Hello, i was in Studio, and I wondered, is there an event that fires when script is injected/ written in. I think its almost definitely not possible, but my thought process was that when i write in studio, there must be a signal that saves my changes into the game. This would make me able to detect exploiters script injecting. If you have any thoughts, let me know!
1 Like
game.DescendantAdded:Connect(function(object)
if object:IsA(“Script”) or object:IsA(“Local Script”) then
object:Destroy()
end
end
maybe this?
1 Like
This would not work. Studio has a much different script editing design to the actual Roblox engine, which features built-in Luau compiling before writing bytecode. However, most executors will either force overwrite the bytecode of scripts, which the engine is not generally designed to protect, or just schedule their own code to run on the Luau VM. They tend to avoid script instances entirely. Also, any checks you do add for such systems can be easily bypassed. For example, if it’s signal-based, exploiters would just use getconnections and disable your connection
1 Like
so, exploiters dont actually alter script instances? they alter bytecode. what csn they do with this bytecode?
unless they want to edit the code of the script, they won’t edit the script instance itself. Even then, the Roblox engine would not have such an event that fires because scripts aren’t designed to be edited at runtime. If they did, they would need to force the new code to be scheduled into the Luau VM, usually by disabling and re-enabling the script (which I guess you could detect, but it’d be easily bypassed, like I said before).
Anything they want, basically. Bytecode is the intermediate stage Luau gets compiled to, and is then interpreted on the Luau VM. However, exploiters have their own executor environments which means they can add their own C++ functions to be called from Luau, such as hookmetamethod, for example. This means they have a lot more power over the code they can run.
Here’s a little diagram to explain it better.
- there is ONE Luau VM on the Roblox engine (disregarding Parallel Luau). This interprets the bytecode and runs it.
- The bytecode of Roblox scripts is compiled and scheduled to run on this VM (Virtual Machine).
- Exploiters can compile their own exploit code separately and schedule it to run on this same Virtual Machine, allowing them to inject code. Since it’s compiled within a separate Luau environment, they can add extra functionality to their code.
1 Like
Short answer:
Exploiting doesn’t work like that, so no.
Long answer:
I’m going to oversimplify this, but basically exploits work by using a version of loadstring.
Since the LocalScript is not parented to anything (parented to nil), we cannot detect when the injector executes new code.
So, it does not create a LocalScript per se, but instead compiles the code given and executes it, just like loadstring would. There is even a ModuleScript that I found that is made to replicate the loadstring method without enabling it in ServerScriptService. I have zero idea how it works, but from what I understand it uses some fancy bytecode compilation. I am assuming that every executor has this functionality implemented.
@12345koip did a very good job explaining this.
But, yeah. You can’t detect when code is injected or executed. It requires kernel level/low level memory access, which Roblox very obviously won’t be giving you.
I would much rather stick with traditional anti-cheat systems for the time being.
2 Likes
Thanks, i now understand how exploits work. What does bytecode do in the Roblox engine (without exploiters) is it like server running?
I also get it that the scripts are compiled before the game is run, so if they were altered, it wouldnt exactly transfer into the game
1 Like
Bytecode executes your Luau code - it basically is your code.
Luau → Bytecode → Machine code
Luau gets compiled into bytecode, which is then interpreted on the Luau Virtual Machine.
Unless an exploiter edited the source and caused the code to be re-run, such as disabling and enabling the script. The main point of a Script instance (iirc) is to schedule code into the Luau VM, which is basically just saying “hey, you need to run this code” to the virtual machine.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.