/Tests/

tml">Home
  • Source Code
  • Downloads
  • Documentation
  • Donate
  • Forums
  • aboutsummaryrefslogtreecommitdiff
    path: root/src/Driver/Ntdriver.c
    blob: fca2ca42ba1594f46941eb33f56fa3d8d58d3643 (plain)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142
    143
    144
    145
    146
    147
    148
    149
    150
    151
    152
    153
    154
    155
    156
    157
    158
    159
    160
    161
    162
    163
    164
    165
    166
    167
    168
    169
    170
    171
    172
    173
    174
    175
    176
    177
    178
    179
    180
    181
    182
    183
    184
    185
    186
    187
    188
    189
    190
    191
    192
    193
    194
    195
    196
    197
    198
    199
    200
    201
    202
    203
    204
    205
    206
    207
    208
    209
    210
    211
    212
    213
    214
    215
    216
    217
    218
    219
    220
    221
    222
    223
    224
    225
    226
    227
    228
    229
    230
    231
    232
    233
    234
    235
    236
    237
    238
    239
    240
    241
    242
    243
    244
    245
    246
    247
    248
    249
    250
    251
    252
    253
    254
    255
    256
    257
    258
    259
    260
    261
    262
    263
    264
    265
    266
    267
    268
    269
    270
    271
    272
    273
    274
    275
    276
    277
    278
    279
    280
    281
    282
    283
    284
    285
    286
    287
    288
    289
    290
    291
    292
    293
    294
    295
    296
    297
    298
    299
    300
    301
    302
    303
    304
    305
    306
    307
    308
    309
    310
    311
    312
    313
    314
    315
    316
    317
    318
    319
    320
    321
    322
    323
    324
    325
    326
    327
    328
    329
    330
    331
    332
    333
    334
    335
    336
    337
    338
    339
    340
    341
    342
    343
    344
    345
    346
    347
    348
    349
    350
    351
    352
    353
    354
    355
    356
    357
    358
    359
    360
    361
    362
    363
    364
    365
    366
    367
    368
    369
    370
    371
    372
    373
    374
    375
    376
    377
    378
    379
    380
    381
    382
    383
    384
    385
    386
    387
    388
    389
    390
    391
    392
    393
    394
    395
    396
    397
    398
    399
    400
    401
    402
    403
    404
    405
    406
    407
    408
    409
    410
    411
    412
    413
    414
    415
    416
    417
    418
    419
    420
    421
    422
    423
    424
    425
    426
    427
    428
    429
    430
    431
    432
    433
    434
    435
    436
    437
    438
    439
    440
    441
    442
    443
    444
    445
    446
    447
    448
    449
    450
    451
    452
    453
    454
    455
    456
    457
    458
    459
    460
    461
    462
    463
    464
    465
    466
    467
    468
    469
    470
    471
    472
    473
    474
    475
    476
    477
    478
    479
    480
    481
    482
    483
    484
    485
    486
    487
    488
    489
    490
    491
    492
    493
    494
    495
    496
    497
    498
    499
    500
    501
    502
    503
    504
    505
    506
    507
    508
    509
    510
    511
    512
    513
    514
    515
    516
    517
    518
    519
    520
    521
    522
    523
    524
    525
    526
    527
    528
    529
    530
    531
    532
    533
    534
    535
    536
    537
    538
    539
    540
    541
    542
    543
    544
    545
    546
    547
    548
    549
    550
    551
    552
    553
    554
    555
    556
    557
    558
    559
    560
    561
    562
    563
    564
    565
    566
    567
    568
    569
    570
    571
    572
    573
    574
    575
    576
    577
    578
    579
    580
    581
    582
    583
    584
    585
    586
    587
    588
    589
    590
    591
    592
    593
    594
    595
    596
    597
    598
    599
    600
    601
    602
    603
    604
    605
    606
    607
    608
    609
    610
    611
    612
    613
    614
    615
    616
    617
    618
    619
    620
    621
    622
    623
    624
    625
    626
    627
    628
    629
    630
    631
    632
    633
    634
    635
    636
    637
    638
    639
    640
    641
    642
    643
    644
    645
    646
    647
    648
    649
    650
    651
    652
    653
    654
    655
    656
    657
    658
    659
    660
    661
    662
    663
    664
    665
    666
    667
    668
    669
    670
    671
    672
    673
    674
    675
    676
    677
    678
    679
    680
    681
    682
    683
    684
    685
    686
    687
    688
    689
    690
    691
    692
    693
    694
    695
    696
    697
    698
    699
    700
    701
    702
    703
    704
    705
    706
    707
    708
    709
    710
    711
    712
    713
    714
    715
    716
    717
    718
    719
    720
    721
    722
    723
    724
    725
    726
    727
    728
    729
    730
    731
    732
    733
    734
    735
    736
    737
    738
    739
    740
    741
    742
    743
    744
    745
    746
    747
    748
    749
    750
    751
    752
    753
    754
    755
    756
    757
    758
    759
    760
    761
    762
    763
    764
    765
    766
    767
    768
    769
    770
    771
    772
    773
    774
    775
    776
    777
    778
    779
    780
    781
    782
    783
    784
    785
    786
    787
    788
    789
    790
    791
    792
    793
    794
    795
    796
    797
    798
    799
    800
    801
    802
    803
    804
    805
    806
    807
    808
    809
    810
    811
    812
    813
    814
    815
    816
    817
    818
    819
    820
    821
    822
    823
    824
    825
    826
    827
    828
    829
    830
    831
    832
    833
    834
    835
    836
    837
    838
    839
    840
    841
    842
    843
    844
    845
    846
    847
    848
    849
    850
    851
    852
    853
    854
    855
    856
    857
    858
    859
    860
    861
    862
    863
    864
    865
    866
    867
    868
    869
    870
    871
    872
    873
    874
    875
    876
    877
    878
    879
    880
    881
    882
    883
    884
    885
    886
    887
    888
    889
    890
    891
    892
    893
    894
    895
    896
    897
    898
    899
    900
    901
    902
    903
    904
    905
    906
    907
    908
    909
    910
    911
    912
    913
    914
    915
    916
    917
    918
    919
    920
    921
    922
    923
    924
    925
    926
    927
    928
    929
    930
    931
    932
    933
    934
    935
    936
    937
    938
    939
    940
    941
    942
    943
    944
    945
    946
    947
    948
    949
    950
    951
    952
    953
    954
    955
    956
    957
    958
    959
    960
    961
    962
    963
    964
    965
    966
    967
    968
    969
    970
    971
    972
    973
    974
    975
    976
    977
    978
    979
    980
    981
    982
    983
    984
    985
    986
    987
    988
    989
    990
    991
    992
    993
    994
    995
    996
    997
    998
    999
    1000
    1001
    1002
    1003
    1004
    1005
    1006
    1007
    1008
    1009
    1010
    1011
    1012
    1013
    1014
    1015
    1016
    1017
    1018
    1019
    1020
    1021
    1022
    1023
    1024
    1025
    1026
    1027
    1028
    1029
    1030
    1031
    1032
    1033
    1034
    1035
    1036
    1037
    1038
    1039
    1040
    1041
    1042
    1043
    1044
    1045
    1046
    1047
    1048
    1049
    1050
    1051
    1052
    1053
    1054
    1055
    1056
    1057
    1058
    1059
    1060
    1061
    1062
    1063
    1064
    1065
    1066
    1067
    1068
    1069
    1070
    1071
    1072
    1073
    1074
    1075
    1076
    1077
    1078
    1079
    1080
    1081
    1082
    1083
    1084
    1085
    1086
    1087
    1088
    1089
    1090
    1091
    1092
    1093
    1094
    1095
    1096
    1097
    1098
    1099
    1100
    1101
    1102
    1103
    1104
    1105
    1106
    1107
    1108
    1109
    1110
    1111
    1112
    1113
    1114
    1115
    1116
    1117
    1118
    1119
    1120
    1121
    1122
    1123
    1124
    1125
    1126
    1127
    1128
    1129
    1130
    1131
    1132
    1133
    1134
    1135
    1136
    1137
    1138
    1139
    1140
    1141
    1142
    1143
    1144
    1145
    1146
    1147
    1148
    1149
    1150
    1151
    1152
    1153
    1154
    1155
    1156
    1157
    1158
    1159
    1160
    1161
    1162
    1163
    1164
    1165
    1166
    1167
    1168
    1169
    1170
    1171
    1172
    1173
    1174
    1175
    1176
    1177
    1178
    1179
    1180
    1181
    1182
    1183
    1184
    1185
    1186
    1187
    1188
    1189
    1190
    1191
    1192
    1193
    1194
    1195
    1196
    1197
    1198
    1199
    1200
    1201
    1202
    1203
    1204
    1205
    1206
    1207
    1208
    1209
    1210
    1211
    1212
    1213
    1214
    1215
    1216
    1217
    1218
    1219
    1220
    1221
    1222
    1223
    1224
    1225
    1226
    1227
    1228
    1229
    1230
    1231
    1232
    1233
    1234
    1235
    1236
    1237
    1238
    1239
    1240
    1241
    1242
    1243
    1244
    1245
    1246
    1247
    1248
    1249
    1250
    1251
    1252
    1253
    1254
    1255
    1256
    1257
    1258
    1259
    1260
    1261
    1262
    1263
    1264
    1265
    1266
    1267
    1268
    1269
    1270
    1271
    1272
    1273
    1274
    1275
    1276
    1277
    1278
    1279
    1280
    1281
    1282
    1283
    1284
    1285
    1286
    1287
    1288
    1289
    1290
    1291
    1292
    1293
    1294
    1295
    1296
    1297
    1298
    1299
    1300
    1301
    1302
    1303
    1304
    1305
    1306
    1307
    1308
    1309
    1310
    1311
    1312
    1313
    1314
    1315
    1316
    1317
    1318
    1319
    1320
    1321
    1322
    1323
    1324
    1325
    1326
    1327
    1328
    1329
    1330
    1331
    1332
    1333
    1334
    1335
    1336
    1337
    1338
    1339
    1340
    1341
    1342
    1343
    1344
    1345
    1346
    1347
    1348
    1349
    1350
    1351
    1352
    1353
    1354
    1355
    1356
    1357
    1358
    1359
    1360
    1361
    1362
    1363
    1364
    1365
    1366
    1367
    1368
    1369
    1370
    1371
    1372
    1373
    1374
    1375
    1376
    1377
    1378
    1379
    1380
    1381
    1382
    1383
    1384
    1385
    1386
    1387
    1388
    1389
    1390
    1391
    1392
    1393
    1394
    1395
    1396
    1397
    1398
    1399
    1400
    1401
    1402
    1403
    1404
    1405
    1406
    1407
    1408
    1409
    1410
    1411
    1412
    1413
    1414
    1415
    1416
    1417
    1418
    1419
    1420
    1421
    1422
    1423
    1424
    1425
    1426
    1427
    1428
    1429
    1430
    1431
    1432
    1433
    1434
    1435
    1436
    1437
    1438
    1439
    1440
    1441
    1442
    1443
    1444
    1445
    1446
    1447
    1448
    1449
    1450
    1451
    1452
    1453
    1454
    1455
    1456
    1457
    1458
    1459
    1460
    1461
    1462
    1463
    1464
    1465
    1466
    1467
    1468
    1469
    1470
    1471
    1472
    1473
    1474
    1475
    1476
    1477
    1478
    1479
    1480
    1481
    1482
    1483
    1484
    1485
    1486
    1487
    1488
    1489
    1490
    1491
    1492
    1493
    1494
    1495
    1496
    1497
    1498
    1499
    1500
    1501
    1502
    1503
    1504
    1505
    1506
    1507
    1508
    1509
    1510
    1511
    1512
    1513
    1514
    1515
    1516
    1517
    1518
    1519
    1520
    1521
    1522
    1523
    1524
    1525
    1526
    1527
    1528
    1529
    1530
    1531
    1532
    1533
    1534
    1535
    1536
    1537
    1538
    1539
    1540
    1541
    1542
    1543
    1544
    1545
    1546
    1547
    1548
    1549
    1550
    1551
    1552
    1553
    1554
    1555
    1556
    1557
    1558
    1559
    1560
    1561
    1562
    1563
    1564
    1565
    1566
    1567
    1568
    1569
    1570
    1571
    1572
    1573
    1574
    1575
    1576
    1577
    1578
    1579
    1580
    1581
    1582
    1583
    1584
    1585
    1586
    1587
    1588
    1589
    1590
    1591
    1592
    1593
    1594
    1595
    1596
    1597
    1598
    1599
    1600
    1601
    1602
    1603
    1604
    1605
    1606
    1607
    1608
    1609
    1610
    1611
    1612
    1613
    1614
    1615
    1616
    1617
    1618
    1619
    1620
    1621
    1622
    1623
    1624
    1625
    1626
    1627
    1628
    1629
    1630
    1631
    1632
    1633
    1634
    1635
    1636
    1637
    1638
    1639
    1640
    1641
    1642
    1643
    1644
    1645
    1646
    1647
    1648
    1649
    1650
    1651
    1652
    1653
    1654
    1655
    1656
    1657
    1658
    1659
    1660
    1661
    1662
    1663
    1664
    1665
    1666
    1667
    1668
    1669
    1670
    1671
    1672
    1673
    1674
    1675
    1676
    1677
    1678
    1679
    1680
    1681
    1682
    1683
    1684
    1685
    1686
    1687
    1688
    1689
    1690
    1691
    1692
    1693
    1694
    1695
    1696
    1697
    1698
    1699
    1700
    1701
    1702
    1703
    1704
    1705
    1706
    1707
    1708
    1709
    1710
    1711
    1712
    1713
    1714
    1715
    1716
    1717
    1718
    1719
    1720
    1721
    1722
    1723
    1724
    1725
    1726
    1727
    1728
    1729
    1730
    1731
    1732
    1733
    1734
    1735
    1736
    1737
    1738
    1739
    1740
    1741
    1742
    1743
    1744
    1745
    1746
    1747
    1748
    1749
    1750
    1751
    1752
    1753
    1754
    1755
    1756
    1757
    1758
    1759
    1760
    1761
    1762
    1763
    1764
    1765
    1766
    1767
    1768
    1769
    1770
    1771
    1772
    1773
    1774
    1775
    1776
    1777
    1778
    1779
    1780
    1781
    1782
    1783
    1784
    1785
    1786
    1787
    1788
    1789
    1790
    1791
    1792
    1793
    1794
    1795
    1796
    1797
    1798
    1799
    1800
    1801
    1802
    1803
    1804
    1805
    1806
    1807
    1808
    1809
    1810
    1811
    1812
    1813
    1814
    1815
    1816
    1817
    1818
    1819
    1820
    1821
    1822
    1823
    1824
    1825
    1826
    1827
    1828
    1829
    1830
    1831
    1832
    1833
    1834
    1835
    1836
    1837
    1838
    1839
    1840
    1841
    1842
    1843
    1844
    1845
    1846
    1847
    1848
    1849
    1850
    1851
    1852
    1853
    1854
    1855
    1856
    1857
    1858
    1859
    1860
    1861
    1862
    1863
    1864
    1865
    1866
    1867
    1868
    1869
    1870
    1871
    1872
    1873
    1874
    1875
    1876
    1877
    1878
    1879
    1880
    1881
    1882
    1883
    1884
    1885
    1886
    1887
    1888
    1889
    1890
    1891
    1892
    1893
    1894
    1895
    1896
    1897
    1898
    1899
    1900
    1901
    1902
    1903
    1904
    1905
    1906
    1907
    1908
    1909
    1910
    1911
    1912
    1913
    1914
    1915
    1916
    1917
    1918
    1919
    1920
    1921
    1922
    1923
    1924
    1925
    1926
    1927
    1928
    1929
    1930
    1931
    1932
    1933
    1934
    1935
    1936
    1937
    1938
    1939
    1940
    1941
    1942
    1943
    1944
    1945
    1946
    1947
    1948
    1949
    1950
    1951
    1952
    1953
    1954
    1955
    1956
    1957
    1958
    1959
    1960
    1961
    1962
    1963
    1964
    1965
    1966
    1967
    1968
    1969
    1970
    1971
    1972
    1973
    1974
    1975
    1976
    1977
    1978
    1979
    1980
    1981
    1982
    1983
    1984
    1985
    1986
    1987
    1988
    1989
    1990
    1991
    1992
    1993
    1994
    1995
    1996
    1997
    1998
    1999
    2000
    2001
    2002
    2003
    2004
    2005
    2006
    2007
    2008
    2009
    2010
    2011
    2012
    2013
    2014
    2015
    2016
    2017
    2018
    2019
    2020
    2021
    2022
    2023
    2024
    2025
    2026
    2027
    2028
    2029
    2030
    2031
    2032
    2033
    2034
    2035
    2036
    2037
    2038
    2039
    2040
    2041
    2042
    2043
    2044
    2045
    2046
    2047
    2048
    2049
    2050
    2051
    2052
    2053
    2054
    2055
    2056
    2057
    2058
    2059
    2060
    2061
    2062
    2063
    2064
    2065
    2066
    2067
    2068
    2069
    2070
    2071
    2072
    2073
    2074
    2075
    2076
    2077
    2078
    2079
    2080
    2081
    2082
    2083
    2084
    2085
    2086
    2087
    2088
    2089
    2090
    2091
    2092
    2093
    2094
    2095
    2096
    2097
    2098
    2099
    2100
    2101
    2102
    2103
    2104
    2105
    2106
    2107
    2108
    2109
    2110
    2111
    2112
    2113
    2114
    2115
    2116
    2117
    2118
    2119
    2120
    2121
    2122
    2123
    2124
    2125
    2126
    2127
    2128
    2129
    2130
    2131
    2132
    2133
    2134
    2135
    2136
    2137
    2138
    2139
    2140
    2141
    2142
    2143
    2144
    2145
    2146
    2147
    2148
    2149
    2150
    2151
    2152
    2153
    2154
    2155
    2156
    2157
    2158
    2159
    2160
    2161
    2162
    2163
    2164
    2165
    2166
    2167
    2168
    2169
    2170
    2171
    2172
    2173
    2174
    2175
    2176
    2177
    2178
    2179
    2180
    2181
    2182
    2183
    2184
    2185
    2186
    2187
    2188
    2189
    2190
    2191
    2192
    2193
    2194
    2195
    2196
    2197
    2198
    2199
    2200
    2201
    2202
    2203
    2204
    2205
    2206
    2207
    2208
    2209
    2210
    2211
    2212
    2213
    2214
    2215
    2216
    2217
    2218
    2219
    2220
    2221
    2222
    2223
    2224
    2225
    2226
    2227
    2228
    2229
    2230
    2231
    2232
    2233
    2234
    2235
    2236
    2237
    2238
    2239
    2240
    2241
    2242
    2243
    2244
    2245
    2246
    2247
    2248
    2249
    2250
    2251
    2252
    2253
    2254
    2255
    2256
    2257
    2258
    2259
    2260
    2261
    2262
    2263
    2264
    2265
    2266
    2267
    2268
    2269
    2270
    2271
    2272
    2273
    2274
    2275
    2276
    2277
    2278
    2279
    2280
    2281
    2282
    2283
    2284
    2285
    2286
    2287
    2288
    2289
    2290
    2291
    2292
    2293
    2294
    2295
    2296
    2297
    2298
    2299
    2300
    2301
    2302
    2303
    2304
    2305
    2306
    2307
    2308
    2309
    2310
    2311
    2312
    2313
    2314
    2315
    2316
    2317
    2318
    2319
    2320
    2321
    2322
    2323
    2324
    2325
    2326
    2327
    2328
    2329
    2330
    2331
    2332
    2333
    2334
    2335
    2336
    2337
    2338
    2339
    2340
    2341
    2342
    2343
    2344
    2345
    2346
    2347
    2348
    2349
    2350
    2351
    2352
    2353
    2354
    2355
    2356
    2357
    2358
    2359
    2360
    2361
    2362
    2363
    2364
    2365
    2366
    2367
    2368
    2369
    2370
    2371
    2372
    2373
    2374
    2375
    2376
    2377
    2378
    2379
    2380
    2381
    2382
    2383
    2384
    2385
    2386
    2387
    2388
    2389
    2390
    2391
    2392
    2393
    2394
    2395
    2396
    2397
    2398
    2399
    2400
    2401
    2402
    2403
    2404
    2405
    2406
    2407
    2408
    2409
    2410
    2411
    2412
    2413
    2414
    2415
    2416
    2417
    2418
    2419
    2420
    2421
    2422
    2423
    2424
    2425
    2426
    2427
    2428
    2429
    2430
    2431
    2432
    2433
    2434
    2435
    2436
    2437
    2438
    2439
    2440
    2441
    2442
    2443
    2444
    2445
    2446
    2447
    2448
    2449
    2450
    2451
    2452
    2453
    2454
    2455
    2456
    2457
    2458
    2459
    2460
    2461
    2462
    2463
    2464
    2465
    2466
    2467
    2468
    2469
    2470
    2471
    2472
    2473
    2474
    2475
    2476
    2477
    2478
    2479
    2480
    2481
    2482
    2483
    2484
    2485
    2486
    2487
    2488
    2489
    2490
    2491
    2492
    2493
    2494
    2495
    2496
    2497
    2498
    2499
    2500
    2501
    2502
    2503
    2504
    2505
    2506
    2507
    2508
    2509
    2510
    2511
    2512
    2513
    2514
    2515
    2516
    2517
    2518
    2519
    2520
    2521
    2522
    2523
    2524
    2525
    2526
    2527
    2528
    2529
    2530
    2531
    2532
    2533
    2534
    2535
    2536
    2537
    2538
    2539
    2540
    2541
    2542
    2543
    2544
    2545
    2546
    2547
    2548
    2549
    2550
    2551
    2552
    2553
    2554
    2555
    2556
    2557
    2558
    2559
    2560
    2561
    2562
    2563
    2564
    2565
    2566
    2567
    2568
    2569
    2570
    2571
    2572
    2573
    2574
    2575
    2576
    2577
    2578
    2579
    2580
    2581
    2582
    2583
    2584
    2585
    2586
    2587
    2588
    2589
    2590
    2591
    2592
    2593
    2594
    2595
    2596
    2597
    2598
    2599
    2600
    2601
    2602
    2603
    2604
    2605
    2606
    2607
    2608
    2609
    2610
    2611
    2612
    2613
    2614
    2615
    2616
    2617
    2618
    2619
    2620
    2621
    2622
    2623
    2624
    2625
    2626
    2627
    2628
    2629
    2630
    2631
    2632
    2633
    2634
    2635
    2636
    2637
    2638
    2639
    2640
    2641
    2642
    2643
    2644
    2645
    2646
    2647
    2648
    2649
    2650
    2651
    2652
    2653
    2654
    2655
    2656
    2657
    2658
    2659
    2660
    2661
    2662
    2663
    2664
    2665
    2666
    2667
    2668
    2669
    2670
    2671
    2672
    2673
    2674
    2675
    2676
    2677
    2678
    2679
    2680
    2681
    2682
    2683
    2684
    2685
    2686
    2687
    2688
    2689
    2690
    2691
    2692
    2693
    2694
    2695
    2696
    2697
    2698
    2699
    2700
    2701
    2702
    2703
    2704
    2705
    2706
    2707
    2708
    2709
    2710
    2711
    2712
    2713
    2714
    2715
    2716
    2717
    2718
    2719
    2720
    2721
    2722
    2723
    2724
    2725
    2726
    2727
    2728
    2729
    2730
    2731
    2732
    2733
    2734
    2735
    2736
    2737
    2738
    2739
    2740
    2741
    2742
    2743
    2744
    2745
    2746
    2747
    2748
    2749
    2750
    2751
    2752
    2753
    2754
    2755
    2756
    2757
    2758
    2759
    2760
    2761
    2762
    2763
    2764
    2765
    2766
    2767
    2768
    2769
    2770
    2771
    2772
    2773
    2774
    2775
    2776
    2777
    2778
    2779
    2780
    2781
    2782
    2783
    2784
    2785
    2786
    2787
    2788
    2789
    2790
    2791
    2792
    2793
    2794
    2795
    2796
    2797
    2798
    2799
    2800
    2801
    2802
    2803
    2804
    2805
    2806
    2807
    2808
    2809
    2810
    2811
    2812
    2813
    2814
    2815
    2816
    2817
    2818
    2819
    2820
    2821
    2822
    2823
    2824
    2825
    2826
    2827
    2828
    2829
    2830
    2831
    2832
    2833
    2834
    2835
    2836
    2837
    2838
    2839
    2840
    2841
    2842
    2843
    2844
    2845
    2846
    2847
    2848
    2849
    2850
    2851
    2852
    2853
    2854
    2855
    2856
    2857
    2858
    2859
    2860
    2861
    2862
    2863
    2864
    2865
    2866
    2867
    2868
    2869
    2870
    2871
    2872
    2873
    2874
    2875
    2876
    2877
    2878
    2879
    2880
    2881
    2882
    2883
    2884
    2885
    2886
    2887
    2888
    2889
    2890
    2891
    2892
    2893
    2894
    2895
    2896
    2897
    2898
    2899
    2900
    2901
    2902
    2903
    2904
    2905
    2906
    2907
    2908
    2909
    2910
    2911
    2912
    2913
    2914
    2915
    2916
    2917
    2918
    2919
    2920
    2921
    2922
    2923
    2924
    2925
    2926
    2927
    2928
    2929
    2930
    2931
    2932
    2933
    2934
    2935
    2936
    2937
    2938
    2939
    2940
    2941
    2942
    2943
    2944
    2945
    2946
    2947
    2948
    2949
    2950
    2951
    2952
    2953
    2954
    2955
    2956
    2957
    2958
    2959
    2960
    2961
    2962
    2963
    2964
    2965
    2966
    2967
    2968
    2969
    2970
    2971
    2972
    2973
    2974
    2975
    2976
    2977
    2978
    2979
    2980
    2981
    2982
    2983
    2984
    2985
    2986
    2987
    2988
    2989
    2990
    2991
    2992
    2993
    2994
    2995
    2996
    2997
    2998
    2999
    3000
    3001
    3002
    3003
    3004
    3005
    3006
    3007
    3008
    3009
    3010
    3011
    3012
    3013
    3014
    3015
    3016
    3017
    3018
    3019
    3020
    3021
    3022
    3023
    3024
    3025
    3026
    3027
    3028
    3029
    3030
    3031
    3032
    3033
    3034
    3035
    3036
    3037
    3038
    3039
    3040
    3041
    3042
    3043
    3044
    3045
    3046
    3047
    3048
    3049
    3050
    3051
    3052
    3053
    3054
    3055
    3056
    3057
    3058
    3059
    3060
    3061
    3062
    3063
    3064
    3065
    3066
    3067
    3068
    3069
    3070
    3071
    3072
    3073
    3074
    3075
    3076
    3077
    3078
    3079
    3080
    3081
    3082
    3083
    3084
    3085
    3086
    3087
    3088
    3089
    3090
    3091
    3092
    3093
    3094
    3095
    3096
    3097
    3098
    3099
    3100
    3101
    3102
    3103
    3104
    3105
    3106
    3107
    3108
    3109
    3110
    3111
    3112
    3113
    3114
    3115
    3116
    3117
    3118
    3119
    3120
    3121
    3122
    3123
    3124
    3125
    3126
    3127
    3128
    3129
    3130
    3131
    3132
    3133
    3134
    3135
    3136
    3137
    3138
    3139
    3140
    3141
    3142
    3143
    3144
    3145
    3146
    3147
    3148
    3149
    3150
    3151
    3152
    3153
    3154
    3155
    3156
    3157
    3158
    3159
    3160
    3161
    3162
    3163
    3164
    3165
    3166
    3167
    3168
    3169
    3170
    3171
    3172
    3173
    3174
    3175
    3176
    3177
    3178
    3179
    3180
    3181
    3182
    3183
    3184
    3185
    3186
    3187
    3188
    3189
    3190
    3191
    3192
    3193
    3194
    3195
    3196
    3197
    3198
    3199
    3200
    3201
    3202
    3203
    3204
    3205
    3206
    3207
    3208
    3209
    3210
    3211
    3212
    3213
    3214
    3215
    3216
    3217
    3218
    3219
    3220
    3221
    3222
    3223
    3224
    3225
    3226
    3227
    3228
    3229
    3230
    3231
    3232
    3233
    3234
    3235
    3236
    3237
    3238
    3239
    3240
    3241
    3242
    3243
    3244
    3245
    3246
    3247
    3248
    3249
    3250
    3251
    3252
    3253
    3254
    3255
    3256
    3257
    3258
    3259
    3260
    3261
    3262
    3263
    3264
    3265
    3266
    3267
    3268
    3269
    3270
    3271
    3272
    3273
    3274
    3275
    3276
    3277
    3278
    3279
    3280
    3281
    3282
    3283
    3284
    3285
    3286
    3287
    3288
    3289
    3290
    3291
    3292
    3293
    3294
    3295
    3296
    3297
    3298
    3299
    3300
    3301
    3302
    3303
    3304
    3305
    3306
    3307
    3308
    3309
    3310
    3311
    3312
    3313
    3314
    3315
    3316
    3317
    3318
    3319
    3320
    3321
    3322
    3323
    3324
    3325
    3326
    3327
    3328
    3329
    3330
    3331
    3332
    3333
    3334
    3335
    3336
    3337
    3338
    3339
    3340
    3341
    3342
    3343
    3344
    3345
    3346
    3347
    3348
    3349
    3350
    3351
    3352
    3353
    3354
    3355
    3356
    3357
    3358
    3359
    3360
    3361
    3362
    3363
    3364
    3365
    3366
    3367
    3368
    3369
    3370
    3371
    3372
    3373
    3374
    3375
    3376
    3377
    3378
    3379
    3380
    3381
    3382
    3383
    3384
    3385
    3386
    3387
    3388
    3389
    3390
    3391
    3392
    3393
    3394
    3395
    3396
    3397
    3398
    3399
    3400
    3401
    3402
    3403
    3404
    3405
    3406
    3407
    3408
    3409
    3410
    3411
    3412
    3413
    3414
    3415
    3416
    3417
    3418
    3419
    3420
    3421
    3422
    3423
    3424
    3425
    3426
    3427
    3428
    3429
    3430
    3431
    3432
    3433
    3434
    3435
    3436
    3437
    3438
    3439
    3440
    3441
    3442
    3443
    3444
    3445
    3446
    3447
    3448
    3449
    3450
    3451
    3452
    3453
    3454
    3455
    3456
    3457
    3458
    3459
    3460
    3461
    3462
    3463
    3464
    3465
    3466
    3467
    3468
    3469
    3470
    3471
    3472
    3473
    3474
    3475
    3476
    3477
    3478
    3479
    3480
    3481
    3482
    3483
    3484
    3485
    3486
    3487
    3488
    3489
    3490
    3491
    3492
    3493
    3494
    3495
    3496
    3497
    3498
    3499
    3500
    3501
    3502
    3503
    3504
    3505
    3506
    3507
    3508
    3509
    3510
    3511
    3512
    3513
    3514
    3515
    3516
    3517
    3518
    3519
    3520
    3521
    3522
    3523
    3524
    3525
    3526
    3527
    3528
    3529
    3530
    3531
    3532
    3533
    3534
    3535
    3536
    3537
    3538
    3539
    3540
    3541
    3542
    3543
    3544
    3545
    3546
    3547
    3548
    3549
    3550
    3551
    3552
    3553
    3554
    3555
    3556
    3557
    3558
    3559
    3560
    3561
    3562
    3563
    3564
    3565
    3566
    3567
    3568
    3569
    3570
    3571
    3572
    3573
    3574
    3575
    3576
    3577
    3578
    3579
    3580
    3581
    3582
    3583
    3584
    3585
    3586
    3587
    3588
    3589
    3590
    3591
    3592
    3593
    3594
    3595
    3596
    3597
    3598
    3599
    3600
    3601
    3602
    3603
    3604
    3605
    3606
    3607
    3608
    3609
    3610
    3611
    3612
    3613
    3614
    3615
    3616
    3617
    3618
    3619
    3620
    3621
    3622
    3623
    3624
    3625
    3626
    3627
    3628
    3629
    3630
    3631
    3632
    3633
    3634
    3635
    3636
    3637
    3638
    3639
    3640
    3641
    3642
    3643
    3644
    3645
    3646
    3647
    3648
    3649
    3650
    3651
    3652
    3653
    3654
    3655
    3656
    3657
    3658
    3659
    3660
    3661
    3662
    3663
    3664
    3665
    3666
    3667
    3668
    3669
    3670
    3671
    3672
    3673
    3674
    3675
    3676
    3677
    3678
    3679
    3680
    3681
    3682
    3683
    3684
    3685
    3686
    3687
    3688
    3689
    3690
    3691
    3692
    3693
    3694
    3695
    3696
    3697
    3698
    3699
    3700
    3701
    3702
    3703
    3704
    3705
    3706
    3707
    3708
    3709
    3710
    3711
    3712
    3713
    3714
    3715
    3716
    3717
    3718
    3719
    3720
    3721
    3722
    3723
    3724
    3725
    3726
    3727
    3728
    3729
    3730
    3731
    3732
    3733
    3734
    3735
    3736
    3737
    3738
    3739
    3740
    3741
    3742
    3743
    3744
    3745
    3746
    3747
    3748
    3749
    3750
    3751
    3752
    3753
    3754
    3755
    3756
    3757
    3758
    3759
    3760
    3761
    3762
    3763
    3764
    3765
    3766
    3767
    3768
    3769
    3770
    3771
    3772
    3773
    3774
    3775
    3776
    3777
    3778
    3779
    3780
    3781
    3782
    3783
    3784
    3785
    3786
    3787
    3788
    3789
    3790
    3791
    3792
    3793
    3794
    3795
    3796
    3797
    3798
    3799
    3800
    3801
    3802
    3803
    3804
    3805
    3806
    3807
    3808
    3809
    3810
    3811
    3812
    3813
    3814
    3815
    3816
    3817
    3818
    3819
    3820
    3821
    3822
    3823
    3824
    3825
    3826
    3827
    3828
    3829
    3830
    3831
    3832
    3833
    3834
    3835
    3836
    3837
    3838
    3839
    3840
    3841
    3842
    3843
    3844
    3845
    3846
    3847
    3848
    3849
    3850
    3851
    3852
    3853
    3854
    3855
    3856
    3857
    3858
    3859
    3860
    3861
    3862
    3863
    3864
    3865
    3866
    3867
    3868
    3869
    3870
    3871
    3872
    3873
    3874
    3875
    3876
    3877
    3878
    3879
    3880
    3881
    3882
    3883
    3884
    3885
    3886
    3887
    3888
    3889
    3890
    3891
    3892
    3893
    3894
    3895
    3896
    3897
    3898
    3899
    3900
    3901
    3902
    3903
    3904
    3905
    3906
    3907
    3908
    3909
    3910
    3911
    3912
    3913
    3914
    3915
    3916
    3917
    3918
    3919
    3920
    3921
    3922
    3923
    3924
    3925
    3926
    3927
    3928
    3929
    3930
    3931
    3932
    3933
    3934
    3935
    3936
    3937
    3938
    3939
    3940
    3941
    3942
    3943
    3944
    3945
    3946
    3947
    3948
    3949
    3950
    3951
    3952
    3953
    3954
    3955
    3956
    3957
    3958
    3959
    3960
    3961
    3962
    3963
    3964
    3965
    3966
    3967
    3968
    3969
    3970
    3971
    3972
    3973
    3974
    3975
    3976
    3977
    3978
    3979
    3980
    3981
    3982
    3983
    3984
    3985
    3986
    3987
    3988
    3989
    3990
    3991
    3992
    3993
    3994
    3995
    3996
    3997
    3998
    3999
    4000
    4001
    4002
    4003
    4004
    4005
    4006
    4007
    4008
    4009
    4010
    4011
    4012
    4013
    4014
    4015
    4016
    4017
    4018
    4019
    4020
    4021
    4022
    4023
    4024
    4025
    4026
    4027
    4028
    4029
    4030
    4031
    4032
    4033
    4034
    4035
    4036
    4037
    4038
    4039
    4040
    4041
    4042
    4043
    4044
    4045
    4046
    4047
    4048
    4049
    4050
    4051
    4052
    4053
    4054
    4055
    4056
    4057
    4058
    4059
    4060
    4061
    4062
    4063
    4064
    4065
    4066
    4067
    4068
    4069
    4070
    4071
    4072
    4073
    4074
    4075
    4076
    4077
    4078
    4079
    4080
    4081
    4082
    4083
    4084
    4085
    4086
    4087
    4088
    4089
    4090
    4091
    4092
    4093
    4094
    4095
    4096
    4097
    4098
    4099
    4100
    4101
    4102
    4103
    4104
    4105
    4106
    4107
    4108
    4109
    4110
    4111
    4112
    4113
    4114
    4115
    4116
    4117
    4118
    4119
    4120
    4121
    4122
    4123
    4124
    4125
    4126
    4127
    4128
    4129
    4130
    4131
    4132
    4133
    4134
    4135
    4136
    4137
    4138
    4139
    4140
    4141
    4142
    4143
    4144
    4145
    4146
    4147
    4148
    4149
    4150
    4151
    4152
    4153
    4154
    4155
    4156
    4157
    4158
    4159
    4160
    4161
    4162
    4163
    4164
    4165
    4166
    4167
    4168
    4169
    4170
    4171
    4172
    4173
    4174
    4175
    4176
    4177
    4178
    4179
    4180
    4181
    4182
    4183
    4184
    4185
    4186
    4187
    4188
    4189
    4190
    4191
    4192
    4193
    4194
    4195
    4196
    4197
    4198
    4199
    4200
    4201
    4202
    4203
    4204
    4205
    4206
    4207
    4208
    4209
    4210
    4211
    4212
    4213
    4214
    4215
    4216
    4217
    4218
    4219
    4220
    4221
    4222
    4223
    4224
    4225
    4226
    4227
    4228
    4229
    4230
    4231
    4232
    4233
    4234
    4235
    4236
    4237
    4238
    4239
    4240
    4241
    4242
    4243
    4244
    4245
    4246
    4247
    4248
    4249
    4250
    4251
    4252
    4253
    4254
    4255
    4256
    4257
    4258
    4259
    4260
    4261
    4262
    4263
    4264
    4265
    4266
    4267
    4268
    4269
    4270
    4271
    4272
    4273
    4274
    4275
    4276
    4277
    4278
    4279
    4280
    4281
    4282
    4283
    4284
    4285
    4286
    4287
    4288
    4289
    4290
    4291
    4292
    4293
    4294
    4295
    4296
    4297
    4298
    4299
    4300
    4301
    4302
    4303
    4304
    4305
    4306
    4307
    4308
    4309
    4310
    4311
    4312
    4313
    4314
    4315
    4316
    4317
    4318
    4319
    4320
    4321
    4322
    4323
    4324
    4325
    4326
    4327
    4328
    4329
    4330
    4331
    4332
    4333
    4334
    4335
    4336
    4337
    4338
    4339
    4340
    4341
    4342
    4343
    4344
    4345
    4346
    4347
    4348
    4349
    4350
    4351
    4352
    4353
    4354
    4355
    4356
    4357
    4358
    4359
    4360
    4361
    4362
    4363
    4364
    4365
    4366
    4367
    4368
    4369
    4370
    4371
    4372
    4373
    4374
    4375
    4376
    4377
    4378
    4379
    4380
    4381
    4382
    4383
    4384
    4385
    4386
    4387
    4388
    4389
    4390
    4391
    4392
    4393
    4394
    4395
    4396
    4397
    4398
    4399
    4400
    4401
    4402
    4403
    4404
    4405
    4406
    4407
    4408
    4409
    4410
    4411
    4412
    4413
    4414
    4415
    4416
    4417
    4418
    4419
    4420
    4421
    4422
    4423
    4424
    4425
    4426
    4427
    4428
    4429
    4430
    4431
    4432
    4433
    4434
    4435
    4436
    4437
    4438
    4439
    4440
    4441
    4442
    4443
    4444
    4445
    4446
    4447
    4448
    4449
    4450
    4451
    4452
    4453
    4454
    4455
    4456
    4457
    4458
    4459
    4460
    
