local configPath="/sdcard/Download/conf.txy" local configExists= false  local libPath="" local updateMode=1 local customOffset=0 local callHistory={} local Index function huifu() gg.processPause() local file=io.open("/sdcard/sj.txt", "r") if  not file then gg.alert("没有找到恢复文件") return  end  for line in file:lines() do  local addr, value=line:match("^(%x+) ([-]?%d+)$") if addr and value then addr=tonumber(addr, 16) value=tonumber(value) if addr and value then gg.setValues({{address=addr, flags=gg.TYPE_DWORD, value=value}}) else gg.alert("地址或值格式不正确: "..line) end  else gg.alert("无法解析行: "..line) end  end file:close() gg.processResume() end  local  function checkConfig() local file=io.open(configPath, "r") if file then configExists= true libPath=file:read("*l") or "" local modeLine=file:read("*l") or "1" if modeLine:find("2%(") then updateMode=2 customOffset=tonumber(modeLine:match("%((%d+)%)")) or 0 else updateMode=tonumber(modeLine) or 1 end  local indexLine=file:read("*l") or "2" Index=tonumber(indexLine) or 2 offsets={} for line in file:lines() do  local name, offset=line:match("(.+)=(0x%x+)") if name and offset then offsets[name]=tonumber(offset, 16) end  end file:close() end  end  function so(l) g=gg.getValues s=gg.setValues f=string.format O={"System V", "HP-UX", "NetBSD", "Linux", "GNU Hurd", "Solaris", "AIX", "IRIX", "FreeBSD", "Tru64", "Novell Modesto", "OpenBSD", "OpenVMS", "NonStop Kernel", "AROS", "Fenix OS", "CloudABI"} T={["0"]="ET_NONE", ["1"]="ET_REL", ["2"]="ET_EXEC", ["3"]="ET_DYN", ["4"]="ET_CORE", ["65024"]="ET_LOOS", ["65279"]="ET_HIOS", ["65280"]="ET_LOPROC", ["65535"]="ET_HIPROC"} M={["0"]="No Specific Instruction Set !", ["2"]="SPARC", ["3"]="x86", ["8"]="MIPS", ["20"]="PowerPC", ["22"]="S390", ["40"]="ARM", ["42"]="SuperH", ["50"]="IA-64", ["62"]="x86-64", ["183"]="AArch64", ["243"]="RISC-V"} P={"PT_NULL", "PT_LOAD", "PT_DYNAMIC", "PT_INTERP", "PT_NOTE", "PT_SHLIB", "PT_PHDR"} D={"DT_NULL", "DT_NEEDED", "DT_PLTRELSZ", "DT_PLTGOT", "DT_HASH", "DT_STRTAB", "DT_SYMTAB", "DT_RELA", "DT_RELASZ", "DT_RELAENT", "DT_STRSZ", "DT_SYMENT", "DT_INIT", "DT_FINI", "DT_SONAME", "DT_RPATH", "DT_SYMBOLIC", "DT_REL", "DT_RELSZ", "DT_RELENT", "DT_PLTREL", "DT_DEBUG", "DT_TEXTREL", "DT_JMPREL"} S={"STT_NOTYPE", "STT_OBJECT", "STT_FUNC", "STT_SECTION", "STT_FILE", "STT_COMMON", "STT_TLS"} function r(a, b) _={} if type(b)=="数字" then _="" for _=1, b do _[_]={address=(a-1)+_, flags=gg.TYPE_BYTE} end  for v, __ in ipairs(g(_)) do _=_..f("%02X", __.value&0xFF) end  return _ end B={} b:gsub("..",  function (x) B[#B+1]=x _[#B]={address=(a-1)+#B, flags=gg.TYPE_BYTE, value=x.."h"} end ) s(_) end  function d(a, b) if b== nil  or type(b)~="数字" then b=128 end  local t="" for _ in r(a, b):gmatch("..") do  if _=="00" then  break  end t=t..string.char(tonumber(_, 16)) end  return t end  function b(l) local  function a(l) local p= nil  for _, __ in pairs(gg.getRangesList(l)) do  if __["state"]=="Xs" then  return p, __["start"], __["end"] end p=__["start"] end  return  