C++ and process memory protection

Question

I know that WinAPI has built-in hacking functions.

I even used them in C# with Pinvoke... To hack Minesweeper... It was easy... So...

How i could protect my application from process memory editing, deny DLL injecting and other hacking ways. HOW?!

Hope WinAPI has something like void DontTouchMeOrIWillTerminateYou(bool protect) ...

Answer 1

Access control in Windows is on a per-object basis. If you want to protect the process object, you need to set the ACL of the process object, either when the process is created (through lpProcessAttributes of CreateProcess), or afterwards (through SetKernelObjectSecurity ). If you add a "deny all" entry to the ACL, attempts to open the process by an attacker will fail.

Of course, the owner of the process (and thus any malicious code run by the user) can change the ACL back to what it was - malicious code may not be prepared to do so, though. To prevent attacks from user space effectively, you need to run the process as a non-interactive user (eg as LocalSystem).

No amount of protection can prevent attacks from kernel space, so anybody who can install drivers can also hack any process on the system.

Answer 2

Hacking? No. It's called debugging (for the most part)

And the short answer to your question is "No, you cannot do that". I hear that in Vista and later there are some OS processes that you cannot debug (DRM processes and the likes), but I'm not sure if you can make your processes run that way.

The real question is why you want to do that, and don't you have more important things to worry about (say, performance and usability, not to mention correctness of your software)?

Answer 3

关于内存编辑，检测它的一个简单方法是对一些数据保持校验和。

Answer 4

不要在最终用户控制的计算机上部署/运行您的流程：而是在您自己的计算机上运行您的流程，让最终用户通过Internet与您的流程进行通信。