Can't Detect when things have been added to CoreGui?

Been trying to make more anti-exploit systems for my games. Recently, I’ve been looking for those that detect when an exploiter inserts a GUI into PlayerGui or CoreGui.

Right now I’m working on CoreGUI since that would interfere less with my game than a script that detects additions to PlayerGui, and this is the following code:

game.CoreGui.ChildAdded:Connect(function(a)
	print(a.Name.." was added to CoreGUI.")
end)

It is server-sided but I also have one in a local script in PlayerGui. However, when either runs, I get this message in Output:

What does this mean and how do I account for it?

I believe you can use the DescendantAdded event on the game object.

Through that, you should be able to check if it is a child of CoreGui by checking what GetFullName returns.

Additionally, this only works when used in a LocalScript. The server cannot see an individual player’s CoreGui.

You may also run into issues with proper stuff loading in, and creating a list of each acceptable item will be difficult. Also, there may be permissions issues when blindly using GetFullName like I am here, you’ll need to add checks to make sure your code doesn’t error.

As for what the error you received means, here’s a good write up about it: Security context

Example code:

game.DescendantAdded:Connect(function(descendant)
    local fullName = descendant:GetFullName()
    local paths = string.split(fullName, ".")

    if #paths >= 1 and paths[1] == "CoreGui" then
        print(descendant:GetFullName() .. " was added to CoreGui")
    end
end)
4 Likes

I had this appear in local output when I added to my game. The line in question is lua local fullName = descendant:GetFullName()

What checks would I need to add?

This should cover most bases, hope this helps.

game.DescendantAdded:Connect(function(descendant)
    local success, fullName = pcall(function() return descendant:GetFullName() end)
    if not success then
        return print("A locked object was added")
    end

    local paths = string.split(fullName, ".")
    if #paths >= 1 and paths[1] == "CoreGui" then
        print(descendant:GetFullName() .. " was added to CoreGui")
    end
end)
1 Like

Would this code detect when non-ROBLOX items to the game are added? Like if an exploiter tried to load up admin commands into CoreGui, would it detect that, but leave alone the default ROBLOX scripts?

1 Like

I assume that everything Roblox puts in CoreGui is locked, so it should not pass the success check. It may be safe to kick the player if anything gets beyond that, but be wary of false positives.

I’ll also add that any exploit that can access CoreGui, it may be able to lock it from normal script access.

1 Like

You can’t detect when thing get added to CoreGui for security reasons. Also, in order to access the player’s CoreGui, you need a local script since exploits work client sided, however, exploiters can simply delete your script.

so there’s really nothing that can be done to stop them then? the only thing I was working with was detecting things that got inserted into PlayerGui but even then there was a ton of locked ROBLOX stuff that it would pick up.

Roblox patched all ways to detect instances added to the CoreGui. Your not supposed to be able to access the CoreGuis.

You can only stop exploiters from abusing your game systems with sanity checks but you can’t stop them from using and activating their exploits, at least not forever. Also, exploiters don’t always insert their exploits into the game itself: some of them are parented to nil which can’t be accessed

lol it gets whenever a frame was added to the dev console for the text…
or whenever a player joins cuz of the frame.

Roblox just pushed a patch for these type of detections, if I were you stick to protecting the server and not the client.

The client should only be doing the following,

  • Rendering objects (Certain things that the server wont render, only replicate)
  • UX (Only focus point on the client will be how smooth, well tainted the transitions & gameplay are. )
1 Like