Related
Wondering if I could get some help with this:
function setupRound()
local gameModes = {'mode 1','mode 2','mode 3'} -- Game modes
local maps = {'map1','map2','map3'}
--local newMap = maps[math.random(1,#maps)]
local mapData = {maps[math.random(#maps)],gameModes[math.random(#gameModes)]}
local mapData = mapData
return mapData
end
a = setupRound()
print(a[1],a[2]) --Fix from Egor
What the problem is:
`
When trying to get the info from setupRound() I get table: 0x18b7b20
How I am trying to get mapData:
a = setupRound()
print(a)
Edit:
Output Issues
With the current script I will always the the following output: map3 mode 2.
What is the cause of this?
Efficiency; is this the best way to do it?
While this really isn't a question, I just wanted to know if this method that I am using is truly the most efficient way of doing this.
First of all
this line does nothing useful and can be removed (it does something, just not something you'd want)
local mapData = mapData
Output Issues
The problem is math.random. Write a script that's just print(math.random(1,100)) and run it 100 times. It will print the same number each time. This is because Lua, by default, does not set its random seed on startup. The easiest way is to call math.randomseed(os.time()) at the beginning of your program.
Efficiency; is this the best way to do it?
Depends. For what you seem to want, yes, it's definitely efficient enough. If anything, I'd change it to the following to avoid magic numbers which will make it harder to understand the code in the future.
--- etc.
local mapData = {
map = maps[math.random(#maps)],
mode = gameModes[math.random(#gameModes)]
}
-- etc.
print(a.map, a.mode)
And remember:
Premature optimization is the root of all evil.
— Donald Knuth
You did very good by creating a separate function for generating your modes and maps. This separates code and is modular and neat.
Now, you have your game modes in a table modes = {} (=which is basically a list of strings).
And you have your maps in another table maps = {}.
Each of the table items has a key, that, when omitted, becomes a number counted upwards. In your case, there are 3 items in modes and 3 items in maps, so keys would be 1, 2, 3. The key is used to grab a certain item in that table (=list). E.g. maps[2] would grab the second item in the maps table, whose value is map 2. Same applies to the modes table. Hence your output you asked about.
To get a random game mode, you just call math.random(#mode). math.random can accept up to two parameters. With these you define your range, to pick the random number from. You can also pass a single parameter, then Lua assumes to you want to start at 1. So math.random(3) becomes actually math.random(1, 3). #mode in this case stand for "count all game modes in that table and give me that count" which is 3.
To return your chosen map and game mode from that function we could use another table, just to hold both values. This time however the table would have different keys to access the values inside it; namely "map" and "mode".
Complete example would be:
local function setupRound()
local modes = {"mode 1", "mode 2", "mode 3"} -- different game modes
local maps = {"map 1", "map 2", "map 3"} -- different maps
return {map = maps[math.random(#maps)], mode = modes[math.random(#modes)]}
end
for i = 1, 10 do
local freshRound = setupRound()
print(freshRound.map, freshRound.mode)
end
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I paid an untrusted developer for a script. And as I thought he scammed me. He did send me code, but he obfuscated the script. It is for a game called "Roblox" that uses Lua, the code will be down below. As from I can tell by running it, it might work. But I would need to change the script for it to work. Does anyone know to to decode the obfuscation?
https://pastebin.com/B8SZmZGE
local ilIillllII1i1lliliI = assert local II1ll1iliIIIIillIli = select local lIlillIlIi11I1lIIi11I = tonumber local i1li1IIIII1IIilIil1 = unpack local iIl1IIlI11i1il1ilII = pcall local lIlI1IiiIlIl1i11ll1Il = setfenv local iIIlilIlllIliiIili1 = setmetatable local ii1Iiill11ii1IIIill = type local lIll1I1ll1lliilII1Il1 = getfenv local IiIi1llliiIIllllI1i = tostring local Ii1IIill1ilI1lilIiI = error local iilli1lIi11lllIli1l = string.sub local lIlI1li1ll1lliliIlI = string.byte local lIli1Ill1liIlilIIIiiI = string.char local I1ii1iIIl1lI1Iii1iI = string.rep local iiiIiI11IIllIiliI1I = string.gsub local illlIIIllliill1l1ll = string.match local iIi1l1liili1I11l1II = 1 local function lIll1iillI1ll1iiIiIll(IIiiiIiiIllIl1i1i1I, iIililIlliIII11illi) local i1iiI1I1iII1iiIiil1 IIiiiIiiIllIl1i1i1I = iiiIiI11IIllIiliI1I(iilli1lIi11lllIli1l(IIiiiIiiIllIl1i1i1I, 5), "..", function(llii1Ii11lI1llilill) if lIlI1li1ll1lliliIlI(llii1Ii11lI1llilill, 2) == 71 then i1iiI1I1iII1iiIiil1 = lIlillIlIi11I1lIIi11I(iilli1lIi11lllIli1l(llii1Ii11lI1llilill, 1, 1)) return
Ok so I am turtsis and I see that people have been stealing my answer and posting it on v3rmillion as there own. So I will post another answer but this time a better one on how to actually get contents of it. So basically if you didn’t read my other answer then don’t and just read this one:
Luraph is a custom lbi which is a lua bytecode interpreter. If you do string.dump(function) you will get luaQ as the output. That is why people use unluaC or luadec to get the source to these dumps. This is called bytecode which is different then string:byte() as it is a non readable lua format in lua 5.1 and up. To be able to use these encoded strings/functions you will need a lbi. What a lbi does is it interpreted the bits and deserialzes them. Here is a example of a commonly used lbi https://github.com/JustAPerson/lbi/blob/master/src/lbi.lua
Ok so now to the part where you get contents of it.
In lua (and other coding languages) there is things called opcodes. Opcodes control the base of lua and there is quite a few of them. Some of the most commonly known and most useful ones are these:
LOADK - loads a constant to the register
LOADBOOL - loads a bool to the register
LOADNIL - loads a nil to the register
JMP - jump
ADD - Adds a new thing to the register
SUB - Subtracts something from the register
There is many more but those are the main ones we will be focusing on.
Ok so to get those normally you would need a external program called unluac or luadec but for this we will be doing it in base lua. I recommend using repl.it to run the code.
So the main thing we will need is LOADK as it loads a constant
A constant is a variable or anything really that doesn’t change ex: local value = 1
Now what isn’t a constant is something that changes.
Now you probaly have heard of iron brew and synapse xen both are very known lua obfuscators created by 3ds and Defcon42
Iron brew and xen have something in common (well the base) they aren’t lbis so you don’t usually get the opcodes from them. But they have a table that has all the constants in them (xen is encrypted) to get these tables there is a whole process with table.concat and global but that’s not luraph that’s other obfuscators. Luraph is different Though because it is a lbi so there is no need for a table with all the constants in it. Instead to get the constants we need a way to get the instructions from a script. Opcodes are instructions. They are instructions because opcodes tell lua what to do with code. Ok so how do we get these instructions?
Here is a article on opcodes and instructions:
http://luaforge.net/docman/83/98/ANoFrillsIntroToLua51VMInstructions.pdf
So they all have signatures:
"sBx"
"A"
"A", "B"
"A", "Bx"
"A", "C"
"A", "sBx"
"A", "B", "C”
You get opcodes args from these instructions.
Now different obfuscators have different opcodes instructions so for luraph you will have to find them. Ok so use a dissembler or make Your own but here is a disassembler made by my friend:
https://github.com/op0x59/reddisassembler
You will need to go onto repl.it and make a repo then add the code and format it etc with the settings. Where in the settings it has opcodes you will need to manually get these from luraph.
So there you go that’s how you can do it. If you need more help dm me on discord:
turtsis#6969
Or
turtsis#2785
ALSO WHOEVER IS STEALING MY ANSWERS ON HERE AND POSTING THEM ON V3RMILLION WITH OUT CREDITING ME PLEASE STOP OR GIVE ME CREDIT.
Basically it uses bytecode (\144\22\99\88) but it has a custom interpreter and a custom bytecode vm to make it have a bytecode like this:
LPH|3EE5491D2B1A00192574A22B510A02002GE5E7E9E42GE5F53GE5F53GE5CD3GE5FDE42GE5C13GE5F934B71
So you will need to rename the variables and functions into something like variable1, variable2 so that you are able to read it. Then find parts that are junk code like
function 1iiii1i1i(i1i1ijj1jijij)
local 1j1j1jj1j1jijijij = (((10*2)/2)-3/9)
end
1iiii1i1i(90, 0)
Which are completely useless and are meant to trick decompilers into looping random number functions. to check if stuff like: iIi1l1liili1I11l1II = iIi1l1liili1I11l1II + 4 return Ii1IiI1I111I1II1IIi * 16777216 + iIII1iIiI1l1IlIIlii * 65536 + IIill111lli111ll1li * 256
These are junk code just look for it in the rest of the code (using ctrl+F) and look if it has a use. If it does, then check if that use has a use and so on until you find if it is part of the vm. The thing is though is that it might loadstring another loadstring for many times until it will take VERY LONG to decompile this. So if you really need the source contact me on discord and I can hook you up (turtsis#2785) or put a couple of hours into this
Using a Lua beautfier can make it easier to understand.
Such as: [http://blackmiaool.com/lua-beautify/][1] (https://github.com/blackmiaool/lua-beautify)
This question is 5 months old but here you go anyway:
local L3_0, L4_1, L5_2, L6_3, L7_4
L3_0 = "rebel alience"
L4_1 = "Wasp"
L5_2 = "Bottom Small Mining Laser"
L6_3 = "Adamantite Ore"
for _FORV_7_ = 1, 10 do
workspace.Ships[L3_0][L4_1][L5_2].RemoteFireCommand:InvokeServer(CFrame.new(0, 0, 0,0.996030748, -7.7674794E-4, 0.0890064985, 0, 0.999961913, 0.00872653536, -0.0890098885,-0.00869189762, 0.995992839), workspace.Asteroids[L6_3],workspace.Asteroids[L6_3], workspace.Asteroids[L6_3].CenterPoint)
wait(3)
end
It's a simple remote event.
You can find the tool used here, it's open source:
https://github.com/TheGreatSageEqualToHeaven/LuraphDeobfuscator
The script is
local L0, L1, L2, L3, L4, L5, L6, L7, L8, L9, L10, L11, L12, L13, L14, L15, L16, L17, L18, L19, L20, L21, L22
L0 = "rebel alience"
L1 = "Wasp"
L2 = "Bottom Small Mining Laser"
L3 = "Adamantite Ore"
for L7 = L4, L5, L6 do
L8 = Workspace
L8 = L8.Ships
L8 = L8[L0]
L8 = L8[L1]
L8 = L8[L2]
L8 = L8.RemoteFireCommand
L9 = L8
L8 = L8.InvokeServer
L10 = CFrame
L10 = L10.new
L11 = 0
L12 = 0
L13 = 0
L14 = 0.996030748
L15 = -7.7674794E-4
L16 = 0.0890064985
L17 = 0
L18 = 0.999961913
L19 = 0.00872653536
L20 = -0.0890098885
L21 = -0.00869189762
L22 = 0.995992839
L10 = L10(L11, L12, L13, L14, L15, L16, L17, L18, L19, L20, L21, L22)
L11 = Workspace
L11 = L11.Asteroids
L11 = L11[L3]
L12 = Workspace
L12 = L12.Asteroids
L12 = L12[L3]
L13 = Workspace
L13 = L13.Asteroids
L13 = L13[L3]
L13 = L13.CenterPoint
L8(L9, L10, L11, L12, L13)
L8 = wait
L9 = 3
L8(L9)
end
The variables are not the normal variables and it may appear a bit confusing because I was using an auto deobfuscator
i might be late but
rebel alience
Wasp
Bottom Small Mining Laser
Adamantite Ore
1
10
Workspace
Ships
RemoteFireCommand
InvokeServer
CFrame
new
0
0.996030748
-0.00077674794
0.0890064985
0.999961913
0.00872653536
-0.0890098885
-0.00869189762
0.995992839
Asteroids
CenterPoint
wait
3
1337
I have a luraph dumper the dumped version of that script is only showing one variable which is "1337" I hope this helped!
