#include "MemoryTools.h"#include <malloc.h>#include <stdio.h>#include <std

1. #include "MemoryTools.h"
2. #include <malloc.h>
3. #include <stdio.h>
4. #include <stdlib.h>
5.  
6. #include <fcntl.h>
7. #include <unistd.h>
8. #include <math.h>
9. #include <thread>
10. #include <iostream>
11. long int *posAddr = (long int *)malloc(8 * 10);
12. long int *idAddr = (long int *)malloc(8 * 5);
13. long int *eAddr = (long int *)malloc(8 * 5);
14. long int *addrInit;
15. typedef int Camp;
16. int pid = 0;
17. float Matrix[50];
18. enum camp
19. {
20. blue = 1, red = 2
21. };
22. int campInit;
23. char cs[1024];
24. OFFSET aNumber = 388; // 英雄序号
25. OFFSET pdo = 284; // 红蓝判断
26. OFFSET ido = 304; // 英雄ID
27. OFFSET number = 208; // 英雄序号偏移值
28. OFFSET exp1 = 4; // 辅助确认序号是否准确偏移值
29. OFFSET blood = 4056; // 血量偏移
30. OFFSET xo = 772; // x坐标偏移
31. OFFSET yo = 776; // y坐标偏移
32. PACKAGENAME *bm = NULL; // 包名
33. int handle; // 文件句柄
34. int check = 0;
35.  
36. int getValue(PACKAGENAME * bm, long int addr, OFFSET offset)
37. {
38. void *buf[8];
39. pread64(handle, buf, 8, addr + offset);
40. return *(int *)buf;
41. }
42.  
43. int MemorySearchP(int v, int o, int o1, int ov, long int addr[])
44. {
45. if (pid == 0)
46. {
47. puts("can not get pid");
48. return 0;
49. }
50. PMAPS pHead = NULL;
51. PMAPS pMap = NULL;
52. switch (MemorySearchRange)
53. {
54. case ALL:
55. pMap = readmaps(bm, ALL);
56. break;
57. case B_BAD:
58. pMap = readmaps(bm, B_BAD);
59. break;
60. case C_ALLOC:
61. pMap = readmaps(bm, C_ALLOC);
62. break;
63. case C_BSS:
64. pMap = readmaps(bm, C_BSS);
65. break;
66. case C_DATA:
67. pMap = readmaps(bm, C_DATA);
68. break;
69. case C_HEAP:
70. pMap = readmaps(bm, C_HEAP);
71. break;
72. case JAVA_HEAP:
73. pMap = readmaps(bm, JAVA_HEAP);
74. break;
75. case A_ANONMYOUS:
76. pMap = readmaps(bm, A_ANONMYOUS);
77. break;
78. case CODE_SYSTEM:
79. pMap = readmaps(bm, CODE_SYSTEM);
80. break;
81. case STACK:
82. pMap = readmaps(bm, STACK);
83. break;
84. case ASHMEM:
85. pMap = readmaps(bm, ASHMEM);
86. break;
87. default:
88. printf("\033[32;1mYou Select A NULL Type!\n");
89. break;
90. }
91. if (pMap == NULL)
92. {
93. puts("map error");
94. return 0;
95. }
96. int gs;
97. gs = 0;
98. int value = v; // 搜索的数值
99. PMAPS pTemp = NULL;
100. pTemp = pMap;
101. PMAPS n, e;
102. e = n = (PMAPS) malloc(LEN);
103. PMAPS pBuff;
104. pBuff = n;
105. int iCount = 0; // 链表长度
106. int c;
107. // long int addr[128];
108. int buff[1024] = { 0 }; // 缓冲区
109.  
110. long int offset = o; // 代码1偏移，自己写偏移量
111. long int offset1 = o1; // 代码2偏移，自己写偏移量
112.  
