Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

number /= 10;

}

str[pos] = (char) (number % 10) + '0';

while (pos >= 0)

PrintChar (str[pos--]);

}

mov asciiCode, al

mov scan, ah

}

if (scanCode)

*scanCode = scan;

if (scanCode == TC_BIOS_KEY_ENTER)

break;

if (scanCode == TC_BIOS_KEY_ESC)

return 0;

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

; Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

; by the TrueCrypt License 3.0.

;

; and all other portions of this file are Copyright (c) 2013-2016 IDRIX

; and are governed by the Apache License 2.0 the full text of which is

; contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

{

Print (message);

Print (": ");

if (hex)

PrintHex (value);

else

Print (value);

if (newLine)

PrintEndl();

}

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#define TC__BOOT_LOADER_SEGMENT TC_HEX (9000) // Some buggy BIOS routines fail if CS bits 0-10 are not zero

#if TC__BOOT_MEMORY_REQUIRED <= 32

#else

#endif

#define TC__COM_EXECUTABLE_OFFSET TC_HEX (100)

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

dapPacket.Sector = sector;

byte function = write ? 0x43 : 0x42;

BiosResult result;

byte tryCount = TC_MAX_BIOS_DISK_IO_RETRIES;

BiosResult result;

uint16 codeSeg;

__asm mov codeSeg, cs

result = ReadSectors (BootStarted ? codeSeg : TC_BOOT_LOADER_ALT_SEGMENT, (uint16) buffer, drive, sector, sectorCount, silent);

// Alternative segment is used to prevent memory corruption caused by buggy BIOSes

PartitionEntryMBR mbrPartitions[4];

memcpy (mbrPartitions, mbr->Partitions, sizeof (mbrPartitions));

size_t partitionArrayPos = 0, partitionNumber;

for (partitionNumber = 0;

partitionNumber < array_capacity (mbrPartitions) && partitionArrayPos < partitionArrayCapacity;

++partitionNumber)

{

const PartitionEntryMBR &partEntry = mbrPartitions[partitionNumber];

if (partEntry.SectorCountLBA > 0)

{

Partition &partition = partitionArray[partitionArrayPos];

PrintError (TC_BOOT_STR_NO_BOOT_PARTITION);

return false;

}

return true;

}

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Print ((BootSectorFlags & TC_BOOT_CFG_MASK_HIDDEN_OS_CREATION_PHASE) != TC_HIDDEN_OS_CREATION_PHASE_NONE

? "Boot Non-Hidden System (Boot Manager)"

: "Skip Authentication (Boot Manager)");

#else // TC_WINDOWS_BOOT_RESCUE_DISK_MODE

Print ("Skip Authentication (Boot Manager)");

ClearBiosKeystrokeBuffer();

PrintEndl();

break;

case TC_BIOS_KEY_BACKSPACE:

ClearBiosKeystrokeBuffer();

PrintEndl();

return TC_BIOS_KEY_ENTER;

case TC_BIOS_KEY_BACKSPACE:

pim = 10*pim + (asciiCode - '0');

pos++;

if (hidePassword) asciiCode = '*';

if (pos < MAX_PIM)

PrintChar (asciiCode);

int volumeType;

bool hiddenVolume;

uint64 headerSec;

AcquireSectorBuffer();

for (volumeType = 1; volumeType <= 2; ++volumeType)

EncryptedVirtualPartition.Drive = BootDrive;

EncryptedVirtualPartition.StartSector = BootCryptoInfo->EncryptedAreaStart >> TC_LB_SIZE_BIT_SHIFT_DIVISOR;

PimValueOrHiddenVolumeStartUnitNo = EncryptedVirtualPartition.StartSector;

HiddenVolumeStartSector = PartitionFollowingActive.StartSector;

HiddenVolumeStartSector += EncryptedVirtualPartition.StartSector;

if (!MountVolume (BootDrive, exitKey, PreventNormalSystemBoot, false))

return exitKey;

if (!CheckMemoryRequirements ())

goto err;

EncryptDataUnits (SectorBuffer, &s, 1, BootCryptoInfo);

CopyMemory (SectorBuffer, TC_BOOT_LOADER_BUFFER_SEGMENT, i * TC_LB_SIZE, TC_LB_SIZE);

ReleaseSectorBuffer();

DecryptDataUnits (SectorBuffer, &s, 1, BootCryptoInfo);

CopyMemory (SectorBuffer, TC_BOOT_LOADER_BUFFER_SEGMENT, i * TC_LB_SIZE, TC_LB_SIZE);

ReleaseSectorBuffer();

exitKey = BootEncryptedDrive();

#else // TC_WINDOWS_BOOT_RESCUE_DISK_MODE

PrintMainMenu();

exitKey = BootEncryptedDrive();

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

push TC_BOOT_LOADER_ALT_SEGMENT

pop es

mov di, 0

int 0x15

jnc no_carry

mov carry, true

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

; Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

; by the TrueCrypt License 3.0.

;

; and all other portions of this file are Copyright (c) 2013-2016 IDRIX

; and are governed by the Apache License 2.0 the full text of which is

; contained in the file License.txt included in VeraCrypt binary and source

loader_name_msg:

db ' VeraCrypt Boot Loader', 13, 10, 0

main:

xor ax, ax

mov ds, ax

mov ss, ax

; Check available memory

cmp word ptr [ds:413h], TC_BOOT_LOADER_SEGMENT / 1024 * 16 + TC_BOOT_MEMORY_REQUIRED

jge memory_ok

mov ax, TC_BOOT_LOADER_SEGMENT_LOW

cmp word ptr [ds:413h], TC_BOOT_LOADER_SEGMENT_LOW / 1024 * 16 + TC_BOOT_MEMORY_REQUIRED

jge memory_ok

; Insufficient memory

mov ax, TC_BOOT_LOADER_LOWMEM_SEGMENT

mov cx, TC_BOOT_MEMORY_REQUIRED * 1024 - TC_COM_EXECUTABLE_OFFSET - 1

cld

rep stosb

mov ax, es

sub ax, TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE / 16 ; Decompressor segment

mov es, ax

; Load decompressor

mov cl, TC_BOOT_LOADER_DECOMPRESSOR_START_SECTOR

retry_backup:

mov cx, TC_BOOT_LOADER_DECOMPRESSOR_SECTOR_COUNT * TC_LB_SIZE

call checksum

push ebx

; Load compressed boot loader

mov bx, TC_BOOT_LOADER_COMPRESSED_BUFFER_OFFSET

mov cl, TC_BOOT_LOADER_START_SECTOR

mov al, TC_MAX_BOOT_LOADER_SECTOR_COUNT

test backup_loader_used, 1

jz non_backup

mov al, TC_BOOT_LOADER_BACKUP_SECTOR_COUNT - TC_BOOT_LOADER_DECOMPRESSOR_SECTOR_COUNT

mov cl, TC_BOOT_LOADER_START_SECTOR + TC_BOOT_LOADER_BACKUP_SECTOR_COUNT

non_backup:

