Ok, lemme ask: what is your threat model? Is it a script kiddie, or someone who writes ROP chains for a hobby? Because I'd argue cheat authors are the latter. And antivirus melts down against someone like that hacking their own machine, so how would anti-cheat do any better? https://twitter.com/the_secret_club/status/1251570150228230145 …
If you don't go to kernel you will also have the script kiddies in your threat model. You can absolutely detect many of the changes a cheat dev will make from kernel. You can barely detect any if you stick to your own process/usermode.
-
-
While the cheater is in kernel that is. If both parties were good boys and stayed in usermode. Sure it would be less privacy invasive for everyone, but the reality is what it is.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.