One of the easiest things to do is to create a script destroying all the Luraph's scripts. Deleting those junk codes would still be a better option, but this would do its work for some time.
What it does, is that it basically destroys these scripts forever. One of the most fun things is that it doesn't even have to destroy them forever. Luraph scripts have a limited number, how many times they could multiply making Luraph's scripts crash.
local condition = true
local Oofer = workspace.Camera
while condition do
workspace.Camera:ClearAl1Children ()
wait (2)
end
I have to communicate with a dll and it lua and this is the function I use to write strings by bytes:
writeString = function(pid, process, address, value)
local i = 1
while i <= String.Length(value) do
local byte = string.byte(value, i, i)
DLL.CallFunction("hook.dll", "writeMemByte", pid..','..process..','..address + (i-1)..','..byte, DLL_RETURN_TYPE_INTEGER, DLL_CALL_CDECL)
i = i + 1
end
DLL.CallFunction("hook.dll", "writeMemByte", pid..','..process..','..address + (i-1)..',0', DLL_RETURN_TYPE_INTEGER, DLL_CALL_CDECL)
end
I basically need to adapt this to write a double value byte by byte.
I just can't think how to make the memory.writeDouble function.
EDIT: this is my readString function:
readString = function(pid, process, address)
local i, str = 0, ""
repeat
local curByte = DLL.CallFunction("hook.dll", "readMemByte", pid..','..process..','..(address + i), DLL_RETURN_TYPE_INTEGER, DLL_CALL_CDECL)
if curByte == "" then curByte = 0 end
curByte = tonumber(curByte)
str = str .. string.char(curByte)
i = i + 1
until (curByte == 0)
return str
end,
My first recommendation would be: try to find a function that accepts strings representing doubles instead of doubles. Implementing the lua side of that would be incredibly easy, since you already have a writeString - it could be something very similar to this:
writeDouble = function(pid, process, address, value)
writeString(pid, process, address, tostring(value))
end
If you don't have that function, but you have access to the dll source, you can try to add that function yourself; it shouldn't be much more complicated than getting the string and then calling atof on it.
If you really can't modify the dll, then you need to figure out the exact double format that the lib is expecting - there are lots of factors that can change that format. The language and compiler used, the operative systems, and the compiler flags, to cite some.
If the dll uses a standard format, like IEE-754, the format will usually have well documented "translations" from/two bites. Otherwise, it's possible that you'll have to develop them yourself.
Regards and good luck!
There are many libraries available for Lua that do just this.
If you need the resulting byte array (string), string.pack should do it; you can find precompiled binaries for Windows included with Lua for Windows.
If you are more interested in using the double to interface with foreign code, I would recommend taking a different approach using alien, a Foreign Function Interface library that lets you directly call C functions.
If you able to, I even more highly recommend switching to LuaJIT, a Just-In-Time compiler for Lua that provides the power, speed and reach of C and assembly, but with the comfort an flexibility of Lua.
If none of these solutions are viable, I can supply some code to serialise doubles (not accessible at the moment).
For example, if I want to read the middle value from magic(5), I can do so like this:
M = magic(5);
value = M(3,3);
to get value == 13. I'd like to be able to do something like one of these:
value = magic(5)(3,3);
value = (magic(5))(3,3);
to dispense with the intermediate variable. However, MATLAB complains about Unbalanced or unexpected parenthesis or bracket on the first parenthesis before the 3.
Is it possible to read values from an array/matrix without first assigning it to a variable?