nil  end  local  function c(l) for _, __ in pairs(gg.getRangesList(l)) do  if __["state"]=="Xa" or __["state"]=="Xs" then  return __["start"], __["end"] end  end  return  nil  end  local s, e=a(l) if  not s then s, e=c(l) end  return s, e end  function i(l) local B=b(l) if B~= nil  then _=g({{address=B, flags=gg.TYPE_DWORD}, {address=B+0x4, flags=gg.TYPE_BYTE}, {address=B+0x5, flags=gg.TYPE_BYTE}, {address=B+0x6, flags=gg.TYPE_BYTE}, {address=B+0x7, flags=gg.TYPE_BYTE}, {address=B+0x8, flags=gg.TYPE_BYTE}, {address=B+0x10, flags=gg.TYPE_WORD}, {address=B+0x12, flags=gg.TYPE_WORD}, {address=B+0x14, flags=gg.TYPE_DWORD}, {address=B+0x18, flags=gg.TYPE_DWORD}, {address=B+0x1C, flags=gg.TYPE_DWORD}, {address=B+0x20, flags=gg.TYPE_DWORD}, {address=B+0x24, flags=gg.TYPE_DWORD}, {address=B+0x28, flags=gg.TYPE_WORD}, {address=B+0x2A, flags=gg.TYPE_WORD}, {address=B+0x2C, flags=gg.TYPE_WORD}, {address=B+0x2E, flags=gg.TYPE_WORD}, {address=B+0x30, flags=gg.TYPE_WORD}, {address=B+0x32, flags=gg.TYPE_WORD}, }) local E={Magic=_[1].value, Class=_[2].value, Data=_[3].value, Version=_[4].value, OSABI=_[5].value, ABIVer=_[6].value, Type=_[7].value, Machine=_[8].value, Version2=_[9].value, EntryPoint=_[10].value, PHOffset=_[11].value, SHOffset=_[12].value, Flags=_[13].value, HeaderSize=_[14].value, PHSize=_[15].value, PHNum=_[16].value, SHSize=_[17].value, SHNum=_[18].value, SHStrIndex=_[19].value, pHdr={}, Dyn={}, Sym={}} for _=1, E.PHNum do  local p=B+E.PHOffset+(_*E.PHSize) local h=g({{address=p, flags=gg.TYPE_DWORD}, {address=p+4, flags=gg.TYPE_DWORD}, {address=p+8, flags=gg.TYPE_DWORD}, {address=p+0xC, flags=gg.TYPE_DWORD}, {address=p+0x10, flags=gg.TYPE_DWORD}, {address=p+0x14, flags=gg.TYPE_DWORD}, {address=p+0x18, flags=gg.TYPE_DWORD}, {address=p+0x1C, flags=gg.TYPE_DWORD}, }) E.pHdr[_]={p_type=h[1].value, p_offset=h[2].value, p_vaddr=h[3].value, p_paddr=h[4].value, p_filesz=h[5].value, p_memsz=h[6].value, p_flags=h[7].value, p_align=h[8].value} end  for _=1, E.PHNum do  if P[E.pHdr[_].p_type+1]=="PT_DYNAMIC" then  local C=0 while  true  do  local y=g({{address=B+E.pHdr[_].p_vaddr+(C*8), flags=gg.TYPE_DWORD}, {address=B+E.pHdr[_].p_vaddr+4+(C*8), flags=gg.TYPE_DWORD}}) if y[1].value==0 and y[2].value==0 then  break  end C=C+1 E.Dyn[C]={d_tag=y[1].value, d_val=y[2].value, d_ptr=y[2].value} end  end  end  for _=1, #E.Dyn do  if D[tonumber(E.Dyn[_].d_tag)+1]=="DT_HASH" then n=g({{address=(E.Dyn[_].d_ptr+4)+B, flags=gg.TYPE_DWORD}})[1].value end  if D[tonumber(E.Dyn[_].d_tag)+1]=="DT_STRTAB" then t=E.Dyn[_].d_ptr+B end  if D[tonumber(E.Dyn[_].d_tag)+1]=="DT_SYMTAB" then m=E.Dyn[_].d_ptr+B end  end  if n~= nil  then  for _=1, n do  local y=m+(_*0x10) __=g({{address=y, flags=gg.TYPE_DWORD}, {address=y+0x4, flags=gg.TYPE_DWORD}, {address=y+0x8, flags=gg.TYPE_DWORD}, {address=y+0xC, flags=gg.TYPE_DWORD}}) E.Sym[_]={name=d(t+__[1].value), st_name=__[1].value, st_value=__[2].value, st_size=__[3].value, st_info=__[4].value} end  end  return E end  return  nil  end B=b(l) return