    /*
     Legal Notice: Some portions of the source code contained in this file were
     derived from the source code of TrueCrypt 7.1a, which is
     Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
     governed by the TrueCrypt License 3.0, also from the source code of
     Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
     and which is governed by the 'License Agreement for Encryption for the Masses'
     Modifications and additions to the original source code (contained in this file)
     and all other portions of this file are Copyright (c) 2013-2017 IDRIX
     and are governed by the Apache License 2.0 the full text of which is
     contained in the file License.txt included in VeraCrypt binary and source
     code distribution packages. */
    
    #include "TCdefs.h"
    #include <ntddk.h>
    #include "Crypto.h"
    #include "Fat.h"
    #include "Tests.h"
    #include "cpu.h"
    #include "Crc.h"
    
    #include "Apidrvr.h"
    #include "Boot/Windows/BootDefs.h"
    #include "EncryptedIoQueue.h"
    #include "EncryptionThreadPool.h"
    #include "Ntdriver.h"
    #include "Ntvol.h"
    #include "DriveFilter.h"
    #include "DumpFilter.h"
    #include "Cache.h"
    #include "Volumes.h"
    #include "VolumeFilter.h"
    
    #include <tchar.h>
    #include <initguid.h>
    #include <mountmgr.h>
    #include <mountdev.h>
    #include <ntddvol.h>
    
    #include <Ntstrsafe.h>
    #include <Intsafe.h>
    
    #ifndef IOCTL_DISK_GET_CLUSTER_INFO
    #define IOCTL_DISK_GET_CLUSTER_INFO				CTL_CODE(IOCTL_DISK_BASE, 0x0085, METHOD_BUFFERED, FILE_ANY_ACCESS)
    #endif
    
    #ifndef IOCTL_DISK_ARE_VOLUMES_READY
    #define IOCTL_DISK_ARE_VOLUMES_READY			CTL_CODE(IOCTL_DISK_BASE, 0x0087, METHOD_BUFFERED, FILE_READ_ACCESS)
    #endif
    
    #ifndef FT_BALANCED_READ_MODE
    #define FTTYPE  ((ULONG)'f') 
    #define FT_BALANCED_READ_MODE						CTL_CODE(FTTYPE, 6, METHOD_NEITHER,  FILE_ANY_ACCESS) 
    #endif
    
    #ifndef IOCTL_VOLUME_QUERY_ALLOCATION_HINT
    #define IOCTL_VOLUME_QUERY_ALLOCATION_HINT      CTL_CODE(IOCTL_VOLUME_BASE, 20, METHOD_OUT_DIRECT, FILE_READ_ACCESS)
    #endif
    
    #ifndef IOCTL_DISK_IS_CLUSTERED
    #define IOCTL_DISK_IS_CLUSTERED             CTL_CODE(IOCTL_DISK_BASE, 0x003e, METHOD_BUFFERED, FILE_ANY_ACCESS)
    #endif
    
    #ifndef IOCTL_VOLUME_POST_ONLINE
    #define IOCTL_VOLUME_POST_ONLINE                CTL_CODE(IOCTL_VOLUME_BASE, 25, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
    #endif
    
    #ifndef IOCTL_VOLUME_IS_DYNAMIC
    #define IOCTL_VOLUME_IS_DYNAMIC                 CTL_CODE(IOCTL_VOLUME_BASE, 18, METHOD_BUFFERED, FILE_ANY_ACCESS)
    #endif
    
