Geek Answers Handbook

C ++ and process memory protection

I know that WinAPI has built-in hacking features.

I even used them in C # with Pinvoke ... To hack Minesweeper ... It was just ... So ...

How can I protect my application from editing process memory, deny DLL injection and other hacking methods. AS?!

Hope WinAPI has something like void DontTouchMeOrIWillTerminateYou(bool protect) ...

+7
c ++ memory-management windows winapi
source share
4 answers

Windows access control works on a per-object basis. If you want to protect a process object, you need to set the ACL of the process object either when creating the process (via lpProcessAttributes of CreateProcess) or later (via SetKernelObjectSecurity ). If you add the "deny all" entry to the ACL, an attempt by an attacker to open a process will fail.

Of course, the owner of the process (and therefore any malicious code executed by the user) can change the ACL back to what it was - the malicious code may not be ready for this. To effectively prevent attacks from user space, you need to start this process as a non-interactive user (for example, like LocalSystem).

No protection can prevent attacks from the kernel space, so anyone who can install drivers can also crack any process on the system.

+9
source share

Breaking? Not. He called debugging (for the most part)

And the short answer to your question: "No, you cannot do this." I heard that in Vista and then there are some OS processes that you cannot debug (DRM processes and the like), but I'm not sure that you can get your processes to work that way.

The real question is, why do you want to do this, and don’t you have to worry about more important things (say, performance and usability, not to mention the correctness of your software)?

+4
source share

About memory editing, a trivial way to detect this is to keep a checksum for some of your data.

+1
source share

Do not deploy or run your process on an end-user-driven machine: instead, run the process on your own machine and allow end-users to communicate with your process over the Internet.

0
source share

More articles:


All Articles