Game Hacking Guides

Streamproof Explained: How Cheats Stay Invisible on Stream in 2026

May 16, 2026Nathan Reed10 分钟阅读

Not just "beats OBS." A real breakdown of how streamproof overlay systems work: capture API differences, why Shadowplay is a separate problem, anti-screenshot vs streamproof, and when only DMA closes every gap.

Streamproof Explained: How Cheats Stay Invisible on Stream in 2026

What streamproof actually means

You clip a clean play, post it to your friends, and a week later your account is gone. You scrub back through the clip frame by frame and there it is in the upper corner: a box that has no business being there. The anti-cheat never touched you. A human reported you off a video you uploaded yourself.

Streamproof is the property that stops exactly that situation. A properly built streamproof overlay draws boxes, skeleton outlines, and radar data on your physical monitor while every recording application that runs on your machine captures nothing but raw game footage. Same screen. Two entirely different images: one landing on your eyes, one going to the file or the stream.

The word gets used loosely. A lot of providers claim it and mean "beats OBS Game Capture in one specific mode." That narrow definition is where accounts get lost. What streamproof actually requires is surviving every capture path Windows exposes, not just the obvious one.

Game Capture vs Display Capture

The first thing to understand is that recording software does not have one way of seeing your screen. It has two modes that work on completely different principles, and a build that defeats one of them while failing the other is not streamproof.

OBS Game Capture injects a hook into the game process itself and grabs frames directly from the GPU buffer the game writes to. It sees exactly what the game renders, nothing more. If a cheat draws into that same buffer, Game Capture reads those pixels as part of the game and they show up in the recording. OBS Display Capture, Discord stream, and Xbox Game Bar do the opposite: they do not care about the game process at all. They ask Windows for the finished composited desktop image, the same frame that would go to the monitor, and record that instead. Beating one mode while failing the other puts the overlay in the clip.

Nvidia Shadowplay (GeForce Experience) and AMD ReLive complicate this further. These tools use GPU-level capture APIs, NVFBC for Nvidia hardware and AMFBC for AMD, which bypass the Windows compositor entirely and read directly from the framebuffer on the graphics card. Standard window exclusion flags do not always reach that layer. A streamproof build that relies only on Windows API tricks may still be visible in a Shadowplay recording, which is why architecture matters more than a single flag.

The capture APIs that matter

Underneath Game Capture and Display Capture are the actual Windows interfaces that software uses to pull pixels off the screen. Each one behaves differently, and a streamproof build is designed around what each can and cannot see.

API What it reads Respects exclusion flags
GDI BitBlt, PrintWindow Per-window pixel copy from a software buffer. Old path used by simple recorders and anti-cheat screenshot functions Partial
DXGI Desktop Duplication Full desktop frame from GPU memory. Backbone of high performance Display Capture in OBS and similar tools Yes, with correct flag
Windows Graphics Capture (WGC) Modern Windows 10 and 11 per-window or per-monitor capture used by Discord, Xbox Game Bar, modern OBS Yes, WDA_EXCLUDEFROMCAPTURE
NVFBC, AMFBC GPU-level framebuffer read by Nvidia and AMD recording tools, bypasses Windows compositor No, requires DMA or kernel layer

The flag column is what determines whether a software streamproof method holds up. Windows Graphics Capture and DXGI respect SetWindowDisplayAffinity when set to WDA_EXCLUDEFROMCAPTURE. The GPU-level paths used by Shadowplay and ReLive do not. Medal.tv and Outplayed use WGC and DXGI in most configurations, so a correctly flagged external window beats them alongside OBS. Shadowplay is a separate problem that requires a different layer of isolation.

Why internal cheats bleed to stream

An internal cheat injects a DLL into the game process and hooks the graphics pipeline directly, intercepting calls like the DirectX Present function or glDrawElements. It draws from inside the game's own render loop, which gives it pixel-perfect positioning and fast refresh. It is also the reason internal builds appear in recordings. This is the core structural reason why CS2 and Valorant premium builds default to external architecture.

The cheat's visuals are written into the game's swap chain before the frame leaves the render pipeline. When OBS Game Capture grabs that buffer, the overlay pixels are already baked in. The recording software has no way to separate them from the game image because they were added at the same stage the game adds its own graphics. They are not on top of the frame. They are inside it.

Making an internal build streamproof is technically possible but it requires drawing after the capture hook intercepts the frame, which means manipulating exactly where in the present chain the overlay gets inserted. Few providers do this correctly. If a product is internal and claims streamproof without explaining the mechanism, test it under Display Capture before you trust it in a live game.

How external overlays disappear from recordings

An external cheat runs as its own process completely outside the game. It reads memory from outside, does its own world-to-screen math, and draws into a transparent top-most window that floats above the game viewport. Nothing it does touches the game's rendering pipeline. The game's draw calls are untouched and every integrity check on those functions finds nothing.

