From b6c290e4fd77c5d4ae1f5fb68e69006d49e1ad52 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Tue, 21 Jan 2020 00:53:32 +0100
Subject: Windows: Fix failure of Screen Readers (Accessibility support) to
 reader UI by disabling newly introduced memory protection by default and
 adding a CLI switch (/protectMemory) to enable it when needed. This fixes
 issue https://github.com/veracrypt/VeraCrypt/issues/536

---
 src/Common/Dlgcode.c         |  4 +--
 src/Common/Dlgcode.h         |  1 +
 src/ExpandVolume/WinMain.cpp | 69 ++++++++++++++++++++++++++++++++++++++++++++
 src/Format/Tcformat.c        | 12 ++++++++
 src/Mount/Mount.c            | 14 +++++++++
 5 files changed, 97 insertions(+), 3 deletions(-)

diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 350e3f46..261ec33e 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -190,6 +190,7 @@ BOOL MultipleMountOperationInProgress = FALSE;
 
 volatile BOOL NeedPeriodicDeviceListUpdate = FALSE;
 BOOL DisablePeriodicDeviceListUpdate = FALSE;
+BOOL EnableMemoryProtection = FALSE;
 
 BOOL WaitDialogDisplaying = FALSE;
 
@@ -2919,9 +2920,6 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
 	char langId[6];	
 	InitCommonControlsPtr InitCommonControlsFn = NULL;	
 	wchar_t modPath[MAX_PATH];
-	
-	/* Protect this process memory from being accessed by non-admin users */
-	EnableProcessProtection ();
 
 	GetModuleFileNameW (NULL, modPath, ARRAYSIZE (modPath));
 
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index f387bf71..b2324b12 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -167,6 +167,7 @@ extern BOOL MultipleMountOperationInProgress;
 
 extern volatile BOOL NeedPeriodicDeviceListUpdate;
 extern BOOL DisablePeriodicDeviceListUpdate;
+extern BOOL EnableMemoryProtection;
 
 #ifndef SETUP
 extern BOOL bLanguageSetInSetup;
diff --git a/src/ExpandVolume/WinMain.cpp b/src/ExpandVolume/WinMain.cpp
index ffeabe01..10c1af40 100644
--- a/src/ExpandVolume/WinMain.cpp
+++ b/src/ExpandVolume/WinMain.cpp
@@ -866,6 +866,67 @@ static BOOL SelectPartition (HWND hwndDlg)
 	return FALSE;
 }
 
+void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
+{
+	wchar_t **lpszCommandLineArgs = NULL;	/* Array of command line arguments */
+	int nNoCommandLineArgs;	/* The number of arguments in the array */
+
+	/* Extract command line arguments */
+	nNoCommandLineArgs = Win32CommandLine (&lpszCommandLineArgs);
+	if (nNoCommandLineArgs > 0)
+	{
+		int i;
+
+		for (i = 0; i < nNoCommandLineArgs; i++)
+		{
+			enum
+			{
+				OptionEnableMemoryProtection,
+			};
+
+			argument args[]=
+			{
+				{ OptionEnableMemoryProtection,	L"/protectMemory",	NULL, FALSE },
+			};
+
+			argumentspec as;
+
+			int x;
+
+			if (lpszCommandLineArgs[i] == NULL)
+				continue;
+
+			as.args = args;
+			as.arg_cnt = sizeof(args)/ sizeof(args[0]);
+
+			x = GetArgumentID (&as, lpszCommandLineArgs[i]);
+
+			switch (x)
+			{
+
+			case OptionEnableMemoryProtection:
+				EnableMemoryProtection = TRUE;
+				break;
+
+			default:
+				DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_COMMANDHELP_DLG), hwndDlg, (DLGPROC)
+						CommandHelpDlgProc, (LPARAM) &as);
+
+				exit(0);
+			}
+		}
+	}
+
+	/* Free up the command line arguments */
+	while (--nNoCommandLineArgs >= 0)
+	{
+		free (lpszCommandLineArgs[nNoCommandLineArgs]);
+	}
+
+	if (lpszCommandLineArgs)
+		free (lpszCommandLineArgs);
+}
+
 
