Menu
I know that WinAPI has built-in hacking functions.
I even used them in C# with Pinvoke... To hack Minesweeper... It was easy... So...
How i could protect my application from process memory editing, deny DLL injecting and other hacking ways. HOW?!
Hope WinAPI has something like void DontTouchMeOrIWillTerminateYou(bool protect)...
967
A memory protection unit (MPU), is a computer hardware unit that provides memory protection. It is usually implemented as part of the central processing unit (CPU). MPU is a trimmed down version of memory management unit (MMU) providing only memory protection support.
A memory protection key (MPK) mechanism divides physical memory into blocks of a particular size (e.g., 4 KiB), each of which has an associated numerical value called a protection key. Each process also has a protection key value associated with it.
In Memory protection, we have to protect the operating system from user processes and which can be done by using a relocation register with a limit register. Here, the relocation register has the value of the smallest physical address whereas the limit register has the range of the logical addresses.
The mprotect() function is used to change the access protection of a memory mapping to that specified by protection. All whole pages of the process's address space, that were established by the mmap() function, addressed from addr continuing for a length of len will be affected by the change of access protection.
Access control in Windows is on a per-object basis. If you want to protect the process object, you need to set the ACL of the process object, either when the process is created (through lpProcessAttributes of CreateProcess), or afterwards (through SetKernelObjectSecurity). If you add a "deny all" entry to the ACL, attempts to open the process by an attacker will fail.
Of course, the owner of the process (and thus any malicious code run by the user) can change the ACL back to what it was - malicious code may not be prepared to do so, though. To prevent attacks from user space effectively, you need to run the process as a non-interactive user (e.g. as LocalSystem).
No amount of protection can prevent attacks from kernel space, so anybody who can install drivers can also hack any process on the system.
197
Hacking? No. It's called debugging (for the most part)
And the short answer to your question is "No, you cannot do that". I hear that in Vista and later there are some OS processes that you cannot debug (DRM processes and the likes), but I'm not sure if you can make your processes run that way.
The real question is why you want to do that, and don't you have more important things to worry about (say, performance and usability, not to mention correctness of your software)?
39
About memory editing, a trivial way to detect it would be to keep a checksum to some of your data.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
