C++ and process memory protection

Question

I know that WinAPI has built-in hacking functions.

I even used them in C# with Pinvoke... To hack Minesweeper... It was easy... So...

How i could protect my application from process memory editing, deny DLL injecting and other hacking ways. HOW?!

Hope WinAPI has something like void DontTouchMeOrIWillTerminateYou(bool protect)...

Answer 1

Don't deploy/run your process on a machine controlled by the end-user: instead, run your process on your own machine, and let end-users communicate with your process via the internet.

Answer 2

About memory editing, a trivial way to detect it would be to keep a checksum to some of your data.

Answer 3

Hacking? No. It's called debugging (for the most part)

And the short answer to your question is "No, you cannot do that". I hear that in Vista and later there are some OS processes that you cannot debug (DRM processes and the likes), but I'm not sure if you can make your processes run that way.

The real question is why you want to do that, and don't you have more important things to worry about (say, performance and usability, not to mention correctness of your software)?

Answer 4

Access control in Windows is on a per-object basis. If you want to protect the process object, you need to set the ACL of the process object, either when the process is created (through lpProcessAttributes of CreateProcess), or afterwards (through SetKernelObjectSecurity). If you add a "deny all" entry to the ACL, attempts to open the process by an attacker will fail.

Of course, the owner of the process (and thus any malicious code run by the user) can change the ACL back to what it was - malicious code may not be prepared to do so, though. To prevent attacks from user space effectively, you need to run the process as a non-interactive user (e.g. as LocalSystem).

No amount of protection can prevent attacks from kernel space, so anybody who can install drivers can also hack any process on the system.