    #ifndef StorageDeviceLBProvisioningProperty
    #define StorageDeviceLBProvisioningProperty 11
    #endif
    
    #ifndef DeviceDsmAction_OffloadRead
    #define DeviceDsmAction_OffloadRead       ( 3  | DeviceDsmActionFlag_NonDestructive)
    #endif
    
    #ifndef DeviceDsmAction_OffloadWrite
    #define DeviceDsmAction_OffloadWrite        4
    #endif
    
    #ifndef DeviceDsmAction_Allocation
    #define DeviceDsmAction_Allocation        ( 5  | DeviceDsmActionFlag_NonDestructive)
    #endif
    
    #ifndef DeviceDsmAction_Repair
    #define DeviceDsmAction_Repair            ( 6  | DeviceDsmActionFlag_NonDestructive)
    #endif
    
    #ifndef DeviceDsmAction_Scrub
    #define DeviceDsmAction_Scrub             ( 7  | DeviceDsmActionFlag_NonDestructive)
    #endif
    
    #ifndef DeviceDsmAction_DrtQuery
    #define DeviceDsmAction_DrtQuery          ( 8  | DeviceDsmActionFlag_NonDestructive)
    #endif
    
    #ifndef DeviceDsmAction_DrtClear
    #define DeviceDsmAction_DrtClear          ( 9  | DeviceDsmActionFlag_NonDestructive)
    #endif
    
    #ifndef DeviceDsmAction_DrtDisable
    #define DeviceDsmAction_DrtDisable        (10  | DeviceDsmActionFlag_NonDestructive)
    #endif
    
    /* Init section, which is thrown away as soon as DriverEntry returns */
    #pragma alloc_text(INIT,DriverEntry)
    #pragma alloc_text(INIT,TCCreateRootDeviceObject)
    
    /* We need to silence 'type cast' warning in order to use MmGetSystemRoutineAddress.
     * MmGetSystemRoutineAddress() should have been declare FARPROC instead of PVOID.
     */
    #pragma warning(disable:4055)
    
    PDRIVER_OBJECT TCDriverObject;
    PDEVICE_OBJECT RootDeviceObject = NULL;
    static KMUTEX RootDeviceControlMutex;
    BOOL DriverShuttingDown = FALSE;
    BOOL SelfTestsPassed;
    int LastUniqueVolumeId;
    ULONG OsMajorVersion = 0;
    ULONG OsMinorVersion;
    BOOL DriverUnloadDisabled = FALSE;
    BOOL PortableMode = FALSE;
    BOOL VolumeClassFilterRegistered = FALSE;
    BOOL CacheBootPassword = FALSE;
    BOOL CacheBootPim = FALSE;
    BOOL NonAdminSystemFavoritesAccessDisabled = FALSE;
    BOOL BlockSystemTrimCommand = FALSE;
    static size_t EncryptionThreadPoolFreeCpuCountLimit = 0;
    static BOOL SystemFavoriteVolumeDirty = FALSE;
    static BOOL PagingFileCreationPrevented = FALSE;
    static BOOL EnableExtendedIoctlSupport = FALSE;
    static BOOL AllowTrimCommand = FALSE;
    static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
    static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
    
    POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
    ULONG ExDefaultMdlProtection = 0;
    
    PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1];
    
    
    NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
    {
    	PKEY_VALUE_PARTIAL_INFORMATION startKeyValue;
    	LONG version;
    	int i;
    
    	Dump ("DriverEntry " TC_APP_NAME " " VERSION_STRING "\n");
    
    	DetectX86Features ();
    
    	PsGetVersion (&OsMajorVersion, &OsMinorVersion, NULL, NULL);
    
    	Dump ("OsMajorVersion=%d OsMinorVersion=%d\n", OsMajorVersion, OsMinorVersion);
    
    	// NX pool support is available starting from Windows 8
    	if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2))
    	{
    		ExDefaultNonPagedPoolType = (POOL_TYPE) NonPagedPoolNx;
    		ExDefaultMdlProtection = MdlMappingNoExecute;
    	}
    
    	// KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7
    	if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
    	{
    		UNICODE_STRING saveFuncName, restoreFuncName;
    		RtlInitUnicodeString(&saveFuncName, L"KeSaveExtendedProcessorState");
    		RtlInitUnicodeString(&restoreFuncName, L"KeRestoreExtendedProcessorState");
    		KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName);
    		KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName);
    	}
    
    	// Load dump filter if the main driver is already loaded
    	if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version))))
    		return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath);
    
    	TCDriverObject = DriverObject;
    	memset (VirtualVolumeDeviceObjects, 0, sizeof (VirtualVolumeDeviceObjects));
    
    	ReadRegistryConfigFlags (TRUE);
    	EncryptionThreadPoolStart (EncryptionThreadPoolFreeCpuCountLimit);
    	SelfTestsPassed = AutoTestAlgorithms();
    
    	// Enable device class filters and load boot arguments if the driver is set to start at system boot
    
    	if (NT_SUCCESS (TCReadRegistryKey (RegistryPath, L"Start", &startKeyValue)))
    	{
    		if (startKeyValue->Type == REG_DWORD && *((uint32 *) startKeyValue->Data) == SERVICE_BOOT_START)
    		{
    			if (!SelfTestsPassed)
    			{
    				// in case of system encryption, if self-tests fail, disable all extended CPU
    				// features and try again in order to workaround faulty configurations
    				DisableCPUExtendedFeatures ();
    				SelfTestsPassed = AutoTestAlgorithms();
    
    				// BUG CHECK if the self-tests still fail
    				if (!SelfTestsPassed)
    					TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
    			}
    
    			LoadBootArguments();
    			VolumeClassFilterRegistered = IsVolumeClassFilterRegistered();
    
    			DriverObject->DriverExtension->AddDevice = DriverAddDevice;
    		}
    
    		TCfree (startKeyValue);
    	}
    
    	for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; ++i)
    	{
    		DriverObject->MajorFunction[i] = TCDispatchQueueIRP;
    	}
    
    	DriverObject->DriverUnload = TCUnloadDriver;
    	return TCCreateRootDeviceObject (DriverObject);
    }
    
    
    NTSTATUS DriverAddDevice (PDRIVER_OBJECT driverObject, PDEVICE_OBJECT pdo)
    {
    #if defined(DEBUG) || defined (DEBUG_TRACE)
    	char nameInfoBuffer[128];
    	POBJECT_NAME_INFORMATION nameInfo = (POBJECT_NAME_INFORMATION) nameInfoBuffer;
    	ULONG nameInfoSize;
    	Dump ("AddDevice pdo=%p type=%x name=%ws\n", pdo, pdo->DeviceType, NT_SUCCESS (ObQueryNameString (pdo, nameInfo, sizeof (nameInfoBuffer), &nameInfoSize)) ? nameInfo->Name.Buffer : L"?");
    #endif
    
    	if (VolumeClassFilterRegistered && BootArgsValid && BootArgs.HiddenSystemPartitionStart != 0)
    	{
    		PWSTR interfaceLinks = NULL;
    		if (NT_SUCCESS (IoGetDeviceInterfaces (&GUID_DEVINTERFACE_VOLUME, pdo, DEVICE_INTERFACE_INCLUDE_NONACTIVE, &interfaceLinks)) && interfaceLinks)
    		{
    			if (interfaceLinks[0] != UNICODE_NULL)
    			{
    				Dump ("Volume pdo=%p interface=%ws\n", pdo, interfaceLinks);
    				ExFreePool (interfaceLinks);
    
    				return VolumeFilterAddDevice (driverObject, pdo);
    			}
    
    			ExFreePool (interfaceLinks);
    		}
    	}
    
    	return DriveFilterAddDevice (driverObject, pdo);
    }
    
    
    // Dumps a memory region to debug output
    void DumpMemory (void *mem, int size)
    {
    	unsigned char str[20];
    	unsigned char *m = mem;
    	int i,j;
    
    	for (j = 0; j < size / 8; j++)
    	{
    		memset (str,0,sizeof str);
    		for (i = 0; i < 8; i++)
    		{
    			if (m[i] > ' ' && m[i] <= '~')
    				str[i]=m[i];
    			else
    				str[i]='.';
    		}
    
    		Dump ("0x%08p  %02x %02x %02x %02x %02x %02x %02x %02x  %s\n",
    			m, m[0], m[1], m[2], m[3], m[4], m[5], m[6], m[7], str);
    
    		m+=8;
    	}
    }
    
    BOOL IsAllZeroes (unsigned char* pbData, DWORD dwDataLen)
    {
    	while (dwDataLen--)
    	{
    		if (*pbData)
    			return FALSE;
    		pbData++;
    	}
    	return TRUE;
    }
    
    BOOL ValidateIOBufferSize (PIRP irp, size_t requiredBufferSize, ValidateIOBufferSizeType type)
    {
    	PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (irp);
    	BOOL input = (type == ValidateInput || type == ValidateInputOutput);
    	BOOL output = (type == ValidateOutput || type == ValidateInputOutput);
    
    	if ((input && irpSp->Parameters.DeviceIoControl.InputBufferLength < requiredBufferSize)
    		|| (output && irpSp->Parameters.DeviceIoControl.OutputBufferLength < requiredBufferSize))
    	{
    		Dump ("STATUS_BUFFER_TOO_SMALL ioctl=0x%x,%d in=%d out=%d reqsize=%d insize=%d outsize=%d\n", (int) (irpSp->Parameters.DeviceIoControl.IoControlCode >> 16), (int) ((irpSp->Parameters.DeviceIoControl.IoControlCode & 0x1FFF) >> 2), input, output, requiredBufferSize, irpSp->Parameters.DeviceIoControl.InputBufferLength, irpSp->Parameters.DeviceIoControl.OutputBufferLength);
    
    		irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
    		irp->IoStatus.Information = 0;
    		return FALSE;
    	}
    
    	if (!input && output)
    		memset (irp->AssociatedIrp.SystemBuffer, 0, irpSp->Parameters.DeviceIoControl.OutputBufferLength);
    
    	return TRUE;
    }
    
    
    PDEVICE_OBJECT GetVirtualVolumeDeviceObject (int driveNumber)
    {
    	if (driveNumber < MIN_MOUNTED_VOLUME_DRIVE_NUMBER || driveNumber > MAX_MOUNTED_VOLUME_DRIVE_NUMBER)
    		return NULL;
    
    	return VirtualVolumeDeviceObjects[driveNumber];
    }
    
    
    /* TCDispatchQueueIRP queues any IRP's so that they can be processed later
       by the thread -- or in some cases handles them immediately! */
    NTSTATUS TCDispatchQueueIRP (PDEVICE_OBJECT DeviceObject, PIRP Irp)
    {
    	PEXTENSION Extension = (PEXTENSION) DeviceObject->DeviceExtension;
    	PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
    	NTSTATUS ntStatus;
    
    #if defined(_DEBUG) || defined (_DEBUG_TRACE)
    	if (irpSp->MajorFunction == IRP_MJ_DEVICE_CONTROL && (Extension->bRootDevice || Extension->IsVolumeDevice))
    	{
    		switch (irpSp->Parameters.DeviceIoControl.IoControlCode)
    		{
    		case TC_IOCTL_GET_MOUNTED_VOLUMES:
    		case TC_IOCTL_GET_PASSWORD_CACHE_STATUS:
    		case TC_IOCTL_GET_PORTABLE_MODE_STATUS:
    		case TC_IOCTL_SET_PORTABLE_MODE_STATUS:
    		case TC_IOCTL_OPEN_TEST:
    		case TC_IOCTL_GET_RESOLVED_SYMLINK:
    		case TC_IOCTL_GET_DEVICE_REFCOUNT:
    		case TC_IOCTL_GET_DRIVE_PARTITION_INFO:
    		case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES:
    		case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS:
    		case TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS:
    		case TC_IOCTL_GET_WARNING_FLAGS:
    		case TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING:
    		case IOCTL_DISK_CHECK_VERIFY:
    			break;
    
    		default:
    			Dump ("%ls (0x%x %d)\n",
    				TCTranslateCode (irpSp->Parameters.DeviceIoControl.IoControlCode),
    				(int) (irpSp->Parameters.DeviceIoControl.IoControlCode >> 16),
    				(int) ((irpSp->Parameters.DeviceIoControl.IoControlCode & 0x1FFF) >> 2));
    		}
    	}
    #endif
    
    	if (!Extension->bRootDevice)
    	{
    		// Drive filter IRP
    		if (Extension->IsDriveFilterDevice)
    			return DriveFilterDispatchIrp (DeviceObject, Irp);
    
    		// Volume filter IRP
    		if (Extension->IsVolumeFilterDevice)
    			return VolumeFilterDispatchIrp (DeviceObject, Irp);
    	}
    
    	switch (irpSp->MajorFunction)
    	{
    	case IRP_MJ_CLOSE:
    	case IRP_MJ_CREATE:
    	case IRP_MJ_CLEANUP:
    		return COMPLETE_IRP (DeviceObject, Irp, STATUS_SUCCESS, 0);
    
    	case IRP_MJ_SHUTDOWN:
    		if (Extension->bRootDevice)
    		{
    			Dump ("Driver shutting down\n");
    			DriverShuttingDown = TRUE;
    
    			if (EncryptionSetupThread)
    				while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP, NULL, 0, NULL, 0) == STATUS_INSUFFICIENT_RESOURCES);
    
    			if (DecoySystemWipeThread)
    				while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE, NULL, 0, NULL, 0) == STATUS_INSUFFICIENT_RESOURCES);
    
    			OnShutdownPending();
    		}
    
    		return COMPLETE_IRP (DeviceObject, Irp, STATUS_SUCCESS, 0);
    
    	case IRP_MJ_FLUSH_BUFFERS:
    	case IRP_MJ_READ:
    	case IRP_MJ_WRITE:
    	case IRP_MJ_DEVICE_CONTROL:
    
    		if (Extension->bRootDevice)
    		{
    			if (irpSp->MajorFunction == IRP_MJ_DEVICE_CONTROL)
    			{
    				NTSTATUS status = KeWaitForMutexObject (&RootDeviceControlMutex, Executive, KernelMode, FALSE, NULL);
    				if (!NT_SUCCESS (status))
    					return status;
    
    				status = ProcessMainDeviceControlIrp (DeviceObject, Extension, Irp);
    
    				KeReleaseMutex (&RootDeviceControlMutex, FALSE);
    				return status;
    			}
    			break;
    		}
    
    		if (Extension->bShuttingDown)
    		{
    			Dump ("Device %d shutting down: STATUS_DELETE_PENDING\n", Extension->nDosDriveNo);
    			return TCCompleteDiskIrp (Irp, STATUS_DELETE_PENDING, 0);
    		}
    
    		if (Extension->bRemovable
    			&& (DeviceObject->Flags & DO_VERIFY_VOLUME)
    			&& !(irpSp->Flags & SL_OVERRIDE_VERIFY_VOLUME)
    			&& irpSp->MajorFunction != IRP_MJ_FLUSH_BUFFERS)
    		{
    			Dump ("Removable device %d has DO_VERIFY_VOLUME flag: STATUS_DEVICE_NOT_READY\n", Extension->nDosDriveNo);
    			return TCCompleteDiskIrp (Irp, STATUS_DEVICE_NOT_READY, 0);
    		}
    
    		switch (irpSp->MajorFunction)
    		{
    		case IRP_MJ_READ:
    		case IRP_MJ_WRITE:
    			ntStatus = EncryptedIoQueueAddIrp (&Extension->Queue, Irp);
    
    			if (ntStatus != STATUS_PENDING)
    				TCCompleteDiskIrp (Irp, ntStatus, 0);
    
    			return ntStatus;
    
    		case IRP_MJ_DEVICE_CONTROL:
    			ntStatus = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp);
    			if (!NT_SUCCESS (ntStatus))
    				return TCCompleteIrp (Irp, ntStatus, 0);
    
    			IoMarkIrpPending (Irp);
    
    			ExInterlockedInsertTailList (&Extension->ListEntry, &Irp->Tail.Overlay.ListEntry, &Extension->ListSpinLock);
    			KeReleaseSemaphore (&Extension->RequestSemaphore, IO_DISK_INCREMENT, 1, FALSE);
    
    			return STATUS_PENDING;
    
    		case IRP_MJ_FLUSH_BUFFERS:
    			return TCCompleteDiskIrp (Irp, STATUS_SUCCESS, 0);
    		}
    
    		break;
    
    	case IRP_MJ_PNP:
    		if (!Extension->bRootDevice
    			&& Extension->IsVolumeDevice
    			&& irpSp->MinorFunction == IRP_MN_DEVICE_USAGE_NOTIFICATION
    			&& irpSp->Parameters.UsageNotification.Type == DeviceUsageTypePaging
    			&& irpSp->Parameters.UsageNotification.InPath)
    		{
    			PagingFileCreationPrevented = TRUE;
    			return TCCompleteIrp (Irp, STATUS_UNSUCCESSFUL, 0);
    		}
    		break;
    	}
    
    	return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0);
    }
    
    NTSTATUS TCCreateRootDeviceObject (PDRIVER_OBJECT DriverObject)
    {
    	UNICODE_STRING Win32NameString, ntUnicodeString;
    	WCHAR dosname[32], ntname[32];
    	PDEVICE_OBJECT DeviceObject;
    	NTSTATUS ntStatus;
    	BOOL *bRootExtension;
    
    	Dump ("TCCreateRootDeviceObject BEGIN\n");
    	ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL);
    
    	RtlStringCbCopyW (dosname, sizeof(dosname),(LPWSTR) DOS_ROOT_PREFIX);
    	RtlStringCbCopyW (ntname, sizeof(ntname),(LPWSTR) NT_ROOT_PREFIX);
    	RtlInitUnicodeString (&ntUnicodeString, ntname);
    	RtlInitUnicodeString (&Win32NameString, dosname);
    
    	Dump ("Creating root device nt=%ls dos=%ls\n", ntname, dosname);
    
    	ntStatus = IoCreateDevice (
    					  DriverObject,
    					  sizeof (BOOL),
    					  &ntUnicodeString,
    					  FILE_DEVICE_UNKNOWN,
    					  FILE_DEVICE_SECURE_OPEN,
    					  FALSE,
    					  &DeviceObject);
    
    	if (!NT_SUCCESS (ntStatus))
    	{
    		Dump ("TCCreateRootDeviceObject NTSTATUS = 0x%08x END\n", ntStatus);
    		return ntStatus;/* Failed to create DeviceObject */
    	}
    
    	DeviceObject->Flags |= DO_DIRECT_IO;
    	DeviceObject->AlignmentRequirement = FILE_WORD_ALIGNMENT;
    
    	/* Setup the device extension */
    	bRootExtension = (BOOL *) DeviceObject->DeviceExtension;
    	*bRootExtension = TRUE;
    
    	KeInitializeMutex (&RootDeviceControlMutex, 0);
    
    	ntStatus = IoCreateSymbolicLink (&Win32NameString, &ntUnicodeString);
    
    	if (!NT_SUCCESS (ntStatus))
    	{
    		Dump ("TCCreateRootDeviceObject NTSTATUS = 0x%08x END\n", ntStatus);
    		IoDeleteDevice (DeviceObject);
    		return ntStatus;
    	}
    
    	IoRegisterShutdownNotification (DeviceObject);
    	RootDeviceObject = DeviceObject;
    
    	Dump ("TCCreateRootDeviceObject STATUS_SUCCESS END\n");
    	return STATUS_SUCCESS;
    }
    
    NTSTATUS TCCreateDeviceObject (PDRIVER_OBJECT DriverObject,
    		       PDEVICE_OBJECT * ppDeviceObject,
    		       MOUNT_STRUCT * mount)
    {
    	UNICODE_STRING ntUnicodeString;
    	WCHAR ntname[32];
    	PEXTENSION Extension;
    	NTSTATUS ntStatus;
    	ULONG devChars = 0;
    #if defined (DEBUG) || defined (DEBUG_TRACE)
    	WCHAR dosname[32];
    #endif
    
    	Dump ("TCCreateDeviceObject BEGIN\n");
    	ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL);
    
    	TCGetNTNameFromNumber (ntname, sizeof(ntname),mount->nDosDriveNo);
    	RtlInitUnicodeString (&ntUnicodeString, ntname);
    #if defined (DEBUG) || defined (DEBUG_TRACE)
    	TCGetDosNameFromNumber (dosname, sizeof(dosname),mount->nDosDriveNo, DeviceNamespaceDefault);
    #endif
    
    	devChars = FILE_DEVICE_SECURE_OPEN;
    	devChars |= mount->bMountReadOnly ? FILE_READ_ONLY_DEVICE : 0;
    	devChars |= mount->bMountRemovable ? FILE_REMOVABLE_MEDIA : 0;
    
    #if defined (DEBUG) || defined (DEBUG_TRACE)
    	Dump ("Creating device nt=%ls dos=%ls\n", ntname, dosname);
    #endif
    
    	ntStatus = IoCreateDevice (
    					  DriverObject,			/* Our Driver Object */
    					  sizeof (EXTENSION),	/* Size of state information */
    					  &ntUnicodeString,		/* Device name "\Device\Name" */
    					  FILE_DEVICE_DISK,		/* Device type */
    					  devChars,				/* Device characteristics */
    					  FALSE,				/* Exclusive device */
    					  ppDeviceObject);		/* Returned ptr to Device Object */
    
    	if (!NT_SUCCESS (ntStatus))
    	{
    		Dump ("TCCreateDeviceObject NTSTATUS = 0x%08x END\n", ntStatus);
    		return ntStatus;/* Failed to create DeviceObject */
    	}
    	/* Initialize device object and extension. */
    
    	(*ppDeviceObject)->Flags |= DO_DIRECT_IO;
    	(*ppDeviceObject)->StackSize += 6;		// Reduce occurrence of NO_MORE_IRP_STACK_LOCATIONS bug check caused by buggy drivers
    
