diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-02-27 00:09:40 +0100 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-03-01 00:35:20 +0100 |
commit | 8d7a3187959ed0cf7cf55e7656f8ee595db9a088 (patch) | |
tree | 2e591047a621a6226e87b613b8a380a63b78d46b | |
parent | cf48b532b447faa969347fef183c6e8921c4ded2 (diff) | |
download | VeraCrypt-8d7a3187959ed0cf7cf55e7656f8ee595db9a088.tar.gz VeraCrypt-8d7a3187959ed0cf7cf55e7656f8ee595db9a088.zip |
Windows: use specific order for EFI boot arguments memory regions that matches the one used by EFI bootloader.
-rw-r--r-- | src/Boot/Windows/BootDefs.h | 3 | ||||
-rw-r--r-- | src/Common/Tcdefs.h | 8 | ||||
-rw-r--r-- | src/Driver/DriveFilter.c | 19 | ||||
-rw-r--r-- | src/Driver/DriveFilter.h | 2 | ||||
-rw-r--r-- | src/Driver/Ntdriver.c | 42 |
5 files changed, 63 insertions, 11 deletions
diff --git a/src/Boot/Windows/BootDefs.h b/src/Boot/Windows/BootDefs.h index cd4b2263..3d65f0a0 100644 --- a/src/Boot/Windows/BootDefs.h +++ b/src/Boot/Windows/BootDefs.h @@ -205,6 +205,7 @@ TC_HIDDEN_OS_CREATION_PHASE_WIPED = TC__HIDDEN_OS_CREATION_PHASE_WIPED 0x100000, 0x200000, 0x300000, 0x400000, 0x500000, 0x600000, 0x700000, 0x800000, \ 0x900000, 0xA00000, 0xB00000, 0xC00000, 0xD00000, 0xE00000, 0xF00000, 0x1000000 -#define EFI_BOOTARGS_REGIONS EFI_BOOTARGS_REGIONS_LOW, EFI_BOOTARGS_REGIONS_HIGH +#define EFI_BOOTARGS_REGIONS_DEFAULT EFI_BOOTARGS_REGIONS_LOW, EFI_BOOTARGS_REGIONS_HIGH +#define EFI_BOOTARGS_REGIONS_EFI EFI_BOOTARGS_REGIONS_HIGH, EFI_BOOTARGS_REGIONS_LOW #endif // TC_HEADER_Boot_BootDefs diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index 47a4bc54..ec1df6a4 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -281,6 +281,14 @@ typedef VOID (NTAPI *KeRestoreExtendedProcessorStateFn) ( PXSTATE_SAVE XStateSave ); +typedef NTSTATUS (NTAPI *ExGetFirmwareEnvironmentVariableFn) ( + PUNICODE_STRING VariableName, + LPGUID VendorGuid, + PVOID Value, + PULONG ValueLength, + PULONG Attributes +); + extern NTSTATUS NTAPI KeSaveExtendedProcessorState ( __in ULONG64 Mask, PXSTATE_SAVE XStateSave diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index 5fbacac4..c9efd7fb 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -75,28 +75,31 @@ static int64 DecoySystemWipedAreaEnd; PKTHREAD DecoySystemWipeThread = NULL; static NTSTATUS DecoySystemWipeResult; -uint64 BootArgsRegions[] = { EFI_BOOTARGS_REGIONS }; +static uint64 BootArgsRegionsDefault[] = { EFI_BOOTARGS_REGIONS_DEFAULT }; +static uint64 BootArgsRegionsEFI[] = { EFI_BOOTARGS_REGIONS_EFI }; -NTSTATUS LoadBootArguments () +NTSTATUS LoadBootArguments (BOOL bIsEfi) { NTSTATUS status = STATUS_UNSUCCESSFUL; PHYSICAL_ADDRESS bootArgsAddr; byte *mappedBootArgs; byte *mappedCryptoInfo = NULL; uint16 bootLoaderArgsIndex; + uint64* BootArgsRegionsPtr = bIsEfi? BootArgsRegionsEFI : BootArgsRegionsDefault; + size_t BootArgsRegionsCount = bIsEfi? sizeof(BootArgsRegionsEFI)/ sizeof(BootArgsRegionsEFI[0]) : sizeof(BootArgsRegionsDefault)/ sizeof(BootArgsRegionsDefault[0]); KeInitializeMutex (&MountMutex, 0); // __debugbreak(); for (bootLoaderArgsIndex = 0; - bootLoaderArgsIndex < sizeof(BootArgsRegions)/ sizeof(BootArgsRegions[1]) && status != STATUS_SUCCESS; + bootLoaderArgsIndex < BootArgsRegionsCount && status != STATUS_SUCCESS; ++bootLoaderArgsIndex) { - bootArgsAddr.QuadPart = BootArgsRegions[bootLoaderArgsIndex] + TC_BOOT_LOADER_ARGS_OFFSET; + bootArgsAddr.QuadPart = BootArgsRegionsPtr[bootLoaderArgsIndex] + TC_BOOT_LOADER_ARGS_OFFSET; Dump ("Checking BootArguments at 0x%x\n", bootArgsAddr.LowPart); - mappedBootArgs = MmMapIoSpace (bootArgsAddr, sizeof (BootArguments), MmCached); - if (!mappedBootArgs) - return