113. while (pTemp->next != NULL)
114. {
115. c = (pTemp->taddr - pTemp->addr) / 4096;
116. for (int j = 0; j < c; j += 1)
117. {
118. pread64(handle, buff, 0x1000, pTemp->addr + (j * 4096));
119. for (int i = 0; i < 1024; i += 1)
120. {
121. if (buff[i] == value)
122. {
123. pread64(handle, buff, 8, pTemp->addr + (j * 4096) + offset);
124. if (buff[0] == ov)
125. {
126. pread64(handle, buff, 8, pTemp->addr + (j * 4096) + offset1);
127. if (buff[0] >= 24 && buff[0] <= 33)
128. {
129. addr[gs] = (pTemp->addr) + (j * 4096) + (i * 4);
130. // 保存地址
131. gs += 1;
132. // 个数+1
133. }
134. }
135. }
136. // printf("buff[%d]=%f\n",l,buff[l]);
137. // usleep(1);
138. }
139. // memset(buff,0,4);
140. }
141. pTemp = pTemp->next;
142. }
143. free(n);
144. printf("P共搜索数据：%d个\n", gs);
145. return 0;
146. }
147.  
148. void getDate(PACKAGENAME * bm, long int *idAddr, long int *numAddr)
149. {
150. int a = 1;
151. check = 1;
152. void *buf[8];
153. int fd = -1;
154.  
155. float ym=0.0;
156.  
157. float px=2340.0/2.0;
158.  
159. float py=1080.0/2.0;
160. while (a == 1)
161. {
162. int i = 0;
163. char b[512];
164. char aaa[1024] = "";
165.  
166. for (i=0; i<16 ; i++)
167. {
168. pread64(handle, buf, 8, addrInit[0] - 952+i*4);
169. float hp = *(float *)buf;
170. Matrix[i]=hp;
171.  
172. }
173.  
174.  
175. for (i=0; i < 5; i++)
176. {
177. pread64(handle, buf, 8, idAddr[i] - aNumber);
178. int idNum = *(int *)buf;
179. pread64(handle, buf, 8, idAddr[i] - ido);
180. int idt = *(int *)buf;
181. pread64(handle, buf, 8, numAddr[i] + blood);
182. int bloodt = *(int *)buf / 8192;
183. pread64(handle, buf, 8, numAddr[i] + xo);
184. int xt = *(int *)buf;
185. pread64(handle, buf, 8, numAddr[i] + yo);
186. int yt = *(int *)buf;
187.  
188. if (idt<105 || idt>600)
189. {
190. printf("退出");
191. exit(1);
192. }
193.  
194. if (campInit == 1)
195. {
196. yt *= -1;
197. }
198. else if (campInit == 2)
199. {
200. xt *= -1;
201. }
202. if (idNum == 0 || idt == 0)
203. {
204. a = 0;
205. idt = 0;
206. bloodt = 0;
207. xt = 0;
208. yt = 0;
209. }
210.  
211. double xm=xt*0.001;
212. double zm=-yt*0.001;
213. double X=0.0;
214. double Y=0.0;
215. double W=0.0;
216. double h=0.0;
217. double Raito = xm * Matrix[3] + ym * Matrix[7] + zm * Matrix[11] + Matrix[15];
218.  
219. if (Raito>0.01)
220. {
221. X = px + (xm * Matrix[0] + ym * Matrix[4] + zm * Matrix[8] + Matrix[12]) / Raito * px ;
222.  
223. Y = py - (xm * Matrix[1] +( ym) * Matrix[5] + zm * Matrix[9] + Matrix[13]) / Raito * py;
224.  
225. W = py - (xm * Matrix[1] +( ym+4.0) * Matrix[5] + zm * Matrix[9] + Matrix[13]) / Raito * py;
226.  
227. h=(Y-W)/2;
228.  
229.  
230.  
231.  
232.  
233.  
234. }
235.  
236. //printf("坐标:%f",X,Y);
237.  
