VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2023-09-20 09:39:22 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2023-09-20 09:39:22 +0200
commit0f3ae268a4b0dfac7090f4fbf969601a1c35c86f (patch)
tree7c0a8afeae852abc98f81d402e3889d526a6fe2c
parentb1657e88e4f7922cda6795d843b5b7723b27102f (diff)
downloadVeraCrypt-0f3ae268a4b0dfac7090f4fbf969601a1c35c86f.tar.gz
VeraCrypt-0f3ae268a4b0dfac7090f4fbf969601a1c35c86f.zip
Windows: Add setting in main UI and setup wizard to disable memory protection
This can be useful for users who need Accessibility software that may not work when memory protection is active in VeraCrypt
-rw-r--r--src/Common/Dlgcode.c11
-rw-r--r--src/Common/Dlgcode.h1
-rw-r--r--src/Common/Language.xml1
-rw-r--r--src/Common/Resource.h3
-rw-r--r--src/Mount/Mount.c24
-rw-r--r--src/Mount/Mount.rc28
-rw-r--r--src/Setup/Setup.c6
-rw-r--r--src/Setup/Setup.h1
-rw-r--r--src/Setup/Setup.rc10
-rw-r--r--src/Setup/Wizard.c4
10 files changed, 69 insertions, 20 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 8f357208..fb7184b4 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -32,8 +32,8 @@
#include <process.h>
#include <Tlhelp32.h>
#endif
-#ifdef _WIN32_WINNT >= 0x0602
-#include "processthreadsapi.h""
+#if _WIN32_WINNT >= 0x0602
+#include "processthreadsapi.h"
#endif
#include "Resource.h"
@@ -3256,6 +3256,13 @@ BOOL ReadMemoryProtectionConfig ()
return (config)? TRUE: FALSE;
}
+BOOL WriteMemoryProtectionConfig (BOOL bEnable)
+{
+ DWORD config = bEnable? 1: 0;
+
+ return WriteLocalMachineRegistryDword (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config);
+}
+
BOOL LoadSysEncSettings ()
{
BOOL status = TRUE;
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 245df6c1..7947fcf9 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -350,6 +350,7 @@ uint32 ReadDriverConfigurationFlags ();
uint32 ReadServiceConfigurationFlags ();
uint32 ReadEncryptionThreadPoolFreeCpuCountLimit ();
BOOL ReadMemoryProtectionConfig ();
+BOOL WriteMemoryProtectionConfig (BOOL bEnable);
BOOL LoadSysEncSettings ();
int LoadNonSysInPlaceEncSettings (WipeAlgorithmId *wipeAlgorithm);
void RemoveNonSysInPlaceEncNotifications (void);
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index e819be47..ddb20159 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -1633,6 +1633,7 @@
<entry lang="en" key="EXPANDER_EXTENDING_FILESYSTEM">Extending file system ...\n</entry>
<entry lang="en" key="PARTIAL_SYSENC_MOUNT_READONLY">Warning: The system partition you attempted to mount was not fully encrypted. As a safety measure to prevent potential corruption or unwanted modifications, volume '%s' was mounted as read-only.</entry>
<entry lang="en" key="IDC_LINK_KEYFILES_EXTENSIONS_WARNING">Important information on using third-party file extensions</entry>
+ <entry lang="en" key="IDC_DISABLE_MEMORY_PROTECTION">Disable memory protection in VeraCrypt</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/src/Common/Resource.h b/src/Common/Resource.h
index a099c655..b6ad14c0 100644
--- a/src/Common/Resource.h
+++ b/src/Common/Resource.h
@@ -226,6 +226,7 @@
#define IDC_DISABLE_MOUNT_MANAGER 5142
#define IDC_KEYFILES_SIZE_UNIT 5143
#define IDC_LINK_KEYFILES_EXTENSIONS_WARNING 5144
+#define IDC_DISABLE_MEMORY_PROTECTION 5145
// Next default values for new objects
//
@@ -234,7 +235,7 @@
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 578
#define _APS_NEXT_COMMAND_VALUE 40001
-#define _APS_NEXT_CONTROL_VALUE 5145
+#define _APS_NEXT_CONTROL_VALUE 5146
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 41672e1a..28418a44 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -11559,6 +11559,12 @@ void SetServiceConfigurationFlag (uint32 flag, BOOL state)
BootEncObj->SetServiceConfigurationFlag (flag, state ? true : false);
}
+void SetMemoryProtectionConfig (BOOL bEnable)
