-- ============================================================ -- 整合脚本:国体64位飞天 + 挥拳判断(悬浮窗菜单版) -- 参考开源测试版加速.lua 的架构 -- 菜单行为:点击空白关闭菜单,再次点击悬浮窗重新打开 -- 功能:选择进程、开启飞天(含静态修改+可调参数)、关闭飞天、退出 -- ============================================================ -- ===================== 基础设置 ===================== draw.setSize(25) draw.setStyle("描边") draw3 = require("draw3") draw.text("飞天整合版", 250, 350) draw.setColor("#00ffff") draw.setSize(50) draw.setStyle("描边并填充") -- ===================== 公共函数 ===================== function S_Pointer(t_So, t_Offset, _bit) local function getRanges() local ranges = {} local t = gg.getRangesList('^/data/*.so*$') for i, v in pairs(t) do if v.type:sub(2, 2) == 'w' then table.insert(ranges, v) end end return ranges end local function Get_Address(N_So, Offset, ti_bit) local ti = gg.getTargetInfo() local S_list = getRanges() local t = {} local _t local _S = nil if ti_bit then _t = 32 else _t = 4 end for i in pairs(S_list) do local _N = S_list[i].internalName:gsub('^.*/', '') if N_So[1] == _N and N_So[2] == S_list[i].state then _S = S_list[i] break end end if _S then t[#t + 1] = {} t[#t].address = _S.start + Offset[1] t[#t].flags = _t if #Offset ~= 1 then for i = 2, #Offset do local S = gg.getValues(t) t = {} for _ in pairs(S) do if not ti.x64 then S[_].value = S[_].value & 0xFFFFFFFF end t[#t + 1] = {} t[#t].address = S[_].value + Offset[i] t[#t].flags = _t end end end _S = t[#t].address end return _S end local _A = string.format('0x%X', Get_Address(t_So, t_Offset, _bit)) return _A end function setvalue(address, flags, value) local tt = {} tt[1] = {} tt[1].address = address tt[1].flags = flags tt[1].value = value gg.setValues(tt) end function Format(tab, format, value, type, Function) if format == "查看" then tab[1]["flags"] = type return gg.getValues(tab) elseif format == "修改" then tab[1]["flags"] = type tab[1]["value"] = value return gg.setValues(tab) elseif format == "冻结" then tab[1]["flags"] = type tab[1]["freeze"] = true tab[1]["value"] = value tab[1]["name"] = Function or "功能" return gg.addListItems(tab) elseif format == "加载" then tab[1]["flags"] = type return gg.loadResults(tab) end end function LSQ_Chain(so, offset, format, value, type, Function) getRanges = getRanges or (function() local ranges = {} local t = gg.getRangesList('^/data/*.so*$') for i, v in pairs(t) do if v["type"]:sub(2, 2) == 'w' then ranges[#ranges + 1] = v end end return ranges end) local rest, ranges, sostart, valtype = {}, getRanges(), nil, gg.TYPE_DWORD if gg.getTargetInfo()["x64"] then valtype = gg.TYPE_QWORD end for i in pairs(ranges) do local _name = ranges[i]["internalName"]:gsub('^.*/', '') if so[1] == _name and so[2] == ranges[i]["state"] then sostart = ranges[i]["start"] break end end if sostart then if offset[1] then for i = 1, #offset do rest = {{flags = valtype, address = sostart + offset[i]}} rest = gg.getValues(rest) if i == #offset then break end if valtype == gg.TYPE_DWORD then sostart = rest[1].value & 0xFFFFFFFF else sostart = rest[1].value end end end return Format(rest, format, value, type, Function) end gg.toast("功能:" .. Function .. "开启失败") print("功能开启失败原因: 未找到基址头") return os.exit() end function Unfreeze() local t = gg.getListItems() for k, v in pairs(t) do t[k]["freeze"] = false end return gg.addListItems(t) end function readD(a) return gg.getValues({{address = a, flags = gg.TYPE_DWORD}})[1].value end function X(address) return gg.getValues({{address = address, flags = gg.TYPE_QWORD}})[1].value end -- ===================== 全局变量 ===================== fly_running = false jump_running = false speed = 6 up = 50 down = 50 upHeight = 45 xaValue = 0.002 punchSpeed = 20 restoreSpeed = 6 -- 地址缓存(参考开源测试版) local baseAddr = nil local addr_1, addr_2, addr_4, addr_5, addr_7, addr_8, addr_9, addr_px, addr_zbz, addr_speed, addr_xa -- ===================== 地址初始化 ===================== function initOffsets() local ranges = gg.getRangesList('libUE4.so') if not ranges or #ranges == 0 then return false end baseAddr = ranges[1].start addr_1 = readMemory(readMemory(baseAddr + 0x566970, TYPE_QWORD) + 0x30, TYPE_QWORD) addr_2 = readMemory(addr_1 + 0x4B8, TYPE_QWORD) addr_4 = readMemory(addr_2 + 0x518, TYPE_QWORD) addr_5 = readMemory(readMemory(addr_1 + 0x20, TYPE_QWORD) + 0x400, TYPE_QWORD) addr_7 = readMemory(addr_2 + 0x208, TYPE_QWORD) + 0x220 addr_8 = addr_7 + 0x4 addr_9 = addr_7 + 0x8 addr_px = addr_2 + 0x116C -- 趴下判断(参考开源测试版) addr_zbz = addr_9 -- Z坐标 addr_speed = addr_2 + 0x1168 addr_xa = addr_4 + 0x364 