How can I avoid cheat engine to see my strings at runtime

1.7k views Asked by At

I was playing with the CheatEngine and saw that it can view all my string in a client side application. I wonder what should I do to make the cheat engine not see my string at runtime. I tried every kind of approach that I knew, but whenever I have a string CheatEngine can view it. I would like to prevent this, or at least the CheatEngine visualize encrypted strings instead.

2

There are 2 answers

1
vcsjones On BEST ANSWER

What you are asking for is very difficult to accomplish, correctly.

Many will point out that the SecureString class can be used to keep strings that are in-memory safe. There are a lot of caveats to using a secure string.

  1. You need to create it securely. If you already have a string, you could just copy it into the SecureString by looping over each character. That doesn't accomplish anything though, because the original string is still there. It might get garbage collected later, but garbage collection does not mean the string's memory is zeroed. You could use unsafe code or platform invoke to zero a string in the CLR. However if your string is interned, you might end up breaking your program.
  2. Let's say that you were able to create a SecureString securely, and ensure the source of the secure string is zeroed. You can't really do much with a SecureString. Not of lot of APIs can do anything with them. At some point, you need to convert them back to a plain old string, use the string, and zero it. If the underlying API does anything insecure, like make a copy of it, then you won't be able to know where the copy is. And for that brief period of time where the plain old string exists in memory, an engine that is constantly monitoring your process's memory can grab it.

What I am really driving at here, is that protecting a process's memory from someone that has Administrative rights on the box is more-or-less impossible, and the .NET Framework complicates that matter. The CLR is designed to manage memory for you, which can run counter to your needs of explicit memory management.

10
Ludovic Feltz On

Try to use SecureString class !

Represents text that should be kept confidential. The text is encrypted for privacy when being used, and deleted from computer memory when no longer needed. This class cannot be inherited.