238. sprintf(b, "%d,%lf,%lf,%lf,%d,%d,%d;\n", idt,X,Y,h,xt,yt,bloodt);
239. strcat(aaa, b);
240. if (i == 4)
241. {
242. fd = open("/sdcard/c.log", O_WRONLY);
243. if (a == 1)
244. {
245. write(fd, aaa, sizeof(aaa));
246. }
247. else
248. {
249.  
250. }
251. close(fd);
252. }
253. }
254.  
255.  
256. sleep(0.03);
257. }
258. close(fd);
259.  
260. }
261.  
262. void getAddr(Camp camp)
263. {
264. int co = 0;
265. int gs; // 用来存储数据个数
266. // 注意这里要用指针,就是那个*号,不可以去掉
267. if (isapkrunning("com.tencent.ig"))
268. {
269. BypassGameSafe(); // 绕过游戏保护,调用就行了
270. // 注意,第一次调用,必须要重启游戏才生效
271. // 调用一次后,只要你手机没有重启,那就一直有效
272. SetTextColor(COLOR_SKY_BLUE); // 设置文字颜色
273. // SetTextColor(颜色类型);
274. SetSearchRange(C_ALLOC); // 设置搜索内存范围
275. puts("开始搜索所有人ca内存信息");
276. // MemorySearchP(999999,4,208,720,posAddr);
277. MemorySearch(bm, "999999", &gs, DWORD);
278. printf("共搜索数据：%d个\n", ResCount);
279. // MemorySearch(包名,数值,个数存放的地方,数据类型)
280. long int *addrInit = (long int *)malloc(8 * ResCount);;
281. PMAPS res = Res;
282. int i;
283. for (i = 0; i < ResCount; i++)
284. {
285. addrInit[i] = res->addr;
286. res = res->next; // 指向下一个节点
287. }
288. // 以上为保存搜索结果地址
289. int count = 0;
290. for (i = 0; i < ResCount; i++)
291. {
292. int num = getValue(bm, addrInit[i], number);
293. int e = getValue(bm, addrInit[i], exp1);
294. int bloodt = getValue(bm, addrInit[i], blood) / 8192;
295. int xt = getValue(bm, addrInit[i], xo);
296. int yt = getValue(bm, addrInit[i], yo);
297. if (e == 720 && num >= 24 && num <= 33)
298. {
299. posAddr[count] = addrInit[i];
300. count++;
301. if (count == 10)
302. {
303. break;
304. }
305. }
306. }
307. // ********************获取所有人坐标数据完毕
308. /*
309. SetSearchRange(A_ANONMYOUS); puts("开始搜索自己英雄ID");
310. MemorySearch(bm, "1060", &gs, DWORD); // 搜索内存
311. printf("共搜索数据：%d个\n", ResCount); addrInit[ResCount];
312. res = Res; for (i = 0; i < ResCount; i++) { addrInit[i] =
313. res->addr; res = res->next; // 指向下一个节点
314. printf("开始第%d个，一共%d个！\n",i,ResCount); }
315. printf("数据初始化完成！\n"); OFFSET helppd =
316. 80;//辅助确认值偏移 OFFSET myIdo = 192;//自己id偏移值
317. void *helppdf = NULL; void *myIdf = NULL; for (i = 0; i < ResCount;
318. i++) { long int helppdd = addrInit[i] + helppd; helppdf =
319. SearchAddress(bm, helppdd); int helppdt = *(int *)helppdf; if
320. (helppdt == 3328){ long int myIdd = addrInit[i] + myIdo; myIdf =
321. SearchAddress(bm, myIdd); int myIdt = *(int *)myIdf;
322. printf("地址：%d，%d",myIdd,myIdt); break; } } */
323.  
324. // ************************
325.  
