- Features
- Understanding the root cause of the cheating problem
- Shutting cheat development down at its source
A kernel-level anti-cheat system to the widespread cheating problem, delivering a level of effectiveness that existing approaches simply cannot match.
It offers a clear competitive advantage over mainstream anti‑cheat systems through seamless integration and, most importantly, a design that avoids false bans.
The solution is capable of identifying a cheater's process regardless of how it gained kernel‑level access — even if the cheat operates entirely within kernel memory.
Despite this, my implementation detects it consistently, making it extremely difficult — if not practically impossible — for even the most experienced cheat developers to bypass.
This could be offered directly to any game developer on Windows as a standalone anti-cheat.
The core capabilities of this solution are already fully implemented. As a result, it is dramatically more cost‑efficient to maintain.
In live demonstrations with modern P2C's, the solution reliably identifies cheaters within a single gameplay session.
Its unique core functionality guarantees this advantage, and the architecture is designed to remain compatible with future Windows versions without requiring major rewrites or costly long‑term upkeep.
This gives game studios immediate, tangible proof of its impact — and a clear understanding of the ROI it can deliver from day one.
HEX DEREF ANTI‑CHEAT - A modern P2C user is detected during the very first round
A process list coming from user mode is not sufficient for this, since we assume that any potential cheat software (P2C) is already in the kernel before the anti‑cheat initializes. There are three scenarios. The cheat software may be a single visible or hidden process, or it may inject itself into a benign process. The third option is injecting directly into the game process, which introduces additional detection vectors. The last option is not possible if cheaters are forced to remain in user mode. Keeping things as simple as necessary ensures the codebase stays maintainable.
HEX DEREF ANTI‑CHEAT - Features
The advantages of a game studio compared to mainstream anti‑cheat solutions.
- Perfect integration with the anti‑cheat, because it includes maintainable HVCI‑compatible kernel driver source code
- Detects the cheat software from process memory as well as from kernel memory
- Even a single cheater is detected during the very first game round with this
- Players regain trust in the developer, as no sensitive data is shared with third parties anymore
- Easy to integrate with the game and requires very little maintenance
- Runs alongside Defender
- A signatureless detection engine - A proactive detection of both unknown and new cheats the moment they appear
- No false bans
- As customized software work. The game developer controls the bans. Or according to the agreement. The source code is a guarantee of transparency and GDPR compliance
And ultimately, the players who made your studio successful — the ones who built your reputation and enabled your growth — deserve better than a cheating problem allowed to run unchecked. When a solution exists that works from day one, choosing not to act sends a message. This approach gives you a way to protect your players immediately, decisively, and transparently.
HEX DEREF ANTI‑CHEAT - As a byproduct of developing an advanced anti‑malware platform
An HWID-locked P2C loads into the kernel before the anti‑cheat, it gains the ability to run sensitive or potentially dangerous operations unchecked.
As long as a cheater can access the kernel before or after the anti‑cheat, cheating in games will continue almost as before. I need to point out that what has been sold to game developers is essentially a pseudo kernel-level anti-cheat despite a long market presence. The situation changes fundamentally if you adopt my implementation.
This is a real, almost complete fix for the problem. Even a smaller software company can instantly outperform major industry anti-cheat vendors by using my concept and the fully functional HVCI-compatible kernel driver implementation, which passes the Microsoft kernel driver approval process without a single issue.
Now that fair play has become practically almost impossible in these games, many players who previously played legitimately end up purchasing P2C services, which only worsens the problem.
First of all, my kernel-level implementation creates an almost impenetrable barrier, forcing any cheat to operate strictly in user mode.
This is extremely difficult to bypass, even for a seasoned professional. As the lead developer of an anti-malware I know exactly what I am talking about.
The concept, as well as the kernel‑level driver code I have validated for long‑term stability, has been ready for years. The concept and implementation details are protected under an NDA. I can provide a conceptual overview for a 4,999 EUR BTC upfront payment, once the agreement is acknowledged from the CEO@yourcompany.com email address. This information and any associated source code shall not be disclosed, distributed, or otherwise made available to any third party under any circumstances.
I've have built a kernel‑level anti‑cheat system that detects more cheaters than EAC, BattlEye, ACE, XIGNCODE3 combined.
The core capabilities of this solution are already fully implemented, making it dramatically more cost‑efficient to maintain.
Its operational overhead is only a fraction of what any of these four mainstream providers require — several times cheaper to run while delivering stronger detection performance.
At the time the above‑mentioned email was received, the salaries somewhat as follows: https://gamejobs.co/Sr-Anti-Cheat-Engineer-at-Electronic-Arts
At the time the above‑mentioned email was received, the salaries somewhat as follows: https://gamejobs.co/Sr-Anti-Cheat-Engineer-at-Electronic-Arts
Shutting cheat development down at its source
When combined with the allowlisting mechanism demonstrated in my video, developing or running cheat tools while the game process is active becomes extremely difficult. As you saw, by default nothing non‑Microsoft signed launches — and even private, internal development tools fail to start. The same core principles that render advanced malware ineffective also power this anti‑cheat's ability to shut down cheat development at its source. In addition, no user‑mode cheat designed for the game is able to start at all.
At the very least, this raises the bar, making cheating in the game harder than ever before. Of course, the list of allowed programs is fully configurable by the game developers.
As a result, the cheater is effectively forced toward a DMA‑based approach,
since every conventional user‑mode method is blocked at the start.
A process list coming from user mode is not sufficient for this, since we assume that any potential cheat software (P2C) is already in the kernel before the anti‑cheat initializes.
There are three scenarios. The cheat software may be a single visible HWID‑locked process, or it may inject itself into a benign process (this is exactly where the allowlist comes in; it leaves very little room for the cheat software to hide).
The third option is injecting directly into the game process, which introduces additional detection vectors. The last option is not possible if cheaters are forced to remain in user mode.
Keeping things as simple as necessary ensures the codebase stays maintainable.
If the anti‑cheat does not operate at the kernel level, it cannot reliably detect even a virtual machine, which in turn gives a banned player endless opportunities to keep ruining other players games.
Or if an allowlist is not used. At the very least, developing P2C cheats remains safe without risking an HWID ban. A user‑mode anti‑cheat cannot detect a single HWID spoofer either.
The total price for this project is 49,999 EUR in BTC for a non‑exclusive license to the Windows kernel driver source code. The price includes the C++ source code for the service (SVC) process as well as the required LLVM-EX virtualization, which makes reversing the UM-KM communication as difficult and time‑consuming as possible.
I recommend purchasing the full package with source code, as the implementation is quite straightforward. With any modern P2C, I can demonstrate that even one cheater is detected during a single game session while my solution is active.
If you have a company and your own legitimate EV code‑signing certificate, send me an email from your company address if you're interested in some kind of collaboration. Please also include your Telegram in the email. Thank you.
White Byte © 2026 HEXDEREF.COM - DO NOT REPRODUCE CONTENT WITHOUT PERMISSION