diff options
Diffstat (limited to 'src/Driver/DriveFilter.c')
-rw-r--r-- | src/Driver/DriveFilter.c | 88 |
1 files changed, 47 insertions, 41 deletions
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index f89e6e9a..a615797a 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -35,7 +35,7 @@ static BOOL DeviceFilterActive = FALSE; BOOL BootArgsValid = FALSE; BootArguments BootArgs; -byte* BootSecRegionData = NULL; +uint8* BootSecRegionData = NULL; uint32 BootSecRegionSize = 0; uint32 BootPkcs5 = 0; @@ -47,13 +47,13 @@ static KMUTEX MountMutex; static volatile BOOL BootDriveFound = FALSE; static DriveFilterExtension *BootDriveFilterExtension = NULL; static LARGE_INTEGER BootDriveLength; -static byte BootLoaderFingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE]; +static uint8 BootLoaderFingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE]; static BOOL CrashDumpEnabled = FALSE; static BOOL HibernationEnabled = FALSE; static BOOL LegacyHibernationDriverFilterActive = FALSE; -static byte *HibernationWriteBuffer = NULL; +static uint8 *HibernationWriteBuffer = NULL; static MDL *HibernationWriteBufferMdl = NULL; static uint32 HibernationPreventionCount = 0; @@ -82,8 +82,8 @@ NTSTATUS LoadBootArguments (BOOL bIsEfi) { NTSTATUS status = STATUS_UNSUCCESSFUL; PHYSICAL_ADDRESS bootArgsAddr; - byte *mappedBootArgs; - byte *mappedCryptoInfo = NULL; + uint8 *mappedBootArgs; + uint8 *mappedCryptoInfo = NULL; uint16 bootLoaderArgsIndex; uint64* BootArgsRegionsPtr = bIsEfi? BootArgsRegionsEFI : BootArgsRegionsDefault; size_t BootArgsRegionsCount = bIsEfi? sizeof(BootArgsRegionsEFI)/ sizeof(BootArgsRegionsEFI[0]) : sizeof(BootArgsRegionsDefault)/ sizeof(BootArgsRegionsDefault[0]); @@ -109,7 +109,7 @@ NTSTATUS LoadBootArguments (BOOL bIsEfi) DumpMem (mappedBootArgs, sizeof (BootArguments)); if (bootArguments->BootLoaderVersion == VERSION_NUM - && bootArguments->BootArgumentsCrc32 != GetCrc32 ((byte *) bootArguments, (int) ((byte *) &bootArguments->BootArgumentsCrc32 - (byte *) bootArguments))) + && bootArguments->BootArgumentsCrc32 != GetCrc32 ((uint8 *) bootArguments, (int) ((uint8 *) &bootArguments->BootArgumentsCrc32 - (uint8 *) bootArguments))) { Dump ("BootArguments CRC incorrect\n"); burn (mappedBootArgs, sizeof (BootArguments)); @@ -166,13 +166,13 @@ NTSTATUS LoadBootArguments (BOOL bIsEfi) uint32 crc; PHYSICAL_ADDRESS SecRegionAddress; SECREGION_BOOT_PARAMS* SecRegionParams = (SECREGION_BOOT_PARAMS*) (mappedCryptoInfo + sizeof(BOOT_CRYPTO_HEADER) + 2); - byte *secRegionData = NULL; + uint8 *secRegionData = NULL; SecRegionAddress.QuadPart = SecRegionParams->Ptr; Dump ("SecRegion memory 0x%x %d\n", SecRegionAddress.LowPart, SecRegionParams->Size); // SecRegion correct? if( (SecRegionParams->Ptr != 0) && (SecRegionParams->Size > 0)) { - crc = GetCrc32((byte*)SecRegionParams, 12); + crc = GetCrc32((uint8*)SecRegionParams, 12); if(crc == SecRegionParams->Crc) { Dump ("SecRegion crc ok\n"); secRegionData = MmMapIoSpace (SecRegionAddress, SecRegionParams->Size, MmCached); @@ -220,7 +220,7 @@ NTSTATUS LoadBootArguments (BOOL bIsEfi) NTSTATUS DriveFilterAddDevice (PDRIVER_OBJECT driverObject, PDEVICE_OBJECT pdo) { - DriveFilterExtension *Extension; + DriveFilterExtension *Extension = NULL; NTSTATUS status; PDEVICE_OBJECT filterDeviceObject = NULL; PDEVICE_OBJECT attachedDeviceObject; @@ -275,7 +275,7 @@ NTSTATUS DriveFilterAddDevice (PDRIVER_OBJECT driverObject, PDEVICE_OBJECT pdo) err: if (filterDeviceObject) { - if (Extension->LowerDeviceObject) + if (Extension && Extension->LowerDeviceObject) IoDetachDevice (Extension->LowerDeviceObject); IoDeleteDevice (filterDeviceObject); @@ -329,7 +329,7 @@ static void InvalidateDriveFilterKeys (DriveFilterExtension *Extension) Dump ("Drive filter encryption keys invalidated!\n"); } -static void ComputeBootLoaderFingerprint(PDEVICE_OBJECT LowerDeviceObject, byte* ioBuffer /* ioBuffer must be at least 512 bytes long */) +static void ComputeBootLoaderFingerprint(PDEVICE_OBJECT LowerDeviceObject, uint8* ioBuffer /* ioBuffer must be at least 512 bytes long */) { NTSTATUS status; LARGE_INTEGER offset; @@ -362,8 +362,8 @@ static void ComputeBootLoaderFingerprint(PDEVICE_OBJECT LowerDeviceObject, byte* NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; #ifdef _WIN64 XSTATE_SAVE SaveState; - if (g_isIntel && HasSAVX()) - saveStatus = KeSaveExtendedProcessorState(XSTATE_MASK_GSSE, &SaveState); + if (IsCpuIntel() && HasSAVX()) + saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState); #else KFLOATING_SAVE floatingPointState; if (HasISSE() || (HasSSSE3() && HasMMX())) @@ -405,7 +405,7 @@ static void ComputeBootLoaderFingerprint(PDEVICE_OBJECT LowerDeviceObject, byte* if (NT_SUCCESS (saveStatus)) #ifdef _WIN64 - KeRestoreExtendedProcessorState(&SaveState); + KeRestoreExtendedProcessorStateVC(&SaveState); #else KeRestoreFloatingPointState (&floatingPointState); #endif @@ -433,7 +433,7 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, // Check disk MBR id and GPT ID if BootSecRegion is available to detect boot drive if (BootSecRegionData != NULL && BootSecRegionSize >= 1024) { - byte mbr[TC_SECTOR_SIZE_BIOS]; + uint8 mbr[TC_SECTOR_SIZE_BIOS]; DCS_DISK_ENTRY_LIST* DeList = (DCS_DISK_ENTRY_LIST*)(BootSecRegionData + 512); offset.QuadPart = 0; status = TCReadDevice (Extension->LowerDeviceObject, mbr, offset, TC_SECTOR_SIZE_BIOS); @@ -459,7 +459,7 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, // Check boot drive signature first (header CRC search could fail if a user restored the header to a non-boot drive) if (BootDriveSignatureValid) { - byte mbr[TC_SECTOR_SIZE_BIOS]; + uint8 mbr[TC_SECTOR_SIZE_BIOS]; offset.QuadPart = 0; status = TCReadDevice (Extension->LowerDeviceObject, mbr, offset, TC_SECTOR_SIZE_BIOS); @@ -520,7 +520,7 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, pim = (int) (BootArgs.Flags >> 