local function findExecutableSegment(lib)
local ranges=gg.getRangesList(lib)
for _,v in ipairs(ranges) do
if v.type:find("-x") then return v.start end
end
return nil
end
local function readValue(address,flags)
return gg.getValues({[1]={address=address,flags=flags}})[1].value
end
local function writeValue(address,flags,value,freeze)
local item={address=address,flags=flags,value=value,freeze=freeze}
if freeze then gg.addListItems({item}) else gg.setValues({item}) end
end

function setvalue(address,flags,value,freeze) if address == 0 then return end local tt={} tt[1]={} tt[1].address=address tt[1].flags=flags tt[1].value=value tt[1].freeze=freeze if freeze==true then gg.setValues(tt) end gg.addListItems(tt) end
function getvalue(address,flags,value,freeze) if address == 0 then return end local tt={} tt[1]={} tt[1].address=address tt[1].flags=flags gg.addListItems(tt) end
function autovalue(address,flags,_o,_v,freeze) if address == 0 then return end local tt={} tt[1]={} tt[1].address=address tt[1].flags=flags tt[1].freeze=freeze local _v_ = gg.getValues(tt)[1].value if math.abs(_v_-_o) < 1e-7 then tt[1].value=_v else tt[1].value=_o end if freeze==true then gg.setValues(tt) end gg.addListItems(tt) end
function readD(address) return gg.getValues({{address = address, flags = 4}})[1].value end 
function S_Pointer(t_So, t_Offset, _bit)
	local function getRanges()
		local ranges = {}
		local t = gg.getRangesList('^/data/*.so*$')
		for i, v in pairs(t) do
			if v.type:sub(2, 2) == 'w' then
				table.insert(ranges, v)
			end
		end
		return ranges
	end
	local function Get_Address(N_So, Offset, ti_bit)
		local ti = gg.getTargetInfo()
		local t = {}
		local _t
		local _S = nil
		if ti_bit then
			_t = 32
		 else
			_t = 4
		end
		local _S = gg.getRangesList(N_So[1])[1]
		if _S then
			t[#t + 1] = {}
			t[#t].address = _S.start + Offset[1]
			t[#t].flags = _t
			if #Offset ~= 1 then
				for i = 2, #Offset do
					local S = gg.getValues(t)
					t = {}
					for _ in pairs(S) do
						if not ti.x64 then
							S[_].value = S[_].value & 0xFFFFFFFF
						else
						    S[_].value = S[_].value & 0xFFFFFFFFFF
						end
						t[#t + 1] = {}
						t[#t].address = S[_].value + Offset[i]
						t[#t].flags = _t
					end
				end 

			end
			_S = t[#t].address

		end
		return _S
	end
	local ttt = Get_Address(t_So, t_Offset, _bit)
	if ttt ~= nil then
	local _A = string.format('0x%X', ttt)
	return _A
	end
	return 0
end

function RDI(address) return gg.getValues({{address = address, flags = 4}})[1].value & 0xFFFFFFFF  end
function RQI(address) return gg.getValues({{address = address, flags = gg.TYPE_QWORD}})[1].value end

function Format(tab, format, value, type, Function)
if format == "查看" then
tab[1]["flags"] = type
return print(gg.getValues(tab))
elseif format == "修改" then
tab[1]["flags"] = type
tab[1]["value"] = value
return gg.setValues(tab)
elseif format == "冻结" then
tab[1]["flags"] = type
tab[1]["freeze"] = true
tab[1]["value"] = value
tab[1]["name"] = Function or "功能"   
return gg.addListItems(tab)
elseif format == "加载" then
tab[1]["flags"] = type

return gg.loadResults(tab)
end
end

function LSQ_Chain(so, offset, format, value, type, Function)--模块设置, 偏移量, 功能参数, 修改值, 类型, 功能
getRanges = getRanges or (function()
local ranges = {}		
		local t = gg.getRangesList('^/data/*.so*$')
		for i, v in pairs(t) do
			if v["type"]:sub(2, 2) == 'w' then--判断so是否可读可写
			ranges[#ranges+1] = v
			end
		end
	return ranges
end)
local rest, ranges, sostart, valtype = {}, getRanges(), nil , gg.TYPE_DWORD
if gg.getTargetInfo()["x64"] then--判断应用程序是否为64位
valtype = gg.TYPE_QWORD
end

for i in pairs(ranges) do
		local _name = ranges[i]["internalName"]:gsub('^.*/', '')
		if so[1] == _name and so[2] == ranges[i]["state"] then
			sostart = ranges[i]["start"]
			break
		end
	end
	
if sostart then	
if offset[1]  then		
for i = 1, #offset do	
	rest = {{flags = valtype,address = sostart + offset[i]}}
	rest = gg.getValues(rest)
		if i == #offset then
break
end
	 		if valtype == gg.TYPE_DWORD then
				sostart = rest[1].value & 0xFFFFFFFF--对值进行补位操作 
				else
				sostart = rest[1].value			
			end
		end
	end		
	if #rest == 1 then
	   
	end
	return Format(rest, format, value, type, Function)
end
gg.toast("功能:" .. Function .. "开启失败")
print("功能开启失败原因: 未找到基址头")
return os.exit()
end