call read_sectors

mov si, TC_BOOT_LOADER_COMPRESSED_BUFFER_OFFSET

mov cx, word ptr [start + TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET]

call checksum

; Verify checksum

je checksum_ok

; Checksum incorrect - try using backup if available

test backup_loader_used, 1

jnz loader_damaged

mov backup_loader_used, 1

mov cl, TC_BOOT_LOADER_DECOMPRESSOR_START_SECTOR + TC_BOOT_LOADER_BACKUP_SECTOR_COUNT

test TC_BOOT_CFG_FLAG_BACKUP_LOADER_AVAILABLE, byte ptr [start + TC_BOOT_SECTOR_CONFIG_OFFSET]

jnz retry_backup

loader_damaged:

lea si, loader_damaged_msg

call print

mov ss, ax

mov sp, TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE

sti

push dx

; Decompress boot loader

mov cx, word ptr [start + TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET]

sub cx, TC_GZIP_HEADER_SIZE

add sp, 8

pop dx

; Restore boot sector segment

push cs

pop ds

; DH = boot sector flags

mov dh, byte ptr [start + TC_BOOT_SECTOR_CONFIG_OFFSET]

; Set up boot loader segment

mov ax, es

add ax, TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE / 16

push es

push TC_COM_EXECUTABLE_OFFSET

retf

; Print string

print:

xor bx, bx

mov ah, 0eh

cld

@@: lodsb

test al, al

jz print_end

int 10h

jmp @B

mov ah, 2

int 13h

jnc read_ok

lea si, disk_error_msg

call print

read_ok:

ret

; Calculate checksum

checksum:

push ds

pop ds

xor eax, eax

cld

@@: lodsb

add ebx, eax

rol ebx, 1

loop @B

pop ds

ret

backup_loader_used db 0

disk_error_msg db 'Disk error', 13, 10, 7, 0

loader_damaged_msg db 7, 'Loader damaged! Repair with Rescue Disk', 0

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

if (ReEntryCount == 0 && drive == EncryptedVirtualPartition.Drive)

{

BiosResult result;

if (function == 0x3)

result = WriteEncryptedSectors (regs.ES, regs.BX, drive, sector, sectorCount);

else

case 0x43: // Write sectors LBA

{

byte drive = (byte) regs.DX;

BiosLbaPacket lba;

CopyMemory (regs.DS, regs.SI, (byte *) &lba, sizeof (lba));

if (ReEntryCount == 0 && drive == EncryptedVirtualPartition.Drive)

{

BiosResult result;

uint16 segment = (uint16) (lba.Buffer >> 16);

uint16 offset = (uint16) lba.Buffer;

popf

leave

add sp, 2

pass15:

popad

pushf

cmp ax, 0xe820 // Get system memory map

je filter

popf

leave

jmp cs:OriginalInt15Handler

// Save original INT 13 handler

xor ax, ax

mov es, ax

mov si, 0x13 * 4

lea di, OriginalInt13Handler

mov [di], ax

mov ax, es:[si + 2]

mov [di + 2], ax

// Install INT 13 filter

lea ax, Int13FilterEntry

mov es:[si], ax

mov es:[si + 2], cs

// Save original INT 15 handler

lea di, OriginalInt15Handler

mov ax, es:[si]

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

# Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

# by the TrueCrypt License 3.0.

#

# and all other portions of this file are Copyright (c) 2013-2016 IDRIX

# and are governed by the Apache License 2.0 the full text of which is

# contained in the file License.txt included in VeraCrypt binary and source

set INCLUDE=.

set LIB=.

set LIBPATH=.

clean:

-del /q /s $(OBJDIR) >NUL:

$(CC) $(CFLAGS) /c "$(SRCDIR)\$<"

set PATH=$(ENVPATH)

cd ..

{..\..\Common}.c{$(OUTDIR)}.obj:

cd $(OBJDIR)

set PATH=.

$(CC) $(CFLAGS) /c "$(SRCDIR)\$<"

set PATH=$(ENVPATH)

cd ..

.cpp{$(OUTDIR)}.obj:

cd $(OBJDIR)

set PATH=.

$(CC) $(CFLAGS) /D TC_ASM_PREPROCESS /P /EP "$(SRCDIR)\BootDefs.h"

set PATH=$(ENVPATH)

cd ..

$(OUTDIR)\BootSector.bin: $(OUTDIR)\BootSector.obj

cd $(OBJDIR)

$(LD) $(LFLAGS) BootSector.obj,BootSector.bin,,,, >NUL:

$(OUTDIR)\$(PROJ).$(TARGETEXT): $(OBJS)

@echo Linking...

cd $(OBJDIR)

echo >NUL: @<<$(PROJ).crf2

$(PROJ).$(TARGETEXT)

del $(PROJ).crf >NUL: 2>NUL:

for %F in ($(**F)) do @echo %F + >>$(PROJ).crf

type $(PROJ).crf2 >>$(PROJ).crf

$(LD) $(LFLAGS) @$(PROJ).crf

del $(PROJ).crf $(PROJ).crf2

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

while (shiftCount--)

{

r.LowPart >>= 1;

if ((byte) r.HighPart & 1)

r.LowPart |= 0x80000000UL;

uint64 operator<< (const uint64 &a, int shiftCount)

{

uint64 r = a;

while (shiftCount--)

r += r;

a += b;

a -= b;

++a;

b = b + (uint32) 1UL;

c = (a - ((a + b) >> 32) - (uint32) 1UL);

{

uint64 end1 = start1 + length1 - 1UL;

uint64 intersectEnd = (end1 <= end2) ? end1 : end2;

uint64 intersectStart = (start1 >= start2) ? start1 : start2;

if (intersectStart > intersectEnd)

return false;

return (intersectEnd + 1UL - intersectStart).LowPart != 0;

}

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#define TC_ASM_EMIT(A,B) __asm _emit 0x##A __asm _emit 0x##B

#define TC_ASM_EMIT3(A,B,C) __asm _emit 0x##A __asm _emit 0x##B __asm _emit 0x##C

#define TC_ASM_MOV_EAX_DI TC_ASM_EMIT3 (66, 8B, 05)

#define TC_ASM_MOV_EBX_DI TC_ASM_EMIT3 (66, 8B, 1D)

# Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

# by the TrueCrypt License 3.0.

#

# and all other portions of this file are Copyright (c) 2013-2016 IDRIX

# and are governed by the Apache License 2.0 the full text of which is

# contained in the file License.txt included in VeraCrypt binary and source

%.txt.h: %.txt

@echo Converting $(<F)

$(OD_BIN) $< | $(TR_SED_BIN) >$@

%.bmp.h: %.bmp

@echo Converting $(<F)

$(OD_BIN) $< | $(TR_SED_BIN) >$@

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

{

public:

RefCount (1), ServerLockCount (0), MessageThreadId (messageThreadId) { }

~TrueCryptFactory () { }

virtual ULONG STDMETHODCALLTYPE AddRef ()

{

return InterlockedIncrement (&RefCount) - 1;

AddRef ();

return S_OK;

}

virtual HRESULT STDMETHODCALLTYPE CreateInstance (IUnknown *pUnkOuter, REFIID riid, void **ppvObject)

{

if (pUnkOuter != NULL)

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

class Elevator

{

public:

static void AddReference ()

{

++ReferenceCount;

{

result = ERROR_OUTOFMEMORY;

}

if (result != ERROR_SUCCESS)

{

SetLastError (result);

ElevatedComInstanceThreadId = GetCurrentThreadId();

}

}

#if defined (TCMOUNT)

static ITrueCryptMainCom *ElevatedComInstance;

#elif defined (VOLFORMAT)

int Elevator::ReferenceCount = 0;

#else // SETUP

class Elevator

{

public:

{

FileOpen = true;

}

{

LastError = GetLastError();

if (LastError == ERROR_ACCESS_DENIED && IsUacSupported())

{

FileOpen = true;

}

{

LastError = GetLastError ();

if (LastError == ERROR_ACCESS_DENIED && IsUacSupported())

{

if (RescueIsoImage)

delete[] RescueIsoImage;

Elevator::Release();

}

if (config.SystemPartition.IsGPT)

throw ParameterIncorrect (SRC_POS); // It is assumed that CheckRequirements() had been called

foreach (const Partition &partition, config.Partitions)

{

if (partition.Info.BootIndicator)

}

/* WARNING: Note that the partition number at the end of a device path (\Device\HarddiskY\PartitionX) must

a higer number than the third one. */

// Find the first partition physically located behind the active partition

if (activePartitionFound)

{

ProbeRealDriveSizeRequest request;

StringCchCopyW (request.DeviceName, ARRAYSIZE (request.DeviceName), DriveConfig.DrivePartition.DevicePath.c_str());

CallDriver (TC_IOCTL_PROBE_REAL_DRIVE_SIZE, &request, sizeof (request), &request, sizeof (request));

DriveConfig.DrivePartition.Info.PartitionLength = request.RealDriveSize;

return partList;

}

DISK_GEOMETRY BootEncryption::GetDriveGeometry (int driveNumber)

{

return geometry;

}

wstring BootEncryption::GetWindowsDirectory ()

{

wchar_t buf[MAX_PATH];

throw_sys_if (GetSystemDirectory (buf, ARRAYSIZE (buf)) == 0);

return wstring (buf);

}

// Note that this does not require admin rights (it just requires the driver to be running)

bool BootEncryption::IsBootLoaderOnDrive (wchar_t *devicePath)

{

{

OPEN_TEST_STRUCT openTestStruct;

memset (&openTestStruct, 0, sizeof (openTestStruct));

bool BootEncryption::IsHiddenSystemRunning ()

{

int hiddenSystemStatus;

CallDriver (TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING, nullptr, 0, &hiddenSystemStatus, sizeof (hiddenSystemStatus));

return hiddenSystemStatus != 0;

}

if (userConfig)

*userConfig = request.UserConfiguration;

if (customUserMessage)

{

request.CustomUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH] = 0;

if (userConfig)

*userConfig = 0;

if (customUserMessage)

customUserMessage->clear();

memcpy (mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, customUserMessage.c_str(), customUserMessage.size());

}

if (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)

{

// PIM for pre-boot authentication can be encoded on two bytes since its maximum

ZeroMemory (&request, sizeof (request));

request.WipeAlgorithm = wipeAlgorithm;

if (Randinit() != ERR_SUCCESS)

{

if (CryptoAPILastError == ERROR_SUCCESS)

CallDriver (TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE);

}

DecoySystemWipeStatus BootEncryption::GetDecoyOSWipeStatus ()

{

DecoySystemWipeStatus status;

device.SeekAt (0);

device.Read (mbr, sizeof (mbr));

finally_do_arg (BootEncryption *, this,

{

try

WCHAR pathBuf[MAX_PATH];

throw_sys_if (!SUCCEEDED (SHGetFolderPath (NULL, CSIDL_COMMON_APPDATA | CSIDL_FLAG_CREATE, NULL, 0, pathBuf)));

wstring path = wstring (pathBuf) + L"\\" _T(TC_APP_NAME);

CreateDirectory (path.c_str(), NULL);

throw ParameterIncorrect (SRC_POS);

Buffer imageBuf (RescueIsoImageSize);

byte *image = imageBuf.Ptr();

memset (image, 0, RescueIsoImageSize);

File sysBakFile (GetSystemLoaderBackupPath(), true);

sysBakFile.CheckOpened (SRC_POS);

sysBakFile.Read (image + TC_CD_BOOTSECTOR_OFFSET + TC_ORIG_BOOT_LOADER_BACKUP_SECTOR_OFFSET, TC_BOOT_LOADER_AREA_SIZE);

image[TC_CD_BOOTSECTOR_OFFSET + TC_BOOT_SECTOR_CONFIG_OFFSET] |= TC_BOOT_CFG_FLAG_RESCUE_DISK_ORIG_SYS_LOADER;

}

catch (Exception &e)

e.Show (ParentWindow);

Warning ("SYS_LOADER_UNAVAILABLE_FOR_RESCUE_DISK", ParentWindow);

}

// Boot loader backup

CreateBootLoaderInMemory (image + TC_CD_BOOTSECTOR_OFFSET + TC_BOOT_LOADER_BACKUP_RESCUE_DISK_SECTOR_OFFSET, TC_BOOT_LOADER_AREA_SIZE, false);

UINT driveType = GetDriveType (rootPath);

// check that it is a CD/DVD drive or a removable media in case a bootable

// USB key was created from the rescue disk ISO file

{

rootPath[2] = 0; // remove trailing backslash

Buffer buffer ((verifiedSectorCount + 1) * 2048);

DWORD bytesRead = isoFile.Read (buffer.Ptr(), (DWORD) buffer.Size());

