Ironically, this is the kind of thing that sebinspace was complaining about, even if you’re saying more than just “it’s not hard!”
But the server only knows what the clients tell it. It’s not psychic or magic. And if the client is compromised, there’s all kinds of things you can do. One of the main goals is often just making exploits/cheats as difficult as possible.
On the client-side, some of the anticheat solutions are designed to help prevent the client being modified, or be able to detect if memory of running client has been modified, etc.
Some are to do some kind of regular cryptographic hash of what’s in memory and send that home in a way that is difficult to hack. But that’s difficult too because all the info needed to generate and send this home are running client-side. Its one reason that having TPM chips and things are potential security benefit.