then local item = {} item[#item+1] = t[#t] item[#item].freeze = true gg.addListItems(item) end end end gg.setValues(t) else gg.toast("啦啦啦啦", false) return false end else gg.toast("啦啦啦啦") return false end end function mnnb(Search, Write,Neicun,Mingcg,Shuzhiliang) gg.clearResults() gg.setRanges(Neicun) gg.setVisible(false) gg.searchNumber(Search[1][1], Search[1][3]) count = gg.getResultCount() result = gg.getResults(count) gg.clearResults() data = {} base = Search[1][2] if (count > 0) then for i, v in ipairs(result) do v.isUseful = true end for k=2, #Search do tmp = {} offset = Search[k][2] - base num = Search[k][1] for i, v in ipairs(result) do tmp[#tmp+1] = {} tmp[#tmp].address = v.address + offset tmp[#tmp].flags = Search[k][3] end tmp = gg.getValues(tmp) for i, v in ipairs(tmp) do if ( tostring(v.value) ~= tostring(num) ) then result[i].isUseful = false end end end for i, v in ipairs(result) do if (v.isUseful) then data[#data+1] = v.address end end if (#data > 0) then gg.toast(Mingcg.."搜索到"..#data.."条数据") t = {} base = Search[1][2] if Shuzhiliang == "" and Shuzhiliang > 0 and Shuzhiliang < #data then Shuzhiliang=Shuzhiliang else Shuzhiliang=#data end for i=1, Shuzhiliang do for k, w in ipairs(Write) do offset = w[2] - base t[#t+1] = {} t[#t].address = data[i] + offset t[#t].flags = w[3] t[#t].value = w[1] if (w[4] == true) then item = {} item[#item+1] = t[#t] item[#item].freeze = true gg.addListItems(item) end end end gg.setValues(t) gg.toast(Mingcg.."已修改"..#t.."条数据") gg.sleep(400) else gg.toast(Mingcg.."开启失败", false) return false end else gg.toast("搜索失败") return false end end function Main() SN = gg.choice({ "实战", "关", "退出脚本" }, 2018, "傲雪") if SN == 1 then a() end if SN == 2 then b() end if SN == 3 then Exit() end XGCK = -1 end function a() so=gg.getRangesList('libUE4.so')[1].start py1=0X267C928 py2=0X270878C py3=0X2D082A0 py4=0XCB8B40 py5=0X2C33484 py6=0X2C3349C py7=0X2C33528 py8=0XCAFF20 py9=0X1250170 py10=0X26FCA44 py11=0XCCFAC0 py12=0XCB8A54 py13=0x2738EA4 py14=0x267C928 setvalue(so+py1,16,0.35) setvalue(so+py2,16,0) setvalue(so+py3,16,0) setvalue(so+py4,16,-3.83692277e21) local t = {"libUE4.so:bss", "Cb"} local tt = {0x1E16CC, 0x117C, 0x18, 0x3D4} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = -9999}})--去除卡 local t = {"libUE4.so:bss", "Cb"} local tt = {0x1EA3A8, 0x20, 0x2CC, 0x310, 0x138} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 100}})--翻墙 local t = {"libUE4.so:bss", "Cb"} local tt = {0x1EA3A8, 0x20, 0x2CC, 0x310, 0x138} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 50}})--防拉 local t = {"libUE4.so", "Cd"} local tt = {0x5C2960, 0x78, 0x68, 0x3CC} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = -9999}})--去除拉回 local t = {"libUE4.so:bss", "Cb"} local tt = {0x62678,0xA8,0x2DC,0x24} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 4, value = 10000000}})--开枪 local t = {"libUE4.so", "Cd"} local tt = {0x5C2A20, 0x78, 0x68, 0x3C8} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 0.6}})--防拉2 so=gg.getRangesList('libUE4.so')[1].start py = 0X270878C setvalue(so + py, 16,3) local tt = {0x1EA3A8, 0x20, 0x2CC, 0x14F0} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 999}})--翻倍 local t = {"libUE4.so:bss", "Cb"} local tt = {0x1EA3A8, 0x20, 0x2CC, 0x14F0} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 999}})--翻倍 gg.clearResults() gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber('670',gg.TYPE_FLOAT,false,gg.SIGN_EQUAL,0, -1) gg.searchNumber('',gg.TYPE_FLOAT,false,gg.SIGN_EQUAL,0, -1) gg.getResults(100) gg.editAll('2200',gg.TYPE_FLOAT) local t = {"libUE4.so", "Cd"} local tt = {0x5C2A20, 0x78, 0x68, 0x3CC} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = -9999}}) local t = {"libUE4.so:bss", "Cb"} local tt = {0x1E17CC, 0x87C, 0x18, 0x3D4} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = -9999}}) gg.toast("开启成功") end function b() so=gg.getRangesList('libUE4.so')[1].start py=0XCDF648 setvalue(so+py,16,-1.23824239e28) local t = {"libUE4.so:bss", "Cb"} local tt = {0x2494A0, 0xB4, 0xD90, 0x19F4} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 1}}) local t = {"libUE4.so", "Cd"} local tt = {0x5C2A20, 0x78, 0x68, 0x3C8} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 1}}) local t = {"libUE4.so:bss", "Cb"} local tt = {0x1EA3A8, 0x20, 0x2CC, 0x14F0} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 1}}) so=gg.getRangesList('libUE4.so')[1].start py=0X270878C setvalue(so+py,16,-1.86389771e-20) so=gg.getRangesList('libUE4.so')[1].start py=0X270FD5C setvalue(so+py,16,-5.84304308e27) so=gg.getRangesList('libUE4.so')[1].start py=0X2728CA0 setvalue(so+py,16,0) so=gg.getRangesList('libUE4.so')[1].start py=0X2C33484 setvalue(so+py,16,6.16304121e-33) so=gg.getRangesList('libUE4.so')[1].start py=0X2C3349C setvalue(so+py,16,2.64700415e-23) so=gg.getRangesList('libUE4.so')[1].start py=0X2C33524 setvalue(so+py,16,10.90734863281) so=gg.getRangesList('libUE4.so')[1].start py=0X2C33628 setvalue(so+py,16,-3.74440972e28) so=gg.getRangesList('libUE4.so')[1].start py=0X2D082A0 setvalue(so+py,16,-6.15262313e27) so=gg.getRangesList('libUE4.so')[1].start py=0X2D082A4 setvalue(so+py,16,-9.98393277e27) py=0XCB86D0 setvalue(so+py,16,-1.3697734e28) so=gg.getRangesList('libUE4.so')[1].start py=0XCB8A54 setvalue(so+py,16,-9.90656152e27) so=gg.getRangesList('libUE4.so')[1].start py=0XCB8AFC setvalue(so+py,16,-3.83692277e21) so=gg.getRangesList('libUE4.so')[1].start py=0XCB8B34 setvalue(so+py,16,-2.02910561e20) so=gg.getRangesList('libUE4.so')[1].start py=0X1250170 setvalue(so+py,16,1) so=gg.getRangesList('libUE4.so')[1].start py=0X12501F8 setvalue(so+py,16,1) so=gg.getRangesList('libUE4.so')[1].start py=0X26E20D8 setvalue(so+py,16,-3.86856262e25) so=gg.getRangesList('libUE4.so')[1].start py=0X26E20DC setvalue(so+py,16,-2.8323923e28) so=gg.getRangesList('libUE4.so')[1].start py=0X26F1700 setvalue(so+py,16,-3.74440972e28) so=gg.getRangesList('libUE4.so')[1].start py=0X26FCA34 setvalue(so+py,16,-6.15494476e27) so=gg.getRangesList('libUE4.so')[1].start py=0X26FCA38 setvalue(so+py,16,-2.53646207e30) so=gg.getRangesList('libUE4.so')[1].start py=0X26FCA44 setvalue(so+py,16,9.99999997e-7) so=gg.getRangesList('libUE4.so')[1].start py=0XCADA50 setvalue(so+py,16,-1.33640717e28) so=gg.getRangesList('libUE4.so')[1].start py=0XCADA60 setvalue(so+py,16,-3.74440972e28) so=gg.getRangesList('libUE4.so')[1].start py=0XCADC2C setvalue(so+py,16,-2.13605127e28) so=gg.getRangesList('libUE4.so')[1].start py=0XCADE2C setvalue(so+py,16,-3.74440972e28) so=gg.getRangesList('libUE4.so')[1].start py=0XCADE80 setvalue(so+py,16,-3.74440972e28) so=gg.getRangesList('libUE4.so')[1].start py=0XCAE20C setvalue(so+py,16,-9.90656152e27) so=gg.getRangesList('libUE4.so')[1].start py=0XCAE2A4 setvalue(so+py,16,-9.00722502e15) so=gg.getRangesList('libUE4.so')[1].start py=0XCAFF20 setvalue(so+py,16,0) so=gg.getRangesList('libUE4.so')[1].start py=0X267C928 setvalue(so+py,16,0) local t = {"libUE4.so:bss", "Cb"} local tt = {0x1EA3A8, 0x20, 0x2CC, 0x14F0} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 1}}) gg.clearResults() gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber('2200',gg.TYPE_FLOAT,false,gg.SIGN_EQUAL,0, -1) gg.searchNumber('',gg.TYPE_FLOAT,false,gg.SIGN_EQUAL,0, -1) gg.getResults(100) gg.editAll('670',gg.TYPE_FLOAT) so=gg.getRangesList('libUE4.so')[1].start py = 0X270878C setvalue(so + py, 16,3) local tt = {0x1EA3A8, 0x20, 0x2CC, 0x14F0} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 1}}) local t = {"libUE4.so", "Cd"} local tt = {0x5C2A20, 0x78, 0x68, 0x3C8} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 1}}) local t = {"libUE4.so:bss", "Cb"} local tt = {0x1EA3A8, 0x20, 0x2CC, 0x14F0} local ttt = S_Pointer(t, tt) gg.setValues({{address = ttt, flags = 16, value = 1}}) gg.toast("关闭成功") end function Exit() print("这里是退出脚本后的提示文字") os.exit() end cs = "这里可以改成你的QQ" while true do if gg.isVisible(true) then XGCK = 1 gg.setVisible(false) end gg.clearResults() if XGCK == 1 then Main() end end --[[Welcome to Dluae]]