&& (memcmp (buffer.Ptr(), RescueIsoImage, buffer.Size()) == 0)

)

{

{

if (nCurrentOS == WIN_2000)

throw ErrorException ("SYS_ENCRYPTION_UNSUPPORTED_ON_CURRENT_OS", SRC_POS);

if (CurrentOSMajor == 6 && CurrentOSMinor == 0 && CurrentOSServicePack < 1)

throw ErrorException ("SYS_ENCRYPTION_UNSUPPORTED_ON_VISTA_SP0", SRC_POS);

if (!pagingFilesOk)

{

+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION")

+ L"\n\n\n"

+ GetString ("RESTRICT_PAGING_FILES_TO_SYS_PARTITION")

AbortProcessSilent();

}

+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);

}

wchar_t *configPath = GetConfigPath (L"dummy");

if (configPath && towupper (configPath[0]) != windowsDrive)

{

+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);

}

// Temporary files

if (towupper (GetTempPathString()[0]) != windowsDrive)

{

+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);

}

}

device.Read ((byte *) header, sizeof (header));

PCRYPTO_INFO cryptoInfo = NULL;

int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, FALSE, &cryptoInfo, NULL);

finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); });

UserEnrichRandomPool (hwndDlg);

WaitCursor();

techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy

to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22

times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might

SelectedEncryptionAlgorithmId = ea;

SelectedPrfAlgorithmId = pkcs5;

CreateVolumeHeader (volumeSize, encryptedAreaStart, &password, ea, mode, pkcs5, pim);

if (!rescueIsoImagePath.empty())

CreateRescueIsoImage (true, rescueIsoImagePath);

}

BootEncryptionSetupRequest request;

ZeroMemory (&request, sizeof (request));

request.SetupMode = SetupDecryption;

request.DiscardUnreadableEncryptedSectors = discardUnreadableEncryptedSectors;

BootEncryptionSetupRequest request;

ZeroMemory (&request, sizeof (request));

request.SetupMode = SetupEncryption;

request.WipeAlgorithm = wipeAlgorithm;

request.ZeroUnreadableSectors = zeroUnreadableSectors;

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#ifndef CACHE_SIZE

/* WARNING: Changing this value might not be safe (some items may be hard coded for 4)! Inspection necessary. */

#endif

extern int cacheEmpty;

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

StringCchCatW (tmp, 8192, L"\nExamples:\n\nMount a volume as X:\tveracrypt.exe /q /v volume.hc /l X\nDismount a volume X:\tveracrypt.exe /q /d X");

SetWindowTextW (GetDlgItem (hwndDlg, IDC_COMMANDHELP_TEXT), tmp);

TCfree(tmp);

return 1;

}

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

{

wchar_t szTmp[MAX_PATH] = { 0 };

wchar_t wszVolume[MAX_PATH] = {0};

if (i < count)

{

if (SendMessage (hComboBox, CB_GETLBTEXTLEN, nComboIdx[i], 0) < ARRAYSIZE (szTmp))

for (i = 0; i < SIZEOF_MRU_LIST; i++)

{

wchar_t szTmp[MAX_PATH] = { 0 };

if (SendMessage (hComboBox, CB_GETLBTEXTLEN, nComboIdx[i], 0) < ARRAYSIZE (szTmp))

SendMessage (hComboBox, CB_GETLBTEXT, nComboIdx[i], (LPARAM) & szTmp[0]);

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

//

#ifdef APSTUDIO_INVOKED

BEGIN

IDD_ABOUT_DLG, DIALOG

BEGIN

// TEXTINCLUDE

//

BEGIN

"resource.h\0"

END

BEGIN

"#include ""afxres.h""\r\n"

"\0"

END

BEGIN

"\r\n"

"\0"

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/* CRC polynomial 0x04c11db7 */

unsigned __int32 crc_32_tab[]=

0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,

0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,

0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

case SERPENT:

serpent_set_key (key, ks);

break;

case TWOFISH:

twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key);

break;

{

switch (cipher)

{

// In 32-bit kernel mode, due to KeSaveFloatingPointState() overhead, AES instructions can be used only when processing the whole data unit.

#if (defined (_WIN64) || !defined (TC_WINDOWS_DRIVER)) && !defined (TC_WINDOWS_BOOT)

if (IsAesHwCpuSupported())

/* Note: XTS mode could potentially be initialized with a weak key causing all blocks in one data unit

on the volume to be tweaked with zero tweaks (i.e. 512 bytes of the volume would be encrypted in ECB

mode). However, to create a TrueCrypt volume with such a weak key, each human being on Earth would have

that the size of each of the volumes is 1024 terabytes). */

break;

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

int c, i = 0;

while (c = EncryptionAlgorithms[ea].Modes[i++])

{

return EncryptionAlgorithms[ea].Modes[i];

}

int c, i = 0;

while (c = EncryptionAlgorithms[ea].Ciphers[i++])

{

return EncryptionAlgorithms[ea].Ciphers[i];

}

while (c = EncryptionAlgorithms[ea].Ciphers[i++])

{

return EncryptionAlgorithms[ea].Ciphers[i - 2];

}

// EncryptBuffer

//

// buf: data to be encrypted; the start of the buffer is assumed to be aligned with the start of a data unit.

// by the largest block size used within the cascade)

void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo)

{

}

break;

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

}

break;

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

// DecryptBuffer

//

// buf: data to be decrypted; the start of the buffer is assumed to be aligned with the start of a data unit.

// by the largest block size used within the cascade)

void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo)

{

}

break;

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

}

break;

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

if (IsAesHwCpuSupported())

aes_hw_cpu_encrypt ((byte *) ks, data);

else

#elif defined (TC_WINDOWS_BOOT_SERPENT)

serpent_encrypt (data, data, ks);

#elif defined (TC_WINDOWS_BOOT_TWOFISH)

if (IsAesHwCpuSupported())

aes_hw_cpu_decrypt ((byte *) ks + sizeof (aes_encrypt_ctx) + 14 * 16, data);

else

#elif defined (TC_WINDOWS_BOOT_SERPENT)

serpent_decrypt (data, data, ks);

#elif defined (TC_WINDOWS_BOOT_TWOFISH)

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#define MASTER_KEYDATA_SIZE 256

// The first PRF to try when mounting

enum

{

SHA512 = FIRST_PRF_ID,

};

// The last PRF to try when mounting and also the number of implemented PRFs

#define RIPEMD160_BLOCKSIZE 64

#define RIPEMD160_DIGESTSIZE 20

{

NONE = 0,

AES,

TWOFISH

};

#ifndef TC_WINDOWS_BOOT

uint16 HeaderVersion;

unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */

unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */

unsigned __int8 salt[PKCS5_SALT_SIZE];

BOOL bTrueCryptMode;

int volumePim;

BOOL bProtectHiddenVolume; // Indicates whether the volume contains a hidden volume to be protected against overwriting

BOOL bHiddenVolProtectionAction; // TRUE if a write operation has been denied by the driver in order to prevent the hidden volume from being overwritten (set to FALSE upon volume mount).

uint64 volDataAreaOffset; // Absolute position, in bytes, of the first data sector of the volume.

uint64 hiddenVolumeSize; // Size of the hidden volume excluding the header (in bytes). Set to 0 for standard volumes.