 /* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure
    should return nonzero if it processes a message, and zero if it does not. */
@@ -890,6 +951,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 			bUseSecureDesktop = FALSE;
 			bUseLegacyMaxPasswordLength = FALSE;
 
+			VeraCryptExpander::ExtractCommandLine (hwndDlg, (wchar_t *) lParam);
+
 			if (UsePreferences)
 			{
 				// General preferences
@@ -900,6 +963,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 				RestoreDefaultKeyFilesParam ();
 			}
 
+			if (EnableMemoryProtection)
+			{
+				/* Protect this process memory from being accessed by non-admin users */
+				EnableProcessProtection ();
+			}
+
 			InitMainDialog (hwndDlg);
 
 			// Quit
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index 58800aa5..3d394c16 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -6145,6 +6145,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 
 			ExtractCommandLine (hwndDlg, (wchar_t *) lParam);
 
+			if (EnableMemoryProtection)
+			{
+				/* Protect this process memory from being accessed by non-admin users */
+				EnableProcessProtection ();
+			}
+
 			if (ComServerMode)
 			{
 				InitDialog (hwndDlg);
@@ -9001,6 +9007,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 				OptionNoSizeCheck,
 				OptionQuickFormat,
 				OptionFastCreateFile,
+				OptionEnableMemoryProtection,
 			};
 
 			argument args[]=
@@ -9024,6 +9031,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 				{ OptionNoSizeCheck,			L"/nosizecheck",	NULL, FALSE },
 				{ OptionQuickFormat,			L"/quick",	NULL, FALSE },
 				{ OptionFastCreateFile,			L"/fastcreatefile",	NULL, FALSE },
+				{ OptionEnableMemoryProtection,	L"/protectMemory",	NULL, FALSE },
 
 				// Internal
 				{ CommandResumeSysEncLogOn,		L"/acsysenc",		L"/a", TRUE },
@@ -9384,6 +9392,10 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 				CmdFastCreateFile = TRUE;
 				break;
 
+			case OptionEnableMemoryProtection:
+				EnableMemoryProtection = TRUE;
+				break;
+
 			case OptionHistory:
 				{
 					wchar_t szTmp[8] = {0};
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index ac25ba58..36fa1815 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -6859,6 +6859,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 					AbortProcess ("COMMAND_LINE_ERROR");
 			}
 
+			if (EnableMemoryProtection)
+			{
+				/* Protect this process memory from being accessed by non-admin users */
+				EnableProcessProtection ();
+			}
+
 			if (ComServerMode)
 			{
 				InitDialog (hwndDlg);
@@ -8883,6 +8889,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 				OptionNoWaitDlg,
 				OptionSecureDesktop,
 				OptionDisableDeviceUpdate,
+				OptionEnableMemoryProtection,
 			};
 
 			argument args[]=
@@ -8912,6 +8919,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 				{ OptionNoWaitDlg,			L"/nowaitdlg",	NULL, FALSE },
 				{ OptionSecureDesktop,			L"/secureDesktop",	NULL, FALSE },
 				{ OptionDisableDeviceUpdate,			L"/disableDeviceUpdate",	NULL, FALSE },
+				{ OptionEnableMemoryProtection,			L"/protectMemory",	NULL, FALSE },
 			};
 
 			argumentspec as;
@@ -9008,6 +9016,12 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 				}
 				break;
 
+			case OptionEnableMemoryProtection:
+				{
+					EnableMemoryProtection = TRUE;
+				}
+				break;
+
 			case OptionCache:
 				{
 					wchar_t szTmp[16] = {0};
-- 
cgit v1.2.3