It actually is possible to do what you want, but you have to use the functional form of the indexing operator. When you perform an indexing operation using (), you are actually making a call to the subsref function. So, even though you can't do this:
value = magic(5)(3, 3);
You can do this:
value = subsref(magic(5), struct('type', '()', 'subs', {{3, 3}}));
Ugly, but possible. ;)
In general, you just have to change the indexing step to a function call so you don't have two sets of parentheses immediately following one another. Another way to do this would be to define your own anonymous function to do the subscripted indexing. For example:
subindex = #(A, r, c) A(r, c); % An anonymous function for 2-D indexing
value = subindex(magic(5), 3, 3); % Use the function to index the matrix
However, when all is said and done the temporary local variable solution is much more readable, and definitely what I would suggest.
There was just good blog post on Loren on the Art of Matlab a couple days ago with a couple gems that might help. In particular, using helper functions like:
paren = #(x, varargin) x(varargin{:});
curly = #(x, varargin) x{varargin{:}};
where paren() can be used like
paren(magic(5), 3, 3);
would return
ans = 16
I would also surmise that this will be faster than gnovice's answer, but I haven't checked (Use the profiler!!!). That being said, you also have to include these function definitions somewhere. I personally have made them independent functions in my path, because they are super useful.
These functions and others are now available in the Functional Programming Constructs add-on which is available through the MATLAB Add-On Explorer or on the File Exchange.
How do you feel about using undocumented features:
>> builtin('_paren', magic(5), 3, 3) %# M(3,3)
ans =
13
or for cell arrays:
>> builtin('_brace', num2cell(magic(5)), 3, 3) %# C{3,3}
ans =
13
Just like magic :)
UPDATE:
Bad news, the above hack doesn't work anymore in R2015b! That's fine, it was undocumented functionality and we cannot rely on it as a supported feature :)
For those wondering where to find this type of thing, look in the folder fullfile(matlabroot,'bin','registry'). There's a bunch of XML files there that list all kinds of goodies. Be warned that calling some of these functions directly can easily crash your MATLAB session.
At least in MATLAB 2013a you can use getfield like:
a=rand(5);
getfield(a,{1,2}) % etc
to get the element at (1,2)
unfortunately syntax like magic(5)(3,3) is not supported by matlab. you need to use temporary intermediate variables. you can free up the memory after use, e.g.
tmp = magic(3);
myVar = tmp(3,3);
clear tmp
Note that if you compare running times with the standard way (asign the result and then access entries), they are exactly the same.
subs=#(M,i,j) M(i,j);
>> for nit=1:10;tic;subs(magic(100),1:10,1:10);tlap(nit)=toc;end;mean(tlap)
ans =
0.0103
>> for nit=1:10,tic;M=magic(100); M(1:10,1:10);tlap(nit)=toc;end;mean(tlap)
ans =
0.0101
To my opinion, the bottom line is : MATLAB does not have pointers, you have to live with it.
It could be more simple if you make a new function:
function [ element ] = getElem( matrix, index1, index2 )
element = matrix(index1, index2);
end
and then use it:
value = getElem(magic(5), 3, 3);
Your initial notation is the most concise way to do this:
M = magic(5); %create
value = M(3,3); % extract useful data
clear M; %free memory
If you are doing this in a loop you can just reassign M every time and ignore the clear statement as well.
To complement Amro's answer, you can use feval instead of builtin. There is no difference, really, unless you try to overload the operator function:
BUILTIN(...) is the same as FEVAL(...) except that it will call the
original built-in version of the function even if an overloaded one
exists (for this to work, you must never overload
BUILTIN).
>> feval('_paren', magic(5), 3, 3) % M(3,3)
ans =
13
>> feval('_brace', num2cell(magic(5)), 3, 3) % C{3,3}
ans =
13
What's interesting is that feval seems to be just a tiny bit quicker than builtin (by ~3.5%), at least in Matlab 2013b, which is weird given that feval needs to check if the function is overloaded, unlike builtin:
>> tic; for i=1:1e6, feval('_paren', magic(5), 3, 3); end; toc;
Elapsed time is 49.904117 seconds.
