An ioctl() call to detect memory writes

Not the person you were replying to, but I think it's somewhat analogous to why modern games use copy-protecting DRM for the initial release and drop it after like 3-6 months.

You aren't going to stop everything - if there's an enormous market for your project, people are going to throw themselves at it and eventually some portion are going to find ways around your mitigations.

But if you, say, filter out 95% of the people trying to circumvent you by making the barrier high enough, that may result in a good enough result that the thing you're trying to optimize for (protecting the huge upfront hump of initial sales, preventing your multiplayer experience from having a reputation for being instakill aimbots with no stopping them) might be achievable.

Of course, unlike that kind of use-until-burned DRM, cheat detection becomes an ongoing cat and mouse game for the game's lifecycle even if you are doing deeply invasive monitoring, so at some point you're (probably) going to end up having a tradeoff between using it as a varyingly weak signal to get human attention to look at a player and go "...are they obviously doing impossible things" and playing whack-a-mole with even more weird heuristics (and then, if you scale enough that you can't justify humans to do a priori review, just ban on the signal and clean up reports of false positives...).

I'm not, to be clear, claiming that any of the above invasive monitoring is good, nor that even the arguments about using e.g. Denuvo for protecting week 1 sales are accurate, but that that is my understanding of the rationales and tradeoffs involved.