Skip to content

Instantly share code, notes, and snippets.

View Henningstone's full-sized avatar

Henningstone Henningstone

View GitHub Profile

Exploiting Lua 5.1 on 32-bit Windows

The following Lua program generates a Lua bytecode program called ignore-unsigned-sga.fnt, which in turn loads a DLL from within an extremely locked down Lua 5.1 sandbox in a program called RelicCOH2.exe. The remainder of this document attempts to explain how this program works by a whirlwind tour of relevent bits of the Lua 5.1 virtual machine.

if string.dump(function()end):sub(1, 12) ~= "\27Lua\81\0\1\4\4\4\8\0" then
  error("This generator requires a 32-bit version of Lua 5.1")
end

local function outer()
  local magic -- In bytecode, the stack slot corresponding to this local is changed
@Henningstone
Henningstone / webtail.py
Created August 14, 2017 04:04 — forked from scoffey/webtail.py
HTTP server that provides a web interface to run "tail" on a file, like the Unix command
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
HTTP server that provides a web interface to run "tail" on a file,
like the Unix command.
This is a standalone script. No external dependencies required.
How to invoke:
@Henningstone
Henningstone / deepcopy.lua
Created January 19, 2018 18:05 — forked from Deco/deepcopy.lua
Lua Non-recursive Deep-copy
--[[ deepcopy.lua
Deep-copy function for Lua - v0.2
==============================
- Does not overflow the stack.
- Maintains cyclic-references
- Copies metatables
- Maintains common upvalues between copied functions (for Lua 5.2 only)
TODO