I know on ios and android it is harder for average user to access the ini files for user paramaters like number of coins, heallth etc...
But on windows they can easily open ini file and change the value of coins to say 999
so whats best way to protect this data from user hacks?
could you base64 encode the whole ini file then decode just before reading values, then reencode?
but could the user not intercept the intermediate decoded ini
Don't store it in files, store it on a server you control (implies network connectivity upon saving). Won't prevent a program from being modified to send spoofed data, of course. If everything resides on the user's computer, it's just a matter how interested a sufficient number of people are in figuring out what you do, and some of them publicly releasing ways of changing it. There's no fool-proof method, so you'll have to determine what your criteria for good enough are, starting with do you really care if some given individual cheats or not? Does that cheating impact you in any form whatsoever? If the answer is yes (the user can buy said coins for real money, etc.), don't rely solely on data on the computer.
Sure, base64 encode the file, but that is more than likely the first thing people look at. If you don't use that, rest assured there are plenty of people who are not afraid of simply picking apart your program to figure out any algorithm and reverse engineer it to do whatever they want.
The temporary decoded ini problem in itself is worked around by not using intermediate files, but decoding in memory and using ini_open_from_string() instead (and encoding the result from ini_close() and storing that content to a file).