    	/* Setup the device extension */
    	Extension = (PEXTENSION) (*ppDeviceObject)->DeviceExtension;
    	memset (Extension, 0, sizeof (EXTENSION));
    
    	Extension->IsVolumeDevice = TRUE;
    	Extension->nDosDriveNo = mount->nDosDriveNo;
    	Extension->bRemovable = mount->bMountRemovable;
    	Extension->PartitionInInactiveSysEncScope = mount->bPartitionInInactiveSysEncScope;
    	Extension->SystemFavorite = mount->SystemFavorite;
    
    	KeInitializeEvent (&Extension->keCreateEvent, SynchronizationEvent, FALSE);
    	KeInitializeSemaphore (&Extension->RequestSemaphore, 0L, MAXLONG);
    	KeInitializeSpinLock (&Extension->ListSpinLock);
    	InitializeListHead (&Extension->ListEntry);
    	IoInitializeRemoveLock (&Extension->Queue.RemoveLock, 'LRCV', 0, 0);
    
    	VirtualVolumeDeviceObjects[mount->nDosDriveNo] = *ppDeviceObject;
    
    	Dump ("TCCreateDeviceObject STATUS_SUCCESS END\n");
    
    	return STATUS_SUCCESS;
    }
    
    
    BOOL RootDeviceControlMutexAcquireNoWait ()
    {
    	NTSTATUS status;
    	LARGE_INTEGER timeout;
    	timeout.QuadPart = 0;
    
    	status = KeWaitForMutexObject (&RootDeviceControlMutex, Executive, KernelMode, FALSE, &timeout);
    	return NT_SUCCESS (status) && status != STATUS_TIMEOUT;
    }
    
    
    void RootDeviceControlMutexRelease ()
    {
    	KeReleaseMutex (&RootDeviceControlMutex, FALSE);
    }
    
    /*
    IOCTL_STORAGE_GET_DEVICE_NUMBER 0x002D1080 
    IOCTL_STORAGE_GET_HOTPLUG_INFO 0x002D0C14
    IOCTL_STORAGE_QUERY_PROPERTY 0x002D1400
    */
    
    NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension, PIRP Irp)
    {
    	PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
    
    	switch (irpSp->Parameters.DeviceIoControl.IoControlCode)
    	{
    
    	case IOCTL_MOUNTDEV_QUERY_DEVICE_NAME:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_MOUNTDEV_QUERY_DEVICE_NAME)\n");
    		if (!ValidateIOBufferSize (Irp, sizeof (MOUNTDEV_NAME), ValidateOutput))
    		{
    			Irp->IoStatus.Information = sizeof (MOUNTDEV_NAME);
    			Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
    		}
    		else
    		{
    			ULONG outLength;
    			UNICODE_STRING ntUnicodeString;
    			WCHAR ntName[256];
    			PMOUNTDEV_NAME outputBuffer = (PMOUNTDEV_NAME) Irp->AssociatedIrp.SystemBuffer;
    
    			TCGetNTNameFromNumber (ntName, sizeof(ntName),Extension->nDosDriveNo);
    			RtlInitUnicodeString (&ntUnicodeString, ntName);
    
    			outputBuffer->NameLength = ntUnicodeString.Length;
    			outLength = ntUnicodeString.Length + sizeof(USHORT);
    
    			if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < outLength)
    			{
    				Irp->IoStatus.Information = sizeof (MOUNTDEV_NAME);
    				Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
    
    				break;
    			}
    
    			RtlCopyMemory ((PCHAR)outputBuffer->Name,ntUnicodeString.Buffer, ntUnicodeString.Length);
    
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = outLength;
    
    			Dump ("name = %ls\n",ntName);
    		}
    		break;
    
    	case IOCTL_MOUNTDEV_QUERY_UNIQUE_ID:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_MOUNTDEV_QUERY_UNIQUE_ID)\n");
    		if (!ValidateIOBufferSize (Irp, sizeof (MOUNTDEV_UNIQUE_ID), ValidateOutput))
    		{
    			Irp->IoStatus.Information = sizeof (MOUNTDEV_UNIQUE_ID);
    			Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
    		}
    		else
    		{
    			ULONG outLength;
    			UCHAR volId[128], tmp[] = { 0,0 };
    			PMOUNTDEV_UNIQUE_ID outputBuffer = (PMOUNTDEV_UNIQUE_ID) Irp->AssociatedIrp.SystemBuffer;
    
    			RtlStringCbCopyA (volId, sizeof(volId),TC_UNIQUE_ID_PREFIX);
    			tmp[0] = 'A' + (UCHAR) Extension->nDosDriveNo;
    			RtlStringCbCatA (volId, sizeof(volId),tmp);
    
    			outputBuffer->UniqueIdLength = (USHORT) strlen (volId);
    			outLength = (ULONG) (strlen (volId) + sizeof (USHORT));
    
    			if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < outLength)
    			{
    				Irp->IoStatus.Information = sizeof (MOUNTDEV_UNIQUE_ID);
    				Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
    				break;
    			}
    
    			RtlCopyMemory ((PCHAR)outputBuffer->UniqueId, volId, strlen (volId));
    
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = outLength;
    
    			Dump ("id = %s\n",volId);
    		}
    		break;
    
    	case IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME)\n");
    		{
    			ULONG outLength;
    			UNICODE_STRING ntUnicodeString;
    			WCHAR ntName[256];
    			PMOUNTDEV_SUGGESTED_LINK_NAME outputBuffer = (PMOUNTDEV_SUGGESTED_LINK_NAME) Irp->AssociatedIrp.SystemBuffer;
    
    			if (!ValidateIOBufferSize (Irp, sizeof (MOUNTDEV_SUGGESTED_LINK_NAME), ValidateOutput))
    			{
    				Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    				Irp->IoStatus.Information = 0;
    				break;
    			}
    
    			TCGetDosNameFromNumber (ntName, sizeof(ntName),Extension->nDosDriveNo, DeviceNamespaceDefault);
    			RtlInitUnicodeString (&ntUnicodeString, ntName);
    
    			outLength = FIELD_OFFSET(MOUNTDEV_SUGGESTED_LINK_NAME,Name) + ntUnicodeString.Length;
    
    			outputBuffer->UseOnlyIfThereAreNoOtherLinks = FALSE;
    			outputBuffer->NameLength = ntUnicodeString.Length;
    
    			if(irpSp->Parameters.DeviceIoControl.OutputBufferLength < outLength)
    			{
    				Irp->IoStatus.Information = sizeof (MOUNTDEV_SUGGESTED_LINK_NAME);
    				Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
    				break;
    			}
    
    			RtlCopyMemory ((PCHAR)outputBuffer->Name,ntUnicodeString.Buffer, ntUnicodeString.Length);
    
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = outLength;
    
    			Dump ("link = %ls\n",ntName);
    		}
    		break;
    
    	case IOCTL_DISK_GET_MEDIA_TYPES:
    	case IOCTL_DISK_GET_DRIVE_GEOMETRY:
    	case IOCTL_STORAGE_GET_MEDIA_TYPES:
    	case IOCTL_DISK_UPDATE_DRIVE_SIZE:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_GET_DRIVE_GEOMETRY)\n");
    		/* Return the drive geometry for the disk.  Note that we
    		   return values which were made up to suit the disk size.  */
    		if (ValidateIOBufferSize (Irp, sizeof (DISK_GEOMETRY), ValidateOutput))
    		{
    			PDISK_GEOMETRY outputBuffer = (PDISK_GEOMETRY)
    			Irp->AssociatedIrp.SystemBuffer;
    
    			outputBuffer->MediaType = Extension->bRemovable ? RemovableMedia : FixedMedia;
    			outputBuffer->Cylinders.QuadPart = Extension->NumberOfCylinders;
    			outputBuffer->TracksPerCylinder = Extension->TracksPerCylinder;
    			outputBuffer->SectorsPerTrack = Extension->SectorsPerTrack;
    			outputBuffer->BytesPerSector = Extension->BytesPerSector;
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = sizeof (DISK_GEOMETRY);
    		}
    		break;
    
    	case IOCTL_DISK_GET_DRIVE_GEOMETRY_EX:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_GET_DRIVE_GEOMETRY_EX)\n");
    		{
    			ULONG minOutputSize = IsOSAtLeast (WIN_SERVER_2003)? sizeof (DISK_GEOMETRY_EX) : sizeof (DISK_GEOMETRY) + sizeof (LARGE_INTEGER);
    			ULONG fullOutputSize = sizeof (DISK_GEOMETRY) + sizeof (LARGE_INTEGER) + sizeof (DISK_PARTITION_INFO) + sizeof (DISK_DETECTION_INFO);
    
    			if (ValidateIOBufferSize (Irp, minOutputSize, ValidateOutput))
    			{
    				PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
    				BOOL bFullBuffer = (irpSp->Parameters.DeviceIoControl.OutputBufferLength >= fullOutputSize)? TRUE : FALSE;
    				PDISK_GEOMETRY_EX outputBuffer = (PDISK_GEOMETRY_EX) Irp->AssociatedIrp.SystemBuffer;
    
    				outputBuffer->Geometry.MediaType = Extension->bRemovable ? RemovableMedia : FixedMedia;
    				outputBuffer->Geometry.Cylinders.QuadPart = Extension->NumberOfCylinders;
    				outputBuffer->Geometry.TracksPerCylinder = Extension->TracksPerCylinder;
    				outputBuffer->Geometry.SectorsPerTrack = Extension->SectorsPerTrack;
    				outputBuffer->Geometry.BytesPerSector = Extension->BytesPerSector;
    				/* add one sector to DiskLength since our partition size is DiskLength and its offset if BytesPerSector */
    				outputBuffer->DiskSize.QuadPart = Extension->DiskLength + Extension->BytesPerSector;
    
    				if (bFullBuffer)
    				{
    					PDISK_PARTITION_INFO pPartInfo = (PDISK_PARTITION_INFO)(((ULONG_PTR) outputBuffer) + sizeof (DISK_GEOMETRY) + sizeof (LARGE_INTEGER));
    					PDISK_DETECTION_INFO pDetectInfo = ((PDISK_DETECTION_INFO)((((ULONG_PTR) pPartInfo) + sizeof (DISK_PARTITION_INFO))));
    
    					pPartInfo->SizeOfPartitionInfo = sizeof (DISK_PARTITION_INFO);
    					pPartInfo->PartitionStyle = PARTITION_STYLE_MBR;
    					pPartInfo->Mbr.Signature = GetCrc32((unsigned char*) &(Extension->UniqueVolumeId), 4);
    
    					pDetectInfo->SizeOfDetectInfo = sizeof (DISK_DETECTION_INFO);
    
    					Irp->IoStatus.Information = fullOutputSize;
    				}
    				else
    				{
    					if (irpSp->Parameters.DeviceIoControl.OutputBufferLength >= sizeof (DISK_GEOMETRY_EX))
    						Irp->IoStatus.Information = sizeof (DISK_GEOMETRY_EX);
    					else
    						Irp->IoStatus.Information = minOutputSize;
    				}
    
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    			}
    		}
    		break;
    
    	case IOCTL_STORAGE_GET_MEDIA_TYPES_EX:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_STORAGE_GET_MEDIA_TYPES_EX)\n");
    		if (ValidateIOBufferSize (Irp, sizeof (GET_MEDIA_TYPES), ValidateOutput))
    		{
    			PGET_MEDIA_TYPES outputBuffer = (PGET_MEDIA_TYPES)
    			Irp->AssociatedIrp.SystemBuffer;
    			PDEVICE_MEDIA_INFO mediaInfo = &outputBuffer->MediaInfo[0];
    
    			outputBuffer->DeviceType = FILE_DEVICE_DISK;
    			outputBuffer->MediaInfoCount = 1;
    
    			if (Extension->bRemovable)
    			{
    				mediaInfo->DeviceSpecific.RemovableDiskInfo.NumberMediaSides = 1;
    				if (Extension->bReadOnly)
    					mediaInfo->DeviceSpecific.RemovableDiskInfo.MediaCharacteristics = (MEDIA_CURRENTLY_MOUNTED | MEDIA_READ_ONLY | MEDIA_WRITE_PROTECTED);
    				else
    					mediaInfo->DeviceSpecific.RemovableDiskInfo.MediaCharacteristics = (MEDIA_CURRENTLY_MOUNTED | MEDIA_READ_WRITE);
    				mediaInfo->DeviceSpecific.RemovableDiskInfo.MediaType = (STORAGE_MEDIA_TYPE) RemovableMedia;
    				mediaInfo->DeviceSpecific.RemovableDiskInfo.Cylinders.QuadPart = Extension->NumberOfCylinders;
    				mediaInfo->DeviceSpecific.RemovableDiskInfo.TracksPerCylinder = Extension->TracksPerCylinder;
    				mediaInfo->DeviceSpecific.RemovableDiskInfo.SectorsPerTrack = Extension->SectorsPerTrack;
    				mediaInfo->DeviceSpecific.RemovableDiskInfo.BytesPerSector = Extension->BytesPerSector;
    			}
    			else
    			{
    				mediaInfo->DeviceSpecific.DiskInfo.NumberMediaSides = 1;
    				if (Extension->bReadOnly)
    					mediaInfo->DeviceSpecific.DiskInfo.MediaCharacteristics = (MEDIA_CURRENTLY_MOUNTED | MEDIA_READ_ONLY | MEDIA_WRITE_PROTECTED);
    				else
    					mediaInfo->DeviceSpecific.DiskInfo.MediaCharacteristics = (MEDIA_CURRENTLY_MOUNTED | MEDIA_READ_WRITE);
    				mediaInfo->DeviceSpecific.DiskInfo.MediaType = (STORAGE_MEDIA_TYPE) FixedMedia;
    				mediaInfo->DeviceSpecific.DiskInfo.Cylinders.QuadPart = Extension->NumberOfCylinders;
    				mediaInfo->DeviceSpecific.DiskInfo.TracksPerCylinder = Extension->TracksPerCylinder;
    				mediaInfo->DeviceSpecific.DiskInfo.SectorsPerTrack = Extension->SectorsPerTrack;
    				mediaInfo->DeviceSpecific.DiskInfo.BytesPerSector = Extension->BytesPerSector;
    			}
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = sizeof (GET_MEDIA_TYPES);
    		}
    		break;
    
    	case IOCTL_STORAGE_QUERY_PROPERTY:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_STORAGE_QUERY_PROPERTY)\n");		
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (EnableExtendedIoctlSupport || Extension->TrimEnabled)
    		{
    			if (ValidateIOBufferSize (Irp, sizeof (STORAGE_PROPERTY_QUERY), ValidateInput))
    			{
    				PSTORAGE_PROPERTY_QUERY pStoragePropQuery = (PSTORAGE_PROPERTY_QUERY) Irp->AssociatedIrp.SystemBuffer;
    				STORAGE_QUERY_TYPE type = pStoragePropQuery->QueryType;
    
    				Dump ("IOCTL_STORAGE_QUERY_PROPERTY - PropertyId = %d, type = %d, InputBufferLength = %d, OutputBufferLength = %d\n", pStoragePropQuery->PropertyId, type, (int) irpSp->Parameters.DeviceIoControl.InputBufferLength, (int) irpSp->Parameters.DeviceIoControl.OutputBufferLength);
    
    				if (Extension->bRawDevice &&
    						(pStoragePropQuery->PropertyId == (STORAGE_PROPERTY_ID) StorageDeviceLBProvisioningProperty)
    					)
    				{
    					IO_STATUS_BLOCK IoStatus;
    					Dump ("ProcessVolumeDeviceControlIrp: sending IOCTL_STORAGE_QUERY_PROPERTY (%d) to device\n", (int) pStoragePropQuery->PropertyId);
    					Irp->IoStatus.Status = ZwDeviceIoControlFile (
    						Extension->hDeviceFile,
    						NULL,
    						NULL,
    						NULL,
    						&IoStatus,
    						IOCTL_STORAGE_QUERY_PROPERTY,
    						Irp->AssociatedIrp.SystemBuffer,
    						irpSp->Parameters.DeviceIoControl.InputBufferLength,
    						Irp->AssociatedIrp.SystemBuffer,
    						irpSp->Parameters.DeviceIoControl.OutputBufferLength);
    					Dump ("ProcessVolumeDeviceControlIrp: ZwDeviceIoControlFile returned 0x%.8X\n", (DWORD) Irp->IoStatus.Status);
    					if (Irp->IoStatus.Status == STATUS_SUCCESS)
    					{
    						Irp->IoStatus.Status = IoStatus.Status;
    						Irp->IoStatus.Information = IoStatus.Information;
    					}
    				}
    				else if (	(pStoragePropQuery->PropertyId == StorageAccessAlignmentProperty)
    					||	(pStoragePropQuery->PropertyId == StorageDeviceProperty)
    					||	(pStoragePropQuery->PropertyId == StorageAdapterProperty)
    					||	(pStoragePropQuery->PropertyId == StorageDeviceSeekPenaltyProperty)
    					||	(pStoragePropQuery->PropertyId == StorageDeviceTrimProperty)
    					)
    				{
    					if (type == PropertyExistsQuery)
    					{
    						Irp->IoStatus.Status = STATUS_SUCCESS;
    						Irp->IoStatus.Information = 0;
    					}
    					else if (type == PropertyStandardQuery)
    					{
    						ULONG descriptorSize;
    						switch (pStoragePropQuery->PropertyId)
    						{
    							case StorageDeviceProperty:
    								{
    									Dump ("IOCTL_STORAGE_QUERY_PROPERTY - StorageDeviceProperty\n");
    									/* Add 0x00 for NULL terminating string used as ProductId, ProductRevision, SerialNumber, VendorId */
    									descriptorSize = sizeof (STORAGE_DEVICE_DESCRIPTOR) + 1;
    									if (ValidateIOBufferSize (Irp, descriptorSize, ValidateOutput))
    									{
    										PSTORAGE_DEVICE_DESCRIPTOR outputBuffer = (PSTORAGE_DEVICE_DESCRIPTOR) Irp->AssociatedIrp.SystemBuffer;
    
    										outputBuffer->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR);
    										outputBuffer->Size = descriptorSize;
    										outputBuffer->DeviceType = FILE_DEVICE_DISK;
    										outputBuffer->RemovableMedia = Extension->bRemovable? TRUE : FALSE;
    										outputBuffer->ProductIdOffset = sizeof (STORAGE_DEVICE_DESCRIPTOR);
    										outputBuffer->SerialNumberOffset = sizeof (STORAGE_DEVICE_DESCRIPTOR);
    										outputBuffer->ProductRevisionOffset = sizeof (STORAGE_DEVICE_DESCRIPTOR);
    										outputBuffer->VendorIdOffset = sizeof (STORAGE_DEVICE_DESCRIPTOR);
    										outputBuffer->BusType = BusTypeVirtual;
    										Irp->IoStatus.Status = STATUS_SUCCESS;
    										Irp->IoStatus.Information = descriptorSize;
    									}
    									else if (irpSp->Parameters.DeviceIoControl.OutputBufferLength == sizeof (STORAGE_DESCRIPTOR_HEADER))
    									{
    										PSTORAGE_DESCRIPTOR_HEADER outputBuffer = (PSTORAGE_DESCRIPTOR_HEADER) Irp->AssociatedIrp.SystemBuffer;
    										outputBuffer->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR);
    										outputBuffer->Size = descriptorSize;
    										Irp->IoStatus.Status = STATUS_SUCCESS;
    										Irp->IoStatus.Information = sizeof (STORAGE_DESCRIPTOR_HEADER);
    									}
    								}
    								break;
    							case StorageAdapterProperty:
    								{
    									Dump ("IOCTL_STORAGE_QUERY_PROPERTY - StorageAdapterProperty\n");
    									descriptorSize = sizeof (STORAGE_ADAPTER_DESCRIPTOR);
    									if (ValidateIOBufferSize (Irp, descriptorSize, ValidateOutput))
    									{
    										PSTORAGE_ADAPTER_DESCRIPTOR outputBuffer = (PSTORAGE_ADAPTER_DESCRIPTOR) Irp->AssociatedIrp.SystemBuffer;
    
    										outputBuffer->Version = sizeof(STORAGE_ADAPTER_DESCRIPTOR);
    										outputBuffer->Size = descriptorSize;
    										outputBuffer->MaximumTransferLength = Extension->HostMaximumTransferLength;
    										outputBuffer->MaximumPhysicalPages = Extension->HostMaximumPhysicalPages;
    										outputBuffer->AlignmentMask = Extension->HostAlignmentMask;
    										outputBuffer->BusType = BusTypeVirtual;
    										Irp->IoStatus.Status = STATUS_SUCCESS;
    										Irp->IoStatus.Information = descriptorSize;
    									}
    									else if (irpSp->Parameters.DeviceIoControl.OutputBufferLength == sizeof (STORAGE_DESCRIPTOR_HEADER))
    									{
    										PSTORAGE_DESCRIPTOR_HEADER outputBuffer = (PSTORAGE_DESCRIPTOR_HEADER) Irp->AssociatedIrp.SystemBuffer;
    										outputBuffer->Version = sizeof(STORAGE_ADAPTER_DESCRIPTOR);
    										outputBuffer->Size = descriptorSize;
    										Irp->IoStatus.Status = STATUS_SUCCESS;
    										Irp->IoStatus.Information = sizeof (STORAGE_DESCRIPTOR_HEADER);
    									}
    								}
    								break;
    							case StorageAccessAlignmentProperty:
    								{
    									Dump ("IOCTL_STORAGE_QUERY_PROPERTY - StorageAccessAlignmentProperty\n");
    									if (ValidateIOBufferSize (Irp, sizeof (STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR), ValidateOutput))
    									{
    										PSTORAGE_ACCESS_ALIGNMENT_DESCRIPTOR outputBuffer = (PSTORAGE_ACCESS_ALIGNMENT_DESCRIPTOR) Irp->AssociatedIrp.SystemBuffer;
    
