What can applications do to block other processes from ReadProcessMemory?

Question

In Windows Internals (7th edition), the author mentions that:

Threads cannot accidentally reference the address space of another process [...] unless the other process makes available part of its private address space [...] or unless one process has the right to open another process to use cross-process memory functions, such as ReadProcessMemory and WriteProcessMemory (which a process that’s running with the same user account, and not inside of an AppContainer or other type of sandbox, can get by default unless the target process has certain protections).

(Chapter 1, User-mode scheduling threads, emphasis added).

What are those "certain protections" I can add to my processes to prevent other processes from calling ReadProcessMemory and WriteProcessMemory? Is this protection enabled by default?

Does this mean that I can write a sketchy program that scrapes memory from other applications without needing admin?

Disclaimer: I work for Microsoft.

Answer 1

You must run as admin in order to write to an external processes's memory. But you do not need to run as admin to read.

Yes you can write programs that scrape external process memory.

All protections you make in usermode can easily be bypassing from usermode.

If you want to stop people from using ReadProcessMemory on your process, you need to make a kernel driver which strips handles opened by OpenProcess().

As a simpler usermode protection, you can enumerate all open process handle and close your process when a handle with permissions you dislike is found for your process (from a risky looking process). Still just a minor annoyance for someone with skills.