+{
+ DWORD config = bEnable? 1: 0;
+ if (BootEncObj)
+ BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config);
+}
void NotifyService (DWORD dwNotifyCmd)
{
@@ -11611,6 +11617,8 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION), FALSE);
}
+ CheckDlgButton (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, ReadMemoryProtectionConfig() ? BST_UNCHECKED : BST_CHECKED);
+
size_t cpuCount = GetCpuCount(NULL);
HWND freeCpuCombo = GetDlgItem (hwndDlg, IDC_ENCRYPTION_FREE_CPU_COUNT);
@@ -11670,6 +11678,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
BOOL enableExtendedIOCTL = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EXTENDED_IOCTL_SUPPORT);
BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD);
BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG);
+ BOOL bDisableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION);
try
{
@@ -11738,6 +11747,11 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
}
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION, enableRamEncryption);
+ BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig();
+ if(originalDisableMemoryProtection != bDisableMemoryProtection)
+ rebootRequired = true;
+ SetMemoryProtectionConfig (!bDisableMemoryProtection);
+
DWORD bytesReturned;
if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL))
handleWin32Error (hwndDlg, SRC_POS);
@@ -11832,6 +11846,16 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
}
return 1;
+ case IDC_DISABLE_MEMORY_PROTECTION:
+ {
+ BOOL disableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION);
+ BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig();
+ if (disableMemoryProtection != originalDisableMemoryProtection)
+ {
+ Warning ("SETTING_REQUIRES_REBOOT", hwndDlg);
+ }
+ }
+ return 1;
case IDC_BENCHMARK:
Benchmark (hwndDlg);
return 1;
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index bb0e8c4e..066e8d8f 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -321,7 +321,7 @@ BEGIN
DEFPUSHBUTTON "OK",IDOK,255,226,50,14
END
-IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 293
+IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 300
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - Performance Options"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -338,20 +338,22 @@ BEGIN
CONTROL "Enable extended disk control codes support",IDC_ENABLE_EXTENDED_IOCTL_SUPPORT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,198,337,10
CONTROL "Allow TRIM command for non-system SSD partition/drive",IDC_ALLOW_TRIM_NONSYS_SSD,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,212,337,10
- PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,272,59,14
- DEFPUSHBUTTON "OK",IDOK,257,272,50,14
- PUSHBUTTON "Cancel",IDCANCEL,314,272,50,14
- LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9
- GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74
- GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93
- GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,86
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,211,337,10
CONTROL "Allow Windows Disk Defragmenter to defragment non-system partition/drive",IDC_ALLOW_WINDOWS_DEFRAG,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,226,337,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,224,337,10
CONTROL "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,240,335,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,335,10
CONTROL "Activate encryption of keys and passwords stored in RAM",IDC_ENABLE_RAM_ENCRYPTION,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,254,337,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,250,337,10
+ CONTROL "Disable memory protection in VeraCrypt",IDC_DISABLE_MEMORY_PROTECTION,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,263,339,10
+ PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,279,59,14
