https://github.com/lofcz/thirdeye
The Third Eye 👁⃤
https://github.com/lofcz/thirdeye
bypass cpp obfuscation screen-capture screenshot
Last synced: 3 months ago
JSON representation
The Third Eye 👁⃤
- Host: GitHub
- URL: https://github.com/lofcz/thirdeye
- Owner: lofcz
- License: mit
- Created: 2025-12-12T15:28:19.000Z (4 months ago)
- Default Branch: master
- Last Pushed: 2025-12-13T22:24:38.000Z (4 months ago)
- Last Synced: 2025-12-15T17:20:48.547Z (4 months ago)
- Topics: bypass, cpp, obfuscation, screen-capture, screenshot
- Language: C++
- Homepage:
- Size: 604 KB
- Stars: 20
- Watchers: 0
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://www.nuget.org/packages/ThirdEye)
# Third Eye
Usermode `WDA_MONITOR`/`WDA_EXCLUDEFROMCAPTURE` bypasser using undocumented Windows functions with C# bindings.
Starring:
- PEB walking
- Halo's Gate
- Custom PE sections
- Undocumented Windows functions
- Quick and dirty EDR/AV evasion ([2/72 on VirusTotal](https://www.virustotal.com/gui/file/db1de8681fd4b86870bf6b1af50703a17f7997791387bb5d56b3d5130fe3f789?nocache=1))
- Direct syscalls
## Getting Started
Install the package:
```
dotnet add thirdeye
```
### Usage (C#)
Take screenshots unmasking any hidden windows:
```cs
using ThirdEye;
using var session = new ThirdEyeSession()
session.CaptureToFile("screenshot.png");
```
Options are available:
```cs
using var session = new ThirdEyeSession();
var options = new ThirdEyeOptions(
format: ThirdeyeFormat.Jpeg,
quality: 90,
bypassProtection: true
);
session.CaptureToFile("screenshot.jpeg", options);
```
If needed, screenshots can be stored in memory:
```cs
using var session = new ThirdEyeSession()
byte[] bufferData = session.CaptureToBuffer();
```
### Usage (C/C++)
```cpp
#include "thirdeye_core.h"
ThirdeyeContext* ctx = nullptr;
if (Thirdeye_CreateContext(&ctx) == THIRDEYE_OK) {
Thirdeye_CaptureToFile(ctx, L"screenshot.jpg", nullptr);
Thirdeye_DestroyContext(ctx);
}
```