Contents

========

Instructions for Signing and Packaging VeraCrypt for Windows

Mac OS X specifics

III. FreeBSD and OpenSolaris

IV. Third-Party Developers (Contributors)

.sys file, there are embedded digital signatures and all related certificates

(i.e. all certificates in the relevant certification chain, such as the

certification authority certificates, CA-MS cross-certificate, and the

Keep this in mind if you compile VeraCrypt

and compare your binaries with the official binaries. If your binaries are

unsigned, the sizes of the official binaries will usually be approximately

First, create an environment variable 'WSDK81' pointing to the Windows SDK

for Windows 8.1 installation directory.

certificate store and also build the final installation setup.

The batch file suppose that the code signing certificate is issued by Thawt.

folder and then modify sign.bat accordingly.

and https://osxfuse.github.io/)

- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20

header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20).

Instructions for Building VeraCrypt for Linux and Mac OS X:

2) If you have no wxWidgets shared library installed, run the following

command to configure the wxWidgets static library for VeraCrypt and to

$ make WXSTATIC=1 WX_ROOT=/usr/src/wxWidgets wxbuild

$ make

or if you have no wxWidgets shared library installed:

$ make WXSTATIC=1

4) If successful, the VeraCrypt executable should be located in the directory

$ make NOGUI=1 WXSTATIC=1 WX_ROOT=/usr/src/wxWidgets wxbuild

$ make NOGUI=1 WXSTATIC=1

On MacOSX, building a console-only executable is not supported.

Mac OS X specifics:

-----------------------------------------------------------

Under MacOSX, the SDK for OSX 10.7 is used by default. To use another version

of the SDK (i.e. 10.6), you can export the environment variable VC_OSX_TARGET:

$ export VC_OSX_TARGET=10.6

Before building under MacOSX, pkg-config must be installed if not yet available.

Get it from http://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz and

$ ./configure --with-internal-glib

$ make

After making sure pkg-config is available, download and install OSXFuse from

https://osxfuse.github.io/ (MacFUSE compatibility layer must selected)

full build of VeraCrypt including the creation of the installer pkg. It expects

VeraCrypt sources (i.e. if "src" path is "/Users/joe/Projects/VeraCrypt/src"

then wxWidgets should be at "/Users/joe/Projects/wxWidgets-wxWidgets-3.0.2")

If you intend to implement a feature, please contact us first to make sure:

1) That the feature has not been implemented (we may have already implemented

3) Whether we need help of third-party developers with implementing the feature.

Information on how to contact us can be found at:

Trademark Information

---------------------

documentation, are the sole property of their respective owners.

<string lang="pl" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_TERMINATE">Permanentne przerwanie procesu tworzenia ukrytego systemu operacyjnego</string>

<string lang="pl" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_ASK_LATER">Nie rób teraz nic później zostaniesz zapytany ponownie</string>

<string lang="pl" key="RESCUE_DISK_HELP_PORTION_1">\nJEŻELI MOŻLIWE, WYDRUKUJ TEN TEKST (kliknij 'Drukuj').\n\n\nJak i kiedy używać Plyty ratunkowej VeraCrypt (po zaszyfrowaniu) -----------------------------------------------------------------------------------\n\n</string>

płyty ratunkowej VeraCrypt, włóż ją do napędu CD/DVD i uruchom ponownie komputer. Jeśli ekran płyty ratunkowej VeraCrypt nie pojawia się (lub nie widać elementu 'Repair Options' w sekcji 'Keyboard Controls' na ekranie), prawdopodobnie BIOS został ustawiony tak, by próbować uruchamiać system z dysków twardych przed dyskami CD/DVD. Jeśli tak jest, uruchom ponownie komputer, wciśnij klawisz F2 lub Delete (natychmiast po pojawieniu ekranu uruchomieniowego BIOS) i poczekaj na wyświetlenie ekranu konfiguracji BIOS. Jeśli ekran konfiguracji BIOS nie pojawi się, zrestartuj (zresetuj) komputer raz jeszcze i powtarzaj wciśnięcia klawiszy F2 lub Delete od momentu restartu (resetu) komputera. Gdy pojawi się ekran konfiguracji BIOS, ustaw w BIOS-ie kolejność uruchamiania tak, by napęd CD/DVD był na pierwszym miejscu (Aby dowiedzieć się jak to zrobić, sprawdź w dokumentacji BIOS-u/płyty głównej lub skontaktuj się ze sprzedawcą lub wsparciem technicznym, by uzyskać pomoc). Następnie zrestartuj komputer. Ekran płyty ratunkowej VeraCrypt powinien się teraz pokazać. Uwaga: Na ekranie płyty ratunkowej VeraCrypt wybierz 'Repair Options' wciskając klawisz F8.\n\n\n</string>

<string lang="pl" key="RESCUE_DISK_HELP_PORTION_3">II. Kiedy i jak użyć płyty ratunkowej VeraCrypt (po Zaszyfrowaniu)\n\n</string>

<string lang="pl" key="RESCUE_DISK_HELP_PORTION_4">1) Jeśli ekran programu startowego VeraCrypt nie pojawia się po uruchomieniu komputera (lub jeśli nie startuje Windows), program startowy VeraCrypt może być uszkodzony. Płyta ratunowa VeraCrypt pozwala odtworzyć go a przez to odzyskać dostęp do zaszyfrowanego systemu i danych (jednak pamiętaj, że wciąż należy podać poprawne hasło). Na ekranie płyty ratunkowej wybierz 'Repair Options' &gt; 'Restore VeraCrypt Boot Loader'. Następnie wciśnij 'Y', by potwierdzić akcję, usuń płytę ratunkową z napędu CD/DVD i uruchom ponownie komputer.\n\n</string>

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

number /= 10;

}

str[pos] = (char) (number % 10) + '0';

while (pos >= 0)

PrintChar (str[pos--]);

}

mov asciiCode, al

mov scan, ah

}

if (scanCode)

*scanCode = scan;

if (scanCode == TC_BIOS_KEY_ENTER)

break;

if (scanCode == TC_BIOS_KEY_ESC)

return 0;

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

; Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

; by the TrueCrypt License 3.0.

;

; and all other portions of this file are Copyright (c) 2013-2016 IDRIX

; and are governed by the Apache License 2.0 the full text of which is

; contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

{

Print (message);

Print (": ");

if (hex)

PrintHex (value);

else

Print (value);

if (newLine)

PrintEndl();

}

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#define TC__BOOT_LOADER_SEGMENT TC_HEX (9000) // Some buggy BIOS routines fail if CS bits 0-10 are not zero

#if TC__BOOT_MEMORY_REQUIRED <= 32

#else

#endif

#define TC__COM_EXECUTABLE_OFFSET TC_HEX (100)

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

dapPacket.Sector = sector;

byte function = write ? 0x43 : 0x42;

BiosResult result;

byte tryCount = TC_MAX_BIOS_DISK_IO_RETRIES;

BiosResult result;

uint16 codeSeg;

__asm mov codeSeg, cs

result = ReadSectors (BootStarted ? codeSeg : TC_BOOT_LOADER_ALT_SEGMENT, (uint16) buffer, drive, sector, sectorCount, silent);

// Alternative segment is used to prevent memory corruption caused by buggy BIOSes

PartitionEntryMBR mbrPartitions[4];

memcpy (mbrPartitions, mbr->Partitions, sizeof (mbrPartitions));

size_t partitionArrayPos = 0, partitionNumber;

for (partitionNumber = 0;

partitionNumber < array_capacity (mbrPartitions) && partitionArrayPos < partitionArrayCapacity;

++partitionNumber)

{

const PartitionEntryMBR &partEntry = mbrPartitions[partitionNumber];

if (partEntry.SectorCountLBA > 0)

{

Partition &partition = partitionArray[partitionArrayPos];

PrintError (TC_BOOT_STR_NO_BOOT_PARTITION);

return false;

}

return true;

}

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Print ((BootSectorFlags & TC_BOOT_CFG_MASK_HIDDEN_OS_CREATION_PHASE) != TC_HIDDEN_OS_CREATION_PHASE_NONE

? "Boot Non-Hidden System (Boot Manager)"

: "Skip Authentication (Boot Manager)");

#else // TC_WINDOWS_BOOT_RESCUE_DISK_MODE

Print ("Skip Authentication (Boot Manager)");

ClearBiosKeystrokeBuffer();

PrintEndl();

break;

case TC_BIOS_KEY_BACKSPACE:

ClearBiosKeystrokeBuffer();

PrintEndl();

return TC_BIOS_KEY_ENTER;

case TC_BIOS_KEY_BACKSPACE:

pim = 10*pim + (asciiCode - '0');

pos++;

if (hidePassword) asciiCode = '*';

if (pos < MAX_PIM)

PrintChar (asciiCode);

int volumeType;

bool hiddenVolume;

uint64 headerSec;

AcquireSectorBuffer();

for (volumeType = 1; volumeType <= 2; ++volumeType)

EncryptedVirtualPartition.Drive = BootDrive;

EncryptedVirtualPartition.StartSector = BootCryptoInfo->EncryptedAreaStart >> TC_LB_SIZE_BIT_SHIFT_DIVISOR;

PimValueOrHiddenVolumeStartUnitNo = EncryptedVirtualPartition.StartSector;

HiddenVolumeStartSector = PartitionFollowingActive.StartSector;

HiddenVolumeStartSector += EncryptedVirtualPartition.StartSector;

if (!MountVolume (BootDrive, exitKey, PreventNormalSystemBoot, false))

return exitKey;

if (!CheckMemoryRequirements ())

goto err;

EncryptDataUnits (SectorBuffer, &s, 1, BootCryptoInfo);

CopyMemory (SectorBuffer, TC_BOOT_LOADER_BUFFER_SEGMENT, i * TC_LB_SIZE, TC_LB_SIZE);

ReleaseSectorBuffer();

DecryptDataUnits (SectorBuffer, &s, 1, BootCryptoInfo);

CopyMemory (SectorBuffer, TC_BOOT_LOADER_BUFFER_SEGMENT, i * TC_LB_SIZE, TC_LB_SIZE);

ReleaseSectorBuffer();

exitKey = BootEncryptedDrive();

#else // TC_WINDOWS_BOOT_RESCUE_DISK_MODE

PrintMainMenu();

exitKey = BootEncryptedDrive();

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

push TC_BOOT_LOADER_ALT_SEGMENT

pop es

mov di, 0

int 0x15

jnc no_carry

mov carry, true

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

; Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

; by the TrueCrypt License 3.0.

