feat: 累计更新2026-4-21，修复大量bug

Author: unkn0wName

Lite_version/SKRoot_Lite(2026-4-21).apk

@@ -10,7 +10,7 @@ android {
         minSdk 26
         targetSdk 31
         versionCode 1
-        versionName "2026-4-8"
+        versionName "2026-4-21"
 
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
         externalNativeBuild {

Lite_version/patch_kernel_root(2026-4-21).exe

@@ -133,7 +133,7 @@ public void handleMessage(@NonNull Message msg) {
                 super.handleMessage(msg);
             }
         };
-        DialogUtils.showInputDlg(this, rootKey,"请输入Root权限的KEY", null, inputCallback, null);
+        DialogUtils.showInputDlg(this, rootKey,"请输入Root权限的Key", null, inputCallback, null);
     }
     private void checkGetAppListPermission() {
         if(GetAppListPermissionHelper.getPermissions(this)) return;

Lite_version/src/PermissionManager/app/build.gradle

@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:tools="http://schemas.android.com/tools"
+    xmlns:app="http://schemas.android.com/apk/res-auto"
     android:layout_width="match_parent"
     android:layout_height="match_parent"
     android:orientation="vertical"
@@ -97,60 +98,88 @@
                     android:textColor="@color/black"
                     />
 
-                <Button
+                <com.google.android.material.button.MaterialButton
                     android:layout_marginTop="5dp"
                     android:id="@+id/test_root_btn"
                     android:layout_width="wrap_content"
                     android:layout_height="wrap_content"
                     android:text="1.测试Root权限"
+                    android:paddingLeft="20dp"
+                    android:paddingRight="20dp"
+                    app:cornerRadius="8dp"
+                    style="@style/Widget.MaterialComponents.Button"
                     />
 
-                <Button
+                <com.google.android.material.button.MaterialButton
                     android:layout_marginTop="5dp"
                     android:id="@+id/run_root_cmd_btn"
                     android:layout_width="wrap_content"
                     android:layout_height="wrap_content"
                     android:text="2.执行Root命令"
+                    android:paddingLeft="20dp"
+                    android:paddingRight="20dp"
+                    app:cornerRadius="8dp"
+                    style="@style/Widget.MaterialComponents.Button"
                     />
 
-                <Button
+                <com.google.android.material.button.MaterialButton
                     android:layout_marginTop="5dp"
                     android:id="@+id/root_exec_process_btn"
                     android:layout_width="wrap_content"
                     android:layout_height="wrap_content"
                     android:text="3.以Root运行程序"
+                    android:paddingLeft="20dp"
+                    android:paddingRight="20dp"
+                    app:cornerRadius="8dp"
+                    style="@style/Widget.MaterialComponents.Button"
                     />
 
-                <Button
+                <com.google.android.material.button.MaterialButton
                     android:layout_marginTop="5dp"
                     android:id="@+id/su_env_install_btn"
                     android:layout_width="wrap_content"
                     android:layout_height="wrap_content"
                     android:text="4.安装部署su"
+                    android:paddingLeft="20dp"
+                    android:paddingRight="20dp"
+                    app:cornerRadius="8dp"
+                    style="@style/Widget.MaterialComponents.Button"
                     />
 
-                <Button
+                <com.google.android.material.button.MaterialButton
                     android:layout_marginTop="5dp"
                     android:id="@+id/su_env_inject_btn"
                     android:layout_width="wrap_content"
                     android:layout_height="wrap_content"
                     android:text="5.授权su到指定进程"
+                    android:paddingLeft="20dp"
+                    android:paddingRight="20dp"
+                    app:cornerRadius="8dp"
+                    style="@style/Widget.MaterialComponents.Button"
                     />
 
-                <Button
+                <com.google.android.material.button.MaterialButton
                     android:layout_marginTop="5dp"
                     android:id="@+id/clean_su_btn"
                     android:layout_width="wrap_content"
                     android:layout_height="wrap_content"
                     android:text="6.完全卸载清理su"
+                    android:paddingLeft="20dp"
+                    android:paddingRight="20dp"
+                    app:cornerRadius="8dp"
+                    style="@style/Widget.MaterialComponents.Button"
                     />
 
-                <Button
+                <com.google.android.material.button.MaterialButton
                     android:layout_marginTop="5dp"
                     android:id="@+id/implant_app_btn"
                     android:layout_width="wrap_content"
                     android:layout_height="wrap_content"
                     android:text="7.寄生到目标APP"
+                    android:paddingLeft="20dp"
+                    android:paddingRight="20dp"
+                    app:cornerRadius="8dp"
+                    style="@style/Widget.MaterialComponents.Button"
                     />
 
             </LinearLayout>
@@ -184,18 +213,22 @@
                 android:orientation="horizontal"
 
                 >
-                <Button
+                <com.google.android.material.button.MaterialButton
                     android:id="@+id/copy_info_btn"
                     android:layout_width="70dp"
                     android:layout_height="wrap_content"
                     android:text="复制"
+                    app:cornerRadius="8dp"
+                    style="@style/Widget.MaterialComponents.Button"
                     />
-                <Button
+                <com.google.android.material.button.MaterialButton
                     android:id="@+id/clean_info_btn"
                     android:layout_width="70dp"
                     android:layout_height="wrap_content"
                     android:layout_marginLeft="5dp"
                     android:text="清空"
+                    app:cornerRadius="8dp"
+                    style="@style/Widget.MaterialComponents.Button"
                     />
             </LinearLayout>
 

Lite_version/src/PermissionManager/app/src/main/java/com/linux/permissionmanager/MainActivity.java

@@ -12,8 +12,7 @@
 #include <cstdlib>
 #include <capstone/capstone.h>
 
-namespace a64_find_func_return_offset {
-
+namespace a64_find_end_func_offset {
 	constexpr size_t k_npos = static_cast<size_t>(-1);
 	constexpr int k_max_jump_region = 1024 * 1024 * 5; // 5MB
 
@@ -69,9 +68,7 @@ namespace a64_find_func_return_offset {
 	static inline bool is_force_jump_asm(const code_line& line) {
 		if (line.cmd_id == ARM64_INS_BR) return true;
 		return line.cmd_id == ARM64_INS_B &&
-			(line.cc_id == ARM64_CC_INVALID ||
-				line.cc_id == ARM64_CC_AL ||
-				line.cc_id == ARM64_CC_NV);
+			(line.cc_id == ARM64_CC_INVALID || line.cc_id == ARM64_CC_AL || line.cc_id == ARM64_CC_NV);
 	}
 
 	static size_t index_by_addr(const std::vector<code_line>& v, uint64_t addr) {
@@ -80,14 +77,11 @@ namespace a64_find_func_return_offset {
 		return k_npos;
 	}
 
-	static void scan_from_index(const std::vector<code_line>& v_code_line,
-		size_t start_idx,
-		std::set<uint64_t>& branch_history,
-		std::vector<uint64_t>& out_ret_addrs,
-		std::vector<uint64_t>& out_branch_anchors) {
+	static void scan_from_index(const std::vector<code_line>& v_code_line, size_t start_idx,
+		std::set<uint64_t>& branch_history, std::vector<uint64_t>& out_ret_addrs, std::vector<uint64_t>& out_branch_anchors) {
+		
 		for (size_t x = start_idx; x < v_code_line.size(); ++x) {
 			const auto& line = v_code_line[x];
-
 			if (is_offset_jump_asm(line)) {
 				const int64_t addr = line.final_imm;
 				if (addr > 0 && addr < static_cast<int64_t>(line.addr + k_max_jump_region)) {
@@ -98,16 +92,22 @@ namespace a64_find_func_return_offset {
 					}
 				}
 
