I use eyestep to scan roblox addies. Only two of my functions are broken:
update_getstate
update_lvml

Here is my code:

#include "Eyestep/eyestep_utility.cpp"
#include "Globals.h"

namespace Updater
{
	static void update_print()
	{
		int print_call = EyeStep::util::nextCall(EyeStep::scanner::scan_xrefs("Video recording stopped")[0], false, false);
		uintptr_t print_address = base + EyeStep::util::raslr(print_call - 0x400000);
		Addresses::r_print = (Addresses::r_print_t)print_address;
	}

	static void update_lvml()
	{
		int lvm_call_maybe = EyeStep::util::prevCall(EyeStep::scanner::scan_xrefs("oldResult, moduleRef  = ...")[0]);
		uintptr_t lvm_addy = base + EyeStep::util::raslr(lvm_call_maybe - 0x400000);
		Addresses::r_luavm_load = (Addresses::r_luavm_load_t)lvm_addy;
	}

	static void update_taskdefer()
	{
		int tdefer_maybe = EyeStep::util::nextCall(EyeStep::scanner::scan_xrefs("Maximum re-entrancy depth (\%i) exceeded calling task.defer")[0], false, false);
		uintptr_t tdefer_addy = base + EyeStep::util::raslr(tdefer_maybe - 0x400000);
		Addresses::r_taskdefer = (Addresses::r_taskdefer_t)tdefer_addy;
	}

	static void update_getscheduler()
	{
		auto taskschedulera = EyeStep::util::getPrologue(EyeStep::scanner::scan("55 8B EC 64 A1 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC ?? 64 A1 ?? ?? ?? ?? 8B 08 A1 ?? ?? ?? ?? 3B 81 08 00 00 00 7F ?? A1 ?? ?? ?? ?? 8B 4D F4 64 89 0D ?? ?? ?? ?? 8B E5 5D C3 8D 4D E4 E8 ?? ?? ?? ?? 68 ?? ?? ?? ?? 8D 45 E4 50 E8 ?? ?? ?? ?? 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 83 C4 ?? 83 3D ?? ?? ?? ?? ?? 75 ?? 68 ?? ?? ?? ??")[0]);
		uintptr_t taskscheduler = base + EyeStep::util::raslr(taskschedulera - 0x400000);
		Addresses::r_getscheduler = (Addresses::r_getscheduler_t)taskscheduler;
	}

	// dont work
	static void update_getstate()
	{
		auto getstate_siggy = EyeStep::util::getPrologue(EyeStep::scanner::scan("55 8B EC 8B 45 08 8B 00 83 F8 ?? 77 ?? FF 24 85 ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C8")[0]);
		uintptr_t getstate = base + EyeStep::util::raslr(getstate_siggy - 0x400000);
		Addresses::r_getstate = (Addresses::r_getstate_t)getstate;
	}

	static void update_all()
	{
		update_print();
		update_lvml();
		update_taskdefer();
		update_getscheduler();
		update_getstate();
	}
}

Does anyone know xrefs for luavm::load? Or know how to find it in IDA pro?

Thanks, I'll look into that

Yeah, the addies work and all but execution is the problem. I'm making an external exploit, I think that's the problem. Should I just make it a DLL?

BTW ignore getls() that is very old idk it makes no sense ik

I have auto updating addresses, but my issue is actually making an execution method. Here is my code:

// Scanner.hpp - scans roblox addies, with the help of EyeStep reborn by MelonMRTS on github
#include "eyestep/eyestep.cpp"
#include "eyestep/eyestep_utility.cpp"
#include "scheduler.cpp"
#include "zstd/xxhash.h"
#include "zstd/zstd.h"
#include "luau/Luau/Compiler.h"
#include "luau/Luau/BytecodeBuilder.h"

int ASLR(uintptr_t addy) { return addy - 0x000000 + reinterpret_cast<uintptr_t>(GetModuleHandleA(NULL)); }
int RASLR(uintptr_t addy) { return addy + 0x400000; }

// 55 8B EC 8B 45 08 8B 00 83 F8 ?? 77 ?? FF 24 85 ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C8

uintptr_t base = reinterpret_cast<uintptr_t>(GetModuleHandleA(NULL));

class roblox_encoder : public Luau::BytecodeEncoder {
	std::uint8_t encodeOp(const std::uint8_t opcode) {
		return opcode * 227;
	}
};

typedef UINT(__fastcall* load)(UINT rL, std::string* source, const char* chunkname, int env);
typedef void(__cdecl* rbx_printf)(int type, const char* format, ...);
using r_taskdefer_t = uintptr_t(__cdecl*)(uintptr_t rl);
typedef int(__cdecl* rbx_getscheduler)();
typedef int(__thiscall* _getstate)(int scheduler_scriptcontext, int* type);

namespace Deobfuscation
{
	uintptr_t luastate(uintptr_t sc)
	{
		return (sc + 236) - *(uintptr_t*)(sc + 236); //u can find it in getstate
	}


