SendMessage(hwnd, EM_SHOWBALLOONTIP, 0, (LPARAM)&ebt);

MessageBeep (0xFFFFFFFF);

free (szErrorText);

}

else

SendMessage(hwnd, EM_HIDEBALLOONTIP, 0, 0);

}

static LRESULT CALLBACK BootPwdFieldProc (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)

{

WNDPROC wp = (WNDPROC) GetWindowLongPtrW (hwnd, GWLP_USERDATA);

switch (message)

{

case WM_PASTE:

return 1;

case WM_CHAR:

HandlePasswordEditWmChar (hwnd, wParam);

break;

}

return CallWindowProcW (wp, hwnd, message, wParam, lParam);

}

// Protects an input field from having its content updated by a Paste action. Used for pre-boot password

// input fields (only the US keyboard layout is supported in pre-boot environment so we must prevent the

// user from pasting a password typed using a non-US keyboard layout).

void ToBootPwdField (HWND hwndDlg, UINT ctrlId)

{

HWND hwndCtrl = GetDlgItem (hwndDlg, ctrlId);

WNDPROC originalwp = (WNDPROC) GetWindowLongPtrW (hwndCtrl, GWLP_USERDATA);

SendMessage (hwndCtrl, EM_LIMITTEXT, MAX_LEGACY_PASSWORD, 0);

// if ToNormalPwdField has been called before, GWLP_USERDATA already contains original WNDPROC

if (!originalwp)

{

SetWindowLongPtrW (hwndCtrl, GWLP_USERDATA, (LONG_PTR) GetWindowLongPtrW (hwndCtrl, GWLP_WNDPROC));

}

SetWindowLongPtrW (hwndCtrl, GWLP_WNDPROC, (LONG_PTR) BootPwdFieldProc);

}

// Ensures that a warning is displayed when user is pasting a password longer than the maximum

// length which is set to 64 characters

static LRESULT CALLBACK NormalPwdFieldProc (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)

{

WNDPROC wp = (WNDPROC) GetWindowLongPtrW (hwnd, GWLP_USERDATA);

switch (message)

{

case WM_PASTE:

{

x = SendMessage (hComboBox, CB_GETITEMDATA, i, 0);

if (x == (LPARAM) *algo_id)

{

SendMessage (hComboBox, CB_SETCURSEL, i, 0);

return;

}

}

/* Something went wrong ; couldn't find the requested algo id so we drop

back to a default */

*algo_id = (int) SendMessage (hComboBox, CB_GETITEMDATA, 0, 0);

SendMessage (hComboBox, CB_SETCURSEL, 0, 0);

}

void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption, BOOL bHeaderWipe)

{

if (bNA)

{

SetCurrentDirectory (p);

}

}

BOOL BrowseFiles (HWND hwndDlg, char *stringId, wchar_t *lpszFileName, BOOL keepHistory, BOOL saveMode, wchar_t *browseFilter)

{

return BrowseFilesInDir (hwndDlg, stringId, NULL, lpszFileName, keepHistory, saveMode, browseFilter);

}

BOOL BrowseFilesInDir (HWND hwndDlg, char *stringId, wchar_t *initialDir, wchar_t *lpszFileName, BOOL keepHistory, BOOL saveMode, wchar_t *browseFilter, const wchar_t *initialFileName, const wchar_t *defaultExtension)

{

OPENFILENAMEW ofn;

wchar_t file[TC_MAX_PATH] = { 0 };

wchar_t filter[1024];

BOOL status = FALSE;

CoInitialize (NULL);

WaitCursor ();

ShellExecute (NULL, L"open", filename, cl, NULL, SW_HIDE);

Sleep (6000);

NormalCursor();

_wremove (path);

return TRUE;

}

BOOL IsNonInstallMode ()

{

HKEY hkey, hkeybis;

DWORD dw;

WCHAR szBuffer[512];

DWORD dwBufferSize = sizeof(szBuffer);

std::wstring msiProductGUID;

if (bPortableModeConfirmed)

return TRUE;

// Configuration" from the Windows boot menu).

if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, L"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\VeraCrypt", 0, KEY_READ | KEY_WOW64_32KEY, &hkey) == ERROR_SUCCESS)

{

RegCloseKey (hkey);

return FALSE;

}

else

return TRUE;

}

LRESULT SetCheckBox (HWND hwndDlg, int dlgItem, BOOL state)

{

return SendDlgItemMessage (hwndDlg, dlgItem, BM_SETCHECK, state ? BST_CHECKED : BST_UNCHECKED, 0);

}

BOOL GetCheckBox (HWND hwndDlg, int dlgItem)

{

return IsButtonChecked (GetDlgItem (hwndDlg, dlgItem));

}

}

}

return TRUE;

}

BYTE *MapResource (wchar_t *resourceType, int resourceId, PDWORD size)

{

HGLOBAL hResL;

HRSRC hRes;

#ifdef SETUP_DLL

// In case we're being called from the SetupDLL project, FindResource()

// and LoadResource() with NULL will fail since we're in a DLL. We need

// to call them with the HINSTANCE of the DLL instead, which we set in

// Setup.c of SetupDLL, DllMain() function.

hResInst = hInst;

#endif

hRes = FindResource (hResInst, MAKEINTRESOURCE(resourceId), resourceType);

hResL = LoadResource (hResInst, hRes);

if (size != NULL)

*size = SizeofResource (hResInst, hRes);

return (BYTE *) LockResource (hResL);

}

void InconsistencyResolved (char *techInfo)

{

wchar_t finalMsg[8024];

#define DEFAULT_VOL_CREATION_WIZARD_MODE WIZARD_MODE_FILE_CONTAINER

#define ICON_HAND MB_ICONHAND

#define YES_NO MB_YESNO

#define ISO_BURNER_TOOL L"isoburn.exe"

#define PRINT_TOOL L"notepad.exe"

void InitGlobalLocks ();

void FinalizeGlobalLocks ();

void cleanup ( void );

void LowerCaseCopy ( wchar_t *lpszDest , const wchar_t *lpszSource );

void UpperCaseCopy ( wchar_t *lpszDest , size_t cbDest, const wchar_t *lpszSource );

BOOL IsNullTerminateString (const wchar_t* str, size_t cbSize);

void CreateFullVolumePath ( wchar_t *lpszDiskFile , size_t cbDiskFile, const wchar_t *lpszFileName , BOOL *bDevice );

int FakeDosNameForDevice ( const wchar_t *lpszDiskFile , wchar_t *lpszDosDevice , size_t cbDosDevice, wchar_t *lpszCFDevice , size_t cbCFDevice, BOOL bNameOnly );

int RemoveFakeDosName ( wchar_t *lpszDiskFile , wchar_t *lpszDosDevice );

void AbortProcessDirect ( wchar_t *abortMsg );

char * GetLegalNotices ();

BOOL CALLBACK BenchmarkDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);

void UserEnrichRandomPool (HWND hwndDlg);

BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);

BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam);

int DriverAttach ( void );

BOOL CALLBACK CipherTestDialogProc ( HWND hwndDlg , UINT uMsg , WPARAM wParam , LPARAM lParam );

void ResetCipherTest ( HWND hwndDlg , int idTestCipher );

void ResetCurrentDirectory ();

BOOL BrowseFiles (HWND hwndDlg, char *stringId, wchar_t *lpszFileName, BOOL keepHistory, BOOL saveMode, wchar_t *browseFilter);

BOOL BrowseDirectories (HWND hWnd, char *lpszTitle, wchar_t *dirName);

void handleError ( HWND hwndDlg , int code, const char* srcPos );

BOOL CheckFileStreamWriteErrors (HWND hwndDlg, FILE *file, const wchar_t *fileName);

void LocalizeDialog ( HWND hwnd, char *stringId );

void OpenVolumeExplorerWindow (int driveNo);

static BOOL CALLBACK CloseVolumeExplorerWindowsEnum( HWND hwnd, LPARAM driveNo);

BOOL CloseVolumeExplorerWindows (HWND hwnd, int driveNo);

BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValue);

BOOL CheckCapsLock (HWND hwnd, BOOL quiet);

BOOL CheckFileExtension (wchar_t *fileName);

<?xml version="1.0" encoding="utf-8"?>

<VeraCrypt>

<localization prog-version="1.24-Update8">

<language langid="en" name="English" en-name="English" version="0.0.0" translators="TrueCrypt/VeraCrypt Teams" />

<font lang="en" class="normal" size="11" face="default" />

<font lang="en" class="bold" size="13" face="Arial" />

<font lang="en" class="fixed" size="12" face="Lucida Console" />

<font lang="en" class="title" size="21" face="Times New Roman" />

<entry lang="en" key="IDCANCEL">Cancel</entry>

<entry lang="en" key="IDC_ALL_USERS">Install &amp;for all users</entry>

<entry lang="en" key="IDC_BROWSE">Bro&amp;wse...</entry>

<entry lang="en" key="IDC_DESKTOP_ICON">Add VeraCrypt icon to &amp;desktop</entry>

<entry lang="en" key="IDC_DONATE">Donate now...</entry>

<entry lang="en" key="IDC_FILE_TYPE">Associate the .hc file &amp;extension with VeraCrypt</entry>

<entry lang="en" key="IDC_OPEN_CONTAINING_FOLDER">&amp;Open the destination location when finished</entry>

<entry lang="en" key="IDC_PROG_GROUP">Add VeraCrypt to &amp;Start menu</entry>

<entry lang="en" key="IDC_SYSTEM_RESTORE">Create System &amp;Restore point</entry>

<entry lang="en" key="IDC_UNINSTALL">&amp;Uninstall</entry>

<entry lang="en" key="IDC_MB">&amp;MiB</entry>

<entry lang="en" key="IDC_MORE_INFO_ON_CONTAINERS">More information</entry>

<entry lang="en" key="IDC_MORE_INFO_ON_SYS_ENCRYPTION">More information about system encryption</entry>

<entry lang="en" key="IDC_MORE_INFO_SYS_ENCRYPTION">More information</entry>

<entry lang="en" key="IDC_MULTI_BOOT">Multi-Boot</entry>

<entry lang="en" key="IDC_NONSYS_DEVICE">Encrypt a non-system partition/drive</entry>

<entry lang="en" key="IDC_NO_HISTORY">&amp;Never save history</entry>

<entry lang="en" key="IDC_OPEN_OUTER_VOLUME">Open Outer Volume</entry>

<entry lang="en" key="IDC_PAUSE">&amp;Pause</entry>

<entry lang="en" key="IDC_PIM_ENABLE">Use P&amp;IM</entry>

<entry lang="en" key="IDC_QUICKFORMAT">Quick Format</entry>

<entry lang="en" key="IDC_SHOW_PASSWORD">&amp;Display password</entry>

<entry lang="en" key="IDC_SHOW_PASSWORD_SINGLE">&amp;Display password</entry>

<entry lang="en" key="IDC_SHOW_PIM">&amp;Display PIM</entry>

<entry lang="en" key="IDC_SINGLE_BOOT">Single-boot</entry>

<entry lang="en" key="IDC_STD_VOL">Standard VeraCrypt volume</entry>

<entry lang="en" key="IDC_SYSENC_HIDDEN">Hi&amp;dden</entry>

<entry lang="en" key="IDC_SYSENC_NORMAL">Normal</entry>

<entry lang="en" key="IDC_SYS_DEVICE">Encrypt the system partition or entire system drive</entry>

<entry lang="en" key="IDC_SYS_PARTITION">Encrypt the Windows system partition</entry>

<entry lang="en" key="IDC_WHOLE_SYS_DRIVE">Encrypt the whole drive</entry>

<entry lang="en" key="IDT_CLUSTER">Cluster </entry>

<entry lang="en" key="IDT_COLLECTING_RANDOM_DATA_NOTE">IMPORTANT: Move your mouse as randomly as possible within this window. The longer you move it, the better. This significantly increases the cryptographic strength of the encryption keys. Then click Next to continue.</entry>