    										outputBuffer->Version = sizeof(STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR);
    										outputBuffer->Size = sizeof(STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR);
    										outputBuffer->BytesPerLogicalSector = Extension->BytesPerSector;
    										outputBuffer->BytesPerPhysicalSector = Extension->HostBytesPerPhysicalSector;										
    										Irp->IoStatus.Status = STATUS_SUCCESS;
    										Irp->IoStatus.Information = sizeof (STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR);
    									}
    									else if (irpSp->Parameters.DeviceIoControl.OutputBufferLength == sizeof (STORAGE_DESCRIPTOR_HEADER))
    									{
    										PSTORAGE_DESCRIPTOR_HEADER outputBuffer = (PSTORAGE_DESCRIPTOR_HEADER) Irp->AssociatedIrp.SystemBuffer;
    										outputBuffer->Version = sizeof(STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR);
    										outputBuffer->Size = sizeof(STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR);
    										Irp->IoStatus.Status = STATUS_SUCCESS;
    										Irp->IoStatus.Information = sizeof (STORAGE_DESCRIPTOR_HEADER);
    									}
    								}
    								break;
    							case StorageDeviceSeekPenaltyProperty:
    								{
    									Dump ("IOCTL_STORAGE_QUERY_PROPERTY - StorageDeviceSeekPenaltyProperty\n");
    									if (ValidateIOBufferSize (Irp, sizeof (DEVICE_SEEK_PENALTY_DESCRIPTOR), ValidateOutput))
    									{
    										PDEVICE_SEEK_PENALTY_DESCRIPTOR outputBuffer = (PDEVICE_SEEK_PENALTY_DESCRIPTOR) Irp->AssociatedIrp.SystemBuffer;
    										Dump ("IOCTL_STORAGE_QUERY_PROPERTY - StorageDeviceSeekPenaltyProperty: set IncursSeekPenalty to %s\n", Extension->IncursSeekPenalty? "TRUE" : "FALSE");
    										outputBuffer->Version = sizeof(DEVICE_SEEK_PENALTY_DESCRIPTOR);
    										outputBuffer->Size = sizeof(DEVICE_SEEK_PENALTY_DESCRIPTOR);
    										outputBuffer->IncursSeekPenalty = (BOOLEAN) Extension->IncursSeekPenalty;
    										Irp->IoStatus.Status = STATUS_SUCCESS;
    										Irp->IoStatus.Information = sizeof (DEVICE_SEEK_PENALTY_DESCRIPTOR);
    									}
    									else if (irpSp->Parameters.DeviceIoControl.OutputBufferLength == sizeof (STORAGE_DESCRIPTOR_HEADER))
    									{
    										PSTORAGE_DESCRIPTOR_HEADER outputBuffer = (PSTORAGE_DESCRIPTOR_HEADER) Irp->AssociatedIrp.SystemBuffer;
    										outputBuffer->Version = sizeof(DEVICE_SEEK_PENALTY_DESCRIPTOR);
    										outputBuffer->Size = sizeof(DEVICE_SEEK_PENALTY_DESCRIPTOR);
    										Irp->IoStatus.Status = STATUS_SUCCESS;
    										Irp->IoStatus.Information = sizeof (STORAGE_DESCRIPTOR_HEADER);
    									}
    								}
    								break;
    							case StorageDeviceTrimProperty:
    								{
    									Dump ("IOCTL_STORAGE_QUERY_PROPERTY - StorageDeviceTrimProperty\n");
    									if (ValidateIOBufferSize (Irp, sizeof (DEVICE_TRIM_DESCRIPTOR), ValidateOutput))
    									{
    										PDEVICE_TRIM_DESCRIPTOR outputBuffer = (PDEVICE_TRIM_DESCRIPTOR) Irp->AssociatedIrp.SystemBuffer;
    										Dump ("IOCTL_STORAGE_QUERY_PROPERTY - StorageDeviceTrimProperty: set TrimEnabled to %s\n", Extension->TrimEnabled? "TRUE" : "FALSE");
    										outputBuffer->Version = sizeof(DEVICE_TRIM_DESCRIPTOR);
    										outputBuffer->Size = sizeof(DEVICE_TRIM_DESCRIPTOR);
    										outputBuffer->TrimEnabled = (BOOLEAN) Extension->TrimEnabled;
    										Irp->IoStatus.Status = STATUS_SUCCESS;
    										Irp->IoStatus.Information = sizeof (DEVICE_TRIM_DESCRIPTOR);
    									}
    									else if (irpSp->Parameters.DeviceIoControl.OutputBufferLength == sizeof (STORAGE_DESCRIPTOR_HEADER))
    									{
    										PSTORAGE_DESCRIPTOR_HEADER outputBuffer = (PSTORAGE_DESCRIPTOR_HEADER) Irp->AssociatedIrp.SystemBuffer;
    										outputBuffer->Version = sizeof(DEVICE_TRIM_DESCRIPTOR);
    										outputBuffer->Size = sizeof(DEVICE_TRIM_DESCRIPTOR);
    										Irp->IoStatus.Status = STATUS_SUCCESS;
    										Irp->IoStatus.Information = sizeof (STORAGE_DESCRIPTOR_HEADER);
    									}
    								}
    								break;
    						}
    					}
    				}
    			}
    		}
    
    		break;
    
    	case IOCTL_DISK_GET_PARTITION_INFO:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_GET_PARTITION_INFO)\n");
    		if (ValidateIOBufferSize (Irp, sizeof (PARTITION_INFORMATION), ValidateOutput))
    		{
    			PPARTITION_INFORMATION outputBuffer = (PPARTITION_INFORMATION)
    			Irp->AssociatedIrp.SystemBuffer;
    
    			outputBuffer->PartitionType = Extension->PartitionType;
    			outputBuffer->BootIndicator = FALSE;
    			outputBuffer->RecognizedPartition = TRUE;
    			outputBuffer->RewritePartition = FALSE;
    			outputBuffer->StartingOffset.QuadPart = Extension->BytesPerSector;
    			outputBuffer->PartitionLength.QuadPart= Extension->DiskLength;
    			outputBuffer->PartitionNumber = 1;
    			outputBuffer->HiddenSectors = 0;
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = sizeof (PARTITION_INFORMATION);
    		}
    		break;
    
    	case IOCTL_DISK_GET_PARTITION_INFO_EX:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_GET_PARTITION_INFO_EX)\n");
    		if (ValidateIOBufferSize (Irp, sizeof (PARTITION_INFORMATION_EX), ValidateOutput))
    		{
    			PPARTITION_INFORMATION_EX outputBuffer = (PPARTITION_INFORMATION_EX) Irp->AssociatedIrp.SystemBuffer;
    
    			outputBuffer->PartitionStyle = PARTITION_STYLE_MBR;
    			outputBuffer->RewritePartition = FALSE;
    			outputBuffer->StartingOffset.QuadPart = Extension->BytesPerSector;
    			outputBuffer->PartitionLength.QuadPart= Extension->DiskLength;
    			outputBuffer->PartitionNumber = 1;
    			outputBuffer->Mbr.PartitionType = Extension->PartitionType;
    			outputBuffer->Mbr.BootIndicator = FALSE;
    			outputBuffer->Mbr.RecognizedPartition = TRUE;
    			outputBuffer->Mbr.HiddenSectors = 0;
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = sizeof (PARTITION_INFORMATION_EX);
    		}
    		break;
    
    	case IOCTL_DISK_GET_DRIVE_LAYOUT:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_GET_DRIVE_LAYOUT)\n");
    		if (ValidateIOBufferSize (Irp, sizeof (DRIVE_LAYOUT_INFORMATION), ValidateOutput))
    		{
    			PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
    			BOOL bFullBuffer = (irpSp->Parameters.DeviceIoControl.OutputBufferLength >= (sizeof (DRIVE_LAYOUT_INFORMATION) + 3*sizeof(PARTITION_INFORMATION)))? TRUE : FALSE;
    			PDRIVE_LAYOUT_INFORMATION outputBuffer = (PDRIVE_LAYOUT_INFORMATION)
    			Irp->AssociatedIrp.SystemBuffer;
    
    			outputBuffer->PartitionCount = bFullBuffer? 4 : 1;
    			outputBuffer->Signature = GetCrc32((unsigned char*) &(Extension->UniqueVolumeId), 4);
    
    			outputBuffer->PartitionEntry->PartitionType = Extension->PartitionType;
    			outputBuffer->PartitionEntry->BootIndicator = FALSE;
    			outputBuffer->PartitionEntry->RecognizedPartition = TRUE;
    			outputBuffer->PartitionEntry->RewritePartition = FALSE;
    			outputBuffer->PartitionEntry->StartingOffset.QuadPart = Extension->BytesPerSector;
    			outputBuffer->PartitionEntry->PartitionLength.QuadPart = Extension->DiskLength;
    			outputBuffer->PartitionEntry->PartitionNumber = 1;
    			outputBuffer->PartitionEntry->HiddenSectors = 0;			
    
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = sizeof (DRIVE_LAYOUT_INFORMATION);
    			if (bFullBuffer)
    			{
    				Irp->IoStatus.Information += 3*sizeof(PARTITION_INFORMATION);
    				memset (((BYTE*) Irp->AssociatedIrp.SystemBuffer) + sizeof (DRIVE_LAYOUT_INFORMATION), 0, 3*sizeof(PARTITION_INFORMATION));
    			}				
    		}
    		break;
    
    	case IOCTL_DISK_GET_DRIVE_LAYOUT_EX:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_GET_DRIVE_LAYOUT_EX)\n");
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (EnableExtendedIoctlSupport)
    		{
    			if (ValidateIOBufferSize (Irp, sizeof (DRIVE_LAYOUT_INFORMATION_EX), ValidateOutput))
    			{
    				PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
    				BOOL bFullBuffer = (irpSp->Parameters.DeviceIoControl.OutputBufferLength >= (sizeof (DRIVE_LAYOUT_INFORMATION_EX) + 3*sizeof(PARTITION_INFORMATION_EX)))? TRUE : FALSE;
    				PDRIVE_LAYOUT_INFORMATION_EX outputBuffer = (PDRIVE_LAYOUT_INFORMATION_EX)
    				Irp->AssociatedIrp.SystemBuffer;
    
    				outputBuffer->PartitionCount = bFullBuffer? 4 : 1;
    				outputBuffer->PartitionStyle = PARTITION_STYLE_MBR;
    				outputBuffer->Mbr.Signature = GetCrc32((unsigned char*) &(Extension->UniqueVolumeId), 4);
    
    				outputBuffer->PartitionEntry->PartitionStyle = PARTITION_STYLE_MBR;
    				outputBuffer->PartitionEntry->Mbr.BootIndicator = FALSE;
    				outputBuffer->PartitionEntry->Mbr.RecognizedPartition = TRUE;
    				outputBuffer->PartitionEntry->RewritePartition = FALSE;
    				outputBuffer->PartitionEntry->StartingOffset.QuadPart = Extension->BytesPerSector;
    				outputBuffer->PartitionEntry->PartitionLength.QuadPart = Extension->DiskLength;
    				outputBuffer->PartitionEntry->PartitionNumber = 1;
    				outputBuffer->PartitionEntry->Mbr.HiddenSectors = 0;
    				outputBuffer->PartitionEntry->Mbr.PartitionType = Extension->PartitionType;
    
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    				Irp->IoStatus.Information = sizeof (DRIVE_LAYOUT_INFORMATION_EX);
    				if (bFullBuffer)
    				{
    					Irp->IoStatus.Information += 3*sizeof(PARTITION_INFORMATION_EX);
    				}
    			}
    		}
    		break;
    
    	case IOCTL_DISK_GET_LENGTH_INFO:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_GET_LENGTH_INFO)\n");
    		if (!ValidateIOBufferSize (Irp, sizeof (GET_LENGTH_INFORMATION), ValidateOutput))
    		{
    			Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
    			Irp->IoStatus.Information = sizeof (GET_LENGTH_INFORMATION);
    		}
    		else
    		{
    			PGET_LENGTH_INFORMATION outputBuffer = (PGET_LENGTH_INFORMATION) Irp->AssociatedIrp.SystemBuffer;
    
    			outputBuffer->Length.QuadPart = Extension->DiskLength;
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = sizeof (GET_LENGTH_INFORMATION);
    		}
    		break;
    
    	case IOCTL_DISK_VERIFY:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_VERIFY)\n");
    		if (ValidateIOBufferSize (Irp, sizeof (VERIFY_INFORMATION), ValidateInput))
    		{
    			HRESULT hResult;
    			ULONGLONG ullStartingOffset, ullNewOffset, ullEndOffset;
    			PVERIFY_INFORMATION pVerifyInformation;
    			pVerifyInformation = (PVERIFY_INFORMATION) Irp->AssociatedIrp.SystemBuffer;
    
    			ullStartingOffset = (ULONGLONG) pVerifyInformation->StartingOffset.QuadPart;
    			hResult = ULongLongAdd(ullStartingOffset,
    				(ULONGLONG) Extension->cryptoInfo->hiddenVolume ? Extension->cryptoInfo->hiddenVolumeOffset : Extension->cryptoInfo->volDataAreaOffset,
    				&ullNewOffset);
    			if (hResult != S_OK)
    				Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    			else if (S_OK != ULongLongAdd(ullStartingOffset, (ULONGLONG) pVerifyInformation->Length, &ullEndOffset))
    				Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    			else if (ullEndOffset > (ULONGLONG) Extension->DiskLength)
    				Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    			else
    			{
    				IO_STATUS_BLOCK ioStatus;
    				PVOID buffer = TCalloc (max (pVerifyInformation->Length, PAGE_SIZE));
    
    				if (!buffer)
    				{
    					Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
    				}
    				else
    				{
    					LARGE_INTEGER offset = pVerifyInformation->StartingOffset;
    					offset.QuadPart = ullNewOffset;
    
    					Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, pVerifyInformation->Length, &offset, NULL);
    					TCfree (buffer);
    
    					if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != pVerifyInformation->Length)
    						Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    				}
    			}
    
    			Irp->IoStatus.Information = 0;
    		}
    		break;
    
    	case IOCTL_DISK_CHECK_VERIFY:
    	case IOCTL_STORAGE_CHECK_VERIFY:
    	case IOCTL_STORAGE_CHECK_VERIFY2:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_STORAGE_CHECK_VERIFY)\n");
    		{
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = 0;
    
    			if (irpSp->Parameters.DeviceIoControl.OutputBufferLength >= sizeof (ULONG))
    			{
    				*((ULONG *) Irp->AssociatedIrp.SystemBuffer) = 0;
    				Irp->IoStatus.Information = sizeof (ULONG);
    			}
    		}
    		break;
    
    	case IOCTL_DISK_IS_WRITABLE:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_IS_WRITABLE)\n");
    		{
    			if (Extension->bReadOnly)
    				Irp->IoStatus.Status = STATUS_MEDIA_WRITE_PROTECTED;
    			else
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = 0;
    
    		}
    		break;
    
    	case IOCTL_VOLUME_ONLINE:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_VOLUME_ONLINE)\n");
    		Irp->IoStatus.Status = STATUS_SUCCESS;
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case IOCTL_VOLUME_POST_ONLINE:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_VOLUME_POST_ONLINE)\n");
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (EnableExtendedIoctlSupport)
    		{
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = 0;
    		}
    		break;
    
    	case IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS)\n");
    		// Vista's filesystem defragmenter fails if IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS does not succeed.
    		if (!(OsMajorVersion == 6 && OsMinorVersion == 0))
    		{
    			Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    			Irp->IoStatus.Information = 0;
    		}
    		else if (ValidateIOBufferSize (Irp, sizeof (VOLUME_DISK_EXTENTS), ValidateOutput))
    		{
    			VOLUME_DISK_EXTENTS *extents = (VOLUME_DISK_EXTENTS *) Irp->AssociatedIrp.SystemBuffer;
    
    			// No extent data can be returned as this is not a physical drive.
    			memset (extents, 0, sizeof (*extents));
    			extents->NumberOfDiskExtents = 0;
    
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = sizeof (*extents);
    		}
    		break;
    
    	case IOCTL_STORAGE_READ_CAPACITY:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_STORAGE_READ_CAPACITY)\n");
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (EnableExtendedIoctlSupport)
    		{
    			if (ValidateIOBufferSize (Irp, sizeof (STORAGE_READ_CAPACITY), ValidateOutput))
    			{
    				STORAGE_READ_CAPACITY *capacity = (STORAGE_READ_CAPACITY *) Irp->AssociatedIrp.SystemBuffer;
    
    				capacity->Version = sizeof (STORAGE_READ_CAPACITY);
    				capacity->Size = sizeof (STORAGE_READ_CAPACITY);
    				capacity->BlockLength = Extension->BytesPerSector;
    				capacity->NumberOfBlocks.QuadPart = (Extension->DiskLength / Extension->BytesPerSector) + 1;
    				capacity->DiskLength.QuadPart = Extension->DiskLength + Extension->BytesPerSector;
    
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    				Irp->IoStatus.Information = sizeof (STORAGE_READ_CAPACITY);
    			}
    		}
    		break;
    
    	/*case IOCTL_STORAGE_GET_DEVICE_NUMBER:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_STORAGE_GET_DEVICE_NUMBER)\n");
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (EnableExtendedIoctlSupport)
    		{
    			if (ValidateIOBufferSize (Irp, sizeof (STORAGE_DEVICE_NUMBER), ValidateOutput))
    			{
    				STORAGE_DEVICE_NUMBER *storage = (STORAGE_DEVICE_NUMBER *) Irp->AssociatedIrp.SystemBuffer;
    
    				storage->DeviceType = FILE_DEVICE_DISK;
    				storage->DeviceNumber = (ULONG) -1;
    				storage->PartitionNumber = 1;
    
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    				Irp->IoStatus.Information = sizeof (STORAGE_DEVICE_NUMBER);
    			}
    		}
    		break;*/
    
    	case IOCTL_STORAGE_GET_HOTPLUG_INFO:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_STORAGE_GET_HOTPLUG_INFO)\n");
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (EnableExtendedIoctlSupport)
    		{
    			if (ValidateIOBufferSize (Irp, sizeof (STORAGE_HOTPLUG_INFO), ValidateOutput))
    			{
    				STORAGE_HOTPLUG_INFO *info = (STORAGE_HOTPLUG_INFO *) Irp->AssociatedIrp.SystemBuffer;
    
    				info->Size = sizeof (STORAGE_HOTPLUG_INFO);
    				info->MediaRemovable = Extension->bRemovable? TRUE : FALSE;
    				info->MediaHotplug = FALSE;
    				info->DeviceHotplug = FALSE;
    				info->WriteCacheEnableOverride = FALSE;
    
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    				Irp->IoStatus.Information = sizeof (STORAGE_HOTPLUG_INFO);
    			}
    		}
    		break;
    
    	case IOCTL_VOLUME_IS_DYNAMIC:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_VOLUME_IS_DYNAMIC)\n");
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (EnableExtendedIoctlSupport)
    		{
    			if (ValidateIOBufferSize (Irp, sizeof (BOOLEAN), ValidateOutput))
    			{
    				BOOLEAN *pbDynamic = (BOOLEAN*) Irp->AssociatedIrp.SystemBuffer;
    
    				*pbDynamic = FALSE;
    
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    				Irp->IoStatus.Information = sizeof (BOOLEAN);
    			}
    		}
    		break;
    
    	case IOCTL_DISK_IS_CLUSTERED:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_IS_CLUSTERED)\n");
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (EnableExtendedIoctlSupport)
    		{
    			if (ValidateIOBufferSize (Irp, sizeof (BOOLEAN), ValidateOutput))
    			{
    				BOOLEAN *pbIsClustered = (BOOLEAN*) Irp->AssociatedIrp.SystemBuffer;
    
    				*pbIsClustered = FALSE;
    
