Niklas Therning ntherning

## Exploiting Lua 5.1 on 32-bit Windows.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ntherning
                / Exploiting Lua 5.1 on 32-bit Windows.md
            
            
              Last active
              April 21, 2023 11:12
                — forked from corsix/Exploiting Lua 5.1 on 32-bit Windows.md
            
          
    Exploiting Lua 5.1 on 32-bit Windows

The following Lua program generates a Lua bytecode program called ignore-unsigned-sga.fnt, which in turn loads a DLL from within an extremely locked down Lua 5.1 sandbox in a program called RelicCOH2.exe. The remainder of this document attempts to explain how this program works by a whirlwind tour of relevent bits of the Lua 5.1 virtual machine.
if string.dump(function()end):sub(1, 12) ~= "\27Lua\81\0\1\4\4\4\8\0" then
  error("This generator requires a 32-bit version of Lua 5.1")
end

local function outer()
  local magic -- In bytecode, the stack slot corresponding to this local is changed

  
## s3stat_setup.rb
# You can skip these lines if you'd prefer to work with s3sh
require 'rubygems'
require 'aws/s3'
include AWS::S3

AWS::S3::DEFAULT_HOST.replace "s3-eu-west-1.amazonaws.com"

AWS::S3::Base.establish_connection!(
   :access_key_id     => 'abc',
   :secret_access_key => '123'
	# You can skip these lines if you'd prefer to work with s3sh
	require 'rubygems'
	require 'aws/s3'
	include AWS::S3

	AWS::S3::DEFAULT_HOST.replace "s3-eu-west-1.amazonaws.com"

	AWS::S3::Base.establish_connection!(
	:access_key_id => 'abc',
	:secret_access_key => '123'