16); - if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, pim, FALSE, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0) + if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, pim, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0) { // Header decrypted status = STATUS_SUCCESS; @@ -585,7 +585,7 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, uint32 crcSaved; crcSaved = DeList->CRC32; DeList->CRC32 = 0; - crc = GetCrc32((byte*)DeList, 512); + crc = GetCrc32((uint8*)DeList, 512); if(crc == crcSaved){ if(DeList->DE[DE_IDX_PWDCACHE].Type == DE_PwdCache) { uint64 sector = 0; @@ -696,7 +696,7 @@ static NTSTATUS SaveDriveVolumeHeader (DriveFilterExtension *Extension) { NTSTATUS status = STATUS_SUCCESS; LARGE_INTEGER offset; - byte *header; + uint8 *header; header = TCalloc (TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE); if (!header) @@ -727,7 +727,7 @@ static NTSTATUS SaveDriveVolumeHeader (DriveFilterExtension *Extension) { uint32 headerCrc32; uint64 encryptedAreaLength = Extension->Queue.EncryptedAreaEnd + 1 - Extension->Queue.EncryptedAreaStart; - byte *fieldPos = header + TC_HEADER_OFFSET_ENCRYPTED_AREA_LENGTH; + uint8 *fieldPos = header + TC_HEADER_OFFSET_ENCRYPTED_AREA_LENGTH; PCRYPTO_INFO pCryptoInfo = Extension->HeaderCryptoInfo; #ifdef _WIN64 CRYPTO_INFO tmpCI; @@ -988,6 +988,7 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte // Dismount the system drive on shutdown on Windows 7 and later if (DriverShuttingDown + && EraseKeysOnShutdown && IsOSAtLeast (WIN_7) && Extension->BootDrive && Extension->DriveMounted @@ -1046,6 +1047,11 @@ static NTSTATUS DispatchControl (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFil } } break; + case IOCTL_DISK_GROW_PARTITION: + Dump ("DriverFilter-DispatchControl: IOCTL_DISK_GROW_PARTITION blocked\n"); + IoReleaseRemoveLock (&Extension->Queue.RemoveLock, Irp); + return TCCompleteDiskIrp (Irp, STATUS_UNSUCCESSFUL, 0); + break; } status = PassIrp (Extension->LowerDeviceObject, Irp); @@ -1187,7 +1193,7 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp) } #endif - if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, request->pkcs5_prf, request->pim, FALSE, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0) + if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, request->pkcs5_prf, request->pim, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0) { Dump ("Header reopened\n"); #ifdef _WIN64 @@ -1228,16 +1234,16 @@ typedef NTSTATUS (*HiberDriverWriteFunctionB) (PLARGE_INTEGER writeOffset, PMDL typedef struct { #ifdef _WIN64 - byte FieldPad1[64]; + uint8 FieldPad1[64]; HiberDriverWriteFunctionB WriteFunctionB; - byte FieldPad2[56]; + uint8 FieldPad2[56]; #else - byte FieldPad1[48]; + uint8 FieldPad1[48]; HiberDriverWriteFunctionB WriteFunctionB; - byte FieldPad2[32]; + uint8 FieldPad2[32]; #endif HiberDriverWriteFunctionA WriteFunctionA; - byte FieldPad3[24]; + uint8 FieldPad3[24]; LARGE_INTEGER PartitionStartOffset; } HiberDriverContext; @@ -1247,16 +1253,16 @@ typedef struct { LIST_ENTRY ModuleList; #ifdef _WIN64 - byte FieldPad1[32]; + uint8 FieldPad1[32]; #else - byte FieldPad1[16]; + uint8 FieldPad1[16]; #endif PVOID ModuleBaseAddress; HiberDriverEntry ModuleEntryAddress; #ifdef _WIN64 - byte FieldPad2[24]; + uint8 FieldPad2[24]; #else - byte FieldPad2[12]; + uint8 FieldPad2[12]; #endif UNICODE_STRING ModuleName; } ModuleTableItem; @@ -1566,10 +1572,10 @@ static VOID SetupThreadProc (PVOID threadArg) BOOL headerUpdateRequired = FALSE; int64 bytesWrittenSinceHeaderUpdate = 0; - byte *buffer = NULL; - byte *wipeBuffer = NULL; - byte wipeRandChars[TC_WIPE_RAND_CHAR_COUNT]; - byte wipeRandCharsUpdate[TC_WIPE_RAND_CHAR_COUNT]; + uint8 *buffer = NULL; + uint8 *wipeBuffer = NULL; + uint8 wipeRandChars[TC_WIPE_RAND_CHAR_COUNT]; + uint8 wipeRandCharsUpdate[TC_WIPE_RAND_CHAR_COUNT]; KIRQL irql; NTSTATUS status; @@ -1577,7 +1583,7 @@ static VOID SetupThreadProc (PVOID threadArg) // generate real random values for wipeRandChars and // wipeRandCharsUpdate instead of relying on uninitialized stack memory ChaCha20RngCtx rngCtx; - byte pbSeed[CHACHA20RNG_KEYSZ + CHACHA20RNG_IVSZ]; + uint8 pbSeed[CHACHA20RNG_KEYSZ + CHACHA20RNG_IVSZ]; GetDriverRandomSeed (pbSeed, sizeof (pbSeed)); ChaCha20RngInit (&rngCtx, pbSeed, GetDriverRandomSeed, 0); @@ -1751,7 +1757,7 @@ static VOID SetupThreadProc (PVOID threadArg) if (SetupRequest.WipeAlgorithm != TC_WIPE_NONE) { - byte wipePass; + uint8 wipePass; int wipePassCount = GetWipePassCount (SetupRequest.WipeAlgorithm); if (wipePassCount <= 0) { @@ -2107,8 +2113,8 @@ void GetBootEncryptionAlgorithmName (PIRP irp, PIO_STACK_LOCATION irpSp) wchar_t BootEncryptionAlgorithmNameW[256]; wchar_t BootPrfAlgorithmNameW[256]; GetBootEncryptionAlgorithmNameRequest *request = (GetBootEncryptionAlgorithmNameRequest *) irp->AssociatedIrp.SystemBuffer; - EAGetName (BootEncryptionAlgorithmNameW, BootDriveFilterExtension->Queue.CryptoInfo->ea, 0); - HashGetName2 (BootPrfAlgorithmNameW, BootDriveFilterExtension->Queue.CryptoInfo->pkcs5); + EAGetName (BootEncryptionAlgorithmNameW, 256, BootDriveFilterExtension->Queue.CryptoInfo->ea, 0); + HashGetName2 (BootPrfAlgorithmNameW, 256, BootDriveFilterExtension->Queue.CryptoInfo->pkcs5); RtlStringCbPrintfA (request->BootEncryptionAlgorithmName, sizeof (request->BootEncryptionAlgorithmName), "%S", BootEncryptionAlgorithmNameW); RtlStringCbPrintfA (request->BootPrfAlgorithmName, sizeof (request->BootPrfAlgorithmName), "%S", BootPrfAlgorithmNameW); @@ -2187,9 +2193,9 @@ static VOID DecoySystemWipeThreadProc (PVOID threadArg) ULONG wipeBlockSize = TC_ENCRYPTION_SETUP_IO_BLOCK_SIZE; CRYPTO_INFO *wipeCryptoInfo = NULL; - byte *wipeBuffer = NULL; - byte *wipeRandBuffer = NULL; - byte wipeRandChars[TC_WIPE_RAND_CHAR_COUNT]; + uint8 *wipeBuffer = NULL; + uint8 *wipeRandBuffer = NULL; + uint8 wipeRandChars[TC_WIPE_RAND_CHAR_COUNT]; int wipePass, wipePassCount; int ea = Extension->Queue.CryptoInfo->ea; |