Most cheating happens in software running on the gaming PC. DMA cheats break that assumption — and that is exactly what makes them so difficult for anti-cheats to deal with.
What DMA means
DMA stands for Direct Memory Access — a normal, legitimate feature that lets hardware devices read and write system memory directly, without going through the CPU. It is how disks, network cards and many devices work efficiently. A DMA cheat abuses this capability.
How a DMA cheat is set up
A DMA cheat typically uses two computers. The gaming PC runs the game normally. A separate device — often an FPGA-based card — reads the gaming PC's memory over the PCIe bus and sends what it finds to a second computer, which displays the cheat information to the player. The crucial detail: no cheat software runs on the gaming PC at all.
Why anti-cheats struggle with them
A software or kernel anti-cheat watches the machine it runs on. It looks for cheat code, injected modules and modified memory. A DMA cheat gives it nothing to find — the cheat's logic lives on another computer entirely. This is the hardest category of cheat for traditional anti-cheat to detect.
How anti-cheats fight back
Detection has shifted to the hardware itself. Anti-cheats examine the devices on the PCIe bus, looking for cards whose identifiers, configuration or behaviour do not match legitimate hardware. A DMA card pretending to be an ordinary device can give itself away through inconsistent firmware data or timing. It is an ongoing arms race rather than a solved problem.
The takeaway
DMA cheats are significant because they move the cheat off the monitored machine. They explain why anti-cheats increasingly inspect hardware identifiers and the PCIe bus — and why hardware identity, not just software scanning, has become central to modern anti-cheat.