this post was submitted on 18 Mar 2026
44 points (97.8% liked)

PC Gaming

14402 readers
818 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 2 years ago
MODERATORS
EXiLExJD@lemmy.ca
UncleBadTouch@lemmy.ca
KairuByte@lemmy.dbzer0.com
44
How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection (s4dbrd.github.io)
submitted 2 weeks ago* (last edited 2 weeks ago) by Agent_Karyo@piefed.world to c/pcgaming@lemmy.ca
9 comments fedilink hide all child comments
 

Modern kernel anti-cheat systems are, without exaggeration, among the most sophisticated pieces of software running on consumer Windows machines. They operate at the highest privilege level available to software, they intercept kernel callbacks that were designed for legitimate security products, they scan memory structures that most programmers never touch in their entire careers, and they do all of this transparently while a game is running. If you have ever wondered how BattlEye actually catches a cheat, or why Vanguard insists on loading before Windows boots, or what it means for a PCIe DMA device to bypass every single one of these protections, this post is for you.

top 9 comments
sorted by: hot top controversial new old
[–] csolisr@hub.azkware.net 39 points 2 weeks ago (1 children)

BattlEye, EAC, and Vanguard are not documented to abuse this access for surveillance

According to whom? How can it be actually verified that they're not currently exfiltrating data?

[–] farngis_mcgiles@sh.itjust.works 13 points 2 weeks ago

they pinky promised that they aren't

[–] JohnWorks@sh.itjust.works 16 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

"Cheat developers began using PCIe DMA devices to read game memory directly through hardware without ever touching the OS at all. The response to that is still being developed."

What the fuck so they've put a device in-between the ram and system?

[–] NGram@piefed.ca 14 points 2 weeks ago

DMA devices aren't in between the RAM and CPU, but they can talk to both of them (somewhat) independently. It's more like a shared bus.

[–] JohnWorks@sh.itjust.works 9 points 2 weeks ago (3 children)

Can games be designed to have server side/server authority anti cheat? Or is the user's computer always going to have the ability to cheat in a game.

[–] JTskulk@lemmy.world 2 points 2 weeks ago

The answer always seems to be no for both performance and development reasons :(

[–] Eheran@lemmy.world 1 points 2 weeks ago

Server side protection for example only sends info where someone else is when you could actually see them. However this also means legit players see people suddenly appearing.

[–] csolisr@hub.azkware.net 1 points 2 weeks ago

Even if the server can validate every move is valid, a modified client can still have a degree of advantage that the server cannot detect directly, such as having full view of where is every enemy (wallhacks).

[–] Mwa@thelemmy.club 7 points 2 weeks ago

I still dont trust any anticheat that runs on the Windows NT kernel.
We need more better or open source anticheats that dont run in the kernel.
Or open source maybe can run in kernel idk.