;

; and all other portions of this file are Copyright (c) 2013-2016 IDRIX

; and are governed by the Apache License 2.0 the full text of which is

; contained in the file License.txt included in VeraCrypt binary and source

loader_name_msg:

db ' VeraCrypt Boot Loader', 13, 10, 0

main:

xor ax, ax

mov ds, ax

mov ss, ax

; Check available memory

cmp word ptr [ds:413h], TC_BOOT_LOADER_SEGMENT / 1024 * 16 + TC_BOOT_MEMORY_REQUIRED

jge memory_ok

mov ax, TC_BOOT_LOADER_SEGMENT_LOW

cmp word ptr [ds:413h], TC_BOOT_LOADER_SEGMENT_LOW / 1024 * 16 + TC_BOOT_MEMORY_REQUIRED

jge memory_ok

; Insufficient memory

mov ax, TC_BOOT_LOADER_LOWMEM_SEGMENT

mov cx, TC_BOOT_MEMORY_REQUIRED * 1024 - TC_COM_EXECUTABLE_OFFSET - 1

cld

rep stosb

mov ax, es

sub ax, TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE / 16 ; Decompressor segment

mov es, ax

; Load decompressor

mov cl, TC_BOOT_LOADER_DECOMPRESSOR_START_SECTOR

retry_backup:

mov cx, TC_BOOT_LOADER_DECOMPRESSOR_SECTOR_COUNT * TC_LB_SIZE

call checksum

push ebx

; Load compressed boot loader

mov bx, TC_BOOT_LOADER_COMPRESSED_BUFFER_OFFSET

mov cl, TC_BOOT_LOADER_START_SECTOR

mov al, TC_MAX_BOOT_LOADER_SECTOR_COUNT

test backup_loader_used, 1

jz non_backup

mov al, TC_BOOT_LOADER_BACKUP_SECTOR_COUNT - TC_BOOT_LOADER_DECOMPRESSOR_SECTOR_COUNT

mov cl, TC_BOOT_LOADER_START_SECTOR + TC_BOOT_LOADER_BACKUP_SECTOR_COUNT

non_backup:

call read_sectors

mov si, TC_BOOT_LOADER_COMPRESSED_BUFFER_OFFSET

mov cx, word ptr [start + TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET]

call checksum

; Verify checksum

je checksum_ok

; Checksum incorrect - try using backup if available

test backup_loader_used, 1

jnz loader_damaged

mov backup_loader_used, 1

mov cl, TC_BOOT_LOADER_DECOMPRESSOR_START_SECTOR + TC_BOOT_LOADER_BACKUP_SECTOR_COUNT

test TC_BOOT_CFG_FLAG_BACKUP_LOADER_AVAILABLE, byte ptr [start + TC_BOOT_SECTOR_CONFIG_OFFSET]

jnz retry_backup

loader_damaged:

lea si, loader_damaged_msg

call print

mov ss, ax

mov sp, TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE

sti

push dx

; Decompress boot loader

mov cx, word ptr [start + TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET]

sub cx, TC_GZIP_HEADER_SIZE

add sp, 8

pop dx

; Restore boot sector segment

push cs

pop ds

; DH = boot sector flags

mov dh, byte ptr [start + TC_BOOT_SECTOR_CONFIG_OFFSET]

; Set up boot loader segment

mov ax, es

add ax, TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE / 16

push es

push TC_COM_EXECUTABLE_OFFSET

retf

; Print string

print:

xor bx, bx

mov ah, 0eh

cld

@@: lodsb

test al, al

jz print_end

int 10h

jmp @B

mov ah, 2

int 13h

jnc read_ok

lea si, disk_error_msg

call print

read_ok:

ret

; Calculate checksum

checksum:

push ds

pop ds

xor eax, eax

cld

@@: lodsb

add ebx, eax

rol ebx, 1

loop @B

pop ds

ret

backup_loader_used db 0

disk_error_msg db 'Disk error', 13, 10, 7, 0

loader_damaged_msg db 7, 'Loader damaged! Repair with Rescue Disk', 0

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

if (ReEntryCount == 0 && drive == EncryptedVirtualPartition.Drive)

{

BiosResult result;

if (function == 0x3)

result = WriteEncryptedSectors (regs.ES, regs.BX, drive, sector, sectorCount);

else

case 0x43: // Write sectors LBA

{

byte drive = (byte) regs.DX;

BiosLbaPacket lba;

CopyMemory (regs.DS, regs.SI, (byte *) &lba, sizeof (lba));

if (ReEntryCount == 0 && drive == EncryptedVirtualPartition.Drive)

{

BiosResult result;

uint16 segment = (uint16) (lba.Buffer >> 16);

uint16 offset = (uint16) lba.Buffer;

popf

leave

add sp, 2

pass15:

popad

pushf

cmp ax, 0xe820 // Get system memory map

je filter

popf

leave

jmp cs:OriginalInt15Handler

// Save original INT 13 handler

xor ax, ax

mov es, ax

mov si, 0x13 * 4

lea di, OriginalInt13Handler

mov [di], ax

mov ax, es:[si + 2]

mov [di + 2], ax

// Install INT 13 filter

lea ax, Int13FilterEntry

mov es:[si], ax

mov es:[si + 2], cs

// Save original INT 15 handler

lea di, OriginalInt15Handler

mov ax, es:[si]

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

# Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

# by the TrueCrypt License 3.0.

#

# and all other portions of this file are Copyright (c) 2013-2016 IDRIX

# and are governed by the Apache License 2.0 the full text of which is

# contained in the file License.txt included in VeraCrypt binary and source

set INCLUDE=.

set LIB=.

set LIBPATH=.

clean:

-del /q /s $(OBJDIR) >NUL:

$(CC) $(CFLAGS) /c "$(SRCDIR)\$<"

set PATH=$(ENVPATH)

cd ..

{..\..\Common}.c{$(OUTDIR)}.obj:

cd $(OBJDIR)

set PATH=.

$(CC) $(CFLAGS) /c "$(SRCDIR)\$<"

set PATH=$(ENVPATH)

cd ..

.cpp{$(OUTDIR)}.obj:

cd $(OBJDIR)

set PATH=.

$(CC) $(CFLAGS) /D TC_ASM_PREPROCESS /P /EP "$(SRCDIR)\BootDefs.h"

set PATH=$(ENVPATH)

cd ..

$(OUTDIR)\BootSector.bin: $(OUTDIR)\BootSector.obj

cd $(OBJDIR)

$(LD) $(LFLAGS) BootSector.obj,BootSector.bin,,,, >NUL:

$(OUTDIR)\$(PROJ).$(TARGETEXT): $(OBJS)

@echo Linking...

cd $(OBJDIR)

echo >NUL: @<<$(PROJ).crf2

$(PROJ).$(TARGETEXT)

del $(PROJ).crf >NUL: 2>NUL:

for %F in ($(**F)) do @echo %F + >>$(PROJ).crf

type $(PROJ).crf2 >>$(PROJ).crf

$(LD) $(LFLAGS) @$(PROJ).crf

del $(PROJ).crf $(PROJ).crf2

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

while (shiftCount--)

{

r.LowPart >>= 1;

if ((byte) r.HighPart & 1)

r.LowPart |= 0x80000000UL;

uint64 operator<< (const uint64 &a, int shiftCount)

{

uint64 r = a;

while (shiftCount--)

r += r;

a += b;

a -= b;

++a;

b = b + (uint32) 1UL;

c = (a - ((a + b) >> 32) - (uint32) 1UL);

{

uint64 end1 = start1 + length1 - 1UL;

uint64 intersectEnd = (end1 <= end2) ? end1 : end2;

uint64 intersectStart = (start1 >= start2) ? start1 : start2;

if (intersectStart > intersectEnd)

return false;

return (intersectEnd + 1UL - intersectStart).LowPart != 0;

}

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#define TC_ASM_EMIT(A,B) __asm _emit 0x##A __asm _emit 0x##B

#define TC_ASM_EMIT3(A,B,C) __asm _emit 0x##A __asm _emit 0x##B __asm _emit 0x##C

#define TC_ASM_MOV_EAX_DI TC_ASM_EMIT3 (66, 8B, 05)

#define TC_ASM_MOV_EBX_DI TC_ASM_EMIT3 (66, 8B, 1D)

# Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

# by the TrueCrypt License 3.0.

#

# and all other portions of this file are Copyright (c) 2013-2016 IDRIX

# and are governed by the Apache License 2.0 the full text of which is

# contained in the file License.txt included in VeraCrypt binary and source

%.txt.h: %.txt

@echo Converting $(<F)

$(OD_BIN) $< | $(TR_SED_BIN) >$@

%.bmp.h: %.bmp

@echo Converting $(<F)

$(OD_BIN) $< | $(TR_SED_BIN) >$@

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

{

public:

RefCount (1), ServerLockCount (0), MessageThreadId (messageThreadId) { }

~TrueCryptFactory () { }

virtual ULONG STDMETHODCALLTYPE AddRef ()

{

return InterlockedIncrement (&RefCount) - 1;

AddRef ();

return S_OK;

}

virtual HRESULT STDMETHODCALLTYPE CreateInstance (IUnknown *pUnkOuter, REFIID riid, void **ppvObject)

{

if (pUnkOuter != NULL)

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

class Elevator

{

public:

static void AddReference ()

{

++ReferenceCount;

{

result = ERROR_OUTOFMEMORY;

}

if (result != ERROR_SUCCESS)

{

SetLastError (result);

ElevatedComInstanceThreadId = GetCurrentThreadId();

}

}

#if defined (TCMOUNT)

static ITrueCryptMainCom *ElevatedComInstance;

#elif defined (VOLFORMAT)

int Elevator::ReferenceCount = 0;

#else // SETUP

class Elevator

{

public:

{

FileOpen = true;

}

{

LastError = GetLastError();

if (LastError == ERROR_ACCESS_DENIED && IsUacSupported())

{

FileOpen = true;

}

{

LastError = GetLastError ();

if (LastError == ERROR_ACCESS_DENIED && IsUacSupported())

{

if (RescueIsoImage)

delete[] RescueIsoImage;

Elevator::Release();

}

if (config.SystemPartition.IsGPT)

throw ParameterIncorrect (SRC_POS); // It is assumed that CheckRequirements() had been called

foreach (const Partition &partition, config.Partitions)

{

if (partition.Info.BootIndicator)

}

/* WARNING: Note that the partition number at the end of a device path (\Device\HarddiskY\PartitionX) must

a higer number than the third one. */

// Find the first partition physically located behind the active partition

if (activePartitionFound)

{

ProbeRealDriveSizeRequest request;

StringCchCopyW (request.DeviceName, ARRAYSIZE (request.DeviceName), DriveConfig.DrivePartition.DevicePath.c_str());

CallDriver (TC_IOCTL_PROBE_REAL_DRIVE_SIZE, &request, sizeof (request), &request, sizeof (request));

DriveConfig.DrivePartition.Info.PartitionLength = request.RealDriveSize;

return partList;

}

DISK_GEOMETRY BootEncryption::GetDriveGeometry (int driveNumber)

{

return geometry;

}

wstring BootEncryption::GetWindowsDirectory ()

{

wchar_t buf[MAX_PATH];

throw_sys_if (GetSystemDirectory (buf, ARRAYSIZE (buf)) == 0);

return wstring (buf);

}

// Note that this does not require admin rights (it just requires the driver to be running)

bool BootEncryption::IsBootLoaderOnDrive (wchar_t *devicePath)

{

{

OPEN_TEST_STRUCT openTestStruct;

memset (&openTestStruct, 0, sizeof (openTestStruct));

bool BootEncryption::IsHiddenSystemRunning ()

{

int hiddenSystemStatus;

CallDriver (TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING, nullptr, 0, &hiddenSystemStatus, sizeof (hiddenSystemStatus));

return hiddenSystemStatus != 0;

}

if (userConfig)

*userConfig = request.UserConfiguration;

if (customUserMessage)

{

request.CustomUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH] = 0;

if (userConfig)

*userConfig = 0;

if (customUserMessage)

customUserMessage->clear();

memcpy (mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, customUserMessage.c_str(), customUserMessage.size());

}

if (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)

{

// PIM for pre-boot authentication can be encoded on two bytes since its maximum

ZeroMemory (&request, sizeof (request));

request.WipeAlgorithm = wipeAlgorithm;

if (Randinit() != ERR_SUCCESS)

{

if (CryptoAPILastError == ERROR_SUCCESS)

CallDriver (TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE);

}

DecoySystemWipeStatus BootEncryption::GetDecoyOSWipeStatus ()

{

DecoySystemWipeStatus status;

device.SeekAt (0);

device.Read (mbr, sizeof (mbr));

finally_do_arg (BootEncryption *, this,

{

try

WCHAR pathBuf[MAX_PATH];

throw_sys_if (!SUCCEEDED (SHGetFolderPath (NULL, CSIDL_COMMON_APPDATA | CSIDL_FLAG_CREATE, NULL, 0, pathBuf)));

wstring path = wstring (pathBuf) + L"\\" _T(TC_APP_NAME);