	uintptr_t global(uintptr_t rl)
	{
		return (rl + 24) ^ *(uintptr_t*)(rl + 24);
	}
}

std::string compress(const std::string& data)
{
	std::string output = "RSB1";
	std::size_t dataSize = data.size();
	std::size_t maxSize = ZSTD_compressBound(dataSize);
	std::vector<char> compressed(maxSize);
	std::size_t compSize = ZSTD_compress(&compressed[0], maxSize, data.c_str(), dataSize, ZSTD_maxCLevel());
	output.append(reinterpret_cast<char*>(&dataSize), sizeof(dataSize));
	output.append(&compressed[0], compSize);
	std::uint32_t firstHash = XXH32(&output[0], output.size(), 42U);
	std::uint8_t hashedBytes[4];
	std::memcpy(hashedBytes, &firstHash, sizeof(firstHash));
	for (std::size_t i = 0; i < output.size(); ++i)
		output[i] ^= hashedBytes[i % 4] + i * 41U;
	return output;
}

namespace scanner
{
	static uintptr_t getprint()
	{
		int print_call = EyeStep::util::nextCall(EyeStep::scanner::scan_xrefs("Video recording stopped")[0], false, false);
		uintptr_t print_address = base + EyeStep::util::raslr(print_call - 0x400000);

		return ASLR(print_call);
	}

	static uintptr_t getluau_load()
	{
		int lvm_call_maybe = EyeStep::util::nextCall(EyeStep::scanner::scan_xrefs("oldResult, moduleRef  = ...")[0], false, false);
		uintptr_t lvm_addy = base + EyeStep::util::raslr(lvm_call_maybe - 0x400000);

		return lvm_addy;
	}

	static uintptr_t gettaskdefer()
	{
		int tdefer_maybe = EyeStep::util::nextCall(EyeStep::scanner::scan_xrefs("Maximum re-entrancy depth (\%i) exceeded calling task.defer")[0], false, false);
		uintptr_t tdefer_addy = base + EyeStep::util::raslr(tdefer_maybe - 0x400000);

		return tdefer_addy;
	}

	static uintptr_t gettasksched()
	{
		auto taskschedulera = EyeStep::util::getPrologue(EyeStep::scanner::scan("55 8B EC 64 A1 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC ?? 64 A1 ?? ?? ?? ?? 8B 08 A1 ?? ?? ?? ?? 3B 81 08 00 00 00 7F ?? A1 ?? ?? ?? ?? 8B 4D F4 64 89 0D ?? ?? ?? ?? 8B E5 5D C3 8D 4D E4 E8 ?? ?? ?? ?? 68 ?? ?? ?? ?? 8D 45 E4 50 E8 ?? ?? ?? ?? 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 83 C4 ?? 83 3D ?? ?? ?? ?? ?? 75 ?? 68 ?? ?? ?? ??")[0]);
		uintptr_t taskscheduler = base + EyeStep::util::raslr(taskschedulera - 0x400000);

		return taskscheduler;
	}

	// get luastate
	static uintptr_t getls()
	{
		const scheduler_t sched{ 0xF969E0 };
		uintptr_t sc = sched.get_script_context();
		return (sc + 308) + *(DWORD*)(sc + 308);
		if (sc == 0x0) { return 0x0; }
	}

	static uintptr_t getstate()
	{
		auto getstate_siggy = EyeStep::util::getPrologue(EyeStep::scanner::scan("55 8B EC 8B 45 08 8B 00 83 F8 ?? 77 ?? FF 24 85 ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C8")[0]);
		uintptr_t getstate = base + EyeStep::util::raslr(getstate_siggy - 0x400000);

		return getstate;
	}
};

I use this for getting the addys, so these are the addies I have. What can I do to run scripts?

Got print working, but how do I run luavm_load?  0x72A2A0 is the addy right?

So I know how to get the addies, but I don't know how to exec them. I know this sounds weird

When I run this code, it says memory access violation

Code: 

load luavn_load = (load)(lvm_loada);
r_taskdefer_t tdefer = (r_taskdefer_t)(tdefera);
_getstate gstate = (_getstate)(getstatea);
rbx_getscheduler getsch = (rbx_getscheduler)(scanner::gettasksched());
const auto print = reinterpret_cast<void(__fastcall*)(std::uint8_t, const char*, ...)>(reinterpret_cast<std::uintptr_t>(GetModuleHandle(nullptr)) + scanner::getprint());

print(0, "hey");

scheduler_t s(getsch());
int idk = 0;

lua_State* rL = (lua_State*)Deobfuscation::luastate(s.get_script_context());

luavn_load((UINT)rL, &comp, "", 0);
tdefer((UINT)rL);

u right im gonna use smth like zydis next

I think this is the biggest release for WRD this month. I'm talking about full updated addy methods for roblox, EyeStep examples, and an example dumper. 

Credits go to:

Me

Links:

Wiki: https://github.com/LLethul/ROBLOX/wiki

Example Dumper: https://github.com/LLethul/ExampleDumper

Please make a PR, or message me if you want to add something.