B end  function libcjx(so, s) local a=so local b=io.open(a, "rb") if  not b then  return  end b:seek("set", 0) local c=b:read(4) if c~="\x7fELF" then b:close() return  end b:seek("set", 4) local d=b:read(1) local e=(d=="\x02") if  not e then b:close() return  end b:seek("set", 0x28) local f=b:read(8) f=string.unpack("<I8", f) b:seek("set", 0x3A) local g=b:read(2) g=string.unpack("<I2", g) b:seek("set", 0x3C) local h=b:read(2) h=string.unpack("<I2", h) b:seek("set", 0x3E) local i=b:read(2) i=string.unpack("<I2", i) local j={} local k={} for l=0, h-1 do  local m=f+l*g b:seek("set", m+4) local n=string.unpack("<I4", b:read(4)) b:seek("set", m+0x28) local o=string.unpack("<I4", b:read(4)) b:seek("set", m+0x10) local p=string.unpack("<I8", b:read(8)) b:seek("set", m+0x18) local q=string.unpack("<I8", b:read(8)) b:seek("set", m+0x20) local r=string.unpack("<I8", b:read(8)) j[l+1]={sh_type=n, sh_addr=p, sh_offset=q, sh_size=r} if n==2 or n==11 then b:seek("set", m+0x18) local t=string.unpack("<I8", b:read(8)) b:seek("set", m+0x20) local u=string.unpack("<I8", b:read(8)) table.insert(k, {offset=t, size=u, strtab_idx=o}) end  end  local v={} for l=0, h-1 do  local w=j[l+1] if w.sh_type==3 then v[l]=w.sh_offset end  end  local x= false  for _, y in ipairs(k) do  local z=y.offset local A=y.size local B=y.strtab_idx local C=v[B] if C then  local D=24 for E=0, A/D-1 do b:seek("set", z+E*D) local F=b:read(D) local G=string.unpack("<I4", F) local H=string.unpack("<I8", F, 8) b:seek("set", C+G) local I="" repeat  local J=b:read(1) if J and J~="\0" then I=I..J end  until  not J or J=="\0" if I==s then  local K=string.format("0x%X", H):sub(1, -3) b:close() return K end  end  end  if x then  break  end  end b:close() end  local  function showConfigDialog() local choices=gg.multiChoice({"使用默认egl调用(如闪退或游戏非egl渲染则无效)", "自定义调用方式(可用于hook)", },  nil , "请选择调用方式") if  not choices then  return  false  end  local soName="libil2cpp.so" local offsetInput=0 local soIndex=2 if choices[2] then  local customPrompt=gg.prompt({"请输入目标SO名称", "请输入偏移量(不带0x)", "请输入SO索引(默认2)", }, {"libil2cpp.so", "", "2", }, {"text", "text", "number", }) if customPrompt and customPrompt[1] then soName=customPrompt[1] offsetInput=tonumber(customPrompt[2], 16) or 0 soIndex=tonumber(customPrompt[3]) or 2 else  return  false  end  end  local file=io.open(configPath, "w") if file then file:write(soName.."\n") if choices[1] then file:write("1\n") elseif choices[2] then file:write("2("..offsetInput..")\n") end file:write(soIndex.."\n") file:close() end  return  true  end checkConfig() if  not configExists then  if showConfigDialog() then checkConfig() else print("配置未完成，脚本退出") os.exit() end  end  local xzdx=gg.getRangesList(libPath)[Index].start local update if updateMode==1 then  local a=so("libEGL.so") local c=libcjx("/system/lib64/libEGL.so", "eglSwapBuffers") update=a+c else update=xzdx+customOffset end  local offsets={} local configFile=io.open(configPath, "r") if configFile then configFile:read("*l") configFile:read("*l") for line in configFile:lines() do  local name, offset=line:match("(.