Kernel level, nah, probably don't have to code a driver/rootkit for an Anti-Cheat. No need to hook API functions when you could easily iterate through a process' module list and check the file paths for them. Most injected DLLs appear as a module so yeah.