Detecting Instance.new() being fired

DISCLAIMER: THIS HAS NOTHING TO DO WITH CHILDADDED OR DESCENDANTADDED

Hello by the title you may think to yourself “This dude is dumb, just do something like ChildAdded or DescendantAdded functions.” I am trying to detect Instance.new() being fired via client. That reason being is checking if a child is a specific thing is useless now. People are able to SPOOF objects for example spoof a bodygyro to be a basepart or stringvalue. If one is able to detect Instance.new(), that’d be amazing. This is mainly for a rushed anti-exploit I am making in my game.

2 Likes

I don’t think this is possible due to it being a roblox function but I will do some research.

1 Like

You can’t as you are not able to write to default libraries in Roblox.

The closest you can get is by creating a wrapper but doing this would only be limited to the scope in which the wrapped library is defined.

just done some research, important things such as the game Datamodel are set to readonly mode ,meaning that you cannot do something like

Instance.new = function(self, ...)
  print(...)
  return self
end

There’s always work arounds for stuff like this. Looks like nobody on this devforum site knows I guess.

No there aren’t. Libraries are frozen tables.

3 Likes

Ok cool, let me know when you write to a frozen table

4 Likes

you should research what ReadOnly is and why you won’t be able to get around it ( you can’t even call table.isfrozen on Instance.new because it returns a function)

You can call table.isfrozen on the Instance library though. The Instance library is the table that contains the function to make the instance, same goes with any other data type and library.

image

1 Like

interesting [char limitttttttttttttttttt]

You can’t do detections for the client with the level of power Roblox gives you. Even if it’s a hidden script, they can disable it. Even if you sent an event to the server to check if they disabled that script, it STILL wouldn’t work since their client is sending that message to the server, and they’re still in control of choosing to send that message.

1 Like

you can parent it to nil that way :Destroy() or :Remove() can’t be called on the script

1 Like

There aren’t workarounds for this and I’m not sure why you want it anyways. How can someone inserting a BasePart be detrimental to your game?

4 Likes

Parenting it to nil doesn’t work, there’s a function to check for all nil objects >;)

there is a way to bypass that >;)

it has 0 Values though, hmmmmmmmm

You can’t detect when Instance.new is being used. There’s no “what people say are the limits” here; that’s just a fact.

If you truly want to know, make a wrapper for every Instance.new call you make, or use ChildAdded/DescendantAdded.

2 Likes

Of course, the problem with making a wrapper is that it’s specific to each script and a hacker can just make a new script without the wrapper.

And the problem with the question in general is that the hacker could basically paste object data into memory without ever needing Instance.new and the fact that this sort of thing is best protected against on the server.

2 Likes

You can’t do this, even if you could exploiters would find a way to bypass or just simply disable your code, after all exploit scripts run at higher priority.

You could use something like XSS stuff like instead of passing parent into the function you pass a custom object with a metatable that gets mentioned fires and if you are inside of the Instance’s “new” function, you could modify it from inside. You could do experiment from inside by using rawget and rawset