326. SetSearchRange(A_ANONMYOUS); // 设置搜索内存范围
327. puts("开始搜索a内存信息");
328. MemorySearch(bm, "12500", &gs, DWORD); // 搜索内存
329. printf("共搜索数据：%d个\n", ResCount);
330. // MemorySearch(包名,数值,个数存放的地方,数据类型)
331. addrInit = (long int *)malloc(8 * ResCount);
332. res = Res;
333. for (i = 0; i < ResCount; i++)
334. {
335. addrInit[i] = res->addr;
336. res = res->next; // 指向下一个节点
337. }
338. count = 0;
339. for (i = 0; i < ResCount; i++)
340. {
341. int numt = getValue(bm, addrInit[i], aNumber * -1);
342. int pdt = getValue(bm, addrInit[i], pdo * -1);
343. int idt = getValue(bm, addrInit[i], ido * -1);
344. switch (camp)
345. {
346. case blue: // 蓝方
347. if (numt >= 24 && numt <= 33 && pdt == 2)
348. {
349. idAddr[count] = addrInit[i]; // 保存地址到全局变量
350. int j;
351. for (j = 0; j < 10; j++)
352. {
353. int posNum = getValue(bm, posAddr[j], number);
354. if (numt == posNum)
355. {
356. eAddr[count] = posAddr[j];
357. }
358. }
359. // printf("地址\e[32;1m0x%lx \e[36,%d,%d,%d,%d\n",
360. // addrInit[i], numt, idt, pdt,count);
361. count++;
362. if (count == 5)
363. {
364. break;
365. }
366. }
367. break;
368. case red: // 红方
369. if (numt > 23 && numt < 34 && pdt == 1)
370. {
371. idAddr[count] = addrInit[i];
372. int j;
373. for (j = 0; j < 10; j++)
374. {
375. int posNum = getValue(bm, posAddr[j], number);
376. if (numt == posNum)
377. {
378. eAddr[count] = posAddr[j];
379. }
380. }
381. // printf("地址\e[32;1m0x%lx \e[36,%d,%d,%d,%d\n",
382. // addrInit[i], numt, idt, pdt,count);
383. count++;
384. if (count == 5)
385. {
386. break;
387. }
388. }
389. break;
390. }
391. }
392. free(addrInit); // 释放内存
393. if (posAddr[9] == NULL || idAddr[4] == NULL)
394. {
395. co++;
396. if (co > 5)
397. {
398. getAddr(campInit);
399. }
400. }
401. }
402. else
403. {
404. puts("程序未运行");
405. }
406. puts("地址搜索完成！");
407. if (check == 0)
408. {
409. getDate(bm, idAddr, eAddr);
410. }
411. }
412.  
413. void getMatrix()
414. {
415. int gs;
416. bm = "com.tencent.ig";
417. BypassGameSafe();
418. SetSearchRange(C_ALLOC); // 设置搜索内存范围
419. puts("开始搜索a内存信息");
420. MemorySearch(bm, "16777216", &gs, DWORD); // 搜索内存
421. //printf("共搜索数据：%d个\n", ResCount);
422. MemoryOffset(bm,"65793",8,&gs, DWORD);
423. MemoryOffset(bm,"1", 12,&gs, DWORD);
424. printf("共偏移数据：%d个\n", gs);
425. addrInit = (long int *)malloc(8 * ResCount);;
426.  
427.  
428. PMAPS res = Res;
429.  
430. int i;
431. for (i = 0; i < ResCount; i++)
432. {
433. addrInit[i] = res->addr;
434. res = res->next; // 指向下一个节点
435. }
436. void *buf[8];
437.  
438.  
439. }
440.  
441.  