The mechanism that removes the overlay from capture is a single Windows API call: SetWindowDisplayAffinity with the value WDA_EXCLUDEFROMCAPTURE. When this flag is applied to the overlay window, the Desktop Window Manager includes that window in the signal it sends to the physical monitor but strips it from the frame it hands to WGC and DXGI. The monitor shows the overlay. Every recording application gets a transparent gap where it was. The window also carries WS_EX_LAYERED and WS_EX_TRANSPARENT style bits so mouse input passes through to the game without interference.

This is why external architecture is the standard for premium builds. Streamproofing is a property of the architecture, not a feature bolted on afterward. An external window with the correct flag set is invisible to every WGC and DXGI consumer by design, not by workaround.

Streamproof vs anti-screenshot: not the same thing

These two features solve different problems and are often confused. Understanding the difference matters because some providers advertise one while the other is what you actually need.

Streamproof hides the overlay from OBS, Discord, Xbox Game Bar, Medal.tv, Shadowplay, and any other recording software running on your machine. The threat it defends against is a clip or stream where overlay visuals appear in the recorded footage.
Anti-screenshot defends against a different attacker: the anti-cheat system itself. BattlEye, Easy Anti-Cheat, and older systems like Punkbuster periodically capture the player's screen and transmit that image to their servers for review. Anti-screenshot works by hooking the capture functions those systems use, GDI BitBlt and PrintWindow in most cases, and returning a clean frame to the anti-cheat while the real overlay stays visible to the player.

A build can be streamproof without being anti-screenshot, and anti-screenshot without being streamproof. The strongest setups cover both independently. Streamproof closes the video evidence path; anti-screenshot closes the automated server-side scan path. Losing one while having the other still leaves a gap that costs accounts.

DMA hardware: capture cannot reach it

Software streamproofing depends on Windows honoring flags. Hardware capture paths like NVFBC can bypass those flags entirely. DMA removes the question by taking the cheat off the game machine completely.

A DMA setup routes a Xilinx-based FPGA card through a PCIe slot on the game machine and runs the actual cheat software on a second computer. The card reads RAM over the bus. On the game PC there is no cheat process, no cheat window, no cheat driver, nothing for OBS, Shadowplay, or an anti-cheat scanner to find. The overlay is composited into the video signal through a hardware fuser before it reaches the monitor, at the cable level, never touching Windows at all. For high-stakes titles like Tarkov where BSG runs manual account reviews, DMA is the only method that closes every software detection path simultaneously.

Because the cheat image never exists as software on the game machine, NVFBC cannot capture it, WGC cannot capture it, and even a game PC screenshot taken by anti-cheat shows only clean footage. The only remaining risk is a phone pointed at the monitor from outside, and even that risk is reduced significantly because the overlay stays off the physical display when the hardware fuser detects no active game session.

Where non-streamproof builds actually fail

The ways a visible overlay finds its way into evidence are not equal. Some are common. Some get careful players who think they are safe.

// Routes that produce video evidence against the account

Opponent clips the killcam, overlay visible
Very common
Teammate spectates, records the session
Common
Player clips own play, overlay in file
Common
Shadowplay / Nvidia overlay records game
Overlooked
Mobile camera pointed at screen
Rare, no software fix

The Shadowplay row catches players who run a complete external streamproof build and still get caught because they forgot Nvidia's background recorder was active. NVFBC operates below the layer that WDA_EXCLUDEFROMCAPTURE reaches. Disabling Shadowplay manually or using a DMA layer that puts the image outside the game machine entirely are the only reliable fixes.

The mobile camera row has no software solution. Any phone pointed at the monitor captures everything the physical display shows. This is why behavioral discipline matters alongside streamproofing: a spectator holding a phone has the same view as your eye, and no flag or driver can change that.

What a real build has to cover

Ask the provider directly which capture paths the build defeats, and how. A real answer names the mechanism. A vague answer is the answer.

// Streamproof coverage map

OBS Game Capture and Display Capture, Discord, Xbox Game Bar, Medal.tv WDA flag, external overlay
Shadowplay, AMD ReLive (NVFBC, AMFBC GPU capture) DMA or kernel layer
Anti-cheat screenshot (BE, EAC, GDI BitBlt capture) Anti-screenshot hook
In-game spectator sees clean screen Spectator Warning
Phone camera pointed at monitor No software fix

Spectator Warning is the behavioral layer that covers the gap software cannot close. When the cheat detects a spectating player ID in memory, it flags the session so you can reduce your overlay or switch to a more conservative playstyle. Combined with a full streamproof stack, the manual evidence path is effectively closed: nothing appears in recordings, the spectator sees controlled behavior, and the only remaining variable is your own judgment. ZhexCheats builds with full capture exclusion, anti-screenshot, and Spectator Warning are available for Tarkov, Valorant, Apex Legends, and 20+ more titles.

// 更多文章

返回 Game Hacking Guides