Cheating in online games: Is it possible to prevent one Win32 process from inspecting/manipulating another's memory?

Question

I play the online game World of Warcraft, which is plagued by automated bots that inspect the game's allocated memory in order to read game/player/world state information, which is used to mechanically play the game. They also sometimes write directly to the game's memory itself but the more sophisticated ones don't, as far as I know.

The game's vendor, Blizzard Entertainment, has a separate application called Warden that it is supposed to detect and disable hacks and cheats like that, but it doesn't catch everything.

Would it be possible to make a Windows application where you're the only one that can read the things you've read into memory?

Would that be pragmatic to implement on a large C++ application that runs on millions of machines?

Answer 1

Can't be done. The application is at the mercy of the OS when it comes to memory access. Whoever controls the OS controls access to memory. A user has full access to the whole machine, so they can always starts processes with privileges set to allow them to read from other processes' memory space.

This is assuming a 'regular' environment - today's hardware, with a multipurpose OS that allows several simultaneous programs to run, etc.

Think of it this way - even single-purpose machines where developers have full control over the hardware, with digital signing and all the tricks possible like the XBox or PlayStation can't manage to keep third-party code out. For a multi-purpose OS, it'd be 10 times harder.

Answer 2

If you want to achieve a real security, not only obscurity, this needs to be done at operating system level. This is a part of what is called Trusted Computing, something which was talked about a lot in the past years but no real progress was made (you can search for Microsoft Palladium for one example).

If you try to look at this a a cryptographic problem with a private and public keys, currently there is no way to hide a private key you use in your application from the hacker. Once the hacker finds your private key, he can use it to emulate your application - and all you can do is to make this somewhat harder.

Some partial solutions are possible in multiplayer games, where part of the game is run on servers. You can use the fact the hacker does not have an access to the server and therefore server can perform operations using its own private key which hacker is unable to get. This can help is some situations, but it far from being a general solution.