The source you gave me refers to these A, B, C as 'registers'. Yes, you are correct that they are encoded inside the Lua instruction and can not be accessed globally.
Will make it more obvious that these registers are part of the instruction itself as it may confuse people that are familiar with more traditional VMs.
No, A, B and C are called "instruction field", not "register". The registers are referenced in the text like e.g. "R(A)" meaning "the register signified by instruction field A". E.g. the instruction "MOVE A B" is described as "R(A) := R(B)". Each register carries a Lua value. The registers are not part of the instructions, but part of the activation record, which is allocated when Lua enters a function.
Devirtualization is not the correct term. Devirt is a common compiler optimization, where a call through a function pointer is replaced with a direct call to the only possible target.
While I think you are right about devirtualization being used to mean that in the world of compilers, in the realm of code protection/obfuscation, obfuscating code by making in run in an embedded virtual machine is called virtualization, with the reverse being called devirtualization.
It's hard to put a exact date on the origin of "[de]virtualization" being used to refer to code obfuscation, but it's definitely been used since at _least_ 2007 in related academia. [0],
[0]: Kang, Min Gyung, Pongsin Poosankam, and Heng Yin. "Renovo: A hidden code extractor for packed executables." Proceedings of the 2007 ACM workshop on Recurring malcode. 2007
I also hate it when technical terms are needlessly overloaded, and I can only assume it's often because our field is fractured enough that even widely known terminology might not be known in every little niche. But one has to wonder... don't people use Google when they invent new terms?
Either way, I found this paper that describes a certain obfuscation technique as virtualization [1]. I can only assume that devirtualization is meant as the corresponding deobfuscation technique. So maybe it is the correct, if unfortunate, term. Quote:
> Virtualization-obfuscation replaces native code in a binary
with semantically equivalent and self-defined bytecode, which, upon ex-
ecution, is interpreted by a custom virtual machine.
These Lua communities are often where people start learning programming (me included). So a lot of terminology is often community made. I remember we referred to this as obfuscation in the garrysmod community, but it doesn't really surprise me these people call it "devirtualization".
I remember relearning all of these terms were a big challenge when stepping outside of Lua.
You are incorrect. I work with malware professionally, defeating a VM obfuscator is often called devirtualizing. There is also the compiler optimization term as you say, but terms can mean more than one thing...
While I was initially confused by the terminology, I think it kinda makes sense. As an example of other people using the term in this way, see the Tigress obfuscator:
I didn't realize a market for Lua cheats even exosted. It's interesting how people still put so much effort into reversing obfuscated Lua code when the hay day of Garry's Mod and World of Warcraft is way past it's prime. What's the point of maintaining these "Lua unlockers"?
Garry's Mod never had any offical way of selling addons. There are have been thirdparty platforms to do so and Garry has officially approved of them. I felt when these platforms got popular I noticed this need for obsfucation of Lua scripts in Garry's Mod. I've also heard of servers getting ddosed if they are known to pirate paid addons.
I've made one popular addon for Garry's Mod that lets you create custom avatars. It's a bit like a game engine where you have a scene graph with different types of objects you can add to your default avatar or override completely. The modifications can be "worn" while playing on a server so all the other players can see it.
There's also a market to sell and create these avatars.
If you have access to run Lua on the client (which is by default turned off) you can easily steal avatars by poking around in the Lua client state. There's a big demand from the community to make this more difficult.
For reasons due to how the addon is designed as an WYSIWYG editor and all of this being Lua I don't think it's feasible to obfuscate avatars that are worn. The only solution that seems to work for those who are worried is to have a whitelist/blacklist system that decides which other players can see your worn avatars. Of course that won't stop malicious servers from snooping on the network traffic, but these people are skeptical of wearing their avatars in servers they don't trust.
Personally I'm a huge advocate for free software and I always encourage people to share their avatars, or at least parts of them so that other players can learn how to make things. I also made many myself that are public.
> I've also heard of servers getting ddosed if they are known to pirate paid addons.
That's certainly an interesting way to police copyright violations. It's funny how the communities you describe might have foreshadowed NFTs. What I wonder is, do people no longer view these item as... just data?
I don't feel remotely old enough to use that phrase, but "back in my days", we were proud that data is a new kind of thing that can't be locked up or limited the way physical items can. I wrote little scripts to extract sprites from game files all the time. A "right-clicker", as you might say, only that little actual clicking was involved.
I still can't wrap my head around the fact that there are now "underground" communities who will happily do the exact opposite.
I think there's something about not being able to separate the data from art, especially if you created the art. Personally I have no issues doing this.
There's more of a worry if the data is more like instructions on how to create the particular piece of art. For instance a compiled blender model vs the blender project.
It's somewhat understandable that there's a need to protect the "how it was made" when it comes to art. For example if a musical artist creates a unique song that also becomes a hit, others will try to copy the sound of the song to get a ride on the hype. If it's popular enough it will happen regardless but if the "source code" of the song is available, ie instructions on how to create the unique sound this will happen a lot faster. And over time what made the song so unique and interesting is no longer that.
I think Skrillex is a good example of this. Suddenly everyone was trying to do the wobble bass, initially failing a bit but eventually the community nailed the recipe and thus saturated his sound.
So I would say it's inevitable regardless if you have the instructions on how to do it. It's just that it might take a bit longer if you don't.
Welcome to capitalism. I am a big fan of open-source but unfortunately, people are ripping off code from others in an attempt to monetize it. This is why obfuscation has become so important as it keeps those toxic people away for a bit.
The way I see garry's mod is that it's more of a high level Lua modding SDK for source engine. It comes with the sandbox "game" where you can usually build stuff or hang out, and a game called "trouble in terrorist town". https://www.troubleinterroristtown.com/
You can make your own gamemodes, or "addons" that work in any gamemode. The standard sandbox gamemode is typically extended with many addons.
Your question is a bit like asking what you can do on the internet. You can build a website or you can browse other websites. So in a way the garry's mod client is just a browser. On the hosting side you can very easily start a server and almost everything regarding custom content transfer is handled automatically.
Just like the web we've had many server exploits because they can execute lua on the client. We are now moving towards a permission based system on client to allow the server to execute things like programmatically opening external links, enabling the microphone, etc.
I wanted originally not to mention "the metaverse" here, but as far as I understand the idea of metaverse without VR, these games have been doing that long before metaverse was a thing.
It's commonly used as a platform for various wario-ware style minigames, often with hubs where players can save up points to buy cosmetics in the aforementioned minigames.
Selling gold in Word of Warcraft, especially classic that doesn't have the built-in mechanism, is quite a big market und these lua unlockers enable bots for farming.
The obfuscated code appears to implement a lua VM in lua and run the obfuscator's user's code in that. "devirtualization" here means removing that layer.
tl;dr Something to do with decompiling Lua bytecode, apparently towards unobfuscating obfuscated Lua? I couldn't find a short summary of why this is interesting.
That's wrong. A, B, C are not registers, but sections in an instruction which reference registers. Registers are identified by an 8 bit number, so there are much more than five registers. See e.g. https://the-ravi-programming-language.readthedocs.io/en/late... or https://www.lua.org/doc/jucs05.pdf.