VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Mount/Mount.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/Mount/Mount.c')
-rw-r--r--src/Mount/Mount.c1382
1 files changed, 1010 insertions, 372 deletions
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 5f96afba..76de34b6 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -49,11 +49,17 @@
#include "../Platform/Finally.h"
#include "../Platform/ForEach.h"
#include "../Setup/SelfExtract.h"
+#include "../Common/EncryptionThreadPool.h"
#include <Strsafe.h>
#include <InitGuid.h>
#include <devguid.h>
+#include <devpkey.h>
+#include <SetupAPI.h>
+#include <Cfgmgr32.h>
#include <intrin.h>
+#include <vector>
+#include <algorithm>
#pragma intrinsic(_InterlockedCompareExchange, _InterlockedExchange)
@@ -64,6 +70,17 @@
typedef BOOL (WINAPI *WTSREGISTERSESSIONNOTIFICATION)(HWND, DWORD);
typedef BOOL (WINAPI *WTSUNREGISTERSESSIONNOTIFICATION)(HWND);
+#ifndef _HPOWERNOTIFY_DEF_
+#define _HPOWERNOTIFY_DEF_
+
+typedef PVOID HPOWERNOTIFY;
+typedef HPOWERNOTIFY *PHPOWERNOTIFY;
+
+#endif
+
+typedef HPOWERNOTIFY (WINAPI *REGISTERSUSPENDRESUMENOTIFICATION)(HANDLE hRecipient, DWORD Flags);
+typedef BOOL (WINAPI *UNREGISTERSUSPENDRESUMENOTIFICATION) (HPOWERNOTIFY Handle);
+
using namespace VeraCrypt;
enum timer_ids
@@ -150,22 +167,19 @@ int CmdVolumePkcs5 = 0;
int VolumePim = -1;
int CmdVolumePim = -1;
int DefaultVolumePkcs5 = 0;
-BOOL VolumeTrueCryptMode = FALSE;
-BOOL CmdVolumeTrueCryptMode = FALSE;
-BOOL DefaultVolumeTrueCryptMode = FALSE;
BOOL CmdVolumePasswordValid = FALSE;
MountOptions CmdMountOptions;
BOOL CmdMountOptionsValid = FALSE;
MountOptions mountOptions;
MountOptions defaultMountOptions;
-KeyFile *FirstCmdKeyFile;
+KeyFile *FirstCmdKeyFile = NULL;
HBITMAP hbmLogoBitmapRescaled = NULL;
wchar_t OrigKeyboardLayout [8+1] = L"00000409";
BOOL bKeyboardLayoutChanged = FALSE; /* TRUE if the keyboard layout was changed to the standard US keyboard layout (from any other layout). */
BOOL bKeybLayoutAltKeyWarningShown = FALSE; /* TRUE if the user has been informed that it is not possible to type characters by pressing keys while the right Alt key is held down. */
-static KeyFilesDlgParam hidVolProtKeyFilesParam;
+static KeyFilesDlgParam hidVolProtKeyFilesParam = {0};
static MOUNT_LIST_STRUCT LastKnownMountList = {0};
VOLUME_NOTIFICATIONS_LIST VolumeNotificationsList;
@@ -181,12 +195,20 @@ static int bPrebootPasswordDlgMode = FALSE;
static int NoCmdLineArgs;
static BOOL CmdLineVolumeSpecified;
static int LastDriveListVolumeColumnWidth;
+static BOOL ExitMailSlotSpecified = FALSE;
+static TCHAR ExitMailSlotName[MAX_PATH];
// WTS handling
static HMODULE hWtsLib = NULL;
static WTSREGISTERSESSIONNOTIFICATION fnWtsRegisterSessionNotification = NULL;
static WTSUNREGISTERSESSIONNOTIFICATION fnWtsUnRegisterSessionNotification = NULL;
-static void RegisterWtsNotification(HWND hWnd)
+// Used to opt-in to receive notification about power events.
+// This is mandatory to support Windows 10 Modern Standby and Windows 8.1 Connected Standby power model.
+// https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/prepare-software-for-modern-standby
+// https://docs.microsoft.com/en-us/windows/win32/w8cookbook/desktop-activity-moderator?redirectedfrom=MSDN
+static HPOWERNOTIFY g_hPowerNotify = NULL;
+
+static void RegisterWtsAndPowerNotification(HWND hWnd)
{
if (!hWtsLib)
{
@@ -213,9 +235,19 @@ static void RegisterWtsNotification(HWND hWnd)
}
}
}
+
+ if (IsOSAtLeast (WIN_8))
+ {
+ REGISTERSUSPENDRESUMENOTIFICATION fnRegisterSuspendResumeNotification = (REGISTERSUSPENDRESUMENOTIFICATION) GetProcAddress (GetModuleHandle (L"user32.dll"), "RegisterSuspendResumeNotification");
+ if (fnRegisterSuspendResumeNotification)
+ {
+ g_hPowerNotify = fnRegisterSuspendResumeNotification ((HANDLE) hWnd, DEVICE_NOTIFY_WINDOW_HANDLE);
+ }
+
+ }
}
-static void UnregisterWtsNotification(HWND hWnd)
+static void UnregisterWtsAndPowerNotification(HWND hWnd)
{
if (hWtsLib && fnWtsUnRegisterSessionNotification)
{
@@ -225,6 +257,14 @@ static void UnregisterWtsNotification(HWND hWnd)
fnWtsRegisterSessionNotification = NULL;
fnWtsUnRegisterSessionNotification = NULL;
}
+
+ if (IsOSAtLeast (WIN_8) && g_hPowerNotify)
+ {
+ UNREGISTERSUSPENDRESUMENOTIFICATION fnUnregisterSuspendResumeNotification = (UNREGISTERSUSPENDRESUMENOTIFICATION) GetProcAddress (GetModuleHandle (L"user32.dll"), "UnregisterSuspendResumeNotification");
+ if (fnUnregisterSuspendResumeNotification)
+ fnUnregisterSuspendResumeNotification (g_hPowerNotify);
+ g_hPowerNotify = NULL;
+ }
}
static std::vector<MSXML2::IXMLDOMNodePtr> GetReadChildNodes (MSXML2::IXMLDOMNodeListPtr childs)
@@ -255,7 +295,7 @@ static std::vector<MSXML2::IXMLDOMNodePtr> GetReadChildNodes (MSXML2::IXMLDOMNod
static bool validateDcsPropXml(const char* xmlData)
{
bool bValid = false;
- HRESULT hr = CoInitialize(NULL);
+ HRESULT hr = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE);
if(FAILED(hr))
return false;
else
@@ -369,12 +409,13 @@ static void localcleanup (void)
burn (&CmdVolumePkcs5, sizeof (CmdVolumePkcs5));
burn (&VolumePim, sizeof (VolumePim));
burn (&CmdVolumePim, sizeof (CmdVolumePim));
- burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
- burn (&CmdVolumeTrueCryptMode, sizeof (CmdVolumeTrueCryptMode));
burn (&mountOptions, sizeof (mountOptions));
burn (&defaultMountOptions, sizeof (defaultMountOptions));
burn (szFileName, sizeof(szFileName));
+ KeyFileRemoveAll (&FirstCmdKeyFile);
+ KeyFileRemoveAll (&hidVolProtKeyFilesParam.FirstKeyFile);
+
/* Cleanup common code resources */
cleanup ();
@@ -387,6 +428,59 @@ static void localcleanup (void)
RandStop (TRUE);
}
+#ifndef BS_SPLITBUTTON
+#define BS_SPLITBUTTON 0x0000000C
+#endif
+
+#ifndef BCN_DROPDOWN
+#define BCN_DROPDOWN (0U-1250U) + 2U
+#endif
+
+static void EnableSplitButton(HWND hwndDlg, int buttonId)
+{
+ HWND hwndButton = GetDlgItem(hwndDlg, buttonId);
+ if (hwndButton != NULL)
+ {
+ // change the button style
+ SetWindowLongPtr(hwndButton, GWL_STYLE, GetWindowLongPtr(hwndButton, GWL_STYLE) | BS_SPLITBUTTON);
+ }
+}
+
+static void DisableSplitButton(HWND hwndDlg, int buttonId)
+{
+ HWND hwndButton = GetDlgItem(hwndDlg, buttonId);
+ if (hwndButton != NULL)
+ {
+ // change the button style
+ SetWindowLongPtr(hwndButton, GWL_STYLE, GetWindowLongPtr(hwndButton, GWL_STYLE) & ~BS_SPLITBUTTON);
+ }
+}
+
+static HMENU CreateMountNoCacheDropdownMenu()
+{
+ HMENU hmenu = CreatePopupMenu();
+
+ // add menu items
+ AppendMenu(hmenu, MF_STRING, IDM_MOUNIT_NO_CACHE, GetString("IDM_MOUNT_NO_CACHE"));
+
+ return hmenu;
+}
+
+static void HandleMountButtonDropdown(HWND hwndButton, HWND hwndOwner, HMENU hmenu)
+{
+ RECT rc;
+ POINT pt;
+
+ if (GetClientRect(hwndButton, &rc))
+ {
+ pt.x = rc.left;
+ pt.y = rc.bottom;
+ ClientToScreen(hwndButton, &pt);
+
+ TrackPopupMenu(hmenu, TPM_LEFTALIGN | TPM_TOPALIGN, pt.x, pt.y, 0, hwndOwner, NULL);
+ }
+}
+
void RefreshMainDlg (HWND hwndDlg)
{
if (Silent)
@@ -430,7 +524,7 @@ void EndMainDlg (HWND hwndDlg)
KillTimer (hwndDlg, TIMER_ID_MAIN);
KillTimer (hwndDlg, TIMER_ID_UPDATE_DEVICE_LIST);
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
EndDialog (hwndDlg, 0);
}
}
@@ -512,8 +606,11 @@ static void InitMainDialog (HWND hwndDlg)
e.Show (NULL);
}
- // initialize the list of devices available for mounting as early as possible
- UpdateMountableHostDeviceList ();
+ if (NeedPeriodicDeviceListUpdate)
+ {
+ // initialize the list of devices available for mounting as early as possible
+ UpdateMountableHostDeviceList ();
+ }
if (Silent)
LoadDriveLetters (hwndDlg, NULL, 0);
@@ -581,7 +678,10 @@ void EnableDisableButtons (HWND hwndDlg)
case TC_MLIST_ITEM_NONSYS_VOL:
{
SetWindowTextW (hOKButton, GetString ("UNMOUNT_BUTTON"));
+ DisableSplitButton(hwndDlg, IDOK);
EnableWindow (hOKButton, TRUE);
+ // Invalid the button IDOK so that it will be redrawn
+ InvalidateRect (hOKButton, NULL, TRUE);
EnableMenuItem (GetMenu (hwndDlg), IDM_UNMOUNT_VOLUME, MF_ENABLED);
EnableWindow (GetDlgItem (hwndDlg, IDC_VOLUME_PROPERTIES), TRUE);
@@ -591,15 +691,21 @@ void EnableDisableButtons (HWND hwndDlg)
case TC_MLIST_ITEM_SYS_PARTITION:
case TC_MLIST_ITEM_SYS_DRIVE:
+ EnableSplitButton(hwndDlg, IDOK);
EnableWindow (hOKButton, FALSE);
SetWindowTextW (hOKButton, GetString ("MOUNT_BUTTON"));
+ // Invalid the button IDOK so that it will be redrawn
+ InvalidateRect (hOKButton, NULL, TRUE);
EnableWindow (GetDlgItem (hwndDlg, IDC_VOLUME_PROPERTIES), TRUE);
EnableMenuItem (GetMenu (hwndDlg), IDM_UNMOUNT_VOLUME, MF_GRAYED);
break;
case TC_MLIST_ITEM_FREE:
default:
+ EnableSplitButton(hwndDlg, IDOK);
SetWindowTextW (hOKButton, GetString ("MOUNT_BUTTON"));
+ // Invalid the button IDOK so that it will be redrawn
+ InvalidateRect (hOKButton, NULL, TRUE);
EnableWindow (GetDlgItem (hwndDlg, IDC_VOLUME_PROPERTIES), FALSE);
EnableMenuItem (GetMenu (hwndDlg), IDM_VOLUME_PROPERTIES, MF_GRAYED);
EnableMenuItem (GetMenu (hwndDlg), IDM_UNMOUNT_VOLUME, MF_GRAYED);
@@ -904,11 +1010,13 @@ void LoadSettingsAndCheckModified (HWND hwndDlg, BOOL bOnlyCheckModified, BOOL*
defaultMountOptions.PartitionInInactiveSysEncScope = FALSE;
defaultMountOptions.RecoveryMode = FALSE;
defaultMountOptions.UseBackupHeader = FALSE;
+ defaultMountOptions.SkipCachedPasswords = FALSE;
mountOptions = defaultMountOptions;
}
ConfigReadCompareInt ("CloseSecurityTokenSessionsAfterMount", 0, &CloseSecurityTokenSessionsAfterMount, bOnlyCheckModified, pbSettingsModified);
+ ConfigReadCompareInt ("EMVSupportEnabled", 0, &EMVSupportEnabled, bOnlyCheckModified, pbSettingsModified);
if (IsHiddenOSRunning())
ConfigReadCompareInt ("HiddenSystemLeakProtNotifStatus", TC_HIDDEN_OS_READ_ONLY_NOTIF_MODE_NONE, &HiddenSysLeakProtectionNotificationStatus, bOnlyCheckModified, pbSettingsModified);
@@ -975,7 +1083,6 @@ void LoadSettingsAndCheckModified (HWND hwndDlg, BOOL bOnlyCheckModified, BOOL*
// Mount Options
ConfigReadCompareInt ("DefaultPRF", 0, &DefaultVolumePkcs5, bOnlyCheckModified, pbSettingsModified);
- ConfigReadCompareInt ("DefaultTrueCryptMode", FALSE, &DefaultVolumeTrueCryptMode, bOnlyCheckModified, pbSettingsModified);
if (bOnlyCheckModified)
{
@@ -999,8 +1106,6 @@ void LoadSettingsAndCheckModified (HWND hwndDlg, BOOL bOnlyCheckModified, BOOL*
if (DefaultVolumePkcs5 < 0 || DefaultVolumePkcs5 > LAST_PRF_ID)
DefaultVolumePkcs5 = 0;
- if (DefaultVolumeTrueCryptMode != TRUE && DefaultVolumeTrueCryptMode != FALSE)