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

void *GetDictionaryValue (const char *key)

{

map <string, void *>::const_iterator i = StringKeyMap.find (key);

if (i == StringKeyMap.end())

return NULL;

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

BOOL bHistory = FALSE;

// 0 - Unknown/undetermined/completed, 1: Detection is or was in progress (but did not complete e.g. due to system crash).

OSVersionEnum nCurrentOS = WIN_UNKNOWN;

int CurrentOSMajor = 0;

BOOL bInPlaceEncNonSysPending = FALSE; // TRUE if the non-system in-place encryption config file indicates that one or more partitions are scheduled to be encrypted. This flag is set only when config files are loaded during app startup.

BOOL PimEnable = FALSE;

BOOL KeyFilesEnable = FALSE;

KeyFile *FirstKeyFile = NULL;

HANDLE hDriver = INVALID_HANDLE_VALUE;

/* This mutex is used to prevent multiple instances of the wizard or main app from dealing with system encryption */

/* This mutex is used for non-system in-place encryption but only for informative (non-blocking) purposes,

such as whether an app should prompt the user whether to resume scheduled process. */

/* This value may changed only by calling ChangeSystemEncryptionStatus(). Only the wizard can change it

(others may still read it though). */

/* Only the wizard can change this value (others may only read it). */

WipeAlgorithmId nWipeMode = TC_WIPE_NONE;

#error PKCS5_BENCHMARKS and HASH_FNC_BENCHMARKS are both TRUE (at least one of them should be FALSE).

#endif

{

BENCHMARK_SORT_BY_NAME = 0,

BENCHMARK_SORT_BY_SPEED

};

{

int id;

wchar_t name[100];

#endif // #ifndef SETUP

{

void *strings;

BOOL bold;

/* Close the device driver handle */

if (hDriver != INVALID_HANDLE_VALUE)

{

if (IsNonInstallMode ())

{

// If a dismount was forced in the lifetime of the driver, Windows may later prevent it to be loaded again from

DWORD handleWin32Error (HWND hwndDlg, const char* srcPos)

{

PWSTR lpMsgBuf;

wchar_t szErrorValue[32];

wchar_t* pszDesc;

{

SIZE sizes;

TEXTMETRIC textMetrics;

SelectObject(hdc, (HGDIOBJ) hFont);

GetTextMetrics(hdc, &textMetrics); // Necessary for non-TrueType raster fonts (tmOverhang)

return ((int) sizes.cx - (int) textMetrics.tmOverhang);

}

int GetTextGfxHeight (HWND hwndDlgItem, const wchar_t *text, HFONT hFont)

{

SIZE sizes;

SelectObject(hdc, (HGDIOBJ) hFont);

GetTextExtentPoint32W (hdc, text, (int) wcslen (text), &sizes);

return ((int) sizes.cy);

}

rect.right = width;

rect.bottom = LONG_MAX;

SelectObject (hdc, (HGDIOBJ) hFont);

wchar_t pathBuf[TC_MAX_PATH];

if (DrawText (hdc, pathBuf, (int) path.size(), &rect, DT_CALCRECT | DT_MODIFYSTRING | DT_PATH_ELLIPSIS | DT_SINGLELINE) != 0)

newPath = pathBuf;

return newPath;

}

width = GetTextGfxWidth (hwndCtrl, text, hFont);

height = GetTextGfxHeight (hwndCtrl, text, hFont);

origWidth = rec.right;

origHeight = rec.bottom;

if (width >= 0

{

horizSubOffset = origWidth - width;

vertSubOffset = origHeight - height;

alignPosDiff = horizSubOffset / 2;

else if (windowInfo.dwStyle & SS_RIGHT)

alignPosDiff = horizSubOffset;

// Resize/move

if (alignPosDiff > 0)

{

// Protects an input field from having its content updated by a Paste action. Used for pre-boot password

// user from pasting a password typed using a non-US keyboard layout).

void ToBootPwdField (HWND hwndDlg, UINT ctrlId)

{

if (hDC)

{

ScreenDPI = GetDeviceCaps (hDC, LOGPIXELSY);

}

DPIScaleFactorX = 1;

if (ScreenDPI != USER_DEFAULT_SCREEN_DPI)

{

// actual screen DPI is redundant and leads to incorrect results. What really matters here is

// how Windows actually renders our GUI. This is determined by comparing the expected and current

// sizes of a hidden calibration text field.

GetClientRect (GetDlgItem (hwndDlg, IDC_ABOUT_LOGO_AREA), &rec);

SetWindowPos (GetDlgItem (hwndDlg, IDC_ABOUT_BKG), HWND_TOP, 0, 0, rec.right, rec.bottom, SWP_NOMOVE);

if (ScreenDPI != USER_DEFAULT_SCREEN_DPI)

{

// Logo (must recreate and keep the original aspect ratio as Windows distorts it)

void ProcessPaintMessages (HWND hwnd, int maxMessagesToProcess)

{

MSG paintMsg;

while (PeekMessageW (&paintMsg, hwnd, 0, 0, PM_REMOVE | PM_QS_PAINT) != 0 && msgCounter-- > 0)

{

}

If bDirectRender is FALSE and both nWidth and nHeight are zero, the width and height of hwndDest are

retrieved and adjusted according to screen DPI (the width and height of the resultant image are adjusted the

same way); furthermore, if bKeepAspectRatio is TRUE, the smaller DPI factor of the two (i.e. horiz. or vert.)

is used both for horiz. and vert. scaling (note that the overall GUI aspect ratio changes irregularly in

This function returns a handle to the scaled bitmap. When the bitmap is no longer needed, it should be

- Windows 2000 may produce slightly inaccurate colors even when source, buffer, and target are 24-bit true color. */

HBITMAP RenderBitmap (wchar_t *resource, HWND hwndDest, int x, int y, int nWidth, int nHeight, BOOL bDirectRender, BOOL bKeepAspectRatio)

