diff options
| -rw-r--r-- | src/Common/Dlgcode.c | 4 | ||||
| -rw-r--r-- | src/Common/Dlgcode.h | 1 | ||||
| -rw-r--r-- | src/ExpandVolume/WinMain.cpp | 69 | ||||
| -rw-r--r-- | src/Format/Tcformat.c | 12 | ||||
| -rw-r--r-- | src/Mount/Mount.c | 14 |
5 files changed, 97 insertions, 3 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 350e3f46..261ec33e 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -190,6 +190,7 @@ BOOL MultipleMountOperationInProgress = FALSE; volatile BOOL NeedPeriodicDeviceListUpdate = FALSE; BOOL DisablePeriodicDeviceListUpdate = FALSE; +BOOL EnableMemoryProtection = FALSE; BOOL WaitDialogDisplaying = FALSE; @@ -2919,9 +2920,6 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) char langId[6]; InitCommonControlsPtr InitCommonControlsFn = NULL; wchar_t modPath[MAX_PATH]; - - /* Protect this process memory from being accessed by non-admin users */ - EnableProcessProtection (); GetModuleFileNameW (NULL, modPath, ARRAYSIZE (modPath)); diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index f387bf71..b2324b12 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -167,6 +167,7 @@ extern BOOL MultipleMountOperationInProgress; extern volatile BOOL NeedPeriodicDeviceListUpdate; extern BOOL DisablePeriodicDeviceListUpdate; +extern BOOL EnableMemoryProtection; #ifndef SETUP extern BOOL bLanguageSetInSetup; diff --git a/src/ExpandVolume/WinMain.cpp b/src/ExpandVolume/WinMain.cpp index ffeabe01..10c1af40 100644 --- a/src/ExpandVolume/WinMain.cpp +++ b/src/ExpandVolume/WinMain.cpp @@ -866,6 +866,67 @@ static BOOL SelectPartition (HWND hwndDlg) return FALSE; } +void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) +{ + wchar_t **lpszCommandLineArgs = NULL; /* Array of command line arguments */ + int nNoCommandLineArgs; /* The number of arguments in the array */ + + /* Extract command line arguments */ + nNoCommandLineArgs = Win32CommandLine (&lpszCommandLineArgs); + if (nNoCommandLineArgs > 0) + { + int i; + + for (i = 0; i < nNoCommandLineArgs; i++) + { + enum + { + OptionEnableMemoryProtection, + }; + + argument args[]= + { + { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE }, + }; + + argumentspec as; + + int x; + + if (lpszCommandLineArgs[i] == NULL) + continue; + + as.args = args; + as.arg_cnt = sizeof(args)/ sizeof(args[0]); + + x = GetArgumentID (&as, lpszCommandLineArgs[i]); + + switch (x) + { + + case OptionEnableMemoryProtection: + EnableMemoryProtection = TRUE; + break; + + default: + DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_COMMANDHELP_DLG), hwndDlg, (DLGPROC) + CommandHelpDlgProc, (LPARAM) &as); + + exit(0); + } + } + } + + /* Free up the command line arguments */ + while (--nNoCommandLineArgs >= 0) + { + free (lpszCommandLineArgs[nNoCommandLineArgs]); + } + + if (lpszCommandLineArgs) + free (lpszCommandLineArgs); +} + /* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure should return nonzero if it processes a message, and zero if it does not. */ @@ -890,6 +951,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa bUseSecureDesktop = FALSE; bUseLegacyMaxPasswordLength = FALSE; + VeraCryptExpander::ExtractCommandLine (hwndDlg, (wchar_t *) lParam); + if (UsePreferences) { // General preferences @@ -900,6 +963,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa RestoreDefaultKeyFilesParam (); } + if (EnableMemoryProtection) + { + /* Protect this process memory from being accessed by non-admin users */ + EnableProcessProtection (); + } + InitMainDialog (hwndDlg); // Quit diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index 58800aa5..3d394c16 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -6145,6 +6145,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa ExtractCommandLine (hwndDlg, (wchar_t *) lParam); + if (EnableMemoryProtection) + { + /* Protect this process memory from being accessed by non-admin users */ + EnableProcessProtection (); + } + if (ComServerMode) { InitDialog (hwndDlg); @@ -9001,6 +9007,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) OptionNoSizeCheck, OptionQuickFormat, OptionFastCreateFile, + OptionEnableMemoryProtection, }; argument args[]= @@ -9024,6 +9031,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) { OptionNoSizeCheck, L"/nosizecheck", NULL, FALSE }, { OptionQuickFormat, L"/quick", NULL, FALSE }, { OptionFastCreateFile, L"/fastcreatefile", NULL, FALSE }, + { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE }, // Internal { CommandResumeSysEncLogOn, L"/acsysenc", L"/a", TRUE }, @@ -9384,6 +9392,10 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) CmdFastCreateFile = TRUE; break; + case OptionEnableMemoryProtection: + EnableMemoryProtection = TRUE; + break; + case OptionHistory: { wchar_t szTmp[8] = {0}; diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index ac25ba58..36fa1815 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -6859,6 +6859,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa AbortProcess ("COMMAND_LINE_ERROR"); } + if (EnableMemoryProtection) + { + /* Protect this process memory from being accessed by non-admin users */ + EnableProcessProtection (); + } + if (ComServerMode) { InitDialog (hwndDlg); @@ -8883,6 +8889,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) OptionNoWaitDlg, OptionSecureDesktop, OptionDisableDeviceUpdate, + OptionEnableMemoryProtection, }; argument args[]= @@ -8912,6 +8919,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) { OptionNoWaitDlg, L"/nowaitdlg", NULL, FALSE }, { OptionSecureDesktop, L"/secureDesktop", NULL, FALSE }, { OptionDisableDeviceUpdate, L"/disableDeviceUpdate", NULL, FALSE }, + { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE }, }; argumentspec as; @@ -9008,6 +9016,12 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) } break; + case OptionEnableMemoryProtection: + { + EnableMemoryProtection = TRUE; + } + break; + case OptionCache: { wchar_t szTmp[16] = {0}; |