diff --git a/frontend/obs-main.cpp b/frontend/obs-main.cpp index 22ed18969..8acdba5fd 100644 --- a/frontend/obs-main.cpp +++ b/frontend/obs-main.cpp @@ -781,6 +781,42 @@ static void load_debug_privilege(void) CloseHandle(token); } + +static void set_process_mitigations(void) +{ + // SetProcessMitigationPolicy is Windows 8+ + typedef BOOL(WINAPI * PFN_SetProcessMitigationPolicy)(PROCESS_MITIGATION_POLICY, PVOID, SIZE_T); + PFN_SetProcessMitigationPolicy pSetProcessMitigationPolicy; + + pSetProcessMitigationPolicy = (PFN_SetProcessMitigationPolicy)GetProcAddress(GetModuleHandle(L"KERNEL32"), + "SetProcessMitigationPolicy"); + + if (pSetProcessMitigationPolicy) { + PROCESS_MITIGATION_DEP_POLICY dep = {0}; + dep.DisableAtlThunkEmulation = 1; + dep.Enable = 1; + dep.Permanent = TRUE; + pSetProcessMitigationPolicy(ProcessDEPPolicy, &dep, sizeof(dep)); + + PROCESS_MITIGATION_ASLR_POLICY aslr = {0}; + aslr.EnableBottomUpRandomization = 1; + aslr.EnableHighEntropy = 1; + aslr.EnableForceRelocateImages = 1; + aslr.DisallowStrippedImages = 1; + pSetProcessMitigationPolicy(ProcessASLRPolicy, &aslr, sizeof(aslr)); + + PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY xpoints = {0}; + xpoints.DisableExtensionPoints = 1; + pSetProcessMitigationPolicy(ProcessExtensionPointDisablePolicy, &xpoints, sizeof(xpoints)); + +#ifdef _DEBUG + PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY hcheck = {0}; + hcheck.RaiseExceptionOnInvalidHandleReference = 1; + hcheck.HandleExceptionsPermanentlyEnabled = 1; + pSetProcessMitigationPolicy(ProcessStrictHandleCheckPolicy, &hcheck, sizeof(hcheck)); +#endif + } +} #endif static inline bool arg_is(const char *arg, const char *long_form, const char *short_form) @@ -872,6 +908,7 @@ int main(int argc, char *argv[]) SetErrorMode(SEM_FAILCRITICALERRORS); load_debug_privilege(); base_set_crash_handler(main_crash_handler, nullptr); + set_process_mitigations(); /* Shutdown priority value is a range from 0 - 4FF with higher values getting first priority. * 000 - 0FF and 400 - 4FF are reserved system ranges.