I used to work on an anti-cheat briefly, and migrated away form relying on Windows API to do this as the parent comment suggested, instead we used cache timing "attacks".
Antivirus was a concern but easily solved by the fact that cheats access memory many times a second, antivirus does it rarely if ever.
Oldest trick in the book, good luck faking the PE signature to match the vendor's certificate ;-)
(Jokes aside, the kernel does not provide any information about which application reads a canary page. It's best to just use this as necessary condition and take it with a good pinch of salt.)
Antivirus was a concern but easily solved by the fact that cheats access memory many times a second, antivirus does it rarely if ever.