Why can't windows kernel disallow cheater programs processes to access games memory at runtime through ACL (Access Control List) or other access control methods??
Memory Access Control in Windows Memory Management
142 Views Asked by Ahmed Waleed At
1
There are 1 best solutions below
Related Questions in MEMORY
- 9 Digit Addresses in Hexadecimal System in MacOS
- Memory location changing from 0 to 1 consistently on Mac
- Would event listeners prevent garbage collecting objects referenced in outer function scopes?
- tensorrt inference problem: CPU memory leak
- How to estimate the memory size of a binary voxelized geometry?
- Java Memory UTF-16 Vs UTF-8
- Spring Boot application container memory footprint (Java 21)
- Low memory Windows CE
- How to throw an error when a program acesses a block of memory created by you that has been deallocated by a call of free?
- Golang bufio.Scanner: token too long
- Get the address and size of a loaded shared object on memory from C
- In Redis Databases how do we need to calculate the table size
- ClickHouse Materialized View consuming a lot of Memory and CPU
- How to reduce memory usage for large matrix calculations?
- How to use memray with Gunicorn or flask dev server?
Related Questions in ACCESS-CONTROL
- Access-Control-Allow-Origin alwasy set to * in spring boot
- Unable to View Roles in Storage Account in Azure getting Blank
- How can i fix CORS policy problem in Nuxt?
- How do I enable access control on an already up and running MongoDb container?
- Is there a universal way to test the Access Control List of a folder and its children in PowerShell, independently of inheritance?
- CORS error when deploying MERN app: 'Access-Control-Allow-Origin' missing header for hosted server, and 404 Not Found on server deployment
- How can i restrict access to an Azure app service?
- Use my login system to control access to Digital Ocean Spaces objects
- Nestjs access control cannot read roles
- Creating a Limited Privilege PostgreSQL Role for Backend Server
- Conditional Binding for Objects in Google Cloud Storage Buckets
- Cloud Run/Build artifacts buckets are created with Fine Grained access policy by default
- Memory Access Control in Windows Memory Management
- Azure DevOps - Decode ACE permission bits
- Netlify Deployment Access-Control-Allow-Origin
Related Questions in WINDOWS-KERNEL
- Validating a client from kernel in Windows
- Windows kernel debugging with windbg through network: is there an alternative to ".kdfiles"?
- How can you get a DEVICE_OBJECT from the name of the device?
- Coding drivers to support different modes on chipsets
- TEB representation for ARM64, xpr register
- How to merge discontinuous memory
- How Windows Handle to associate corresponding object type?
- Viewing the named security attributes for token in windbg (kernel mode)
- Windows 10 64-bit (x86_64) ISR hook handler issue
- How to retrieve the cycle time of each processor in the system?
- Memory Access Control in Windows Memory Management
- Windows kernel mini redirector: Handle |FileNormalizedNameInformation| like |FileNameInformation|?
- How can I see API calls for specific processes in the Windows kernel driver?
- Windows Minifilter Driver: Error Faced - fltmc load failed with error: 0x8007007f the specified procedure could not be found
- Suspending a NDIS LWF
Related Questions in CHEAT-ENGINE
- How to find a sequence of bytes on the target program from my injected dll?
- AOB scan wildcrad generaor
- Lua change string using a loop
- How to read wildcards in python?
- How would I go about finding an alternative to obtaining a static pointer address?
- Cheat engine address to Intptr?
- Memory Access Control in Windows Memory Management
- Where is the difference between those two Assembly code snippet's?
- How do you set new values to every address you find in gdb with "find" at once?
- Pymem doesn't read the right values while CE does
- why break point not work when using CE(cheat engine) to debug a game in Android emulator?
- How to block a MessageBox with IDA?
- If then how to use ReClass here without having to use a 1 gb padding?
- Search In Memory Using X32dbg
- Could not read memory at: 28, length: 4 - GetLastError: 299
Related Questions in ANTI-CHEAT
- Is xxh64 hash suitable for file integrity check?
- How can I check that my Android app is not tampered with during runtime?
- Memory Access Control in Windows Memory Management
- Python Process Memory Detecting
- How could I detect if pyinput is being used on a Windows machine via remote desktop protocol?
- How to get notified when a new handle to my process is opened with OpenProcess from a foreign process?
- How can I detect Mouse Click simulated by SendMessage or PostMessage?
- Pointer base address/offset obfuscation as an anti-cheating measure in games?
- Preventing cheat in a clicker game in web
- Detect (or forbid) game bar within browsers
- How to use macro in an anti-cheat protected MMO?
- (C#) Why are the in-Game values not changed by my program?
- Is it possible to check through a browsers (javascript) if a user being controlled by a rtp
- Custom event: Instance trash mob requirement for quest completion
- How detect Cheat Engine?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Let's take an example.
Let's say we are a game publisher. We publish a game, which our customers can run under any user account (games very rarely requires to be run with elevated privileges).
A game user, alongside our game, also installs a game cheat which runs as the current user.
User starts running a game and their cheat (both running under the same user account). Now, the system won't prevent the cheat from accessing (e.g. reading and writing memory, modifying CPU context, etc.) the game process: processes inherit their privileges from the logon session, which is tied to a user account. So basically, any process can "access" any other process running on the same session (under the same user account).
Now, you might be thinking: there should be a way to tweak the game process privileges so that, even if it's running on the same user account as a rogue program (cheat), it can't be accessed from another program. But that contradicts various fundamental security principles of operating systems:
Now we decide we want to force our game users to run the game as elevated administrator (another possibility would be to install a service running as SYSTEM, then the game would be started by the service, thus the game would also be run as SYSTEM). But, thinking about it, nothing prevents the user to be running the cheat also as elevated administrator (we don't have any control on the user's machine). We are back to square one.
Enter kernel drivers. As a publisher we decide to ship our game with a kernel driver, so from the kernel side, we make the process memory unreadable and un-writable, basically preventing any access whatever the user account and privileges are (even administrator). To counteract that, the cheat engine also ships with a kernel driver [1], disrupting and undoing whatever our own kernel driver is doing.
Now we decide that we could DRM our game, preventing reverse engineering of the game and the kernel driver. But... the cheat engine now leverage virtualization features techniques which cannot be seen even from the kernel space... (virtualization controls the kernel space).
To sum up: ACLs are not part of the equation for anti-cheats on PC since, as a publisher, you can't (fortunately, for us as users) control the end-user machine. It's a never ending cat & mouse game.
[1] Even though drivers have to be signed to be loaded, you can leverage a legitimate but vulnerable signed driver to do whatever you want in kernel space. Those are called "loldrivers".