From 0f3ae268a4b0dfac7090f4fbf969601a1c35c86f Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 20 Sep 2023 09:39:22 +0200 Subject: Windows: Add setting in main UI and setup wizard to disable memory protection This can be useful for users who need Accessibility software that may not work when memory protection is active in VeraCrypt --- src/Common/Dlgcode.c | 11 +++++++++-- src/Common/Dlgcode.h | 1 + src/Common/Language.xml | 1 + src/Common/Resource.h | 3 ++- src/Mount/Mount.c | 24 ++++++++++++++++++++++++ src/Mount/Mount.rc | 28 +++++++++++++++------------- src/Setup/Setup.c | 6 ++++++ src/Setup/Setup.h | 1 + src/Setup/Setup.rc | 10 ++++++---- src/Setup/Wizard.c | 4 ++++ 10 files changed, 69 insertions(+), 20 deletions(-) (limited to 'src') diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 8f357208..fb7184b4 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -32,8 +32,8 @@ #include #include #endif -#ifdef _WIN32_WINNT >= 0x0602 -#include "processthreadsapi.h"" +#if _WIN32_WINNT >= 0x0602 +#include "processthreadsapi.h" #endif #include "Resource.h" @@ -3256,6 +3256,13 @@ BOOL ReadMemoryProtectionConfig () return (config)? TRUE: FALSE; } +BOOL WriteMemoryProtectionConfig (BOOL bEnable) +{ + DWORD config = bEnable? 1: 0; + + return WriteLocalMachineRegistryDword (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config); +} + BOOL LoadSysEncSettings () { BOOL status = TRUE; diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 245df6c1..7947fcf9 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -350,6 +350,7 @@ uint32 ReadDriverConfigurationFlags (); uint32 ReadServiceConfigurationFlags (); uint32 ReadEncryptionThreadPoolFreeCpuCountLimit (); BOOL ReadMemoryProtectionConfig (); +BOOL WriteMemoryProtectionConfig (BOOL bEnable); BOOL LoadSysEncSettings (); int LoadNonSysInPlaceEncSettings (WipeAlgorithmId *wipeAlgorithm); void RemoveNonSysInPlaceEncNotifications (void); diff --git a/src/Common/Language.xml b/src/Common/Language.xml index e819be47..ddb20159 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1633,6 +1633,7 @@ Extending file system ...\n Warning: The system partition you attempted to mount was not fully encrypted. As a safety measure to prevent potential corruption or unwanted modifications, volume '%s' was mounted as read-only. Important information on using third-party file extensions + Disable memory protection in VeraCrypt diff --git a/src/Common/Resource.h b/src/Common/Resource.h index a099c655..b6ad14c0 100644 --- a/src/Common/Resource.h +++ b/src/Common/Resource.h @@ -226,6 +226,7 @@ #define IDC_DISABLE_MOUNT_MANAGER 5142 #define IDC_KEYFILES_SIZE_UNIT 5143 #define IDC_LINK_KEYFILES_EXTENSIONS_WARNING 5144 +#define IDC_DISABLE_MEMORY_PROTECTION 5145 // Next default values for new objects // @@ -234,7 +235,7 @@ #define _APS_NO_MFC 1 #define _APS_NEXT_RESOURCE_VALUE 578 #define _APS_NEXT_COMMAND_VALUE 40001 -#define _APS_NEXT_CONTROL_VALUE 5145 +#define _APS_NEXT_CONTROL_VALUE 5146 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 41672e1a..28418a44 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -11559,6 +11559,12 @@ void SetServiceConfigurationFlag (uint32 flag, BOOL state) BootEncObj->SetServiceConfigurationFlag (flag, state ? true : false); } +void SetMemoryProtectionConfig (BOOL bEnable) +{ + DWORD config = bEnable? 1: 0; + if (BootEncObj) + BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config); +} void NotifyService (DWORD dwNotifyCmd) { @@ -11611,6 +11617,8 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION), FALSE); } + CheckDlgButton (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, ReadMemoryProtectionConfig() ? BST_UNCHECKED : BST_CHECKED); + size_t cpuCount = GetCpuCount(NULL); HWND freeCpuCombo = GetDlgItem (hwndDlg, IDC_ENCRYPTION_FREE_CPU_COUNT); @@ -11670,6 +11678,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM BOOL enableExtendedIOCTL = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EXTENDED_IOCTL_SUPPORT); BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD); BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG); + BOOL bDisableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION); try { @@ -11738,6 +11747,11 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM } SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION, enableRamEncryption); + BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig(); + if(originalDisableMemoryProtection != bDisableMemoryProtection) + rebootRequired = true; + SetMemoryProtectionConfig (!bDisableMemoryProtection); + DWORD bytesReturned; if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL)) handleWin32Error (hwndDlg, SRC_POS); @@ -11832,6 +11846,16 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM } return 1; + case IDC_DISABLE_MEMORY_PROTECTION: + { + BOOL disableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION); + BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig(); + if (disableMemoryProtection != originalDisableMemoryProtection) + { + Warning ("SETTING_REQUIRES_REBOOT", hwndDlg); + } + } + return 1; case IDC_BENCHMARK: Benchmark (hwndDlg); return 1; diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index bb0e8c4e..066e8d8f 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -321,7 +321,7 @@ BEGIN DEFPUSHBUTTON "OK",IDOK,255,226,50,14 END -IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 293 +IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 300 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - Performance