CreateDirectory (path.c_str(), NULL);

throw ParameterIncorrect (SRC_POS);

Buffer imageBuf (RescueIsoImageSize);

byte *image = imageBuf.Ptr();

memset (image, 0, RescueIsoImageSize);

File sysBakFile (GetSystemLoaderBackupPath(), true);

sysBakFile.CheckOpened (SRC_POS);

sysBakFile.Read (image + TC_CD_BOOTSECTOR_OFFSET + TC_ORIG_BOOT_LOADER_BACKUP_SECTOR_OFFSET, TC_BOOT_LOADER_AREA_SIZE);

image[TC_CD_BOOTSECTOR_OFFSET + TC_BOOT_SECTOR_CONFIG_OFFSET] |= TC_BOOT_CFG_FLAG_RESCUE_DISK_ORIG_SYS_LOADER;

}

catch (Exception &e)

e.Show (ParentWindow);

Warning ("SYS_LOADER_UNAVAILABLE_FOR_RESCUE_DISK", ParentWindow);

}

// Boot loader backup

CreateBootLoaderInMemory (image + TC_CD_BOOTSECTOR_OFFSET + TC_BOOT_LOADER_BACKUP_RESCUE_DISK_SECTOR_OFFSET, TC_BOOT_LOADER_AREA_SIZE, false);

UINT driveType = GetDriveType (rootPath);

// check that it is a CD/DVD drive or a removable media in case a bootable

// USB key was created from the rescue disk ISO file

{

rootPath[2] = 0; // remove trailing backslash

Buffer buffer ((verifiedSectorCount + 1) * 2048);

DWORD bytesRead = isoFile.Read (buffer.Ptr(), (DWORD) buffer.Size());

&& (memcmp (buffer.Ptr(), RescueIsoImage, buffer.Size()) == 0)

)

{

{

if (nCurrentOS == WIN_2000)

throw ErrorException ("SYS_ENCRYPTION_UNSUPPORTED_ON_CURRENT_OS", SRC_POS);

if (CurrentOSMajor == 6 && CurrentOSMinor == 0 && CurrentOSServicePack < 1)

throw ErrorException ("SYS_ENCRYPTION_UNSUPPORTED_ON_VISTA_SP0", SRC_POS);

if (!pagingFilesOk)

{

+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION")

+ L"\n\n\n"

+ GetString ("RESTRICT_PAGING_FILES_TO_SYS_PARTITION")

AbortProcessSilent();

}

+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);

}

wchar_t *configPath = GetConfigPath (L"dummy");

if (configPath && towupper (configPath[0]) != windowsDrive)

{

+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);

}

// Temporary files

if (towupper (GetTempPathString()[0]) != windowsDrive)

{

+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);

}

}

device.Read ((byte *) header, sizeof (header));

PCRYPTO_INFO cryptoInfo = NULL;

int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, FALSE, &cryptoInfo, NULL);

finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); });

UserEnrichRandomPool (hwndDlg);

WaitCursor();

techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy

to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22

times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might

SelectedEncryptionAlgorithmId = ea;

SelectedPrfAlgorithmId = pkcs5;

CreateVolumeHeader (volumeSize, encryptedAreaStart, &password, ea, mode, pkcs5, pim);

if (!rescueIsoImagePath.empty())

CreateRescueIsoImage (true, rescueIsoImagePath);

}

BootEncryptionSetupRequest request;

ZeroMemory (&request, sizeof (request));

request.SetupMode = SetupDecryption;

request.DiscardUnreadableEncryptedSectors = discardUnreadableEncryptedSectors;

BootEncryptionSetupRequest request;

ZeroMemory (&request, sizeof (request));

request.SetupMode = SetupEncryption;

request.WipeAlgorithm = wipeAlgorithm;

request.ZeroUnreadableSectors = zeroUnreadableSectors;

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#ifndef CACHE_SIZE

/* WARNING: Changing this value might not be safe (some items may be hard coded for 4)! Inspection necessary. */

#endif

extern int cacheEmpty;

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

StringCchCatW (tmp, 8192, L"\nExamples:\n\nMount a volume as X:\tveracrypt.exe /q /v volume.hc /l X\nDismount a volume X:\tveracrypt.exe /q /d X");

SetWindowTextW (GetDlgItem (hwndDlg, IDC_COMMANDHELP_TEXT), tmp);

TCfree(tmp);

return 1;

}

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

{

wchar_t szTmp[MAX_PATH] = { 0 };

wchar_t wszVolume[MAX_PATH] = {0};

if (i < count)

{

if (SendMessage (hComboBox, CB_GETLBTEXTLEN, nComboIdx[i], 0) < ARRAYSIZE (szTmp))

for (i = 0; i < SIZEOF_MRU_LIST; i++)

{

wchar_t szTmp[MAX_PATH] = { 0 };

if (SendMessage (hComboBox, CB_GETLBTEXTLEN, nComboIdx[i], 0) < ARRAYSIZE (szTmp))

SendMessage (hComboBox, CB_GETLBTEXT, nComboIdx[i], (LPARAM) & szTmp[0]);

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

//

#ifdef APSTUDIO_INVOKED

BEGIN

IDD_ABOUT_DLG, DIALOG

BEGIN

// TEXTINCLUDE

//

BEGIN

"resource.h\0"

END

BEGIN

"#include ""afxres.h""\r\n"

"\0"

END

BEGIN

"\r\n"

"\0"

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/* CRC polynomial 0x04c11db7 */

unsigned __int32 crc_32_tab[]=

0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,

0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,

0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

case SERPENT:

serpent_set_key (key, ks);

break;

case TWOFISH:

twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key);

break;

{

switch (cipher)

{

// In 32-bit kernel mode, due to KeSaveFloatingPointState() overhead, AES instructions can be used only when processing the whole data unit.

#if (defined (_WIN64) || !defined (TC_WINDOWS_DRIVER)) && !defined (TC_WINDOWS_BOOT)

if (IsAesHwCpuSupported())

/* Note: XTS mode could potentially be initialized with a weak key causing all blocks in one data unit

on the volume to be tweaked with zero tweaks (i.e. 512 bytes of the volume would be encrypted in ECB

mode). However, to create a TrueCrypt volume with such a weak key, each human being on Earth would have

that the size of each of the volumes is 1024 terabytes). */

break;

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

int c, i = 0;

while (c = EncryptionAlgorithms[ea].Modes[i++])

{

return EncryptionAlgorithms[ea].Modes[i];

}

int c, i = 0;

while (c = EncryptionAlgorithms[ea].Ciphers[i++])

{

return EncryptionAlgorithms[ea].Ciphers[i];

}

while (c = EncryptionAlgorithms[ea].Ciphers[i++])

{

return EncryptionAlgorithms[ea].Ciphers[i - 2];

}

// EncryptBuffer

//

// buf: data to be encrypted; the start of the buffer is assumed to be aligned with the start of a data unit.

// by the largest block size used within the cascade)

void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo)

{

}

break;

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

}

break;

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

// DecryptBuffer

//

// buf: data to be decrypted; the start of the buffer is assumed to be aligned with the start of a data unit.

// by the largest block size used within the cascade)

void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo)

{

}

break;

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

}

break;

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

if (IsAesHwCpuSupported())

aes_hw_cpu_encrypt ((byte *) ks, data);

else

#elif defined (TC_WINDOWS_BOOT_SERPENT)

serpent_encrypt (data, data, ks);

#elif defined (TC_WINDOWS_BOOT_TWOFISH)

if (IsAesHwCpuSupported())

aes_hw_cpu_decrypt ((byte *) ks + sizeof (aes_encrypt_ctx) + 14 * 16, data);

else

#elif defined (TC_WINDOWS_BOOT_SERPENT)

serpent_decrypt (data, data, ks);

#elif defined (TC_WINDOWS_BOOT_TWOFISH)

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#define MASTER_KEYDATA_SIZE 256

// The first PRF to try when mounting

enum

{

SHA512 = FIRST_PRF_ID,

};

// The last PRF to try when mounting and also the number of implemented PRFs

#define RIPEMD160_BLOCKSIZE 64

#define RIPEMD160_DIGESTSIZE 20

{

NONE = 0,

AES,

TWOFISH

};

#ifndef TC_WINDOWS_BOOT

uint16 HeaderVersion;

unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */

unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */

unsigned __int8 salt[PKCS5_SALT_SIZE];

BOOL bTrueCryptMode;

int volumePim;

BOOL bProtectHiddenVolume; // Indicates whether the volume contains a hidden volume to be protected against overwriting

BOOL bHiddenVolProtectionAction; // TRUE if a write operation has been denied by the driver in order to prevent the hidden volume from being overwritten (set to FALSE upon volume mount).

uint64 volDataAreaOffset; // Absolute position, in bytes, of the first data sector of the volume.

uint64 hiddenVolumeSize; // Size of the hidden volume excluding the header (in bytes). Set to 0 for standard volumes.

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

void *GetDictionaryValue (const char *key)

{

map <string, void *>::const_iterator i = StringKeyMap.find (key);

if (i == StringKeyMap.end())

return NULL;

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

BOOL bHistory = FALSE;

// 0 - Unknown/undetermined/completed, 1: Detection is or was in progress (but did not complete e.g. due to system crash).

OSVersionEnum nCurrentOS = WIN_UNKNOWN;

int CurrentOSMajor = 0;

BOOL bInPlaceEncNonSysPending = FALSE; // TRUE if the non-system in-place encryption config file indicates that one or more partitions are scheduled to be encrypted. This flag is set only when config files are loaded during app startup.

BOOL PimEnable = FALSE;

BOOL KeyFilesEnable = FALSE;

KeyFile *FirstKeyFile = NULL;

HANDLE hDriver = INVALID_HANDLE_VALUE;

/* This mutex is used to prevent multiple instances of the wizard or main app from dealing with system encryption */

/* This mutex is used for non-system in-place encryption but only for informative (non-blocking) purposes,

such as whether an app should prompt the user whether to resume scheduled process. */

/* This value may changed only by calling ChangeSystemEncryptionStatus(). Only the wizard can change it

(others may still read it though). */

/* Only the wizard can change this value (others may only read it). */

WipeAlgorithmId nWipeMode = TC_WIPE_NONE;

#error PKCS5_BENCHMARKS and HASH_FNC_BENCHMARKS are both TRUE (at least one of them should be FALSE).

#endif

{

BENCHMARK_SORT_BY_NAME = 0,

BENCHMARK_SORT_BY_SPEED

};

{

int id;

wchar_t name[100];

#endif // #ifndef SETUP

{

void *strings;

BOOL bold;

/* Close the device driver handle */

if (hDriver != INVALID_HANDLE_VALUE)

{

if (IsNonInstallMode ())

{

// If a dismount was forced in the lifetime of the driver, Windows may later prevent it to be loaded again from

DWORD handleWin32Error (HWND hwndDlg, const char* srcPos)

{

PWSTR lpMsgBuf;

wchar_t szErrorValue[32];

wchar_t* pszDesc;

{

SIZE sizes;

TEXTMETRIC textMetrics;

SelectObject(hdc, (HGDIOBJ) hFont);

GetTextMetrics(hdc, &textMetrics); // Necessary for non-TrueType raster fonts (tmOverhang)

return ((int) sizes.cx - (int) textMetrics.tmOverhang);

}

int GetTextGfxHeight (HWND hwndDlgItem, const wchar_t *text, HFONT hFont)

{

SIZE sizes;

SelectObject(hdc, (HGDIOBJ) hFont);

GetTextExtentPoint32W (hdc, text, (int) wcslen (text), &sizes);

return ((int) sizes.cy);

}

rect.right = width;

rect.bottom = LONG_MAX;

SelectObject (hdc, (HGDIOBJ) hFont);

wchar_t pathBuf[TC_MAX_PATH];

if (DrawText (hdc, pathBuf, (int) path.size(), &rect, DT_CALCRECT | DT_MODIFYSTRING | DT_PATH_ELLIPSIS | DT_SINGLELINE) != 0)

newPath = pathBuf;

return newPath;

}

width = GetTextGfxWidth (hwndCtrl, text, hFont);

height = GetTextGfxHeight (hwndCtrl, text, hFont);

origWidth = rec.right;

origHeight = rec.bottom;

if (width >= 0

{

horizSubOffset = origWidth - width;

vertSubOffset = origHeight - height;

alignPosDiff = horizSubOffset / 2;

else if (windowInfo.dwStyle & SS_RIGHT)

alignPosDiff = horizSubOffset;

// Resize/move

if (alignPosDiff > 0)

{

// Protects an input field from having its content updated by a Paste action. Used for pre-boot password

// user from pasting a password typed using a non-US keyboard layout).

void ToBootPwdField (HWND hwndDlg, UINT ctrlId)

{

if (hDC)

{

ScreenDPI = GetDeviceCaps (hDC, LOGPIXELSY);

}

DPIScaleFactorX = 1;

if (ScreenDPI != USER_DEFAULT_SCREEN_DPI)

{

// actual screen DPI is redundant and leads to incorrect results. What really matters here is

// how Windows actually renders our GUI. This is determined by comparing the expected and current

// sizes of a hidden calibration text field.