<entry lang="en" key="IDT_CONFIRM">&amp;Confirm:</entry>

<entry lang="en" key="IDT_DONE">Done</entry>

<entry lang="en" key="IDT_DRIVE_LETTER">Drive letter:</entry>

<entry lang="en" key="IDT_ENCRYPTION_ALGO">Encryption Algorithm</entry>

<entry lang="en" key="IDT_FILESYSTEM">Filesystem </entry>

<entry lang="en" key="IDT_FILE_CONTAINER">Creates a virtual encrypted disk within a file. Recommended for inexperienced users.</entry>

<entry lang="en" key="IDT_FORMAT_OPTIONS">Options</entry>

<entry lang="en" key="IDT_HASH_ALGO">Hash Algorithm</entry>

<entry lang="en" key="IDT_OLD_PIM">Volume PIM:</entry>

<entry lang="en" key="IDT_PROGRESS">Progress:</entry>

<entry lang="en" key="IDT_RANDOM_POOL">Random Pool: </entry>

<entry lang="en" key="IDT_SINGLE_BOOT">Select this option if there is only one operating system installed on this computer (even if it has multiple users).</entry>

<entry lang="en" key="IDT_SPEED">Speed</entry>

<entry lang="en" key="IDT_STATUS">Status</entry>

<entry lang="en" key="IDT_SYSENC_KEYS_GEN_INFO">The keys, salt, and other data have been successfully generated. If you want to generate new keys, click Back and then Next. Otherwise, click Next to continue.</entry>

<entry lang="en" key="IDT_SYS_DEVICE">Encrypts the partition/drive where Windows is installed. Anyone who wants to gain access and use the system, read and write files, etc., will need to enter the correct password each time before Windows boots. Optionally, creates a hidden system.</entry>

<entry lang="en" key="IDT_SYS_PARTITION">Select this option to encrypt the partition where the currently running Windows operating system is installed.</entry>

<entry lang="en" key="IDT_VOLUME_LABEL">Volume Label in Windows:</entry>

<entry lang="en" key="IDCLOSE">Close</entry>

<entry lang="en" key="IDC_ALLOW_ESC_PBA_BYPASS">Allow pre-boot &amp;authentication to be bypassed by pressing the Esc key (enables boot manager)</entry>

<entry lang="en" key="IDC_AUTORUN_DISABLE">Do nothing</entry>

<entry lang="en" key="IDC_AUTORUN_MOUNT">&amp;Auto-mount VeraCrypt volume (specified below)</entry>

<entry lang="en" key="IDC_AUTORUN_START">&amp;Start VeraCrypt</entry>

<entry lang="en" key="IDC_AUTO_DETECT_PKCS11_MODULE">Auto-&amp;Detect Library</entry>

<entry lang="en" key="IDC_BOOT_LOADER_CACHE_PASSWORD">&amp;Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)</entry>

<entry lang="en" key="IDC_BROWSE_DIRS">Browse...</entry>

<entry lang="en" key="IDC_BROWSE_FILES">Browse...</entry>

<entry lang="en" key="IDC_CACHE">Cache passwords and keyfil&amp;es in memory</entry>

<entry lang="en" key="FILESYS_PAGE_TITLE">Large Files</entry>

<entry lang="en" key="FILESYS_PAGE_HELP_QUESTION">Do you intend to store files larger than 4 GiB in this VeraCrypt volume?</entry>

<entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION">Depending on your choice above, VeraCrypt will choose a suitable default file system for the VeraCrypt volume (you will be able to select a file system in the next step).</entry>

<entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION_HIDVOL">As you are creating an outer volume, you should consider choosing 'No'. If you choose 'Yes', the default filesystem will be NTFS, which is not as suitable for outer volumes as FAT/exFAT (for example, the maximum possible size of the hidden volume will be significantly greater if the outer volume is formatted as FAT/exFAT). Normally, FAT is the default for both hidden and normal volumes (so FAT volumes are not suspicious). However, if the user indicates intent to store files larger than 4 GiB (which the FAT file system does not allow), then FAT is not the default.</entry>

<entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION_HIDVOL_CONFIRM">Are you sure you want to choose 'Yes'?</entry>

<entry lang="en" key="DEVICE_TRANSFORM_MODE_PAGE_TITLE">Volume Creation Mode</entry>

<entry lang="en" key="DEVICE_TRANSFORM_MODE_PAGE_FORMAT_HELP">This is the fastest way to create a partition-hosted or device-hosted VeraCrypt volume (in-place encryption, which is the other option, is slower because content of each sector has to be first read, encrypted, and then written). Any data currently stored on the selected partition/device will be lost (the data will NOT be encrypted; it will be overwritten with random data). If you want to encrypt existing data on a partition, choose the other option.</entry>

<entry lang="en" key="DEVICE_TRANSFORM_MODE_PAGE_INPLACE_HELP">The entire selected partition and all data stored on it will be encrypted in place. If the partition is empty, you should choose the other option (the volume will be created much faster).</entry>

<entry lang="en" key="NOTE_BEGINNING">Note: </entry>

<entry lang="en" key="RESUME">&amp;Resume</entry>

<entry lang="en" key="START">&amp;Start</entry>

<entry lang="en" key="CONTINUE">&amp;Continue</entry>

<entry lang="en" key="FORMAT">&amp;Format</entry>

<entry lang="en" key="WIPE">&amp;Wipe</entry>

<entry lang="en" key="FORMAT_ABORT">Abort format?</entry>

<entry lang="en" key="SHOW_MORE_INFORMATION">Show more information</entry>

<entry lang="en" key="DO_NOT_SHOW_THIS_AGAIN">Do not show this again</entry>

<entry lang="en" key="WIPE_FINISHED">The content of the partition/device has been successfully erased.</entry>

<entry lang="en" key="WIPE_FINISHED_DECOY_SYSTEM_PARTITION">The content of the partition where the original system (of which the hidden system is a clone) resided has been successfully erased.</entry>

<entry lang="en" key="DECOY_OS_VERSION_WARNING">Please make sure the version of Windows you are going to install (on the wiped partition) is the same as the version of Windows you are currently running. This is required due to the fact that both systems will share a common boot partition.</entry>

<entry lang="en" key="EXTRA_BOOT_PARTITION_REMOVAL_INSTRUCTIONS">\nThe extra boot partition can be removed before installing Windows. To do so, follow these steps:\n\n1) Boot your Windows installation disc.\n\n2) In the Windows installer screen, click 'Install now' > 'Custom (advanced)'.\n\n3) Click 'Drive Options'.\n\n4) Select the main system partition and delete it by clicking 'Delete' and 'OK'.\n\n5) Select the 'System Reserved' partition, click 'Extend', and increase its size so that the operating system can be installed to it.\n\n6) Click 'Apply' and 'OK'.\n\n7) Install Windows on the 'System Reserved' partition.\n\n\nShould an attacker ask why you removed the extra boot partition, you can answer that you wanted to prevent any possible data leaks to the unencrypted boot partition.\n\nNote: You can print this text by clicking the 'Print' button below. If you save a copy of this text or print it (strongly recommended, unless your printer stores copies of documents it prints on its internal drive), you should destroy any copies of it after removing the extra boot partition (otherwise, if such a copy was found, it might indicate that there is a hidden operating system on this computer).</entry>

<entry lang="en" key="GAP_BETWEEN_SYS_AND_HIDDEN_OS_PARTITION">Warning: There is unallocated space between the system partition and the first partition behind it. After you create the hidden operating system, you must not create any new partitions in that unallocated space. Otherwise, the hidden operating system will be impossible to boot (until you delete such newly created partitions).</entry>

<entry lang="en" key="ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION">This algorithm is currently not supported for system encryption.</entry>

<entry lang="en" key="ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE">This algorithm is not supported for TrueCrypt mode.</entry>

<entry lang="en" key="PIM_NOT_SUPPORTED_FOR_TRUECRYPT_MODE">PIM (Personal Iterations Multiplier) not supported for TrueCrypt mode.</entry>

<entry lang="en" key="PIM_REQUIRE_LONG_PASSWORD">Password must contain 20 or more characters in order to use the specified PIM.\nShorter passwords can only be used if the PIM is 485 or greater.</entry>

<entry lang="en" key="BOOT_PIM_REQUIRE_LONG_PASSWORD">Pre-boot authentication Password must contain 20 or more characters in order to use the specified PIM.\nShorter passwords can only be used if the PIM is 98 or greater.</entry>

<entry lang="en" key="KEYFILES_NOT_SUPPORTED_FOR_SYS_ENCRYPTION">Keyfiles are currently not supported for system encryption.</entry>

<entry lang="en" key="CANNOT_RESTORE_KEYBOARD_LAYOUT">Warning: VeraCrypt could not restore the original keyboard layout. This may cause you to enter a password incorrectly.</entry>

<entry lang="en" key="CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION">Error: Cannot set the keyboard layout for VeraCrypt to the standard US keyboard layout.\n\nNote that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout.</entry>

<entry lang="en" key="KEYB_LAYOUT_CHANGE_PREVENTED">VeraCrypt prevented change of keyboard layout.</entry>

<entry lang="en" key="KEYB_LAYOUT_SYS_ENC_EXPLANATION">Note: The password will need to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout. However, it is important to note that you do NOT need a real US keyboard. VeraCrypt automatically ensures that you can safely type the password (right now and in the pre-boot environment) even if you do NOT have a real US keyboard.</entry>

<entry lang="en" key="RESCUE_DISK_INFO">Before you can encrypt the partition/drive, you must create a VeraCrypt Rescue Disk (VRD), which serves the following purposes:\n\n- If the VeraCrypt Boot Loader, master key, or other critical data gets damaged, the VRD allows you to restore it (note, however, that you will still have to enter the correct password then).\n\n- If Windows gets damaged and cannot start, the VRD allows you to permanently decrypt the partition/drive before Windows starts.\n\n- The VRD will contain a backup of the present content of the first drive track (which typically contains a system loader or boot manager) and will allow you to restore it if necessary.\n\nThe VeraCrypt Rescue Disk ISO image will be created in the location specified below.</entry>

<entry lang="en" key="RESCUE_DISK_WIN_ISOBURN_PRELAUNCH_NOTE">After you click OK, Microsoft Windows Disc Image Burner will be launched. Please use it to burn the VeraCrypt Rescue Disk ISO image to a CD or DVD.\n\nAfter you do so, return to the VeraCrypt Volume Creation Wizard and follow its instructions.</entry>

<entry lang="en" key="RESCUE_DISK_BURN_INFO">The Rescue Disk image has been created and stored in this file:\n%s\n\nNow you need to burn it to a CD or DVD.\n\n%lsAfter you burn the Rescue Disk, click Next to verify that it has been correctly burned.</entry>

<entry lang="en" key="RESCUE_DISK_BURN_INFO_NO_CHECK">The Rescue Disk image has been created and stored in this file:\n%s\n\nNow you should either burn the image to a CD/DVD or move it to a safe location for later use.\n\n%lsClick Next to continue.</entry>

<entry lang="en" key="RESCUE_DISK_BURN_INFO_NONWIN_ISO_BURNER">IMPORTANT: Note that the file must be written to the CD/DVD as an ISO disk image (not as an individual file). For information on how to do so, please refer to the documentation of your CD/DVD recording software. If you do not have any CD/DVD recording software that can write the ISO disk image to a CD/DVD, click the link below to download such free software.\n\n</entry>

<entry lang="en" key="LAUNCH_WIN_ISOBURN">Launch Microsoft Windows Disc Image Burner</entry>

<entry lang="en" key="RESCUE_DISK_BURN_NO_CHECK_WARN">WARNING: If you already created a VeraCrypt Rescue Disk in the past, it cannot be reused for this system partition/drive because it was created for a different master key! Every time you encrypt a system partition/drive, you must create a new VeraCrypt Rescue Disk for it even if you use the same password.</entry>

<entry lang="en" key="CANNOT_SAVE_SYS_ENCRYPTION_SETTINGS">Error: Cannot save system encryption settings.</entry>

<entry lang="en" key="WDE_UNSUPPORTED_FOR_MULTIPLE_SYSTEMS_ON_ONE_DRIVE">VeraCrypt currently does not support encrypting a whole drive that contains multiple operating systems.\n\nPossible Solutions:\n\n- You can still encrypt one of the systems if you go back and choose to encrypt only a single system partition (as opposed to choosing to encrypt the entire system drive).\n\n- Alternatively, you will be able to encrypt the entire drive if you move some of the systems to other drives leaving only one system on the drive you want to encrypt.</entry>

<entry lang="en" key="SYSENC_MULTI_BOOT_ADJACENT_SYS_TITLE">Multiple Systems on Single Drive</entry>

<entry lang="en" key="SYSENC_MULTI_BOOT_ADJACENT_SYS_HELP">Are there any other operating systems installed on the drive on which the currently running operating system is installed?\n\nNote: For example, if the currently running operating system is installed on the drive #0, which contains several partitions, and if one of the partitions contains Windows and another partition contains any additional operating system (e.g. Windows, Mac OS X, Linux, etc.), select 'Yes'.</entry>

<entry lang="en" key="SYSENC_MULTI_BOOT_NONWIN_BOOT_LOADER_TITLE">Non-Windows Boot Loader</entry>

<entry lang="en" key="SYSENC_MULTI_BOOT_NONWIN_BOOT_LOADER_HELP">Is a non-Windows boot loader (or boot manager) installed in the master boot record (MBR)?\n\nNote: For example, if the first track of the boot drive contains GRUB, LILO, XOSL, or some other non-Windows boot manager (or boot loader), select 'Yes'.</entry>

<entry lang="en" key="SYSENC_MULTI_BOOT_OUTCOME_TITLE">Multi-Boot</entry>

<entry lang="en" key="CUSTOM_BOOT_MANAGERS_IN_MBR_UNSUPPORTED">VeraCrypt currently does not support multi-boot configurations where a non-Windows boot loader is installed in the Master Boot Record.\n\nPossible Solutions:\n\n- If you use a boot manager to boot Windows and Linux, move the boot manager (typically, GRUB) from the Master Boot Record to a partition. Then start this wizard again and encrypt the system partition/drive. Note that the VeraCrypt Boot Loader will become your primary boot manager and it will allow you to launch the original boot manager (e.g. GRUB) as your secondary boot manager (by pressing Esc in the VeraCrypt Boot Loader screen) and thus you will be able boot Linux.</entry>

<entry lang="en" key="WINDOWS_BOOT_LOADER_HINTS">If the currently running operating system is installed on the boot partition, then, after you encrypt it, you will need to enter the correct password even if you want to start any other unencrypted Windows system(s) (as they will share a single encrypted Windows boot loader/manager).\n\nIn contrast, if the currently running operating system is not installed on the boot partition (or if the Windows boot loader/manager is not used by any other system), then, after you encrypt this system, you will not need to enter the correct password to boot the other unencrypted system(s) -- you will only need to press the Esc key to start the unencrypted system (if there are multiple unencrypted systems, you will also need to choose which system to start in the VeraCrypt Boot Manager menu).\n\nNote: Typically, the earliest installed Windows system is installed on the boot partition.</entry>

<entry lang="en" key="SYSENC_PRE_DRIVE_ANALYSIS_TITLE">Encryption of Host Protected Area</entry>

<entry lang="en" key="SYSENC_PRE_DRIVE_ANALYSIS_HELP">At the end of many drives, there is an area that is normally hidden from the operating system (such areas are usually referred to as Host Protected Areas). However, some programs can read and write data from/to such areas.\n\nWARNING: Some computer manufacturers may use such areas to store tools and data for RAID, system recovery, system setup, diagnostic, or other purposes. If such tools or data must be accessible before booting, the hidden area should NOT be encrypted (choose 'No' above).\n\nDo you want VeraCrypt to detect and encrypt such a hidden area (if any) at the end of the system drive?</entry>

<entry lang="en" key="SYSENC_NORMAL_TYPE_HELP">Select this option if you merely want to encrypt the system partition or the entire system drive.</entry>

<entry lang="en" key="SYSENC_HIDDEN_TYPE_HELP">It may happen that you are forced by somebody to decrypt the operating system. There are many situations where you cannot refuse to do so (for example, due to extortion). If you select this option, you will create a hidden operating system whose existence should be impossible to prove (provided that certain guidelines are followed). Thus, you will not have to decrypt or reveal the password to the hidden operating system. For a detailed explanation, please click the link below.</entry>

<entry lang="en" key="HIDDEN_OS_PREINFO">It may happen that you are forced by somebody to decrypt the operating system. There are many situations where you cannot refuse to do so (for example, due to extortion).\n\nUsing this wizard, you can create a hidden operating system whose existence should be impossible to prove (provided that certain guidelines are followed). Thus, you will not have to decrypt or reveal the password for the hidden operating system.</entry>

<entry lang="en" key="SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_TITLE">Hidden Operating System</entry>

<entry lang="en" key="SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_HELP">In the following steps, you will create two VeraCrypt volumes (outer and hidden) within the first partition behind the system partition. The hidden volume will contain the hidden operating system (OS). VeraCrypt will create the hidden OS by copying the content of the system partition (where the currently running OS is installed) to the hidden volume. To the outer volume, you will copy some sensitive looking files that you actually do NOT want to hide. They will be there for anyone forcing you to disclose the password for the hidden OS partition. You can reveal the password for the outer volume within the hidden OS partition (the existence of the hidden OS remains secret).\n\nFinally, on the system partition of the currently running OS, you will install a new OS, so-called decoy OS, and encrypt it. It must not contain sensitive data and will be there for anyone forcing you to reveal your pre-boot authentication password. In total, there will be three passwords. Two of them can be disclosed (for the decoy OS and outer volume). If you use the third one, the hidden OS will start.</entry>

<entry lang="en" key="SYSENC_DRIVE_ANALYSIS_TITLE">Detecting Hidden Sectors</entry>

<entry lang="en" key="SYSENC_DRIVE_ANALYSIS_INFO">Please wait while VeraCrypt is detecting possible hidden sectors at the end of the system drive. Note that it may take a long time to complete.\n\nNote: In very rare cases, on some computers, the system may become unresponsive during this detection process. If it happens, restart the computer, start VeraCrypt, repeat the previous steps but skip this detection process. Note that this issue is not caused by a bug in VeraCrypt.</entry>

<entry lang="en" key="SYS_ENCRYPTION_SPAN_TITLE">Area to Encrypt</entry>

<entry lang="en" key="SYS_ENCRYPTION_SPAN_WHOLE_SYS_DRIVE_HELP">Select this option if you want to encrypt the entire drive on which the currently running Windows system is installed. The whole drive, including all its partitions, will be encrypted except the first track where the VeraCrypt Boot Loader will reside. Anyone who wants to access a system installed on the drive, or files stored on the drive, will need to enter the correct password each time before the system starts. This option cannot be used to encrypt a secondary or external drive if Windows is not installed on it and does not boot from it.</entry>

<entry lang="en" key="COLLECTING_RANDOM_DATA_TITLE">Collecting Random Data</entry>

<entry lang="en" key="KEYS_GEN_TITLE">Keys Generated</entry>

<entry lang="en" key="CD_BURNER_NOT_PRESENT">VeraCrypt has found no CD/DVD burner connected to your computer. VeraCrypt needs a CD/DVD burner to burn a bootable VeraCrypt Rescue Disk containing a backup of the encryption keys, VeraCrypt boot loader, original system loader, etc.\n\nWe strongly recommend that you burn the VeraCrypt Rescue Disk.</entry>

<entry lang="en" key="CD_BURNER_NOT_PRESENT_WILL_STORE_ISO">I have no CD/DVD burner but I will store the Rescue Disk ISO image on a removable drive (e.g. USB flash drive).</entry>

<entry lang="en" key="CD_BURNER_NOT_PRESENT_WILL_CONNECT_LATER">I will connect a CD/DVD burner to my computer later. Terminate the process now.</entry>

<entry lang="en" key="CD_BURNER_NOT_PRESENT_CONNECTED_NOW">A CD/DVD burner is connected to my computer now. Continue and write the Rescue Disk.</entry>

<entry lang="en" key="CD_BURNER_NOT_PRESENT_WILL_STORE_ISO_INFO">Please follow these steps:\n\n1) Connect a removable drive, such as a USB flash drive, to your computer now.\n\n2) Copy the VeraCrypt Rescue Disk image file (%s) to the removable drive.\n\nIn case you need to use the VeraCrypt Rescue Disk in the future, you will be able to connect your removable drive (containing the VeraCrypt Rescue Disk image) to a computer with a CD/DVD burner and create a bootable VeraCrypt Rescue Disk by burning the image to a CD or DVD. IMPORTANT: Note that the VeraCrypt Rescue Disk image file must be written to the CD/DVD as an ISO disk image (not as an individual file).</entry>

<entry lang="en" key="RESCUE_DISK_RECORDING_TITLE">Rescue Disk Recording</entry>

<entry lang="en" key="RESCUE_DISK_CREATED_TITLE">Rescue Disk Created</entry>

<entry lang="en" key="RESCUE_DISK_DISK_VERIFIED_TITLE">Rescue Disk Verified</entry>

<entry lang="en" key="RESCUE_DISK_VERIFIED_INFO">\nThe VeraCrypt Rescue Disk has been successfully verified. Please remove it from the drive now and store it in a safe place.\n\nClick Next to continue.</entry>

<entry lang="en" key="REMOVE_RESCUE_DISK_FROM_DRIVE">WARNING: During the next steps, the VeraCrypt Rescue Disk must not be in the drive. Otherwise, it will not be possible to complete the steps correctly.\n\nPlease remove it from the drive now and store it in a safe place. Then click OK.</entry>

<entry lang="en" key="PREBOOT_NOT_LOCALIZED">Warning: Due to technical limitations of the pre-boot environment, texts displayed by VeraCrypt in the pre-boot environment (i.e. before Windows starts) cannot be localized. The VeraCrypt Boot Loader user interface is completely in English.\n\nContinue?</entry>

<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO">Before encrypting your system partition or drive, VeraCrypt needs to verify that everything works correctly.\n\nAfter you click Test, all the necessary components (for example, the pre-boot authentication component, i.e. the VeraCrypt Boot Loader) will be installed and your computer will be restarted. Then you will have to enter your password in the VeraCrypt Boot Loader screen that will appear before Windows starts. After Windows starts, you will be automatically informed about the result of this pretest.\n\nThe following device will be modified: Drive #%d\n\n\nIf you click Cancel now, nothing will be installed and the pretest will not be performed.</entry>

<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_1">IMPORTANT NOTES -- PLEASE READ OR PRINT (click 'Print'):\n\nNote that none of your files will be encrypted before you successfully restart your computer and start Windows. Thus, if anything fails, your data will NOT be lost. However, if something does go wrong, you might encounter difficulties in starting Windows. Therefore, please read (and, if possible, print) the following guidelines on what to do if Windows cannot start after you restart the computer.\n\n</entry>

<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_2">What to Do If Windows Cannot Start\n------------------------------------------------\n\nNote: These instructions are valid only if you have not started encrypting.\n\n- If Windows does not start after you enter the correct password (or if you repeatedly enter the correct password but VeraCrypt says that the password is incorrect), do not panic. Restart (power off and on) the computer, and in the VeraCrypt Boot Loader screen, press the Esc key on your keyboard (and if you have multiple systems, choose which to start). Then Windows should start (provided that it is not encrypted) and VeraCrypt will automatically ask whether you want to uninstall the pre-boot authentication component. Note that the previous steps do NOT work if the system partition/drive is encrypted (nobody can start Windows or access encrypted data on the drive without the correct password even if he or she follows the previous steps).\n\n</entry>

<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_3">- If the previous steps do not help or if the VeraCrypt Boot Loader screen does not appear (before Windows starts), insert the VeraCrypt Rescue Disk into your CD/DVD drive and restart your computer. If the VeraCrypt Rescue Disk screen does not appear (or if you do not see the 'Repair Options' item in the 'Keyboard Controls' section of the VeraCrypt Rescue Disk screen), it is possible that your BIOS is configured to attempt to boot from hard drives before CD/DVD drives. If that is the case, restart your computer, press F2 or Delete (as soon as you see a BIOS start-up screen), and wait until a BIOS configuration screen appears. If no BIOS configuration screen appears, restart (reset) the computer again and start pressing F2 or Delete repeatedly as soon as you restart (reset) the computer. When a BIOS configuration screen appears, configure your BIOS to boot from the CD/DVD drive first (for information on how to do so, please refer to the documentation for your BIOS/motherboard or contact your computer vendor's technical support team for assistance). Then restart your computer. The VeraCrypt Rescue Disk screen should appear now. In the VeraCrypt Rescue Disk screen, select 'Repair Options' by pressing F8 on your keyboard. From the 'Repair Options' menu, select 'Restore original system loader'. Then remove the Rescue Disk from your CD/DVD drive and restart your computer. Windows should start normally (provided that it is not encrypted).\n\n</entry>

<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_4">Note that the previous steps do NOT work if the system partition/drive is encrypted (nobody can start Windows or access encrypted data on the drive without the correct password even if he or she follows the previous steps).\n\n\nNote that even if you lose your VeraCrypt Rescue Disk and an attacker finds it, he or she will NOT be able to decrypt the system partition or drive without the correct password.</entry>

<entry lang="en" key="NONSYS_INPLACE_ENC_ENCRYPTION_PAGE_INFO">\n\nYou can click Pause or Defer anytime to interrupt the process of encryption, exit this wizard, restart or shut down your computer, and then resume the process, which will continue from the point it was stopped. Note that the volume cannot be mounted until it has been fully encrypted.</entry>

<entry lang="en" key="NONSYS_INPLACE_DEC_DECRYPTION_PAGE_INFO">\n\nYou can click Pause or Defer anytime to interrupt the process of decryption, exit this wizard, restart or shut down the computer, and then resume the process, which will continue from the point where it was stopped. Note that the volume cannot be mounted until it has been fully decrypted.</entry>

<entry lang="en" key="SYSENC_HIDDEN_OS_INITIAL_INFO_TITLE">Hidden System Started</entry>

<entry lang="en" key="SYSENC_HIDDEN_OS_WIPE_INFO_TITLE">Original System</entry>

<entry lang="en" key="SYSENC_HIDDEN_OS_WIPE_INFO">Windows creates (typically, without your knowledge or consent) various log files, temporary files, etc., on the system partition. It also saves the content of RAM to hibernation and paging files located on the system partition. Therefore, if an adversary analyzed files stored on the partition where the original system (of which the hidden system is a clone) resides, he might find out, for example, that you used the VeraCrypt wizard in the hidden-system-creation mode (which might indicate the existence of a hidden operating system on your computer).\n\nTo prevent such issues, VeraCrypt will, in the next steps, securely erase the entire content of the partition where the original system resides. Afterwards, in order to achieve plausible deniability, you will need to install a new system on the partition and encrypt it. Thus you will create the decoy system and the whole process of creation of the hidden operating system will be completed.</entry>

<entry lang="en" key="OS_WIPING_NOT_FINISHED_ASK">The hidden operating system has been successfully created. However, before you can start using it (and achieve plausible deniability), you need to securely erase (using VeraCrypt) the entire content of the partition where the currently running operating system is installed. Before you can do that, you need to restart the computer and, in the VeraCrypt Boot Loader screen (which appears before Windows starts), enter the pre-boot authentication password for the hidden operating system. Then, after the hidden system starts, the VeraCrypt wizard will be launched automatically.\n\nNote: If you choose to terminate the process of creation of the hidden operating system now, you will NOT be able to resume the process and the hidden system will NOT be accessible (because the VeraCrypt Boot Loader will be removed).</entry>

<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_ASK">You have scheduled the process of creation of a hidden operating system. The process has not been completed yet. To complete it, you need to restart the computer and, in the VeraCrypt Boot Loader screen (which appears before Windows starts), enter the password for the hidden operating system.\n\nNote: If you choose to terminate the process of creation of the hidden operating system now, you will NOT be able to resume the process.</entry>

<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_RETRY">Restart the computer and proceed</entry>

<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_TERMINATE">Permanently terminate the process of creation of the hidden operating system</entry>

<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_ASK_LATER">Do nothing now and ask again later</entry>

<entry lang="en" key="MOUNTED_DEVICE_FORCED_READ_ONLY_WRITE_PROTECTION">Volume '%s' has been mounted as read-only because the operating system reported the host device to be write-protected.\n\nPlease note that some custom chipset drivers have been reported to cause writable media to falsely appear write-protected. This problem is not caused by VeraCrypt. It may be solved by updating or uninstalling any custom (non-Microsoft) chipset drivers that are currently installed on this system.</entry>

<entry lang="en" key="LIMIT_ENC_THREAD_POOL_NOTE">Note that the Hyper-Threading technology provides multiple logical cores per a single physical core. When Hyper Threading is enabled, the number selected above represents the number of logical processors/cores.</entry>

<entry lang="en" key="NUMBER_OF_THREADS">%d threads</entry>

<entry lang="en" key="DISABLED_HW_AES_AFFECTS_PERFORMANCE">Note that hardware-accelerated AES is disabled, which will affect benchmark results (worse performance).\n\nTo enable hardware acceleration, select 'Settings' > 'Performance' and enable the corresponding option.</entry>

<entry lang="en" key="LIMITED_THREAD_COUNT_AFFECTS_PERFORMANCE">Note that the number of threads is currently limited, which will affect benchmark results (worse performance).\n\nTo utilize the full potential of the processor(s), select 'Settings' > 'Performance' and disable the corresponding option.</entry>

<entry lang="en" key="ASK_REMOVE_DEVICE_WRITE_PROTECTION">Do you want VeraCrypt to attempt to disable write protection of the partition/drive?</entry>

<entry lang="en" key="CONFIRM_SETTING_DEGRADES_PERFORMANCE">WARNING: This setting may degrade performance.\n\nAre you sure you want to use this setting?</entry>

<entry lang="en" key="HOST_DEVICE_REMOVAL_DISMOUNT_WARN_TITLE">Warning: VeraCrypt volume auto-dismounted</entry>

<entry lang="en" key="HOST_DEVICE_REMOVAL_DISMOUNT_WARN">Before you physically remove or turn off a device containing a mounted volume, you should always dismount the volume in VeraCrypt first.\n\nUnexpected spontaneous dismount is usually caused by an intermittently failing cable, drive (enclosure), etc.</entry>

<entry lang="en" key="UNSUPPORTED_TRUECRYPT_FORMAT">This volume was created with TrueCrypt %x.%x but VeraCrypt supports only TrueCrypt volumes created with TrueCrypt 6.x/7.x series</entry>

<entry lang="en" key="KEYFILE">Keyfile</entry>

<entry lang="en" key="VKEY_08">Backspace</entry>

<entry lang="en" key="VKEY_09">Tab</entry>

<entry lang="en" key="VKEY_0C">Clear</entry>

<entry lang="en" key="VKEY_0D">Enter</entry>

<entry lang="en" key="VKEY_13">Pause</entry>

<entry lang="en" key="VKEY_14">Caps Lock</entry>

<entry lang="en" key="VKEY_20">Spacebar</entry>

<entry lang="en" key="VKEY_21">Page Up</entry>

<entry lang="en" key="VKEY_22">Page Down</entry>

<entry lang="en" key="DISABLE_BOOT_LOADER_PIM_PROMPT">WARNING: Please keep in mind that if you enable this option, the PIM value will be stored unencrypted on the disk.\n\nAre you sure you want to enable this option?</entry>

<entry lang="en" key="PIM_TOO_BIG">Personal Iterations Multiplier (PIM) maximum value is 2147468.</entry>

<entry lang="en" key="IDC_SKIP_RESCUE_VERIFICATION">Skip Rescue Disk verification</entry>

<entry lang="en" key="IDC_HIDE_WAITING_DIALOG">Don't show wait message dialog when performing operations</entry>

<entry lang="en" key="IDC_DISABLE_BOOT_LOADER_HASH_PROMPT">Do not request Hash algorithm in the pre-boot authentication screen</entry>

<entry lang="en" key="KUZNYECHIK_HELP">Kuznyechik is a block cipher first published in 2015 and defined in the National Standard of the Russian Federation GOST R 34.12-2015 and also in RFC 7801. 256-bit key, 128-bit block. Mode of operation is XTS.</entry>

<entry lang="en" key="CAMELLIA_HELP">Jointly developed by Mitsubishi Electric and NTT of Japan. First published on 2000. 256-bit key, 128-bit block. Mode of operation is XTS. It has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.</entry>

<entry lang="en" key="TIME">Time</entry>

<entry lang="en" key="ITERATIONS">Iterations</entry>

<entry lang="en" key="PRE-BOOT">Pre-Boot</entry>

<entry lang="en" key="RESCUE_DISK_EFI_EXTRACT_INFO">The Rescue Disk ZIP image has been created and stored in this file:\n%s\n\nNow you need to extract it to a USB stick that is formatted as FAT/FAT32.\n\n%lsAfter you create the Rescue Disk, click Next to verify that it has been correctly created.</entry>

<entry lang="en" key="RESCUE_DISK_EFI_EXTRACT_INFO_NOTE">IMPORTANT: Note that the zip file must be extracted directly to the root of the USB stick. For example, if the drive letter of the USB stick is E: then extracting the zip file should create a folder E:\\EFI on the USB stick.\n\n</entry>

<entry lang="en" key="RESCUE_DISK_EFI_CHECK_FAILED">Cannot verify that the Rescue Disk has been correctly extracted.\n\nIf you have extracted the Rescue Disk, please eject and reinsert the USB stick; then click Next to try again. If this does not help, please try another USB stick and/or another ZIP software.\n\nIf you have not extracted the Rescue Disk yet, please do so, and then click Next.\n\nIf you attempted to verify a VeraCrypt Rescue Disk created before you started this wizard, please note that such Rescue Disk cannot be used, because it was created for a different master key. You need to extract the newly generated Rescue Disk ZIP image.</entry>

<entry lang="en" key="RESCUE_DISK_EFI_NON_WIZARD_CHECK_FAILED">Cannot verify that the Rescue Disk has been correctly extracted.\n\nIf you have extracted the Rescue Disk image to a USB stick, please eject it and reinsert it; then try again. If this does not help, please try other ZIP software and/or medium.\n\nIf you attempted to verify a VeraCrypt Rescue Disk created for a different master key, password, salt, etc., please note that such Rescue Disk will always fail this verification. To create a new Rescue Disk fully compatible with your current configuration, select 'System' > 'Create Rescue Disk'.</entry>

<entry lang="en" key="RESCUE_DISK_EFI_NON_WIZARD_CREATION">The Rescue Disk image has been created and stored in this file:\n%s\n\nNow you need to extract the Rescue Disk image to a USB stick that is formatted as FAT/FAT32.\n\nIMPORTANT: Note that the zip file must be extracted directly to the root of the USB stick. For example, if the drive letter of the USB stick is E: then extracting the zip file should create a folder E:\\EFI on the USB stick.\n\nAfter you create the Rescue Disk, select 'System' > 'Verify Rescue Disk' to verify that it has been correctly created.</entry>

<entry lang="en" key="IDC_SECURE_DESKTOP_PASSWORD_ENTRY">Use Secure Desktop for password entry</entry>

<entry lang="en" key="ERR_REFS_INVALID_VOLUME_SIZE">The volume file size specified in the command line is incompatible with selected ReFS filesystem.</entry>

<entry lang="en" key="IDC_EDIT_DCSPROP">Edit Boot Loader Configuration</entry>

<entry lang="en" key="IDC_SHOW_PLATFORMINFO">Display EFI Platform Information</entry>

<entry lang="en" key="BOOT_LOADER_CONFIGURATION_FILE">Boot Loader Configuration File</entry>

<entry lang="en" key="EFI_PLATFORM_INFORMATION">EFI Platform Information</entry>

<entry lang="en" key="IDT_ADVANCED_OPTIONS">Advanced Options</entry>

<entry lang="en" key="AFTER_UPGRADE_RESCUE_DISK">It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now?</entry>