Options" FONT 8, "MS Shell Dlg", 400, 0, 0x1 @@ -338,20 +338,22 @@ BEGIN CONTROL "Enable extended disk control codes support",IDC_ENABLE_EXTENDED_IOCTL_SUPPORT, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,198,337,10 CONTROL "Allow TRIM command for non-system SSD partition/drive",IDC_ALLOW_TRIM_NONSYS_SSD, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,212,337,10 - PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,272,59,14 - DEFPUSHBUTTON "OK",IDOK,257,272,50,14 - PUSHBUTTON "Cancel",IDCANCEL,314,272,50,14 - LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9 - GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74 - GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93 - GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,86 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,211,337,10 CONTROL "Allow Windows Disk Defragmenter to defragment non-system partition/drive",IDC_ALLOW_WINDOWS_DEFRAG, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,226,337,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,224,337,10 CONTROL "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,240,335,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,335,10 CONTROL "Activate encryption of keys and passwords stored in RAM",IDC_ENABLE_RAM_ENCRYPTION, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,254,337,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,250,337,10 + CONTROL "Disable memory protection in VeraCrypt",IDC_DISABLE_MEMORY_PROTECTION, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,263,339,10 + PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,279,59,14 + DEFPUSHBUTTON "OK",IDOK,257,279,50,14 + PUSHBUTTON "Cancel",IDCANCEL,314,279,50,14 + LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9 + GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74 + GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93 + GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,95 END IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 368 @@ -521,7 +523,7 @@ BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 364 TOPMARGIN, 7 - BOTTOMMARGIN, 286 + BOTTOMMARGIN, 293 END IDD_FAVORITE_VOLUMES, DIALOG diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c index 2d8d940c..f757aafa 100644 --- a/src/Setup/Setup.c +++ b/src/Setup/Setup.c @@ -74,6 +74,7 @@ BOOL UnloadDriver = TRUE; BOOL bSystemRestore = TRUE; BOOL bDisableSwapFiles = FALSE; BOOL bForAllUsers = TRUE; +BOOL bDisableMemoryProtection = FALSE; BOOL bRegisterFileExt = TRUE; BOOL bAddToStartMenu = TRUE; BOOL bDesktopIcon = TRUE; @@ -2335,6 +2336,11 @@ void DoInstall (void *arg) if (bSystemRestore) SetSystemRestorePoint (hwndDlg, TRUE); + if (bOK && bDisableMemoryProtection) + { + WriteMemoryProtectionConfig(FALSE); + } + if (bOK) { UpdateProgressBarProc(100); diff --git a/src/Setup/Setup.h b/src/Setup/Setup.h index e38dd75a..d284586a 100644 --- a/src/Setup/Setup.h +++ b/src/Setup/Setup.h @@ -120,6 +120,7 @@ extern BOOL bReinstallMode; extern BOOL bSystemRestore; extern BOOL bDisableSwapFiles; extern BOOL bForAllUsers; +extern BOOL bDisableMemoryProtection; extern BOOL bRegisterFileExt; extern BOOL bAddToStartMenu; extern BOOL bDesktopIcon; diff --git a/src/Setup/Setup.rc b/src/Setup/Setup.rc index 6066d452..68ccffd0 100644 --- a/src/Setup/Setup.rc +++ b/src/Setup/Setup.rc @@ -146,12 +146,14 @@ FONT 8, "MS Shell Dlg", 0, 0, 0x0 BEGIN EDITTEXT IDC_DESTINATION,11,41,260,13,ES_AUTOHSCROLL PUSHBUTTON "Bro&wse...",IDC_BROWSE,278,40,59,14 - CONTROL "Install &for all users",IDC_ALL_USERS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,77,168,11 + CONTROL "Install &for all users",IDC_ALL_USERS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,168,11 + CONTROL "Add VeraCrypt to &Start menu",IDC_PROG_GROUP,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,80,168,11 + CONTROL "Add VeraCrypt icon to &desktop",IDC_DESKTOP_ICON,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,92,168,11 CONTROL "Associate the .hc file &extension with VeraCrypt",IDC_FILE_TYPE, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,113,232,11 - CONTROL "Add VeraCrypt to &Start menu",IDC_PROG_GROUP,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,89,168,11 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,104,232,11 + CONTROL "Disable memory protection in VeraCrypt",IDC_DISABLE_MEMORY_PROTECTION, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,115,218,10 CONTROL "Create System &Restore point",IDC_SYSTEM_RESTORE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,125,194,11 - CONTROL "Add VeraCrypt icon to &desktop",IDC_DESKTOP_ICON,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,101,168,11 LTEXT "Please select or type the location where you want to install the VeraCrypt program files. If the specified folder does not exist, it will be automatically created.",IDT_INSTALL_DESTINATION,11,14,319,25 END diff --git a/src/Setup/Wizard.c b/src/Setup/Wizard.c index 78616abe..857eb2de 100644 --- a/src/Setup/Wizard.c +++ b/src/Setup/Wizard.c @@ -685,6 +685,10 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa bForAllUsers = IsButtonChecked (GetDlgItem (hCurPage, IDC_ALL_USERS)); return 1; + case IDC_DISABLE_MEMORY_PROTECTION: + bDisableMemoryProtection = IsButtonChecked (GetDlgItem (hCurPage, IDC_DISABLE_MEMORY_PROTECTION)); + return 1; + case IDC_FILE_TYPE: bRegisterFileExt = IsButtonChecked (GetDlgItem (hCurPage, IDC_FILE_TYPE)); return 1; -- cgit v1.2.3