GetClientRect (GetDlgItem (hwndDlg, IDC_ABOUT_LOGO_AREA), &rec);

SetWindowPos (GetDlgItem (hwndDlg, IDC_ABOUT_BKG), HWND_TOP, 0, 0, rec.right, rec.bottom, SWP_NOMOVE);

if (ScreenDPI != USER_DEFAULT_SCREEN_DPI)

{

// Logo (must recreate and keep the original aspect ratio as Windows distorts it)

void ProcessPaintMessages (HWND hwnd, int maxMessagesToProcess)

{

MSG paintMsg;

while (PeekMessageW (&paintMsg, hwnd, 0, 0, PM_REMOVE | PM_QS_PAINT) != 0 && msgCounter-- > 0)

{

}

If bDirectRender is FALSE and both nWidth and nHeight are zero, the width and height of hwndDest are

retrieved and adjusted according to screen DPI (the width and height of the resultant image are adjusted the

same way); furthermore, if bKeepAspectRatio is TRUE, the smaller DPI factor of the two (i.e. horiz. or vert.)

is used both for horiz. and vert. scaling (note that the overall GUI aspect ratio changes irregularly in

This function returns a handle to the scaled bitmap. When the bitmap is no longer needed, it should be

- Windows 2000 may produce slightly inaccurate colors even when source, buffer, and target are 24-bit true color. */

HBITMAP RenderBitmap (wchar_t *resource, HWND hwndDest, int x, int y, int nWidth, int nHeight, BOOL bDirectRender, BOOL bKeepAspectRatio)

{

GetObject (picture, sizeof (BITMAP), &bitmap);

if (hdcRescaled)

{

SelectObject (hdcRescaled, hbmpRescaled);

hdcSrc,

0,

0,

bitmap.bmHeight,

SRCCOPY);

wc.hCursor = NULL;

wc.hbrBackground = (HBRUSH) GetStockObject (LTGRAY_BRUSH);

wc.lpszClassName = L"VCREDTICK";

rc = (ULONG) RegisterClassW (&wc);

return rc == 0 ? FALSE : TRUE;

{

if (!bHeaderWipe)

{

}

AddComboPair (hComboBox, GetString ("WIPE_MODE_1_RAND"), TC_WIPE_1_RAND);

else

lpack[0] = 0;

sprintf (url, TC_APPLINK_SECURE "&dest=err-report%s&os=%s&osver=%d.%d.%d&arch=%s&cpus=%d&app=%s&cksum=%x&dlg=%s&err=%x&addr=%x"

, lpack

, GetWindowsEdition().c_str()

// Mutex handling to prevent multiple instances of the wizard or main app from dealing with system encryption.

BOOL CreateSysEncMutex (void)

{

return TCCreateMutex (&hSysEncMutex, TC_MUTEX_NAME_SYSENC);

}

BOOL CreateNonSysInplaceEncMutex (void)

{

return TCCreateMutex (&hNonSysInplaceEncMutex, TC_MUTEX_NAME_NONSYS_INPLACE_ENC);

// Returns TRUE if another instance of the wizard is preparing, resuming or performing non-system in-place encryption

BOOL NonSysInplaceEncInProgressElsewhere (void)

{

&& MutexExistsOnSystem (TC_MUTEX_NAME_NONSYS_INPLACE_ENC));

}

// Mutex handling to prevent multiple instances of the wizard or main app from trying to install

// or register the driver or from trying to launch it in portable mode at the same time.

BOOL CreateDriverSetupMutex (void)

{

return TCCreateMutex (&hDriverSetupMutex, TC_MUTEX_NAME_DRIVER_SETUP);

}

BOOL TCCreateMutex (volatile HANDLE *hMutex, wchar_t *name)

{

if (*hMutex != NULL)

}

BOOL MutexExistsOnSystem (wchar_t *name)

{

if (name[0] == 0)

return FALSE;

if (GetLastError () == ERROR_ACCESS_DENIED) // On Vista, this is returned if the owner of the mutex is elevated while we are not

// The call failed and it is not certain whether the mutex exists or not

return FALSE;

void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)

{

WNDCLASSW wc;

InitOSVersionInfo();

LoadSystemDll (L"Usp10.DLL", &hUsp10Dll, TRUE, SRC_POS);

LoadSystemDll (L"UXTheme.dll", &hUXThemeDll, TRUE, SRC_POS);

LoadSystemDll (L"SETUPAPI.DLL", &hSetupDll, FALSE, SRC_POS);

LoadSystemDll (L"userenv.dll", &hUserenvDll, TRUE, SRC_POS);

LoadSystemDll (L"rsaenh.dll", &hRsaenhDll, TRUE, SRC_POS);

}

if (IsOSAtLeast (WIN_VISTA))

LoadSystemDll (L"netapi32.dll", &hnetapi32dll, TRUE, SRC_POS);

LoadSystemDll (L"authz.dll", &hauthzdll, TRUE, SRC_POS);

LoadSystemDll (L"xmllite.dll", &hxmllitedll, TRUE, SRC_POS);

}

if (IsOSAtLeast (WIN_VISTA))

LoadSystemDll (L"spp.dll", &hsppdll, TRUE, SRC_POS);

LoadSystemDll (L"vssapi.dll", &vssapidll, TRUE, SRC_POS);

LoadSystemDll (L"vsstrace.dll", &hvsstracedll, TRUE, SRC_POS);

LoadSystemDll (L"cfgmgr32.dll", &hcfgmgr32dll, TRUE, SRC_POS);

LoadSystemDll (L"devobj.dll", &hdevobjdll, TRUE, SRC_POS);

LoadSystemDll (L"powrprof.dll", &hpowrprofdll, TRUE, SRC_POS);

LoadSystemDll (L"dwmapi.dll", &hdwmapidll, TRUE, SRC_POS);

LoadSystemDll (L"crypt32.dll", &hcrypt32dll, TRUE, SRC_POS);

LoadSystemDll (L"bcrypt.dll", &hbcryptdll, TRUE, SRC_POS);

}

#else

LoadSystemDll (L"WINSCARD.DLL", &hwinscarddll, TRUE, SRC_POS);

#endif

LoadSystemDll (L"COMCTL32.DLL", &hComctl32Dll, FALSE, SRC_POS);

// call InitCommonControls function

InitCommonControlsFn = (InitCommonControlsPtr) GetProcAddress (hComctl32Dll, "InitCommonControls");

ImageList_AddFn = (ImageList_AddPtr) GetProcAddress (hComctl32Dll, "ImageList_Add");

// Language

langId[0] = 0;

SetPreferredLangId (ConfigReadString ("Language", "", langId, sizeof (langId)));

if (langId[0] == 0)

{

if (IsNonInstallMode ())

}

memset (&wcex, 0, sizeof (wcex));

wcex.lpfnWndProc = (WNDPROC) NonInstallUacWndProc;

wcex.hInstance = hInstance;

wcex.lpszClassName = L"VeraCrypt";

break;

}

}

/* Get the attributes for the standard dialog class */

if ((GetClassInfoW (hInst, WINDOWS_DIALOG_CLASS, &wc)) == 0)

{

&dwResult, NULL);

// check variable driver

&& ( (driver->bDetectTCBootLoader != TRUE && driver->bDetectTCBootLoader != FALSE) ||

(driver->TCBootLoaderDetected != TRUE && driver->TCBootLoaderDetected != FALSE) ||

(driver->DetectFilesystem != TRUE && driver->DetectFilesystem != FALSE) ||

else

return FALSE;

}

return TRUE;

}

/* Stores the device path of the system partition in SysPartitionDevicePath and the device path of the system drive

in SysDriveDevicePath.

return code, you can use the global flags bSysPartitionSelected and bSysDriveSelected to see if the user

selected the system partition/device.

After this function completes successfully, the results are cached for the rest of the session and repeated

BOOL GetSysDevicePaths (HWND hwndDlg)

{

if (!bCachedSysDevicePathsValid

|| wcslen (SysDriveDevicePath) <= 1)

{

foreach (const HostDevice &device, GetAvailableHostDevices (false, true))

{

if (device.ContainsSystem)

}

if (IsOSAtLeast (WIN_7))

bCachedSysDevicePathsValid = 1;

}

&& wcslen (SysDriveDevicePath) > 1);

}

If it's FALSE and the function is called for the first time, execution may take up to one minute but the

results are reliable.

IMPORTANT: As the execution may take a very long time if called for the first time with bReliableRequired set

to TRUE, it should be called with bReliableRequired set to TRUE only before performing a dangerous

return code, you can use the global flags bSysPartitionSelected and bSysDriveSelected to see if the

user selected the system partition/device).

After this function completes successfully, the results are cached for the rest of the session, bReliableRequired

Return codes:

1 - it is the system partition path (e.g. \Device\Harddisk0\Partition1)

2 - it is the system drive path (e.g. \Device\Harddisk0\Partition0)

/* Determines whether the path points to a non-system partition on the system drive.

IMPORTANT: As this may take a very long time if called for the first time, it should be called

Return codes:

-1 - the result can't be determined, isn't reliable, or there was an error. */

int IsNonSysPartitionOnSysDrive (const wchar_t *path)

{

if (wcsncmp (tmpPath, SysDriveDevicePath, max (wcslen(tmpPath), wcslen(SysDriveDevicePath))) == 0)

{

return 1;

}

{

return 0;

}

}

LocalizeDialog (hwndDlg, "IDD_RAWDEVICES_DLG");

SendMessage (hList,LVM_SETEXTENDEDLISTVIEWSTYLE,0,

LvCol.pszText = GetString ("DEVICE");

LvCol.cx = CompensateXDPI (186);

LvCol.fmt = LVCFMT_LEFT;

SendMessage (hList,LVM_INSERTCOLUMNW,0,(LPARAM)&LvCol);

LvCol.cx = CompensateXDPI (38);

LvCol.fmt = LVCFMT_LEFT;

SendMessage (hList,LVM_INSERTCOLUMNW,1,(LPARAM)&LvCol);

// Path

if (!device.IsPartition || device.DynamicVolume)

{

&& (device.IsPartition || device.Partitions.empty() || device.Partitions[0].Size == 0)

)

continue;

if (line > 1)

{

ListItemAdd (hList, item.iItem, L"");

}

if (device.Floppy || device.DynamicVolume)

}

#endif

}

SendMessageW(hList, LVM_SETCOLUMNWIDTH, 0, MAKELPARAM(LVSCW_AUTOSIZE_USEHEADER, 0));

{

BOOL bEnableOkButton = FALSE;

LVITEM LvItem;

LvItem.iItem = ((LPNMLISTVIEW) lParam)->iItem;

LvItem.pszText = lpszFileName;

LvItem.cchTextMax = TC_MAX_PATH;

int selectedItem = ListView_GetSelectionMark (GetDlgItem (hwndDlg, IDC_DEVICELIST));

if (selectedItem == -1 || itemToDeviceMap.find (selectedItem) == itemToDeviceMap.end())

const HostDevice selectedDevice = itemToDeviceMap[selectedItem];

StringCchCopyW (lpszFileName, TC_MAX_PATH, selectedDevice.Path.c_str());

}

}

if (!selectedDevice.IsVirtualPartition

&& !bHiddenVolDirect)

{

#endif // #ifdef VOLFORMAT

}

bSysDriveSelected = FALSE;

#ifdef VOLFORMAT

if (hDriver == INVALID_HANDLE_VALUE)

return TRUE;

try

{

if (BootEncryption (NULL).GetStatus().DeviceFilterActive)

}

// Try to open a handle to the driver again (keep the mutex in case the other instance failed)

}

else

{

if (SystemEncryptionStatus != SYSENC_STATUS_NONE)

{

// This is an inconsistent state. The config file indicates system encryption should be

// the user selects "Last Known Good Configuration" from the Windows boot menu.

