// result of ZwQuerySymbolicLinkObject

// IN OUT RESOLVE_SYMLINK_STRUCT

#define TC_IOCTL_GET_RESOLVED_SYMLINK TC_IOCTL (17)

#define TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS TC_IOCTL (18)

#define TC_IOCTL_BOOT_ENCRYPTION_SETUP TC_IOCTL (19)

#define TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP TC_IOCTL (20)

#define TC_IOCTL_GET_BOOT_ENCRYPTION_SETUP_RESULT TC_IOCTL (21)

#define TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES TC_IOCTL (22)

#define TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER TC_IOCTL (23)

#define TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME TC_IOCTL (24)

#define TC_IOCTL_GET_PORTABLE_MODE_STATUS TC_IOCTL (25)

#define TC_IOCTL_SET_PORTABLE_MODE_STATUS TC_IOCTL (26)

#define TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING TC_IOCTL (27)

#define TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG TC_IOCTL (28)

#define TC_IOCTL_DISK_IS_WRITABLE TC_IOCTL (29)

#define TC_IOCTL_START_DECOY_SYSTEM_WIPE TC_IOCTL (30)

#define TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE TC_IOCTL (31)

#define TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS TC_IOCTL (32)

#define TC_IOCTL_GET_DECOY_SYSTEM_WIPE_RESULT TC_IOCTL (33)

#define TC_IOCTL_WRITE_BOOT_DRIVE_SECTOR TC_IOCTL (34)

#define TC_IOCTL_GET_WARNING_FLAGS TC_IOCTL (35)

#define TC_IOCTL_SET_SYSTEM_FAVORITE_VOLUME_DIRTY TC_IOCTL (36)

#define TC_IOCTL_REREAD_DRIVER_CONFIG TC_IOCTL (37)

#define TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG TC_IOCTL (38)

#define VC_IOCTL_GET_BOOT_LOADER_FINGERPRINT TC_IOCTL (39)

// result IOCTL_DISK_GET_DRIVE_GEOMETRY_EX

// IN OUT - DISK_GEOMETRY_EX_STRUCT

#define VC_IOCTL_GET_DRIVE_GEOMETRY_EX TC_IOCTL (40)

#define VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS TC_IOCTL (41)

#define VC_IOCTL_IS_RAM_ENCRYPTION_ENABLED TC_IOCTL (42)

// Legacy IOCTLs used before version 5.0

#define TC_IOCTL_LEGACY_GET_DRIVER_VERSION 466968

#define TC_IOCTL_LEGACY_GET_MOUNTED_VOLUMES 466948

// Undocumented IOCTL sent by Windows 10 when handling EFS data on volumes

#define IOCTL_UNKNOWN_WINDOWS10_EFS_ACCESS 0x455610D8

/* Start of driver interface structures, the size of these structures may

change between versions; so make sure you first send DRIVER_VERSION to

check that it's the correct device driver */

#pragma pack (push)

#pragma pack(1)

typedef struct

{

int nReturnCode; /* Return code back from driver */

BOOL FilesystemDirty;

BOOL VolumeMountedReadOnlyAfterAccessDenied;

BOOL VolumeMountedReadOnlyAfterDeviceWriteProtected;

wchar_t wszVolume[TC_MAX_PATH]; /* Volume to be mounted */

Password VolumePassword; /* User password */

BOOL bCache; /* Cache passwords in driver */

int nDosDriveNo; /* Drive number to mount */

uint32 BytesPerSector;

BOOL bMountReadOnly; /* Mount volume in read-only mode */

BOOL bMountRemovable; /* Mount volume as removable media */

BOOL bExclusiveAccess; /* Open host file/device in exclusive access mode */

BOOL bMountManager; /* Announce volume to mount manager */

BOOL bPreserveTimestamp; /* Preserve file container timestamp */

BOOL bPartitionInInactiveSysEncScope; /* If TRUE, we are to attempt to mount a partition located on an encrypted system drive without pre-boot authentication. */

int nPartitionInInactiveSysEncScopeDriveNo; /* If bPartitionInInactiveSysEncScope is TRUE, this contains the drive number of the system drive on which the partition is located. */

BOOL SystemFavorite;

// Hidden volume protection

byte UserConfiguration;

char CustomUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1];

} GetSystemDriveConfigurationRequest;

typedef struct

{

WipeAlgorithmId WipeAlgorithm;

CRYPTOPP_ALIGN_DATA(16) byte WipeKey[MASTER_KEYDATA_SIZE];

} WipeDecoySystemRequest;

typedef struct

{

BOOL WipeInProgress;

WipeAlgorithmId WipeAlgorithm;

int64 WipedAreaEnd;

} DecoySystemWipeStatus;

typedef struct

{

LARGE_INTEGER Offset;

byte Data[TC_SECTOR_SIZE_BIOS];

} WriteBootDriveSectorRequest;

typedef struct

{

BOOL PagingFileCreationPrevented;

BOOL SystemFavoriteVolumeDirty;

} GetWarningFlagsRequest;

typedef struct

{

struct _DriveFilterExtension *BootDriveFilterExtension;

BOOL HwEncryptionEnabled;

} GetSystemDriveDumpConfigRequest;

#pragma pack (pop)

#define DRIVER_STR WIDE

#define TC_UNIQUE_ID_PREFIX "VeraCryptVolume"

#define TC_MOUNT_PREFIX L"\\Device\\VeraCryptVolume"

#define NT_MOUNT_PREFIX DRIVER_STR("\\Device\\VeraCryptVolume")

#define NT_ROOT_PREFIX DRIVER_STR("\\Device\\VeraCrypt")

#define DOS_MOUNT_PREFIX_DEFAULT DRIVER_STR("\\DosDevices\\")

#define DOS_MOUNT_PREFIX_GLOBAL DRIVER_STR("\\GLOBAL??\\") // Use Global MS-DOS device names for sanity checks on drive letters

#define DOS_ROOT_PREFIX DRIVER_STR("\\DosDevices\\VeraCrypt")

#define WIN32_ROOT_PREFIX DRIVER_STR("\\\\.\\VeraCrypt")

#define TC_DRIVER_CONFIG_REG_VALUE_NAME DRIVER_STR("VeraCryptConfig")

#define TC_ENCRYPTION_FREE_CPU_COUNT_REG_VALUE_NAME DRIVER_STR("VeraCryptEncryptionFreeCpuCount")

#define VC_ENCRYPTION_IO_REQUEST_COUNT DRIVER_STR("VeraCryptEncryptionIoRequestCount")

#define VC_ENCRYPTION_ITEM_COUNT DRIVER_STR("VeraCryptEncryptionItemCount")

#define VC_ENCRYPTION_FRAGMENT_SIZE DRIVER_STR("VeraCryptEncryptionFragmentSize")

// WARNING: Modifying the following values can introduce incompatibility with previous versions.

#define TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD 0x1

#define TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES 0x2

#define TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS 0x4

#define TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION 0x8

#define TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL 0x10

#define TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION 0x20

#define TC_DRIVER_CONFIG_CACHE_BOOT_PIM 0x40

#define VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM 0x80

#define VC_DRIVER_CONFIG_BLOCK_SYS_TRIM 0x100

#define VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG 0x200

#define VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 0x400

#define VC_DRIVER_CONFIG_ENABLE_CPU_RNG 0x800

#define VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION 0x1000

/*

Derived from source code of TrueCrypt 7.1a, which is

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

Modifications and additions to the original source code (contained in this file)

and all other portions of this file are Copyright (c) 2013-2017 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

code distribution packages.

*/

#ifndef TC_HEADER_DRIVER_ENCRYPTED_IO_QUEUE

#define TC_HEADER_DRIVER_ENCRYPTED_IO_QUEUE

#include "TCdefs.h"

#include "Apidrvr.h"

#if 0

# define TC_TRACE_IO_QUEUE

#endif

#define TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE (256 * 1024)

#define TC_ENC_IO_QUEUE_PREALLOCATED_ITEM_COUNT 8

#define TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT 16

typedef struct EncryptedIoQueueBufferStruct

{

struct EncryptedIoQueueBufferStruct *NextBuffer;

void *Address;

ULONG Size;

BOOL InUse;

} EncryptedIoQueueBuffer;

typedef struct

{

PDEVICE_OBJECT DeviceObject;

KMUTEX BufferPoolMutex;

EncryptedIoQueueBuffer *FirstPoolBuffer;

CRYPTO_INFO *CryptoInfo;

// File-handle-based IO

HANDLE HostFileHandle;

int64 VirtualDeviceLength;

SECURITY_CLIENT_CONTEXT *SecurityClientContext;

// Filter device

BOOL IsFilterDevice;

PDEVICE_OBJECT LowerDeviceObject;

int64 EncryptedAreaStart;

volatile int64 EncryptedAreaEnd;

volatile BOOL EncryptedAreaEndUpdatePending;

BOOL RemapEncryptedArea;

int64 RemappedAreaOffset;

Irp->IoStatus.Status = ReadRegistryConfigFlags (FALSE);

Irp->IoStatus.Information = 0;

break;

case TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG:

if ( (ValidateIOBufferSize (Irp, sizeof (GetSystemDriveDumpConfigRequest), ValidateOutput))