+)=0x(%x+)") if name and offset then offsets[name]=tonumber(offset, 16) end  end configFile:close() end  function callhans() local menu=gg.choice({"※创建调用※", "※历史调用※", "※重置配置※", },  nil , "此工具支持调用任何函数并且支持hook 作者:夜辞 脚本免费开源禁止用于非法用途禁止倒卖") if menu==1 then call() elseif menu==2 then calllis() elseif menu==3 then chongzhi() end  end  function diaoyhs(x0, x1, x2, x3, x4, x5, x6, x7, s0, s1, s2, x0type, x1type, x2type, x3type, x4type, x5type, x6type, x7type, s0type, s1type, s2type, hsdz) local dz=hsdz gg.processPause() local pyfb={0, 4, 8, 12, 16} local ysz={} local inputRegister="X16" local initialFile=io.open("/sdcard/sj.txt", "w") if initialFile then  for i, pfb in ipairs(pyfb) do  local zhi=gg.getValues({{address=update+pfb, flags=4}}) ysz[i]=zhi[1].value initialFile:write(string.format("%x %d\n", update+pfb, ysz[i])) end initialFile:close() end  local ldrValue=string.format('~A8 LDR %s, [PC,#0X8]', inputRegister) local brValue=string.format('~A8 BR %s', inputRegister) local allValues={} table.insert(allValues, {address=update, flags=4, value=ldrValue}) table.insert(allValues, {address=update+4, flags=4, value=brValue}) local fkndl=gg.allocatePage(gg.PROT_READ|gg.PROT_WRITE|gg.PROT_EXEC) gg.setValues({{address=update+8, flags=32, value=fkndl}}) gg.setValues({{address=update+16, flags=4, value="~A8 RET"}}) for i=0, 59 do table.insert(allValues, {address=fkndl+16+160+i*4, flags=4, value='~A8 NOP'}) end  for i, yz in ipairs(ysz) do table.insert(allValues, {address=fkndl+(i-1)*4, flags=4, value="~A8 NOP"}) end  for pfb=0x10, 0xAC, 4 do table.insert(allValues, {address=fkndl+pfb, flags=4, value='~A8 NOP'}) end table.insert(allValues, {address=fkndl+0x1A0, flags=4, value='~A8 NOP'}) table.insert(allValues, {address=fkndl+0x1A4, flags=4, value='~A8 NOP'}) table.insert(allValues, {address=fkndl+0x1A8, flags=4, value=ldrValue}) table.insert(allValues, {address=fkndl+0x1AC, flags=4, value=brValue}) table.insert(allValues, {address=fkndl+0x1B0, flags=32, value=(update+16)}) gg.setValues(allValues) local file=io.open("/sdcard/uw.txt", "w") if file then  local updatey=fkndl+16 file:write(string.format("0x%X\n", updatey)) file:close() end  local regValues={{address=fkndl, flags=4, value='~A8 STR X29, [X16,#0X668]'}, {address=fkndl+0x4, flags=4, value='~A8 STR X30, [X16,#0X788]'}, {address=fkndl+0x8, flags=4, value='~A8 STR X16, [X16,#0X888]'}, {address=fkndl+0x10, flags=4, value='~A8 LDR X27, [PC,#0X66C]'}, {address=fkndl+0x14, flags=4, value='~A8 STR X26, [X16,#0X678]'}, {address=fkndl+0x18, flags=4, value='~A8 CMP X27, #2'}, {address=fkndl+0x1C, flags=4, value='~A8 B.EQ [PC,#0X8]'}, {address=fkndl+0x20, flags=4, value='~A8 B.NE [PC,#0X188]'}, } table.insert(regValues, {address=fkndl+0x24, flags=4, value=(x0=="nop" and '~A8 NOP' or '~A8 LDR X0, [PC,#0X288]')}) table.insert(regValues, {address=fkndl+0x28, flags=4, value=(x1=="nop" and '~A8 NOP' or '~A8 LDR