-				if (is_force_jump_asm(line)) break;
+				if (is_force_jump_asm(line)) {
+					// 无条件跳转如果是往回跳，视为一个“假的RET边界”
+					// 这里记录当前跳转指令地址，而不是跳转目标地址
+					if (addr > 0 && static_cast<uint64_t>(addr) < line.addr) {
+						out_ret_addrs.push_back(line.addr);
+					}
+					break;
+				}
 				continue;
 			}
 
 			if (is_ret_insn(line.cmd_id)) out_ret_addrs.push_back(line.addr);
 		}
 	}
 
-	static bool handle_candidate_offsets(const std::vector<code_line>& v_code_line,
-		size_t& candidate_offsets) {
+	static bool handle_candidate_offsets(const std::vector<code_line>& v_code_line, size_t& candidate_offsets) {
 		std::vector<uint64_t> ret_addrs;
 		std::vector<uint64_t> branch_anchors;
 		std::set<uint64_t> branch_history;
@@ -128,18 +128,14 @@ namespace a64_find_func_return_offset {
 		}
 
 		if (!ret_addrs.empty()) {
-			candidate_offsets = static_cast<size_t>(
-				*std::max_element(ret_addrs.begin(), ret_addrs.end())
-				);
+			candidate_offsets = static_cast<size_t>(*std::max_element(ret_addrs.begin(), ret_addrs.end()));
 			return true;
 		}
 
 		return false;
 	}
 
-	static bool find_func_return_offset(const std::vector<char>& file_buf,
-		size_t start,
-		size_t& candidate_offsets) {
+	static bool find_end_func_offset(const std::vector<char>& file_buf, size_t start, size_t& candidate_offsets) {
 		bool res = false;
 
 		csh handle;
@@ -216,4 +212,4 @@ namespace a64_find_func_return_offset {
 		return res;
 	}
 
-} // namespace a64_find_func_return_offset
+} // namespace a64_find_end_func_offset

Lite_version/src/PermissionManager/app/src/main/res/layout/activity_main.xml

@@ -6,10 +6,11 @@
 #define ATOMIC_INIT_4						4
 #define SECUREBITS_DEFAULT			0
 
-#define CAP_FULL_SET						0x1FFFFFFFFFULL
-#define CAP_FULL_SET_3_16_0			0x3FFFFFFFFFULL
-#define CAP_FULL_SET_5_8_0				0xFFFFFFFFFFULL
-#define CAP_FULL_SET_5_9_0				0x1FFFFFFFFFFULL
+#define CAP_FULL_SET								0x1FFFFFFFFFULL
+#define CAP_FULL_SET_3_16_0					0x3FFFFFFFFFULL
+#define CAP_FULL_SET_HUAWEI_4_9_X		0x7FFFFFFFFFULL
+#define CAP_FULL_SET_5_8_0						0xFFFFFFFFFFULL
+#define CAP_FULL_SET_5_9_0						0x1FFFFFFFFFFULL
 
 namespace {
 #pragma pack(push, 1)
@@ -94,7 +95,7 @@ std::vector<InitCredResult> InitCredSearcher::build_usage_candidates_impl() {
 	Head4T head_u4;
 	Head8T head_u8;
 	std::vector<InitCredResult> out;
-	uint64_t cap_max_arr[] = { CAP_FULL_SET_5_9_0, CAP_FULL_SET_5_8_0, CAP_FULL_SET_3_16_0, CAP_FULL_SET };
+	uint64_t cap_max_arr[] = { CAP_FULL_SET_5_9_0, CAP_FULL_SET_5_8_0, CAP_FULL_SET_3_16_0, CAP_FULL_SET_HUAWEI_4_9_X, CAP_FULL_SET };
 	int cap_cnt = get_cap_cnt();
 	for (auto cap_max : cap_max_arr) {
 		cred_cap_info4 cap4{};

