lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Thank you, Charles, for the quick answer - didn't notice it at first because it went to my spam folder unfortunately.

I've checked the files (dlls and exe) for certain bytes but none of them except the executable contained strings which come from Lua e.g. dofile, loadstring, etc. Good news is, I was able to locate this mapping table for (fnc_name, fnc_address) which I thought might exist. After looking into the source code and using OllyDbg I think I was able to locate luaL_openlib inside the executable. I've looked at lauxlib.c (see [1]) in the Lua 5.0.3 code and it seems that this functions is registering (name, address) tuples, is that correct? It appears to get called in base_open() in lbaselib.c (see [2]).

However, these are the last few assembly instructions of luaL_openlib inside the executable:

  ; original code
  ; <smuggle in code>
  pop edi
  pop esi
  pop ebp
  pop ebx

I already know that this is getting executed by the main thread as the program starts so here is my question:

luaL_openlib has 4 parameters which I should be able to find on the stack inside this function during execution. Since I know the exact address of luaL_openlib I should be able to place my code in <smuggle in code> which is just a jmp to a few lines of assembly code which load "my-lua-extensions.dll" and registers the Lua functions I prepared in there (only once of course since luaL_openlib gets called multiple times).

What I need to know here if luaL_openlib will be enough to register a new set of functions? There is this lua_State struct that's getting passed through all this functions. I am afraid that I could mess up the state of this object as I inject my code at this point somewhere.

I am sorry if that question is a rather big one - any ideas or thoughts are very welcome! :)

BR; Stefan



On 03.12.2016 13:20, Charles Heywood wrote:
"I can't help but think I saw something like this on stackexchange"... "OH!"

Anyways, is there a lua.dll or something that is shipped with the game? If so, try replacing it with a stock lua.dll. If that works seamlessly, then you can replace lua.dll with one that has luaL_loadlibs or whatever that function was, with a custom loading function. Dunno if this helps, to be honest. :P

On Sat, Dec 3, 2016 at 6:06 AM Stefan Falk <> wrote:

I am currently trying to find out how I could possibly add new built-in
functions into a compiled game that uses Lua for certain game mechanics.
I do not know a lot about Lua except that it's running a VM basically
that is acting as a interpreter for the actual Lua scripts to be executed.

Since I am at the very beginning of my "journey" here I hope to find
answers to a few questions here. First of all the game I am talking
about is Supreme Commander - some of you might know it. All I know is
that it's using Lua 5.0 and I think the developers threw some stuff out
which they didn't want in the game and compiled it. What I don't know is
whether the Lua part is residing inside the executable or if it's in a
DLL. My first guess would be the executable because browsing it with a
hex-editor revealed that all the built-in function names reside
somewhere in the data section of the executable.

I don't know if anybody can actually help me with this but I am
currently a bit stuck and I don't really know how Lua is written into
the executable. What I can imagine is that there must be some sort of
lookup table for all the built-in functions. As the interpreter finds
e.g. "dofile" it has to look up the address of the function in order to
jump to its actual location. Anything that can help me to find out where
or how I have to look after this would be helpful.

I hope my question is not off-topic and that somebody can give some
advice or inspire a few things I could try. Feel free to ask me if
anything I explained is not clear. There is also a question [1] on
stackexchange from me which you can check out if you want.

Thank you for any help!

BR; Stefan