// To fix this, we're going to reinstall the driver, start it, and register it for boot.

return res;

bPortableModeConfirmed = TRUE;

if (hDriver != INVALID_HANDLE_VALUE)

CloseHandle (hDriver);

hDriver = CreateFile (WIN32_ROOT_PREFIX, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);

| OFN_PATHMUSTEXIST

| OFN_ALLOWMULTISELECT

| (keepHistory ? 0 : OFN_DONTADDTORECENT);

if (!keepHistory)

CleanLastVisitedMRU ();

CleanLastVisitedMRU ();

status = TRUE;

ret:

SystemFileSelectorCallPending = FALSE;

ResetCurrentDirectory();

}

{

switch(uMsg) {

{

/* WParam is TRUE since we are passing a path.

It would be FALSE if we were passing a pidl. */

break;

}

{

wchar_t szDir[TC_MAX_PATH];

/* Set the status window to the currently selected path. */

{

SendMessage (hwnd,BFFM_SETSTATUSTEXT,0,(LPARAM)szDir);

}

CoInitialize (NULL);

{

ZeroMemory (&bi, sizeof(bi));

bi.hwndOwner = hwndDlg;

bi.lParam = (LPARAM)dirName;

pidl = SHBrowseForFolderW (&bi);

{

{

bOK = TRUE;

}

// Font

SendMessageW (hwnd, WM_SETFONT, (WPARAM) font, 0);

return TRUE;

}

SetWindowTextW (hwnd, L"VeraCrypt");

else

SetWindowTextW (hwnd, GetString (stringId));

if (hUserFont != 0)

EnumChildWindows (hwnd, LocalizeDialogEnum, (LPARAM) hUserFont);

}

DWORD cbLabelLen = (DWORD) ((wcslen (effectiveLabel) + 1) * sizeof (wchar_t));

BOOL bToBeDeleted = FALSE;

if (bSetValue)

KEY_READ | KEY_WRITE | KEY_SET_VALUE, NULL, &hKey, NULL);

else

lStatus = RegOpenKeyExW (HKEY_CURRENT_USER, wszRegPath, 0, KEY_READ | KEY_WRITE | KEY_SET_VALUE, &hKey);

if (bToBeDeleted)

{

lStatus = RegOpenKeyExW (HKEY_CURRENT_USER, wszRegPath, 0, KEY_READ | KEY_WRITE | KEY_SET_VALUE, &hKey);

if (ERROR_SUCCESS == lStatus)

{

versionString.insert (version > 0xfff ? 2 : 1,L".");

if (versionString[versionString.length()-1] == L'0')

return (versionString);

}

arr.clear();

if (len %2)

return false;

for (i = 0; i < len/2; i++)

{

if (!HexToByte (*hexStr++, b1) || !HexToByte (*hexStr++, b2))

{

static wchar_t *b, *kb, *mb, *gb, *tb, *pb;

static int serNo;

if (b == NULL || serNo != LocalizationSerialNo)

{

serNo = LocalizationSerialNo;

}

break;

}

/* Render the results */

SendMessage (hList,LVM_DELETEALLITEMS,0,(LPARAM)&LvItem);

LvItem.iItem = i;

LvItem.iSubItem = 0;

LvItem.pszText = (LPWSTR) benchmarkTable[i].name;

#if PKCS5_BENCHMARKS

wcscpy (item1, L"-");

LvItem.iSubItem = 1;

LvItem.pszText = item1;

#if PKCS5_BENCHMARKS

wcscpy (item1, L"-");

LvItem.iSubItem = 2;

LvItem.pszText = item1;

#if PKCS5_BENCHMARKS

swprintf (item1, L"%d t", benchmarkTable[i].encSpeed);

LvItem.iSubItem = 3;

LvItem.pszText = item1;

}

SendMessageW(hList, LVM_SETCOLUMNWIDTH, 0, MAKELPARAM(LVSCW_AUTOSIZE_USEHEADER, 0));

typedef struct

{

HWND hBenchDlg;

} BenchmarkThreadParam;

static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg);

#if HASH_FNC_BENCHMARKS

/* Measures the speed at which each of the hash algorithms processes the message to produce

them when building a public release (the benchmark GUI strings wouldn't make sense). */

{

sha256_ctx s256ctx;

int hid;

{

if (QueryPerformanceCounter (&performanceCountStart) == 0)

goto counter_error;

#elif PKCS5_BENCHMARKS // #if HASH_FNC_BENCHMARKS

/* Measures the time that it takes for the PKCS-5 routine to derive a header key using

them when building a public release (the benchmark GUI strings wouldn't make sense). */

{

int thid, i;

char dk[MASTER_KEYDATA_SIZE];

char *tmp_salt = {"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF\x01\x23\x45\x67\x89\xAB\xCD\xEF\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF\x01\x23\x45\x67\x89\xAB\xCD\xEF\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"};

{

if (QueryPerformanceCounter (&performanceCountStart) == 0)

goto counter_error;

{

switch (thid)

{

#else // #elif PKCS5_BENCHMARKS

/* Encryption algorithm benchmarks */

for (ci->ea = EAGetFirst(); ci->ea != 0; ci->ea = EAGetNext(ci->ea))

{

if (!EAIsFormatEnabled (ci->ea))

return TRUE;

counter_error:

if (ci)

crypto_close (ci);

benchmarkSortMethod = BENCHMARK_SORT_BY_SPEED;

SendMessage (hList,LVM_SETEXTENDEDLISTVIEWSTYLE,0,

LvCol.pszText = GetString ("ALGORITHM");

LvCol.cx = CompensateXDPI (114);

LvCol.fmt = LVCFMT_LEFT;

SetTimer (hwndDlg, 0xfd, RANDPOOL_DISPLAY_REFRESH_INTERVAL, NULL);

SendMessage (GetDlgItem (hwndDlg, IDC_POOL_CONTENTS), WM_SETFONT, (WPARAM) hFixedDigitFont, (LPARAM) TRUE);

hEntropyBar = GetDlgItem (hwndDlg, IDC_ENTROPY_BAR);

SendMessage (hEntropyBar, PBM_SETRANGE32, 0, maxEntropyLevel);

SendMessage (hEntropyBar, PBM_SETSTEP, 1, 0);

else if (bUseMask)

{

/* use mask to compute a randomized ascii representation */

lastRandPool[row * RANDPOOL_DISPLAY_COLUMNS + col]) ^ maskRandPool [row * RANDPOOL_DISPLAY_COLUMNS + col];

tmp[0] = (wchar_t) (((tmpByte >> 4) % 6) + L'*');

tmp[1] = (wchar_t) (((tmpByte & 0x0F) % 6) + L'*');

SendMessage (hEntropyBar, PBM_SETSTEP, 1, 0);

SendMessage (hEntropyBar, PBM_SETSTATE, PBST_ERROR, 0);

{

handleError (hwndDlg, (CryptoAPILastError == ERROR_SUCCESS)? ERR_RAND_INIT_FAILED : ERR_CAPI_INIT_FAILED, SRC_POS);

EndDialog (hwndDlg, IDCLOSE);

else if (bUseMask)

{

/* use mask to compute a randomized ASCII representation */

lastRandPool[row * RANDPOOL_DISPLAY_COLUMNS + col]) ^ maskRandPool [row * RANDPOOL_DISPLAY_COLUMNS + col];

tmp[0] = (wchar_t) (((tmpByte >> 4) % 6) + L'*');

tmp[1] = (wchar_t) (((tmpByte & 0x0F) % 6) + L'*');

for (i= 0; i < keyfilesCount; i++)

{

StringCbCopyW(szFileName, sizeof(szFileName), szDirName);

if (i > 0)

{

StringCbPrintfW(szSuffix, sizeof(szSuffix), L"_%d", i);

NormalCursor();

return 1;

}

/* since keyfilesSize < 1024 * 1024, we mask with 0x000FFFFF */

keyfilesSize = (long) (((unsigned long) keyfilesSize) & 0x000FFFFF);

keyfilesSize += 64;

}

if (!RandgetBytesFull (hwndDlg, keyfile, keyfilesSize, TRUE, TRUE))

{

_close (fhKeyfile);

TCfree(keyfile);

NormalCursor();

return 1;

/* Write the keyfile */

status = _write (fhKeyfile, keyfile, keyfilesSize);

NormalCursor();

handleWin32Error (hwndDlg, SRC_POS);

return 1;

}

TCfree(keyfile);

WaitCursor();

KillTimer (hwndDlg, 0xfd);

RandStop (FALSE);

#endif

/* Cleanup */

{

ShowWindow(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), SW_SHOWNORMAL);

SetWindowTextW(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), GetString ("TESTS_FAILED"));

else

{

ShowWindow(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), SW_SHOWNORMAL);

inputtext[n] = (char) x;

}

// XTS

if (bXTSTestEnabled)

{

blockNo = (int) SendMessage (GetDlgItem (hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_GETCURSEL, 0, 0), 0);

} // if (bXTSTestEnabled)

/* Perform the actual tests */

{

char tmp[128];

int tmpRetVal;

return 0;

}

ResetCipherTest(HWND hwndDlg, int idTestCipher)

{

int ndx;

SetWindowText(GetDlgItem(hwndDlg, IDC_SECONDARY_KEY), L"0000000000000000000000000000000000000000000000000000000000000000");

SetWindowText(GetDlgItem(hwndDlg, IDC_TEST_DATA_UNIT_NUMBER), L"0");

SetWindowText(GetDlgItem(hwndDlg, IDC_PLAINTEXT), L"0000000000000000");

SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), L"0000000000000000");

pStr++;

pwStr++;

{

if (*pStr != 0)

{

hUserFont),

nLongestButtonCaptionWidth);

(int) wcslen ((const wchar_t *) (bResolve ? GetString(*pStr) : *pwStr)));

}

// Length of main message in characters (not bytes)

nMainTextLenInChars = (int) wcslen ((const wchar_t *) (bResolve ? GetString(*(pStrOrig+1)) : *(pwStrOrig+1)));

&& nMainTextLenInChars / nLongestButtonCaptionCharLen >= 10)

{

// Otherwise, it would look too tall (dialog boxes look better when they are more wide than tall).

nLongestButtonCaptionWidth = CompensateXDPI (max (

min (350, nMainTextLenInChars)));

}

do

{

(char *) L"\n",

offset + 1);

newLineSeqCount++;

// Reduction in height according to the number of shown buttons

vertSubOffset = ((MAX_MULTI_CHOICES - nActiveChoices) * nBaseButtonHeight);

|| vertOffset > 0)