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    				Irp->IoStatus.Information = sizeof (BOOLEAN);
    			}
    		}
    		break;
    
    	case IOCTL_VOLUME_GET_GPT_ATTRIBUTES:
    		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_VOLUME_GET_GPT_ATTRIBUTES)\n");
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (EnableExtendedIoctlSupport)
    		{
    			if (ValidateIOBufferSize (Irp, sizeof (VOLUME_GET_GPT_ATTRIBUTES_INFORMATION), ValidateOutput))
    			{
    				VOLUME_GET_GPT_ATTRIBUTES_INFORMATION *pGptAttr = (VOLUME_GET_GPT_ATTRIBUTES_INFORMATION*) Irp->AssociatedIrp.SystemBuffer;
    
    				pGptAttr->GptAttributes = 0; // we are MBR not GPT
    
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    				Irp->IoStatus.Information = sizeof (VOLUME_GET_GPT_ATTRIBUTES_INFORMATION);
    			}
    		}
    		break;
    
    	case IOCTL_UNKNOWN_WINDOWS10_EFS_ACCESS:
    		// This undocumented IOCTL is sent when handling EFS data
    		// We must return success otherwise EFS operations fail
    		Dump ("ProcessVolumeDeviceControlIrp (unknown IOCTL 0x%.8X, OutputBufferLength = %d). Returning fake success\n", irpSp->Parameters.DeviceIoControl.IoControlCode, (int) irpSp->Parameters.DeviceIoControl.OutputBufferLength);
    		Irp->IoStatus.Status = STATUS_SUCCESS;
    		Irp->IoStatus.Information = 0;
    
    		break;
    
    	case IOCTL_DISK_UPDATE_PROPERTIES:
    		Dump ("ProcessVolumeDeviceControlIrp: returning STATUS_SUCCESS for IOCTL_DISK_UPDATE_PROPERTIES\n");
    		Irp->IoStatus.Status = STATUS_SUCCESS;
    		Irp->IoStatus.Information = 0;
    
    		break;
    
    	case IOCTL_DISK_MEDIA_REMOVAL:
    	case IOCTL_STORAGE_MEDIA_REMOVAL:
    		Dump ("ProcessVolumeDeviceControlIrp: returning STATUS_SUCCESS for %ls\n", TCTranslateCode (irpSp->Parameters.DeviceIoControl.IoControlCode));
    		Irp->IoStatus.Status = STATUS_SUCCESS;
    		Irp->IoStatus.Information = 0;
    
    		break;
    
    	case IOCTL_DISK_GET_CLUSTER_INFO:
    		Dump ("ProcessVolumeDeviceControlIrp: returning STATUS_NOT_SUPPORTED for %ls\n", TCTranslateCode (irpSp->Parameters.DeviceIoControl.IoControlCode));
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (EnableExtendedIoctlSupport)
    		{
    			Irp->IoStatus.Status = STATUS_NOT_SUPPORTED;
    			Irp->IoStatus.Information = 0;
    		}
    		break;
    
    	case IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES:
    		Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES\n");
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;
    		if (Extension->bRawDevice && Extension->TrimEnabled)
    		{
    			if (ValidateIOBufferSize (Irp, sizeof (DEVICE_MANAGE_DATA_SET_ATTRIBUTES), ValidateInput))
    			{
    				PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
    				DWORD inputLength = irpSp->Parameters.DeviceIoControl.InputBufferLength;
    				PDEVICE_MANAGE_DATA_SET_ATTRIBUTES pInputAttrs = (PDEVICE_MANAGE_DATA_SET_ATTRIBUTES) Irp->AssociatedIrp.SystemBuffer;
    				DEVICE_DATA_MANAGEMENT_SET_ACTION action = pInputAttrs->Action;
    				BOOL bEntireSet = pInputAttrs->Flags & DEVICE_DSM_FLAG_ENTIRE_DATA_SET_RANGE? TRUE : FALSE;
    				ULONGLONG minSizedataSet = (ULONGLONG) pInputAttrs->DataSetRangesOffset + (ULONGLONG) pInputAttrs->DataSetRangesLength;
    				ULONGLONG minSizeParameter = (ULONGLONG) pInputAttrs->ParameterBlockOffset + (ULONGLONG) pInputAttrs->ParameterBlockLength;
    				ULONGLONG minSizeGeneric = sizeof(DEVICE_MANAGE_DATA_SET_ATTRIBUTES) + (ULONGLONG) pInputAttrs->ParameterBlockLength + (ULONGLONG) pInputAttrs->DataSetRangesLength;
    				PDEVICE_MANAGE_DATA_SET_ATTRIBUTES pNewSetAttrs = NULL;
    				ULONG ulNewInputLength = 0;
    				BOOL bForwardIoctl = FALSE;
    
    				if (inputLength >= minSizeGeneric && inputLength >= minSizedataSet && inputLength >= minSizeParameter)
    				{
    					if (bEntireSet)
    					{
    						if (minSizedataSet)
    						{
    							Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DEVICE_DSM_FLAG_ENTIRE_DATA_SET_RANGE set but data set range specified=> Error.\n");
    							Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    							Irp->IoStatus.Information = 0;
    						}
    						else
    						{
    							DWORD dwDataSetOffset = ALIGN_VALUE (inputLength, sizeof(DEVICE_DATA_SET_RANGE));
    							DWORD dwDataSetLength = sizeof(DEVICE_DATA_SET_RANGE);
    
    							Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DEVICE_DSM_FLAG_ENTIRE_DATA_SET_RANGE set. Setting data range to all volume.\n");
    
    							ulNewInputLength = dwDataSetOffset + dwDataSetLength;
    							pNewSetAttrs = (PDEVICE_MANAGE_DATA_SET_ATTRIBUTES) TCalloc (ulNewInputLength);
    							if (pNewSetAttrs)
    							{
    								PDEVICE_DATA_SET_RANGE pRange = (PDEVICE_DATA_SET_RANGE) (((unsigned char*) pNewSetAttrs) + dwDataSetOffset);
    
    								memcpy (pNewSetAttrs, pInputAttrs, inputLength);
    
    								pRange->StartingOffset = (ULONGLONG) Extension->cryptoInfo->hiddenVolume ? Extension->cryptoInfo->hiddenVolumeOffset : Extension->cryptoInfo->volDataAreaOffset;
    								pRange->LengthInBytes = Extension->DiskLength;
    
    								pNewSetAttrs->Size = sizeof(DEVICE_MANAGE_DATA_SET_ATTRIBUTES);
    								pNewSetAttrs->Action = action;
    								pNewSetAttrs->Flags = pInputAttrs->Flags & (~DEVICE_DSM_FLAG_ENTIRE_DATA_SET_RANGE);
    								pNewSetAttrs->ParameterBlockOffset = pInputAttrs->ParameterBlockOffset;
    								pNewSetAttrs->ParameterBlockLength = pInputAttrs->ParameterBlockLength;
    								pNewSetAttrs->DataSetRangesOffset = dwDataSetOffset;
    								pNewSetAttrs->DataSetRangesLength = dwDataSetLength;
    
    								bForwardIoctl = TRUE;
    							}
    							else
    							{
    								Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - Failed to allocate memory.\n");
    								Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
    								Irp->IoStatus.Information = 0;
    							}
    						}
    					}
    					else
    					{						
    						Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - creating new data set range from input range.\n");
    						ulNewInputLength = inputLength;
    						pNewSetAttrs = (PDEVICE_MANAGE_DATA_SET_ATTRIBUTES) TCalloc (inputLength);
    						if (pNewSetAttrs)
    						{
    							PDEVICE_DATA_SET_RANGE pNewRanges = (PDEVICE_DATA_SET_RANGE) (((unsigned char*) pNewSetAttrs) + pInputAttrs->DataSetRangesOffset);
    							PDEVICE_DATA_SET_RANGE pInputRanges = (PDEVICE_DATA_SET_RANGE) (((unsigned char*) pInputAttrs) + pInputAttrs->DataSetRangesOffset);
    							DWORD dwInputRangesCount = 0, dwNewRangesCount = 0, i;
    							ULONGLONG ullStartingOffset, ullNewOffset, ullEndOffset;
    							HRESULT hResult;
    
    							memcpy (pNewSetAttrs, pInputAttrs, inputLength);
    
    							dwInputRangesCount = pInputAttrs->DataSetRangesLength / sizeof(DEVICE_DATA_SET_RANGE);
    
    							for (i = 0; i < dwInputRangesCount; i++)
    							{
    								ullStartingOffset = (ULONGLONG) pInputRanges[i].StartingOffset;
    								hResult = ULongLongAdd(ullStartingOffset,
    									(ULONGLONG) Extension->cryptoInfo->hiddenVolume ? Extension->cryptoInfo->hiddenVolumeOffset : Extension->cryptoInfo->volDataAreaOffset,
    									&ullNewOffset);
    								if (hResult != S_OK)
    									continue;
    								else if (S_OK != ULongLongAdd(ullStartingOffset, (ULONGLONG) pInputRanges[i].LengthInBytes, &ullEndOffset))
    									continue;
    								else if (ullEndOffset > (ULONGLONG) Extension->DiskLength)
    									continue;
    								else if (ullNewOffset > 0)
    								{
    									pNewRanges[dwNewRangesCount].StartingOffset = (LONGLONG) ullNewOffset;
    									pNewRanges[dwNewRangesCount].LengthInBytes = pInputRanges[i].LengthInBytes;
    
    									dwNewRangesCount++;
    								}
    							}
    
    							Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - %d valid range processed from %d range in input.\n", (int) dwNewRangesCount, (int) dwInputRangesCount);
    
    							pNewSetAttrs->DataSetRangesLength = dwNewRangesCount * sizeof (DEVICE_DATA_SET_RANGE);
    
    							bForwardIoctl = TRUE;
    						}
    						else
    						{
    							Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - Failed to allocate memory.\n");
    							Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
    							Irp->IoStatus.Information = 0;
    						}
    					}
    				}
    				else
    				{
    					Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - buffer containing DEVICE_MANAGE_DATA_SET_ATTRIBUTES has invalid length.\n");
    					Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    					Irp->IoStatus.Information = 0;
    				}
    
    
    				if (bForwardIoctl)
    				{
    					if (action == DeviceDsmAction_Trim)
    					{
    						Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_Trim.\n");
    
    						if (Extension->cryptoInfo->hiddenVolume || !AllowTrimCommand)
    						{
    							Dump ("ProcessVolumeDeviceControlIrp: TRIM command filtered\n");
    							Irp->IoStatus.Status = STATUS_SUCCESS;
    							Irp->IoStatus.Information = 0;
    						}
    						else
    						{
    							IO_STATUS_BLOCK IoStatus;
    							Dump ("ProcessVolumeDeviceControlIrp: sending TRIM to device\n");
    							Irp->IoStatus.Status = ZwDeviceIoControlFile (
    								Extension->hDeviceFile,
    								NULL,
    								NULL,
    								NULL,
    								&IoStatus,
    								IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES,
    								(PVOID) pNewSetAttrs,
    								ulNewInputLength,
    								NULL,
    								0);
    							Dump ("ProcessVolumeDeviceControlIrp: ZwDeviceIoControlFile returned 0x%.8X\n", (DWORD) Irp->IoStatus.Status);
    							if (Irp->IoStatus.Status == STATUS_SUCCESS)
    							{
    								Irp->IoStatus.Status = IoStatus.Status;
    								Irp->IoStatus.Information = IoStatus.Information;
    							}
    							else
    								Irp->IoStatus.Information = 0;
    						}						
    					}
    					else
    					{
    						switch (action)
    						{
    							case DeviceDsmAction_Notification: Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_Notification\n"); break;
    							case DeviceDsmAction_OffloadRead: Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_OffloadRead\n"); break;
    							case DeviceDsmAction_OffloadWrite: Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_OffloadWrite\n"); break;
    							case DeviceDsmAction_Allocation: Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_Allocation\n"); break;
    							case DeviceDsmAction_Scrub: Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_Scrub\n"); break;
    							case DeviceDsmAction_DrtQuery: Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_DrtQuery\n"); break;
    							case DeviceDsmAction_DrtClear: Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_DrtClear\n"); break;
    							case DeviceDsmAction_DrtDisable: Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_DrtDisable\n"); break;
    							default: Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - unknown action %d\n", (int) action); break;
    						}
    					
    					}
    				}
    
    				if (pNewSetAttrs)
    					TCfree (pNewSetAttrs);
    			}
    		}
    #if defined (DEBUG) || defined (DEBUG_TRACE)
    		else
    			Dump ("ProcessVolumeDeviceControlIrp: returning STATUS_INVALID_DEVICE_REQUEST for IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES\n");
    #endif
    		break;
    	
    	case IOCTL_STORAGE_CHECK_PRIORITY_HINT_SUPPORT:
    	case IOCTL_VOLUME_QUERY_ALLOCATION_HINT:
    	case FT_BALANCED_READ_MODE:
    	case IOCTL_STORAGE_GET_DEVICE_NUMBER:
    	case IOCTL_MOUNTDEV_LINK_CREATED:
    		Dump ("ProcessVolumeDeviceControlIrp: returning STATUS_INVALID_DEVICE_REQUEST for %ls\n", TCTranslateCode (irpSp->Parameters.DeviceIoControl.IoControlCode));
    		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    		Irp->IoStatus.Information = 0;		
    		break;
    	default:
    		Dump ("ProcessVolumeDeviceControlIrp (unknown code 0x%.8X)\n", irpSp->Parameters.DeviceIoControl.IoControlCode);
    		return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0);
    	}
    
    #if defined(DEBUG) || defined (DEBG_TRACE)
    	if (!NT_SUCCESS (Irp->IoStatus.Status))
    	{
    		Dump ("IOCTL error 0x%08x (0x%x %d)\n",
    			Irp->IoStatus.Status,
    			(int) (irpSp->Parameters.DeviceIoControl.IoControlCode >> 16),
    			(int) ((irpSp->Parameters.DeviceIoControl.IoControlCode & 0x1FFF) >> 2));
    	}
    #endif
    
    	return TCCompleteDiskIrp (Irp, Irp->IoStatus.Status, Irp->IoStatus.Information);
    }
    
    
    NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension, PIRP Irp)
    {
    	PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
    	NTSTATUS ntStatus;
    
    	switch (irpSp->Parameters.DeviceIoControl.IoControlCode)
    	{
    	case TC_IOCTL_GET_DRIVER_VERSION:
    	case TC_IOCTL_LEGACY_GET_DRIVER_VERSION:
    		if (ValidateIOBufferSize (Irp, sizeof (LONG), ValidateOutput))
    		{
    			LONG tmp = VERSION_NUM;
    			memcpy (Irp->AssociatedIrp.SystemBuffer, &tmp, 4);
    			Irp->IoStatus.Information = sizeof (LONG);
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    		}
    		break;
    
    	case TC_IOCTL_GET_DEVICE_REFCOUNT:
    		if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput))
    		{
    			*(int *) Irp->AssociatedIrp.SystemBuffer = DeviceObject->ReferenceCount;
    			Irp->IoStatus.Information = sizeof (int);
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    		}
    		break;
    
    	case TC_IOCTL_IS_DRIVER_UNLOAD_DISABLED:
    		if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput))
    		{
    			LONG deviceObjectCount = 0;
    
    			*(int *) Irp->AssociatedIrp.SystemBuffer = DriverUnloadDisabled;
    
    			if (IoEnumerateDeviceObjectList (TCDriverObject, NULL, 0, &deviceObjectCount) == STATUS_BUFFER_TOO_SMALL && deviceObjectCount > 1)
    				*(int *) Irp->AssociatedIrp.SystemBuffer = TRUE;
    
    			Irp->IoStatus.Information = sizeof (int);
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    		}
    		break;
    
    	case TC_IOCTL_IS_ANY_VOLUME_MOUNTED:
    		if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput))
    		{
    			int drive;
    			*(int *) Irp->AssociatedIrp.SystemBuffer = 0;
    
    			for (drive = MIN_MOUNTED_VOLUME_DRIVE_NUMBER; drive <= MAX_MOUNTED_VOLUME_DRIVE_NUMBER; ++drive)
    			{
    				if (GetVirtualVolumeDeviceObject (drive))
    				{
    					*(int *) Irp->AssociatedIrp.SystemBuffer = 1;
    					break;
    				}
    			}
    
    			if (IsBootDriveMounted())
    				*(int *) Irp->AssociatedIrp.SystemBuffer = 1;
    
    			Irp->IoStatus.Information = sizeof (int);
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    		}
    		break;
    
    	case TC_IOCTL_OPEN_TEST:
    		{
    			OPEN_TEST_STRUCT *opentest = (OPEN_TEST_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
    			OBJECT_ATTRIBUTES ObjectAttributes;
    			HANDLE NtFileHandle;
    			UNICODE_STRING FullFileName;
    			IO_STATUS_BLOCK IoStatus;
    			LARGE_INTEGER offset;
    			ACCESS_MASK access = FILE_READ_ATTRIBUTES;
    
    			if (!ValidateIOBufferSize (Irp, sizeof (OPEN_TEST_STRUCT), ValidateInputOutput))
    				break;
    
    			EnsureNullTerminatedString (opentest->wszFileName, sizeof (opentest->wszFileName));
    			RtlInitUnicodeString (&FullFileName, opentest->wszFileName);
    
    			InitializeObjectAttributes (&ObjectAttributes, &FullFileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
    
    			if (opentest->bDetectTCBootLoader || opentest->DetectFilesystem || opentest->bComputeVolumeIDs)
    				access |= FILE_READ_DATA;
    
    			ntStatus = ZwCreateFile (&NtFileHandle,
    						 SYNCHRONIZE | access, &ObjectAttributes, &IoStatus, NULL,
    						 0, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
    
    			if (NT_SUCCESS (ntStatus))
    			{
    				opentest->TCBootLoaderDetected = FALSE;
    				opentest->FilesystemDetected = FALSE;
    				memset (opentest->VolumeIDComputed, 0, sizeof (opentest->VolumeIDComputed));
    				memset (opentest->volumeIDs, 0, sizeof (opentest->volumeIDs));
    
    				if (opentest->bDetectTCBootLoader || opentest->DetectFilesystem || opentest->bComputeVolumeIDs)
    				{
    					byte *readBuffer = TCalloc (TC_MAX_VOLUME_SECTOR_SIZE);
    					if (!readBuffer)
    					{
    						ntStatus = STATUS_INSUFFICIENT_RESOURCES;
    					}
    					else
    					{
    						if (opentest->bDetectTCBootLoader || opentest->DetectFilesystem)
    						{
    							// Determine if the first sector contains a portion of the VeraCrypt Boot Loader
    
    							offset.QuadPart = 0;
    
    							ntStatus = ZwReadFile (NtFileHandle,
    								NULL,
    								NULL,
    								NULL,
    								&IoStatus,
    								readBuffer,
    								TC_MAX_VOLUME_SECTOR_SIZE,
    								&offset,
    								NULL);
    
    							if (NT_SUCCESS (ntStatus))
    							{
    								size_t i;
    
    								if (opentest->bDetectTCBootLoader && IoStatus.Information >= TC_SECTOR_SIZE_BIOS)
    								{
    									// Search for the string "VeraCrypt"
    									for (i = 0; i < TC_SECTOR_SIZE_BIOS - strlen (TC_APP_NAME); ++i)
    									{
    										if (memcmp (readBuffer + i, TC_APP_NAME, strlen (TC_APP_NAME)) == 0)
    										{
    											opentest->TCBootLoaderDetected = TRUE;
    											break;
    										}
    									}
    								}
    
    								if (opentest->DetectFilesystem && IoStatus.Information >= sizeof (int64))
    								{
    									switch (BE64 (*(uint64 *) readBuffer))
    									{
    									case 0xEB52904E54465320ULL: // NTFS
    									case 0xEB3C904D53444F53ULL: // FAT16/FAT32
    									case 0xEB58904D53444F53ULL: // FAT32
    									case 0xEB76904558464154ULL: // exFAT
    									case 0x0000005265465300ULL: // ReFS
    									case 0xEB58906D6B66732EULL: // FAT32 mkfs.fat
    									case 0xEB58906D6B646F73ULL: // FAT32 mkfs.vfat/mkdosfs
    									case 0xEB3C906D6B66732EULL: // FAT16/FAT12 mkfs.fat
    									case 0xEB3C906D6B646F73ULL: // FAT16/FAT12 mkfs.vfat/mkdosfs
    										opentest->FilesystemDetected = TRUE;
    										break;
    									case 0x0000000000000000ULL:
    										// all 512 bytes are zeroes => unencrypted filesystem like Microsoft reserved partition
    										if (IsAllZeroes (readBuffer + 8, TC_VOLUME_HEADER_EFFECTIVE_SIZE - 8))
    											opentest->FilesystemDetected = TRUE;
    										break;
    									}
    								}
    							}
    						}
    
    						if (opentest->bComputeVolumeIDs && (!opentest->DetectFilesystem || !opentest->FilesystemDetected))
    						{
    							int volumeType;
    							// Go through all volume types (e.g., normal, hidden)
    							for (volumeType = TC_VOLUME_TYPE_NORMAL;
    								volumeType < TC_VOLUME_TYPE_COUNT;
    								volumeType++)
    							{
    								/* Read the volume header */
    								switch (volumeType)
    								{
    								case TC_VOLUME_TYPE_NORMAL:
    									offset.QuadPart = TC_VOLUME_HEADER_OFFSET;
    									break;
    
    								case TC_VOLUME_TYPE_HIDDEN:
    
    									offset.QuadPart = TC_HIDDEN_VOLUME_HEADER_OFFSET;
    									break;
    								}
    
    								ntStatus = ZwReadFile (NtFileHandle,
    								NULL,
    								NULL,
    								NULL,
    								&IoStatus,
    								readBuffer,
    								TC_MAX_VOLUME_SECTOR_SIZE,
    								&offset,
    								NULL);
    
    								if (NT_SUCCESS (ntStatus))
    								{
    									/* compute the ID of this volume: SHA-256 of the effective header */
    									sha256 (opentest->volumeIDs[volumeType], readBuffer, TC_VOLUME_HEADER_EFFECTIVE_SIZE);
    									opentest->VolumeIDComputed[volumeType] = TRUE;
    								}
    							}
    						}
    
    						TCfree (readBuffer);
    					}
    				}
    
    				ZwClose (NtFileHandle);
    				Dump ("Open test on file %ls success.\n", opentest->wszFileName);
    			}
    			else
    			{
    #if 0
    				Dump ("Open test on file %ls failed NTSTATUS 0x%08x\n", opentest->wszFileName, ntStatus);
    #endif
    			}
    
    			Irp->IoStatus.Information = NT_SUCCESS (ntStatus) ? sizeof (OPEN_TEST_STRUCT) : 0;
    			Irp->IoStatus.Status = ntStatus;
    		}
    		break;
    
    	case TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG:
    		{
    			GetSystemDriveConfigurationRequest *request = (GetSystemDriveConfigurationRequest *) Irp->AssociatedIrp.SystemBuffer;
    			OBJECT_ATTRIBUTES ObjectAttributes;
    			HANDLE NtFileHandle;
    			UNICODE_STRING FullFileName;
    			IO_STATUS_BLOCK IoStatus;
    			LARGE_INTEGER offset;
    			byte readBuffer [TC_SECTOR_SIZE_BIOS];
    
    			if (!ValidateIOBufferSize (Irp, sizeof (GetSystemDriveConfigurationRequest), ValidateInputOutput))
    				break;
    
    			EnsureNullTerminatedString (request->DevicePath, sizeof (request->DevicePath));
    			RtlInitUnicodeString (&FullFileName, request->DevicePath);
    