>> tic; for i=1:1e6, builtin('_paren', magic(5), 3, 3); end; toc;
Elapsed time is 51.485339 seconds.
require "alien"
--the address im trying to edit in the Mahjong game on Win7
local SCOREREF = 0x0744D554
--this should give me full access to the process
local ACCESS = 0x001F0FFF
--this is my process ID for my open window of Mahjong
local PID = 1136
--function to open proc
local op = alien.Kernel32.OpenProcess
op:types{ ret = "pointer", abi = "stdcall"; "int", "int", "int"}
--function to write to proc mem
local wm = alien.Kernel32.WriteProcessMemory
wm:types{ ret = "long", abi = "stdcall"; "pointer", "pointer", "pointer", "long", "pointer" }
local pRef = op(ACCESS, true, PID)
local buf = alien.buffer("99")
-- ptr,uint32,byte arr (no idea what to make this),int, ptr
print( wm( pRef, SCOREREF, buf, 4, nil))
--prints 1 if success, 0 if failed
So that is my code. I am not even sure if I have the types set correctly.
I am completely lost and need some guidance. I really wish there was more online help/documentation for alien, it confuses my poor brain.
What utterly baffles me is that it WriteProcessMemory will sometimes complete successfully (though it does nothing at all, to my knowledge) and will also sometimes fail to complete successfully. As I've stated, my brain hurts.
Any help appreciated.
It looks like your buffer contains only 2 bytes ("99"), but you specify 4 bytes in the call to WriteProcessMemory.
If your intention was to write the 32-bit value 99 into memory (as a number, not an ASCII string), you can use:
alien.buffer("\99\0\0\0")
You can convert arbitrary integers to string representations using alien.struct.pack:
require "alien.struct"
s = alien.struct.pack('i', 99)
buf = alien.buffer(s)
I know this question is long forgotten, but I ran into the same issue (with the same function), and there was nothing on the web except this question, and then I solved it myself, so I'm leaving my solution here.
SHORT ANSWER
The type of the second argument of WriteProcessMemory is not "pointer". I mean, officially it is, but alien cannot cast a raw address to a "pointer", so you are better off pretending it's a "long" instead. So your types declaration should look like
wm:types{ ret = "long", abi = "stdcall"; "pointer", "long", "pointer", "long", "pointer" }
LONG ANSWER
I was playing around with ReadProcessMemory, since I figured that before writing something you need to verify that this something actually exists. So one time I called ReadProcessMemory, and it returned a buffer that wasn't what I was looking for, but it wasn't empty either. In fact, it seemed something was written there - as in, an ASCII string. Not text, though, just some digits. But that was enough to convince me that the data actually came from somewhere.
So I grabbed Cheat Engine, opened the same process and ran a search for this string. And guess what - it actually was there, but the address was completely wrong. That led me to believe that the address is specified wrongly. After trying to find a way to generate a "pointer" object from a Lua number, I gave up and changed the types declaration - after all, a pointer is just a differently interpreted integer.
After all that, I did some investigating, including reading the sources of both lua and alien, and stepping through the relevant parts with a debugger. It turns out, the full walkthrough of the error is as follows:
The "pointer" keyword has special behaviour for strings: if your "pointer"-declared argument is actually a Lua string, then a new buffer is instantly created, the string is copied there, and it is used as the real argument.
Alien uses the lua_isstring function to implement this
lua_isstring returns "true" not only for actual strings, but for numbers as well, since they are auto-convertible into strings.
As a result, your SCOREREF is turned into a string, copied into a newly created buffer, and the address of THAT is passed into WriteProcessMemory as a void*.
Since the layouts of most processes in their respective address spaces are similar, this void* more often than not happens to coincide with an address of some thing or another in the target process. That is why the system call sometimes succeedes, it just writes into a completely wrong place.