X1, [PC,#0X290]')}) table.insert(regValues, {address=fkndl+0x2C, flags=4, value=(x2=="nop" and '~A8 NOP' or '~A8 LDR X2, [PC,#0X298]')}) table.insert(regValues, {address=fkndl+0x30, flags=4, value=(x3=="nop" and '~A8 NOP' or '~A8 LDR X3, [PC,#0X300]')}) table.insert(regValues, {address=fkndl+0x34, flags=4, value=(x4=="nop" and '~A8 NOP' or '~A8 LDR X4, [PC,#0X308]')}) table.insert(regValues, {address=fkndl+0x38, flags=4, value=(x5=="nop" and '~A8 NOP' or '~A8 LDR X5, [PC,#0X310]')}) table.insert(regValues, {address=fkndl+0x3C, flags=4, value=(x6=="nop" and '~A8 NOP' or '~A8 LDR X6, [PC,#0X318]')}) table.insert(regValues, {address=fkndl+0x40, flags=4, value=(x7=="nop" and '~A8 NOP' or '~A8 LDR X7, [PC,#0X320]')}) table.insert(regValues, {address=fkndl+0x44, flags=4, value=(s0=="nop" and '~A8 NOP' or '~A8 LDR S0, [PC,#0X328]')}) table.insert(regValues, {address=fkndl+0x48, flags=4, value=(s1=="nop" and '~A8 NOP' or '~A8 LDR S1, [PC,#0X330]')}) table.insert(regValues, {address=fkndl+0x4C, flags=4, value=(s2=="nop" and '~A8 NOP' or '~A8 LDR S2, [PC,#0X338]')}) table.insert(regValues, {address=fkndl+0x50, flags=4, value='~A8 LDR X25, [PC,#0X974]'}) table.insert(regValues, {address=fkndl+0x54, flags=4, value='~A8 BLR X25'}) table.insert(regValues, {address=fkndl+0x58, flags=4, value='~A8 LDR X29, [PC,#0X610]'}) table.insert(regValues, {address=fkndl+0x5C, flags=4, value='~A8 LDR X30, [PC,#0X72C]'}) table.insert(regValues, {address=fkndl+0x60, flags=4, value='~A8 LDR X16, [PC,#0X828]'}) table.insert(regValues, {address=fkndl+0x64, flags=4, value='~A8 STR X0, [X16,#0X778]'}) table.insert(regValues, {address=fkndl+0x68, flags=4, value='~A8 STR S0, [X16,#0X780]'}) table.insert(regValues, {address=fkndl+0x6C, flags=4, value='~A8 STR X26, [X16,#0X798]'}) gg.setValues(regValues) local paramValues={} if x0~="nop" then table.insert(paramValues, {address=fkndl+0x24+0x288, flags=x0type, value=x0}) end table.insert(paramValues, {address=fkndl+0x44+0x980, flags=32, value=dz}) if x1~="nop" then table.insert(paramValues, {address=fkndl+0x28+0x290, flags=x1type, value=x1}) end  if x2~="nop" then table.insert(paramValues, {address=fkndl+0x2C+0x298, flags=x2type, value=x2}) end  if x3~="nop" then table.insert(paramValues, {address=fkndl+0x30+0x300, flags=x3type, value=x3}) end  if x4~="nop" then table.insert(paramValues, {address=fkndl+0x34+0x308, flags=x4type, value=x4}) end  if x5~="nop" then table.insert(paramValues, {address=fkndl+0x38+0x310, flags=x5type, value=x5}) end  if x6~="nop" then table.insert(paramValues, {address=fkndl+0x3C+0x318, flags=x6type, value=x6}) end  if x7~="nop" then table.insert(paramValues, {address=fkndl+0x40+0x320, flags=x7type, value=x7}) end  if s0~="nop" then table.insert(paramValues, {address=fkndl+0x44+0x328, flags=s0type, value=s0}) end  if s1~="nop" then table.insert(paramValues, {address=fkndl+0x48+0x330, flags=s1type, value=s1}) end  if s2~="nop" then table.insert(paramValues, {address=fkndl+0x4C+0x338, flags=s2type, value=s2}) end  if #paramValues>0 then gg.setValues(paramValues) end