security – How can users verify a game distributed peer-to-peer has not been modified maliciously?

I’m interested in p2p software distribution, and I’m also directly including a modding interface into my game, which is built on my own custom engine.

I was working with a folder inside of the Roaming folder to store the data (resource, saves… etc), and I quickly figured out a malicious programmer could easily modify my program and make or erase (at least) folders.

How would one prevent this kind of modification, without owning the whole distribution process?

Do you really have to trust the provider/source to trust the software? Or could you trust software on the client side using some hash or such?

The only solution I can think of would be having a website on which I put a hash of my game, and any user that gets an instance of my game can verify it was not modified by hashing it and comparing it with the one on my website. But it is definetely not user-friendly at all…