I don’t know the rate of how often it’ll result in a false-positive outcome but this is more of a “beginner” method for detecting script executions, such as Dex prior it being patched.
Most versions of Dex (speaking from personal use) use a GUI. There was a very easy way to detect them. Although I don’t know how they hide it nowadays.
gethui()
and syn.protect_gui()
literally makes it difficult to even find the GUI in the first place. That’s why some uses memory, UserInputService loopholes or ContentProvider to find these GUIs.
There is so much conflicting information circulating on this thread that i am relatively certain that half of what is said on here is misinformation.
Not calling anyone out, but there can’t be two right answers when the information on both sides is conflicting.
99.9% of gethui() functions just return CoreGui lol
the most recent dex has alot of detection vectors
They just place the gui in CoreGui and remove Its environment to secure it in most cases, lol
So It’s still detectable, also Dex can get detected with weak tables iirc.
weaktables, memory, their own hooks (one which is a one liner), dex is by no means secure
This is really true, also before anyone In this topic starts rambling about Secure Dex
with “Anticheat Bypasses”
That dex alone created 13 more different detections to dex.
(and also a way to hijack the environment of any unprotected executor the moment they execute the script)
I started this thread to share information on how to stop hackers. It is not longer that. After this post, you must:
Explain your contents of your post
If applicable, provide a snippet of code as an example.
Please stop spreading misinformation!