Third Eye

Usermode WDA_MONITOR/WDA_EXCLUDEFROMCAPTURE bypasser using undocumented Windows functions with C# bindings.

Starring:

PEB walking
Halo's Gate
Custom PE sections
Undocumented Windows functions
Quick and dirty EDR/AV evasion (2/72 on VirusTotal)
Direct syscalls

Getting Started

Install the package:

dotnet add thirdeye

Usage (C#)

Take screenshots unmasking any hidden windows:

using ThirdEye;

using var session = new ThirdEyeSession()
session.CaptureToFile("screenshot.png");

Options are available:

using var session = new ThirdEyeSession();
var options = new ThirdEyeOptions(
    format: ThirdeyeFormat.Jpeg,
    quality: 90,
    bypassProtection: true
);
    
session.CaptureToFile("screenshot.jpeg", options);

If needed, screenshots can be stored in memory:

using var session = new ThirdEyeSession()
byte[] bufferData = session.CaptureToBuffer();

Usage (C/C++)

#include "thirdeye_core.h"

ThirdeyeContext* ctx = nullptr;
if (Thirdeye_CreateContext(&ctx) == THIRDEYE_OK) {
    Thirdeye_CaptureToFile(ctx, L"screenshot.jpg", nullptr);
    Thirdeye_DestroyContext(ctx);
}

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
dotnet		dotnet
.gitignore		.gitignore
CMakeLists.txt		CMakeLists.txt
LICENSE		LICENSE
README.md		README.md
dllmain.cpp		dllmain.cpp
internal.h		internal.h
main.cpp		main.cpp
syscalls.S		syscalls.S
thirdeye.def		thirdeye.def
thirdeye_core.cpp		thirdeye_core.cpp
thirdeye_core.h		thirdeye_core.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Third Eye

Getting Started

Usage (C#)

Usage (C/C++)

About

Uh oh!

Releases

Packages

Languages

License

lofcz/thirdeye

Folders and files

Latest commit

History

Repository files navigation

Third Eye

Getting Started

Usage (C#)

Usage (C/C++)

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages