From 6ca598f8418a1ab12ff7353c534d610b4dbac943 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 29 Jul 2015 00:09:14 +0200 Subject: Windows: Implement Evil-Maid-Attack detection mechanism. Write the correct bootloader when changing the system encryption password: this enables to recover if an attack is detected. --- src/Driver/Ntdriver.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src/Driver/Ntdriver.c') diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index a9f15b78..a99ac6d4 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -1029,7 +1029,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex IO_STATUS_BLOCK IoStatus; LARGE_INTEGER offset; byte readBuffer [TC_SECTOR_SIZE_BIOS]; - + if (!ValidateIOBufferSize (Irp, sizeof (GetSystemDriveConfigurationRequest), ValidateInputOutput)) break; @@ -1493,6 +1493,10 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex ReopenBootVolumeHeader (Irp, irpSp); break; + case VC_IOCTL_GET_BOOT_LOADER_FINGERPRINT: + GetBootLoaderFingerprint (Irp, irpSp); + break; + case TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME: GetBootEncryptionAlgorithmName (Irp, irpSp); break; -- cgit v1.2.3