<entry lang="en" key="IDC_ALLOW_TRIM_NONSYS_SSD">Allow TRIM command for non-system SSD partition/drive</entry>

<entry lang="en" key="IDC_BLOCK_SYSENC_TRIM">Block TRIM command on system partition/drive</entry>

<entry lang="en" key="WINDOWS_EFI_BOOT_LOADER_MISSING">ERROR: Windows EFI system loader could not be located on the disk. Operation will be aborted.</entry>

<entry lang="en" key="SYSENC_EFI_UNSUPPORTED_SECUREBOOT">It is currently not possible to encrypt a system if SecureBoot is enabled and if VeraCrypt custom keys are not loaded into the machine firmware. SecureBoot needs to be disabled in the BIOS configuration in order to allow system encryption to proceed.</entry>

<entry lang="en" key="PASSWORD_PASTED_TRUNCATED">Pasted text truncated because the password maximum length is %d characters</entry>

<entry lang="en" key="PASSWORD_MAXLENGTH_REACHED">Password already reached its maximum length of %d characters.\nNo additional character is allowed.</entry>

<entry lang="en" key="IDC_SELECT_LANGUAGE_LABEL">Select the language to use during the installation:</entry>

<entry lang="en" key="VOLUME_TOO_LARGE_FOR_HOST">ERROR: The size of the file container is larger than the available free space on disk.</entry>

<entry lang="en" key="CONFIRM_ALLOW_WINDOWS_DEFRAG">WARNING: Defragmenting non-system partitions/drives may leak metadata about their content or cause issues with hidden volumes they may contain.\n\nContinue?</entry>

<entry lang="en" key="VIRTUAL_DEVICE">Virtual Device</entry>

<entry lang="en" key="MOUNTED_VOLUME_NOT_ASSOCIATED">The selected mounted volume is not associated with its drive letter in Windows and so it can not be opened in Windows Explorer.</entry>

<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>

<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>

<entry lang="en" key="STARTING">Starting</entry>

<entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>

<entry lang="en" key="IDC_USE_LEGACY_MAX_PASSWORD_LENGTH">Use legacy maximum password length (64 characters)</entry>

<entry lang="en" key="IDC_ENABLE_RAM_ENCRYPTION">Activate encryption of keys and passwords stored in RAM</entry>

<entry lang="en" key="IDT_BENCHMARK">Benchmark:</entry>

<entry lang="en" key="PARAMETER_INCORRECT">Parameter incorrect</entry>

<entry lang="en" key="SELECT_KEYFILES">Select Keyfiles</entry>

<entry lang="en" key="START_TC">Start VeraCrypt</entry>

<entry lang="en" key="VOLUME_ALREADY_MOUNTED">The volume {0} is already mounted.</entry>

<entry lang="en" key="UNKNOWN_OPTION">Unknown option</entry>

<entry lang="en" key="VOLUME_LOCATION">Volume Location</entry>

<entry lang="en" key="VOLUME_HOST_IN_USE">WARNING: The host file/device {0} is already in use!\n\nIgnoring this can cause undesired results including system instability. All applications that might be using the host file/device should be closed before mounting the volume.\n\nContinue mounting?</entry>

<entry lang="en" key="CANT_INSTALL_WITH_EXE_OVER_MSI">VeraCrypt was previously installed using an MSI package and so it can't be updated using the standard installer.\n\nPlease use the MSI package to update your VeraCrypt installation.</entry>

<entry lang="en" key="IDC_USE_ALL_FREE_SPACE">Use all available free space</entry>

<entry lang="en" key="SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM">VeraCrypt cannot be upgraded because the system partition/drive was encrypted using an algorithm that is not supported anymore.\nPlease decrypt your system before upgrading VeraCrypt and then encrypt it again.</entry>

</localization>

<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">

<xs:element name="VeraCrypt">

<xs:complexType>

<xs:sequence>

<xs:element name="localization">

<xs:complexType>

<xs:sequence>

<xs:element name="language">

<xs:complexType>

void VerifyPasswordAndUpdate (HWND hwndDlg, HWND hButton, HWND hPassword,

HWND hVerify, unsigned char *szPassword,

char *szVerify,

BOOL keyFilesEnabled)

{

wchar_t szTmp1[MAX_PASSWORD + 1];

wchar_t szTmp2[MAX_PASSWORD + 1];

char szTmp1Utf8[MAX_PASSWORD + 1];

char szTmp2Utf8[MAX_PASSWORD + 1];

int k = GetWindowTextLength (hPassword);

BOOL bEnable = FALSE;

int utf8Len1, utf8Len2;

UNREFERENCED_PARAMETER (hwndDlg); /* Remove warning */

GetWindowText (hPassword, szTmp1, ARRAYSIZE (szTmp1));

GetWindowText (hVerify, szTmp2, ARRAYSIZE (szTmp2));

utf8Len1 = WideCharToMultiByte (CP_UTF8, 0, szTmp1, -1, szTmp1Utf8, MAX_PASSWORD + 1, NULL, NULL);

utf8Len2 = WideCharToMultiByte (CP_UTF8, 0, szTmp2, -1, szTmp2Utf8, MAX_PASSWORD + 1, NULL, NULL);

if (wcscmp (szTmp1, szTmp2) != 0)

bEnable = FALSE;

else if (utf8Len1 <= 0)

bEnable = FALSE;

else

{

if (k >= MIN_PASSWORD || keyFilesEnabled)

bEnable = TRUE;

else

bEnable = FALSE;

}

{

BOOL bootPimCondition = (bForBoot && (bootPRF != SHA512 && bootPRF != WHIRLPOOL))? TRUE : FALSE;

BOOL bCustomPimSmall = ((pim != 0) && (pim < (bootPimCondition? 98 : 485)))? TRUE : FALSE;

if (passwordLength < PASSWORD_LEN_WARNING)

{

if (bCustomPimSmall)

{

Error (bootPimCondition? "BOOT_PIM_REQUIRE_LONG_PASSWORD": "PIM_REQUIRE_LONG_PASSWORD", hwndDlg);

return FALSE;

}

}

#ifndef _DEBUG

else if (bCustomPimSmall)

{

if (!bSkipPimWarning && AskWarnNoYes ("PIM_SMALL_WARNING", hwndDlg) != IDYES)

return FALSE;

}

#endif

if ((pim != 0) && (pim > (bootPimCondition? 98 : 485)))

&& bDevice

&& !UacElevated

&& IsUacSupported ())

return nStatus;

if (nStatus != 0)

handleError (hwndDlg, nStatus, SRC_POS);

return nStatus;

}

//

// Dialog

//

IDD_VOL_CREATION_WIZARD_DLG DIALOGEX 0, 0, 450, 250

STYLE DS_SETFONT | DS_SETFOREGROUND | DS_FIXEDSYS | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU

CAPTION "VeraCrypt Volume Creation Wizard"

CLASS "VeraCryptCustomDlg"

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

PUSHBUTTON "Cancel",IDCANCEL,382,234,60,14

LTEXT "",IDC_POS_BOX,160,24,281,193

END

IDD_CIPHER_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

COMBOBOX IDC_COMBO_BOX,7,23,172,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP

PUSHBUTTON "&Test",IDC_CIPHER_TEST,191,22,81,14

PUSHBUTTON "&Benchmark",IDC_BENCHMARK,191,122,81,14

GROUPBOX "Encryption Algorithm",IDT_ENCRYPTION_ALGO,0,10,273,131

GROUPBOX "Hash Algorithm",IDT_HASH_ALGO,0,156,273,35

LTEXT "More information",IDC_LINK_MORE_INFO_ABOUT_CIPHER,7,124,176,10,SS_NOTIFY

LTEXT "Information on hash algorithms",IDC_LINK_HASH_INFO,121,171,148,8,SS_NOTIFY

END

IDD_PASSWORD_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

END

IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

EDITTEXT IDC_SIZEBOX,0,22,96,14,ES_AUTOHSCROLL | ES_NUMBER

CONTROL "&KB",IDC_KB,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,105,25,27,10

CONTROL "&MB",IDC_MB,"Button",BS_AUTORADIOBUTTON,140,25,27,10

CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,175,25,27,10

LTEXT "More information about system encryption",IDC_MORE_INFO_ON_SYS_ENCRYPTION,16,177,253,10,SS_NOTIFY

LTEXT "Creates a virtual encrypted disk within a file. Recommended for inexperienced users.",IDT_FILE_CONTAINER,16,20,253,16

LTEXT "Encrypts a non-system partition on any internal or external drive (e.g. a flash drive). Optionally, creates a hidden volume.",IDT_NON_SYS_DEVICE,16,68,253,26

LTEXT "Encrypts the partition/drive where Windows is installed. Anyone who wants to gain access and use the system, read and write files, etc., will need to enter the correct password each time before Windows boots. Optionally, creates a hidden system.",IDT_SYS_DEVICE,16,112,253,59

END

IDD_INFO_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 400, 0, 0x1

BEGIN

END

IDD_HIDVOL_HOST_FILL_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 400, 0, 0x1

BEGIN

LTEXT "",IDC_BOX_HELP,0,6,269,167

PUSHBUTTON "Open Outer Volume",IDC_OPEN_OUTER_VOLUME,0,176,85,14

END

"Button",BS_AUTORADIOBUTTON,0,7,269,10

CONTROL "Encrypt the whole drive",IDC_WHOLE_SYS_DRIVE,"Button",BS_AUTORADIOBUTTON,0,67,269,10

LTEXT "Select this option to encrypt the partition where the currently running Windows operating system is installed.",IDT_SYS_PARTITION,16,20,253,42

LTEXT "",IDT_WHOLE_SYS_DRIVE,16,82,253,104

END

IDD_SYSENC_RESCUE_DISK_CREATION_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

CONTROL "Skip Rescue Disk verification",IDC_SKIP_RESCUE_VERIFICATION,

END

IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

CONTROL "Display pool content",IDC_DISPLAY_POOL_CONTENTS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,10,93,266,10

CONTROL "",IDC_SYS_POOL_CONTENTS,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,33,17,209,63,WS_EX_TRANSPARENT

LTEXT "IMPORTANT: Move your mouse as randomly as possible within this window. The longer you move it, the better. This significantly increases the cryptographic strength of the encryption keys. Then click Next to continue.",IDT_COLLECTING_RANDOM_DATA_NOTE,10,107,265,63

GROUPBOX "Current pool content (partial)",IDT_PARTIAL_POOL_CONTENTS,0,5,276,83

CONTROL "Single-boot",IDC_SINGLE_BOOT,"Button",BS_AUTORADIOBUTTON,0,7,269,10

CONTROL "Multi-boot",IDC_MULTI_BOOT,"Button",BS_AUTORADIOBUTTON,0,75,217,10

LTEXT "Select this option if there is only one operating system installed on this computer (even if it has multiple users).",IDT_SINGLE_BOOT,16,20,253,48

LTEXT "Select this option if there are two or more operating systems installed on this computer.\n\nFor example:\n- Windows XP and Windows XP\n- Windows XP and Windows Vista\n- Windows and Mac OS X\n- Windows and Linux\n- Windows, Linux and Mac OS X",IDT_MULTI_BOOT,16,89,253,90

END

IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

END

IDD_SYSENC_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 400, 0, 0x1

BEGIN

END

IDD_INPLACE_ENCRYPTION_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

END

IDD_SYSENC_KEYS_GEN_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

CONTROL "Display generated keys (their portions)",IDC_DISPLAY_KEYS,

"Button",BS_AUTOCHECKBOX | WS_TABSTOP,51,110,216,10

CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,100,87,163,8,WS_EX_TRANSPARENT

LTEXT "",IDC_DISK_KEY,100,95,163,8,0,WS_EX_TRANSPARENT

BEGIN

LTEXT "",IDT_SYSENC_DRIVE_ANALYSIS_INFO,0,10,267,109

CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,0,135,267,12

LTEXT "Progress:",IDT_PROGRESS,2,124,172,8

END

IDD_SYSENC_TYPE_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 400, 0, 0x1

BEGIN

END

IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,0,172,273,10,SS_NOTIFY

LTEXT "",IDC_BOX_HELP,0,2,273,166

END

IDD_DEVICE_WIPE_PAGE_DLG DIALOGEX 0, 0, 276, 193

STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD

FONT 8, "MS Shell Dlg", 0, 0, 0x0

BEGIN

EDITTEXT IDC_PIM,74,0,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER

LTEXT "",IDC_BOX_HELP,0,32,273,142

RTEXT "Volume PIM:",IDT_PIM,1,3,69,8

LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,120,3,153,8

LTEXT "Information on PIM",IDC_LINK_PIM_INFO,0,179,273,8,SS_NOTIFY

CONTROL "Display PIM",IDC_SHOW_PIM,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,74,17,196,10

END

#ifdef APSTUDIO_INVOKED

/////////////////////////////////////////////////////////////////////////////

//

// TEXTINCLUDE

//

1 TEXTINCLUDE

BEGIN

"resource.h\0"

END

IDD_INPLACE_ENCRYPTION_PAGE_DLG, DIALOG

BEGIN

RIGHTMARGIN, 267

BOTTOMMARGIN, 187

HORZGUIDE, 80

HORZGUIDE, 96

END

IDD_SYSENC_KEYS_GEN_PAGE_DLG, DIALOG

BEGIN

RIGHTMARGIN, 267

BOTTOMMARGIN, 174

HORZGUIDE, 80

HORZGUIDE, 96

END

IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG, DIALOG

BEGIN

#ifndef APSTUDIO_INVOKED

/////////////////////////////////////////////////////////////////////////////

//

// Generated from the TEXTINCLUDE 3 resource.