{

// Resize/move each button if necessary

trec.right + 2 + horizSubOffset,

trec.bottom + 2,

TRUE);

GetWindowRect(GetDlgItem(hwndDlg, IDC_MC_DLG_HR2), &rec);

GetClientRect(GetDlgItem(hwndDlg, IDC_MC_DLG_HR2), &trec);

MoveWindow (GetDlgItem(hwndDlg, IDC_MC_DLG_HR2),

BOOL CheckCapsLock (HWND hwnd, BOOL quiet)

{

{

if (!quiet)

{

L".vb", L".vbe", L".vbs", L".vsmacros", L".vss", L".vst", L".vsw", L".ws", L".wsc", L".wsf", L".wsh", L".xsd", L".xsl",

// These additional file extensions are usually watched by antivirus programs

L".386", L".acm", L".ade", L".adp", L".ani", L".app", L".asd", L".asf", L".asx", L".awx", L".ax", L".boo", L".bz2", L".cdf",

L".j2k", L".jar", L".jff", L".jif", L".jmh", L".jng", L".jp2", L".jpe", L".jpeg", L".jpg", L".lsp", L".mod", L".nws",

L".obj", L".olb", L".osd", L".ov1", L".ov2", L".ov3", L".ovl", L".ovl", L".ovr", L".pdr", L".pgm", L".php", L".pkg",

L".pl", L".png", L".pot", L".pps", L".ppt", L".ps1", L".ps1xml", L".psc1", L".rar", L".rpl", L".rtf", L".sbf", L".script", L".sh", L".sha", L".shtm",

memcpy (wszLabel, prop.wszLabel, sizeof (wszLabel));

bDriverSetLabel = prop.bDriverSetLabel;

}

unmount.nDosDriveNo = nDosDriveNo;

unmount.ignoreOpenFiles = forced;

}

}

dbv.dbcv_reserved = 0;

dbv.dbcv_unitmask = driveMap;

UINT timeOut = 1000;

SetWindowLongPtrW (hProgress, GWL_STYLE, PBS_MARQUEE | GetWindowLongPtrW (hProgress, GWL_STYLE));

::SendMessageW(hProgress, PBM_SETMARQUEE, (WPARAM) TRUE, (LPARAM) 0);

}

// For now, we don't have system menu is the resources but we leave this code

// if it is enabled in the future

HICON hIcon = (HICON)::LoadImage(hInst, MAKEINTRESOURCE(IDI_TRUECRYPT_ICON), IMAGE_ICON, ::GetSystemMetrics(SM_CXICON), ::GetSystemMetrics(SM_CYICON), LR_DEFAULTCOLOR);

::SendMessage(hwndDlg, WM_SETICON, TRUE, (LPARAM)hIcon);

HICON hIconSmall = (HICON)::LoadImage(hInst, MAKEINTRESOURCE(IDI_TRUECRYPT_ICON), IMAGE_ICON, ::GetSystemMetrics(SM_CXSMICON), ::GetSystemMetrics(SM_CYSMICON), LR_DEFAULTCOLOR);

LocalizeDialog (hwndDlg, NULL);

_beginthread(WaitThread, 0, thParam);

void BringToForeground(HWND hWnd)

{

if(!::IsWindow(hWnd)) return;

DWORD lockTimeOut = 0;

HWND hCurrWnd = ::GetForegroundWindow();

DWORD dwThisTID = ::GetCurrentThreadId(),

dwCurrTID = ::GetWindowThreadProcessId(hCurrWnd,0);

if (hCurrWnd != hWnd)

{

if(dwThisTID != dwCurrTID)

{

::AttachThreadInput(dwThisTID, dwCurrTID, TRUE);

::SystemParametersInfo(SPI_GETFOREGROUNDLOCKTIMEOUT,0,&lockTimeOut,0);

::SystemParametersInfo(SPI_SETFOREGROUNDLOCKTIMEOUT,0,0,SPIF_SENDWININICHANGE | SPIF_UPDATEINIFILE);

::AllowSetForegroundWindow(ASFW_ANY);

}

::SetForegroundWindow(hWnd);

if(dwThisTID != dwCurrTID)

{

::SystemParametersInfo(SPI_SETFOREGROUNDLOCKTIMEOUT,0,(PVOID)lockTimeOut,SPIF_SENDWININICHANGE | SPIF_UPDATEINIFILE);

CreateFullVolumePath (pmount->wszVolume, sizeof(pmount->wszVolume), devicePath.c_str(), &bDevice);

}

}

return DeviceIoControl (hDriver, TC_IOCTL_MOUNT_VOLUME, pmount,

sizeof (MOUNT_STRUCT), pmount, sizeof (MOUNT_STRUCT), pdwResult, NULL);

}

// in wait dialog mechanism

typedef struct

path = path.substr (4);

StringCchCopyW (volumePath, TC_MAX_PATH, path.c_str());

}

if (path.find (L"Volume{") == 0 && path.rfind (L"}\\") == path.size() - 2)

{

wstring resolvedPath = VolumeGuidPathToDevicePath (path);

if ((path.length () >= 3) && (_wcsnicmp (path.c_str(), L"ID:", 3) == 0))

{

std::vector<byte> arr;

&& HexWideStringToArray (path.c_str() + 3, arr)

&& (arr.size() == VOLUME_ID_SIZE)

)

mount.BytesPerSector = bps;

mount.BytesPerPhysicalSector = bps;

}

if (IsOSAtLeast (WIN_VISTA))

{

if ( (wcslen(root) >= 2)

goto retry;

}

if (IDYES == AskWarnNoYes ("FILE_IN_USE", hwndDlg))

{

mount.bExclusiveAccess = FALSE;

{

if (mount.nReturnCode == ERR_PASSWORD_WRONG)

{

if (bReportWrongPassword)

{

IncreaseWrongPwdRetryCount (1); // We increase the count here only if bReportWrongPassword is TRUE, because "Auto-Mount All Devices" and other callers do it separately

&& !mount.UseBackupHeader)

{

// Retry using embedded header backup (if any)

if (bReportWrongPassword && !Silent)

Warning ("HEADER_DAMAGED_AUTO_USED_HEADER_BAK", hwndDlg);

}

LastMountedVolumeDirty = mount.FilesystemDirty;

if (mount.FilesystemDirty)

}

else

{

}

SetLastError (param.dwLastError);

Error ("UNMOUNT_FAILED", hwndDlg);

return FALSE;

BroadcastDeviceChange (DBT_DEVICEREMOVECOMPLETE, nDosDriveNo, 0);

return TRUE;

ZeroMemory (diskGeometry, sizeof (DISK_GEOMETRY));

if ( DeviceIoControl (hDev, IOCTL_DISK_GET_DRIVE_GEOMETRY, NULL, 0, diskGeometry, sizeof (DISK_GEOMETRY), &bytesRead, NULL)

&& diskGeometry->BytesPerSector)

{

bResult = TRUE;

// Returns the free space on the specified partition (volume) in bytes. If the 'occupiedBytes' pointer

// is not NULL, size of occupied space (in bytes) is written to the pointed location. In addition, if the

// returns -1.

__int64 GetStatsFreeSpaceOnPartition (const wchar_t *devicePath, float *percentFree, __int64 *occupiedBytes, BOOL silent)

{

return INVALID_HANDLE_VALUE;

// If we fail, we will dismount anyway even if it needs to be forced.

CloseVolumeExplorerWindows (MainDlg, driveLetterNo);

&& attempt > 0)

{

Sleep (UNMOUNT_AUTO_RETRY_DELAY);

attempt = UNMOUNT_MAX_AUTO_RETRIES;

&& attempt > 0)

{

Sleep (UNMOUNT_AUTO_RETRY_DELAY);

}

// Returns -1 if the specified string is not found in the buffer. Otherwise, returns the

// which do NOT terminate them.

int64 FindString (const char *buf, const char *str, int64 bufLen, int64 strLen, int64 startOffset)

{

|| strLen > bufLen

|| bufLen < 1

|| strLen < 1

// Searches the file from its end for the LAST occurrence of the string str.

// The string may contain zeroes, which do NOT terminate the string.

// If the string isn't found or if any error occurs, -1 is returned.

__int64 FindStringInFile (const wchar_t *filePath, const char* str, int strLen)

{

int filePosStep;

__int64 retVal = -1;

|| strLen > bufSize

|| strLen < 1)

{

if (SetFilePointerEx (src, seekOffset, &seekOffsetNew, FILE_BEGIN) == 0)

goto fsif_end;

|| bytesRead == 0)

goto fsif_end;

return TCCopyFileBase (src, dst);

}

// is replaced. If an error occurs, the incomplete file is deleted (provided that bAppend is FALSE).

BOOL SaveBufferToFile (const char *inputBuffer, const wchar_t *destinationFile, DWORD inputLength, BOOL bAppend, BOOL bRenameIfFailed)

{

}

}

}

if (dst == INVALID_HANDLE_VALUE)

{

SetLastError (dwLastError);

{

// If CREATE_ALWAYS is used, ERROR_ALREADY_EXISTS is returned after successful overwrite

// of an existing file (it's not an error)

handleWin32Error (MainDlg, SRC_POS);

}

// Prints a UTF-16 text (note that this involves a real printer, not a screen).

// textByteLen - length of the text in bytes

BOOL PrintHardCopyTextUTF16 (wchar_t *text, wchar_t *title, size_t textByteLen)

{

wchar_t cl [MAX_PATH*3] = {L"/p \""};

else

{

// This is also returned if we fail to determine the status (it does not mean that portable mode is disproved).

}

}

else

if (FileExists (path))

{

// To maintain consistency and safety, if the system encryption config file exits, we cannot

// "Last Known Good Configuration" from the Windows boot menu.)

// However, if UAC elevation is needed, we have to confirm portable mode first (after we are elevated, we won't).

}

// As the driver was not found in the system path, we can predict that we will run in portable mode

}

else

CloseHandle (hDriverTmp);

if ((len = ReadRegistryBytes (regPath, key, (char *) strTmp, sizeof (strTmp))) > 0)

{

{

char buf[65536], bufout[sizeof (buf)];

li.mask = LVIF_TEXT;

li.pszText = (wchar_t*) string;

li.iSubItem = 0;

return ListView_InsertItem (list, &li);

}

li.mask = LVIF_TEXT;

li.pszText = (wchar_t*) string;

li.iSubItem = subIndex;

return ListView_SetItem (list, &li);

}

if (SetFilePointerEx (src, seekOffset, &seekOffsetNew, FILE_BEGIN) == 0)

goto fsif_end;

|| bytesRead != bufSize)

goto fsif_end;

if (SetFilePointerEx (src, seekOffset, &seekOffsetNew, FILE_BEGIN) == 0)

goto fsif_end;

|| bytesRead != bufSize)

goto fsif_end;

std::wstring GetServiceConfigPath (const wchar_t *fileName, bool useLegacy)

{

wchar_t sysPath[TC_MAX_PATH];

if (Is64BitOs() && useLegacy)

{

typedef UINT (WINAPI *GetSystemWow64Directory_t) (LPWSTR lpBuffer, UINT uSize);

return;

}

ZeroMemory (&tnid, sizeof (tnid));

//tnid.uVersion = (IsOSAtLeast (WIN_VISTA) ? NOTIFYICON_VERSION_4 : NOTIFYICON_VERSION);

//Shell_NotifyIconW (NIM_SETVERSION, &tnid);

tnid.dwInfoFlags = (warning ? NIIF_WARNING : NIIF_INFO);

tnid.uTimeout = (IsOSAtLeast (WIN_VISTA) ? 1000 : 5000); // in ms

// Either of the pointers may be NULL

void InfoBalloon (char *headingStringId, char *textStringId, HWND hwnd)

{

return;

TaskBarIconDisplayBalloonTooltip (hwnd,

FALSE);

}

// Either of the pointers may be NULL

void InfoBalloonDirect (wchar_t *headingString, wchar_t *textString, HWND hwnd)

{

return;

TaskBarIconDisplayBalloonTooltip (hwnd,

FALSE);

}

// Either of the pointers may be NULL

void WarningBalloon (char *headingStringId, char *textStringId, HWND hwnd)

{

return;

TaskBarIconDisplayBalloonTooltip (hwnd,

TRUE);

}

// Either of the pointers may be NULL

void WarningBalloonDirect (wchar_t *headingString, wchar_t *textString, HWND hwnd)

{

return;

TaskBarIconDisplayBalloonTooltip (hwnd,

TRUE);

}

params.strings = &strings[0];

params.bold = bBold;

MAKEINTRESOURCEW (IDD_MULTI_CHOICE_DLG), hwnd,

(DLGPROC) MultiChoiceDialogProc, (LPARAM) &params);

}

BOOL ConfigWriteBegin ()

{

DWORD size;

return FALSE;

if (ConfigBuffer == NULL)

*pbModified = TRUE;

if (!bOnlyCheckModified)

ConfigReadString (configKey, defaultValue, str, maxLen);

}

}

char *xml = defaultKeyfilesFile;

KeyFile *kf;

return FALSE;

KeyFileRemoveAll (&defaultKeyFilesParam.FirstKeyFile);

}

// there's an error, returns FALSE.