+ DEFPUSHBUTTON "OK",IDOK,257,279,50,14
+ PUSHBUTTON "Cancel",IDCANCEL,314,279,50,14
+ LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9
+ GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74
+ GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93
+ GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,95
END
IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 368
@@ -521,7 +523,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 364
TOPMARGIN, 7
- BOTTOMMARGIN, 286
+ BOTTOMMARGIN, 293
END
IDD_FAVORITE_VOLUMES, DIALOG
diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c
index 2d8d940c..f757aafa 100644
--- a/src/Setup/Setup.c
+++ b/src/Setup/Setup.c
@@ -74,6 +74,7 @@ BOOL UnloadDriver = TRUE;
BOOL bSystemRestore = TRUE;
BOOL bDisableSwapFiles = FALSE;
BOOL bForAllUsers = TRUE;
+BOOL bDisableMemoryProtection = FALSE;
BOOL bRegisterFileExt = TRUE;
BOOL bAddToStartMenu = TRUE;
BOOL bDesktopIcon = TRUE;
@@ -2335,6 +2336,11 @@ void DoInstall (void *arg)
if (bSystemRestore)
SetSystemRestorePoint (hwndDlg, TRUE);
+ if (bOK && bDisableMemoryProtection)
+ {
+ WriteMemoryProtectionConfig(FALSE);
+ }
+
if (bOK)
{
UpdateProgressBarProc(100);
diff --git a/src/Setup/Setup.h b/src/Setup/Setup.h
index e38dd75a..d284586a 100644
--- a/src/Setup/Setup.h
+++ b/src/Setup/Setup.h
@@ -120,6 +120,7 @@ extern BOOL bReinstallMode;
extern BOOL bSystemRestore;
extern BOOL bDisableSwapFiles;
extern BOOL bForAllUsers;
+extern BOOL bDisableMemoryProtection;
extern BOOL bRegisterFileExt;
extern BOOL bAddToStartMenu;
extern BOOL bDesktopIcon;
diff --git a/src/Setup/Setup.rc b/src/Setup/Setup.rc
index 6066d452..68ccffd0 100644
--- a/src/Setup/Setup.rc
+++ b/src/Setup/Setup.rc
@@ -146,12 +146,14 @@ FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_DESTINATION,11,41,260,13,ES_AUTOHSCROLL
PUSHBUTTON "Bro&wse...",IDC_BROWSE,278,40,59,14
- CONTROL "Install &for all users",IDC_ALL_USERS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,77,168,11
+ CONTROL "Install &for all users",IDC_ALL_USERS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,168,11
+ CONTROL "Add VeraCrypt to &Start menu",IDC_PROG_GROUP,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,80,168,11
+ CONTROL "Add VeraCrypt icon to &desktop",IDC_DESKTOP_ICON,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,92,168,11
CONTROL "Associate the .hc file &extension with VeraCrypt",IDC_FILE_TYPE,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,113,232,11
- CONTROL "Add VeraCrypt to &Start menu",IDC_PROG_GROUP,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,89,168,11
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,104,232,11
+ CONTROL "Disable memory protection in VeraCrypt",IDC_DISABLE_MEMORY_PROTECTION,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,115,218,10
CONTROL "Create System &Restore point",IDC_SYSTEM_RESTORE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,125,194,11
- CONTROL "Add VeraCrypt icon to &desktop",IDC_DESKTOP_ICON,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,101,168,11
LTEXT "Please select or type the location where you want to install the VeraCrypt program files. If the specified folder does not exist, it will be automatically created.",IDT_INSTALL_DESTINATION,11,14,319,25
END
diff --git a/src/Setup/Wizard.c b/src/Setup/Wizard.c
index 78616abe..857eb2de 100644
--- a/src/Setup/Wizard.c
+++ b/src/Setup/Wizard.c
@@ -685,6 +685,10 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
bForAllUsers = IsButtonChecked (GetDlgItem (hCurPage, IDC_ALL_USERS));
return 1;
+ case IDC_DISABLE_MEMORY_PROTECTION:
+ bDisableMemoryProtection = IsButtonChecked (GetDlgItem (hCurPage, IDC_DISABLE_MEMORY_PROTECTION));
+ return 1;
+
case IDC_FILE_TYPE:
bRegisterFileExt = IsButtonChecked (GetDlgItem (hCurPage, IDC_FILE_TYPE));
return 1;