Manipulating Embedded Lua VMs: Executing Scripts

Now that we know how to find addresses of the lua C API in our client and how to capture a valid lua state, we can write our “exploit”. Let’s start with recapping what our end-goal is: We want to be able to run scripts that weren’t originally in our game. To do this, we’ve found where the Lua VM C API is, and even hooked lua_gettop to capture a valid lua state....

August 24, 2019 · 4 min ·  CPunch

Manipulating Embedded Lua VMs: Hooking lua_gettop

Last post we talked about why games use the Lua VM and how to find some key functions. The Lua VM runs everything based on a state. This state is basically the key to the kingdom, without a valid state with their custom API and environment on it, we really can’t do anything. Well that’s great and all, but how exactly are we going to get a valid Lua State??? How convenient of a question!...

August 24, 2019 · 8 min ·  CPunch

Manipulating Embedded Lua VMs: The ROBLOX Client

Many games today rely on scripting languages and an internal API to interface with the game engine itself. One of the popular scripting languages used is the Lua language. The reason so many games use Lua as their internal scripting engine is because it is extremely extensible, It’s also extremely lightweight and uses little resources. Today we’re going to be focusing on one game in particular, you might’ve heard of it… ROBLOX....

August 24, 2019 · 6 min ·  CPunch