I am aware of game:GetService(“Stats”).Lua.threads but it has PluginSecurity. Couldn’t find any documentation, but I thought to ask here.
The game engine internally uses threads however there is no way to create or manipulate them in Lua. All Lua is run on a single thread. Because we cannot manipulate them nor create them, I’m wondering what the application is and if there is a better way do achieve it?
Lua’s coroutines are sometimes (and confusingly) called threads (even in the documentation) but they do not run in parallel. They are a form of cooperative multitasking (one task intentionally stops so another can run). These are used internally by the Roblox scheduler. You are not looking for the number of active coroutines, are you?
2 Likes
What I’m trying to do is create a thread counter so that I can account for every thread that is running on a client. Its an attempt at exploit prevention.
If an exploit is injected it should create extra threads that have not been accounted for by my own scripts, and thus the player can be flagged.
These kind of detections are a very very VERY bad practise. It’s very likely that, even if it is possible, it will probably give you a lot of false positives, and I really mean that.
I’ve seen some people attempt to make a memory based detections by using the stats service or collectgarbage("count") and they tended to kick you if you i.e. opened the dev console, sometimes even on join.
8 Likes
As Kiriot mentioned, it’s too vague a method to use. One of the best ways you can prevent exploiters is simply making your game hard to exploit; never trust the client.
The method I’ve been using to stop exploiters is running as little exploitable things on the client as possible. For example, in a minigame I made, I made use of the Touched event and did so on the server rather than the client. I keep all the player’s stats on the server as well. The only thing I do on the server is create cool effects when a player is tagged and so on.
Another thing you can do is simply sanity check, if a player is clearly doing things they definitely shouldn’t be able to, then something is very wrong. Flying, jumping endlessly, going through walls, shooting or dealing damage through walls. Stuff like that.
2 Likes
This is for a war clan, so we’re facing issues like:
- Hitbox expansion
- ESP/injected GUIs
- Map stealing
I do have an existing solution for them as they’re all based on injected objects, but the issue is that exploits can use CoreGui and thus I need to use game.DescendantsAdded to listen for injections there. This ends up resulting in lag due to the sheer amount of times the event is fired (I assume).
Since this thread idea clearly won’t work out I’m probably going to clean up the code used to process added descendants and hopefully remove the lag due to the event.
Unfortunately, map stealing and ESP/Guis are the kind of things you cannot fully prevent (or at all).
When a player joins your game, in order for them to see the map and interact with it, it has to be downloaded to their PC. There is no other way, that’s just how games work.
About guis, you indeed can detect some or most guis placed under CoreGui, but some exploits use the ImGui lib for drawing directly on the roblox’s window, without using any roblox mechanics at all. It allows exploiters to create undetectable guis and ESPs, as they don’t interact with lua in any way.
I don’t know about hitbox expansion as I don’t have experience in that field. Maybe someone else can help you prevent that.
Hitbox expansion seems like something done on the client, not the server. It sounds like an issue caused by trusting the client with hitbox detection. Once again sanity checks also exist if you want to smoothen things up on the client for hitbox detection.
When it comes to Map stealing, the only thing that can be stolen is what’s being replicated to the client. Unfortunately there’s little you can do when it comes to this without removing the map altogether.
1 Like
Hitbox expansion can happen when either the server trusts the client with hit detection, or when the server’s hit detection offers compensation for latency. By manipulating timings, one can gain the advantage of this larger hitbox without the disadvantages of actual latency.
For more info on making exploiter proof guns, check out my response here:
2 Likes
Thanks for the resource, will check it out!