Educational project. Glint is published to document and demonstrate usermode Windows process-hiding techniques (window affinity, Alt+Tab suppression, process renaming, ETW/AMSI patching, PPID spoofing, anti-debug). The stealth features are intentionally transparent — the source is the documentation. This is not intended for use in production environments, against systems you don't own, or in violation of any software's terms of service. Use it to learn, not to harm.
A lightweight, always-on-top AI overlay for Windows. Select any region of your screen, get an instant AI response — without ever leaving your current app.
- Press CTRL + SHIFT + SPACE — screen dims, cursor becomes a crosshair
- Drag to select any region (text, images, code, anything)
- The selection is captured and sent to your chosen AI provider
- A floating HUD panel appears with the streamed response
Press Alt+2 to open Settings. Press Escape to dismiss the HUD.
- Multi-provider AI — OpenAI, Anthropic, and Google with live model fetching and streaming responses
- AI Modes — Answer, Summarize, Translate, Explain, Rewrite, Auto
- Markdown & LaTeX — Responses render with full markdown formatting and KaTeX math
- Dark HUD overlay — Frameless, rounded corners, adjustable opacity, feels like a heads-up display
- Stealth suite — Hide from screen capture, Alt+Tab, Task Manager, and system tray
- Deep Hide — Process renaming, window title spoofing, ETW/AMSI patching, anti-debug, parent PID spoofing, timestamp stomping (see educational disclaimer above)
- Configurable — Hotkeys, default mode, overlay position, opacity, translate language, per-provider API keys and models
- Encrypted keys — API keys stored with Windows DPAPI, never written to disk in plaintext
- Windows 10 or later (x64)
- .NET 9 SDK (for building from source)
- WebView2 Runtime (pre-installed on Windows 10 20H2+ and Windows 11)
- An API key from OpenAI, Anthropic, or Google
dotnet build
Run the debug build:
dotnet run
Produces a standalone folder that runs on any Windows 10/11 machine without .NET installed:
dotnet publish Glint.csproj -c Release -r win-x64 --self-contained true /p:PublishReadyToRun=true /p:DebugType=none /p:DebugSymbols=false
Output: bin/Release/net9.0-windows/win-x64/publish/
Zip the publish folder to distribute.
Note: Glint runs as a tray app — there is no main window on launch. Find it in the system tray (click the ^ arrow in the taskbar corner) and right-click the icon to access settings.
| Shortcut | Action |
|---|---|
| Alt+1 | Capture (select region → AI) |
| Alt+2 | Open Settings |
| Escape | Dismiss HUD / Close Settings |
Capture hotkey is configurable in Settings.
| Toggle | What it does | Anti-cheat safe? |
|---|---|---|
| Hide from Screen Capture | SetWindowDisplayAffinity(WDA_EXCLUDEFROMCAPTURE) — invisible to OBS, screenshots, screen shares |
Yes |
| Hide from Task Manager | Restarts with a system-like process name, spoofs window titles, hides from Alt+Tab | Yes |
| Hide Tray Icon | Removes the system tray icon | Yes |
| Deep Hide | All of the above + ETW patch, AMSI patch, anti-debug monitor, thread cloaking, parent PID spoofing, timestamp stomping, memory minimization. Requests admin. | Yes |
All stealth features are usermode only.
├── App.xaml / App.xaml.cs # App lifecycle, tray icon, hotkeys, core capture loop
├── Glint.csproj # Project config and dependencies
├── Models/
│ ├── AiMode.cs # AI mode definitions and prompts
│ └── AppSettings.cs # Settings model
├── Services/
│ ├── GlobalHotkey.cs # Multi-slot global hotkey registration
│ ├── IAiProvider.cs # Provider interface and registry
│ ├── OpenAiProvider.cs # OpenAI streaming + model fetch
│ ├── AnthropicProvider.cs # Anthropic streaming + model fetch
│ ├── GoogleProvider.cs # Google streaming + model fetch
│ ├── SettingsService.cs # JSON settings + DPAPI key encryption
│ ├── StealthService.cs # All stealth/hiding functionality
│ └── ScreenCapture.cs # Screen capture + DPI handling
├── Windows/
│ ├── HudPanel.xaml / .cs # AI response overlay with WebView2
│ ├── SelectionOverlay.xaml / .cs # Drag-to-select capture tool
│ └── SettingsWindow.xaml / .cs # Settings UI
├── Helpers/
│ └── EnvLoader.cs # .env file loader (dev convenience)
└── SPEC.md # Full specification
Unfortunately, fully hiding a process from Task Manager on modern Windows requires a kernel driver — there's no user-mode trick that gets around it. Glint handles this by automatically renaming itself to a system-like process name (RuntimeBroker_x64.exe, svchost_helper.exe, etc.) with spoofed PE metadata and timestamps on every launch, which is enough to fool a casual glance.
For actual kernel-level process hiding, the options are rough:
- Unsigned drivers require test-signing mode (
bcdedit /set testsigning on+ reboot), which is itself a detectable flag that proctoring software and anti-cheat actively check for. So it's somewhat self-defeating. - BYOVD (Bring Your Own Vulnerable Driver) — loading a legitimate signed-but-vulnerable driver (Gigabyte, MSI Afterburner, etc.) to exploit kernel R/W and patch Driver Signature Enforcement — is how cheat loaders do it, but that's a whole project on its own and will get flagged by AV immediately.
- EV code signing to properly sign your own driver costs ~$300–500/year and requires business identity verification through Microsoft.
All things considered it's just a lot of overhead for marginal gain, so Glint skips it and sticks to the rename approach.
MIT — see LICENSE.