diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-09-20 09:39:22 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-09-20 09:39:22 +0200 |
| commit | 0f3ae268a4b0dfac7090f4fbf969601a1c35c86f (patch) | |
| tree | 7c0a8afeae852abc98f81d402e3889d526a6fe2c /src/Mount | |
| parent | b1657e88e4f7922cda6795d843b5b7723b27102f (diff) | |
| download | VeraCrypt-0f3ae268a4b0dfac7090f4fbf969601a1c35c86f.tar.gz VeraCrypt-0f3ae268a4b0dfac7090f4fbf969601a1c35c86f.zip | |
Windows: Add setting in main UI and setup wizard to disable memory protection
This can be useful for users who need Accessibility software that may not work when memory protection is active in VeraCrypt
Diffstat (limited to 'src/Mount')
| -rw-r--r-- | src/Mount/Mount.c | 24 | ||||
| -rw-r--r-- | src/Mount/Mount.rc | 28 |
2 files changed, 39 insertions, 13 deletions
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 41672e1a..28418a44 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -11559,6 +11559,12 @@ void SetServiceConfigurationFlag (uint32 flag, BOOL state) BootEncObj->SetServiceConfigurationFlag (flag, state ? true : false); } +void SetMemoryProtectionConfig (BOOL bEnable) +{ + DWORD config = bEnable? 1: 0; + if (BootEncObj) + BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config); +} void NotifyService (DWORD dwNotifyCmd) { @@ -11611,6 +11617,8 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION), FALSE); } + CheckDlgButton (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, ReadMemoryProtectionConfig() ? BST_UNCHECKED : BST_CHECKED); + size_t cpuCount = GetCpuCount(NULL); HWND freeCpuCombo = GetDlgItem (hwndDlg, IDC_ENCRYPTION_FREE_CPU_COUNT); @@ -11670,6 +11678,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM BOOL enableExtendedIOCTL = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EXTENDED_IOCTL_SUPPORT); BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD); BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG); + BOOL bDisableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION); try { @@ -11738,6 +11747,11 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM } SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION, enableRamEncryption); + BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig(); + if(originalDisableMemoryProtection != bDisableMemoryProtection) + rebootRequired = true; + SetMemoryProtectionConfig (!bDisableMemoryProtection); + DWORD bytesReturned; if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL)) handleWin32Error (hwndDlg, SRC_POS); @@ -11832,6 +11846,16 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM } return 1; + case IDC_DISABLE_MEMORY_PROTECTION: + { + BOOL disableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION); + BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig(); + if (disableMemoryProtection != originalDisableMemoryProtection) + { + Warning ("SETTING_REQUIRES_REBOOT", hwndDlg); + } + } + return 1; case IDC_BENCHMARK: Benchmark (hwndDlg); return 1; diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index bb0e8c4e..066e8d8f 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -321,7 +321,7 @@ BEGIN DEFPUSHBUTTON "OK",IDOK,255,226,50,14 END -IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 293 +IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 300 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - Performance Options" FONT 8, "MS Shell Dlg", 400, 0, 0x1 @@ -338,20 +338,22 @@ BEGIN CONTROL "Enable extended disk control codes support",IDC_ENABLE_EXTENDED_IOCTL_SUPPORT, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,198,337,10 CONTROL "Allow TRIM command for non-system SSD partition/drive",IDC_ALLOW_TRIM_NONSYS_SSD, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,212,337,10 - PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,272,59,14 - DEFPUSHBUTTON "OK",IDOK,257,272,50,14 - PUSHBUTTON "Cancel",IDCANCEL,314,272,50,14 - LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9 - GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74 - GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93 - GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,86 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,211,337,10 CONTROL "Allow Windows Disk Defragmenter to defragment non-system partition/drive",IDC_ALLOW_WINDOWS_DEFRAG, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,226,337,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,224,337,10 CONTROL "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,240,335,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,335,10 CONTROL "Activate encryption of keys and passwords stored in RAM",IDC_ENABLE_RAM_ENCRYPTION, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,254,337,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,250,337,10 + CONTROL "Disable memory protection in VeraCrypt",IDC_DISABLE_MEMORY_PROTECTION, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,263,339,10 + PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,279,59,14 + DEFPUSHBUTTON "OK",IDOK,257,279,50,14 + PUSHBUTTON "Cancel",IDCANCEL,314,279,50,14 + LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9 + GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74 + GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93 + GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,95 END IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 368 @@ -521,7 +523,7 @@ BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 364 TOPMARGIN, 7 - BOTTOMMARGIN, 286 + BOTTOMMARGIN, 293 END IDD_FAVORITE_VOLUMES, DIALOG |