{

GetObject (picture, sizeof (BITMAP), &bitmap);

if (hdcRescaled)

{

SelectObject (hdcRescaled, hbmpRescaled);

hdcSrc,

0,

0,

bitmap.bmHeight,

SRCCOPY);

wc.hCursor = NULL;

wc.hbrBackground = (HBRUSH) GetStockObject (LTGRAY_BRUSH);

wc.lpszClassName = L"VCREDTICK";

rc = (ULONG) RegisterClassW (&wc);

return rc == 0 ? FALSE : TRUE;

{

if (!bHeaderWipe)

{

}

AddComboPair (hComboBox, GetString ("WIPE_MODE_1_RAND"), TC_WIPE_1_RAND);

else

lpack[0] = 0;

sprintf (url, TC_APPLINK_SECURE "&dest=err-report%s&os=%s&osver=%d.%d.%d&arch=%s&cpus=%d&app=%s&cksum=%x&dlg=%s&err=%x&addr=%x"

, lpack

, GetWindowsEdition().c_str()

// Mutex handling to prevent multiple instances of the wizard or main app from dealing with system encryption.

BOOL CreateSysEncMutex (void)

{

return TCCreateMutex (&hSysEncMutex, TC_MUTEX_NAME_SYSENC);

}

BOOL CreateNonSysInplaceEncMutex (void)

{

return TCCreateMutex (&hNonSysInplaceEncMutex, TC_MUTEX_NAME_NONSYS_INPLACE_ENC);

// Returns TRUE if another instance of the wizard is preparing, resuming or performing non-system in-place encryption

BOOL NonSysInplaceEncInProgressElsewhere (void)

{

&& MutexExistsOnSystem (TC_MUTEX_NAME_NONSYS_INPLACE_ENC));

}

// Mutex handling to prevent multiple instances of the wizard or main app from trying to install

// or register the driver or from trying to launch it in portable mode at the same time.

BOOL CreateDriverSetupMutex (void)

{

return TCCreateMutex (&hDriverSetupMutex, TC_MUTEX_NAME_DRIVER_SETUP);

}

BOOL TCCreateMutex (volatile HANDLE *hMutex, wchar_t *name)

{

if (*hMutex != NULL)

}

BOOL MutexExistsOnSystem (wchar_t *name)

{

if (name[0] == 0)

return FALSE;

if (GetLastError () == ERROR_ACCESS_DENIED) // On Vista, this is returned if the owner of the mutex is elevated while we are not

// The call failed and it is not certain whether the mutex exists or not

return FALSE;

void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)

{

WNDCLASSW wc;

InitOSVersionInfo();

LoadSystemDll (L"Usp10.DLL", &hUsp10Dll, TRUE, SRC_POS);

LoadSystemDll (L"UXTheme.dll", &hUXThemeDll, TRUE, SRC_POS);

LoadSystemDll (L"SETUPAPI.DLL", &hSetupDll, FALSE, SRC_POS);

LoadSystemDll (L"userenv.dll", &hUserenvDll, TRUE, SRC_POS);

LoadSystemDll (L"rsaenh.dll", &hRsaenhDll, TRUE, SRC_POS);

}

if (IsOSAtLeast (WIN_VISTA))

LoadSystemDll (L"netapi32.dll", &hnetapi32dll, TRUE, SRC_POS);

LoadSystemDll (L"authz.dll", &hauthzdll, TRUE, SRC_POS);

LoadSystemDll (L"xmllite.dll", &hxmllitedll, TRUE, SRC_POS);

}

if (IsOSAtLeast (WIN_VISTA))

LoadSystemDll (L"spp.dll", &hsppdll, TRUE, SRC_POS);

LoadSystemDll (L"vssapi.dll", &vssapidll, TRUE, SRC_POS);

LoadSystemDll (L"vsstrace.dll", &hvsstracedll, TRUE, SRC_POS);

LoadSystemDll (L"cfgmgr32.dll", &hcfgmgr32dll, TRUE, SRC_POS);

LoadSystemDll (L"devobj.dll", &hdevobjdll, TRUE, SRC_POS);

LoadSystemDll (L"powrprof.dll", &hpowrprofdll, TRUE, SRC_POS);

LoadSystemDll (L"dwmapi.dll", &hdwmapidll, TRUE, SRC_POS);

LoadSystemDll (L"crypt32.dll", &hcrypt32dll, TRUE, SRC_POS);

LoadSystemDll (L"bcrypt.dll", &hbcryptdll, TRUE, SRC_POS);

}

#else

LoadSystemDll (L"WINSCARD.DLL", &hwinscarddll, TRUE, SRC_POS);

#endif

LoadSystemDll (L"COMCTL32.DLL", &hComctl32Dll, FALSE, SRC_POS);

// call InitCommonControls function

InitCommonControlsFn = (InitCommonControlsPtr) GetProcAddress (hComctl32Dll, "InitCommonControls");

ImageList_AddFn = (ImageList_AddPtr) GetProcAddress (hComctl32Dll, "ImageList_Add");

// Language

langId[0] = 0;

SetPreferredLangId (ConfigReadString ("Language", "", langId, sizeof (langId)));

if (langId[0] == 0)

{

if (IsNonInstallMode ())

}

memset (&wcex, 0, sizeof (wcex));

wcex.lpfnWndProc = (WNDPROC) NonInstallUacWndProc;

wcex.hInstance = hInstance;

wcex.lpszClassName = L"VeraCrypt";

break;

}

}

/* Get the attributes for the standard dialog class */

if ((GetClassInfoW (hInst, WINDOWS_DIALOG_CLASS, &wc)) == 0)

{

&dwResult, NULL);

// check variable driver

&& ( (driver->bDetectTCBootLoader != TRUE && driver->bDetectTCBootLoader != FALSE) ||

(driver->TCBootLoaderDetected != TRUE && driver->TCBootLoaderDetected != FALSE) ||

(driver->DetectFilesystem != TRUE && driver->DetectFilesystem != FALSE) ||

else

return FALSE;

}

return TRUE;

}

/* Stores the device path of the system partition in SysPartitionDevicePath and the device path of the system drive

in SysDriveDevicePath.

return code, you can use the global flags bSysPartitionSelected and bSysDriveSelected to see if the user

selected the system partition/device.

After this function completes successfully, the results are cached for the rest of the session and repeated

BOOL GetSysDevicePaths (HWND hwndDlg)

{

if (!bCachedSysDevicePathsValid

|| wcslen (SysDriveDevicePath) <= 1)

{

foreach (const HostDevice &device, GetAvailableHostDevices (false, true))

{

if (device.ContainsSystem)

}

if (IsOSAtLeast (WIN_7))

bCachedSysDevicePathsValid = 1;

}

&& wcslen (SysDriveDevicePath) > 1);

}

If it's FALSE and the function is called for the first time, execution may take up to one minute but the

results are reliable.

