How do i block modules from being run in my game?

Help and Feedback Scripting Support
, , ,
#41

alright (be there in a second)

local bannedNames = {"dsjaj","dusua"}
for i = 1,#bannedNames do
if object:FindFirstChild(bannedNames[i],true) ~= nil then
object:Destroy()
warn("Malware object destroyed.")
end
end
#42

I want to target it at lots of viruses tho. Not just random require().

#43

Just keep adding to that bannedNames table.

#44

Read my entire post please.
I’m saying this is not a good practice, and is wasting more time than it would save.

1 Like
#45

So does that take the name of the module and if the require() links to that name then destroys it?

#46

It would be a lot faster and cheaper to just bring up all uses of require() to the user so they can see for themself whether they intended it to be run or not.

Otherwise you would have to keep updating a database as a full time job.

#47

No if it is in the game then it destroys it does not care about require() because that is too much work

#48

Okay. How would i do that then?

#49

In short: you can’t.

When a script calls require(id), that request is immediately passed off to the C side and only checks if the place has access to that module, and if so, loads and runs the code in it. This stuff is hard-coded and you can’t change it.

You could, strictly speaking, create a Studio plugin that screens scripts for require(id) calls and checks if any of those modules are on your banned list. However, someone could then just create a new module with a new ID that just requires the old ID. This is already common practice for people who create backdoors - I’ve seen chains like this that are over 80 modules long.

Maintaining an effective module ban list and staying up-to-date with the tricks people use to hide backdoors in free models is going to be an uphill battle.

2 Likes
#50

Adding names to that table will be more of a pain. There’s an infinite amount of names someone could name their script, and it’s very strenuous, if not impossible to include every variation of every single combinations of letters.

1 Like
#51

How would we do it otherwise then?

#52

If it’s a plugin, then read the source of every script and parse out require. If it is found then add it to a list. Display list to user when found.

This has been done in plugins many times, so this is not an original system. You can find this type of system in countless other “antiviruses” and even some open source ones

1 Like
#53

You can run a scan function when a object gets inserted.

#54

Okay, I might make something else then if Virus protection has really already been covered by so many people.