return true end function readMemory(addr, flag) local res = gg.getValues({{address = addr, flags = flag}}) return res and res[1].value or 0 end function writeMemory(addr, flag, value, freeze) local item = {address = addr, flags = flag, value = value} gg.setValues({item}) if freeze then item.freeze = true gg.addListItems({item}) end end -- ===================== 静态修改 ===================== function applyStaticMods() if not initOffsets() then return end -- 过标记 local so = gg.getRangesList('libgcloud.so')[1].start writeMemory(so + 0x47A8C8, 4, -698416192) writeMemory(so + 0x47B464, 4, -698416192) -- 锁地皮 writeMemory(baseAddr + 0xCEBF738, 4, -117270918) gg.sleep(500) LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0xE8}, "修改", "0", 4, "灵魂") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x208,0x220}, "冻结", "136,497.953125", 16, "X") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x208,0x224}, "冻结", "163,064.796875", 16, "Y") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x208,0x228}, "冻结", "5,937.17626953125", 16, "Z") gg.sleep(1700) writeMemory(baseAddr + 0xCEBF738, 4, -721215457) gg.sleep(700) for _, off in ipairs({0x220,0x224,0x228}) do local ttt = S_Pointer({"libUE4.so:bss", "Cb"}, {0x566970,0x30,0x4B8,0x208, off}, true) gg.addListItems({{address = ttt, flags = 16, freeze = false}}) end LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0xE8}, "修改", "167838216", 4, "灵魂") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x20,0x400,0x758}, "冻结", "92", 16, "减速") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x20,0x400,0x760}, "冻结", "0.9", 16, "变速") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x20,0x400,0xE4}, "冻结", "0.5", 16, "变速") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x20,0x400,0x770}, "冻结", "0.0001", 16, "变速") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x2b8}, "冻结", "-1", 16, "13860") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x268}, "修改", "4000", 16, "8192") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x28C}, "修改", "0.4", 16, "0.05") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x610}, "修改", "0", 16, "240") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x194}, "冻结", "0", 16, "定") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x298}, "修改", "9999", 16, "惯性") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x218}, "修改", "150", 16, "上下坡防拉") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x27C}, "冻结", "99999", 16, "2048防拉") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0xe4}, "修改", "99999", 16, "防拉原1") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x19B8}, "冻结", "0.01", 16, "防拉原1") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x68}, "冻结", "0.001", 16, "流畅爬起") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x64}, "冻结", "0.001", 16, "流畅爬起") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x450,0x4C0,0x260}, "修改", "0", 16, "60000防拉") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x70}, "修改", "0.0008", 16, "防拉") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x448}, "冻结", "54148", 4, "防卡脚16896") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x518,0x2E4}, "冻结", "0", 16, "7500") LSQ_Chain({'libUE4.so:bss','Cb'}, {0x566970,0x30,0x4B8,0x2D48}, "冻结", "34", 16, "50") writeMemory(baseAddr + 0x6588DD4, 4, -721215457) gg.toast("静态修改应用完成") end -- ===================== 飞天线程(参考开源测试版趴下上升思路) ===================== function flyThread() if not initOffsets() then return end -- 冻结速度和xa变量 writeMemory(addr_speed, TYPE_FLOAT, speed, true) writeMemory(addr_xa, TYPE_FLOAT, xaValue, true) local counter = 0 local punch_timer = 0 local is_punch_active = false gg.toast("飞天已启动,点击悬浮窗菜单可停止", true) while fly_running do counter = counter + 1 -- 读取内存(参考开源测试版写法) local px = readMemory(addr_px, TYPE_FLOAT) local z = readMemory(addr_zbz, TYPE_FLOAT) -- 探头相关地址 local self = X(X(X(baseAddr + 0x566970) + 0x30) + 0x4b8) local ttps = self + 0x2b30 local upcheck = self + 0x2b34 local ttpd = readD(ttps) local upstate = readD(upcheck) -- ====== 探头升降 ====== local is_probe_active = (upstate == 1) if is_probe_active then gg.addListItems({{address = addr_zbz, flags = 16, freeze = false}}) if ttpd == 16842752 then gg.setValues({{address = addr_zbz, flags = 16, value = z - down}}) elseif ttpd == 16777216 then gg.setValues({{address = addr_zbz, flags = 16, value = z + up}}) end end -- ====== 趴下上升(参考开源测试版思路) ====== if not is_probe_active then if px == 120 then if counter % 2 == 0 then gg.addListItems({{address = addr_zbz, flags = 16, value = z + upHeight, freeze = true}}) end else if counter % 75 == 0 then gg.addListItems({{address = addr_zbz, flags = 16, freeze = false}}) end end end -- ====== 挥拳判断 ====== local punch_base = X(X(X(X(baseAddr + 0x566970) + 0x30) + 0x4B8) + 0xFA8) + 0x868 local punch_state = readD(punch_base) local punch_val_addr = X(X(X(X(baseAddr + 0x566970) + 0x30) + 0x4B8) + 0x518) + 0x268 if punch_state == 1 and not is_punch_active then gg.addListItems({ {address = addr_speed, flags = 16, value = punchSpeed, freeze = true}, {address = punch_val_addr, flags = 16, value = 99999, freeze = true} }) is_punch_active = true punch_timer = 0 end if is_punch_active then punch_timer = punch_timer + 15 if punch_timer >= 1500 then gg.addListItems({ {address = addr_speed, flags = 16, value = restoreSpeed, freeze = true}, {address = punch_val_addr, flags = 16, value = 4000, freeze = true} }) is_punch_active = false end end gg.sleep(14) end -- 清理 Unfreeze() gg.toast("飞天已停止") end -- ===================== 关闭飞天 ===================== function stopFly() fly_running = false gg.sleep(100) Unfreeze() if baseAddr then writeMemory(baseAddr + 0xCEBF738, 4, -117270918) writeMemory(baseAddr + 0x6588DD4, 4, 506149194) end gg.clearList() gg.toast("已关闭飞天") end -- ===================== 恢复默认值 ===================== function restoreDefaults() stopFly() Unfreeze() if baseAddr then writeMemory(baseAddr + 0xCEBF738, 4, -117270918) writeMemory(baseAddr + 0x6588DD4, 4, 506149194) end LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x20,0x400,0x758},"冻结","1",16,"减速") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x20,0x400,0xE4},"冻结","1",16,"变速") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x20,0x400,0x760},"冻结","1",16,"变速") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x20,0x400,0x770},"冻结","1",16,"变速") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x4B8,0x518,0x2b8},"冻结","13860",16,"13860") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x4B8,0x518,0x268},"修改","8192",16,"8192") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x4B8,0x518,0x28C},"修改","0.05",16,"0.05") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x4B8,0x518,0x610},"修改","240",16,"240") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x4B8,0x518,0x27C},"冻结","2048",16,"2048防拉") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0xe4},"修改","1",16,"防拉原1") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x450,0x4C0,0x260},"修改","60000",16,"60000防拉") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x4B8,0x518,0x448},"冻结","16896",4,"防卡脚16896") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x4B8,0x518,0x2E4},"冻结","7500",16,"7500") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x4B8,0x518,0x364},"冻结","0.001",16,"xa变量") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x4B8,0x1168},"冻结","1",16,"微加速") LSQ_Chain({'libUE4.so:bss','Cb'},{0x566970,0x30,0x4B8,0x2D48},"冻结","50",16,"50") local so = gg.getRangesList('libgcloud.so')[1].start writeMemory(so + 0x47A8C8, 4, 1033081774) writeMemory(so + 0x47B464, 4, 16843522) Unfreeze() gg.toast("已恢复默认") end -- ===================== 主菜单(悬浮窗触发) ===================== function showMainMenu() local options if fly_running then options = {"选择进程", "开启飞天", "关闭飞天", "恢复默认", "退出脚本"} else options = {"选择进程", "开启飞天", "关闭飞天", "恢复默认", "退出脚本"} end local choice = gg.choice(options, nil, "主菜单") if choice == nil then return -- 点击空白,关闭菜单 end if choice == 1 then gg.chooseProcess() gg.sleep(500) elseif choice == 2 then if not gg.getRangesList("libUE4.so")[1] then gg.toast("未找到 libUE4.so,请先选择进程") return end if fly_running then gg.toast("飞天已在运行中") return end applyStaticMods() local h = gg.prompt( {"移动速度","右探上升","左探下降","趴下上升","xa变量值","挥拳速度","挥拳后恢复速度"}, {"6","50","50","45","0.002","20","6"}, {"text","text","text","text","text","text","text"}, {true,true,true,true,true,true,true} ) if h then speed = tonumber(h[1]) or 6 up = tonumber(h[2]) or 50 down = tonumber(h[3]) or 50 upHeight = tonumber(h[4]) or 45 xaValue = tonumber(h[5]) or 0.002 punchSpeed = tonumber(h[6]) or 20 restoreSpeed = tonumber(h[7]) or speed fly_running = true luajava.startThread(flyThread) else gg.toast("取消开启") end elseif choice == 3 then stopFly() elseif choice == 4 then restoreDefaults() elseif choice == 5 then os.exit() end end -- ===================== 主循环 ===================== local Rain = 0 while true do if gg.isVisible(true) then Rain = 1 gg.setVisible(false) end if Rain == 1 then showMainMenu() Rain = 0 end gg.sleep(50) end