&& (Irp->RequestorMode == KernelMode)

)

{

GetSystemDriveDumpConfigRequest *request = (GetSystemDriveDumpConfigRequest *) Irp->AssociatedIrp.SystemBuffer;

request->BootDriveFilterExtension = GetBootDriveFilterExtension();

if (IsBootDriveMounted() && request->BootDriveFilterExtension)

{

request->HwEncryptionEnabled = IsHwEncryptionEnabled();

Irp->IoStatus.Status = STATUS_SUCCESS;

Irp->IoStatus.Information = sizeof (*request);

}

else

{

Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

Irp->IoStatus.Information = 0;

}

}

break;

case VC_IOCTL_IS_RAM_ENCRYPTION_ENABLED:

if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput))

{

*(int *) Irp->AssociatedIrp.SystemBuffer = IsRamEncryptionEnabled() ? 1 : 0;

Irp->IoStatus.Information = sizeof (int);

Irp->IoStatus.Status = STATUS_SUCCESS;

}

break;

default:

return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0);

}

#if defined(DEBUG) || defined(DEBUG_TRACE)

if (!NT_SUCCESS (Irp->IoStatus.Status))

{

switch (irpSp->Parameters.DeviceIoControl.IoControlCode)

{

case TC_IOCTL_GET_MOUNTED_VOLUMES:

case TC_IOCTL_GET_PASSWORD_CACHE_STATUS:

case TC_IOCTL_GET_PORTABLE_MODE_STATUS:

case TC_IOCTL_SET_PORTABLE_MODE_STATUS:

case TC_IOCTL_OPEN_TEST:

case TC_IOCTL_GET_RESOLVED_SYMLINK:

case TC_IOCTL_GET_DRIVE_PARTITION_INFO:

case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES:

case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS:

case TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING:

break;

default:

Dump ("IOCTL error 0x%08x\n", Irp->IoStatus.Status);

}

}

#endif

return TCCompleteIrp (Irp, Irp->IoStatus.Status, Irp->IoStatus.Information);

}

NTSTATUS TCStartThread (PKSTART_ROUTINE threadProc, PVOID threadArg, PKTHREAD *kThread)

{

return TCStartThreadInProcess (threadProc, threadArg, kThread, NULL);

TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME);

TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_SETUP_RESULT);

TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS);

TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_LOADER_VERSION);

TC_CASE_RET_NAME (TC_IOCTL_GET_DECOY_SYSTEM_WIPE_RESULT);

TC_CASE_RET_NAME (TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS);

TC_CASE_RET_NAME (TC_IOCTL_GET_DEVICE_REFCOUNT);

TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVE_GEOMETRY);

TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVE_PARTITION_INFO);

TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVER_VERSION);

TC_CASE_RET_NAME (TC_IOCTL_GET_MOUNTED_VOLUMES);

TC_CASE_RET_NAME (TC_IOCTL_GET_PASSWORD_CACHE_STATUS);

TC_CASE_RET_NAME (TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG);

TC_CASE_RET_NAME (TC_IOCTL_GET_PORTABLE_MODE_STATUS);

TC_CASE_RET_NAME (TC_IOCTL_SET_PORTABLE_MODE_STATUS);

TC_CASE_RET_NAME (TC_IOCTL_GET_RESOLVED_SYMLINK);

TC_CASE_RET_NAME (TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG);

TC_CASE_RET_NAME (TC_IOCTL_GET_VOLUME_PROPERTIES);

TC_CASE_RET_NAME (TC_IOCTL_GET_WARNING_FLAGS);

TC_CASE_RET_NAME (TC_IOCTL_DISK_IS_WRITABLE);

TC_CASE_RET_NAME (TC_IOCTL_IS_ANY_VOLUME_MOUNTED);

TC_CASE_RET_NAME (TC_IOCTL_IS_DRIVER_UNLOAD_DISABLED);

TC_CASE_RET_NAME (TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING);

TC_CASE_RET_NAME (TC_IOCTL_MOUNT_VOLUME);

TC_CASE_RET_NAME (TC_IOCTL_OPEN_TEST);

TC_CASE_RET_NAME (TC_IOCTL_PROBE_REAL_DRIVE_SIZE);

TC_CASE_RET_NAME (TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER);

TC_CASE_RET_NAME (TC_IOCTL_REREAD_DRIVER_CONFIG);

TC_CASE_RET_NAME (TC_IOCTL_SET_SYSTEM_FAVORITE_VOLUME_DIRTY);

TC_CASE_RET_NAME (TC_IOCTL_START_DECOY_SYSTEM_WIPE);

TC_CASE_RET_NAME (TC_IOCTL_WIPE_PASSWORD_CACHE);