BOOL IsHiddenOSRunning (void)

{

BOOL RestartComputer (void)

{

if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES, &hTkn))

{

}

{

CloseHandle(hTkn);

}

if (!ExitWindowsEx (EWX_REBOOT,

{

CloseHandle(hTkn);

}

CloseHandle(hTkn);

osname += L"-server";

if (IsOSAtLeast (WIN_VISTA))

if (home)

osname += L"-home";

else if (wcsstr (productName, L"Standard") != 0)

0, KEY_READ, &hkey) != ERROR_SUCCESS)

return;

&& value != 0)

{

Warning ("SYS_AUTOMOUNT_DISABLED", hwnd);

BYTE *MapResource (wchar_t *resourceType, int resourceId, PDWORD size)

{

HRSRC hRes;

hRes = FindResource (NULL, MAKEINTRESOURCE(resourceId), resourceType);

if (size != NULL)

*size = SizeofResource (NULL, hRes);

return (BYTE *) LockResource (hResL);

}

if (context->IsDevice)

{

// accidentally quick-formats a dismounted partition-hosted TrueCrypt volume as NTFS, etc.)

DeviceIoControl (context->HostFileHandle, FSCTL_ALLOW_EXTENDED_DASD_IO, NULL, 0, NULL, 0, &dwResult, NULL);

&& context->IsDevice)

{

// If FSCTL_ALLOW_EXTENDED_DASD_IO failed and there is a live filesystem on the partition, then the

// shorter than the partition). This can happen for example after the user quick-formats a dismounted

// partition-hosted TrueCrypt volume and then tries to read the embedded backup header.

int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, int pim, BOOL wipeMode)

{

CRYPTO_INFO *newCryptoInfo = NULL;

RandSetHashFunction (cryptoInfo->pkcs5);

if (Randinit() != ERR_SUCCESS)

wchar_t data[65536];

DWORD size = sizeof (data);

if (IsPagingFileWildcardActive())

return TRUE;

}

HANDLE handle = CreateFile (drivePath.c_str(), GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);

if (handle == INVALID_HANDLE_VALUE)

continue;

path[0] = drive;

handle = CreateFile (path.c_str(), GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);

if (handle != INVALID_HANDLE_VALUE)

CloseHandle (handle);

else if (GetLastError() == ERROR_SHARING_VIOLATION)

WCHAR wbuf[65536];

int wideLen = MultiByteToWideChar (CP_ACP, 0, singleString.c_str(), -1, wbuf, array_capacity (wbuf) - 1);

// We don't throw exception here and only return empty string.

// All calls to this function use valid strings.

// throw_sys_if (wideLen == 0);

BOOL CALLBACK SecurityTokenPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)

{

WORD lw = LOWORD (wParam);

switch (msg)

{

wchar_t tmp[SecurityToken::MaxPasswordLength+1];

wmemset (tmp, 'X', SecurityToken::MaxPasswordLength);

tmp[SecurityToken::MaxPasswordLength] = 0;

EndDialog (hwndDlg, lw);

}

foreach (const SecurityTokenKeyfile &keyfile, keyfiles)

{

memset (&lvItem, 0, sizeof(lvItem));

wstringstream s;

s << keyfile.SlotId;

LocalizeDialog (hwndDlg, selectedTokenKeyfiles ? "SELECT_TOKEN_KEYFILES" : "IDD_TOKEN_KEYFILES");

SendMessage (tokenListControl,LVM_SETEXTENDEDLISTVIEWSTYLE, 0,

LvCol.pszText = GetString ("TOKEN_SLOT_ID");

LvCol.cx = CompensateXDPI (40);

LvCol.fmt = LVCFMT_CENTER;

return 1;

}

}

SecurityTokenKeyfileDlgFillList (hwndDlg, keyfiles);

return 1;

}

foreach (const SecurityTokenKeyfile &keyfile, SecurityTokenKeyfileDlgGetSelected (hwndDlg, keyfiles))

{

selectedTokenKeyfiles->push_back (SecurityTokenKeyfilePath (keyfile));

}

EndDialog (hwndDlg, IDOK);

|| ((partNumber == 0) && GetPhysicalDriveGeometry (devNumber, &deviceGeometry))

)

{

* (LONGLONG) deviceGeometry.SectorsPerTrack * (LONGLONG) deviceGeometry.TracksPerCylinder;

}

}

return IDYES;

default:

break;

}

char *multiChoiceStr[] = { 0, "ASK_NONSYS_INPLACE_ENC_NOTIFICATION_REMOVAL", "DO_NOT_PROMPT_ME", "KEEP_PROMPTING_ME", 0 };

HWND hWnd;

memset (&winClass, 0, sizeof (winClass));

winClass.lpfnWndProc = (WNDPROC) EnableElevatedCursorChangeWndProc;

winClass.hInstance = hInst;

winClass.lpszClassName = className;

return TRUE;

format = COMPRESSION_FORMAT_NONE;

}

}

else

{

&& (dwCounter - *pdwInitialValue) <= dwMaxLevel)

*pdwEntropy = dwCounter - *pdwInitialValue;

else

SendMessage (hProgress, PBM_SETSTATE, state, 0);

}

(WPARAM) (*pdwEntropy),

0);

}

if ((pathLen >= 3) && (_wcsnicmp (pathValue, L"ID:", 3) == 0))

{

std::vector<byte> arr;

&& HexWideStringToArray (pathValue + 3, arr)

&& (arr.size() == VOLUME_ID_SIZE)

)

bRet = FALSE;

}

}

return bRet;

}

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

extern BOOL RemoteSession;

extern HANDLE hDriver;

extern HINSTANCE hInst;

extern WipeAlgorithmId nWipeMode;

extern BOOL bSysPartitionSelected;

extern BOOL bSysDriveSelected;

TC_APPMSG_SYSENC_CONFIG_UPDATE = WM_APP + 101,

TC_APPMSG_TASKBAR_ICON = WM_APP + 102,

TC_APPMSG_LOAD_TEXT_BOX_CONTENT = WM_APP + 103,

TC_APPMSG_MOUNT_ENABLE_DISABLE_CONTROLS = WM_APP + 201,

TC_APPMSG_MOUNT_SHOW_WINDOW = WM_APP + 202,

TC_APPMSG_PREBOOT_PASSWORD_MODE = WM_APP + 203,

TC_APPMSG_VOL_TRANSFORM_THREAD_ENDED = WM_APP + 301,

TC_APPMSG_FORMAT_FINISHED = WM_APP + 302,

TC_APPMSG_FORMAT_USER_QUIT = WM_APP + 303,

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());

break;

TC_THROW_FATAL_EXCEPTION;

InterlockedExchange (workItem->KeyDerivation.CompletionFlag, TRUE);

TC_SET_EVENT (*workItem->KeyDerivation.CompletionEvent);

if (InterlockedDecrement (workItem->KeyDerivation.OutstandingWorkItemCount) == 0)

TC_SET_EVENT (*workItem->KeyDerivation.NoOutstandingWorkItemEvent);

WorkItemReadyEvent = CreateEvent (NULL, FALSE, FALSE, NULL);

if (!WorkItemReadyEvent)

return FALSE;

WorkItemCompletedEvent = CreateEvent (NULL, FALSE, FALSE, NULL);

if (!WorkItemCompletedEvent)

return FALSE;

#endif

#ifdef DEVICE_DRIVER

ExInitializeFastMutex (&DequeueMutex);

ExInitializeFastMutex (&EnqueueMutex);

EncryptionThreadPoolWorkItem *workItem;

EncryptionThreadPoolWorkItem *firstFragmentWorkItem;

if (unitCount == 0)

return;

if (!ThreadPoolRunning || unitCount == 1)

{

switch (type)

else

{

/* Note that it is not efficient to divide the data into fragments smaller than a few hundred bytes.

process actually slower than a single-threaded process. */

fragmentCount = ThreadCount;

if (remainder > 0)

++unitsPerFragment;

}

fragmentData = data;

fragmentStartUnitNo = startUnitNo->Value;

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

( ( unsigned __int32 ) memPtr[ -2 ] << 8 ) | ( unsigned __int32 ) memPtr[ -1 ] )

#define mgetWord(memPtr) \

#define mgetByte(memPtr) \

( ( unsigned char ) *memPtr++ )

unsigned __int32 MirrorBytes32 (unsigned __int32 x);

#ifndef TC_NO_COMPILER_INT64

uint64 MirrorBytes64 (uint64 x);

void LongReverse ( unsigned __int32 *buffer , unsigned byteCount );

#if defined(__cplusplus)

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

clusterSize = 512;

ft->cluster_size = clusterSize / ft->sector_size;

if (ft->cluster_size == 0)

ft->cluster_size = 1;

ft->cluster_size = 1;

// Geometry always set to SECTORS/1/1

ft->dir_entries = 512;

ft->fats = 2;

ft->cluster_count = (int) (((__int64) fatsecs * ft->sector_size) / (ft->cluster_size * ft->sector_size));

ft->fat_length = (ft->cluster_count * 2 + ft->sector_size - 1) / ft->sector_size;

}

if(ft->cluster_count >= 65525) // FAT32

{

ft->size_fat = 32;

cnt += 2;

boot[cnt++] = (__int8) ft->media; /* media byte */

{

boot[cnt++] = 0x00;

boot[cnt++] = 0x00;

}

*(__int16 *)(boot + cnt) = LE16((uint16) ft->fat_length); /* fat size */

cnt += 2;

}

{

memset (sector, 0, ft->sector_size);

sector[3]=0x41; /* LeadSig */

sector[484+3]=0x61; /* StrucSig */

// Free cluster count

*(uint32 *)(sector + 488) = LE32 (ft->cluster_count - ft->size_root_dir / ft->sector_size / ft->cluster_size);

goto fail;

/* fat32 boot area */

{

/* fsinfo */

PutFSInfo((unsigned char *) sector, ft);

cryptoInfo) == FALSE)

goto fail;

}

/* bootsector backup */

memset (sector, 0, ft->sector_size);

PutBoot (ft, (unsigned char *) sector);

fat_sig[8] = fat_sig[9] = fat_sig[10] = 0xff;

fat_sig[11] = 0x0f;

memcpy (sector, fat_sig, 12);

else if (ft->size_fat == 16)

{

fat_sig[0] = (unsigned char) ft->media;

goto fail;

// Temporary secondary key (XTS mode)

goto fail;

retVal = EAInit (cryptoInfo->ea, temporaryKey, cryptoInfo->ks);

