From 0ac40097200985a64665ac8f7c0dd66ce5157988 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 8 Oct 2016 19:00:02 +0200 Subject: Windows: Fix failure to access EFS data on VeraCrypt volumes under Windows 10 but supporting undocumented IOCTL. --- src/Common/Apidrvr.h | 2 ++ src/Driver/Ntdriver.c | 13 +++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index 36233d76..07a8448c 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -124,6 +124,8 @@ #define TC_IOCTL_LEGACY_GET_DRIVER_VERSION 466968 #define TC_IOCTL_LEGACY_GET_MOUNTED_VOLUMES 466948 +// Undocumented IOCTL sent by Windows 10 when handling EFS data on volumes +#define IOCTL_UNKNOWN_WINDOWS10_EFS_ACCESS 0x455610D8 /* Start of driver interface structures, the size of these structures may change between versions; so make sure you first send DRIVER_VERSION to diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index 384fca99..eaa8fa8c 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -214,7 +214,7 @@ NTSTATUS TCDispatchQueueIRP (PDEVICE_OBJECT DeviceObject, PIRP Irp) PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp); NTSTATUS ntStatus; -#ifdef _DEBUG +#if defined(_DEBUG) || defined (_DEBUG_TRACE) if (irpSp->MajorFunction == IRP_MJ_DEVICE_CONTROL && (Extension->bRootDevice || Extension->IsVolumeDevice)) { switch (irpSp->Parameters.DeviceIoControl.IoControlCode) @@ -896,6 +896,15 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION } break; + + case IOCTL_UNKNOWN_WINDOWS10_EFS_ACCESS: + // This undocumented IOCTL is sent when handling EFS data + // We must return success otherwise EFS operations fail + Dump ("ProcessVolumeDeviceControlIrp (unknown IOCTL 0x%.8X, OutputBufferLength = %d). Returning fake success\n", irpSp->Parameters.DeviceIoControl.IoControlCode, (int) irpSp->Parameters.DeviceIoControl.OutputBufferLength); + Irp->IoStatus.Status = STATUS_SUCCESS; + Irp->IoStatus.Information = 0; + + break; default: Dump ("ProcessVolumeDeviceControlIrp (unknown code 0x%.8X)\n", irpSp->Parameters.DeviceIoControl.IoControlCode); return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0); @@ -2071,7 +2080,7 @@ void TCGetDosNameFromNumber (LPWSTR dosname,int cbDosName, int nDriveNo, DeviceN RtlStringCbCatW (dosname, cbDosName, tmp); } -#ifdef _DEBUG +#if defined(_DEBUG) || defined (_DEBUG_TRACE) LPWSTR TCTranslateCode (ULONG ulCode) { switch (ulCode) -- cgit v1.2.3