Here's a good post on this subject: How to prevent cheating in our (multiplayer) games?
My thoughts on your list:
- KbDllHookStruct Injected Flag - You'll get false positives for users with virtual devices. This is also easy to fake using several undocumented methods.
- Scanning processes - Also prone to false positives and potential legal issues.
- Detecting injection - Many legitimate applications inject themselves into other processes (e.g. DisplayFusion, dxtory, fraps)
- Checking for VM - Playing a game in a virtual machine doesn't mean the player is cheating.
A few suggestions:
- In your process, scan and compute the hashes of loaded modules (including your own) and disconnect/ban if malicious assemblies are detected. Requires a store of known hashes.
- Check for the presence of a debugger.
- Check for memory/hardware breakpoints.
- Server/client-side vector checks for speed and teleport detection.
- Server-side checks are easier to implement, maintain and as Damon commented above, are much more reliable. Anything on the client can be subverted.