//

#include "..\\common\\common.rc"

/////////////////////////////////////////////////////////////////////////////

#endif // not APSTUDIO_INVOKED

#define IDC_MORE_INFO 1072

#define IDC_MORE_INFO_ON_SYS_ENCRYPTION 1073

#define IDT_COLLECTING_RANDOM_DATA_NOTE 1074

#define IDC_MORE_INFO_ON_CONTAINERS 1075

#define IDC_SINGLE_BOOT 1076

#define IDC_MULTI_BOOT 1077

#define IDT_MULTI_BOOT 1078

#define IDT_SINGLE_BOOT 1079

#define IDC_SYS_POOL_CONTENTS 1080

#define IDT_PARTIAL_POOL_CONTENTS 1081

#define IDT_RESCUE_DISK_BURN_INFO 1083

#define IDT_WIPE_MODE_INFO 1084

#define IDC_WIPE_MODE 1085

#define IDC_SELECT 1086

#define IDT_SYSENC_KEYS_GEN_INFO 1087

#define IDC_DISPLAY_KEYS 1088

#define IDC_PAUSE 1089

#define IDT_WIPE_MODE 1090

#define IDC_MORE_INFO_SYS_ENCRYPTION 1091

#define IDC_BOX_HELP_NORMAL_VOL 1092

#define IDT_PASS 1100

#define IDC_DEVICE_TRANSFORM_MODE_FORMAT 1101

#define IDC_DEVICE_TRANSFORM_MODE_INPLACE 1102

#define IDC_DRIVE_LETTER_LIST 1103

#define IDT_DRIVE_LETTER 1104

#define IDC_LINK_PIM_INFO 1105

#define IDC_SHOW_PIM 1106

#define IDC_TB 1107

#define IDC_SKIP_RESCUE_VERIFICATION 1108

#define SPARSE_FILE 1109

// Next default values for new objects

//

#ifdef APSTUDIO_INVOKED

#ifndef APSTUDIO_READONLY_SYMBOLS

#define _APS_NO_MFC 1

#define _APS_NEXT_RESOURCE_VALUE 134

#define _APS_NEXT_COMMAND_VALUE 40001

#define _APS_NEXT_CONTROL_VALUE 1110

#define _APS_NEXT_SYMED_VALUE 101

Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux

and which is governed by the 'License Agreement for Encryption for the Masses'

Modifications and additions to the original source code (contained in this file)

and all other portions of this file are Copyright (c) 2013-2017 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

code distribution packages. */

#include "Tcdefs.h"

#include <stdlib.h>

#include <limits.h>

#include <time.h>

#include <errno.h>

#include <io.h>

#include <sys/stat.h>

#include <shlobj.h>

#include "Crypto.h"

#include "cpu.h"

#include "Apidrvr.h"

#include "Dlgcode.h"

#include "Language.h"

#include "Combo.h"

#include "Registry.h"

#include "Boot/Windows/BootDefs.h"

#include "Common/Common.h"

{

SYSENC_COMMAND_NONE = 0,

SYSENC_COMMAND_RESUME,

SYSENC_COMMAND_STARTUP_SEQ_RESUME,

SYSENC_COMMAND_ENCRYPT,

SYSENC_COMMAND_DECRYPT,

SYSENC_COMMAND_CREATE_HIDDEN_OS,

SYSENC_COMMAND_CREATE_HIDDEN_OS_ELEV

};

typedef struct

{

int NumberOfSysDrives; // Number of drives that contain an operating system. -1: unknown, 1: one, 2: two or more

int MultipleSystemsOnDrive; // Multiple systems are installed on the drive where the currently running system resides. -1: unknown, 0: no, 1: yes

int BootLoaderLocation; // Boot loader (boot manager) installed in: 1: MBR/1st cylinder, 0: partition/bootsector: -1: unknown

int BootLoaderBrand; // -1: unknown, 0: Microsoft Windows, 1: any non-Windows boot manager/loader

int SystemOnBootDrive; // If the currently running operating system is installed on the boot drive. -1: unknown, 0: no, 1: yes

} SYSENC_MULTIBOOT_CFG;

#define SYSENC_PAUSE_RETRY_INTERVAL 100

volatile BOOL bHiddenOS = FALSE; /* If TRUE, we are performing or (or supposed to perform) actions relating to an operating system installed in a hidden volume (i.e., encrypting a decoy OS partition or creating the outer/hidden volume for the hidden OS). To determine or set the phase of the process, call ChangeHiddenOSCreationPhase() and DetermineHiddenOSCreationPhase()) */

BOOL bDirectSysEncMode = FALSE;

BOOL bDirectSysEncModeCommand = SYSENC_COMMAND_NONE;

BOOL DirectDeviceEncMode = FALSE;

BOOL DirectNonSysInplaceDecStartMode = FALSE;

BOOL DirectNonSysInplaceEncResumeMode = FALSE;

BOOL DirectNonSysInplaceDecResumeMode = FALSE;

BOOL DirectPromptNonSysInplaceEncResumeMode = FALSE;

BOOL DirectCreationMode = FALSE;

volatile BOOL bInPlaceDecNonSys = FALSE; /* If TRUE, existing data on a non-system partition/volume are to be decrypted in place (for system encryption, this flag is ignored) */

volatile BOOL bInPlaceEncNonSysResumed = FALSE; /* If TRUE, the wizard is supposed to resume (or has resumed) process of non-system in-place encryption/decryption. */

volatile BOOL bFirstNonSysInPlaceEncResumeDone = FALSE;

__int64 NonSysInplaceEncBytesDone = 0;

__int64 NonSysInplaceEncTotalSize = 0;

BOOL bDeviceTransformModeChoiceMade = FALSE; /* TRUE if the user has at least once manually selected the 'in-place' or 'format' option (on the 'device transform mode' page). */

int nNeedToStoreFilesOver4GB = 0; /* Whether the user wants to be able to store files larger than 4GB on the volume: -1 = Undecided or error, 0 = No, 1 = Yes */

int nVolumeEA = 1; /* Default encryption algorithm */

BOOL bSystemEncryptionInProgress = FALSE; /* TRUE when encrypting/decrypting the system partition/drive (FALSE when paused). */

BOOL bWholeSysDrive = FALSE; /* Whether to encrypt the entire system drive or just the system partition. */

#else

BOOL bWarnDeviceFormatAdvanced = FALSE;

#endif

BOOL bWarnOuterVolSuitableFileSys = TRUE;

Password volumePassword; /* User password */

Password outerVolumePassword; /* Outer volume user password */

char szVerify[MAX_PASSWORD + 1]; /* Tmp password buffer */

char szRawPassword[MAX_PASSWORD + 1]; /* Password before keyfile was applied to it */

int volumePim = 0;

int outerVolumePim = 0;

BOOL bHistoryCmdLine = FALSE; /* History control is always disabled */

BOOL ComServerMode = FALSE;

Password CmdVolumePassword = {0}; /* Password passed from command line */

int CmdVolumeEA = 0;

SYSENC_MULTIBOOT_CFG SysEncMultiBootCfg;

wchar_t SysEncMultiBootCfgOutcome [4096] = {L'N',L'/',L'A',0};

volatile int NonSysInplaceEncStatus = NONSYS_INPLACE_ENC_STATUS_NONE;

LONGLONG nAvailableFreeSpace = -1;

BOOL bIsSparseFilesSupportedByHost = FALSE;

vector <HostDevice> DeferredNonSysInPlaceEncDevices;

int iMaxPasswordLength = MAX_PASSWORD;

// specific definitions and implementation for support of resume operation

// in wait dialog mechanism

void CALLBACK ResumeInPlaceEncWaitThreadProc(void* pArg, HWND hwndDlg)

{

wchar_t szDevicePath[MAX_PATH] = {0};

RawDevicesDlgParam param;

param.devices = GetAvailableHostDevices (false, true, false);

{

int nIndex = (int) SendMessage (GetDlgItem (hwndDlg, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0);

if (nIndex == CB_ERR)

{

SetWindowText (GetDlgItem (hwndDlg, IDC_BOX_HELP), L"");

}

else

{

wchar_t name[100];

nIndex = (int) SendMessage (GetDlgItem (hwndDlg, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0);

EAGetName (name, ARRAYSIZE(name),nIndex, 0);

}

}

static void VerifySizeAndUpdate (HWND hwndDlg, BOOL bUpdate)

{

BOOL bEnable = TRUE;

wchar_t szTmp[50];

__int64 lTmp;

__int64 i;

static unsigned __int64 nLastVolumeSize = 0;

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL"));

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);

UpdateWizardModeControls (hwndDlg, WizardMode);

break;

case SYSENC_TYPE_PAGE:

bHiddenVolHost = bHiddenVol = bHiddenOS;

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), !bDirectSysEncMode);

SetWindowTextW (GetDlgItem (MainDlg, IDC_NEXT), GetString ("NEXT"));

SetWindowTextW (GetDlgItem (MainDlg, IDC_PREV), GetString ("PREV"));

SetWindowTextW (GetDlgItem (MainDlg, IDCANCEL), GetString ("CANCEL"));

break;

case SYSENC_HIDDEN_OS_REQ_CHECK_PAGE:

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_TITLE"));

SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_HELP"));

SetWindowTextW (GetDlgItem (MainDlg, IDC_NEXT), GetString ("NEXT"));

SetWindowTextW (GetDlgItem (MainDlg, IDC_PREV), GetString ("PREV"));

SetWindowTextW (GetDlgItem (MainDlg, IDCANCEL), GetString ("CANCEL"));

EnableWindow (GetDlgItem (MainDlg, IDC_NEXT), TRUE);

EnableWindow (GetDlgItem (MainDlg, IDC_PREV), bDirectSysEncModeCommand != SYSENC_COMMAND_CREATE_HIDDEN_OS && bDirectSysEncModeCommand != SYSENC_COMMAND_CREATE_HIDDEN_OS_ELEV);

DisableIfGpt(GetDlgItem(hwndDlg, IDC_WHOLE_SYS_DRIVE));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL"));

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);

break;

case SYSENC_PRE_DRIVE_ANALYSIS_PAGE:

Init2RadButtonPageYesNo (SysEncDetectHiddenSectors);

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYSENC_PRE_DRIVE_ANALYSIS_TITLE"));

SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_PRE_DRIVE_ANALYSIS_HELP"));

break;

case SYSENC_DRIVE_ANALYSIS_PAGE:

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), !bInPlaceEncNonSys);

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);

}

break;

case PASSWORD_PAGE:

{

wchar_t str[1000];

hPasswordInputField = GetDlgItem (hwndDlg, IDC_PASSWORD);

hVerifyPasswordInputField = GetDlgItem (hwndDlg, IDC_VERIFY);

ToNormalPwdField (hwndDlg, IDC_PASSWORD);

ToNormalPwdField (hwndDlg, IDC_VERIFY);

if (SysEncInEffect ())

{

ToBootPwdField (hwndDlg, IDC_PASSWORD);

ToBootPwdField (hwndDlg, IDC_VERIFY);

{

if (keybLayout != 0x00000409 && keybLayout != 0x04090409)

{

return 1;

}

bKeyboardLayoutChanged = TRUE;

}

if (SetTimer (MainDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)

{

Error ("CANNOT_SET_TIMER", MainDlg);

EndMainDlg (MainDlg);

return 1;

}

}

if (bHiddenVolHost)

{

StringCbCopyW (str, sizeof(str), GetString (bHiddenOS ? "PASSWORD_SYSENC_OUTERVOL_HELP" : "PASSWORD_HIDDENVOL_HOST_HELP"));

}

else if (bHiddenVol)

{

StringCbPrintfW (str, sizeof str, L"%s%s",

GetString (bHiddenOS ? "PASSWORD_HIDDEN_OS_HELP" : "PASSWORD_HIDDENVOL_HELP"),

GetString ("PASSWORD_HELP"));

}

else

{

}

SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD));

SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), str);

if (CreatingHiddenSysVol())

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PASSWORD_HIDDEN_OS_TITLE"));

else if (bHiddenVol)

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString (bHiddenVolHost ? "PASSWORD_HIDVOL_HOST_TITLE" : "PASSWORD_HIDVOL_TITLE"));

else if (WizardMode == WIZARD_MODE_SYS_DEVICE)

else

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PASSWORD_TITLE"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);

VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (GetParent (hwndDlg), IDC_NEXT),

GetDlgItem (hwndDlg, IDC_PASSWORD),

GetDlgItem (hwndDlg, IDC_VERIFY),

NULL,

NULL,

KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect());

volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);

}

break;

case PIM_PAGE:

{

SendMessage (GetDlgItem (hwndDlg, IDC_PIM), EM_LIMITTEXT, SysEncInEffect()? MAX_BOOT_PIM: MAX_PIM, 0);

if (volumePim > 0)

{

SetPim (hwndDlg, IDC_PIM, volumePim);

DisplayPortionsOfKeys (hHeaderKey, hMasterKey, HeaderKeyGUIView, MasterKeyGUIView, !showKeys);

break;

case SYSENC_RESCUE_DISK_CREATION_PAGE:

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("RESCUE_DISK"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));

SetWindowTextW (GetDlgItem (hwndDlg, IDT_RESCUE_DISK_INFO), bSystemIsGPT? GetString ("RESCUE_DISK_EFI_INFO"): GetString ("RESCUE_DISK_INFO"));

SetCheckBox (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);

SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO);

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);

break;

case SYSENC_RESCUE_DISK_BURN_PAGE:

{

wchar_t szTmp[8192];

else

{

StringCbPrintfW (szTmp, sizeof szTmp,

GetString (bDontVerifyRescueDisk ? "RESCUE_DISK_BURN_INFO_NO_CHECK" : "RESCUE_DISK_BURN_INFO"),

szRescueDiskISO, IsWindowsIsoBurnerAvailable() ? L"" : GetString ("RESCUE_DISK_BURN_INFO_NONWIN_ISO_BURNER"));

}

SetWindowTextW (GetDlgItem (hwndDlg, IDT_RESCUE_DISK_BURN_INFO), szTmp);

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);

}

break;

case SYSENC_RESCUE_DISK_VERIFIED_PAGE:

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("RESCUE_DISK_DISK_VERIFIED_TITLE"));

SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("RESCUE_DISK_VERIFIED_INFO"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);

// Prevent losing the burned rescue disk by inadvertent exit

bConfirmQuit = TRUE;

break;

case SYSENC_WIPE_MODE_PAGE:

case NONSYS_INPLACE_ENC_WIPE_MODE_PAGE:

{

}

break;

case SYSENC_PRETEST_INFO_PAGE:

if (bHiddenOS)

{

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("HIDDEN_OS_CREATION_PREINFO_TITLE"));

SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("HIDDEN_OS_CREATION_PREINFO_HELP"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("START"));

else

{

wchar_t finalMsg[8024] = {0};

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYS_ENCRYPTION_PRETEST_TITLE"));

try

{

StringCbPrintfW (finalMsg, sizeof(finalMsg),

GetString ("SYS_ENCRYPTION_PRETEST_INFO"),

}

catch (Exception &e)

{

e.Show (hwndDlg);

EndMainDlg (MainDlg);

return 0;

}

SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), finalMsg);

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("TEST"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);

break;

case SYSENC_PRETEST_RESULT_PAGE:

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYS_ENCRYPTION_PRETEST_RESULT_TITLE"));

SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYS_ENCRYPTION_PRETEST_RESULT_INFO"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("ENCRYPT"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("DEFER"));

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);

break;

case SYSENC_ENCRYPTION_PAGE:

if (CreateSysEncMutex ())

{

try

{

BootEncStatus = BootEncObj->GetStatus();

bSystemEncryptionInProgress = BootEncStatus.SetupInProgress;

catch (Exception &e)

{

e.Show (hwndDlg);

Error ("ERR_GETTING_SYSTEM_ENCRYPTION_STATUS", MainDlg);

EndMainDlg (MainDlg);

return 0;

}

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE),

GetString (SystemEncryptionStatus != SYSENC_STATUS_DECRYPTING ? "ENCRYPTION" : "DECRYPTION"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("DEFER"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));

SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT),

GetString (SystemEncryptionStatus != SYSENC_STATUS_DECRYPTING ? "ENCRYPT" : "DECRYPT"));

SetWindowTextW (GetDlgItem (hwndDlg, IDC_PAUSE),

GetString (bSystemEncryptionInProgress ? "IDC_PAUSE" : "RESUME"));

EnableWindow (GetDlgItem (hwndDlg, IDC_PAUSE), BootEncStatus.DriveEncrypted);

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), !BootEncStatus.SetupInProgress);

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);

EnableWindow (GetDlgItem (GetParent (hwndDlg), IDHELP), TRUE);

if (SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING)

{

nWipeMode = TC_WIPE_NONE;

EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE);

EnableWindow (GetDlgItem (hwndDlg, IDT_WIPE_MODE), FALSE);

PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), TRUE, TRUE, FALSE);

SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);

}

else

{

EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), !bSystemEncryptionInProgress);

PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE, FALSE);

SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);

}

PostMessage (hwndDlg, TC_APPMSG_PERFORM_POST_SYSENC_WMINIT_TASKS, 0, 0);

}

else

{

Error ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", MainDlg);

EndMainDlg (MainDlg);

return 0;

}

return 0;

case WM_HELP:

OpenPageHelp (GetParent (hwndDlg), nCurPageNo);

return 1;

case TC_APPMSG_PERFORM_POST_SYSENC_WMINIT_TASKS:

AfterSysEncProgressWMInitTasks (hwndDlg);

return 1;

case WM_CTLCOLORSTATIC:

{

if (PimValueChangedWarning && ((HWND)lParam == GetDlgItem(hwndDlg, IDC_PIM_HELP)) )

{

// we're about to draw the static

// set the text colour in (HDC)lParam

SetBkMode((HDC)wParam,TRANSPARENT);

SetTextColor((HDC)wParam, RGB(255,0,0));

// NOTE: per documentation as pointed out by selbie, GetSolidBrush would leak a GDI handle.

return (BOOL)GetSysColorBrush(COLOR_MENU);

}

}

bHiddenVol = FALSE;

bHiddenVolHost = FALSE;

return 1;

case IDC_HIDDEN_SYSENC_INFO_LINK:

Applink ("hiddensysenc");

return 1;

}

}

if (nCurPageNo == SYSENC_HIDDEN_OS_REQ_CHECK_PAGE && lw == IDC_HIDDEN_SYSENC_INFO_LINK)

{

Applink ("hiddensysenc");

return 1;

}

if (nCurPageNo == SYSENC_SPAN_PAGE)

{

switch (lw)

{

}

if (hw == EN_CHANGE && nCurPageNo == SIZE_PAGE)

{

VerifySizeAndUpdate (hwndDlg, FALSE);

return 1;

}

if (hw == EN_CHANGE && nCurPageNo == PASSWORD_PAGE)

{

volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);

return 1;

}

if (hw == EN_CHANGE && nCurPageNo == PIM_PAGE)

{

if (lw == IDC_PIM)

{

if(GetPim (hwndDlg, IDC_PIM, 0) != 0)

{

PimValueChangedWarning = TRUE;

HandleShowPasswordFieldAction (hwndDlg, IDC_SHOW_PASSWORD, IDC_PASSWORD, IDC_VERIFY);

return 1;

}

if (lw == IDC_SHOW_PIM && nCurPageNo == PIM_PAGE)

{

HandleShowPasswordFieldAction (hwndDlg, IDC_SHOW_PIM, IDC_PIM, 0);

return 1;

}

if (lw == IDC_PIM_ENABLE)

{

PimEnable = GetCheckBox (hwndDlg, IDC_PIM_ENABLE);

if (!PimEnable)

volumePim = 0;

if (nCurPageNo == HIDDEN_VOL_HOST_PASSWORD_PAGE

|| nCurPageNo == NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE

)

{

ShowWindow (GetDlgItem( hwndDlg, IDC_PIM_ENABLE), PimEnable? SW_HIDE : SW_SHOW);

}

if ( hw == EN_CHANGE )

{

GetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO, sizeof(szRescueDiskISO));

EnableWindow (GetDlgItem (MainDlg, IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));

return 1;

}

}

{

}

if ((nCurPageNo == SYSENC_WIPE_MODE_PAGE

|| nCurPageNo == NONSYS_INPLACE_ENC_WIPE_MODE_PAGE

|| nCurPageNo == DEVICE_WIPE_MODE_PAGE)

&& hw == CBN_SELCHANGE)

{

nWipeMode = (WipeAlgorithmId) SendMessage (GetDlgItem (hCurPage, IDC_WIPE_MODE),

CB_GETITEMDATA,

SendMessage (GetDlgItem (hCurPage, IDC_WIPE_MODE), CB_GETCURSEL, 0, 0),

{

exit (1);

}

volTransformThreadFunction (hwndDlg);

exit (bOperationSuccess? 0 : 1);

}

SHGetFolderPath (NULL, CSIDL_MYDOCUMENTS, NULL, 0, szRescueDiskISO);

if (IsOSAtLeast (WIN_VISTA))

{

// Availability of in-place encryption (which is pre-selected by default whenever

// possible) makes partition-hosted volume creation safer.

bWarnDeviceFormatAdvanced = FALSE;

}

#ifdef _DEBUG

// For faster testing

StringCchCopyA (szVerify, ARRAYSIZE(szVerify), "q");

{

// Keyboard layout is not standard US

WipePasswordsAndKeyfiles (true);

SetPassword (hCurPage, IDC_PASSWORD, szRawPassword);

SetPassword (hCurPage, IDC_VERIFY, szVerify);

keybLayout = (DWORD) LoadKeyboardLayout (L"00000409", KLF_ACTIVATE);

if (keybLayout != 0x00000409 && keybLayout != 0x04090409)

{

KillTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD);

Error ("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", MainDlg);

EndMainDlg (MainDlg);

return 1;

}

bKeyboardLayoutChanged = TRUE;

wchar_t szTmp [4096];

StringCbCopyW (szTmp, sizeof(szTmp), GetString ("KEYB_LAYOUT_CHANGE_PREVENTED"));

StringCbCatW (szTmp, sizeof(szTmp), L"\n\n");

StringCbCatW (szTmp, sizeof(szTmp), GetString ("KEYB_LAYOUT_SYS_ENC_EXPLANATION"));

MessageBoxW (MainDlg, szTmp, lpszTitle, MB_ICONWARNING | MB_SETFOREGROUND | MB_TOPMOST);

