From 77eabcc06a3a2afc3400fbbbea520ed47220de9a Mon Sep 17 00:00:00 2001
From: Richard Stanway <r1ch@r1ch.net>
Date: Thu, 12 Feb 2026 00:29:07 +0100
Subject: [PATCH] frontend: Set better default DLL directory settings on
 Windows

This helps mitigate "DLL planting" attacks by removing the current
directory from most DLL loading calls.
---
 frontend/obs-main.cpp | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/frontend/obs-main.cpp b/frontend/obs-main.cpp
index 8acdba5fd..091ea579a 100644
--- a/frontend/obs-main.cpp
+++ b/frontend/obs-main.cpp
@@ -847,6 +847,14 @@ static bool vc_runtime_outdated()
 
 	return true;
 }
+
+static void set_process_mitigation_policies()
+{
+	// DLL planting protection - prefer system32 images
+	PROCESS_MITIGATION_IMAGE_LOAD_POLICY policy = {};
+	policy.PreferSystem32Images = 1;
+	SetProcessMitigationPolicy(ProcessImageLoadPolicy, &policy, sizeof(policy));
+}
 #endif
 
 #if defined(__APPLE__) || defined(__linux__)
@@ -901,11 +909,17 @@ int main(int argc, char *argv[])
 	// Abort as early as possible if MSVC runtime is outdated
 	if (vc_runtime_outdated())
 		return 1;
+
 	// Try to keep this as early as possible
 	install_dll_blocklist_hook();
 
+	set_process_mitigation_policies();
+
 	obs_init_win32_crash_handler();
 	SetErrorMode(SEM_FAILCRITICALERRORS);
+	SetSearchPathMode(BASE_SEARCH_PATH_ENABLE_SAFE_SEARCHMODE | BASE_SEARCH_PATH_PERMANENT);
+	SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_DEFAULT_DIRS);
+	SetDllDirectoryW(L"");
 	load_debug_privilege();
 	base_set_crash_handler(main_crash_handler, nullptr);
 	set_process_mitigations();