- DefaultVolumeTrueCryptMode = FALSE;
}
@@ -1081,6 +1186,7 @@ void SaveSettings (HWND hwndDlg)
}
ConfigWriteInt ("CloseSecurityTokenSessionsAfterMount", CloseSecurityTokenSessionsAfterMount);
+ ConfigWriteInt ("EMVSupportEnabled", EMVSupportEnabled);
// Hotkeys
ConfigWriteInt ("HotkeyModAutoMountDevices", Hotkeys[HK_AUTOMOUNT_DEVICES].vKeyModifiers);
@@ -1112,7 +1218,6 @@ void SaveSettings (HWND hwndDlg)
// Mount Options
ConfigWriteInt ("DefaultPRF", DefaultVolumePkcs5);
- ConfigWriteInt ("DefaultTrueCryptMode", DefaultVolumeTrueCryptMode);
ConfigWriteEnd (hwndDlg);
}
@@ -1762,7 +1867,7 @@ void LoadDriveLetters (HWND hwndDlg, HWND hTree, int drive)
if (propSysEnc.ea >= EAGetFirst() && propSysEnc.ea <= EAGetCount())
{
- EAGetName (szTmp, propSysEnc.ea, 1);
+ EAGetName (szTmp, ARRAYSIZE(szTmp),propSysEnc.ea, 1);
}
else
{
@@ -1888,7 +1993,7 @@ void LoadDriveLetters (HWND hwndDlg, HWND hTree, int drive)
GetSizeString (bSysEncPartition ? GetSysEncDeviceSize(TRUE) : driver.diskLength[i], szTmpW, sizeof(szTmpW));
ListSubItemSet (hTree, listItem.iItem, 2, szTmpW);
- EAGetName (szTmp, bSysEncPartition ? propSysEnc.ea : driver.ea[i], 1);
+ EAGetName (szTmp, ARRAYSIZE(szTmp),bSysEncPartition ? propSysEnc.ea : driver.ea[i], 1);
listItem.iSubItem = 3;
ListView_SetItem (hTree, &listItem);
@@ -1918,13 +2023,7 @@ void LoadDriveLetters (HWND hwndDlg, HWND hTree, int drive)
ws = L"?";
}
- if (driver.truecryptMode[i])
- {
- StringCbPrintfW (szTmpW, sizeof(szTmpW), L"TrueCrypt-%s", ws);
- ListSubItemSet (hTree, listItem.iItem, 4, szTmpW);
- }
- else
- ListSubItemSet (hTree, listItem.iItem, 4, ws);
+ ListSubItemSet (hTree, listItem.iItem, 4, ws);
if (driver.volumeType[i] == PROP_VOL_TYPE_OUTER_VOL_WRITE_PREVENTED) // Normal/outer volume (hidden volume protected AND write denied)
{
@@ -2051,7 +2150,6 @@ typedef struct
int pkcs5;
int pim;
int wipePassCount;
- BOOL truecryptMode;
int* pnStatus;
} ChangePwdThreadParam;
@@ -2088,14 +2186,14 @@ void CALLBACK ChangePwdWaitThreadProc(void* pArg, HWND hwndDlg)
{
// Non-system
- *pThreadParam->pnStatus = ChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->old_pim, pThreadParam->truecryptMode, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->pim, pThreadParam->wipePassCount, hwndDlg);
+ *pThreadParam->pnStatus = ChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->old_pim, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->pim, pThreadParam->wipePassCount, hwndDlg);
if (*pThreadParam->pnStatus == ERR_OS_ERROR
&& GetLastError () == ERROR_ACCESS_DENIED
&& IsUacSupported ()
&& IsVolumeDeviceHosted (szFileName))
{
- *pThreadParam->pnStatus = UacChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->old_pim, pThreadParam->truecryptMode, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->pim, pThreadParam->wipePassCount, hwndDlg);
+ *pThreadParam->pnStatus = UacChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->old_pim, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->pim, pThreadParam->wipePassCount, hwndDlg);
}
}
}
@@ -2170,7 +2268,6 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
int i;
WipeAlgorithmId headerWipeMode = TC_WIPE_3_DOD_5220;
int EffectiveVolumePkcs5 = CmdVolumePkcs5;
- BOOL EffectiveVolumeTrueCryptMode = CmdVolumeTrueCryptMode;
int EffectiveVolumePim = CmdVolumePim;
/* Priority is given to command line parameters
@@ -2178,8 +2275,6 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
*/
if (EffectiveVolumePkcs5 == 0)
EffectiveVolumePkcs5 = DefaultVolumePkcs5;
- if (!EffectiveVolumeTrueCryptMode)
- EffectiveVolumeTrueCryptMode = DefaultVolumeTrueCryptMode;
NewPimValuePtr = (int*) lParam;
@@ -2226,9 +2321,6 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
SendMessage (hComboBox, CB_SETCURSEL, nSelectedIndex, 0);
- /* check TrueCrypt Mode if it was set as default*/
- SetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE, EffectiveVolumeTrueCryptMode);
-
/* set default PIM if set in the command line*/
if (EffectiveVolumePim > 0)
{
@@ -2327,10 +2419,6 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
if (bSysEncPwdChangeDlgMode)
{
- /* No support for changing the password of TrueCrypt system partition */
- SetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE, FALSE);
- EnableWindow (GetDlgItem (hwndDlg, IDC_TRUECRYPT_MODE), FALSE);
-
ToBootPwdField (hwndDlg, IDC_PASSWORD);
ToBootPwdField (hwndDlg, IDC_VERIFY);
ToBootPwdField (hwndDlg, IDC_OLD_PASSWORD);
@@ -2371,6 +2459,17 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
}
CheckCapsLock (hwndDlg, FALSE);
+
+ if (!bSecureDesktopOngoing)
+ {
+ PasswordEditDropTarget* pTarget = new PasswordEditDropTarget ();
+ if (pTarget->Register (hwndDlg))
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) pTarget);
+ }
+ else
+ delete pTarget;
+ }
return 0;
}
@@ -2647,14 +2746,6 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
}
- if (lw == IDC_TRUECRYPT_MODE)
- {
- BOOL bEnablePim = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE) ? FALSE: TRUE;
- EnableWindow (GetDlgItem (hwndDlg, IDT_OLD_PIM), bEnablePim);
- EnableWindow (GetDlgItem (hwndDlg, IDC_OLD_PIM), bEnablePim);
- EnableWindow (GetDlgItem (hwndDlg, IDC_OLD_PIM_HELP), bEnablePim);
- }
-
if (lw == IDC_SHOW_PASSWORD_CHPWD_ORI)
{
HandleShowPasswordFieldAction (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_ORI, IDC_OLD_PASSWORD, IDC_OLD_PIM);
@@ -2683,22 +2774,10 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_OLD_PRF_ID), CB_GETCURSEL, 0, 0), 0);
int pkcs5 = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
- BOOL truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
int old_pim = GetPim (hwndDlg, IDC_OLD_PIM, 0);
int pim = GetPim (hwndDlg, IDC_PIM, 0);
- int iMaxPasswordLength = (bUseLegacyMaxPasswordLength || truecryptMode)? MAX_LEGACY_PASSWORD : MAX_PASSWORD;
-
- if (truecryptMode && !is_pkcs5_prf_supported (old_pkcs5, TRUE, PRF_BOOT_NO))
- {
- Error ("ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
- return 1;
- }
- else if (truecryptMode && (old_pim != 0))
- {
- Error ("PIM_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
- return 1;
- }
+ int iMaxPasswordLength = (bUseLegacyMaxPasswordLength)? MAX_LEGACY_PASSWORD : MAX_PASSWORD;
if (bSysEncPwdChangeDlgMode && !CheckPasswordCharEncoding (GetDlgItem (hwndDlg, IDC_PASSWORD), NULL))
{
@@ -2745,7 +2824,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
GetVolumePath (hParent, szFileName, ARRAYSIZE (szFileName));
- if (GetPassword (hwndDlg, IDC_OLD_PASSWORD, (LPSTR) oldPassword.Text, iMaxPasswordLength + 1, truecryptMode, TRUE))
+ if (GetPassword (hwndDlg, IDC_OLD_PASSWORD, (LPSTR) oldPassword.Text, iMaxPasswordLength + 1, FALSE, TRUE))
oldPassword.Length = (unsigned __int32) strlen ((char *) oldPassword.Text);
else
{
@@ -2792,7 +2871,6 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
changePwdParam.pim = pim;
changePwdParam.wipePassCount = GetWipePassCount(headerWiperMode);
changePwdParam.pnStatus = &nStatus;
- changePwdParam.truecryptMode = truecryptMode;
ShowWaitDialog(hwndDlg, TRUE, ChangePwdWaitThreadProc, &changePwdParam);
@@ -2836,6 +2914,19 @@ err:
return 1;
}
return 0;
+
+ case WM_NCDESTROY:
+ {
+ /* unregister drap-n-drop support */
+ PasswordEditDropTarget* pTarget = (PasswordEditDropTarget*) GetWindowLongPtr (hwndDlg, DWLP_USER);
+ if (pTarget)
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) 0);
+ pTarget->Revoke ();
+ pTarget->Release();
+ }
+ }
+ return 0;
}
return 0;
@@ -2854,7 +2945,6 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
static Password *szXPwd;
static int *pkcs5;
static int *pim;
- static BOOL* truecryptMode;
switch (msg)
{
@@ -2864,7 +2954,6 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
szXPwd = ((PasswordDlgParam *) lParam) -> password;
pkcs5 = ((PasswordDlgParam *) lParam) -> pkcs5;
pim = ((PasswordDlgParam *) lParam) -> pim;
- truecryptMode = ((PasswordDlgParam *) lParam) -> truecryptMode;
LocalizeDialog (hwndDlg, "IDD_PASSWORD_DLG");
DragAcceptFiles (hwndDlg, TRUE);
@@ -2942,14 +3031,6 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
{
EnableWindow (GetDlgItem (hwndDlg, IDC_CACHE), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_MOUNT_OPTIONS), FALSE);
- /* Disable TrueCrypt mode option in case of backup/restore header operation */
- SetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE, FALSE);
- EnableWindow (GetDlgItem (hwndDlg, IDC_TRUECRYPT_MODE), FALSE);
- }
- else if (*truecryptMode)
- {
- /* Check TrueCryptMode if it is enabled on the command line */
- SetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE, TRUE);
}
if (!SetForegroundWindow (hwndDlg) && (FavoriteMountOnArrivalInProgress || LogOn))
@@ -2968,7 +3049,21 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
SetWindowPos (hwndDlg, HWND_NOTOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE);
}
SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD));
- SetTimer (hwndDlg, TIMER_ID_CHECK_FOREGROUND, TIMER_INTERVAL_CHECK_FOREGROUND, NULL);
+
+ /* Start the timer to check if we are foreground only if Secure Desktop is not used */
+ /* Implement Text drag-n-drop in order to support droping password from KeePass directly only if Secure Desktop is not used */
+ if (!bSecureDesktopOngoing)
+ {
+ SetTimer (hwndDlg, TIMER_ID_CHECK_FOREGROUND, TIMER_INTERVAL_CHECK_FOREGROUND, NULL);
+
+ PasswordEditDropTarget* pTarget = new PasswordEditDropTarget ();
+ if (pTarget->Register (hwndDlg))
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) pTarget);
+ }
+ else
+ delete pTarget;
+ }
}
return 0;
@@ -3011,11 +3106,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
if (keybLayout != 0x00000409 && keybLayout != 0x04090409)
{
Error ("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", hwndDlg);
- EndDialog (hwndDlg, IDCANCEL);
- return 1;
+ /* don't be too agressive on enforcing an English keyboard layout. E.g. on WindowsPE this call fails and
+ * then the user can only mount a system encrypted device using the command line by passing the password as a parameter
+ * (which might not be obvious for not so advanced users).
+ *
+ * Now, we informed the user that English keyboard is required, if it is not available the volume can just not be mounted.
+ * There should be no other drawback (as e.g., on the change password dialog, when you might change to a password which won't
+ * work on the pre-start environment.
+ */
}
-
- if (SetTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)
+ else if (SetTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)
{
Error ("CANNOT_SET_TIMER", hwndDlg);
EndDialog (hwndDlg, IDCANCEL);
@@ -3127,14 +3227,6 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
return 1;
}
- if (lw == IDC_TRUECRYPT_MODE)
- {
- BOOL bEnablePim = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE) ? FALSE: TRUE;
- EnableWindow (GetDlgItem (hwndDlg, IDT_PIM), bEnablePim);
- EnableWindow (GetDlgItem (hwndDlg, IDC_PIM), bEnablePim);
- EnableWindow (GetDlgItem (hwndDlg, IDC_PIM_HELP), bEnablePim);
- }
-
if (lw == IDC_KEY_FILES)
{
KeyFilesDlgParam param;
@@ -3167,38 +3259,19 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
if (lw == IDOK)
{
- BOOL bTrueCryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
- int iMaxPasswordLength = (bUseLegacyMaxPasswordLength || bTrueCryptMode)? MAX_LEGACY_PASSWORD : MAX_PASSWORD;
+ int iMaxPasswordLength = (bUseLegacyMaxPasswordLength)? MAX_LEGACY_PASSWORD : MAX_PASSWORD;
if (mountOptions.ProtectHiddenVolume && hidVolProtKeyFilesParam.EnableKeyFiles)
KeyFilesApply (hwndDlg, &mountOptions.ProtectedHidVolPassword, hidVolProtKeyFilesParam.FirstKeyFile, wcslen (PasswordDlgVolume) > 0 ? PasswordDlgVolume : NULL);
- if (GetPassword (hwndDlg, IDC_PASSWORD, (LPSTR) szXPwd->Text, iMaxPasswordLength + 1, bTrueCryptMode, TRUE))
+ if (GetPassword (hwndDlg, IDC_PASSWORD, (LPSTR) szXPwd->Text, iMaxPasswordLength + 1, FALSE, TRUE))
szXPwd->Length = (unsigned __int32) strlen ((char *) szXPwd->Text);
else
return 1;
bCacheInDriver = IsButtonChecked (GetDlgItem (hwndDlg, IDC_CACHE));
*pkcs5 = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
- *truecryptMode = bTrueCryptMode;
*pim = GetPim (hwndDlg, IDC_PIM, 0);
-
- /* check that PRF is supported in TrueCrypt Mode */
- if ( (*truecryptMode)
- && ((!is_pkcs5_prf_supported (*pkcs5, TRUE, PRF_BOOT_NO)) || (mountOptions.ProtectHiddenVolume && !is_pkcs5_prf_supported (mountOptions.ProtectedHidVolPkcs5Prf, TRUE, PRF_BOOT_NO)))
- )
- {
- Error ("ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
- return 1;
- }
-
- if ( (*truecryptMode)
- && (*pim != 0)
- )
- {
- Error ("PIM_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
- return 1;
- }
}
// Attempt to wipe password stored in the input field buffer
@@ -3227,6 +3300,19 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
}
return 0;
+ case WM_NCDESTROY:
+ {
+ /* unregister drap-n-drop support */
+ PasswordEditDropTarget* pTarget = (PasswordEditDropTarget*) GetWindowLongPtr (hwndDlg, DWLP_USER);
+ if (pTarget)
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) 0);
+ pTarget->Revoke ();
+ pTarget->Release();
+ }
+ }
+ return 0;
+
case WM_CONTEXTMENU:
{
RECT buttonRect;
@@ -3640,6 +3726,17 @@ BOOL CALLBACK MountOptionsDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
ToHyperlink (hwndDlg, IDC_LINK_HIDVOL_PROTECTION_INFO);
+ if (!bSecureDesktopOngoing)
+ {
+ PasswordEditDropTarget* pTarget = new PasswordEditDropTarget ();
+ if (pTarget->Register (hwndDlg))
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) pTarget);
+ }
+ else
+ delete pTarget;
+ }
+
}
return 0;
@@ -3797,6 +3894,19 @@ BOOL CALLBACK MountOptionsDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
}
return 0;
+
+ case WM_NCDESTROY:
+ {
+ /* unregister drap-n-drop support */
+ PasswordEditDropTarget* pTarget = (PasswordEditDropTarget*) GetWindowLongPtr (hwndDlg, DWLP_USER);
+ if (pTarget)
+ {
+ SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) 0);
+ pTarget->Revoke ();
+ pTarget->Release();
+ }
+ }
+ return 0;
}
return 0;
@@ -4061,17 +4171,10 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
ListSubItemSet (list, i++, 1, GetString (IsHiddenOSRunning() ? "TYPE_HIDDEN_SYSTEM_ADJECTIVE" : "SYSTEM_VOLUME_TYPE_ADJECTIVE"));
else
{
- bool truecryptMode = prop.pkcs5Iterations == get_pkcs5_iteration_count(prop.pkcs5, 0, TRUE, prop.partitionInInactiveSysEncScope);
s = prop.hiddenVolume ? GetString ("HIDDEN") :
(prop.hiddenVolProtection != HIDVOL_PROT_STATUS_NONE ? GetString ("OUTER") : GetString ("NORMAL"));
- if (truecryptMode)
- {
- StringCbPrintfW (sw, sizeof(sw), L"TrueCrypt - %s", s);
- ListSubItemSet (list, i++, 1, sw);
- }
- else
- ListSubItemSet (list, i++, 1, s);
+ ListSubItemSet (list, i++, 1, s);
}
if (!bSysEnc)
@@ -4109,14 +4212,14 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
return 1;
}
- EAGetName (szTmp, prop.ea, 1);
+ EAGetName (szTmp, ARRAYSIZE(szTmp), prop.ea, 1);
ListSubItemSet (list, i++, 1, szTmp);
// Key size(s)
{
wchar_t name[128];
int size = EAGetKeySize (prop.ea);
- EAGetName (name, prop.ea, 1);
+ EAGetName (name, ARRAYSIZE(name), prop.ea, 1);
// Primary key
ListItemAdd (list, i, GetString ("KEY_SIZE"));
@@ -4177,7 +4280,7 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
GetDateFormatW (LOCALE_USER_DEFAULT, 0, &st, 0, sw, sizeof (sw)/2);
swprintf (date, L"%s ", sw);
GetTimeFormatW (LOCALE_USER_DEFAULT, 0, &st, 0, sw, sizeof (sw)/2);
- wcscat (date, sw);
+ StringCchCatW (date, ARRAYSIZE(date), sw);
ListSubItemSet (list, i++, 1, date);
// Header date
@@ -4187,7 +4290,7 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
GetDateFormatW (LOCALE_USER_DEFAULT, 0, &st, 0, sw, sizeof (sw)/2);
swprintf (date, L"%s ", sw);
GetTimeFormatW (LOCALE_USER_DEFAULT, 0, &st, 0, sw, sizeof (sw)/2);
- wcscat (date, sw);
+ StringCchCatW (date, ARRAYSIZE(date), sw);
GetLocalTime (&st);
SystemTimeToFileTime (&st, &curFt);
@@ -4411,7 +4514,7 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
wchar_t dstPath[MAX_PATH * 2];
GetDlgItemText (hwndDlg, IDC_DIRECTORY, dstPath, ARRAYSIZE (dstPath));
- if (BrowseDirectories (hwndDlg, "SELECT_DEST_DIR", dstPath))
+ if (BrowseDirectories (hwndDlg, "SELECT_DEST_DIR", dstPath, dstPath))
SetDlgItemText (hwndDlg, IDC_DIRECTORY, dstPath);
return 1;
@@ -4515,6 +4618,20 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
goto stop;
}
+ // Main app ARM 64-bit
+ StringCbPrintfW(srcPath, sizeof(srcPath), L"%s\\VeraCrypt-arm64.exe", appDir);
+ StringCbPrintfW(dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt-arm64.exe", dstDir);
+ if (!VerifyModuleSignature(srcPath))
+ {
+ Error("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile(srcPath, dstPath))
+ {
+ handleWin32Error(hwndDlg, SRC_POS);
+ goto stop;
+ }
+
// Wizard
if (copyWizard)
{
@@ -4545,6 +4662,20 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
}
+
+ // Wizard ARM 64-bit
+ StringCbPrintfW(srcPath, sizeof(srcPath), L"%s\\VeraCrypt Format-arm64.exe", appDir);
+ StringCbPrintfW(dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format-arm64.exe", dstDir);
+ if (!VerifyModuleSignature(srcPath))
+ {
+ Error("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile(srcPath, dstPath))
+ {
+ handleWin32Error(hwndDlg, SRC_POS);
+ goto stop;
+ }
}
// Expander
@@ -4577,6 +4708,20 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
}
+
+ // Expander ARM 64-bit
+ StringCbPrintfW(srcPath, sizeof(srcPath), L"%s\\VeraCryptExpander-arm64.exe", appDir);
+ StringCbPrintfW(dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander-arm64.exe", dstDir);
+ if (!VerifyModuleSignature(srcPath))
+ {
+ Error("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile(srcPath, dstPath))
+ {
+ handleWin32Error(hwndDlg, SRC_POS);
+ goto stop;
+ }
}
// Driver
@@ -4606,22 +4751,43 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
}
+
+ // Driver ARM64
+ StringCbPrintfW(srcPath, sizeof(srcPath), L"%s\\veracrypt-arm64.sys", appDir);
+ StringCbPrintfW(dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-arm64.sys", dstDir);
+ if (!VerifyModuleSignature(srcPath))
+ {
+ Error("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile(srcPath, dstPath))
+ {
+ handleWin32Error(hwndDlg, SRC_POS);
+ goto stop;
+ }
}
else
{
int fileNo = 0;
+ BOOL bMsiX64Case = FALSE;
// get file from the Setup binary after checking its signature and its version
- StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Setup.exe", appDir);
+ StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt COMReg.exe", appDir); // MSI installation case
+ if (FileExists(srcPath))
+ {
+ bMsiX64Case = TRUE;
+ }
+ else
+ StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Setup.exe", appDir); // EXE installation case
FreeAllFileBuffers ();
- if (!VerifyPackageIntegrity (srcPath) || !SelfExtractInMemory (srcPath))
+ if (!VerifyPackageIntegrity (srcPath) || !SelfExtractInMemory (srcPath, TRUE) || (!bMsiX64Case && (Decompressed_Files_Count != NBR_COMPRESSED_FILES)))
{
MessageBoxW (hwndDlg, GetString ("DIST_PACKAGE_CORRUPTED"), lpszTitle, MB_ICONEXCLAMATION);
goto stop;
}
- for (fileNo = 0; fileNo < NBR_COMPRESSED_FILES; fileNo++)
+ for (fileNo = 0; fileNo < Decompressed_Files_Count; fileNo++)
{
wchar_t fileName [TC_MAX_PATH] = {0};
@@ -4636,6 +4802,10 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
{
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt-x64.exe", dstDir);
}
+ else if (wcscmp(fileName, L"VeraCrypt-arm64.exe") == 0)
+ {
+ StringCbPrintfW(dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt-arm64.exe", dstDir);
+ }
else if (wcscmp (fileName, L"veracrypt.sys") == 0)
{
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt.sys", dstDir);
@@ -4644,6 +4814,10 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
{
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-x64.sys", dstDir);
}
+ else if (wcscmp(fileName, L"veracrypt-arm64.sys") == 0)
+ {
+ StringCbPrintfW(dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-arm64.sys", dstDir);
+ }
else if (copyWizard && (wcscmp (fileName, L"VeraCrypt Format.exe") == 0))
{
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format.exe", dstDir);
@@ -4652,6 +4826,10 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
{
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format-x64.exe", dstDir);
}
+ else if (copyWizard && (wcscmp(fileName, L"VeraCrypt Format-arm64.exe") == 0))
+ {
+ StringCbPrintfW(dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format-arm64.exe", dstDir);
+ }
else if (copyExpander && (wcscmp (fileName, L"VeraCryptExpander.exe") == 0))
{
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander.exe", dstDir);
@@ -4660,6 +4838,10 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
{
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander-x64.exe", dstDir);
}
+ else if (copyExpander && (wcscmp(fileName, L"VeraCryptExpander-arm64.exe") == 0))
+ {
+ StringCbPrintfW(dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander-arm64.exe", dstDir);
+ }
else
continue;
@@ -4676,6 +4858,71 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
goto stop;
}
}
+
+ if (bMsiX64Case)
+ {
+ // Main app
+ StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt.exe", appDir);
+ StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt-x64.exe", dstDir);
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
+ {
+ handleWin32Error (hwndDlg, SRC_POS);
+ goto stop;
+ }
+
+ // Wizard
+ if (copyWizard)
+ {
+ StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Format.exe", appDir);
+ StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format-x64.exe", dstDir);
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
+ {
+ handleWin32Error (hwndDlg, SRC_POS);
+ goto stop;
+ }
+ }
+
+ // Expander
+ if (copyExpander)
+ {
+ StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCryptExpander.exe", appDir);
+ StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander-x64.exe", dstDir);
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
+ {
+ handleWin32Error (hwndDlg, SRC_POS);
+ goto stop;
+ }
+ }
+
+ // Driver
+ StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt.sys", appDir);
+ StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-x64.sys", dstDir);
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
+ {
+ handleWin32Error (hwndDlg, SRC_POS);
+ goto stop;
+ }
+ }
}
if (strcmp (GetPreferredLangId (), "en") != 0)
@@ -4868,7 +5115,7 @@ LPARAM GetItemLong (HWND hTree, int itemNo)
return item.lParam;
}
-static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int *pim, BOOL* truecryptMode, char *titleStringId, BOOL enableMountOptions)
+static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int *pim, char *titleStringId, BOOL enableMountOptions)
{
INT_PTR result;
PasswordDlgParam dlgParam;
@@ -4879,7 +5126,6 @@ static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int
dlgParam.password = password;
dlgParam.pkcs5 = pkcs5;
dlgParam.pim = pim;
- dlgParam.truecryptMode = truecryptMode;
result = SecureDesktopDialogBoxParam (hInst,
MAKEINTRESOURCEW (IDD_PASSWORD_DLG), hwndDlg,
@@ -4890,7 +5136,6 @@ static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int
password->Length = 0;
*pkcs5 = 0;
*pim = -1;
- *truecryptMode = FALSE;
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf));
}
@@ -4900,12 +5145,11 @@ static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int
// GUI actions
-static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim, int pkcs5, int trueCryptMode)
+static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim, int pkcs5)
{
BOOL status = FALSE;
wchar_t fileName[MAX_PATH];
int mounted = 0, EffectiveVolumePkcs5 = 0;
- BOOL EffectiveVolumeTrueCryptMode = FALSE;
int EffectiveVolumePim = (pim < 0)? CmdVolumePim : pim;
BOOL bEffectiveCacheDuringMultipleMount = bCmdCacheDuringMultipleMount? TRUE: bCacheDuringMultipleMount;
BOOL bEffectiveTryEmptyPasswordWhenKeyfileUsed = bCmdTryEmptyPasswordWhenKeyfileUsedValid? bCmdTryEmptyPasswordWhenKeyfileUsed : bTryEmptyPasswordWhenKeyfileUsed;
@@ -4921,23 +5165,6 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
else
EffectiveVolumePkcs5 = DefaultVolumePkcs5;
- if (trueCryptMode >= 0)
- EffectiveVolumeTrueCryptMode = (trueCryptMode == 0)? FALSE : TRUE;
- else if (CmdVolumeTrueCryptMode)
- EffectiveVolumeTrueCryptMode = TRUE;
- else
- EffectiveVolumeTrueCryptMode = DefaultVolumeTrueCryptMode;
-
- if (EffectiveVolumeTrueCryptMode)
- {
- /* No PIM Mode if TrueCrypt Mode specified */
- EffectiveVolumePim = 0;
-
- /* valdate the effective PRF is compatible with TrueCrypt Mode */
- if (!is_pkcs5_prf_supported (EffectiveVolumePkcs5, TRUE, mountOptions.PartitionInInactiveSysEncScope? PRF_BOOT_MBR : PRF_BOOT_NO))
- EffectiveVolumePkcs5 = 0;
- }
-
bPrebootPasswordDlgMode = mountOptions.PartitionInInactiveSysEncScope;
if (nDosDriveNo == -1)
@@ -4947,7 +5174,6 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
{
VolumePassword.Length = 0;
VolumePkcs5 = 0;
- VolumeTrueCryptMode = FALSE;
VolumePim = -1;
}
@@ -4995,10 +5221,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
if (!bUseCmdVolumePassword)
{
// First try cached passwords and if they fail ask user for a new one
- if (EffectiveVolumeTrueCryptMode)
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, EffectiveVolumePkcs5, 0, TRUE, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
- else
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, EffectiveVolumePkcs5, EffectiveVolumePim, FALSE, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, EffectiveVolumePkcs5, EffectiveVolumePim, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
// If keyfiles are enabled, test empty password first
if (!mounted && KeyFilesEnable && FirstKeyFile && bEffectiveTryEmptyPasswordWhenKeyfileUsed)
@@ -5007,10 +5230,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
KeyFilesApply (hwndDlg, &emptyPassword, FirstKeyFile, szFileName);
- if (EffectiveVolumeTrueCryptMode)
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, EffectiveVolumePkcs5, 0, TRUE, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
- else
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, EffectiveVolumePkcs5, EffectiveVolumePim, FALSE, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, EffectiveVolumePkcs5, EffectiveVolumePim, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
burn (&emptyPassword, sizeof (emptyPassword));
}
@@ -5019,11 +5239,8 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
// Test password and/or keyfiles used for the previous volume
if (!mounted && bEffectiveCacheDuringMultipleMount && MultipleMountOperationInProgress && VolumePassword.Length != 0)
{
- // try TrueCrypt mode first as it is quick, only if no custom pim specified
- if (EffectiveVolumeTrueCryptMode)
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, EffectiveVolumePkcs5, 0, TRUE, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
- else // if no PIM specified for favorite, we use also the PIM of the previous volume alongside its password.
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, EffectiveVolumePkcs5, (EffectiveVolumePim < 0)? VolumePim : EffectiveVolumePim, FALSE, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
+ // if no PIM specified for favorite, we use also the PIM of the previous volume alongside its password.
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, EffectiveVolumePkcs5, (EffectiveVolumePim < 0)? VolumePim : EffectiveVolumePim, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
}
NormalCursor ();
@@ -5042,25 +5259,21 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
{
VolumePassword = CmdVolumePassword;
VolumePkcs5 = EffectiveVolumePkcs5;
- VolumeTrueCryptMode = EffectiveVolumeTrueCryptMode;
VolumePim = EffectiveVolumePim;
}
else if (!Silent)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
- BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
int GuiPim = EffectiveVolumePim;
StringCbCopyW (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName);
- if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPim, &GuiTrueCryptMode, NULL, TRUE))
+ if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPim, NULL, TRUE))
goto ret;
else
{
VolumePkcs5 = GuiPkcs5;
- VolumeTrueCryptMode = GuiTrueCryptMode;
VolumePim = GuiPim;
burn (&GuiPkcs5, sizeof(GuiPkcs5));
- burn (&GuiTrueCryptMode, sizeof(GuiTrueCryptMode));
burn (&GuiPim, sizeof(GuiPim));
}
}
@@ -5070,7 +5283,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
if (KeyFilesEnable)
KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile, szFileName);
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumePim, VolumeTrueCryptMode, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, !Silent);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumePim, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, !Silent);
NormalCursor ();
// Check for problematic file extensions (exe, dll, sys)
@@ -5081,7 +5294,6 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
{
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
- burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
burn (&VolumePim, sizeof (VolumePim));
}
@@ -5117,20 +5329,21 @@ ret:
{
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
- burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
burn (&VolumePim, sizeof (VolumePim));
}
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf));
+ mountOptions.SkipCachedPasswords = FALSE;
+
RestoreDefaultKeyFilesParam ();
if (UsePreferences)
bCacheInDriver = bCacheInDriverDefault;
if (status && CloseSecurityTokenSessionsAfterMount && !MultipleMountOperationInProgress)
- SecurityToken::CloseAllSessions();
+ SecurityToken::CloseAllSessions(); // TODO Use Token
return status;
}
@@ -5142,7 +5355,14 @@ static BOOL Dismount (HWND hwndDlg, int nDosDriveNo)
WaitCursor ();
if (nDosDriveNo == -2)
+ {
nDosDriveNo = (char) (HIWORD (GetSelectedLong (GetDlgItem (hwndDlg, IDC_DRIVELIST))) - L'A');
+ if (nDosDriveNo < 0 || nDosDriveNo >= 26)
+ {
+ NormalCursor ();
+ return FALSE;
+ }
+ }
if (bCloseDismountedWindows)
{
@@ -5156,9 +5376,6 @@ static BOOL Dismount (HWND hwndDlg, int nDosDriveNo)
if (bBeep)
MessageBeep (0xFFFFFFFF);
RefreshMainDlg (hwndDlg);
-
- if (nCurrentOS == WIN_2000 && RemoteSession && !IsAdmin ())
- LoadDriveLetters (hwndDlg, GetDlgItem (hwndDlg, IDC_DRIVELIST), 0);
}
NormalCursor ();
@@ -5173,7 +5390,7 @@ void __cdecl mountThreadFunction (void *hwndDlgArg)
EnableWindow(hwndDlg, FALSE);
finally_do_arg2 (HWND, hwndDlg, BOOL, bIsForeground, { EnableWindow(finally_arg, TRUE); if (finally_arg2) BringToForeground (finally_arg); bPrebootPasswordDlgMode = FALSE;});
- Mount (hwndDlg, -1, 0, -1, -1, -1);
+ Mount (hwndDlg, -1, 0, -1, -1);
}
typedef struct
@@ -5333,9 +5550,6 @@ retry:
RefreshMainDlg (hwndDlg);
- if (nCurrentOS == WIN_2000 && RemoteSession && !IsAdmin ())
- LoadDriveLetters (hwndDlg, GetDlgItem (hwndDlg, IDC_DRIVELIST), 0);
-
NormalCursor();
if (unmount.nReturnCode != 0)
@@ -5351,21 +5565,18 @@ retry:
goto retry;
}
- if (IsOSAtLeast (WIN_7))
+ // Undo SHCNE_DRIVEREMOVED
+ if ( DeviceIoControl (hDriver, TC_IOCTL_GET_MOUNTED_VOLUMES, NULL, 0, &mountList, sizeof (mountList), &dwResult, NULL)
+ && mountList.ulMountedDrives
+ && (mountList.ulMountedDrives < (1 << 26))
+ )
{
- // Undo SHCNE_DRIVEREMOVED
- if ( DeviceIoControl (hDriver, TC_IOCTL_GET_MOUNTED_VOLUMES, NULL, 0, &mountList, sizeof (mountList), &dwResult, NULL)
- && mountList.ulMountedDrives
- && (mountList.ulMountedDrives < (1 << 26))
- )
+ for (i = 0; i < 26; i++)
{
- for (i = 0; i < 26; i++)
+ if (mountList.ulMountedDrives & (1 << i))
{
- if (mountList.ulMountedDrives & (1 << i))
- {
- wchar_t root[] = { (wchar_t) i + L'A', L':', L'\\', 0 };
- SHChangeNotify (SHCNE_DRIVEADD, SHCNF_PATH, root, NULL);
- }
+ wchar_t root[] = { (wchar_t) i + L'A', L':', L'\\', 0 };
+ SHChangeNotify (SHCNE_DRIVEADD, SHCNF_PATH, root, NULL);
}
}
}
@@ -5393,18 +5604,16 @@ static BOOL MountAllDevicesThreadCode (HWND hwndDlg, BOOL bPasswordPrompt)
int mountedVolCount = 0;
vector <HostDevice> devices;
int EffectiveVolumePkcs5 = CmdVolumePkcs5;
- BOOL EffectiveVolumeTrueCryptMode = CmdVolumeTrueCryptMode;
/* Priority is given to command line parameters
* Default values used only when nothing specified in command line
*/
if (EffectiveVolumePkcs5 == 0)
EffectiveVolumePkcs5 = DefaultVolumePkcs5;
- if (!EffectiveVolumeTrueCryptMode)
- EffectiveVolumeTrueCryptMode = DefaultVolumeTrueCryptMode;
VolumePassword.Length = 0;
mountOptions = defaultMountOptions;
+ mountOptions.SkipCachedPasswords = FALSE;
bPrebootPasswordDlgMode = FALSE;
VolumePim = -1;
@@ -5422,18 +5631,15 @@ static BOOL MountAllDevicesThreadCode (HWND hwndDlg, BOOL bPasswordPrompt)
if (!CmdVolumePasswordValid && bPasswordPrompt)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
- BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
int GuiPim = CmdVolumePim;
PasswordDlgVolume[0] = '\0';
- if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPim, &GuiTrueCryptMode, NULL, TRUE))
+ if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPim, NULL, TRUE))
goto ret;
else
{
VolumePkcs5 = GuiPkcs5;
- VolumeTrueCryptMode = GuiTrueCryptMode;
VolumePim = GuiPim;
burn (&GuiPkcs5, sizeof(GuiPkcs5));
- burn (&GuiTrueCryptMode, sizeof(GuiTrueCryptMode));
burn (&GuiPim, sizeof(GuiPim));
}
}
@@ -5442,7 +5648,6 @@ static BOOL MountAllDevicesThreadCode (HWND hwndDlg, BOOL bPasswordPrompt)
bPasswordPrompt = FALSE;
VolumePassword = CmdVolumePassword;
VolumePkcs5 = EffectiveVolumePkcs5;
- VolumeTrueCryptMode = EffectiveVolumeTrueCryptMode;
VolumePim = CmdVolumePim;
}
@@ -5526,8 +5731,8 @@ static BOOL MountAllDevicesThreadCode (HWND hwndDlg, BOOL bPasswordPrompt)
}
// First try user password then cached passwords
- if ((mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumePim, VolumeTrueCryptMode, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, TRUE, FALSE)) > 0
- || ((VolumePassword.Length > 0) && ((mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, VolumePkcs5, VolumePim, VolumeTrueCryptMode, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, TRUE, FALSE)) > 0)))
+ if ((mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumePim, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, TRUE, FALSE)) > 0
+ || ((VolumePassword.Length > 0) && ((mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, VolumePkcs5, VolumePim, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, TRUE, FALSE)) > 0)))
{
// A volume has been successfully mounted
@@ -5606,7 +5811,6 @@ static BOOL MountAllDevicesThreadCode (HWND hwndDlg, BOOL bPasswordPrompt)
{
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
- burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
burn (&VolumePim, sizeof (VolumePim));
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf));
@@ -5630,14 +5834,13 @@ static BOOL MountAllDevicesThreadCode (HWND hwndDlg, BOOL bPasswordPrompt)
}
if (status && CloseSecurityTokenSessionsAfterMount)
- SecurityToken::CloseAllSessions();
+ SecurityToken::CloseAllSessions(); // TODO Use Token
ret:
MultipleMountOperationInProgress = FALSE;
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
- burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
burn (&VolumePim, sizeof (VolumePim));
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf));
@@ -6069,8 +6272,6 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
return;
}
- WaitCursor();
-
// Make sure the user is not attempting to decrypt a partition on an entirely encrypted system drive.
if (IsNonSysPartitionOnSysDrive (scPath.c_str ()) == 1)
{
@@ -6088,8 +6289,6 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
{
// The system drive MAY be entirely encrypted (external access without PBA) and the potentially encrypted OS is not running
- NormalCursor ();
-
Warning ("CANT_DECRYPT_PARTITION_ON_ENTIRELY_ENCRYPTED_SYS_DRIVE_UNSURE", hwndDlg);
// We allow the user to continue as we don't know if the drive is really an encrypted system drive.
@@ -6318,6 +6517,14 @@ static void ShowSystemEncryptionStatus (HWND hwndDlg)
if (GetAsyncKeyState (VK_SHIFT) < 0 && GetAsyncKeyState (VK_CONTROL) < 0)
{
// Ctrl+Shift held (for debugging purposes)
+ int64 encryptedRatio = 0;
+ if (BootEncStatus.DriveEncrypted
+ && (BootEncStatus.ConfiguredEncryptedAreaStart >= 0)
+ && (BootEncStatus.ConfiguredEncryptedAreaEnd >= BootEncStatus.ConfiguredEncryptedAreaStart)
+ )
+ {
+ encryptedRatio = (BootEncStatus.EncryptedAreaEnd + 1 - BootEncStatus.EncryptedAreaStart) * 100I64 / (BootEncStatus.ConfiguredEncryptedAreaEnd + 1 - BootEncStatus.ConfiguredEncryptedAreaStart);
+ }
DebugMsgBox ("Debugging information for system encryption:\n\nDeviceFilterActive: %d\nBootLoaderVersion: %x\nSetupInProgress: %d\nSetupMode: %d\nVolumeHeaderPresent: %d\nDriveMounted: %d\nDriveEncrypted: %d\n"
"HiddenSystem: %d\nHiddenSystemPartitionStart: %I64d\n"
@@ -6335,7 +6542,7 @@ static void ShowSystemEncryptionStatus (HWND hwndDlg)
BootEncStatus.ConfiguredEncryptedAreaEnd,
BootEncStatus.EncryptedAreaStart,
BootEncStatus.EncryptedAreaEnd,
- !BootEncStatus.DriveEncrypted ? 0 : (BootEncStatus.EncryptedAreaEnd + 1 - BootEncStatus.EncryptedAreaStart) * 100I64 / (BootEncStatus.ConfiguredEncryptedAreaEnd + 1 - BootEncStatus.ConfiguredEncryptedAreaStart));
+ encryptedRatio);
}
if (!BootEncStatus.DriveEncrypted && !BootEncStatus.DriveMounted)
@@ -6360,7 +6567,7 @@ static void ResumeInterruptedNonSysInplaceEncProcess (BOOL bDecrypt)
BOOL SelectContainer (HWND hwndDlg)
{
- if (BrowseFiles (hwndDlg, "OPEN_VOL_TITLE", szFileName, bHistory, FALSE, NULL) == FALSE)
+ if (BrowseFiles (hwndDlg, "OPEN_VOL_TITLE", szFileName, bHistory, FALSE) == FALSE)
return FALSE;
AddComboItem (GetDlgItem (hwndDlg, IDC_VOLUME), szFileName, bHistory);
@@ -6691,12 +6898,12 @@ void DisplayDriveListContextMenu (HWND hwndDlg, LPARAM lParam)
{
case IDPM_SELECT_FILE_AND_MOUNT:
if (SelectContainer (hwndDlg))
- MountSelectedVolume (hwndDlg, FALSE);
+ MountSelectedVolume (hwndDlg, FALSE, FALSE);
break;
case IDPM_SELECT_DEVICE_AND_MOUNT:
if (SelectPartition (hwndDlg))
- MountSelectedVolume (hwndDlg, FALSE);
+ MountSelectedVolume (hwndDlg, FALSE, FALSE);
break;
case IDPM_CHECK_FILESYS:
@@ -6748,6 +6955,7 @@ void DisplayDriveListContextMenu (HWND hwndDlg, LPARAM lParam)
else
{
mountOptions = defaultMountOptions;
+ mountOptions.SkipCachedPasswords = FALSE;
bPrebootPasswordDlgMode = FALSE;
if (CheckMountList (hwndDlg, FALSE))
@@ -6771,6 +6979,41 @@ void DisplayDriveListContextMenu (HWND hwndDlg, LPARAM lParam)
}
}
+// broadcast signal to WAITFOR.EXE MailSlot to notify any waiting instance that we are exiting
+static void SignalExitCode (int exitCode)
+{
+ if (ExitMailSlotSpecified)
+ {
+ HANDLE hFile;
+ hFile = CreateFile (ExitMailSlotName,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ (LPSECURITY_ATTRIBUTES) NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ (HANDLE) NULL);
+ if ((hFile == INVALID_HANDLE_VALUE) && (GetLastError () == ERROR_FILE_NOT_FOUND))
+ {
+ // MailSlot not found, wait 1 second and try again in case we exited too quickly
+ Sleep (1000);
+ hFile = CreateFile (ExitMailSlotName,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ (LPSECURITY_ATTRIBUTES) NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ (HANDLE) NULL);
+ }
+ if (hFile != INVALID_HANDLE_VALUE)
+ {
+ char szMsg[64];
+ DWORD cbWritten;
+ StringCbPrintfA (szMsg, sizeof (szMsg), "VeraCrypt Exit %d", exitCode);
+ WriteFile(hFile, szMsg, (DWORD) (strlen (szMsg) +1), &cbWritten, (LPOVERLAPPED) NULL);
+ CloseHandle (hFile);
+ }
+ }
+}
/* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure
should return nonzero if it processes a message, and zero if it does not. */
@@ -6850,6 +7093,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
AbortProcess ("COMMAND_LINE_ERROR");
}
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ ActivateMemoryProtection ();
+ }
+
if (ComServerMode)
{
InitDialog (hwndDlg);
@@ -6935,7 +7184,6 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
BOOL mounted = FALSE;
int EffectiveVolumePkcs5 = CmdVolumePkcs5;
- BOOL EffectiveVolumeTrueCryptMode = CmdVolumeTrueCryptMode;
BOOL bEffectiveTryEmptyPasswordWhenKeyfileUsed = bCmdTryEmptyPasswordWhenKeyfileUsedValid? bCmdTryEmptyPasswordWhenKeyfileUsed : bTryEmptyPasswordWhenKeyfileUsed;
if (!VolumePathExists (szFileName))
@@ -6949,8 +7197,6 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
*/
if (EffectiveVolumePkcs5 == 0)
EffectiveVolumePkcs5 = DefaultVolumePkcs5;
- if (!EffectiveVolumeTrueCryptMode)
- EffectiveVolumeTrueCryptMode = DefaultVolumeTrueCryptMode;
// Command line password or keyfiles
if (CmdVolumePassword.Length != 0 || (FirstCmdKeyFile && (CmdVolumePasswordValid || bEffectiveTryEmptyPasswordWhenKeyfileUsed)))
@@ -6961,7 +7207,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
KeyFilesApply (hwndDlg, &CmdVolumePassword, FirstCmdKeyFile, szFileName);
mounted = MountVolume (hwndDlg, szDriveLetter[0] - L'A',
- szFileName, &CmdVolumePassword, EffectiveVolumePkcs5, CmdVolumePim, EffectiveVolumeTrueCryptMode, bCacheInDriver, bIncludePimInCache, bForceMount,
+ szFileName, &CmdVolumePassword, EffectiveVolumePkcs5, CmdVolumePim, bCacheInDriver, bIncludePimInCache, bForceMount,
&mountOptions, Silent, reportBadPasswd);
burn (&CmdVolumePassword, sizeof (CmdVolumePassword));
@@ -6969,13 +7215,13 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
else
{
// Cached password
- mounted = MountVolume (hwndDlg, szDriveLetter[0] - L'A', szFileName, NULL, EffectiveVolumePkcs5, CmdVolumePim, EffectiveVolumeTrueCryptMode, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, szDriveLetter[0] - L'A', szFileName, NULL, EffectiveVolumePkcs5, CmdVolumePim, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, Silent, FALSE);
}
if (FirstCmdKeyFile)
{
KeyFileRemoveAll (&FirstKeyFile);
- FirstKeyFile = FirstCmdKeyFile;
+ KeyFileCloneAll (FirstCmdKeyFile, &FirstKeyFile);
KeyFilesEnable = TRUE;
}
@@ -6984,20 +7230,17 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
int GuiPkcs5 = EffectiveVolumePkcs5;
int GuiPim = CmdVolumePim;
- BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
VolumePassword.Length = 0;
StringCbCopyW (PasswordDlgVolume, sizeof(PasswordDlgVolume),szFileName);
- if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPim, &GuiTrueCryptMode, NULL, TRUE))
+ if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPim, NULL, TRUE))
break;
else
{
VolumePkcs5 = GuiPkcs5;
VolumePim = GuiPim;
- VolumeTrueCryptMode = GuiTrueCryptMode;
burn (&GuiPkcs5, sizeof(GuiPkcs5));
burn (&GuiPim, sizeof(GuiPim));
- burn (&GuiTrueCryptMode, sizeof(GuiTrueCryptMode));
}
WaitCursor ();
@@ -7005,12 +7248,11 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (KeyFilesEnable && FirstKeyFile)
KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile, szFileName);
- mounted = MountVolume (hwndDlg, szDriveLetter[0] - L'A', szFileName, &VolumePassword, VolumePkcs5, VolumePim, VolumeTrueCryptMode, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, FALSE, TRUE);
+ mounted = MountVolume (hwndDlg, szDriveLetter[0] - L'A', szFileName, &VolumePassword, VolumePkcs5, VolumePim, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, FALSE, TRUE);
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
burn (&VolumePim, sizeof (VolumePim));
- burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf));
@@ -7111,7 +7353,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (Quit)
{
if (TaskBarIconMutex == NULL)
+ {
+ SignalExitCode (exitCode);
exit (exitCode);
+ }
MainWindowHidden = TRUE;
@@ -7123,6 +7368,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
if (TaskBarIconMutex)
TaskBarIconRemove (hwndDlg);
+ SignalExitCode (exitCode);
exit (exitCode);
}
else
@@ -7224,7 +7470,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
if (TaskBarIconMutex != NULL)
- RegisterWtsNotification(hwndDlg);
+ RegisterWtsAndPowerNotification(hwndDlg);
DoPostInstallTasks (hwndDlg);
ResetCurrentDirectory ();
}
@@ -7286,7 +7532,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (bWipeCacheOnAutoDismount)
{
DeviceIoControl (hDriver, TC_IOCTL_WIPE_PASSWORD_CACHE, NULL, 0, NULL, 0, &dwResult, NULL);
- SecurityToken::CloseAllSessions();
+ SecurityToken::CloseAllSessions(); // TODO Use Token
}
DismountAll (hwndDlg, bForceAutoDismount, TRUE, UNMOUNT_MAX_AUTO_RETRIES, UNMOUNT_AUTO_RETRY_DELAY);
@@ -7309,7 +7555,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
}
EndMainDlg (hwndDlg);
localcleanup ();
@@ -7325,7 +7571,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (bWipeCacheOnAutoDismount)
{
DeviceIoControl (hDriver, TC_IOCTL_WIPE_PASSWORD_CACHE, NULL, 0, NULL, 0, &dwResult, NULL);
- SecurityToken::CloseAllSessions();
+ SecurityToken::CloseAllSessions(); // TODO Use Token
}
DismountAll (hwndDlg, bForceAutoDismount, TRUE, UNMOUNT_MAX_AUTO_RETRIES, UNMOUNT_AUTO_RETRY_DELAY);
@@ -7336,7 +7582,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
if (wParam == TIMER_ID_UPDATE_DEVICE_LIST)
{
- UpdateMountableHostDeviceList ();
+ if (NeedPeriodicDeviceListUpdate)
+ UpdateMountableHostDeviceList ();
}
else
{
@@ -7381,7 +7628,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (bWipeCacheOnAutoDismount)
{
DeviceIoControl (hDriver, TC_IOCTL_WIPE_PASSWORD_CACHE, NULL, 0, NULL, 0, &dwResult, NULL);
- SecurityToken::CloseAllSessions();
+ SecurityToken::CloseAllSessions(); // TODO Use Token
}
DismountAll (hwndDlg, bForceAutoDismount, FALSE, UNMOUNT_MAX_AUTO_RETRIES, UNMOUNT_AUTO_RETRY_DELAY);
@@ -7526,7 +7773,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
&& GetDriverRefCount () < 2)
{
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
EndMainDlg (hwndDlg);
}
}
@@ -7653,7 +7900,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
EnumWindows (CloseTCWindowsEnum, 0);
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
SendMessage (hwndDlg, WM_COMMAND, sel, 0);
}
}
@@ -7674,7 +7921,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
case TC_APPMSG_CLOSE_BKG_TASK:
if (TaskBarIconMutex != NULL)
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
return 1;
@@ -7811,6 +8058,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
else if (LOWORD (GetSelectedLong (GetDlgItem (hwndDlg, IDC_DRIVELIST))) == TC_MLIST_ITEM_FREE)
{
mountOptions = defaultMountOptions;
+ mountOptions.SkipCachedPasswords = FALSE;
bPrebootPasswordDlgMode = FALSE;
if (GetAsyncKeyState (VK_CONTROL) < 0)
@@ -7860,6 +8108,18 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
}
}
+ else
+ {
+ LPNMHDR pnmh = (LPNMHDR)lParam;
+
+ if (pnmh->idFrom == IDOK && pnmh->code == BCN_DROPDOWN)
+ {
+ // Create a popup menu for the split button
+ HMENU hmenu = CreateMountNoCacheDropdownMenu();
+ HandleMountButtonDropdown(pnmh->hwndFrom, hwndDlg, hmenu);
+ DestroyMenu(hmenu);
+ }
+ }
return 0;
case WM_ERASEBKGND:
@@ -7906,9 +8166,9 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
return 1;
}
- if ((lw == IDOK || lw == IDM_MOUNT_VOLUME || lw == IDM_MOUNT_VOLUME_OPTIONS))
+ if ((lw == IDOK || lw == IDM_MOUNT_VOLUME || lw == IDM_MOUNT_VOLUME_OPTIONS || lw == IDM_MOUNIT_NO_CACHE))
{
- MountSelectedVolume (hwndDlg, lw == IDM_MOUNT_VOLUME_OPTIONS);
+ MountSelectedVolume (hwndDlg, lw == IDM_MOUNT_VOLUME_OPTIONS, lw == IDM_MOUNIT_NO_CACHE);
return 1;
}
@@ -7981,6 +8241,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
mountOptions = defaultMountOptions;
mountOptions.PartitionInInactiveSysEncScope = TRUE;
+ mountOptions.SkipCachedPasswords = FALSE;
bPrebootPasswordDlgMode = TRUE;
if (CheckMountList (hwndDlg, FALSE))
@@ -8266,7 +8527,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
WaitCursor();
finally_do ({ NormalCursor(); });
- SecurityToken::CloseAllSessions();
+ SecurityToken::CloseAllSessions(); // TODO Use Token
}
InfoBalloon (NULL, "ALL_TOKEN_SESSIONS_CLOSED", hwndDlg);
@@ -8350,12 +8611,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (bEnableBkgTask)
{
TaskBarIconAdd (hwndDlg);
- RegisterWtsNotification(hwndDlg);
+ RegisterWtsAndPowerNotification(hwndDlg);
}
else
{
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
if (MainWindowHidden)
EndMainDlg (hwndDlg);
}
@@ -8625,12 +8886,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
WaitCursor ();
- if (!(nCurrentOS == WIN_2000 && RemoteSession))
- {
- BroadcastDeviceChange (DBT_DEVICEREMOVECOMPLETE, 0, ~driveMap);
- Sleep (100);
- BroadcastDeviceChange (DBT_DEVICEARRIVAL, 0, driveMap);
- }
+
+ BroadcastDeviceChange (DBT_DEVICEREMOVECOMPLETE, 0, ~driveMap);
+ Sleep (100);
+ BroadcastDeviceChange (DBT_DEVICEARRIVAL, 0, driveMap);
LoadDriveLetters (hwndDlg, GetDlgItem (hwndDlg, IDC_DRIVELIST), 0);
@@ -8830,6 +9089,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
/* Defaults */
mountOptions.PreserveTimestamp = TRUE;
+ mountOptions.SkipCachedPasswords = FALSE;
if (_wcsicmp (lpszCommandLine, L"-Embedding") == 0)
{
@@ -8867,11 +9127,13 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionVolume,
CommandWipeCache,
OptionPkcs5,
- OptionTrueCryptMode,
OptionPim,
OptionTryEmptyPassword,
OptionNoWaitDlg,
OptionSecureDesktop,
+ OptionDisableDeviceUpdate,
+ OptionEnableMemoryProtection,
+ OptionSignalExit,
};
argument args[]=
@@ -8894,12 +9156,14 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionSilent, L"/silent", L"/s", FALSE },
{ OptionTokenLib, L"/tokenlib", NULL, FALSE },
{ OptionTokenPin, L"/tokenpin", NULL, FALSE },
- { OptionTrueCryptMode, L"/truecrypt", L"/tc", FALSE },
{ OptionVolume, L"/volume", L"/v", FALSE },
{ CommandWipeCache, L"/wipecache", L"/w", FALSE },
{ OptionTryEmptyPassword, L"/tryemptypass", NULL, FALSE },
{ OptionNoWaitDlg, L"/nowaitdlg", NULL, FALSE },
{ OptionSecureDesktop, L"/secureDesktop", NULL, FALSE },
+ { OptionDisableDeviceUpdate, L"/disableDeviceUpdate", NULL, FALSE },
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
+ { OptionSignalExit, L"/signalExit", NULL, FALSE },
};
argumentspec as;
@@ -8990,6 +9254,29 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
}
break;
+ case OptionDisableDeviceUpdate:
+ {
+ DisablePeriodicDeviceListUpdate = TRUE;
+ }
+ break;
+
+ case OptionEnableMemoryProtection:
+ {
+ EnableMemoryProtection = TRUE;
+ }
+ break;
+
+ case OptionSignalExit:
+ if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs, &i,
+ nNoCommandLineArgs, tmpPath, ARRAYSIZE (tmpPath)))
+ {
+ StringCbPrintfW (ExitMailSlotName, sizeof (ExitMailSlotName), L"\\\\.\\mailslot\\WAITFOR.EXE\\%s", tmpPath);
+ ExitMailSlotSpecified = TRUE;
+ }
+ else
+ AbortProcess ("COMMAND_LINE_ERROR");
+ break;
+
case OptionCache:
{
wchar_t szTmp[16] = {0};
@@ -9227,7 +9514,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
case OptionTokenPin:
{
- wchar_t szTmp[SecurityToken::MaxPasswordLength + 1] = {0};
+ wchar_t szTmp[SecurityToken::MaxPasswordLength + 1] = {0}; // TODO Use Token
if (GetArgumentValue (lpszCommandLineArgs, &i, nNoCommandLineArgs, szTmp, ARRAYSIZE (szTmp)) == HAS_ARGUMENT)
{
if (0 == WideCharToMultiByte (CP_UTF8, 0, szTmp, -1, CmdTokenPin, TC_MAX_PATH, nullptr, nullptr))
@@ -9260,8 +9547,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
CmdVolumePkcs5 = SHA512;
else if (_wcsicmp(szTmp, L"sha256") == 0)
CmdVolumePkcs5 = SHA256;
- else if (_wcsicmp(szTmp, L"ripemd160") == 0)
- CmdVolumePkcs5 = RIPEMD160;
+ else if ((_wcsicmp(szTmp, L"blake2s") == 0) || (_wcsicmp(szTmp, L"blake2s-256") == 0))
+ CmdVolumePkcs5 = BLAKE2S;
else
{
/* match using internal hash names */
@@ -9297,10 +9584,6 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
}
break;
- case OptionTrueCryptMode:
- CmdVolumeTrueCryptMode = TRUE;
- break;
-
// no option = file name if there is only one argument
default:
{
@@ -9319,9 +9602,9 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
}
}
- if (CmdVolumePasswordValid && (CmdVolumeTrueCryptMode || (CmdMountOptionsValid && bPrebootPasswordDlgMode)))
+ if (CmdVolumePasswordValid && CmdMountOptionsValid && bPrebootPasswordDlgMode)
{
- /* truncate the password to 64 first characer in case of TrueCrypt Mode or System Encryption */
+ /* truncate the password to 64 first characer in case of System Encryption */
if (lstrlen (CmdRawPassword) > MAX_LEGACY_PASSWORD)
{
int iLen;
@@ -9359,6 +9642,70 @@ static HDEVNOTIFY SystemFavoriteServiceNotify = NULL;
DEFINE_GUID(OCL_GUID_DEVCLASS_SOFTWARECOMPONENT, 0x5c4c3332, 0x344d, 0x483c, 0x87, 0x39, 0x25, 0x9e, 0x93, 0x4c, 0x9c, 0xc8);
+// This functions returns a vector containing all devices currently connected to the system
+void BuildDeviceList(std::vector<CDevice>& devices)
+{
+ devices.clear();
+
+ // Get device info set for all devices
+ HDEVINFO hDevInfo = SetupDiGetClassDevs(NULL, NULL, NULL, DIGCF_ALLCLASSES | DIGCF_PRESENT);
+ if (hDevInfo != INVALID_HANDLE_VALUE)
+ {
+ SP_DEVINFO_DATA deviceInfoData;
+ deviceInfoData.cbSize = sizeof(SP_DEVINFO_DATA);
+
+ // Enumerate through all devices in set
+ for (DWORD i = 0; SetupDiEnumDeviceInfo(hDevInfo, i, &deviceInfoData); i++)
+ {
+ // Get device path
+ WCHAR szDeviceID[MAX_PATH];
+ if (CR_SUCCESS == CM_Get_Device_IDW(deviceInfoData.DevInst, szDeviceID, MAX_PATH, 0))
+ {
+ // Add to vector
+ devices.push_back(CDevice(szDeviceID));
+ }
+ }
+
+ SetupDiDestroyDeviceInfoList(hDevInfo); // Cleanup
+ }
+}
+
+// This function build a device ID value from the dbcc_name field of a DEV_BROADCAST_DEVICEINTERFACE structure
+// In case of error, the device ID is set to an empty string
+// Algorithm taken from https://www.codeproject.com/Articles/14500/Detecting-Hardware-Insertion-and-or-Removal#premain174347
+void GetDeviceID(PDEV_BROADCAST_DEVICEINTERFACE pDevInf, WCHAR* szDevId)
+{
+ szDevId[0] = L'\0';
+ if (lstrlen(pDevInf->dbcc_name) < 4) return;
+ if (lstrlen(pDevInf->dbcc_name) - 4 >= MAX_PATH) return;
+
+ StringCchCopyW(szDevId, MAX_PATH, pDevInf->dbcc_name + 4);
+
+ // find last occurrence of '#'
+ wchar_t *idx = wcsrchr(szDevId, L'#');
+ if(!idx)
+ {
+ szDevId[0] = L'\0';
+ return;
+ }
+
+ // truncate string at last '#'
+ *idx = L'\0';
+
+ // replace '#' with '\\' and convert string to upper case
+ for (wchar_t *p = szDevId; *p; ++p)
+ {
+ if (*p == L'#')
+ {
+ *p = L'\\';
+ }
+ else
+ {
+ *p = towupper((unsigned)*p);
+ }
+ }
+}
+
static void SystemFavoritesServiceLogMessage (const wstring &errorMessage, WORD wType)
{
HANDLE eventSource = RegisterEventSource (NULL, TC_SYSTEM_FAVORITES_SERVICE_NAME);
@@ -9397,6 +9744,49 @@ static void SystemFavoritesServiceSetStatus (DWORD status, DWORD waitHint = 0)
SetServiceStatus (SystemFavoritesServiceStatusHandle, &SystemFavoritesServiceStatus);
}
+static void SystemFavoritesServiceUpdateLoaderProcessing (BOOL bForce)
+{
+ SystemFavoritesServiceLogInfo (L"SystemFavoritesServiceUpdateLoaderProcessing called");
+ if (bForce || !(BootEncObj->ReadServiceConfigurationFlags () & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER))
+ {
+ SystemFavoritesServiceLogInfo (L"SystemFavoritesServiceUpdateLoaderProcessing processing");
+ try
+ {
+ BootEncryption::UpdateSetupConfigFile (true);
+ SystemFavoritesServiceLogInfo (L"SystemFavoritesServiceUpdateLoaderProcessing: UpdateSetupConfigFile called");
+ if (!BootEncStatus.HiddenSystem)
+ {
+ // re-install our bootloader again in case the update process has removed it.
+ bool bForceSetNextBoot = false;
+ bool bSetBootentry = true;
+ bool bForceFirstBootEntry = true;
+ bool bPostOOBE = true;
+ if (bForce)
+ bPostOOBE = false;
+ else
+ {
+ uint32 flags = BootEncObj->ReadServiceConfigurationFlags ();
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT)
+ bForceSetNextBoot = true;
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY)
+ bSetBootentry = false;
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY)
+ bForceFirstBootEntry = false;
+ }
+ BootEncryption bootEnc (NULL, bPostOOBE, bSetBootentry, bForceFirstBootEntry, bForceSetNextBoot);
+ SystemFavoritesServiceLogInfo (L"SystemFavoritesServiceUpdateLoaderProcessing: InstallBootLoader calling");
+ bootEnc.InstallBootLoader (true);
+ SystemFavoritesServiceLogInfo (L"SystemFavoritesServiceUpdateLoaderProcessing: InstallBootLoader called");
+ }
+ }
+ catch (...)
+ {
+ }
+ }
+}
+
+// Global vector containing all devices previsouly knwon to the system
+std::vector<CDevice> g_Devices;
static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
DWORD dwEventType,
@@ -9409,26 +9799,7 @@ static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
case SERVICE_CONTROL_STOP:
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
- if (bSystemIsGPT)
- {
- uint32 serviceFlags = BootEncObj->ReadServiceConfigurationFlags ();
- if (!(serviceFlags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER))
- {
- try
- {
- BootEncryption::UpdateSetupConfigFile (true);
- if (!BootEncStatus.HiddenSystem)
- {
- // re-install our bootloader again in case the update process has removed it.
- BootEncryption bootEnc (NULL, true);
- bootEnc.InstallBootLoader (true);
- }
- }
- catch (...)
- {
- }
- }
- }
+ SystemFavoritesServiceUpdateLoaderProcessing (FALSE);
/* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION flag */
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, FALSE);
@@ -9436,6 +9807,36 @@ static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
break;
+ case SERVICE_CONTROL_POWEREVENT:
+ {
+ /* perform fixing of bootloader and SetupConfig.ini when the system resumes from sleep */
+ if (dwEventType == PBT_APMRESUMEAUTOMATIC)
+ {
+ SystemFavoritesServiceUpdateLoaderProcessing (FALSE);
+ }
+ }
+ break;
+ case SERVICE_CONTROL_SESSIONCHANGE:
+ {
+ /* perform fixing of bootloader and SetupConfig.ini when the user logs in or when he unlocks his locked session */
+ if ((dwEventType == WTS_SESSION_UNLOCK) || (dwEventType == WTS_SESSION_LOGON))
+ {
+ SystemFavoritesServiceUpdateLoaderProcessing (FALSE);
+ }
+ }
+ break;
+ case VC_SERVICE_CONTROL_BUILD_DEVICE_LIST:
+ {
+ /* build a list of all devices currently connected to the system */
+ /* ignore if clear keys configuration is already set */
+ if (!(ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION))
+ {
+ SystemFavoritesServiceLogInfo (L"VC_SERVICE_CONTROL_BUILD_DEVICE_LIST received");
+ g_Devices.clear ();
+ BuildDeviceList (g_Devices);
+ }
+ }
+ break;
case SERVICE_CONTROL_DEVICEEVENT:
if (DBT_DEVICEARRIVAL == dwEventType)
{
@@ -9457,13 +9858,44 @@ static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
{
bClearKeys = FALSE;
}
+ else
+ {
+ WCHAR szDevId[MAX_PATH];
+ GetDeviceID(pInf, szDevId);
+ // device ID must contain "VID_" and "PID_" to be valid and it must not start with "SWD\" or "ROOT\"
+ if (wcsstr(szDevId, L"VID_") && wcsstr(szDevId, L"PID_") && wcsstr(szDevId, L"SWD\\") != szDevId && wcsstr(szDevId, L"ROOT\\") != szDevId)
+ {
+ CDevice dev(szDevId);
+ // look for the device in the list of devices already known to us and if it is there, then don't clear keys
+ if (std::find(g_Devices.begin(), g_Devices.end(), dev) != g_Devices.end())
+ {
+ bClearKeys = FALSE;
+ }
+ else
+ {
+ // trace the device ID of the new device in the log
+ WCHAR szMsg[2*MAX_PATH];
+ StringCbPrintfW(szMsg, sizeof(szMsg), L"SERVICE_CONTROL_DEVICEEVENT - New device ID: %s", szDevId);
+ SystemFavoritesServiceLogInfo (szMsg);
+ }
+ }
+ else
+ {
+ bClearKeys = FALSE;
+ }
+ }
}
if (bClearKeys)
{
DWORD cbBytesReturned = 0;
+
DeviceIoControl (hDriver, VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS, NULL, 0, NULL, 0, &cbBytesReturned, NULL);
}
+ else
+ {
+ SystemFavoritesServiceLogInfo (L"SERVICE_CONTROL_DEVICEEVENT - DBT_DEVICEARRIVAL ignored");
+ }
}
}
}
@@ -9497,14 +9929,20 @@ static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
BOOL status = FALSE;
DEV_BROADCAST_DEVICEINTERFACE hdr;
BOOL bSkipMount = FALSE;
+ BOOL bUpdateLoader = FALSE;
+ DWORD i;
memset (&SystemFavoritesServiceStatus, 0, sizeof (SystemFavoritesServiceStatus));
SystemFavoritesServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
SystemFavoritesServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
- if (IsOSAtLeast (WIN_VISTA))
- SystemFavoritesServiceStatus.dwControlsAccepted |= SERVICE_ACCEPT_PRESHUTDOWN;
+ SystemFavoritesServiceStatus.dwControlsAccepted |= SERVICE_ACCEPT_PRESHUTDOWN | SERVICE_ACCEPT_SESSIONCHANGE | SERVICE_ACCEPT_POWEREVENT;
- if ((argc >= 2) && (0 == _wcsicmp (argv[1], VC_SYSTEM_FAVORITES_SERVICE_ARG_SKIP_MOUNT)))
- bSkipMount = TRUE;
+ for (i = 1; i < argc; i++)
+ {
+ if (0 == _wcsicmp (argv[i], VC_SYSTEM_FAVORITES_SERVICE_ARG_SKIP_MOUNT))
+ bSkipMount = TRUE;
+ else if (0 == _wcsicmp (argv[i], VC_SYSTEM_FAVORITES_SERVICE_ARG_UPDATE_LOADER))
+ bUpdateLoader = TRUE;
+ }
ZeroMemory (&hdr, sizeof(hdr));
hdr.dbcc_size = sizeof (hdr);
@@ -9523,14 +9961,18 @@ static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
SetUnhandledExceptionFilter (SystemFavoritesServiceExceptionHandler);
_set_invalid_parameter_handler (SystemFavoritesServiceInvalidParameterHandler);
+ if (bUpdateLoader)
+ {
+ SystemFavoritesServiceSetStatus (SERVICE_START_PENDING, 120000);
+ SystemFavoritesServiceUpdateLoaderProcessing (TRUE);
+ }
+
if (!bSkipMount)
{
InitGlobalLocks ();
SystemFavoritesServiceSetStatus (SERVICE_START_PENDING, 120000);
SystemFavoritesServiceLogInfo (wstring (L"Initializing list of host devices"));
- // initialize the list of devices available for mounting as early as possible
- UpdateMountableHostDeviceList ();
SystemFavoritesServiceLogInfo (wstring (L"Starting System Favorites mounting process"));
@@ -9553,6 +9995,8 @@ static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
if (!(ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD))
WipeCache (NULL, TRUE);
+
+ SystemFavoritesServiceUpdateLoaderProcessing (FALSE);
}
SystemFavoritesServiceSetStatus (SERVICE_RUNNING);
@@ -9688,7 +10132,6 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz
DialogBoxParamW (hInstance, MAKEINTRESOURCEW (IDD_MOUNT_DLG), NULL, (DLGPROC) MainDialogProc,
(LPARAM) lpszCommandLine);
- FinalizeApp ();
/* Terminate */
return 0;
}
@@ -9726,7 +10169,7 @@ BOOL TaskBarIconAdd (HWND hwnd)
ScreenDPI >= 120 ? 0 : 16,
(ScreenDPI >= 120 ? LR_DEFAULTSIZE : 0)
| LR_SHARED
- | (nCurrentOS != WIN_2000 ? LR_DEFAULTCOLOR : LR_VGACOLOR)); // Windows 2000 cannot display more than 16 fixed colors in notification tray
+ | LR_DEFAULTCOLOR);
StringCbCopyW (tnid.szTip, sizeof(tnid.szTip), L"VeraCrypt");
@@ -9778,7 +10221,7 @@ BOOL TaskBarIconChange (HWND hwnd, int iconId)
ScreenDPI >= 120 ? 0 : 16,
(ScreenDPI >= 120 ? LR_DEFAULTSIZE : 0)
| LR_SHARED
- | (nCurrentOS != WIN_2000 ? LR_DEFAULTCOLOR : LR_VGACOLOR)); // Windows 2000 cannot display more than 16 fixed colors in notification tray
+ | LR_DEFAULTCOLOR);
return Shell_NotifyIcon (NIM_MODIFY, &tnid);
}
@@ -9841,7 +10284,7 @@ void DismountIdleVolumes ()
if (bWipeCacheOnAutoDismount)
{
DeviceIoControl (hDriver, TC_IOCTL_WIPE_PASSWORD_CACHE, NULL, 0, NULL, 0, &dwResult, NULL);
- SecurityToken::CloseAllSessions();
+ SecurityToken::CloseAllSessions(); // TODO Use Token
}
}
}
@@ -9949,7 +10392,7 @@ static BOOL MountFavoriteVolumeBase (HWND hwnd, const FavoriteVolume &favorite,
if (ServiceMode)
SystemFavoritesServiceLogInfo (wstring (L"Mounting system favorite \"") + effectiveVolumePath + L"\"");
- status = Mount (hwnd, drive, (wchar_t *) effectiveVolumePath.c_str(), favorite.Pim, favorite.Pkcs5, favorite.TrueCryptMode);
+ status = Mount (hwnd, drive, (wchar_t *) effectiveVolumePath.c_str(), favorite.Pim, favorite.Pkcs5);
if (ServiceMode)
{
@@ -10025,6 +10468,7 @@ BOOL MountFavoriteVolumes (HWND hwnd, BOOL systemFavorites, BOOL logOnMount, BOO
}
mountOptions = defaultMountOptions;
+ mountOptions.SkipCachedPasswords = FALSE;
VolumePassword.Length = 0;
MultipleMountOperationInProgress = (favoriteVolumeToMount.Path.empty() || FavoriteMountOnArrivalInProgress);
@@ -10111,9 +10555,6 @@ BOOL MountFavoriteVolumes (HWND hwnd, BOOL systemFavorites, BOOL logOnMount, BOO
{
Sleep (5000);
- SystemFavoritesServiceLogInfo (wstring (L"Updating list of host devices"));
- UpdateMountableHostDeviceList ();
-
SystemFavoritesServiceLogInfo (wstring (L"Trying to mount skipped system favorites"));
// Update the service status to avoid being killed
@@ -10169,10 +10610,9 @@ BOOL MountFavoriteVolumes (HWND hwnd, BOOL systemFavorites, BOOL logOnMount, BOO
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
burn (&VolumePim, sizeof (VolumePim));
- burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
if (bRet && CloseSecurityTokenSessionsAfterMount)
- SecurityToken::CloseAllSessions();
+ SecurityToken::CloseAllSessions(); // TODO Use Token
return bRet;
}
@@ -10326,7 +10766,7 @@ static void HandleHotKey (HWND hwndDlg, WPARAM wParam)
MessageBeep (0xFFFFFFFF);
}
TaskBarIconRemove (hwndDlg);
- UnregisterWtsNotification(hwndDlg);
+ UnregisterWtsAndPowerNotification(hwndDlg);
EndMainDlg (hwndDlg);
break;
@@ -10350,7 +10790,7 @@ static void HandleHotKey (HWND hwndDlg, WPARAM wParam)
break;
case HK_CLOSE_SECURITY_TOKEN_SESSIONS:
- SecurityToken::CloseAllSessions();
+ SecurityToken::CloseAllSessions(); // TODO Use Token
InfoBalloon (NULL, "ALL_TOKEN_SESSIONS_CLOSED", hwndDlg);
@@ -10442,7 +10882,7 @@ int BackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, const wchar_t *
{
int GuiPkcs5 = ((EffectiveVolumePkcs5 > 0) && (*askPkcs5 == 0))? EffectiveVolumePkcs5 : *askPkcs5;
int GuiPim = ((EffectiveVolumePim > 0) && (*askPim <= 0))? EffectiveVolumePim : *askPim;
- if (!AskVolumePassword (hwndDlg, askPassword, &GuiPkcs5, &GuiPim, &VolumeTrueCryptMode, type == TC_VOLUME_TYPE_HIDDEN ? "ENTER_HIDDEN_VOL_PASSWORD" : "ENTER_NORMAL_VOL_PASSWORD", FALSE))
+ if (!AskVolumePassword (hwndDlg, askPassword, &GuiPkcs5, &GuiPim, type == TC_VOLUME_TYPE_HIDDEN ? "ENTER_HIDDEN_VOL_PASSWORD" : "ENTER_NORMAL_VOL_PASSWORD", FALSE))
{
nStatus = ERR_SUCCESS;
goto ret;
@@ -10460,7 +10900,7 @@ int BackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, const wchar_t *
if (KeyFilesEnable && FirstKeyFile)
KeyFilesApply (hwndDlg, askPassword, FirstKeyFile, lpszVolume);
- nStatus = OpenVolume (askVol, lpszVolume, askPassword, *askPkcs5, *askPim, VolumeTrueCryptMode, FALSE, bPreserveTimestamp, FALSE);
+ nStatus = OpenVolume (askVol, lpszVolume, askPassword, *askPkcs5, *askPim, FALSE, bPreserveTimestamp, FALSE);
NormalCursor();
@@ -10517,7 +10957,7 @@ noHidden:
goto ret;
/* Select backup file */
- if (!BrowseFiles (hwndDlg, "OPEN_TITLE", szFileName, bHistory, TRUE, NULL))
+ if (!BrowseFiles (hwndDlg, "OPEN_TITLE", szFileName, bHistory, TRUE))
goto ret;
/* Conceive the backup file */
@@ -10618,7 +11058,6 @@ error:
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
burn (&VolumePim, sizeof (VolumePim));
- burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
burn (&hiddenVolPassword, sizeof (hiddenVolPassword));
burn (temporaryKey, sizeof (temporaryKey));
burn (originalK2, sizeof (originalK2));
@@ -10730,7 +11169,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
int GuiPkcs5 = ((EffectiveVolumePkcs5 > 0) && (VolumePkcs5 == 0))? EffectiveVolumePkcs5 : VolumePkcs5;
int GuiPim = ((EffectiveVolumePim > 0) && (VolumePim <= 0))? EffectiveVolumePim : VolumePim;
StringCbCopyW (PasswordDlgVolume, sizeof(PasswordDlgVolume), lpszVolume);
- if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPim, &VolumeTrueCryptMode, NULL, FALSE))
+ if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPim, NULL, FALSE))
{
nStatus = ERR_SUCCESS;
goto ret;
@@ -10748,7 +11187,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
if (KeyFilesEnable && FirstKeyFile)
KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile, lpszVolume);
- nStatus = OpenVolume (&volume, lpszVolume, &VolumePassword, VolumePkcs5, VolumePim, VolumeTrueCryptMode,TRUE, bPreserveTimestamp, TRUE);
+ nStatus = OpenVolume (&volume, lpszVolume, &VolumePassword, VolumePkcs5, VolumePim,TRUE, bPreserveTimestamp, TRUE);
NormalCursor();
@@ -10801,7 +11240,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
}
/* Select backup file */
- if (!BrowseFiles (hwndDlg, "OPEN_TITLE", szFileName, bHistory, FALSE, NULL))
+ if (!BrowseFiles (hwndDlg, "OPEN_TITLE", szFileName, bHistory, FALSE))
{
nStatus = ERR_SUCCESS;
goto ret;
@@ -10842,6 +11281,21 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
nStatus = ERR_OS_ERROR;
goto error;
}
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access timestamp is not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time. */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
// Determine volume host size
if (bDevice)
@@ -10912,15 +11366,6 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
hostSize = fileSize.QuadPart;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time. */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
- }
/* Read the volume header from the backup file */
char buffer[TC_VOLUME_HEADER_GROUP_SIZE];
@@ -10965,7 +11410,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
{
int GuiPkcs5 = ((EffectiveVolumePkcs5 > 0) && (VolumePkcs5 == 0))? EffectiveVolumePkcs5 : VolumePkcs5;
int GuiPim = ((EffectiveVolumePim > 0) && (VolumePim <= 0))? EffectiveVolumePim : VolumePim;
- if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPim, &VolumeTrueCryptMode, "ENTER_HEADER_BACKUP_PASSWORD", FALSE))
+ if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPim, "ENTER_HEADER_BACKUP_PASSWORD", FALSE))
{
nStatus = ERR_SUCCESS;
goto ret;
@@ -10988,7 +11433,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
if (type == TC_VOLUME_TYPE_HIDDEN)
headerOffsetBackupFile += (legacyBackup ? TC_VOLUME_HEADER_SIZE_LEGACY : TC_VOLUME_HEADER_SIZE);
- nStatus = ReadVolumeHeader (FALSE, buffer + headerOffsetBackupFile, &VolumePassword, VolumePkcs5, VolumePim, VolumeTrueCryptMode, &restoredCryptoInfo, NULL);
+ nStatus = ReadVolumeHeader (FALSE, buffer + headerOffsetBackupFile, &VolumePassword, VolumePkcs5, VolumePim, &restoredCryptoInfo, NULL);
if (nStatus == ERR_SUCCESS)
break;
}
@@ -11094,7 +11539,6 @@ error:
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
burn (&VolumePim, sizeof (VolumePim));
- burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
RestoreDefaultKeyFilesParam();
RandStop (FALSE);
NormalCursor();
@@ -11109,9 +11553,28 @@ void SetDriverConfigurationFlag (uint32 flag, BOOL state)
BootEncObj->SetDriverConfigurationFlag (flag, state ? true : false);
}
+void SetServiceConfigurationFlag (uint32 flag, BOOL state)
+{
+ if (BootEncObj)
+ BootEncObj->SetServiceConfigurationFlag (flag, state ? true : false);
+}
+
+void SetMemoryProtectionConfig (BOOL bEnable)
+{
+ DWORD config = bEnable? 1: 0;
+ if (BootEncObj)
+ BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config);
+}
+
+void NotifyService (DWORD dwNotifyCmd)
+{
+ if (BootEncObj)
+ BootEncObj->NotifyService (dwNotifyCmd);
+}
static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
+ static HWND hDisableMemProtectionTooltipWnd = NULL;
WORD lw = LOWORD (wParam);
switch (msg)
@@ -11145,7 +11608,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_CPU_RNG), FALSE);
}
- if (IsOSAtLeast (WIN_7) && IsRamEncryptionSupported())
+ if (IsRamEncryptionSupported())
{
CheckDlgButton (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION, (driverConfig & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? BST_CHECKED : BST_UNCHECKED);
}
@@ -11155,26 +11618,27 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION), FALSE);
}
- SYSTEM_INFO sysInfo;
- GetSystemInfo (&sysInfo);
+ CheckDlgButton (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, ReadMemoryProtectionConfig() ? BST_UNCHECKED : BST_CHECKED);
+
+ size_t cpuCount = GetCpuCount(NULL);
HWND freeCpuCombo = GetDlgItem (hwndDlg, IDC_ENCRYPTION_FREE_CPU_COUNT);
uint32 encryptionFreeCpuCount = ReadEncryptionThreadPoolFreeCpuCountLimit();
- if (encryptionFreeCpuCount > sysInfo.dwNumberOfProcessors - 1)
- encryptionFreeCpuCount = sysInfo.dwNumberOfProcessors - 1;
+ if (encryptionFreeCpuCount > (uint32) (cpuCount - 1))
+ encryptionFreeCpuCount = (uint32) (cpuCount - 1);
- for (uint32 i = 1; i < sysInfo.dwNumberOfProcessors; ++i)
+ for (uint32 i = 1; i < cpuCount; ++i)
{
wstringstream s;
s << i;
AddComboPair (freeCpuCombo, s.str().c_str(), i);
}
- if (sysInfo.dwNumberOfProcessors < 2 || encryptionFreeCpuCount == 0)
+ if (cpuCount < 2 || encryptionFreeCpuCount == 0)
EnableWindow (freeCpuCombo, FALSE);
- if (sysInfo.dwNumberOfProcessors < 2)
+ if (cpuCount < 2)
EnableWindow (GetDlgItem (hwndDlg, IDC_LIMIT_ENC_THREAD_POOL), FALSE);
if (encryptionFreeCpuCount != 0)
@@ -11185,13 +11649,28 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
SetWindowTextW (GetDlgItem (hwndDlg, IDT_LIMIT_ENC_THREAD_POOL_NOTE), GetString("LIMIT_ENC_THREAD_POOL_NOTE"));
- SetDlgItemTextW (hwndDlg, IDC_HW_AES_SUPPORTED_BY_CPU, (wstring (L" ") + (GetString (is_aes_hw_cpu_supported() ? "UISTR_YES" : "UISTR_NO"))).c_str());
+ SetDlgItemTextW (hwndDlg, IDC_HW_AES_SUPPORTED_BY_CPU, (wstring (L" ") + (GetString (HasAESNI() ? "UISTR_YES" : "UISTR_NO"))).c_str());
ToHyperlink (hwndDlg, IDC_MORE_INFO_ON_HW_ACCELERATION);
ToHyperlink (hwndDlg, IDC_MORE_INFO_ON_THREAD_BASED_PARALLELIZATION);
+
+ hDisableMemProtectionTooltipWnd = CreateToolTip (IDC_DISABLE_MEMORY_PROTECTION, hwndDlg, "DISABLE_MEMORY_PROTECTION_WARNING");
+ // make IDC_DISABLE_MEMORY_PROTECTION control fit the text so that the tooltip is shown only when mouse is over the text
+ AccommodateCheckBoxTextWidth(hwndDlg, IDC_DISABLE_MEMORY_PROTECTION);
+ // make the help button adjacent to the checkbox
+ MakeControlsContiguous(hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, IDC_DISABLE_MEMORY_PROTECTION_HELP);
}
return 0;
+ // handle message to destroy hDisableMemProtectionTooltipWnd when the dialog is closed
+ case WM_DESTROY:
+ if (hDisableMemProtectionTooltipWnd)
+ {
+ DestroyWindow (hDisableMemProtectionTooltipWnd);
+ hDisableMemProtectionTooltipWnd = NULL;
+ }
+ break;
+
case WM_COMMAND:
switch (lw)
@@ -11215,6 +11694,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
BOOL enableExtendedIOCTL = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EXTENDED_IOCTL_SUPPORT);
BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD);
BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG);
+ BOOL bDisableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION);
try
{
@@ -11258,13 +11738,35 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
if (IsOSAtLeast (WIN_8_1))
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG, allowWindowsDefrag);
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_CPU_RNG, enableCpuRng);
- if (IsOSAtLeast (WIN_7))
+
+ BOOL originalRamEncryptionEnabled = (driverConfig & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION)? TRUE : FALSE;
+ if (originalRamEncryptionEnabled != enableRamEncryption)
{
- BOOL originalRamEncryptionEnabled = (driverConfig & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION)? TRUE : FALSE;
- if (originalRamEncryptionEnabled != enableRamEncryption)
- rebootRequired = true;
- SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION, enableRamEncryption);
+ if (enableRamEncryption)
+ {
+ // Disable Hibernate and Fast Startup if they are enabled
+ BOOL bHibernateEnabled, bHiberbootEnabled;
+ if (GetHibernateStatus (bHibernateEnabled, bHiberbootEnabled))
+ {
+ if (bHibernateEnabled)
+ {
+ BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Control\\Power", L"HibernateEnabled", 0);
+ }
+
+ if (bHiberbootEnabled)
+ {
+ BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Power", L"HiberbootEnabled", 0);
+ }
+ }
+ }
+ rebootRequired = true;
}
+ SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION, enableRamEncryption);
+
+ BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig();
+ if(originalDisableMemoryProtection != bDisableMemoryProtection)
+ rebootRequired = true;
+ SetMemoryProtectionConfig (!bDisableMemoryProtection);
DWORD bytesReturned;
if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL))
@@ -11338,10 +11840,46 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
BOOL enableRamEncryption = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION);
if (originalRamEncryptionEnabled != enableRamEncryption)
+ {
+ if (enableRamEncryption)
+ {
+ // check if Hibernate or Fast Startup are enabled
+ BOOL bHibernateEnabled, bHiberbootEnabled;
+ if (GetHibernateStatus (bHibernateEnabled, bHiberbootEnabled))
+ {
+ if (bHibernateEnabled || bHiberbootEnabled)
+ {
+ if (AskWarnYesNo ("RAM_ENCRYPTION_DISABLE_HIBERNATE", hwndDlg) == IDNO)
+ {
+ CheckDlgButton (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION, BST_UNCHECKED);
+ return 1;
+ }
+ }
+ }
+ }
Warning ("SETTING_REQUIRES_REBOOT", hwndDlg);
+ }
}
return 1;
+ case IDC_DISABLE_MEMORY_PROTECTION:
+ {
+ BOOL disableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION);
+ BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig();
+ if (disableMemoryProtection != originalDisableMemoryProtection)
+ {
+ if (disableMemoryProtection)
+ {
+ Warning ("DISABLE_MEMORY_PROTECTION_WARNING", hwndDlg);
+ }
+
+ Warning ("SETTING_REQUIRES_REBOOT", hwndDlg);
+ }
+ }
+ return 1;
+ case IDC_DISABLE_MEMORY_PROTECTION_HELP:
+ Applink ("memoryprotection");
+ return 1;
case IDC_BENCHMARK:
Benchmark (hwndDlg);
return 1;
@@ -11372,6 +11910,7 @@ static BOOL CALLBACK SecurityTokenPreferencesDlgProc (HWND hwndDlg, UINT msg, WP
LocalizeDialog (hwndDlg, "IDD_TOKEN_PREFERENCES");
SetDlgItemText (hwndDlg, IDC_PKCS11_MODULE, SecurityTokenLibraryPath);
CheckDlgButton (hwndDlg, IDC_CLOSE_TOKEN_SESSION_AFTER_MOUNT, CloseSecurityTokenSessionsAfterMount ? BST_CHECKED : BST_UNCHECKED);
+ CheckDlgButton (hwndDlg, IDC_ENABLE_EMV_SUPPORT, EMVSupportEnabled ? BST_CHECKED : BST_UNCHECKED);
SetWindowTextW (GetDlgItem (hwndDlg, IDT_PKCS11_LIB_HELP), GetString("PKCS11_LIB_LOCATION_HELP"));
@@ -11394,7 +11933,7 @@ static BOOL CALLBACK SecurityTokenPreferencesDlgProc (HWND hwndDlg, UINT msg, WP
{
try
{
- SecurityToken::CloseLibrary();
+ SecurityToken::CloseLibrary(); // TODO Use Token
}
catch (...) { }
@@ -11414,7 +11953,7 @@ static BOOL CALLBACK SecurityTokenPreferencesDlgProc (HWND hwndDlg, UINT msg, WP
}
CloseSecurityTokenSessionsAfterMount = (IsDlgButtonChecked (hwndDlg, IDC_CLOSE_TOKEN_SESSION_AFTER_MOUNT) == BST_CHECKED);
-
+ EMVSupportEnabled = (IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EMV_SUPPORT) == BST_CHECKED);
WaitCursor ();
SaveSettings (hwndDlg);
NormalCursor ();
@@ -11518,9 +12057,6 @@ static BOOL CALLBACK DefaultMountParametersDlgProc (HWND hwndDlg, UINT msg, WPAR
{
LocalizeDialog (hwndDlg, "IDD_DEFAULT_MOUNT_PARAMETERS");
- SendMessage (GetDlgItem (hwndDlg, IDC_TRUECRYPT_MODE), BM_SETCHECK,
- DefaultVolumeTrueCryptMode ? BST_CHECKED:BST_UNCHECKED, 0);
-
/* Populate the PRF algorithms list */
int i, nIndex, defaultPrfIndex = 0;
HWND hComboBox = GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID);
@@ -11554,25 +12090,14 @@ static BOOL CALLBACK DefaultMountParametersDlgProc (HWND hwndDlg, UINT msg, WPAR
case IDOK:
{
int pkcs5 = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
- BOOL truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
- /* check that PRF is supported in TrueCrypt Mode */
- if ( (truecryptMode)
- && (!is_pkcs5_prf_supported(pkcs5, TRUE, PRF_BOOT_NO))
- )
- {
- Error ("ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
- }
- else
- {
- WaitCursor ();
- DefaultVolumeTrueCryptMode = truecryptMode;
- DefaultVolumePkcs5 = pkcs5;
- SaveSettings (hwndDlg);
+ WaitCursor ();
+ DefaultVolumePkcs5 = pkcs5;
- NormalCursor ();
- EndDialog (hwndDlg, lw);
- }
+ SaveSettings (hwndDlg);
+
+ NormalCursor ();
+ EndDialog (hwndDlg, lw);
return 1;
}
@@ -11592,6 +12117,8 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
WORD lw = LOWORD (wParam);
static std::string platforminfo;
+ static byte currentUserConfig;
+ static string currentCustomUserMessage;
switch (msg)
{
@@ -11609,6 +12136,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
LocalizeDialog (hwndDlg, "IDD_SYSENC_SETTINGS");
uint32 driverConfig = ReadDriverConfigurationFlags();
+ uint32 serviceConfig = ReadServiceConfigurationFlags();
byte userConfig;
string customUserMessage;
uint16 bootLoaderVersion = 0;
@@ -11616,8 +12144,27 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE;
BOOL bBlockSysEncTrimEnabled = (driverConfig & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)? TRUE : FALSE;
BOOL bClearKeysEnabled = (driverConfig & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)? TRUE : FALSE;
+ BOOL bAutoFixBootloader = (serviceConfig & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER)? FALSE : TRUE;
+ BOOL bForceVeraCryptNextBoot = FALSE;
+ BOOL bForceSetVeraCryptBootEntry = TRUE;
+ BOOL bForceVeraCryptFirstEntry = TRUE;
+ if (bSystemIsGPT)
+ {
+ bForceVeraCryptNextBoot = (serviceConfig & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT)? TRUE : FALSE;
+ bForceSetVeraCryptBootEntry = (serviceConfig & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY)? FALSE : TRUE;
+ bForceVeraCryptFirstEntry = (serviceConfig & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY)? FALSE : TRUE;
+ }
+
BOOL bIsHiddenOS = IsHiddenOSRunning ();
+ if (bClearKeysEnabled)
+ {
+ // the clear keys option works only if the service is running
+ if (!BootEncObj->IsSystemFavoritesServiceRunning())
+ bClearKeysEnabled = false;
+ }
+
+
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
{
// operations canceled
@@ -11625,6 +12172,10 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
return 1;
}
+ // we store current configuration in order to be able to detect if user changed it or not after clicking OK
+ currentUserConfig = userConfig;
+ currentCustomUserMessage = customUserMessage;
+
if (bootLoaderVersion != VERSION_NUM)
Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
@@ -11668,6 +12219,25 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
}
else
CheckDlgButton (hwndDlg, IDC_BLOCK_SYSENC_TRIM, bBlockSysEncTrimEnabled ? BST_CHECKED : BST_UNCHECKED);
+
+ CheckDlgButton (hwndDlg, IDC_UPDATE_BOOTLOADER_ON_SHUTDOWN, bAutoFixBootloader? BST_CHECKED : BST_UNCHECKED);
+ if (bSystemIsGPT)
+ {
+ if (!bAutoFixBootloader || bIsHiddenOS)
+ {
+ // we disable other options if updating bootloader is not allowed or if hidden OS us running
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_NEXT_BOOT_VERACRYPT), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_BOOT_ENTRY), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY), FALSE);
+ }
+
+ if (!bIsHiddenOS)
+ {
+ CheckDlgButton (hwndDlg, IDC_FORCE_NEXT_BOOT_VERACRYPT, bForceVeraCryptNextBoot? BST_CHECKED : BST_UNCHECKED);
+ CheckDlgButton (hwndDlg, IDC_FORCE_VERACRYPT_BOOT_ENTRY, bForceSetVeraCryptBootEntry? BST_CHECKED : BST_UNCHECKED);
+ CheckDlgButton (hwndDlg, IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY, bForceVeraCryptFirstEntry? BST_CHECKED : BST_UNCHECKED);
+ }
+ }
}
catch (Exception &e)
{
@@ -11694,13 +12264,19 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
try
{
- std::string dcsprop = ReadESPFile (L"\\EFI\\VeraCrypt\\DcsProp", true);
+ std::string currentDcsprop = ReadESPFile (L"\\EFI\\VeraCrypt\\DcsProp", true);
+ std::string dcsprop = currentDcsprop;
while (TextEditDialogBox(FALSE, hwndDlg, GetString ("BOOT_LOADER_CONFIGURATION_FILE"), dcsprop) == IDOK)
{
- if (validateDcsPropXml (dcsprop.c_str()))
+ const char* dcspropContent = dcsprop.c_str();
+ if (0 == strcmp(dcspropContent, currentDcsprop.c_str()))
+ {
+ break;
+ }
+ else if (validateDcsPropXml (dcspropContent))
{
- WriteESPFile (L"\\EFI\\VeraCrypt\\DcsProp", (LPBYTE) dcsprop.c_str(), (DWORD) dcsprop.size(), true);
+ WriteESPFile (L"\\EFI\\VeraCrypt\\DcsProp", (LPBYTE) dcspropContent, (DWORD) strlen (dcspropContent), true);
break;
}
else
@@ -11738,17 +12314,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
if (!bSystemIsGPT)
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
- byte userConfig;
- try
- {
- if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig))
- return 1;
- }
- catch (Exception &e)
- {
- e.Show (hwndDlg);
- return 1;
- }
+ byte userConfig = currentUserConfig;
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT))
userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
@@ -11757,22 +12323,22 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
if (bSystemIsGPT)
{
- if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
- userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+ if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
+ userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
}
else
{
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
- userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
+ userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
- if (!IsDlgButtonChecked (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS))
- userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
+ if (!IsDlgButtonChecked (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS))
+ userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
}
try
@@ -11781,13 +12347,55 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM);
BOOL bClearKeysEnabled = IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION);
- BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
+
+ BOOL bAutoFixBootloader = IsDlgButtonChecked (hwndDlg, IDC_UPDATE_BOOTLOADER_ON_SHUTDOWN);
+ BOOL bForceVeraCryptNextBoot = FALSE;
+ BOOL bForceSetVeraCryptBootEntry = TRUE;
+ BOOL bForceVeraCryptFirstEntry = TRUE;
+ if (bSystemIsGPT)
+ {
+ bForceVeraCryptNextBoot = IsDlgButtonChecked (hwndDlg, IDC_FORCE_NEXT_BOOT_VERACRYPT);
+ bForceSetVeraCryptBootEntry = IsDlgButtonChecked (hwndDlg, IDC_FORCE_VERACRYPT_BOOT_ENTRY);
+ bForceVeraCryptFirstEntry = IsDlgButtonChecked (hwndDlg, IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY);
+ }
+
+ if (bClearKeysEnabled && !BootEncObj->IsSystemFavoritesServiceRunning())
+ {
+ // the system favorite service service should be running
+ // if it is not the case, report a failure and quit
+ std::string techInfo = SRC_POS;
+ techInfo += "\nIsSystemFavoritesServiceRunning = False.";
+ ReportUnexpectedState (techInfo.c_str());
+ return 1;
+ }
+
+ // only write boot configuration if something changed
+ if ((userConfig != currentUserConfig) || (!bSystemIsGPT && (customUserMessage != currentCustomUserMessage)))
+ BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
+
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));
+ if (bClearKeysEnabled)
+ NotifyService (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION);
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, bClearKeysEnabled);
- if (!IsHiddenOSRunning ()) /* we don't need to update TRIM config for hidden OS since it's always blocked */
+ SetServiceConfigurationFlag (VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER, bAutoFixBootloader? FALSE : TRUE);
+ if (!IsHiddenOSRunning ())
+ {
+ /* we don't need to update TRIM config for hidden OS since it's always blocked */
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_BLOCK_SYS_TRIM, bBlockSysEncTrimEnabled);
+
+ if (bSystemIsGPT)
+ {
+ if (bAutoFixBootloader)
+ {
+ /* we update bootloader settings only if the autofix option is enabled */
+ SetServiceConfigurationFlag (VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT, bForceVeraCryptNextBoot);
+ SetServiceConfigurationFlag (VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY, bForceSetVeraCryptBootEntry? FALSE : TRUE);
+ SetServiceConfigurationFlag (VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY, bForceVeraCryptFirstEntry? FALSE : TRUE);
+ }
+ }
+ }
}
catch (Exception &e)
{
@@ -11833,10 +12441,39 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
case IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION:
if (IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION))
{
- Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
+ if (!BootEncObj->IsSystemFavoritesServiceRunning())
+ {
+ // the system favorite service service should be running
+ // if it is not the case, report a failure
+ std::string techInfo = SRC_POS;
+ techInfo += "\nIsSystemFavoritesServiceRunning = False.";
+ ReportUnexpectedState (techInfo.c_str());
+
+ CheckDlgButton (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, BST_UNCHECKED);
+ }
+ else
+ Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
}
break;
+
+ case IDC_UPDATE_BOOTLOADER_ON_SHUTDOWN:
+ if (bSystemIsGPT && !IsHiddenOSRunning ())
+ {
+ if (IsDlgButtonChecked (hwndDlg, IDC_UPDATE_BOOTLOADER_ON_SHUTDOWN))
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_NEXT_BOOT_VERACRYPT), TRUE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_BOOT_ENTRY), TRUE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY), TRUE);
+ }
+ else
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_NEXT_BOOT_VERACRYPT), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_BOOT_ENTRY), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY), FALSE);
+ }
+ }
+ break;
}
return 0;
}
@@ -11845,7 +12482,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
}
-void MountSelectedVolume (HWND hwndDlg, BOOL mountWithOptions)
+void MountSelectedVolume (HWND hwndDlg, BOOL mountWithOptions, BOOL skipCachedPasswords)
{
if (!VolumeSelected(hwndDlg))
{
@@ -11854,6 +12491,7 @@ void MountSelectedVolume (HWND hwndDlg, BOOL mountWithOptions)
else if (LOWORD (GetSelectedLong (GetDlgItem (hwndDlg, IDC_DRIVELIST))) == TC_MLIST_ITEM_FREE)
{
mountOptions = defaultMountOptions;
+ mountOptions.SkipCachedPasswords = skipCachedPasswords;
bPrebootPasswordDlgMode = FALSE;
if (mountWithOptions || GetAsyncKeyState (VK_CONTROL) < 0)