IMPORTANT: As the execution may take a very long time if called for the first time with bReliableRequired set

to TRUE, it should be called with bReliableRequired set to TRUE only before performing a dangerous

return code, you can use the global flags bSysPartitionSelected and bSysDriveSelected to see if the

user selected the system partition/device).

After this function completes successfully, the results are cached for the rest of the session, bReliableRequired

Return codes:

1 - it is the system partition path (e.g. \Device\Harddisk0\Partition1)

2 - it is the system drive path (e.g. \Device\Harddisk0\Partition0)

/* Determines whether the path points to a non-system partition on the system drive.

IMPORTANT: As this may take a very long time if called for the first time, it should be called

Return codes:

-1 - the result can't be determined, isn't reliable, or there was an error. */

int IsNonSysPartitionOnSysDrive (const wchar_t *path)

{

if (wcsncmp (tmpPath, SysDriveDevicePath, max (wcslen(tmpPath), wcslen(SysDriveDevicePath))) == 0)

{

return 1;

}

{

return 0;

}

}

LocalizeDialog (hwndDlg, "IDD_RAWDEVICES_DLG");

SendMessage (hList,LVM_SETEXTENDEDLISTVIEWSTYLE,0,

LvCol.pszText = GetString ("DEVICE");

LvCol.cx = CompensateXDPI (186);

LvCol.fmt = LVCFMT_LEFT;

SendMessage (hList,LVM_INSERTCOLUMNW,0,(LPARAM)&LvCol);

LvCol.cx = CompensateXDPI (38);

LvCol.fmt = LVCFMT_LEFT;

SendMessage (hList,LVM_INSERTCOLUMNW,1,(LPARAM)&LvCol);

// Path

if (!device.IsPartition || device.DynamicVolume)

{

&& (device.IsPartition || device.Partitions.empty() || device.Partitions[0].Size == 0)

)

continue;

if (line > 1)

{

ListItemAdd (hList, item.iItem, L"");

}

if (device.Floppy || device.DynamicVolume)

}

#endif

}

SendMessageW(hList, LVM_SETCOLUMNWIDTH, 0, MAKELPARAM(LVSCW_AUTOSIZE_USEHEADER, 0));

{

BOOL bEnableOkButton = FALSE;

LVITEM LvItem;

LvItem.iItem = ((LPNMLISTVIEW) lParam)->iItem;

LvItem.pszText = lpszFileName;

LvItem.cchTextMax = TC_MAX_PATH;

int selectedItem = ListView_GetSelectionMark (GetDlgItem (hwndDlg, IDC_DEVICELIST));

if (selectedItem == -1 || itemToDeviceMap.find (selectedItem) == itemToDeviceMap.end())

const HostDevice selectedDevice = itemToDeviceMap[selectedItem];

StringCchCopyW (lpszFileName, TC_MAX_PATH, selectedDevice.Path.c_str());

}

}

if (!selectedDevice.IsVirtualPartition

&& !bHiddenVolDirect)

{

#endif // #ifdef VOLFORMAT

}

bSysDriveSelected = FALSE;

#ifdef VOLFORMAT

if (hDriver == INVALID_HANDLE_VALUE)

return TRUE;

try

{

if (BootEncryption (NULL).GetStatus().DeviceFilterActive)

}

// Try to open a handle to the driver again (keep the mutex in case the other instance failed)

}

else

{

if (SystemEncryptionStatus != SYSENC_STATUS_NONE)

{

// This is an inconsistent state. The config file indicates system encryption should be

// the user selects "Last Known Good Configuration" from the Windows boot menu.

// To fix this, we're going to reinstall the driver, start it, and register it for boot.

return res;

bPortableModeConfirmed = TRUE;

if (hDriver != INVALID_HANDLE_VALUE)

CloseHandle (hDriver);

hDriver = CreateFile (WIN32_ROOT_PREFIX, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);

| OFN_PATHMUSTEXIST

| OFN_ALLOWMULTISELECT

| (keepHistory ? 0 : OFN_DONTADDTORECENT);

if (!keepHistory)

CleanLastVisitedMRU ();

CleanLastVisitedMRU ();

status = TRUE;

ret:

SystemFileSelectorCallPending = FALSE;

ResetCurrentDirectory();

}

{

switch(uMsg) {

{

/* WParam is TRUE since we are passing a path.

It would be FALSE if we were passing a pidl. */

break;

}

{

wchar_t szDir[TC_MAX_PATH];

/* Set the status window to the currently selected path. */

{

SendMessage (hwnd,BFFM_SETSTATUSTEXT,0,(LPARAM)szDir);

}

CoInitialize (NULL);

{

ZeroMemory (&bi, sizeof(bi));

bi.hwndOwner = hwndDlg;

bi.lParam = (LPARAM)dirName;

pidl = SHBrowseForFolderW (&bi);

{

{

bOK = TRUE;

}

// Font

SendMessageW (hwnd, WM_SETFONT, (WPARAM) font, 0);

return TRUE;

}

SetWindowTextW (hwnd, L"VeraCrypt");

else

SetWindowTextW (hwnd, GetString (stringId));

if (hUserFont != 0)

EnumChildWindows (hwnd, LocalizeDialogEnum, (LPARAM) hUserFont);

}

DWORD cbLabelLen = (DWORD) ((wcslen (effectiveLabel) + 1) * sizeof (wchar_t));

BOOL bToBeDeleted = FALSE;

if (bSetValue)

KEY_READ | KEY_WRITE | KEY_SET_VALUE, NULL, &hKey, NULL);

else

lStatus = RegOpenKeyExW (HKEY_CURRENT_USER, wszRegPath, 0, KEY_READ | KEY_WRITE | KEY_SET_VALUE, &hKey);

if (bToBeDeleted)

{

lStatus = RegOpenKeyExW (HKEY_CURRENT_USER, wszRegPath, 0, KEY_READ | KEY_WRITE | KEY_SET_VALUE, &hKey);

if (ERROR_SUCCESS == lStatus)

{

versionString.insert (version > 0xfff ? 2 : 1,L".");

if (versionString[versionString.length()-1] == L'0')

return (versionString);

}

arr.clear();

if (len %2)

return false;

for (i = 0; i < len/2; i++)

{

if (!HexToByte (*hexStr++, b1) || !HexToByte (*hexStr++, b2))

{

static wchar_t *b, *kb, *mb, *gb, *tb, *pb;

static int serNo;

if (b == NULL || serNo != LocalizationSerialNo)

