Modern kernel anti-cheat systems are, without exaggeration, among the most sophisticated pieces of software running on consumer Windows machines. They operate at the highest privilege level available to software, they intercept kernel callbacks that were designed for legitimate security products, they scan memory structures that most programmers never touch in their entire careers, and they do all of this transparently while a game is running. If you have ever wondered how BattlEye actually catches a cheat, or why Vanguard insists on loading before Windows boots, or what it means for a PCIe DMA device to bypass every single one of these protections, this post is for you.
Modern kernel anti-cheat systems are, without exaggeration, among the most sophisticated pieces of software running on consumer Windows machines. They operate at the highest privilege level available to software, they intercept kernel callbacks that were designed for legitimate security products, they scan memory structures that most programmers never touch in their entire careers, and they do all of this transparently while a game is running. If you have ever wondered how BattlEye actually catches a cheat, or why Vanguard insists on loading before Windows boots, or what it means for a PCIe DMA device to bypass every single one of these protections, this post is for you.
“Cheat developers began using PCIe DMA devices to read game memory directly through hardware without ever touching the OS at all. The response to that is still being developed.”
What the fuck so they’ve put a device in-between the ram and system?
Server side protection for example only sends info where someone else is when you could actually see them. However this also means legit players see people suddenly appearing.
Even if the server can validate every move is valid, a modified client can still have a degree of advantage that the server cannot detect directly, such as having full view of where is every enemy (wallhacks).
I still dont trust any anticheat that runs on the Windows NT kernel.
We need more better or open source anticheats that dont run in the kernel.
Or open source maybe can run in kernel idk.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
No game suggestions, friend requests, surveys, or begging.
No Let’s Plays, streams, highlight reels/montages, random videos or shorts.
No off-topic posts/comments, within reason.
Use the original source, no clickbait titles, no duplicates.
(Submissions should be from the original source if possible, unless from paywalled or non-english sources.
If the title is clickbait or lacks context you may lightly edit the title.)
According to whom? How can it be actually verified that they’re not currently exfiltrating data?
they pinky promised that they aren’t
“Cheat developers began using PCIe DMA devices to read game memory directly through hardware without ever touching the OS at all. The response to that is still being developed.”
What the fuck so they’ve put a device in-between the ram and system?
DMA devices aren’t in between the RAM and CPU, but they can talk to both of them (somewhat) independently. It’s more like a shared bus.
Can games be designed to have server side/server authority anti cheat? Or is the user’s computer always going to have the ability to cheat in a game.
Server side protection for example only sends info where someone else is when you could actually see them. However this also means legit players see people suddenly appearing.
Even if the server can validate every move is valid, a modified client can still have a degree of advantage that the server cannot detect directly, such as having full view of where is every enemy (wallhacks).
The answer always seems to be no for both performance and development reasons :(
I still dont trust any anticheat that runs on the Windows NT kernel.
We need more better or open source anticheats that dont run in the kernel.
Or open source maybe can run in kernel idk.