A PoC that hijacks Windows Magnifier to create a transparent overlay without injecting code into protected processes.
Note: This is a PoC with spaghetti code that demonstrates the technique, it's not meant to be production quality.
This project hijacks Windows Magnifier to create an overlay that works on top of any application, including games with anticheat protection:
- Launches Windows Magnifier
- Finds and hijacks its window by modifying properties
- Makes the window transparent, layered, and topmost*
- Renders content with DirectX 11 and ImGui
Key advantages:
- No code injection into protected processes
- No API hooking
- No game file modifications
- Works without directly interacting with protected processes
HWND MagnifierOverlay::FindMagnifierWindow() {
const char* magnifierClasses[] = {
"Magnifier",
"MagUIClass",
"Screen Magnifier Fullscreen Window"
};
return Utils::FindWindowByClasses(magnifierClasses, 3);
}Window style modifications:
SetWindowLongPtr(m_magnifierWindow, GWL_STYLE, originalStyle | WS_VISIBLE);
SetWindowLongPtr(m_magnifierWindow, GWL_EXSTYLE, (originalExStyle | WS_EX_LAYERED | WS_EX_TRANSPARENT) & ~WS_EX_NOREDIRECTIONBITMAP);
SetLayeredWindowAttributes(m_magnifierWindow, m_transparencyColor, 0, LWA_COLORKEY);This method avoids many common detection vectors, but could still be detected through:
- Magnifier window style modifications
- Window transparency attributes
- Extended window styles (WS_EX_LAYERED, WS_EX_TRANSPARENT)
- Magnifier process monitoring
- Unusual window z-order placement