Ohhh, those are UEFI cheats. This is the reason that kernel anti-cheat games require Secure Boot.
You can, when Secure Boot is disabled, use the UEFI to load a driver that can perform DMA actions prior to loading the Windows kernel. A user could then run an innocuous piece of software that would communicate with the driver and send the data to the USB device which would run the cheat software and do the mouse manipulation (and you would configure the devices from the gaming PC over the same USB interface). e: This could technically be detected because there is still software running on the user’s PC that the anti-cheat software could detect and a USB device that could, if the firmware is not properly flashed to a firmware pretending to be something innocuous (typically a NIC or Audio device).
This let anybody willing to install a UEFI driver of unknown origin have access to DMA without needing to buy an expensive card. This is only possible on any game that doesn’t mandate Windows 11 and Secure Boot (though there was a recent exploit discovered with some motherboards [CVE-2025-11901, CVE-2025-14302, CVE-2025-14303 and CVE-2025-14304] that allowed an attacker to obtain DMA access prior to the IOMMU being properly initialized (which would restrict DMA access).
This would allow an attacker to run software on a second PC that would use this lapse to inject a hacked UEFI driver via a hardware DMA device, then you could just send the memory data over USB to a second cheating device.
Ohhh, those are UEFI cheats. This is the reason that kernel anti-cheat games require Secure Boot.
You can, when Secure Boot is disabled, use the UEFI to load a driver that can perform DMA actions prior to loading the Windows kernel. A user could then run an innocuous piece of software that would communicate with the driver and send the data to the USB device which would run the cheat software and do the mouse manipulation (and you would configure the devices from the gaming PC over the same USB interface). e: This could technically be detected because there is still software running on the user’s PC that the anti-cheat software could detect and a USB device that could, if the firmware is not properly flashed to a firmware pretending to be something innocuous (typically a NIC or Audio device).
This let anybody willing to install a UEFI driver of unknown origin have access to DMA without needing to buy an expensive card. This is only possible on any game that doesn’t mandate Windows 11 and Secure Boot (though there was a recent exploit discovered with some motherboards [CVE-2025-11901, CVE-2025-14302, CVE-2025-14303 and CVE-2025-14304] that allowed an attacker to obtain DMA access prior to the IOMMU being properly initialized (which would restrict DMA access).
This would allow an attacker to run software on a second PC that would use this lapse to inject a hacked UEFI driver via a hardware DMA device, then you could just send the memory data over USB to a second cheating device.