[whoreTex]

Hello!

Im wondering whats the best way of preventing runtime patching?

I've considered hooking NtWriteProcessMemory system-wide, but that would most likely not be apprichiated by the users of my software and it's easily bypassable aswell, does anyone have other suggestion?

[rkhunter]

You mean ring3 ?

[EP_X0FF]

Hello!

Im wondering whats the best way of preventing runtime patching?

I've considered hooking NtWriteProcessMemory system-wide, but that would most likely not be apprichiated by the users of my software and it's easily bypassable aswell, does anyone have other suggestion?

Game protection? x64 support?

[everdox]

if you are talking ring 0 on x64 then aside from DKOM stuff I don't think you have a great deal of options. then again I'm not sure how patchguard itself reacts to all DKOM methods. <-- maybe someone can confirm that.

maybe instead of preventing you could work a system to detect and then react to runtime patching.

[whoreTex]

Hi

I forgot the mention that it's in ring3 only and only x86 system and it's not about game protection

[rkhunter]

Seems protect yourself from ring 3 this is not good idea because for full control you need injects into other processes and actually disrupt their work.