Missing anti debug trick caught

Tool used:
App: Newsleecher 4.0 beta16 Trial
plugins debuggers: IDA licensed + IDAStealth / Olly + OllyStealth (a temp port of your plugin yet private)
protection: Winlicense (unknown version but I think 2.1.1.0 because I think recently they removed version scanning the memory)

Under IDA:
To successfully bypass all protections this 3 antidebug tricks are required:
-IsDebuggerPresent
-NtGlobalFlags (patch global heap flags)
-Fake parent process (set to explorer.exe)
If I uncheck one of these 3, it no more works around the protections,

Under OllyDBG:
From your source I have built OllyStealth wich acts exactly like IDAStealth
-IsDebuggerPresent
-NtGlobalFlags (patch global heap flags)
-Fake parent process (set to explorer.exe)

But under OllyDBG it fails if I'm in the main CPU windows, BUT it works if at the entrypoint of the debugged process I change the olly windows, like for example switching to the Log windows, hit F9 and bingo!

I have also tried to hook in FindWindow EnumWindows to hide the 3 class returned by ollydbg "OLLYDBG" "GBDYLLO" "pediy06", yet not luck

I think it is looking in the title by GetWindowsTitle (the app call it yes) or GetForegroundWindow (this one gives crash when hooked)

By your experience Jan, from where do you think it come from if the fact to change the active window works around the latest protection ?

-class101