diff options
| -rw-r--r-- | src/Common/Dlgcode.c | 11 | ||||
| -rw-r--r-- | src/Common/Dlgcode.h | 1 | ||||
| -rw-r--r-- | src/Common/Language.xml | 1 | ||||
| -rw-r--r-- | src/Common/Resource.h | 3 | ||||
| -rw-r--r-- | src/Mount/Mount.c | 24 | ||||
| -rw-r--r-- | src/Mount/Mount.rc | 28 | ||||
| -rw-r--r-- | src/Setup/Setup.c | 6 | ||||
| -rw-r--r-- | src/Setup/Setup.h | 1 | ||||
| -rw-r--r-- | src/Setup/Setup.rc | 10 | ||||
| -rw-r--r-- | src/Setup/Wizard.c | 4 |
10 files changed, 69 insertions, 20 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 8f357208..fb7184b4 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -32,8 +32,8 @@ #include <process.h> #include <Tlhelp32.h> #endif -#ifdef _WIN32_WINNT >= 0x0602 -#include "processthreadsapi.h"" +#if _WIN32_WINNT >= 0x0602 +#include "processthreadsapi.h" #endif #include "Resource.h" @@ -3256,6 +3256,13 @@ BOOL ReadMemoryProtectionConfig () return (config)? TRUE: FALSE; } +BOOL WriteMemoryProtectionConfig (BOOL bEnable) +{ + DWORD config = bEnable? 1: 0; + + return WriteLocalMachineRegistryDword (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config); +} + BOOL LoadSysEncSettings () { BOOL status = TRUE; diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 245df6c1..7947fcf9 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -350,6 +350,7 @@ uint32 ReadDriverConfigurationFlags (); uint32 ReadServiceConfigurationFlags (); uint32 ReadEncryptionThreadPoolFreeCpuCountLimit (); BOOL ReadMemoryProtectionConfig (); +BOOL WriteMemoryProtectionConfig (BOOL bEnable); BOOL LoadSysEncSettings (); int LoadNonSysInPlaceEncSettings (WipeAlgorithmId *wipeAlgorithm); void RemoveNonSysInPlaceEncNotifications (void); diff --git a/src/Common/Language.xml b/src/Common/Language.xml index e819be47..ddb20159 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1633,6 +1633,7 @@ <entry lang="en" key="EXPANDER_EXTENDING_FILESYSTEM">Extending file system ...\n</entry> <entry lang="en" key="PARTIAL_SYSENC_MOUNT_READONLY">Warning: The system partition you attempted to mount was not fully encrypted. As a safety measure to prevent potential corruption or unwanted modifications, volume '%s' was mounted as read-only.</entry> <entry lang="en" key="IDC_LINK_KEYFILES_EXTENSIONS_WARNING">Important information on using third-party file extensions</entry> + <entry lang="en" key="IDC_DISABLE_MEMORY_PROTECTION">Disable memory protection in VeraCrypt</entry> </localization> <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="VeraCrypt"> diff --git a/src/Common/Resource.h b/src/Common/Resource.h index a099c655..b6ad14c0 100644 --- a/src/Common/Resource.h +++ b/src/Common/Resource.h @@ -226,6 +226,7 @@ #define IDC_DISABLE_MOUNT_MANAGER 5142 #define IDC_KEYFILES_SIZE_UNIT 5143 #define IDC_LINK_KEYFILES_EXTENSIONS_WARNING 5144 +#define IDC_DISABLE_MEMORY_PROTECTION 5145 // Next default values for new objects // @@ -234,7 +235,7 @@ #define _APS_NO_MFC 1 #define _APS_NEXT_RESOURCE_VALUE 578 #define _APS_NEXT_COMMAND_VALUE 40001 -#define _APS_NEXT_CONTROL_VALUE 5145 +#define _APS_NEXT_CONTROL_VALUE 5146 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 41672e1a..28418a44 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -11559,6 +11559,12 @@ void SetServiceConfigurationFlag (uint32 flag, BOOL state) BootEncObj->SetServiceConfigurationFlag (flag, state ? true : false); } +void SetMemoryProtectionConfig (BOOL bEnable) +{ + DWORD config = bEnable? 1: 0; + if (BootEncObj) + BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config); +} void NotifyService (DWORD dwNotifyCmd) { @@ -11611,6 +11617,8 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION), FALSE); } + CheckDlgButton (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, ReadMemoryProtectionConfig() ? BST_UNCHECKED : BST_CHECKED); + size_t cpuCount = GetCpuCount(NULL); HWND freeCpuCombo = GetDlgItem (hwndDlg, IDC_ENCRYPTION_FREE_CPU_COUNT); @@ -11670,6 +11678,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM BOOL enableExtendedIOCTL = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EXTENDED_IOCTL_SUPPORT); BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD); BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG); + BOOL bDisableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION); try { @@ -11738,6 +11747,11 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM } SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION, enableRamEncryption); + BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig(); + if(originalDisableMemoryProtection != bDisableMemoryProtection) + rebootRequired = true; + SetMemoryProtectionConfig (!bDisableMemoryProtection); + DWORD bytesReturned; if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL)) handleWin32Error (hwndDlg, SRC_POS); @@ -11832,6 +11846,16 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM } return 1; + case IDC_DISABLE_MEMORY_PROTECTION: + { + BOOL disableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION); + BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig(); + if (disableMemoryProtection != originalDisableMemoryProtection) + { + Warning ("SETTING_REQUIRES_REBOOT", hwndDlg); + } + } + return 1; case IDC_BENCHMARK: Benchmark (hwndDlg); return 1; diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index bb0e8c4e..066e8d8f 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -321,7 +321,7 @@ BEGIN DEFPUSHBUTTON "OK",IDOK,255,226,50,14 END -IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 293 +IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 