Skip to main content

About the Loading Process

Unsure how the loading process works? Wondering what a Start App is or what exactly gets executed?
Check out the Files FAQ to learn the difference between a Start App and a regular file.

When the client launches an app, the server downloads your paired Start App and runs it in a secure environment managed by the Bootstrapper.
This ensures that your Start App executable never touches the user's disk and executes safely in memory, protecting you from potential tampering or malicious users.

Additionally, your Start App receives special input parameters that indicate details such as the launched app's ID.
See Getting Started for more information.

Once your Start App begins execution, it must use our API to communicate with our servers.
This step is mandatory — you must verify the session to confirm that the user is authorized to run your Start App.
No valid session means no access.

More About the Start App

After verifying the session, your Start App can:

Important Notes

warning

Because of how Anti-Cheat, Anti-Tamper, and Antivirus software operate, it is strongly discouraged to run the Start App while such programs are active.
Doing so may cause false positives or disrupt the user experience.

We recommend keeping your Start App's functionality minimal and launching your main executable from a separate, safe location.

Please note that the Bootstrapper is not a bypass mechanism — its purpose is to prevent critical code from being stored on disk, reducing the risk of modification or tampering.

While our secure loading system significantly increases protection against tampering, it has one major drawback:
Anti-Cheat, Anti-Tamper, and Antivirus systems may flag the Start App as suspicious because its behavior resembles that of malware or cheats.
This was never intended as a bypass; the system simply prioritizes security through diskless execution.

For this reason, most developers choose to download and execute their main application from the Start App in a safe, external location.

warning

We also strongly recommend that developers remotely close the loader after the Start App has successfully executed.
The loader's behavior is similar to the Start App's, so leaving it running unnecessarily could trigger similar detections.

Closing the Loader

Since the loader runs as a hidden process, it cannot be terminated by name.
However, it creates an invisible window that can be located by its title, allowing you to safely close it by sending a specific message.


static HWND wnd = nullptr;

BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam) {
    DWORD processId;
    GetWindowThreadProcessId(hwnd, &processId);

    char windowTitle[256];
    GetWindowTextA(hwnd, windowTitle, sizeof(windowTitle));

    if (strstr(windowTitle, "Invisible DTC Window"))
    {
        wnd = hwnd;
        printf("Window %s handle: %p ProcessID: %d\n", windowTitle, hwnd, processId);
    }

    return TRUE;
}

int main()
{
    // enumerate all Windows and find our invisible window
    EnumWindows(EnumWindowsProc, NULL);

    // Kill the loader
    SendMessage(wnd, WM_USER, 0x4545676, 0);
}