From 14a477026d6c9f3a549ba0dcc07955a8c70becfb Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 27 Nov 2019 00:13:25 +0100 Subject: Windows: compatibility with multi-OS boot configuration by only setting VeraCrypt as first bootloader of the system if the current first bootloader is Windows one. --- src/Common/BootEncryption.cpp | 23 +++++++++++++++++++++-- src/Common/Dlgcode.c | 22 +++++++++++++++------- src/Common/Dlgcode.h | 2 ++ 3 files changed, 38 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index ccf3ac2f..e9566951 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -2824,11 +2824,30 @@ namespace VeraCrypt if (setBootEntry) { + // check if first entry in BootOrder is Windows one + bool bFirstEntryIsWindows = false; + if (startOrderNumPos != 0) + { + wchar_t varName[256]; + StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, startOrder[0]); + + byte* existingVar = new byte[512]; + DWORD existingVarLen = GetFirmwareEnvironmentVariableW (varName, EfiVarGuid, existingVar, 512); + if (existingVarLen > 0) + { + if (BufferContainsWideString (existingVar, existingVarLen, L"EFI\\Microsoft\\Boot\\bootmgfw.efi")) + bFirstEntryIsWindows = true; + } + + delete [] existingVar; + } + + // Create new entry if absent if (startOrderNumPos == UINT_MAX) { if (bDeviceInfoValid) { - if (forceFirstBootEntry) + if (forceFirstBootEntry && bFirstEntryIsWindows) { for (uint32 i = startOrderLen / 2; i > 0; --i) { startOrder[i] = startOrder[i - 1]; @@ -2842,7 +2861,7 @@ namespace VeraCrypt startOrderLen += 2; startOrderUpdate = true; } - } else if ((startOrderNumPos > 0) && forceFirstBootEntry) { + } else if ((startOrderNumPos > 0) && forceFirstBootEntry && bFirstEntryIsWindows) { for (uint32 i = startOrderNumPos; i > 0; --i) { startOrder[i] = startOrder[i - 1]; } diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 376a1b29..c84e94ac 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -12685,19 +12685,16 @@ void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors) ShellExecuteW (NULL, (!IsAdmin() && IsUacSupported()) ? L"runas" : L"open", cmdPath, param, NULL, SW_SHOW); } - -BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str) +BOOL BufferContainsPattern (const byte *buffer, size_t bufferSize, const byte *pattern, size_t patternSize) { - size_t strLen = strlen (str); - - if (bufferSize < strLen) + if (bufferSize < patternSize) return FALSE; - bufferSize -= strLen; + bufferSize -= patternSize; for (size_t i = 0; i < bufferSize; ++i) { - if (memcmp (buffer + i, str, strLen) == 0) + if (memcmp (buffer + i, pattern, patternSize) == 0) return TRUE; } @@ -12705,6 +12702,17 @@ BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *st } +BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str) +{ + return BufferContainsPattern (buffer, bufferSize, (const byte*) str, strlen (str)); +} + +BOOL BufferContainsWideString (const byte *buffer, size_t bufferSize, const wchar_t *str) +{ + return BufferContainsPattern (buffer, bufferSize, (const byte*) str, 2 * wcslen (str)); +} + + #ifndef SETUP int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL *pbDecrypt) diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index f17ce22e..ff45fef6 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -509,7 +509,9 @@ BOOL InitSecurityTokenLibrary (HWND hwndDlg); BOOL FileHasReadOnlyAttribute (const wchar_t *path); BOOL IsFileOnReadOnlyFilesystem (const wchar_t *path); void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors); +BOOL BufferContainsPattern (const byte *buffer, size_t bufferSize, const byte *pattern, size_t patternSize); BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str); +BOOL BufferContainsWideString (const byte *buffer, size_t bufferSize, const wchar_t *str); int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL* pbDecrypt); BOOL RemoveDeviceWriteProtection (HWND hwndDlg, wchar_t *devicePath); void EnableElevatedCursorChange (HWND parent); -- cgit v1.2.3