{

serNo = LocalizationSerialNo;

}

break;

}

/* Render the results */

SendMessage (hList,LVM_DELETEALLITEMS,0,(LPARAM)&LvItem);

LvItem.iItem = i;

LvItem.iSubItem = 0;

LvItem.pszText = (LPWSTR) benchmarkTable[i].name;

#if PKCS5_BENCHMARKS

wcscpy (item1, L"-");

LvItem.iSubItem = 1;

LvItem.pszText = item1;

#if PKCS5_BENCHMARKS

wcscpy (item1, L"-");

LvItem.iSubItem = 2;

LvItem.pszText = item1;

#if PKCS5_BENCHMARKS

swprintf (item1, L"%d t", benchmarkTable[i].encSpeed);

LvItem.iSubItem = 3;

LvItem.pszText = item1;

}

SendMessageW(hList, LVM_SETCOLUMNWIDTH, 0, MAKELPARAM(LVSCW_AUTOSIZE_USEHEADER, 0));

typedef struct

{

HWND hBenchDlg;

} BenchmarkThreadParam;

static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg);

#if HASH_FNC_BENCHMARKS

/* Measures the speed at which each of the hash algorithms processes the message to produce

them when building a public release (the benchmark GUI strings wouldn't make sense). */

{

sha256_ctx s256ctx;

int hid;

{

if (QueryPerformanceCounter (&performanceCountStart) == 0)

goto counter_error;

#elif PKCS5_BENCHMARKS // #if HASH_FNC_BENCHMARKS

/* Measures the time that it takes for the PKCS-5 routine to derive a header key using

them when building a public release (the benchmark GUI strings wouldn't make sense). */

{

int thid, i;

char dk[MASTER_KEYDATA_SIZE];

char *tmp_salt = {"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF\x01\x23\x45\x67\x89\xAB\xCD\xEF\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF\x01\x23\x45\x67\x89\xAB\xCD\xEF\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"};

{

if (QueryPerformanceCounter (&performanceCountStart) == 0)

goto counter_error;

{

switch (thid)

{

#else // #elif PKCS5_BENCHMARKS

/* Encryption algorithm benchmarks */

for (ci->ea = EAGetFirst(); ci->ea != 0; ci->ea = EAGetNext(ci->ea))

{

if (!EAIsFormatEnabled (ci->ea))

return TRUE;

counter_error:

if (ci)

crypto_close (ci);

benchmarkSortMethod = BENCHMARK_SORT_BY_SPEED;

SendMessage (hList,LVM_SETEXTENDEDLISTVIEWSTYLE,0,

LvCol.pszText = GetString ("ALGORITHM");

LvCol.cx = CompensateXDPI (114);

LvCol.fmt = LVCFMT_LEFT;

SetTimer (hwndDlg, 0xfd, RANDPOOL_DISPLAY_REFRESH_INTERVAL, NULL);

SendMessage (GetDlgItem (hwndDlg, IDC_POOL_CONTENTS), WM_SETFONT, (WPARAM) hFixedDigitFont, (LPARAM) TRUE);

hEntropyBar = GetDlgItem (hwndDlg, IDC_ENTROPY_BAR);

SendMessage (hEntropyBar, PBM_SETRANGE32, 0, maxEntropyLevel);

SendMessage (hEntropyBar, PBM_SETSTEP, 1, 0);

else if (bUseMask)

{

/* use mask to compute a randomized ascii representation */

lastRandPool[row * RANDPOOL_DISPLAY_COLUMNS + col]) ^ maskRandPool [row * RANDPOOL_DISPLAY_COLUMNS + col];

tmp[0] = (wchar_t) (((tmpByte >> 4) % 6) + L'*');

tmp[1] = (wchar_t) (((tmpByte & 0x0F) % 6) + L'*');

SendMessage (hEntropyBar, PBM_SETSTEP, 1, 0);

SendMessage (hEntropyBar, PBM_SETSTATE, PBST_ERROR, 0);

{

handleError (hwndDlg, (CryptoAPILastError == ERROR_SUCCESS)? ERR_RAND_INIT_FAILED : ERR_CAPI_INIT_FAILED, SRC_POS);

EndDialog (hwndDlg, IDCLOSE);

else if (bUseMask)

{

/* use mask to compute a randomized ASCII representation */

lastRandPool[row * RANDPOOL_DISPLAY_COLUMNS + col]) ^ maskRandPool [row * RANDPOOL_DISPLAY_COLUMNS + col];

tmp[0] = (wchar_t) (((tmpByte >> 4) % 6) + L'*');

tmp[1] = (wchar_t) (((tmpByte & 0x0F) % 6) + L'*');

for (i= 0; i < keyfilesCount; i++)

{

StringCbCopyW(szFileName, sizeof(szFileName), szDirName);

if (i > 0)

{

StringCbPrintfW(szSuffix, sizeof(szSuffix), L"_%d", i);

NormalCursor();

return 1;

}

/* since keyfilesSize < 1024 * 1024, we mask with 0x000FFFFF */

keyfilesSize = (long) (((unsigned long) keyfilesSize) & 0x000FFFFF);

keyfilesSize += 64;

}

if (!RandgetBytesFull (hwndDlg, keyfile, keyfilesSize, TRUE, TRUE))

{

_close (fhKeyfile);

TCfree(keyfile);

NormalCursor();

return 1;

/* Write the keyfile */

status = _write (fhKeyfile, keyfile, keyfilesSize);

NormalCursor();

handleWin32Error (hwndDlg, SRC_POS);

return 1;

}

TCfree(keyfile);

WaitCursor();

KillTimer (hwndDlg, 0xfd);

RandStop (FALSE);

#endif

/* Cleanup */

{

ShowWindow(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), SW_SHOWNORMAL);

SetWindowTextW(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), GetString ("TESTS_FAILED"));

else

{

ShowWindow(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), SW_SHOWNORMAL);

inputtext[n] = (char) x;

}

// XTS

if (bXTSTestEnabled)

{

blockNo = (int) SendMessage (GetDlgItem (hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_GETCURSEL, 0, 0), 0);

} // if (bXTSTestEnabled)

/* Perform the actual tests */

{

char tmp[128];

int tmpRetVal;

return 0;

}

ResetCipherTest(HWND hwndDlg, int idTestCipher)

{

int ndx;

SetWindowText(GetDlgItem(hwndDlg, IDC_SECONDARY_KEY), L"0000000000000000000000000000000000000000000000000000000000000000");

SetWindowText(GetDlgItem(hwndDlg, IDC_TEST_DATA_UNIT_NUMBER), L"0");