EAC bypass overlay flags undetectable

The bypass is based on CreateWindowEx and does not require any existing overlay to be hijacked. The compiled version of the manually mapped driver (C/C++) is a good solution for private use. If you need an undetected (UD) overlay for EAC/BattlEye. This is exactly what you want.

[+] Windows 10 compatible (22H2)
(Windows 11 22H2 support is to be added soon...)
[+] Bypasses every kernel (EAC, EAAC, BattlEye, VanGuard ...) and user mode anti-cheat (VAC/FairFight etc.) topmost overlay window checks
[+] Screenshot safe
[+] PatchGuard compatible DKOM
[+] Internal or external overlay is supported
[+] Secure boot compatible solution available
[+] Source code available for purchase

The compiled version of the manually mapped driver, that will be obfuscated, customized according to your preference, costs $279 USD and and is provided "AS IS" without warranty of any kind. Each version of the driver will be unique from kernel level anti-cheat perspective. Considering the security measures used, the detection rate should remain lowest possible.

1600:900

An overlay is a window on top of all other windows, such as a game window. EAC's checks for topmost overlays relies on user mode API's such as IsWindowVisible. The aforementioned bypass invalidates all of these user mode checks in a sophisticated way meaning that an advanced kernel anti-cheat such as EAC can enumerate the window but never detects the window as a topmost overlay hack. Overlay checks in EAC can be bypassed by modifying one byte in memory. This modification makes the overlay undetectable in EAC.

A typical topmost overlay is created using the following style:

WS_EX_LAYERED | WS_EX_COMPOSITED | WS_EX_TRANSPARENT | WS_EX_TOPMOST

These flags are required for Windows 10/11 to get an overlay that is clickable through. EAC tries to query the window for these flags including the window size to determine whether the window is a hack overlay or not and after the query the information is sent to the server.

If the size of the queried window matches the size of the game window with the topmost style, this may result either in a flag and/or ban. The bypass is applied and cloaked before the anti-cheat is run. In reality EAC nor any other anti-cheat will never receive the original flags the overlay was created with.

Overlay windows can also be enumerated from the kernel. Kernel mode checks are much harder to bypass. The implementation of kernel mode is a significantly more difficult because it's based on an undocumented tagWND structure that needs to be reversed and tested for each version of windows.

Despite all the encountered issues, the author bypassed also kernel mode window enumeration checks and implemented nearly a perfect kernel mode detection code for topmost overlay hacks. There is no difference in terms of detection between internal or external overlay.

BattlEye bypass topmost overlay detection

BattlEye's (BE) checks also relies on user mode API's such as GetWindow when it enumerates a list of windows. This is backed by https://secret.club/2019/02/10/battleye-anticheat.html. All of these user mode checks including window style checks will get invalidated or spoofed as soon as the bypass has been applied. You can create your internal or external overlay on top of the game window with the (WS_EX_TOPMOST) flag as there was no anti-cheat at all running. And the overlay is also screenshot safe. Ironically bypassing BE's detection just by modifying one byte in memory.

Source code

If you want to become a P2C or need a good external backup solution. The source code for the bypass costs $4,999 USD. The price includes undetected (UD) external (RW) via direct syscalls with handle elevation DKOM (UD in EAC 1.5+ years) bypassing every kernel and user mod anti-cheat. The source code is intended for those who have previous experience in coding kernel drivers. If necessary, initial support (max. 24 hours). The project compiles in VS2019+.

If you want support for something other than the listed versions of windows. $449 USD per additional version once you've purchased the main package.

Terms for the source code:

The origin of the source code must not be misrepresented. The original author of the source code is White Byte at overlayhack.com

The source code is sold unconditionally for private or internal company use. In no event you or the company who bought the source code may not distribute or resell the source code in any form or distribute information obtained from the source code to third parties. You may only distribute the code in a compiled form.

Bitcoin (BTC) is the only payment method for individuals. The customer should pay all fees. All sales are final and non-refundable regardless of the payment method used.

The author also coded PatchGuard and DSE bypass at runtime. Learn more https://overlayhack.com/patchguard-bypass
#1006
Title:
Administrator
12/11/2023 01:32 - 187 days 21 hours 25 minutes
#1006
This bybass invalidates all of userspace window checks such as NtUserBuildHwndList, NtUserFindWindowEx and NtUserQueryWindow.

If you hook anything from a legitimate overlay text section. This can be easily detected even by a user-mode anti-cheat.

Post a comment

Registered users do not have to enter captcha. A line in the code tag is currently limited to maxium of 160 characters.
Posting guidelines: You may not post any personal information. When you report an issue: Always mention which version and operating system and briefly describe the issue. Any support request post that does not include this information will be removed as spam without a reply.
Title
Tags You may use the following tags: [QUOTE] [/QUOTE] [B] [/B] [URL] [/URL] [CODE] [/CODE]
Captcha Please enter the text you see (case insensitive). The listed characters must be entered clockwise starting from twelve o'clock.
Comments are moderated Y