堆栈内存溢出
  简体   繁体   English

C ++和进程内存保护

[英]C++ and process memory protection

 原文  2009-09-19 10:38:31       c++/ windows/ winapi/ memory-management

问题描述

I know that WinAPI has built-in hacking functions. 我知道WinAPI具有内置的黑客功能。

I even used them in C# with Pinvoke... To hack Minesweeper... It was easy... So... 我甚至在带有Pinvoke的C#中使用它们......要破解Minesweeper ......很容易......所以...

How i could protect my application from process memory editing, deny DLL injecting and other hacking ways. 我如何保护我的应用程序免受进程内存编辑,拒绝DLL注入和其他黑客方式。 HOW?! 怎么样?!

Hope WinAPI has something like void DontTouchMeOrIWillTerminateYou(bool protect) ... 希望WinAPI有类似void DontTouchMeOrIWillTerminateYou(bool protect) ......

4 个解决方案

解决方案1
 9  2009-09-19 10:57:27

Access control in Windows is on a per-object basis. Windows中的访问控制基于每个对象。 If you want to protect the process object, you need to set the ACL of the process object, either when the process is created (through lpProcessAttributes of CreateProcess), or afterwards (through SetKernelObjectSecurity ). 如果要保护进程对象,则需要在创建进程时(通过CreateProcess的lpProcessAttributes)或之后(通过SetKernelObjectSecurity )设置进程对象的ACL。 If you add a "deny all" entry to the ACL, attempts to open the process by an attacker will fail. 如果向ACL添加“拒绝所有”条目,则攻击者尝试打开该进程将失败。

Of course, the owner of the process (and thus any malicious code run by the user) can change the ACL back to what it was - malicious code may not be prepared to do so, though. 当然,进程的所有者(以及用户运行的任何恶意代码)可以将ACL更改回原来的状态 - 但恶意代码可能不会这样做。 To prevent attacks from user space effectively, you need to run the process as a non-interactive user (eg as LocalSystem). 为了有效防止来自用户空间的攻击,您需要以非交互式用户身份运行该过程(例如,作为LocalSystem)。

No amount of protection can prevent attacks from kernel space, so anybody who can install drivers can also hack any process on the system. 没有多少保护可以防止来自内核空间的攻击,因此任何可以安装驱动程序的人也可以破解系统上的任何进程。

解决方案2
 4  2009-09-19 10:59:15

Hacking? 黑客? No. It's called debugging (for the most part) 不,它被称为调试(大部分)

And the short answer to your question is "No, you cannot do that". 对你的问题的简短回答是“不,你不能那样做”。 I hear that in Vista and later there are some OS processes that you cannot debug (DRM processes and the likes), but I'm not sure if you can make your processes run that way. 我听说在Vista中以后会有一些你无法调试的操作系统进程(DRM进程等),但我不确定你是否可以让你的进程以这种方式运行。

The real question is why you want to do that, and don't you have more important things to worry about (say, performance and usability, not to mention correctness of your software)? 真正的问题是你为什么要这样做,而且你不必担心更重要的事情(比如性能和可用性,更不用说软件的正确性了)?

解决方案3
 1  2009-09-19 11:08:28

关于内存编辑,检测它的一个简单方法是对一些数据保持校验和。

解决方案4
 0  2009-09-19 12:52:01

不要在最终用户控制的计算机上部署/运行您的流程:而是在您自己的计算机上运行您的流程,让最终用户通过Internet与您的流程进行通信。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 C ++:OpenMP共享内存保护 - C++: OpenMP shared memory protection 在 C++ 中读取进程内存 - Read Process Memory in C++ 进程 C++ 的读取内存 - Read Memory of Process C++ 在内存C ++中创建进程 - Creating a process in memory C++ C++:正在搜索 Memory - C++: Searching in Process Memory C++ 如何防止 Memory 保护违规? - C++ How do I prevent Memory Protection Violation? 从内存C / C ++运行进程 - Running a process from memory C/C++ 从C ++获取进程的内存使用情况 - Get memory usage of a process from C++ C++ 进程正在缓慢泄漏 memory - C++ process is leaking memory slowly C++ 写入具有受保护内存的进程 - C++ Write to a process with protected memory
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM