this post was submitted on 18 Mar 2026
44 points (97.8% liked)

PC Gaming

14402 readers
983 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 2 years ago
MODERATORS
EXiLExJD@lemmy.ca
UncleBadTouch@lemmy.ca
KairuByte@lemmy.dbzer0.com
44
How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection (s4dbrd.github.io)
submitted 2 weeks ago* (last edited 2 weeks ago) by Agent_Karyo@piefed.world to c/pcgaming@lemmy.ca
9 comments fedilink hide all child comments
 

Modern kernel anti-cheat systems are, without exaggeration, among the most sophisticated pieces of software running on consumer Windows machines. They operate at the highest privilege level available to software, they intercept kernel callbacks that were designed for legitimate security products, they scan memory structures that most programmers never touch in their entire careers, and they do all of this transparently while a game is running. If you have ever wondered how BattlEye actually catches a cheat, or why Vanguard insists on loading before Windows boots, or what it means for a PCIe DMA device to bypass every single one of these protections, this post is for you.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] csolisr@hub.azkware.net 39 points 2 weeks ago (1 children)

BattlEye, EAC, and Vanguard are not documented to abuse this access for surveillance

According to whom? How can it be actually verified that they're not currently exfiltrating data?

[โ€“] farngis_mcgiles@sh.itjust.works 13 points 2 weeks ago

they pinky promised that they aren't