Essentially, most cheats for games work because the program can access the RAM addresses that the game uses. Anticheat works by scanning the computer for these running programs/services that are known to be cheats.
Historically this has been done in userspace, ie. no elevated permissions. Nowadays, Kernel level AC let’s the AC check for deeper cheating methods, like devices that are operating on a driver level.
Currently, the most difficult to detect method is cheating using a 2nd PC that connects via a cable to a special PCIe device in the gaming PC. It essentially analyzes everything going to RAM and plucks out game related info. It’s currently a back and forth trying to hide that PCIe device from the anti-cheat.
Essentially, most cheats for games work because the program can access the RAM addresses that the game uses. Anticheat works by scanning the computer for these running programs/services that are known to be cheats.
Historically this has been done in userspace, ie. no elevated permissions. Nowadays, Kernel level AC let’s the AC check for deeper cheating methods, like devices that are operating on a driver level.
Currently, the most difficult to detect method is cheating using a 2nd PC that connects via a cable to a special PCIe device in the gaming PC. It essentially analyzes everything going to RAM and plucks out game related info. It’s currently a back and forth trying to hide that PCIe device from the anti-cheat.