-- 读取内存地址的函数
function readPointer(name, offset, i)
local re = gg.getRangesList(name)  local x64 = gg.getTargetInfo().x64  local va = {[true]=32, [true]=4}  if re[i or 1] then local addr = re[i or 1].start + offset[1]  for i = 2, #offset do addr = gg.getValues({{address=addr, flags=va[x64]}})  if not x64 then addr[1].value = addr[1].value & 0xFFFFFFFF end addr = addr[1].value + offset[i] end return addr end end
-- 修改内存地址的函数
function gg.edits(addr, Table, name)
local Table1 = {{}, {}}  for k, v in ipairs(Table) do local value = {address = addr+v[3], value = v[1], flags = v[2], freeze = v[4]} if v[4] then Table1[2][#Table1[2]+1] = value else Table1[1][#Table1[1]+1] = value end end gg.addListItems(Table1[2]) gg.setValues(Table1[1]) gg.toast((name or "") .. "开启成功, 共修改"..#Table.."个值") end

function readPointer(name, offset, i)
    local re = gg.getRangesList(name)
    local x64 = gg.getTargetInfo().x64
    local va = { [true] = 32, [true] = 4 }
    if re[i or 1] then
        local addr = re[i or 1].start + offset[1]
        for i = 2, #offset do
            addr = gg.getValues({ { address = addr, flags = va[x64] } })
            if not x64 then
                addr[1].value = addr[1].value & 0xFFFFFFFF
            else
                addr[1].value = addr[1].value & 0xFFFFFFFFFF
            end
            addr = addr[1].value + offset[i]
        end
        return addr
    end
end


local t = {"libtersafe.so"}
--完整性
local tt = {0x221EE4}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 MOV W0, WZR", true)
--MRPCS异常上报
local tt = {0x224488}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 RET", true)
--MRPCS初始化
local tt = {0x27D9CC}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 MOV W0, WZR", true)
--Tss_sdk内存陷阱
local tt = {0x27DA88}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 RET", true)
local tt = {0x2AA044}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 MOV W0, WZR", true)
--Tss_sdk_内存扫描
local tt = {0x28DDC0}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 B [PC,#0x24]", true)
--CRC32
local tt = {0x48937C}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 LDRB W9, [X0]", true)
local tt = {0x4A477C}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 LDRB W9, [X0]", true)
--二次校验
local tt = {0x2C58D4}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 MOV X0, XZR", true)
--登出Vm虚拟机
local tt = {0x2E5EE0}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 MOV W0, WZR", true)
--Vm虚拟机
local tt = {0x2EFBA8}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 NOP", true)
--Vm
local tt = {0x33A768}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 RET", true)
--Mrpcsinfo
local tt = {0x2F4FFC}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 NOP", true)
--CRC总线程
local tt = {0x31C7AC}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 MOV W0, WZR", true)
local tt = {0x31C7B4}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 MOV W8, WZR", true)
--Dladdr
local tt = {0x3237EC}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 RET", true)
--Vm虚拟机总线程
local tt = {0x4CD7E4}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 NOP", true)
--OPEN_id
local tt = {0x4C06A4}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 NOP", true)
local tt = {0x4C06AC}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 NOP", true)
--mrpcs
local tt = {0x229F08}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 ret", true)
local tt = {0x20B274}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 ret", true)
--get4
local tt = {0x55F194}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4,5, true)
--反作弊数据推送
local tt = {0x4DF704}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 MOV W0, WZR", true)
--abort
local tt = {0x50EA50}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 RET", true)
--case35
local tt = {0x460150}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 NOP", true)
--jni_onload
local tt = {0x1D61A4}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 MOV	 W0, #0x4", true)
local tt = {0x1D61A8}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 MOVK	 W0, #0x1, LSL #16", true)
local tt = {0x1D61AC}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 RET", true)
--半杀
local tt = {0x20DDD4}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 RET", true)
--HASH扫描
local tt = {0x43B384}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 NOP", true)
local tt = {0x443DC0}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 NOP", true)
local tt = {0x416F68}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 NOP", true)
local tt = {0x460388}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 NOP", true)
local tt = {0x376CA0}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 RET", true)
--text
local tt = {0x2C57A8}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 B [PC,#0x0]", true)
local tt = {0x46CEE8}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 ret", true)
local tt = {0x4C74A0}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 ret", true)
local tt = {0x4C7540}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 ret", true)
local t = {"libtprt.so"}
--Tprt完整性
local tt = {0x122A54}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 LDRB W9, [X0]", true)
local tt = {0xA0068}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 RET", true)
local tt = {0x11D028}local ttt = S_Pointer(t,tt,true)setvalue(ttt,4, "~A8 B [PC,#0x38]", true)