windows has apis to find windows based on titles, but also to find by the class name, that never changes...
You may take a look at FindWindow function that dont need memory api, can be used with just dll.callfunction messy api.
That way u use the classname instead variable title stuff and do it on some timer. but believe me, it could be so easy to bypass that kind of stuff...
Talking about naming obfuscation, well, you have a function that uses getwindowtitle api, its pretty evident whats going on in there...
The xor crypting used was way too weak and its totally visible when it reach lua lexer, u could even generate a lua bytecode instead plain text chunk (also will be easy to break since luadec for 5.1.4 is almost perfect)
btw i dont see the point on blocking ollydbg... theres thousands of tools to rape autoplay bins and also lots of ways to make the protections inservible, like removing close messages on windows wndproc or hooking user32 to fake ur calls to windows api like findwindow... its just matter of time.
Crude reality is theres no way to hide code. code will be revealed always, period. You should focus on disabling code replacing injection.
Since lua has security flaws that allows to execute arbitrary x86 code, u may want to check out whats the game industry is doing, as lua is well known game middleware.
Idk i dont think u could do anithing about code revealing and injection when talking about lua vms...just u could obfuscate the code but since lua design it will be easy to recover, and even much more messy because everithing we add to ams runtimes is external because of the closed source so anithing u do will cause problems on runtime or loaded modules u know... its a mess. protecting it. wont happen.