442. int main(int argc, char **argv)
443. {
444. getRoot(argv); // 获取root
445. bm = "com.tencent.ig"; // 软件包名
446. pid = getPID(bm);
447. char lj[128];
448. sprintf(lj, "/proc/%d/mem", pid);
449. handle = open(lj, O_RDWR);
450. lseek(handle, 0, SEEK_SET);
451. getMatrix();
452. FILE *fp = fopen("/storage/emulated/0/a.log", "w+");
453. fscanf(fp, "%d", &campInit);
454. if (campInit == 0)
455. {
456. FILE *p = fopen("/storage/emulated/0/a.log", "w+");
457. fprintf(p, "%d", 1);
458. fclose(p);
459. }
460. fscanf(fp, "%d", &campInit);
461. fclose(fp);
462. if (campInit == 1 || campInit == 2)
463. {
464. puts("开始搜索地址…");
465. FILE *fpp = fopen("/storage/emulated/0/b.log", "w+");
466. fprintf(fpp, "%s", "0,0,0,0,0");
467. fclose(fpp);
468. getAddr(campInit);
469. }
470. close(handle);
471. SetTextColor(COLOR_YELLOW);
472. puts("完成");
473.  
474. }
475.  
476.  
477. int main(int argc,char **argv)
478. {
479. int gs;
480. //killGG();
481. PACKAGENAME *bm="com.tencent.ig";
482. BypassGameSafe();
483. SetSearchRange(C_DATA);//设置搜索内存范围
484. SetTextColor(COLOR_PINK);//设置文字颜色
485. puts("开始内存搜索...");
486. MemorySearch(bm,"-1.2382424e28",&gs,FLOAT);//搜索内存
487. printf("共搜索%d个数据\n",gs);
488. MemoryOffset(bm,"-3.8369228e21",-48,&gs,FLOAT);
489. MemoryOffset(bm,"-7.1611644e24",-36,&gs,FLOAT);
490. MemoryOffset(bm,"-5.8430543e27",-24,&gs,FLOAT);
491. MemoryOffset(bm,"-1.0012947e28",-12,&gs,FLOAT);
492. printf("共偏移%d个数据\n",gs);
493. Print();
494. puts("第一步...");
495. MemoryWrite(bm,"-2.4764848e28",0,FLOAT);
496. puts("修改完成");
497. ClearResults();
498.  
499. puts("开始内存搜索...");
500. MemorySearch(bm,"-6.1526231e27",&gs,FLOAT);//搜索内存
501. printf("共搜索%d个数据\n",gs);
502. MemoryOffset(bm,"-9.4914375e20",-48,&gs,FLOAT);
503. MemoryOffset(bm,"-3.6754777e21",-36,&gs,FLOAT);
504. MemoryOffset(bm,"2.532984e-29",-24,&gs,FLOAT);
505. MemoryOffset(bm,"-3.7307833e19",-12,&gs,FLOAT);
506. printf("共偏移%d个数据\n",gs);
507. Print();
508. puts("第二步...");
509. MemoryWrite(bm,"0",0,FLOAT);
510. puts("修改完成");
511. ClearResults();
512. }
513.  
514.  
515. int main(int argc,char **argv)
516. {
517. killGG();
518. int gs;//用来存储数据个数
519. void *jg;
520. PACKAGENAME *bm="com.tencent.ig";//软件包名
521. //注意这里要用指针,就是那个*号,不可以去掉
522.  
523. BypassGameSafe();
524. SetSearchRange(C_DATA);
525. puts("开始内存搜索...");
526. MemorySearch(bm,"0.0001",&gs,FLOAT);//搜索内存
527. printf("共搜索%d个数据\n",gs);
528. MemoryOffset(bm,"-2.0291021e20",-16,&gs,FLOAT);
529. MemoryOffset(bm,"-8.6220154e22",-32,&gs,FLOAT);
530. MemoryOffset(bm,"-4.9653618e27",-48,&gs,FLOAT);
531. MemoryOffset(bm,"-4.9605249e27",-68,&gs,FLOAT);
532. printf("共偏移%d个数据\n",gs);
533. Print();
534. puts("第一步...");
535. MemoryWrite(bm,"9999",0,FLOAT);
536. puts("修改完成");
537. ClearResults();
538. }