{

}

}

}

return 1;

case TIMER_ID_SYSENC_DRIVE_ANALYSIS_PROGRESS:

if (bSysEncDriveAnalysisInProgress)

{

UpdateProgressBarProc (GetTickCount() - SysEncDriveAnalysisStart);

if (GetTickCount() - SysEncDriveAnalysisStart > SYSENC_DRIVE_ANALYSIS_ETA)

{

// It's taking longer than expected -- reinit the progress bar

SysEncDriveAnalysisStart = GetTickCount ();

}

EndMainDlg (hwndDlg);

return 1;

case WM_COMMAND:

if (lw == IDHELP)

{

return 1;

}

else if (lw == IDCANCEL)

{

PostMessage (hwndDlg, TC_APPMSG_FORMAT_USER_QUIT, 0, 0);

return 1;

}

else if (lw == IDC_NEXT)

{

if (nCurPageNo == INTRO_PAGE)

}

else if (nCurPageNo == SYSENC_TYPE_PAGE)

{

if (bHiddenOS)

{

bWholeSysDrive = FALSE;

bHiddenVolDirect = FALSE;

}

if (!bHiddenOS)

}

else if (nCurPageNo == SYSENC_HIDDEN_OS_REQ_CHECK_PAGE)

{

WaitCursor ();

try

{

BootEncObj->CheckRequirementsHiddenOS ();

if (CheckGapBetweenSysAndHiddenOS ())

Warning ("GAP_BETWEEN_SYS_AND_HIDDEN_OS_PARTITION", MainDlg);

return 1;

}

}

if (!(bHiddenVolDirect && bHiddenVolHost))

nNewPageNo = PASSWORD_PAGE - 1;

}

else if (nCurPageNo == PASSWORD_PAGE)

{

VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (MainDlg, IDC_NEXT),

GetDlgItem (hCurPage, IDC_PASSWORD),

GetDlgItem (hCurPage, IDC_VERIFY),

volumePassword.Text,

szVerify,

KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect());

volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);

if (volumePassword.Length > 0)

{

// Password character encoding

if (SysEncInEffect () && !CheckPasswordCharEncoding (GetDlgItem (hCurPage, IDC_PASSWORD), NULL))

{

Error ("UNSUPPORTED_CHARS_IN_PWD", hwndDlg);

return 1;

}

else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, 0, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, FALSE, FALSE))

{

return 1;

}

}

// Store the password in case we need to restore it after keyfile is applied to it

if (!GetPassword (hCurPage, IDC_PASSWORD, szRawPassword, iMaxPasswordLength + 1, FALSE, TRUE))

return 1;

KillTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD);

if (bKeyboardLayoutChanged)

{

// Restore the original keyboard layout

if (LoadKeyboardLayout (OrigKeyboardLayout, KLF_ACTIVATE | KLF_SUBSTITUTE_OK) == NULL)

Warning ("CANNOT_RESTORE_KEYBOARD_LAYOUT", hwndDlg);

else

bKeyboardLayoutChanged = FALSE;

}

}

if (!PimEnable)

{

// PIM not activated. Skip PIM page

nNewPageNo = PIM_PAGE;

volumePim = 0;

if (!CreatingHiddenSysVol() && bHiddenVol && !bHiddenVolHost)

{

if ( (volumePim == outerVolumePim)

&& (volumePassword.Length == outerVolumePassword.Length)

&& (0 == memcmp (volumePassword.Text, outerVolumePassword.Text, volumePassword.Length))

)

{

Warning ("HIDDEN_CREDS_SAME_AS_OUTER", hwndDlg);

return 1;

}

}

if (bInPlaceEncNonSys)

{

nNewPageNo = NONSYS_INPLACE_ENC_RAND_DATA_PAGE - 1; // Skip irrelevant pages

}

else if (WizardMode != WIZARD_MODE_SYS_DEVICE

&& !FileSize4GBLimitQuestionNeeded ()

|| CreatingHiddenSysVol()) // If we're creating a hidden volume for a hidden OS, we don't need to format it with any filesystem (the entire OS will be copied to the hidden volume sector by sector).

{

nNewPageNo = FORMAT_PAGE - 1; // Skip irrelevant pages

}

}

}

else if (nCurPageNo == PIM_PAGE)

{

volumePim = GetPim (hCurPage, IDC_PIM, 0);

if (!SysEncInEffect() && (volumePim > MAX_PIM_VALUE))

{

SetFocus (GetDlgItem(hCurPage, IDC_PIM));

Error ("PIM_TOO_BIG", hwndDlg);

if (volumePassword.Length > 0)

{

// Password character encoding

if (SysEncInEffect() && (volumePim > MAX_BOOT_PIM_VALUE))

{

SetFocus (GetDlgItem(hCurPage, IDC_PIM));

Error ("PIM_SYSENC_TOO_BIG", hwndDlg);

return 1;

}

// Check password length (check also done for outer volume which is not the case in TrueCrypt).

{

return 1;

}

}

if (bInPlaceEncNonSys)

{

nNewPageNo = NONSYS_INPLACE_ENC_RAND_DATA_PAGE - 1; // Skip irrelevant pages

}

else if (WizardMode != WIZARD_MODE_SYS_DEVICE

&& !FileSize4GBLimitQuestionNeeded ()

|| CreatingHiddenSysVol()) // If we're creating a hidden volume for a hidden OS, we don't need to format it with any filesystem (the entire OS will be copied to the hidden volume sector by sector).

{

nNewPageNo = FORMAT_PAGE - 1; // Skip irrelevant pages

}

}

else if (nCurPageNo == HIDDEN_VOL_HOST_PASSWORD_PAGE

|| nCurPageNo == NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE)

{

WaitCursor ();

if (!GetPassword (hCurPage, IDC_PASSWORD_DIRECT, (char*) volumePassword.Text, iMaxPasswordLength + 1, FALSE, TRUE))

{

NormalCursor ();

return 1;

}

else if (lw == IDC_PREV)

{

if (nCurPageNo == SYSENC_SPAN_PAGE)

{

// Skip irrelevant pages when going back

if (!bHiddenOS)

nNewPageNo = SYSENC_TYPE_PAGE + 1;

}

if (nCurPageNo == SYSENC_MULTI_BOOT_MODE_PAGE)

{

// Skip the drive analysis page(s) or other irrelevant pages when going back

if (bHiddenOS)

nNewPageNo = SYSENC_HIDDEN_OS_REQ_CHECK_PAGE + 1;

else if (bWholeSysDrive)

nNewPageNo = SYSENC_PRE_DRIVE_ANALYSIS_PAGE + 1;

else

nNewPageNo = SYSENC_SPAN_PAGE + 1;

}

szVerify,

KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect ());

volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);

nNewPageNo = SIZE_PAGE + 1; // Skip the hidden volume host password page

if (SysEncInEffect ())

{

KillTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD);

if (bKeyboardLayoutChanged)

{

// Restore the original keyboard layout

if (LoadKeyboardLayout (OrigKeyboardLayout, KLF_ACTIVATE | KLF_SUBSTITUTE_OK) == NULL)

Warning ("CANNOT_RESTORE_KEYBOARD_LAYOUT", hwndDlg);

else

bKeyboardLayoutChanged = FALSE;

DISK_GEOMETRY_EX geometry;

if (!GetDriveGeometry (szDiskFile, &geometry))

{

handleWin32Error (MainDlg, SRC_POS);

AbortProcessSilent();

}

return geometry.Geometry.BytesPerSector;

}

extern __int64 NonSysInplaceEncBytesDone;

extern __int64 NonSysInplaceEncTotalSize;

extern int nPbar;

extern volatile int WizardMode;

extern volatile BOOL bInPlaceEncNonSysResumed;

extern wchar_t HeaderKeyGUIView [KEY_GUI_VIEW_SIZE];

extern wchar_t MasterKeyGUIView [KEY_GUI_VIEW_SIZE];

extern volatile int NonSysInplaceEncStatus;

#ifdef __cplusplus

}

#endif

</Component>

<Component Id="cmpB313B00E647A121B2CBE47F3048A18A7" Guid="{5985576D-6F6C-4D96-9B3E-9E0961CF9FAF}">

<File Id="fil2EB5F87C05CCC55D3964D595C85EF19E" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Release Notes.html" DiskId="1" />

</Component>

<Component Id="cmp400428F6494DE58618E3B92539548C39" Guid="{0A1869ED-25F1-4430-97A5-4C6EA8CDA7FC}">

<File Id="filEDEDEF956F04F36B4163989F9AB9285F" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Removable Medium Volume.html" DiskId="1" />

</Component>

<Component Id="cmpFB2313AB16EF2467366ED136C0E61CE6" Guid="{CFEC9559-9F85-46C6-9E98-AEBB573B96FE}">

<File Id="filE496203C4727FDF47F8352CB9722A8C7" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Removing Encryption.html" DiskId="1" />

</Component>

<Component Id="cmpB4C7B1A7A3EC0CB2DE805AC5CC5FC0D7" Guid="{4534E8B2-114E-4173-AE3E-75E0D96EB573}">

<File Id="fil8CFD1CFDCBE261B6F91D9E587F8720C0" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Security Model.html" DiskId="1" />

</Component>

<Component Id="cmp00540BF93A805E0B9996945B61E1BC2F" Guid="{1D5B7A85-87F3-45AF-9C09-BA7E088A835D}">

<File Id="filA7A29851126AC571C090BB0FBEE83CB5" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Security Requirements and Precautions.html" DiskId="1" />

</Component>

<Component Id="cmp4C46C6668AD830D543AFE593D51676B3" Guid="{4CD21E9D-243F-4A58-A535-AA8EF9D2BFD1}">

<File Id="fil440C5158A3CD96689918C976DC917325" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Security Requirements for Hidden Volumes.html" DiskId="1" />

</Component>

<Component Id="cmp6EE914124966E3A0F695359116413DD4" Guid="{724FA79D-49BC-4075-ABF4-0C318AE39855}">

<ComponentRef Id="cmpF36A771DF9B1C4CD8E82C08A6D3D0786" />

<ComponentRef Id="cmp63F6A68C5538B45661168554BC3B93D1" />

<ComponentRef Id="cmp0158A6D8BED6391AC7150B6C6AE2A9F9" />

<ComponentRef Id="cmpDE45667E9E3CD9F800EAC1E02B57AAB7" />

<ComponentRef Id="cmp632453049391BAACDD117A40EC442743" />

<ComponentRef Id="cmpCE16E453CAD75A461B4FEBF451A51B7B" />

<ComponentRef Id="cmpC741D187A28A87BD33866C9AC09A1298" />

<ComponentRef Id="cmpB313B00E647A121B2CBE47F3048A18A7" />

<ComponentRef Id="cmp400428F6494DE58618E3B92539548C39" />

<ComponentRef Id="cmpFB2313AB16EF2467366ED136C0E61CE6" />

<ComponentRef Id="cmpB4C7B1A7A3EC0CB2DE805AC5CC5FC0D7" />

<ComponentRef Id="cmp00540BF93A805E0B9996945B61E1BC2F" />

<ComponentRef Id="cmp4C46C6668AD830D543AFE593D51676B3" />

<ComponentRef Id="cmp6EE914124966E3A0F695359116413DD4" />

<ComponentRef Id="cmp28E29B4CA17AB51913B756CD9397EEFE" />

<ComponentRef Id="cmp5DF24509F284FABC600232197F803DE5" />

<ComponentRef Id="cmp09E31B885345FBEA1F473AF7A10FD88D" />

<ComponentRef Id="cmpAE05C79A35A43ECCAC995A711DC4D60B" />

<ComponentRef Id="cmpB6D91209A93313D08150643F1738DED8" />

<ComponentRef Id="cmpDB66E821EC13977824FB1069DF5DAA69" />

<!-- Set the ARP -->

<Custom Action="SetARPINSTALLLOCATION" After="InstallValidate"></Custom>

<!-- ScheduleReboot only after DoChecks, which sets ISREBOOTREQUIRED -->

<ScheduleReboot After="DoChecks">ISREBOOTREQUIRED = "1"</ScheduleReboot>

</InstallExecuteSequence>

</Product>