STATUS_INSUFFICIENT_RESOURCES; + mappedBootArgs = MmMapIoSpace (bootArgsAddr, sizeof (BootArguments), MmCached); + if (!mappedBootArgs) + return STATUS_INSUFFICIENT_RESOURCES; if (TC_IS_BOOT_ARGUMENTS_SIGNATURE (mappedBootArgs)) { @@ -118,7 +121,7 @@ NTSTATUS LoadBootArguments () // Sanity check: for valid boot argument, the password is less than 64 bytes long if (bootArguments->BootPassword.Length <= MAX_LEGACY_PASSWORD) { - BootLoaderArgsPtr = BootArgsRegions[bootLoaderArgsIndex]; + BootLoaderArgsPtr = BootArgsRegionsPtr[bootLoaderArgsIndex]; BootArgs = *bootArguments; BootArgsValid = TRUE; diff --git a/src/Driver/DriveFilter.h b/src/Driver/DriveFilter.h index f19609b0..b164fa5b 100644 --- a/src/Driver/DriveFilter.h +++ b/src/Driver/DriveFilter.h @@ -70,7 +70,7 @@ CRYPTO_INFO *GetSystemDriveCryptoInfo (); BOOL IsBootDriveMounted (); BOOL IsBootEncryptionSetupInProgress (); BOOL IsHiddenSystemRunning (); -NTSTATUS LoadBootArguments (); +NTSTATUS LoadBootArguments (BOOL bIsEfi); static NTSTATUS SaveDriveVolumeHeader (DriveFilterExtension *Extension); NTSTATUS StartBootEncryptionSetup (PDEVICE_OBJECT DeviceObject, PIRP irp, PIO_STACK_LOCATION irpSp); void EmergencyClearAllKeys (PIRP irp, PIO_STACK_LOCATION irpSp); diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index 97fb1bf1..bf57fcdc 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -140,12 +140,44 @@ static BOOL EnableExtendedIoctlSupport = FALSE; static BOOL AllowTrimCommand = FALSE; static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL; static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL; +static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL; POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool; ULONG ExDefaultMdlProtection = 0; PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1]; +BOOL IsUefiBoot () +{ + BOOL bStatus = FALSE; + NTSTATUS ntStatus = STATUS_NOT_IMPLEMENTED; + + Dump ("IsUefiBoot BEGIN\n"); + ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL); + + if (ExGetFirmwareEnvironmentVariablePtr) + { + ULONG valueLengh = 0; + UNICODE_STRING emptyName; + GUID guid; + RtlInitUnicodeString(&emptyName, L""); + memset (&guid, 0, sizeof(guid)); + Dump ("IsUefiBoot calling ExGetFirmwareEnvironmentVariable\n"); + ntStatus = ExGetFirmwareEnvironmentVariablePtr (&emptyName, &guid, NULL, &valueLengh, NULL); + Dump ("IsUefiBoot ExGetFirmwareEnvironmentVariable returned 0x%08x\n", ntStatus); + } + else + { + Dump ("IsUefiBoot ExGetFirmwareEnvironmentVariable not found on the system\n"); + } + + if (STATUS_NOT_IMPLEMENTED != ntStatus) + bStatus = TRUE; + + Dump ("IsUefiBoot bStatus = %s END\n", bStatus? "TRUE" : "FALSE"); + return bStatus; +} + void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed) { LARGE_INTEGER iSeed, iSeed2; @@ -248,6 +280,14 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName); KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName); } + + // ExGetFirmwareEnvironmentVariable is available starting from Windows 8 + if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2)) + { + UNICODE_STRING funcName; + RtlInitUnicodeString(&funcName, L"ExGetFirmwareEnvironmentVariable"); + ExGetFirmwareEnvironmentVariablePtr = (ExGetFirmwareEnvironmentVariableFn) MmGetSystemRoutineAddress(&funcName); + } // Load dump filter if the main driver is already loaded if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version)))) @@ -278,7 +318,7 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) TC_BUG_CHECK (STATUS_INVALID_PARAMETER); } - LoadBootArguments(); + LoadBootArguments(IsUefiBoot ()); VolumeClassFilterRegistered = IsVolumeClassFilterRegistered(); DriverObject->DriverExtension->AddDevice = DriverAddDevice; |