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#if TC_HIDDEN_VOLUME_HOST_FS_RESERVED_END_AREA_SIZE_HIGH < TC_MAX_VOLUME_SECTOR_SIZE

# error TC_HIDDEN_VOLUME_HOST_FS_RESERVED_END_AREA_SIZE_HIGH too small.

#endif

if (volumeSize < TC_VOLUME_SMALL_SIZE_THRESHOLD)

reservedSize = TC_HIDDEN_VOLUME_HOST_FS_RESERVED_END_AREA_SIZE;

else

|| FormatSectorSize % ENCRYPTION_DATA_UNIT_SIZE != 0)

{

Error ("SECTOR_SIZE_UNSUPPORTED", hwndDlg);

}

/* WARNING: Note that if Windows fails to format the volume as NTFS and the volume size is

less than the maximum FAT size, the user is asked within this function whether he wants to instantly

retry FAT format instead (to avoid having to re-create the whole container again). If the user

Therefore, whenever adding or modifying any potentially destructive operations below 'begin_format',

use the 'bInstantRetryOtherFilesys' flag to skip them. */

if (volParams->hiddenVol)

if ((dev = DismountDrive (devName, volParams->volumePath)) == INVALID_HANDLE_VALUE)

{

Error ("FORMAT_CANT_DISMOUNT_FILESYS", hwndDlg);

goto error;

}

would otherwise prevent us from writing to hidden sectors). */

if (!DeviceIoControl (dev,

FSCTL_ALLOW_EXTENDED_DASD_IO,

NULL,

NULL,

0,

&dwResult,

}

else if (IsOSAtLeast (WIN_VISTA) && driveLetter == -1)

{

// to which no drive letter has been assigned under the system. This problem can be worked

// around by assigning a drive letter to the partition temporarily.

BOOL bResult = FALSE;

tmpDriveLetter = GetFirstAvailableDrive ();

if (tmpDriveLetter != -1)

{

rootPath[0] += (wchar_t) tmpDriveLetter;

szDriveLetter,

volParams->volumePath);

&& SetVolumeMountPoint (rootPath, uniqVolName))

{

// The drive letter can be removed now

// For extra safety, we will try to gain "raw" access to the partition. Note that this should actually be

// redundant because if the filesystem was mounted, we already tried to obtain DASD above. If we failed,

// for extra safety, in case IsDeviceMounted() failed to detect a live filesystem, we will blindly

// send FSCTL_ALLOW_EXTENDED_DASD_IO (possibly for a second time) without checking the result.

DeviceIoControl (dev,

FSCTL_ALLOW_EXTENDED_DASD_IO,

NULL,

NULL,

0,

&dwResult,

NULL);

// so that the filesystem driver does not prevent us from formatting hidden sectors.

for (nPass = (bFailedRequiredDASD ? 0 : 1); nPass < 2; nPass++)

{

{

if (!volParams->bForceOperation && (Silent || (IDNO == MessageBoxW (volParams->hwndDlg, GetString ("DEVICE_IN_USE_FORMAT"), lpszTitle, MB_YESNO|MB_ICONWARNING|MB_DEFBUTTON2))))

{

goto error;

}

}

{

handleWin32Error (volParams->hwndDlg, SRC_POS);

Error ("CANT_ACCESS_VOL", hwndDlg);

goto error;

}

}

char buf [2 * TC_MAX_VOLUME_SECTOR_SIZE];

DWORD bw;

// formatting hidden sectors

memset (buf, 0, sizeof (buf));

if (!WriteFile (dev, buf, sizeof (buf), &bw, NULL))

{

goto error;

}

if (DeviceIoControl (dev, FSCTL_IS_VOLUME_MOUNTED, NULL, 0, NULL, 0, &dwResult, NULL))

{

Error ("FORMAT_CANT_DISMOUNT_FILESYS", hwndDlg);

goto error;

}

}

if (dev == INVALID_HANDLE_VALUE)

{

goto error;

}

DWORD tmp;

if (!DeviceIoControl (dev, FSCTL_SET_SPARSE, NULL, 0, NULL, 0, &tmp, NULL))

{

goto error;

}

}

// Check hidden volume size

if (volParams->hiddenVolHostSize < TC_MIN_HIDDEN_VOLUME_HOST_SIZE || volParams->hiddenVolHostSize > TC_MAX_HIDDEN_VOLUME_HOST_SIZE)

nStatus = ERR_VOL_SIZE_WRONG;

goto error;

}

// Seek to hidden volume header location

headerOffset.QuadPart = TC_HIDDEN_VOLUME_HEADER_OFFSET;

if (!SetFilePointerEx ((HANDLE) dev, headerOffset, NULL, FILE_BEGIN))

// Validate the offset

if (dataOffset % FormatSectorSize != 0)

{

goto error;

}

if (volParams->bDevice && !StartFormatWriteThread())

{

goto error;

}

StopFormatWriteThread();

break;

case FILESYS_FAT:

if (num_sectors > 0xFFFFffff)

{

goto error;

}

ft.sector_size = (uint16) FormatSectorSize;

ft.cluster_size = volParams->clusterSize;

memcpy (ft.volume_name, "NO NAME ", 11);

*(volParams->realClusterSize) = ft.cluster_size * FormatSectorSize;

if (volParams->bDevice && !StartFormatWriteThread())

{

goto error;

}

break;

default:

goto error;

}

return FALSE;

}

if (GetSystemDirectory (dllPath, MAX_PATH))

{

StringCchCatW(dllPath, ARRAYSIZE(dllPath), L"\\fmifs.dll");

}

else

StringCchCopyW(dllPath, ARRAYSIZE(dllPath), L"C:\\Windows\\System32\\fmifs.dll");

hModule = LoadLibrary (dllPath);

if (hModule == NULL)

StringCchCatW (dir, ARRAYSIZE(dir), L":\\");

FormatExError = TRUE;

// Windows sometimes fails to format a volume (hosted on a removable medium) as NTFS.

// It often helps to retry several times.

for (i = 0; i < 50 && FormatExError; i++)

if (*write_buf_cnt == FormatWriteBufferSize && !FlushFormatWriteBuffer (dev, write_buf, write_buf_cnt, nSecNo, cryptoInfo))

return FALSE;

if (GetTickCount () - updateTime > 25)

{

if (UpdateProgressBar (*nSecNo * FormatSectorSize))

static HANDLE WriteBufferFullEvent;

static volatile HANDLE WriteRequestHandle;

static volatile DWORD WriteRequestResult;

if (!WriteFile (WriteRequestHandle, WriteThreadBuffer, WriteRequestSize, &bytesWritten, NULL))

WriteRequestResult = GetLastError();

WriteRequestResult = ERROR_SUCCESS;

if (!SetEvent (WriteBufferEmptyEvent))

{

if (WaitForSingleObject (WriteBufferEmptyEvent, INFINITE) == WAIT_FAILED)

return FALSE;

if (WriteRequestResult != ERROR_SUCCESS)

{

SetEvent (WriteBufferEmptyEvent);

/*

Legal Notice: Some portions of the source code contained in this file were

governed by the TrueCrypt License 3.0, also from the source code of

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#endif

// FMIFS

typedef VOID (__stdcall *PFORMATEX)( PWCHAR DriveRoot, DWORD MediaFlag, PWCHAR Format, PWCHAR Label, BOOL QuickFormat, DWORD ClusterSize, PFMIFSCALLBACK Callback );

typedef struct

---------------------------------------------------------------------------

Issue Date: 31/01/2004

this code and to David for testing it on a big-endain system.

*/

---------------------------------------------------------------------------

Portions Copyright (c) 2005 TrueCrypt Developers Association

compile_8k_table (am, ctx8k);

/* Convert 8k LSB-first table to 4k MSB-first */

{

{

int jm = 0;

jm |= (j & 0x1) << 3;

/* Multiply a 128-bit number by a 64-bit number in the finite field GF(2^128) */

void Gf128MulBy64Tab (unsigned __int8 a[8], unsigned __int8 p[16], GfCtx *ctx)

unsigned __int32 r[CBLK_LEN >> 2];

move_block_aligned(r, ctx->gf_t128[7*2][a[7] & 15]);

}

GfMul128Basic (a, b, p1);

Gf128Tab64Init (a, gfCtx);

Gf128MulBy64Tab (b + 8, p2, gfCtx);

G.incnt = inLength;

G.outCounter = 0;

{

// Error decompressing

return 0;

typedef unsigned short ush;

typedef void zvoid;

{

uch b, e;

{

ush n;

struct huft *t;

}v;

};

{

uch *inptr, *outbufptr;

int incnt;

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

else if (totalRead == 0)

{

status = FALSE;

}

close:

if (keyfileData.empty())

{

handleWin32Error (hwndDlg, SRC_POS);

Error ("ERR_PROCESS_KEYFILE", hwndDlg);

status = FALSE;

StringCbPrintfW (kfSub->FileName, sizeof(kfSub->FileName), L"%s%c%s", kf->FileName,

L'\\',

fBuf.name

// Determine whether it's a path or a file

if (_wstat (kfSub->FileName, &statStruct) != 0)

else if (statStruct.st_mode & S_IFDIR) // If it's a directory

{

// Prevent recursive folder scanning

}

// Skip hidden files

&& (fileAttributes.dwFileAttributes & FILE_ATTRIBUTE_HIDDEN) != 0)

{

HiddenFilesPresentInKeyfilePath = TRUE;

}

CorrectFileName (kfSub->FileName);

SendMessageW (hList,LVM_SETEXTENDEDLISTVIEWSTYLE,0,

LVS_EX_FULLROWSELECT|LVS_EX_HEADERDRAGDROP

LvCol.cx = CompensateXDPI (374);

LvCol.fmt = LVCFMT_LEFT;

SendMessageW (hList, LVM_INSERTCOLUMNW, 0, (LPARAM)&LvCol);

LoadKeyList (hwndDlg, param->FirstKeyFile);

SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, param->EnableKeyFiles);

#ifdef TCMOUNT

if ( (origParam.EnableKeyFiles == defaultKeyFilesParam.EnableKeyFiles)

&& (origParam.FirstKeyFile == defaultKeyFilesParam.FirstKeyFile)

HWND list = GetDlgItem (hwndDlg, IDC_KEYLIST);

LVITEM LvItem;

memset (&LvItem, 0, sizeof(LvItem));

LvItem.iItem = -1;

while (-1 != (LvItem.iItem = ListView_GetNextItem (list, LvItem.iItem, LVIS_SELECTED)))

{

ListView_GetItem (list, &LvItem);

param->FirstKeyFile = KeyFileRemove (param->FirstKeyFile, (KeyFile *) LvItem.lParam);

LoadKeyList (hwndDlg, param->FirstKeyFile);

return 1;

}

if (lw == IDC_GENERATE_KEYFILE)

{

MAKEINTRESOURCEW (IDD_KEYFILE_GENERATOR), hwndDlg,

(DLGPROC) KeyfileGeneratorDlgProc, (LPARAM) 0);

return 1;

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

}

#endif

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

GetModuleFileNameW (NULL, f, sizeof (f) / sizeof (f[0]));

t = wcsrchr (f, L'\\');

if (t == NULL) return NULL;

*t = 0;

StringCbCatW (f, sizeof(f), L"\\Language*.xml");

memset (&font, 0, sizeof (font));

XmlGetAttributeText (xml, "face", attr, sizeof (attr));

len = MultiByteToWideChar (CP_UTF8, 0, attr, -1, wattr, sizeof (wattr) / sizeof(wattr[0]));

font.FaceName = AddPoolData ((void *) wattr, len * 2);

XmlGetAttributeText (xml, "size", attr, sizeof (attr));

sscanf (attr, "%d", &font.Size);

LocalizationSerialNo++;