Example #1
0
File: OBS.cpp Project: SeargeDP/OBS
BOOL IsWebrootLoaded()
{
    BOOL ret = FALSE;
    StringList moduleList;

    OSGetLoadedModuleList (GetCurrentProcess(), moduleList);

    HMODULE msIMG = GetModuleHandle(TEXT("MSIMG32"));
    if (msIMG)
    {
        FARPROC alphaBlend = GetProcAddress(msIMG, "AlphaBlend");
        if (alphaBlend)
        {
            if (!IsBadReadPtr(alphaBlend, 5))
            {
                BYTE opCode = *(BYTE *)alphaBlend;

                if (opCode == 0xE9)
                {
                    if (moduleList.HasValue(TEXT("wrusr.dll")))
                        ret = TRUE;
                }
            }
        }
    }

    return ret;
}
Example #2
0
//This function checks for DLLs that are known to cause problems, but we need to be more specific than a generic "incompatible modules"
//message. As we expect these to change often, I'm not bothering with localization. These DLLs are generally buggy drivers, malware, etc
VOID STDCALL OSCheckForBuggyDLLs ()
{
    StringList  moduleList;

    if (!OSGetLoadedModuleList(GetCurrentProcess(), moduleList))
        return;

    if (moduleList.HasValue(TEXT("sendori.dll")))
    {
        Log(TEXT("BUGGY DLL DETECTED: sendori.dll"));
        MessageBox (hwndMainAppWindow, TEXT("Your system appears to be infected with the Sendori malware, which can crash OBS and cause other problems. Please run a malware scan."), TEXT("Warning"), MB_ICONEXCLAMATION);
    }

    if (moduleList.HasValue(TEXT("qproxy.dll")))
    {
        Log(TEXT("BUGGY DLL DETECTED: qproxy.dll"));
        MessageBox (hwndMainAppWindow, TEXT("Your system has an unknown LSP module installed which can cause OBS crashes / lag and other problems. Please remove qproxy.dll using a tool such as autoruns, or reset your TCP/IP settings (search KB299357 for more information)."), TEXT("Warning"), MB_ICONEXCLAMATION);
    }

    //FIXME: add a version check for bigfoot networks LSP (bfllr.dll), crashes OBS on old versions.
}
Example #3
0
BOOL   STDCALL OSIncompatiblePatchesLoaded(String &errors)
{
    BOOL ret = FALSE;
    StringList moduleList;

    OSGetLoadedModuleList (GetCurrentProcess(), moduleList);

    //known problematic code modification hooks can be checked for here

    //current checks:
    //TeamSpeak 3 Overlay (hooks CreateDXGIFactory1 in such a way that it fails when called by OBS)
    //Webroot Secureanywhere (hooks GDI calls and prevents OBS from screen capturing among other issues)

    HMODULE dxGI = GetModuleHandle(TEXT("DXGI.DLL"));
    if (dxGI)
    {
        FARPROC createFactory = GetProcAddress(dxGI, "CreateDXGIFactory1");
        if (createFactory)
        {
            if (!IsBadReadPtr(createFactory, 5))
            {
                BYTE opCode = *(BYTE *)createFactory;

                if (opCode == 0xE9)
                {
                    if (moduleList.HasValue(TEXT("ts3overlay_hook_win32.dll")) ||
                        moduleList.HasValue(TEXT("ts3overlay_hook_win64.dll")))
                    {
                        errors << TEXT("TeamSpeak 3 overlay has loaded into OBS and will cause problems. Please set \"Disable Loading\" for OBS.EXE in your TeamSpeak 3 overlay settings or visit http://bit.ly/OBSTS3 for help."); 
                        ret = TRUE;
                    }
                }
            }
        }
    }

    //I'm just going to make this a warning that pops up when the app starts instead of actually preventing people from using the app
    //People are complaining about this a bit too much and it's just like "whatever, do whatever you want"
    /*HMODULE msIMG = GetModuleHandle(TEXT("MSIMG32"));
    if (msIMG)
    {
        FARPROC alphaBlend = GetProcAddress(msIMG, "AlphaBlend");
        if (alphaBlend)
        {
            if (!IsBadReadPtr(alphaBlend, 5))
            {
                BYTE opCode = *(BYTE *)alphaBlend;

                if (opCode == 0xE9)
                {
                    if (moduleList.HasValue(TEXT("wrusr.dll")))
                    {
                        if (!errors.IsEmpty())
                            errors << TEXT("\r\n\r\n");

                        errors << TEXT("Webroot Secureanywhere appears to be active. This product is incompatible with OBS as the security features block OBS from accessing Windows GDI functions. Please add OBS.exe to the Secureanywhere exceptions list and restart OBS - see http://bit.ly/OBSWR if you need help."); 
                        ret = TRUE;
                    }
                }
            }
        }
    }*/

    return ret;
}