300 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - Performance Options" FONT 8, "MS Shell Dlg", 400, 0, 0x1 @@ -338,20 +338,22 @@ BEGIN CONTROL "Enable extended disk control codes support",IDC_ENABLE_EXTENDED_IOCTL_SUPPORT, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,198,337,10 CONTROL "Allow TRIM command for non-system SSD partition/drive",IDC_ALLOW_TRIM_NONSYS_SSD, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,212,337,10 - PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,272,59,14 - DEFPUSHBUTTON "OK",IDOK,257,272,50,14 - PUSHBUTTON "Cancel",IDCANCEL,314,272,50,14 - LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9 - GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74 - GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93 - GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,86 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,211,337,10 CONTROL "Allow Windows Disk Defragmenter to defragment non-system partition/drive",IDC_ALLOW_WINDOWS_DEFRAG, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,226,337,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,224,337,10 CONTROL "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,240,335,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,335,10 CONTROL "Activate encryption of keys and passwords stored in RAM",IDC_ENABLE_RAM_ENCRYPTION, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,254,337,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,250,337,10 + CONTROL "Disable memory protection in VeraCrypt",IDC_DISABLE_MEMORY_PROTECTION, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,263,339,10 + PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,279,59,14 + DEFPUSHBUTTON "OK",IDOK,257,279,50,14 + PUSHBUTTON "Cancel",IDCANCEL,314,279,50,14 + LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9 + GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74 + GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93 + GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,95 END IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 368 @@ -521,7 +523,7 @@ BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 364 TOPMARGIN, 7 - BOTTOMMARGIN, 286 + BOTTOMMARGIN, 293 END IDD_FAVORITE_VOLUMES, DIALOG diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c index 2d8d940c..f757aafa 100644 --- a/src/Setup/Setup.c +++ b/src/Setup/Setup.c @@ -74,6 +74,7 @@ BOOL UnloadDriver = TRUE; BOOL bSystemRestore = TRUE; BOOL bDisableSwapFiles = FALSE; BOOL bForAllUsers = TRUE; +BOOL bDisableMemoryProtection = FALSE; BOOL bRegisterFileExt = TRUE; BOOL bAddToStartMenu = TRUE; BOOL bDesktopIcon = TRUE; @@ -2335,6 +2336,11 @@ void DoInstall (void *arg) if (bSystemRestore) SetSystemRestorePoint (hwndDlg, TRUE); + if (bOK && bDisableMemoryProtection) + { + WriteMemoryProtectionConfig(FALSE); + } + if (bOK) { UpdateProgressBarProc(100); diff --git a/src/Setup/Setup.h b/src/Setup/Setup.h index e38dd75a..d284586a 100644 --- a/src/Setup/Setup.h +++ b/src/Setup/Setup.h @@ -120,6 +120,7 @@ extern BOOL bReinstallMode; extern BOOL bSystemRestore; extern BOOL bDisableSwapFiles; extern BOOL bForAllUsers; +extern BOOL bDisableMemoryProtection; extern BOOL bRegisterFileExt; extern BOOL bAddToStartMenu; extern BOOL bDesktopIcon; diff --git a/src/Setup/Setup.rc b/src/Setup/Setup.rc index 6066d452..68ccffd0 100644 --- a/src/Setup/Setup.rc +++ b/src/Setup/Setup.rc @@ -146,12 +146,14 @@ FONT 8, "MS Shell Dlg", 0, 0, 0x0 BEGIN EDITTEXT IDC_DESTINATION,11,41,260,13,ES_AUTOHSCROLL PUSHBUTTON "Bro&wse...",IDC_BROWSE,278,40,59,14 - CONTROL "Install &for all users",IDC_ALL_USERS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,77,168,11 + CONTROL "Install &for all users",IDC_ALL_USERS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,168,11 + CONTROL "Add VeraCrypt to &Start menu",IDC_PROG_GROUP,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,80,168,11 + CONTROL "Add VeraCrypt icon to &desktop",IDC_DESKTOP_ICON,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,92,168,11 CONTROL "Associate the .hc file &extension with VeraCrypt",IDC_FILE_TYPE, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,113,232,11 - CONTROL "Add VeraCrypt to &Start menu",IDC_PROG_GROUP,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,89,168,11 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,104,232,11 + CONTROL "Disable memory protection in VeraCrypt",IDC_DISABLE_MEMORY_PROTECTION, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,115,218,10 CONTROL "Create System &Restore point",IDC_SYSTEM_RESTORE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,125,194,11 - CONTROL "Add VeraCrypt icon to &desktop",IDC_DESKTOP_ICON,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,101,168,11 LTEXT "Please select or type the location where you want to install the VeraCrypt program files. If the specified folder does not exist, it will be automatically created.",IDT_INSTALL_DESTINATION,11,14,319,25 END diff --git a/src/Setup/Wizard.c b/src/Setup/Wizard.c index 78616abe..857eb2de 100644 --- a/src/Setup/Wizard.c +++ b/src/Setup/Wizard.c @@ -685,6 +685,10 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa bForAllUsers = IsButtonChecked (GetDlgItem (hCurPage, IDC_ALL_USERS)); return 1; + case IDC_DISABLE_MEMORY_PROTECTION: + bDisableMemoryProtection = IsButtonChecked (GetDlgItem (hCurPage, IDC_DISABLE_MEMORY_PROTECTION)); + return 1; + case IDC_FILE_TYPE: bRegisterFileExt = IsButtonChecked (GetDlgItem (hCurPage, IDC_FILE_TYPE)); return 1; |