gg.processResume() gg.setValues({{address=fkndl+0x67C, flags=4, value=2}}) local retValue=0 while retValue==0 do retValue=gg.getValues({{address=fkndl+0x798, flags=4}})[1].value end huifu() type=fkndl+0x778 gg.addListItems({{address=type, flags=4, name="返回值int"}, {address=type+0x8, flags=16, name="返回值float"}}) end  function call() local selected=gg.getSelectedListItems() if #selected==0 then gg.alert("请先选择要调用的函数地址") return  end  local address_list={} for i, v in ipairs(selected) do table.insert(address_list, string.format("0x%X", v.address)) end  local choice=gg.choice(address_list,  nil , "选择要调用的函数地址") if  not choice then  return  end  local inputs=gg.prompt({"参数x0", "参数x1", "参数x2", "参数x3", "参数x4", "参数x5", "参数x6", "参数x7", "参数s0", "参数s1", "参数s2", "调用名称"}, {"nop", "nop", "nop", "nop", "nop", "nop", "nop", "nop", "nop", "nop", "nop", ""}, {"text", "text", "text", "text", "text", "text", "text", "text", "text", "text", "text", "text"}) if  not inputs then  return  end  local args={} local types={4, 4, 4, 4, 4, 4, 4, 4, 16, 16, 16} for i=1, 11 do  if inputs[i]=="nop" then args[i]="nop" else args[i]=tonumber(inputs[i]) or 0 if args[i]~=0 then  local typePrompt="选择参数" local regName if i<=8 then regName="x"..(i-1) typePrompt=typePrompt..regName local t=gg.choice({"DWORD (4)", "QWORD (32)"},  nil , typePrompt) types[i]=t==2 and 32 or 4 else regName="s"..(i-9) typePrompt=typePrompt..regName local t=gg.choice({"FLOAT (16)", "DOUBLE (32)"},  nil , typePrompt) types[i]=t==2 and 32 or 16 end  end  end  end returnz=diaoyhs(args[1], args[2], args[3], args[4], args[5], args[6], args[7], args[8], args[9], args[10], args[11], types[1], types[2], types[3], types[4], types[5], types[6], types[7], types[8], types[9], types[10], types[11], selected[choice].address) table.insert(callHistory, {address=selected[choice].address, name=inputs[12] or "未命名调用", args=args, types=types}) gg.toast(string.format("调用成功")) end  function calllis() if #callHistory==0 then gg.alert("没有历史调用记录") return  end  local historyList={} for i, v in ipairs(callHistory) do table.insert(historyList, string.format("%s (地址:0x%X)", v.name, v.address)) end  local choice=gg.choice(historyList,  nil , "选择历史调用") if  not choice then  return  end  local selected=callHistory[choice] returnz=diaoyhs(selected.args[1], selected.args[2], selected.args[3], selected.args[4], selected.args[5], selected.args[6], selected.args[7], selected.args[8], selected.args[9], selected.args[10], selected.args[11], selected.types[1], selected.types[2], selected.types[3], selected.types[4], selected.types[5], selected.types[6], selected.types[7], selected.types[8], selected.types[9], selected.types[10], selected.types[11], selected.address) gg.toast(string.format("调用成功")) end  function chongzhi() local configPath="/sdcard/Download/conf.txy" local file=io.open(configPath, "r") file:close() os.remove(configPath) os.exit() end  while  true  do gg.showUiButton() if gg.isClickedUiButton( false ) then gg.hideUiButton() callhans() end  end