// result of ZwQuerySymbolicLinkObject

// IN OUT RESOLVE_SYMLINK_STRUCT

#define TC_IOCTL_GET_RESOLVED_SYMLINK TC_IOCTL (17)

#define TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS TC_IOCTL (18)

#define TC_IOCTL_BOOT_ENCRYPTION_SETUP TC_IOCTL (19)

#define TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP TC_IOCTL (20)

#define TC_IOCTL_GET_BOOT_ENCRYPTION_SETUP_RESULT TC_IOCTL (21)

#define TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES TC_IOCTL (22)

#define TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER TC_IOCTL (23)

#define TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME TC_IOCTL (24)

#define TC_IOCTL_GET_PORTABLE_MODE_STATUS TC_IOCTL (25)

#define TC_IOCTL_SET_PORTABLE_MODE_STATUS TC_IOCTL (26)

#define TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING TC_IOCTL (27)

#define TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG TC_IOCTL (28)

#define TC_IOCTL_DISK_IS_WRITABLE TC_IOCTL (29)

#define TC_IOCTL_START_DECOY_SYSTEM_WIPE TC_IOCTL (30)

#define TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE TC_IOCTL (31)

#define TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS TC_IOCTL (32)

#define TC_IOCTL_GET_DECOY_SYSTEM_WIPE_RESULT TC_IOCTL (33)

#define TC_IOCTL_WRITE_BOOT_DRIVE_SECTOR TC_IOCTL (34)

#define TC_IOCTL_GET_WARNING_FLAGS TC_IOCTL (35)

#define TC_IOCTL_SET_SYSTEM_FAVORITE_VOLUME_DIRTY TC_IOCTL (36)

#define TC_IOCTL_REREAD_DRIVER_CONFIG TC_IOCTL (37)

#define TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG TC_IOCTL (38)

#define VC_IOCTL_GET_BOOT_LOADER_FINGERPRINT TC_IOCTL (39)

// result IOCTL_DISK_GET_DRIVE_GEOMETRY_EX

// IN OUT - DISK_GEOMETRY_EX_STRUCT

#define VC_IOCTL_GET_DRIVE_GEOMETRY_EX TC_IOCTL (40)

#define VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS TC_IOCTL (41)

#define VC_IOCTL_IS_RAM_ENCRYPTION_ENABLED TC_IOCTL (42)

// Legacy IOCTLs used before version 5.0

#define TC_IOCTL_LEGACY_GET_DRIVER_VERSION 466968

#define TC_IOCTL_LEGACY_GET_MOUNTED_VOLUMES 466948

// Undocumented IOCTL sent by Windows 10 when handling EFS data on volumes

#define IOCTL_UNKNOWN_WINDOWS10_EFS_ACCESS 0x455610D8

/* Start of driver interface structures, the size of these structures may

change between versions; so make sure you first send DRIVER_VERSION to

check that it's the correct device driver */

#pragma pack (push)

#pragma pack(1)

typedef struct

{

int nReturnCode; /* Return code back from driver */

BOOL FilesystemDirty;

BOOL VolumeMountedReadOnlyAfterAccessDenied;

BOOL VolumeMountedReadOnlyAfterDeviceWriteProtected;

wchar_t wszVolume[TC_MAX_PATH]; /* Volume to be mounted */

Password VolumePassword; /* User password */

BOOL bCache; /* Cache passwords in driver */

int nDosDriveNo; /* Drive number to mount */

uint32 BytesPerSector;

BOOL bMountReadOnly; /* Mount volume in read-only mode */

BOOL bMountRemovable; /* Mount volume as removable media */

BOOL bExclusiveAccess; /* Open host file/device in exclusive access mode */

BOOL bMountManager; /* Announce volume to mount manager */

BOOL bPreserveTimestamp; /* Preserve file container timestamp */

BOOL bPartitionInInactiveSysEncScope; /* If TRUE, we are to attempt to mount a partition located on an encrypted system drive without pre-boot authentication. */

int nPartitionInInactiveSysEncScopeDriveNo; /* If bPartitionInInactiveSysEncScope is TRUE, this contains the drive number of the system drive on which the partition is located. */

BOOL SystemFavorite;

// Hidden volume protection

byte UserConfiguration;

char CustomUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1];

} GetSystemDriveConfigurationRequest;

typedef struct

{

WipeAlgorithmId WipeAlgorithm;

CRYPTOPP_ALIGN_DATA(16) byte WipeKey[MASTER_KEYDATA_SIZE];

} WipeDecoySystemRequest;

typedef struct

{

BOOL WipeInProgress;

WipeAlgorithmId WipeAlgorithm;

int64 WipedAreaEnd;

} DecoySystemWipeStatus;

typedef struct

{

LARGE_INTEGER Offset;

byte Data[TC_SECTOR_SIZE_BIOS];

} WriteBootDriveSectorRequest;

typedef struct

{

BOOL PagingFileCreationPrevented;

BOOL SystemFavoriteVolumeDirty;

} GetWarningFlagsRequest;

typedef struct

{

struct _DriveFilterExtension *BootDriveFilterExtension;

BOOL HwEncryptionEnabled;

} GetSystemDriveDumpConfigRequest;

#pragma pack (pop)

#define DRIVER_STR WIDE

#define TC_UNIQUE_ID_PREFIX "VeraCryptVolume"

#define TC_MOUNT_PREFIX L"\\Device\\VeraCryptVolume"

#define NT_MOUNT_PREFIX DRIVER_STR("\\Device\\VeraCryptVolume")

#define NT_ROOT_PREFIX DRIVER_STR("\\Device\\VeraCrypt")

#define DOS_MOUNT_PREFIX_DEFAULT DRIVER_STR("\\DosDevices\\")

#define DOS_MOUNT_PREFIX_GLOBAL DRIVER_STR("\\GLOBAL??\\") // Use Global MS-DOS device names for sanity checks on drive letters

#define DOS_ROOT_PREFIX DRIVER_STR("\\DosDevices\\VeraCrypt")

#define WIN32_ROOT_PREFIX DRIVER_STR("\\\\.\\VeraCrypt")

#define TC_DRIVER_CONFIG_REG_VALUE_NAME DRIVER_STR("VeraCryptConfig")

#define TC_ENCRYPTION_FREE_CPU_COUNT_REG_VALUE_NAME DRIVER_STR("VeraCryptEncryptionFreeCpuCount")

#define VC_ENCRYPTION_IO_REQUEST_COUNT DRIVER_STR("VeraCryptEncryptionIoRequestCount")

#define VC_ENCRYPTION_ITEM_COUNT DRIVER_STR("VeraCryptEncryptionItemCount")

#define VC_ENCRYPTION_FRAGMENT_SIZE DRIVER_STR("VeraCryptEncryptionFragmentSize")

// WARNING: Modifying the following values can introduce incompatibility with previous versions.

#define TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD 0x1

#define TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES 0x2

#define TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS 0x4

#define TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION 0x8

#define TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL 0x10

#define TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION 0x20

#define TC_DRIVER_CONFIG_CACHE_BOOT_PIM 0x40

#define VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM 0x80

#define VC_DRIVER_CONFIG_BLOCK_SYS_TRIM 0x100

#define VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG 0x200

#define VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 0x400

#define VC_DRIVER_CONFIG_ENABLE_CPU_RNG 0x800

#define VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION 0x1000