diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-08-05 00:45:39 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-08-05 00:45:39 +0200 |
| commit | e8f83544ead2011112788d48bff610574f5d6395 (patch) | |
| tree | 4f61fbc0b3364d6b529a86f4155b1b412b9e3e8d /src/Common | |
| parent | 5a6b445f0ed51b0f06c4f0212f060ab45113b670 (diff) | |
| download | VeraCrypt-e8f83544ead2011112788d48bff610574f5d6395.tar.gz VeraCrypt-e8f83544ead2011112788d48bff610574f5d6395.zip | |
Windows: Fix false positive detection of new device insertion when clear keys option is enable
When this option is enabled, we first build the list of currently inserted devices then we start listening to insertion events.
When a device insertion occurs, we check if this device is on our list and if yes, we ignore its insertion.
We also ignore devices whose Device ID starts with "SWD\" and "ROOT\" since these are not real devices.
Diffstat (limited to 'src/Common')
| -rw-r--r-- | src/Common/BaseCom.cpp | 7 | ||||
| -rw-r--r-- | src/Common/BaseCom.h | 2 | ||||
| -rw-r--r-- | src/Common/BootEncryption.cpp | 28 | ||||
| -rw-r--r-- | src/Common/BootEncryption.h | 1 | ||||
| -rw-r--r-- | src/Common/Dlgcode.c | 32 | ||||
| -rw-r--r-- | src/Common/Dlgcode.h | 4 |
6 files changed, 73 insertions, 1 deletions
diff --git a/src/Common/BaseCom.cpp b/src/Common/BaseCom.cpp index a9ece557..dde4b55d 100644 --- a/src/Common/BaseCom.cpp +++ b/src/Common/BaseCom.cpp @@ -491,4 +491,9 @@ DWORD BaseCom::UpdateSetupConfigFile (BOOL bForInstall) } return ERROR_SUCCESS; -}
\ No newline at end of file +} + +DWORD BaseCom::NotifyService(DWORD dwNotifyCode) +{ + return SendServiceNotification(dwNotifyCode); +} diff --git a/src/Common/BaseCom.h b/src/Common/BaseCom.h index eaf0f8d1..937e37ec 100644 --- a/src/Common/BaseCom.h +++ b/src/Common/BaseCom.h @@ -119,6 +119,8 @@ public: static DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg); static DWORD UpdateSetupConfigFile (BOOL bForInstall); static DWORD GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded); + static DWORD NotifyService (DWORD dwNotifyCode); + }; diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 71d39057..189d5a78 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -667,6 +667,18 @@ namespace VeraCrypt } } + static void NotifyService (DWORD dwNotifyCmd) + { + Elevate(); + + DWORD result = ElevatedComInstance->NotifyService (dwNotifyCmd); + if (result != ERROR_SUCCESS) + { + SetLastError (result); + throw SystemException(SRC_POS); + } + } + static void Release () { if (--ReferenceCount == 0 && ElevatedComInstance) @@ -5708,6 +5720,22 @@ namespace VeraCrypt throw_sys_if (!WriteLocalMachineRegistryDword (keyPath, valueName, value)); } + void BootEncryption::NotifyService (DWORD dwNotifyCmd) + { + if (!IsAdmin() && IsUacSupported()) + { + Elevator::NotifyService (dwNotifyCmd); + return; + } + + DWORD dwRet = SendServiceNotification(dwNotifyCmd); + if (dwRet != ERROR_SUCCESS) + { + SetLastError(dwRet); + throw SystemException (SRC_POS); + } + } + void BootEncryption::StartDecryption (BOOL discardUnreadableEncryptedSectors) { BootEncryptionStatus encStatus = GetStatus(); diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index 03c30ea7..ddf6f3e5 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -314,6 +314,7 @@ namespace VeraCrypt static void UpdateSetupConfigFile (bool bForInstall); void GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded); bool IsUsingUnsupportedAlgorithm(LONG driverVersion); + void NotifyService (DWORD dwNotifyCmd); protected: static const uint32 RescueIsoImageSize = 1835008; // Size of ISO9660 image with bootable emulated 1.44MB floppy disk image diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index fabd39be..ed5d1844 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -15711,4 +15711,36 @@ bool OneOfKBsInstalled (const wchar_t* szKBs[], int count) return bRet; } + +DWORD SendServiceNotification (DWORD dwNotificationCmd) +{ + DWORD dwRet = ERROR_INVALID_PARAMETER; + // We only support clearing keys on new device insertion + if (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION == dwNotificationCmd) + { + DWORD dwServiceControlCode = VC_SERVICE_CONTROL_BUILD_DEVICE_LIST; + // send this control code to VeraCrypt SystemFavorites service + SC_HANDLE hSCManager = OpenSCManager (NULL, NULL, SC_MANAGER_CONNECT); + if (hSCManager != NULL) + { + SC_HANDLE hService = OpenService (hSCManager, TC_SYSTEM_FAVORITES_SERVICE_NAME, SERVICE_ALL_ACCESS); + if (hService != NULL) + { + SERVICE_STATUS ss; + if (ControlService (hService, dwServiceControlCode, &ss)) + dwRet = ERROR_SUCCESS; + else + dwRet = GetLastError (); + CloseServiceHandle (hService); + } + else + dwRet = GetLastError (); + CloseServiceHandle (hSCManager); + } + else + dwRet = GetLastError (); + } + + return dwRet; +} #endif // VC_COMREG
\ No newline at end of file diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index cdd94938..4a7e40c7 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -84,6 +84,9 @@ enum #define VC_FILENAME_RENAMED_SUFFIX L"_old" +/* customer service control code to build device list */ +#define VC_SERVICE_CONTROL_BUILD_DEVICE_LIST 128 + #ifndef USER_DEFAULT_SCREEN_DPI #define USER_DEFAULT_SCREEN_DPI 96 #endif @@ -585,6 +588,7 @@ BOOL EnableProcessProtection(); void SafeOpenURL (LPCWSTR szUrl); BitLockerEncryptionStatus GetBitLockerEncryptionStatus(WCHAR driveLetter); BOOL IsTestSigningModeEnabled (); +DWORD SendServiceNotification (DWORD dwNotificationCmd); #ifdef _WIN64 void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed); #endif |