…_root/3rdparty/find_func_return_offset.h …nel_root/3rdparty/find_end_func_offset.hLite_version/src/patch_kernel_root/3rdparty/find_func_return_offset.h renamed to Lite_version/src/patch_kernel_root/3rdparty/find_end_func_offset.h Lite_version/src/patch_kernel_root/3rdparty/find_func_return_offset.h renamed to Lite_version/src/patch_kernel_root/3rdparty/find_end_func_offset.h

@@ -0,0 +1,15 @@
+#pragma once
+#include <cstdint>
+#include <string>
+#include <unordered_map>
+
+class IKallsymsLookup {
+public:
+    virtual ~IKallsymsLookup() = default;
+
+    virtual bool init() = 0;
+    virtual bool is_inited() const = 0;
+    virtual uint64_t kallsyms_lookup_name(const char* name) = 0;
+    virtual uint64_t kallsyms_symbol_size(uint64_t cur_addr) = 0;
+    virtual std::unordered_map<std::string, uint64_t> kallsyms_on_each_symbol() = 0;
+};

Lite_version/src/patch_kernel_root/analyze/init_cred_searcher.cpp

@@ -99,14 +99,10 @@ bool KallsymsLookupName::init() {
 	return true;
 }
 
-bool KallsymsLookupName::is_inited() {
+bool KallsymsLookupName::is_inited() const {
 	return m_inited;
 }
 
-int KallsymsLookupName::get_kallsyms_num() {
-	return m_kallsyms_num;
-}
-
 static bool __find_kallsyms_addresses_list(const std::vector<char>& file_buf, size_t max_cnt, size_t& start, size_t& end) {
 	const int var_len = sizeof(uint64_t);
 	for (auto x = 0; x + var_len < file_buf.size(); x += var_len) {
@@ -360,6 +356,22 @@ uint64_t KallsymsLookupName::kallsyms_lookup_name(const char* name) {
 	return iter->second;
 }
 
+uint64_t KallsymsLookupName::kallsyms_symbol_size(uint64_t cur_addr) {
+	if (cur_addr == 0) return 0;
+	std::unordered_map<std::string, uint64_t> syms = kallsyms_on_each_symbol();
+	uint64_t next_addr = 0;
+	for (const auto& kv : syms) {
+		uint64_t addr = kv.second;
+		if (addr > cur_addr) {
+			if (next_addr == 0 || addr < next_addr) {
+				next_addr = addr;
+			}
+		}
+	}
+	if (next_addr == 0 || next_addr <= cur_addr) return 0;
+	return next_addr - cur_addr;
+}
+
 std::unordered_map<std::string, uint64_t> KallsymsLookupName::kallsyms_on_each_symbol() {
 	if (!m_kallsyms_symbols_cache.size()) {
 		for (auto i = 0, off = 0; i < m_kallsyms_num; i++) {

Lite_version/src/patch_kernel_root/analyze/kallsyms_lookup_interface.h

@@ -3,19 +3,19 @@
 #include <cstdint>
 #include <vector>
 #include <unordered_map>
+#include "kallsyms_lookup_interface.h"
 
-class KallsymsLookupName
-{
+class KallsymsLookupName : public IKallsymsLookup {
 public:
 	KallsymsLookupName(const std::vector<char>& file_buf);
 	~KallsymsLookupName();
 
 public:
-	bool init();
-	bool is_inited();
-	uint64_t kallsyms_lookup_name(const char* name);
-	std::unordered_map<std::string, uint64_t> kallsyms_on_each_symbol();
-	int get_kallsyms_num();
+	bool init() override;
+	bool is_inited() const override;
+	uint64_t kallsyms_lookup_name(const char* name) override;
+	uint64_t kallsyms_symbol_size(uint64_t cur_addr) override;
+	std::unordered_map<std::string, uint64_t> kallsyms_on_each_symbol() override;
 
 private:
 	bool find_kallsyms_addresses_list(size_t& start, size_t& end);