TC_CASE_RET_NAME (TC_IOCTL_WRITE_BOOT_DRIVE_SECTOR);

TC_CASE_RET_NAME (VC_IOCTL_GET_DRIVE_GEOMETRY_EX);

TC_CASE_RET_NAME (VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS);

TC_CASE_RET_NAME (VC_IOCTL_IS_RAM_ENCRYPTION_ENABLED);

TC_CASE_RET_NAME (IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS);

#undef TC_CASE_RET_NAME

}

if (ulCode == IOCTL_DISK_GET_DRIVE_GEOMETRY)

return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_GEOMETRY");

else if (ulCode == IOCTL_DISK_GET_DRIVE_GEOMETRY_EX)

return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_GEOMETRY_EX");

else if (ulCode == IOCTL_MOUNTDEV_QUERY_DEVICE_NAME)

return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_DEVICE_NAME");

else if (ulCode == IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME)

return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME");

else if (ulCode == IOCTL_MOUNTDEV_QUERY_UNIQUE_ID)

return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_UNIQUE_ID");

else if (ulCode == IOCTL_VOLUME_ONLINE)

return (LPWSTR) _T ("IOCTL_VOLUME_ONLINE");

else if (ulCode == IOCTL_MOUNTDEV_LINK_CREATED)

return (LPWSTR) _T ("IOCTL_MOUNTDEV_LINK_CREATED");

else if (ulCode == IOCTL_MOUNTDEV_LINK_DELETED)

return (LPWSTR) _T ("IOCTL_MOUNTDEV_LINK_DELETED");

else if (ulCode == IOCTL_MOUNTMGR_QUERY_POINTS)

return (LPWSTR) _T ("IOCTL_MOUNTMGR_QUERY_POINTS");

else if (ulCode == IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED)

return (LPWSTR) _T ("IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED");

else if (ulCode == IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED)

return (LPWSTR) _T ("IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED");

else if (ulCode == IOCTL_DISK_GET_LENGTH_INFO)

return (LPWSTR) _T ("IOCTL_DISK_GET_LENGTH_INFO");

else if (ulCode == IOCTL_STORAGE_GET_DEVICE_NUMBER)

return (LPWSTR) _T ("IOCTL_STORAGE_GET_DEVICE_NUMBER");

else if (ulCode == IOCTL_DISK_GET_PARTITION_INFO)

return (LPWSTR) _T ("IOCTL_DISK_GET_PARTITION_INFO");

else if (ulCode == IOCTL_DISK_GET_PARTITION_INFO_EX)

{

if (data->Type == REG_DWORD)

EncryptionThreadPoolFreeCpuCountLimit = *(uint32 *) data->Data;

TCfree (data);

}

if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_IO_REQUEST_COUNT, &data)))

{

if (data->Type == REG_DWORD)

EncryptionIoRequestCount = *(uint32 *) data->Data;

TCfree (data);

}

if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_ITEM_COUNT, &data)))

{

if (data->Type == REG_DWORD)

EncryptionItemCount = *(uint32 *) data->Data;

TCfree (data);

}

if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_FRAGMENT_SIZE, &data)))

{

if (data->Type == REG_DWORD)

EncryptionFragmentSize = *(uint32 *) data->Data;

TCfree (data);

}

if (driverEntry)

{

if (EncryptionIoRequestCount < TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT)

EncryptionIoRequestCount = TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT;

EncryptionItemCount = EncryptionIoRequestCount / 2;

/* EncryptionFragmentSize value in registry is expressed in KiB */

EncryptionFragmentSize *= 1024;

if (EncryptionFragmentSize == 0)

EncryptionFragmentSize = TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;

else if (EncryptionFragmentSize > (8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE))

EncryptionFragmentSize = 8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;

}

return status;

}

NTSTATUS WriteRegistryConfigFlags (uint32 flags)

{

UNICODE_STRING name;

RtlInitUnicodeString (&name, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\veracrypt");

return TCWriteRegistryKey (&name, TC_DRIVER_CONFIG_REG_VALUE_NAME, REG_DWORD, &flags, sizeof (flags));

}

NTSTATUS GetDeviceSectorSize (PDEVICE_OBJECT deviceObject, ULONG *bytesPerSector)

{

NTSTATUS status;

DISK_GEOMETRY geometry;

status = SendDeviceIoControlRequest (deviceObject, IOCTL_DISK_GET_DRIVE_GEOMETRY, NULL, 0, &geometry, sizeof (geometry));

if (!NT_SUCCESS (status))

return status;

*bytesPerSector = geometry.BytesPerSector;

return STATUS_SUCCESS;