    			InitializeObjectAttributes (&ObjectAttributes, &FullFileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
    
    			ntStatus = ZwCreateFile (&NtFileHandle,
    				SYNCHRONIZE | GENERIC_READ, &ObjectAttributes, &IoStatus, NULL,
    				FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT | FILE_RANDOM_ACCESS, NULL, 0);
    
    			if (NT_SUCCESS (ntStatus))
    			{
    				// Determine if the first sector contains a portion of the VeraCrypt Boot Loader
    				offset.QuadPart = 0;	// MBR
    
    				ntStatus = ZwReadFile (NtFileHandle,
    					NULL,
    					NULL,
    					NULL,
    					&IoStatus,
    					readBuffer,
    					sizeof(readBuffer),
    					&offset,
    					NULL);
    
    				if (NT_SUCCESS (ntStatus))
    				{
    					size_t i;
    
    					// Check for dynamic drive
    					request->DriveIsDynamic = FALSE;
    
    					if (readBuffer[510] == 0x55 && readBuffer[511] == 0xaa)
    					{
    						int i;
    						for (i = 0; i < 4; ++i)
    						{
    							if (readBuffer[446 + i * 16 + 4] == PARTITION_LDM)
    							{
    								request->DriveIsDynamic = TRUE;
    								break;
    							}
    						}
    					}
    
    					request->BootLoaderVersion = 0;
    					request->Configuration = 0;
    					request->UserConfiguration = 0;
    					request->CustomUserMessage[0] = 0;
    
    					// Search for the string "VeraCrypt"
    					for (i = 0; i < sizeof (readBuffer) - strlen (TC_APP_NAME); ++i)
    					{
    						if (memcmp (readBuffer + i, TC_APP_NAME, strlen (TC_APP_NAME)) == 0)
    						{
    							request->BootLoaderVersion = BE16 (*(uint16 *) (readBuffer + TC_BOOT_SECTOR_VERSION_OFFSET));
    							request->Configuration = readBuffer[TC_BOOT_SECTOR_CONFIG_OFFSET];
    
    							if (request->BootLoaderVersion != 0 && request->BootLoaderVersion <= VERSION_NUM)
    							{
    								request->UserConfiguration = readBuffer[TC_BOOT_SECTOR_USER_CONFIG_OFFSET];
    								memcpy (request->CustomUserMessage, readBuffer + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH);
    							}
    							break;
    						}
    					}
    
    					Irp->IoStatus.Status = STATUS_SUCCESS;
    					Irp->IoStatus.Information = sizeof (*request);
    				}
    				else
    				{
    					Irp->IoStatus.Status = ntStatus;
    					Irp->IoStatus.Information = 0;
    				}
    
    				ZwClose (NtFileHandle);
    
    			}
    			else
    			{
    				Irp->IoStatus.Status = ntStatus;
    				Irp->IoStatus.Information = 0;
    			}
    		}
    		break;
    
    	case TC_IOCTL_WIPE_PASSWORD_CACHE:
    		WipeCache ();
    
    		Irp->IoStatus.Status = STATUS_SUCCESS;
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_GET_PASSWORD_CACHE_STATUS:
    		Irp->IoStatus.Status = cacheEmpty ? STATUS_PIPE_EMPTY : STATUS_SUCCESS;
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_SET_PORTABLE_MODE_STATUS:
    		if (!UserCanAccessDriveDevice())
    		{
    			Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
    			Irp->IoStatus.Information = 0;
    		}
    		else
    		{
    			PortableMode = TRUE;
    			Dump ("Setting portable mode\n");
    		}
    		break;
    
    	case TC_IOCTL_GET_PORTABLE_MODE_STATUS:
    		Irp->IoStatus.Status = PortableMode ? STATUS_SUCCESS : STATUS_PIPE_EMPTY;
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_GET_MOUNTED_VOLUMES:
    
    		if (ValidateIOBufferSize (Irp, sizeof (MOUNT_LIST_STRUCT), ValidateOutput))
    		{
    			MOUNT_LIST_STRUCT *list = (MOUNT_LIST_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
    			PDEVICE_OBJECT ListDevice;
    			int drive;
    
    			list->ulMountedDrives = 0;
    
    			for (drive = MIN_MOUNTED_VOLUME_DRIVE_NUMBER; drive <= MAX_MOUNTED_VOLUME_DRIVE_NUMBER; ++drive)
    			{
    				PEXTENSION ListExtension;
    
    				ListDevice = GetVirtualVolumeDeviceObject (drive);
    				if (!ListDevice)
    					continue;
    
    				ListExtension = (PEXTENSION) ListDevice->DeviceExtension;
    				if (IsVolumeAccessibleByCurrentUser (ListExtension))
    				{
    					list->ulMountedDrives |= (1 << ListExtension->nDosDriveNo);
    					RtlStringCbCopyW (list->wszVolume[ListExtension->nDosDriveNo], sizeof(list->wszVolume[ListExtension->nDosDriveNo]),ListExtension->wszVolume);
    					RtlStringCbCopyW (list->wszLabel[ListExtension->nDosDriveNo], sizeof(list->wszLabel[ListExtension->nDosDriveNo]),ListExtension->wszLabel);
    					memcpy (list->volumeID[ListExtension->nDosDriveNo], ListExtension->volumeID, VOLUME_ID_SIZE);
    					list->diskLength[ListExtension->nDosDriveNo] = ListExtension->DiskLength;
    					list->ea[ListExtension->nDosDriveNo] = ListExtension->cryptoInfo->ea;
    					if (ListExtension->cryptoInfo->hiddenVolume)
    						list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_HIDDEN;	// Hidden volume
    					else if (ListExtension->cryptoInfo->bHiddenVolProtectionAction)
    						list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_OUTER_VOL_WRITE_PREVENTED;	// Normal/outer volume (hidden volume protected AND write already prevented)
    					else if (ListExtension->cryptoInfo->bProtectHiddenVolume)
    						list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_OUTER;	// Normal/outer volume (hidden volume protected)
    					else
    						list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_NORMAL;	// Normal volume
    					list->truecryptMode[ListExtension->nDosDriveNo] = ListExtension->cryptoInfo->bTrueCryptMode;
    				}
    			}
    
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = sizeof (MOUNT_LIST_STRUCT);
    		}
    		break;
    
    	case TC_IOCTL_LEGACY_GET_MOUNTED_VOLUMES:
    		if (ValidateIOBufferSize (Irp, sizeof (uint32), ValidateOutput))
    		{
    			// Prevent the user from downgrading to versions lower than 5.0 by faking mounted volumes.
    			// The user could render the system unbootable by downgrading when boot encryption
    			// is active or being set up.
    
    			memset (Irp->AssociatedIrp.SystemBuffer, 0, irpSp->Parameters.DeviceIoControl.OutputBufferLength);
    			*(uint32 *) Irp->AssociatedIrp.SystemBuffer = 0xffffFFFF;
    
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    			Irp->IoStatus.Information = irpSp->Parameters.DeviceIoControl.OutputBufferLength;
    		}
    		break;
    
    	case TC_IOCTL_GET_VOLUME_PROPERTIES:
    		if (ValidateIOBufferSize (Irp, sizeof (VOLUME_PROPERTIES_STRUCT), ValidateInputOutput))
    		{
    			VOLUME_PROPERTIES_STRUCT *prop = (VOLUME_PROPERTIES_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
    			PDEVICE_OBJECT ListDevice = GetVirtualVolumeDeviceObject (prop->driveNo);
    
    			Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    			Irp->IoStatus.Information = 0;
    
    			if (ListDevice)
    			{
    				PEXTENSION ListExtension = (PEXTENSION) ListDevice->DeviceExtension;
    				if (IsVolumeAccessibleByCurrentUser (ListExtension))
    				{
    					prop->uniqueId = ListExtension->UniqueVolumeId;
    					RtlStringCbCopyW (prop->wszVolume, sizeof(prop->wszVolume),ListExtension->wszVolume);
    					RtlStringCbCopyW (prop->wszLabel, sizeof(prop->wszLabel),ListExtension->wszLabel);
    					memcpy (prop->volumeID, ListExtension->volumeID, VOLUME_ID_SIZE);
    					prop->bDriverSetLabel = ListExtension->bDriverSetLabel;
    					prop->diskLength = ListExtension->DiskLength;
    					prop->ea = ListExtension->cryptoInfo->ea;
    					prop->mode = ListExtension->cryptoInfo->mode;
    					prop->pkcs5 = ListExtension->cryptoInfo->pkcs5;
    					prop->pkcs5Iterations = ListExtension->cryptoInfo->noIterations;
    					prop->volumePim = ListExtension->cryptoInfo->volumePim;
    #if 0
    					prop->volumeCreationTime = ListExtension->cryptoInfo->volume_creation_time;
    					prop->headerCreationTime = ListExtension->cryptoInfo->header_creation_time;
    #endif
    					prop->volumeHeaderFlags = ListExtension->cryptoInfo->HeaderFlags;
    					prop->readOnly = ListExtension->bReadOnly;
    					prop->removable = ListExtension->bRemovable;
    					prop->partitionInInactiveSysEncScope = ListExtension->PartitionInInactiveSysEncScope;
    					prop->hiddenVolume = ListExtension->cryptoInfo->hiddenVolume;
    
    					if (ListExtension->cryptoInfo->bProtectHiddenVolume)
    						prop->hiddenVolProtection = ListExtension->cryptoInfo->bHiddenVolProtectionAction ? HIDVOL_PROT_STATUS_ACTION_TAKEN : HIDVOL_PROT_STATUS_ACTIVE;
    					else
    						prop->hiddenVolProtection = HIDVOL_PROT_STATUS_NONE;
    
    					prop->totalBytesRead = ListExtension->Queue.TotalBytesRead;
    					prop->totalBytesWritten = ListExtension->Queue.TotalBytesWritten;
    
    					prop->volFormatVersion = ListExtension->cryptoInfo->LegacyVolume ? TC_VOLUME_FORMAT_VERSION_PRE_6_0 : TC_VOLUME_FORMAT_VERSION;
    
    					Irp->IoStatus.Status = STATUS_SUCCESS;
    					Irp->IoStatus.Information = sizeof (VOLUME_PROPERTIES_STRUCT);
    				}
    			}
    		}
    		break;
    
    	case TC_IOCTL_GET_RESOLVED_SYMLINK:
    		if (ValidateIOBufferSize (Irp, sizeof (RESOLVE_SYMLINK_STRUCT), ValidateInputOutput))
    		{
    			RESOLVE_SYMLINK_STRUCT *resolve = (RESOLVE_SYMLINK_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
    			{
    				NTSTATUS ntStatus;
    
    				EnsureNullTerminatedString (resolve->symLinkName, sizeof (resolve->symLinkName));
    
    				ntStatus = SymbolicLinkToTarget (resolve->symLinkName,
    					resolve->targetName,
    					sizeof (resolve->targetName));
    
    				Irp->IoStatus.Information = sizeof (RESOLVE_SYMLINK_STRUCT);
    				Irp->IoStatus.Status = ntStatus;
    			}
    		}
    		break;
    
    	case TC_IOCTL_GET_DRIVE_PARTITION_INFO:
    		if (ValidateIOBufferSize (Irp, sizeof (DISK_PARTITION_INFO_STRUCT), ValidateInputOutput))
    		{
    			DISK_PARTITION_INFO_STRUCT *info = (DISK_PARTITION_INFO_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
    			{
    				PARTITION_INFORMATION_EX pi;
    				NTSTATUS ntStatus;
    
    				EnsureNullTerminatedString (info->deviceName, sizeof (info->deviceName));
    
    				ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &pi, sizeof (pi));
    				if (NT_SUCCESS(ntStatus))
    				{
    					memset (&info->partInfo, 0, sizeof (info->partInfo));
    
    					info->partInfo.PartitionLength = pi.PartitionLength;
    					info->partInfo.PartitionNumber = pi.PartitionNumber;
    					info->partInfo.StartingOffset = pi.StartingOffset;
    
    					if (pi.PartitionStyle == PARTITION_STYLE_MBR)
    					{
    						info->partInfo.PartitionType = pi.Mbr.PartitionType;
    						info->partInfo.BootIndicator = pi.Mbr.BootIndicator;
    					}
    
    					info->IsGPT = pi.PartitionStyle == PARTITION_STYLE_GPT;
    				}
    				else
    				{
    					// Windows 2000 does not support IOCTL_DISK_GET_PARTITION_INFO_EX
    					ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_PARTITION_INFO, NULL, 0, &info->partInfo, sizeof (info->partInfo));
    					info->IsGPT = FALSE;
    				}
    
    				if (!NT_SUCCESS (ntStatus))
    				{
    					GET_LENGTH_INFORMATION lengthInfo;
    					ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_LENGTH_INFO, NULL, 0, &lengthInfo, sizeof (lengthInfo));
    
    					if (NT_SUCCESS (ntStatus))
    					{
    						memset (&info->partInfo, 0, sizeof (info->partInfo));
    						info->partInfo.PartitionLength = lengthInfo.Length;
    					}
    				}
    
    				info->IsDynamic = FALSE;
    
    				if (NT_SUCCESS (ntStatus) && OsMajorVersion >= 6)
    				{
    #					define IOCTL_VOLUME_IS_DYNAMIC CTL_CODE(IOCTL_VOLUME_BASE, 18, METHOD_BUFFERED, FILE_ANY_ACCESS)
    					if (!NT_SUCCESS (TCDeviceIoControl (info->deviceName, IOCTL_VOLUME_IS_DYNAMIC, NULL, 0, &info->IsDynamic, sizeof (info->IsDynamic))))
    						info->IsDynamic = FALSE;
    				}
    
    				Irp->IoStatus.Information = sizeof (DISK_PARTITION_INFO_STRUCT);
    				Irp->IoStatus.Status = ntStatus;
    			}
    		}
    		break;
    
    	case TC_IOCTL_GET_DRIVE_GEOMETRY:
    		if (ValidateIOBufferSize (Irp, sizeof (DISK_GEOMETRY_STRUCT), ValidateInputOutput))
    		{
    			DISK_GEOMETRY_STRUCT *g = (DISK_GEOMETRY_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
    			{
    				NTSTATUS ntStatus;
    
    				EnsureNullTerminatedString (g->deviceName, sizeof (g->deviceName));
    				Dump ("Calling IOCTL_DISK_GET_DRIVE_GEOMETRY on %ls\n", g->deviceName);
    
    				ntStatus = TCDeviceIoControl (g->deviceName,
    					IOCTL_DISK_GET_DRIVE_GEOMETRY,
    					NULL, 0, &g->diskGeometry, sizeof (g->diskGeometry));
    
    				Irp->IoStatus.Information = sizeof (DISK_GEOMETRY_STRUCT);
    				Irp->IoStatus.Status = ntStatus;
    			}
    		}
    		break;
    
    	case VC_IOCTL_GET_DRIVE_GEOMETRY_EX:
    		if (ValidateIOBufferSize (Irp, sizeof (DISK_GEOMETRY_EX_STRUCT), ValidateInputOutput))
    		{
    			DISK_GEOMETRY_EX_STRUCT *g = (DISK_GEOMETRY_EX_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
    			{
    				NTSTATUS ntStatus;
    				PVOID buffer = TCalloc (256); // enough for DISK_GEOMETRY_EX and padded data
    				if (buffer)
    				{
    					EnsureNullTerminatedString (g->deviceName, sizeof (g->deviceName));
    					Dump ("Calling IOCTL_DISK_GET_DRIVE_GEOMETRY_EX on %ls\n", g->deviceName);
    
    					ntStatus = TCDeviceIoControl (g->deviceName,
    						IOCTL_DISK_GET_DRIVE_GEOMETRY_EX,
    						NULL, 0, buffer, 256);
    
    					if (NT_SUCCESS(ntStatus))
    					{
    						PDISK_GEOMETRY_EX pGeo = (PDISK_GEOMETRY_EX) buffer;
    						memcpy (&g->diskGeometry, &pGeo->Geometry, sizeof (DISK_GEOMETRY));
    						g->DiskSize.QuadPart = pGeo->DiskSize.QuadPart;
    					}
    					else
    					{
    						DISK_GEOMETRY dg = {0};
    						Dump ("Failed. Calling IOCTL_DISK_GET_DRIVE_GEOMETRY on %ls\n", g->deviceName);
    						ntStatus = TCDeviceIoControl (g->deviceName,
    							IOCTL_DISK_GET_DRIVE_GEOMETRY,
    							NULL, 0, &dg, sizeof (dg));
    
    						if (NT_SUCCESS(ntStatus))
    						{
    							memcpy (&g->diskGeometry, &dg, sizeof (DISK_GEOMETRY));
    							g->DiskSize.QuadPart = dg.Cylinders.QuadPart * dg.SectorsPerTrack * dg.TracksPerCylinder * dg.BytesPerSector;
    
    							if (OsMajorVersion >= 6)
    							{
    								STORAGE_READ_CAPACITY storage = {0};
    								NTSTATUS lStatus;
    								storage.Version = sizeof (STORAGE_READ_CAPACITY);
    								Dump ("Calling IOCTL_STORAGE_READ_CAPACITY on %ls\n", g->deviceName);
    								lStatus = TCDeviceIoControl (g->deviceName,
    									IOCTL_STORAGE_READ_CAPACITY,
    									NULL, 0, &storage, sizeof (STORAGE_READ_CAPACITY));
    								if (	NT_SUCCESS(lStatus)
    									&& (storage.Size == sizeof (STORAGE_READ_CAPACITY))
    									)
    								{
    									g->DiskSize.QuadPart = storage.DiskLength.QuadPart;
    								}
    							}
    						}
    					}
    
    					TCfree (buffer);
    
    					Irp->IoStatus.Information = sizeof (DISK_GEOMETRY_EX_STRUCT);
    					Irp->IoStatus.Status = ntStatus;
    				}
    				else
    				{
    					Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
    					Irp->IoStatus.Information = 0;
    				}
    			}
    		}
    		break;
    
    	case TC_IOCTL_PROBE_REAL_DRIVE_SIZE:
    		if (ValidateIOBufferSize (Irp, sizeof (ProbeRealDriveSizeRequest), ValidateInputOutput))
    		{
    			ProbeRealDriveSizeRequest *request = (ProbeRealDriveSizeRequest *) Irp->AssociatedIrp.SystemBuffer;
    			NTSTATUS status;
    			UNICODE_STRING name;
    			PFILE_OBJECT fileObject;
    			PDEVICE_OBJECT deviceObject;
    
    			EnsureNullTerminatedString (request->DeviceName, sizeof (request->DeviceName));
    
    			RtlInitUnicodeString (&name, request->DeviceName);
    			status = IoGetDeviceObjectPointer (&name, FILE_READ_ATTRIBUTES, &fileObject, &deviceObject);
    			if (!NT_SUCCESS (status))
    			{
    				Irp->IoStatus.Information = 0;
    				Irp->IoStatus.Status = status;
    				break;
    			}
    
    			status = ProbeRealDriveSize (deviceObject, &request->RealDriveSize);
    			ObDereferenceObject (fileObject);
    
    			if (status == STATUS_TIMEOUT)
    			{
    				request->TimeOut = TRUE;
    				Irp->IoStatus.Information = sizeof (ProbeRealDriveSizeRequest);
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    			}
    			else if (!NT_SUCCESS (status))
    			{
    				Irp->IoStatus.Information = 0;
    				Irp->IoStatus.Status = status;
    			}
    			else
    			{
    				request->TimeOut = FALSE;
    				Irp->IoStatus.Information = sizeof (ProbeRealDriveSizeRequest);
    				Irp->IoStatus.Status = status;
    			}
    		}
    		break;
    
    	case TC_IOCTL_MOUNT_VOLUME:
    		if (ValidateIOBufferSize (Irp, sizeof (MOUNT_STRUCT), ValidateInputOutput))
    		{
    			MOUNT_STRUCT *mount = (MOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
    
    			if (mount->VolumePassword.Length > MAX_PASSWORD || mount->ProtectedHidVolPassword.Length > MAX_PASSWORD
    				||	mount->pkcs5_prf < 0 || mount->pkcs5_prf > LAST_PRF_ID
    				||	mount->VolumePim < -1 || mount->VolumePim == INT_MAX
    				|| mount->ProtectedHidVolPkcs5Prf < 0 || mount->ProtectedHidVolPkcs5Prf > LAST_PRF_ID
    				|| (mount->bTrueCryptMode != FALSE && mount->bTrueCryptMode != TRUE)
    				)
    			{
    				Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    				Irp->IoStatus.Information = 0;
    				break;
    			}
    
    			EnsureNullTerminatedString (mount->wszVolume, sizeof (mount->wszVolume));
    			EnsureNullTerminatedString (mount->wszLabel, sizeof (mount->wszLabel));
    
    			Irp->IoStatus.Information = sizeof (MOUNT_STRUCT);
    			Irp->IoStatus.Status = MountDevice (DeviceObject, mount);
    
    			burn (&mount->VolumePassword, sizeof (mount->VolumePassword));
    			burn (&mount->ProtectedHidVolPassword, sizeof (mount->ProtectedHidVolPassword));
    			burn (&mount->pkcs5_prf, sizeof (mount->pkcs5_prf));
    			burn (&mount->VolumePim, sizeof (mount->VolumePim));
    			burn (&mount->bTrueCryptMode, sizeof (mount->bTrueCryptMode));
    			burn (&mount->ProtectedHidVolPkcs5Prf, sizeof (mount->ProtectedHidVolPkcs5Prf));
    			burn (&mount->ProtectedHidVolPim, sizeof (mount->ProtectedHidVolPim));
    		}
    		break;
    
    	case TC_IOCTL_DISMOUNT_VOLUME:
    		if (ValidateIOBufferSize (Irp, sizeof (UNMOUNT_STRUCT), ValidateInputOutput))
    		{
    			UNMOUNT_STRUCT *unmount = (UNMOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
    			PDEVICE_OBJECT ListDevice = GetVirtualVolumeDeviceObject (unmount->nDosDriveNo);
    
    			unmount->nReturnCode = ERR_DRIVE_NOT_FOUND;
    
    			if (ListDevice)
    			{
    				PEXTENSION ListExtension = (PEXTENSION) ListDevice->DeviceExtension;
    
    				if (IsVolumeAccessibleByCurrentUser (ListExtension))
    					unmount->nReturnCode = UnmountDevice (unmount, ListDevice, unmount->ignoreOpenFiles);
    			}
    
    			Irp->IoStatus.Information = sizeof (UNMOUNT_STRUCT);
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    		}
    		break;
    
    	case TC_IOCTL_DISMOUNT_ALL_VOLUMES:
    		if (ValidateIOBufferSize (Irp, sizeof (UNMOUNT_STRUCT), ValidateInputOutput))
    		{
    			UNMOUNT_STRUCT *unmount = (UNMOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
    
    			unmount->nReturnCode = UnmountAllDevices (unmount, unmount->ignoreOpenFiles);
    
    			Irp->IoStatus.Information = sizeof (UNMOUNT_STRUCT);
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    		}
    		break;
    
    	case TC_IOCTL_BOOT_ENCRYPTION_SETUP:
    		Irp->IoStatus.Status = StartBootEncryptionSetup (DeviceObject, Irp, irpSp);
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP:
    		Irp->IoStatus.Status = AbortBootEncryptionSetup();
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS:
    		GetBootEncryptionStatus (Irp, irpSp);
    		break;
    
    	case TC_IOCTL_GET_BOOT_ENCRYPTION_SETUP_RESULT:
    		Irp->IoStatus.Information = 0;
    		Irp->IoStatus.Status = GetSetupResult();
    		break;
    
    	case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES:
    		GetBootDriveVolumeProperties (Irp, irpSp);
    		break;
    
    	case TC_IOCTL_GET_BOOT_LOADER_VERSION:
    		GetBootLoaderVersion (Irp, irpSp);
    		break;
    
    	case TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER:
    		ReopenBootVolumeHeader (Irp, irpSp);
    		break;
    
    	case VC_IOCTL_GET_BOOT_LOADER_FINGERPRINT:
    		GetBootLoaderFingerprint (Irp, irpSp);
    		break;
    
    	case TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME:
    		GetBootEncryptionAlgorithmName (Irp, irpSp);
    		break;
    
    	case TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING:
    		if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput))
    		{
    			*(int *) Irp->AssociatedIrp.SystemBuffer = IsHiddenSystemRunning() ? 1 : 0;
    			Irp->IoStatus.Information = sizeof (int);
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    		}
    		break;
    
    	case TC_IOCTL_START_DECOY_SYSTEM_WIPE:
    		Irp->IoStatus.Status = StartDecoySystemWipe (DeviceObject, Irp, irpSp);
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE:
    		Irp->IoStatus.Status = AbortDecoySystemWipe();
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_GET_DECOY_SYSTEM_WIPE_RESULT:
    		Irp->IoStatus.Status = GetDecoySystemWipeResult();
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS:
    		GetDecoySystemWipeStatus (Irp, irpSp);
    		break;
    
    	case TC_IOCTL_WRITE_BOOT_DRIVE_SECTOR:
    		Irp->IoStatus.Status = WriteBootDriveSector (Irp, irpSp);
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_GET_WARNING_FLAGS:
    		if (ValidateIOBufferSize (Irp, sizeof (GetWarningFlagsRequest), ValidateOutput))
    		{
    			GetWarningFlagsRequest *flags = (GetWarningFlagsRequest *) Irp->AssociatedIrp.SystemBuffer;
    
    			flags->PagingFileCreationPrevented = PagingFileCreationPrevented;
    			PagingFileCreationPrevented = FALSE;
    			flags->SystemFavoriteVolumeDirty = SystemFavoriteVolumeDirty;
    			SystemFavoriteVolumeDirty = FALSE;
    
    			Irp->IoStatus.Information = sizeof (GetWarningFlagsRequest);
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    		}
    		break;
    
    	case TC_IOCTL_SET_SYSTEM_FAVORITE_VOLUME_DIRTY:
    		if (UserCanAccessDriveDevice())
    		{
    			SystemFavoriteVolumeDirty = TRUE;
    			Irp->IoStatus.Status = STATUS_SUCCESS;
    		}
    		else
    			Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
    
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_REREAD_DRIVER_CONFIG:
    		Irp->IoStatus.Status = ReadRegistryConfigFlags (FALSE);
    		Irp->IoStatus.Information = 0;
    		break;
    
    	case TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG:
    		if (	(ValidateIOBufferSize (Irp, sizeof (GetSystemDriveDumpConfigRequest), ValidateOutput))
    			&&	(Irp->RequestorMode == KernelMode)
    			)
    		{
    			GetSystemDriveDumpConfigRequest *request = (GetSystemDriveDumpConfigRequest *) Irp->AssociatedIrp.SystemBuffer;
    
    			request->BootDriveFilterExtension = GetBootDriveFilterExtension();
    			if (IsBootDriveMounted() && request->BootDriveFilterExtension)
    			{
    				request->HwEncryptionEnabled = IsHwEncryptionEnabled();
    				Irp->IoStatus.Status = STATUS_SUCCESS;
    				Irp->IoStatus.Information = sizeof (*request);
    			}
    			else
    			{
    				Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    				Irp->IoStatus.Information = 0;
    			}
    		}
    		break;
    
    	default:
    		return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0);
    	}
    
    
    #if defined(DEBUG) || defined(DEBUG_TRACE)
    	if (!NT_SUCCESS (Irp->IoStatus.Status))
    	{
    		switch (irpSp->Parameters.DeviceIoControl.IoControlCode)
    		{
    		case TC_IOCTL_GET_MOUNTED_VOLUMES:
    		case TC_IOCTL_GET_PASSWORD_CACHE_STATUS:
    		case TC_IOCTL_GET_PORTABLE_MODE_STATUS:
    		case TC_IOCTL_SET_PORTABLE_MODE_STATUS:
    		case TC_IOCTL_OPEN_TEST:
    		case TC_IOCTL_GET_RESOLVED_SYMLINK:
    		case TC_IOCTL_GET_DRIVE_PARTITION_INFO:
    		case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES:
    		case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS:
    		case TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING:
    			break;
    
    		default:
    			Dump ("IOCTL error 0x%08x\n", Irp->IoStatus.Status);
    		}
    	}
    #endif
    
    	return TCCompleteIrp (Irp, Irp->IoStatus.Status, Irp->IoStatus.Information);
    }
    
    
    NTSTATUS TCStartThread (PKSTART_ROUTINE threadProc, PVOID threadArg, PKTHREAD *kThread)
    {
    	return TCStartThreadInProcess (threadProc, threadArg, kThread, NULL);
    }
    
    
    NTSTATUS TCStartThreadInProcess (PKSTART_ROUTINE threadProc, PVOID threadArg, PKTHREAD *kThread, PEPROCESS process)
    {
    	NTSTATUS status;
    	HANDLE threadHandle;
    	HANDLE processHandle = NULL;
    	OBJECT_ATTRIBUTES threadObjAttributes;
    
    	if (process)
    	{
    		status = ObOpenObjectByPointer (process, OBJ_KERNEL_HANDLE, NULL, 0, NULL, KernelMode, &processHandle);
    		if (!NT_SUCCESS (status))
    			return status;
    	}
    
    	InitializeObjectAttributes (&threadObjAttributes, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
    
    	status = PsCreateSystemThread (&threadHandle, THREAD_ALL_ACCESS, &threadObjAttributes, processHandle, NULL, threadProc, threadArg);
    	if (!NT_SUCCESS (status))
    		return status;
    
    	status = ObReferenceObjectByHandle (threadHandle, THREAD_ALL_ACCESS, NULL, KernelMode, (PVOID *) kThread, NULL);
    	if (!NT_SUCCESS (status))
    	{
    		ZwClose (threadHandle);
    		*kThread = NULL;
    		return status;
    	}
    
    	if (processHandle)
    		ZwClose (processHandle);
    
    	ZwClose (threadHandle);
    	return STATUS_SUCCESS;
    }
    
    
    void TCStopThread (PKTHREAD kThread, PKEVENT wakeUpEvent)
    {
    	if (wakeUpEvent)
    		KeSetEvent (wakeUpEvent, 0, FALSE);
    
    	KeWaitForSingleObject (kThread, Executive, KernelMode, FALSE, NULL);
    	ObDereferenceObject (kThread);
    }
    
    
    NTSTATUS TCStartVolumeThread (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension, MOUNT_STRUCT * mount)
    {
    	PTHREAD_BLOCK pThreadBlock = TCalloc (sizeof (THREAD_BLOCK));
    	HANDLE hThread;
    	NTSTATUS ntStatus;
    	OBJECT_ATTRIBUTES threadObjAttributes;
    	SECURITY_QUALITY_OF_SERVICE qos;
    
    	Dump ("Starting thread...\n");
    
    	if (pThreadBlock == NULL)
    	{
    		return STATUS_INSUFFICIENT_RESOURCES;
    	}
    	else
    	{
    		pThreadBlock->DeviceObject = DeviceObject;
    		pThreadBlock->mount = mount;
    	}
    
    	qos.Length = sizeof (qos);
    	qos.ContextTrackingMode = SECURITY_STATIC_TRACKING;
    	qos.EffectiveOnly = TRUE;
    	qos.ImpersonationLevel = SecurityImpersonation;
    
    	ntStatus = SeCreateClientSecurity (PsGetCurrentThread(), &qos, FALSE, &Extension->SecurityClientContext);
    	if (!NT_SUCCESS (ntStatus))
    		goto ret;
    
    	Extension->SecurityClientContextValid = TRUE;
    
    	Extension->bThreadShouldQuit = FALSE;
    
    	InitializeObjectAttributes (&threadObjAttributes, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
    
    	ntStatus = PsCreateSystemThread (&hThread,
    					 THREAD_ALL_ACCESS,
    					 &threadObjAttributes,
    					 NULL,
    					 NULL,
    					 VolumeThreadProc,
    					 pThreadBlock);
    
    	if (!NT_SUCCESS (ntStatus))
    	{
    		Dump ("PsCreateSystemThread Failed END\n");
    		goto ret;
    	}
    
    	ntStatus = ObReferenceObjectByHandle (hThread,
    				   THREAD_ALL_ACCESS,
    				   NULL,
    				   KernelMode,
    				   &Extension->peThread,
    				   NULL);
    
    	ZwClose (hThread);
    
    	if (!NT_SUCCESS (ntStatus))
    		goto ret;
    
    	Dump ("Waiting for thread to initialize...\n");
    
    	KeWaitForSingleObject (&Extension->keCreateEvent,
    			       Executive,
    			       KernelMode,
    			       FALSE,
    			       NULL);
    
    	Dump ("Waiting completed! Thread returns 0x%08x\n", pThreadBlock->ntCreateStatus);
    	ntStatus = pThreadBlock->ntCreateStatus;
    
    ret:
    	TCfree (pThreadBlock);
    	return ntStatus;
    }
    
    void TCStopVolumeThread (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension)
    {
    	NTSTATUS ntStatus;
    
    	UNREFERENCED_PARAMETER (DeviceObject);	/* Remove compiler warning */
    
    	Dump ("Signalling thread to quit...\n");
    
    	Extension->bThreadShouldQuit = TRUE;
    
    	KeReleaseSemaphore (&Extension->RequestSemaphore,
    			    0,
    			    1,
    			    TRUE);
    
    	ntStatus = KeWaitForSingleObject (Extension->peThread,
    					  Executive,
    					  KernelMode,
    					  FALSE,
    					  NULL);
    
    	ASSERT (NT_SUCCESS (ntStatus));
    
    	ObDereferenceObject (Extension->peThread);
    	Extension->peThread = NULL;
    
    	Dump ("Thread exited\n");
    }
    
    
    // Suspend current thread for a number of milliseconds
    void TCSleep (int milliSeconds)
    {
    	PKTIMER timer = (PKTIMER) TCalloc (sizeof (KTIMER));
    	LARGE_INTEGER duetime;
    
    	if (!timer)
    		return;
    
    	duetime.QuadPart = (__int64) milliSeconds * -10000;
    	KeInitializeTimerEx(timer, NotificationTimer);
    	KeSetTimerEx(timer, duetime, 0, NULL);
    
    	KeWaitForSingleObject (timer, Executive, KernelMode, FALSE, NULL);
    
    	TCfree (timer);
    }
    
    BOOL IsDeviceName(wchar_t wszVolume[TC_MAX_PATH])
    {
    	if	(	(wszVolume[0] == '\\')
    		&&	(wszVolume[1] == 'D' || wszVolume[1] == 'd')
    		&&	(wszVolume[2] == 'E' || wszVolume[2] == 'e')
    		&&	(wszVolume[3] == 'V' || wszVolume[3] == 'v')
    		&&	(wszVolume[4] == 'I' || wszVolume[4] == 'i')
    		&&	(wszVolume[5] == 'C' || wszVolume[5] == 'c')
    		&&	(wszVolume[6] == 'E' || wszVolume[6] == 'e')
    		)
    	{
    		return TRUE;
    	}
    	else
    		return FALSE;
    }
    
    /* VolumeThreadProc does all the work of processing IRP's, and dispatching them
       to either the ReadWrite function or the DeviceControl function */
    VOID VolumeThreadProc (PVOID Context)
    {
    	PTHREAD_BLOCK pThreadBlock = (PTHREAD_BLOCK) Context;
    	PDEVICE_OBJECT DeviceObject = pThreadBlock->DeviceObject;
    	PEXTENSION Extension = (PEXTENSION) DeviceObject->DeviceExtension;
    	BOOL bDevice;
    
    	/* Set thread priority to lowest realtime level. */
    	KeSetPriorityThread (KeGetCurrentThread (), LOW_REALTIME_PRIORITY);
    
    	Dump ("Mount THREAD OPENING VOLUME BEGIN\n");
    
    	if ( !IsDeviceName (pThreadBlock->mount->wszVolume))
    	{
    		RtlStringCbCopyW (pThreadBlock->wszMountVolume, sizeof(pThreadBlock->wszMountVolume),WIDE ("\\??\\"));
    		RtlStringCbCatW (pThreadBlock->wszMountVolume, sizeof(pThreadBlock->wszMountVolume),pThreadBlock->mount->wszVolume);
    		bDevice = FALSE;
    	}
    	else
    	{
    		pThreadBlock->wszMountVolume[0] = 0;
    		RtlStringCbCatW (pThreadBlock->wszMountVolume, sizeof(pThreadBlock->wszMountVolume),pThreadBlock->mount->wszVolume);
    		bDevice = TRUE;
    	}
    
    	Dump ("Mount THREAD request for File %ls DriveNumber %d Device = %d\n",
    	      pThreadBlock->wszMountVolume, pThreadBlock->mount->nDosDriveNo, bDevice);
    
    	pThreadBlock->ntCreateStatus = TCOpenVolume (DeviceObject,
    		Extension,
    		pThreadBlock->mount,
    		pThreadBlock->wszMountVolume,
    		bDevice);
    
    	if (!NT_SUCCESS (pThreadBlock->ntCreateStatus) || pThreadBlock->mount->nReturnCode != 0)
    	{
    		KeSetEvent (&Extension->keCreateEvent, 0, FALSE);
    		PsTerminateSystemThread (STATUS_SUCCESS);
    	}
    
    	// Start IO queue
    	Extension->Queue.IsFilterDevice = FALSE;
    	Extension->Queue.DeviceObject = DeviceObject;
    	Extension->Queue.CryptoInfo = Extension->cryptoInfo;
    	Extension->Queue.HostFileHandle = Extension->hDeviceFile;
    	Extension->Queue.VirtualDeviceLength = Extension->DiskLength;
    	Extension->Queue.MaxReadAheadOffset.QuadPart = Extension->HostLength;
    
    	if (Extension->SecurityClientContextValid)
    		Extension->Queue.SecurityClientContext = &Extension->SecurityClientContext;
    	else
    		Extension->Queue.SecurityClientContext = NULL;
    
    	pThreadBlock->ntCreateStatus = EncryptedIoQueueStart (&Extension->Queue);
    
    	if (!NT_SUCCESS (pThreadBlock->ntCreateStatus))
    	{
    		TCCloseVolume (DeviceObject, Extension);
    
    		pThreadBlock->mount->nReturnCode = ERR_OS_ERROR;
    		KeSetEvent (&Extension->keCreateEvent, 0, FALSE);
    		PsTerminateSystemThread (STATUS_SUCCESS);
    	}
    
    	KeSetEvent (&Extension->keCreateEvent, 0, FALSE);
    	/* From this point on pThreadBlock cannot be used as it will have been released! */
    	pThreadBlock = NULL;
    
    	for (;;)
    	{
    		/* Wait for a request from the dispatch routines. */
    		KeWaitForSingleObject ((PVOID) & Extension->RequestSemaphore, Executive, KernelMode, FALSE, NULL);
    
    		for (;;)
    		{
    			PIO_STACK_LOCATION irpSp;
    			PLIST_ENTRY request;
    			PIRP irp;
    
    			request = ExInterlockedRemoveHeadList (&Extension->ListEntry, &Extension->ListSpinLock);
    			if (request == NULL)
    				break;
    
    			irp = CONTAINING_RECORD (request, IRP, Tail.Overlay.ListEntry);
    			irpSp = IoGetCurrentIrpStackLocation (irp);
    
    			ASSERT (irpSp->MajorFunction == IRP_MJ_DEVICE_CONTROL);
    
    			ProcessVolumeDeviceControlIrp (DeviceObject, Extension, irp);
    			IoReleaseRemoveLock (&Extension->Queue.RemoveLock, irp);
    		}
    
    		if (Extension->bThreadShouldQuit)
    		{
    			Dump ("Closing volume\n");
    			EncryptedIoQueueStop (&Extension->Queue);
    
    			TCCloseVolume (DeviceObject, Extension);
    			PsTerminateSystemThread (STATUS_SUCCESS);
    		}
    	}
    }
    
    void TCGetNTNameFromNumber (LPWSTR ntname, int cbNtName, int nDriveNo)
    {
    	WCHAR tmp[2] =
    	{0, 0};
    	int j = nDriveNo + (WCHAR) 'A';
    
    	tmp[0] = (short) j;
    	RtlStringCbCopyW (ntname, cbNtName,(LPWSTR) NT_MOUNT_PREFIX);
    	RtlStringCbCatW (ntname, cbNtName, tmp);
    }
    
    void TCGetDosNameFromNumber (LPWSTR dosname,int cbDosName, int nDriveNo, DeviceNamespaceType namespaceType)
    {
    	WCHAR tmp[3] =
    	{0, ':', 0};
    	int j = nDriveNo + (WCHAR) 'A';
    
    	tmp[0] = (short) j;
    
    	if (DeviceNamespaceGlobal == namespaceType)
    	{
    		RtlStringCbCopyW (dosname, cbDosName, (LPWSTR) DOS_MOUNT_PREFIX_GLOBAL);
    	}
    	else
    	{
    		RtlStringCbCopyW (dosname, cbDosName, (LPWSTR) DOS_MOUNT_PREFIX_DEFAULT);
    	}
    
    	RtlStringCbCatW (dosname, cbDosName, tmp);
    }
    
    #if defined(_DEBUG) || defined (_DEBUG_TRACE)
    LPWSTR TCTranslateCode (ULONG ulCode)
    {
    	switch (ulCode)
    	{
    #define TC_CASE_RET_NAME(CODE) case CODE : return L###CODE
    
    		TC_CASE_RET_NAME (TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP);
    		TC_CASE_RET_NAME (TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE);
    		TC_CASE_RET_NAME (TC_IOCTL_BOOT_ENCRYPTION_SETUP);
    		TC_CASE_RET_NAME (TC_IOCTL_DISMOUNT_ALL_VOLUMES);
    		TC_CASE_RET_NAME (TC_IOCTL_DISMOUNT_VOLUME);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_SETUP_RESULT);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_LOADER_VERSION);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_DECOY_SYSTEM_WIPE_RESULT);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_DEVICE_REFCOUNT);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVE_GEOMETRY);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVE_PARTITION_INFO);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVER_VERSION);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_MOUNTED_VOLUMES);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_PASSWORD_CACHE_STATUS);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_PORTABLE_MODE_STATUS);
    		TC_CASE_RET_NAME (TC_IOCTL_SET_PORTABLE_MODE_STATUS);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_RESOLVED_SYMLINK);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_VOLUME_PROPERTIES);
    		TC_CASE_RET_NAME (TC_IOCTL_GET_WARNING_FLAGS);
    		TC_CASE_RET_NAME (TC_IOCTL_DISK_IS_WRITABLE);
    		TC_CASE_RET_NAME (TC_IOCTL_IS_ANY_VOLUME_MOUNTED);
    		TC_CASE_RET_NAME (TC_IOCTL_IS_DRIVER_UNLOAD_DISABLED);
    		TC_CASE_RET_NAME (TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING);
    		TC_CASE_RET_NAME (TC_IOCTL_MOUNT_VOLUME);
    		TC_CASE_RET_NAME (TC_IOCTL_OPEN_TEST);
    		TC_CASE_RET_NAME (TC_IOCTL_PROBE_REAL_DRIVE_SIZE);
    		TC_CASE_RET_NAME (TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER);
    		TC_CASE_RET_NAME (TC_IOCTL_REREAD_DRIVER_CONFIG);
    		TC_CASE_RET_NAME (TC_IOCTL_SET_SYSTEM_FAVORITE_VOLUME_DIRTY);
    		TC_CASE_RET_NAME (TC_IOCTL_START_DECOY_SYSTEM_WIPE);
    		TC_CASE_RET_NAME (TC_IOCTL_WIPE_PASSWORD_CACHE);
    		TC_CASE_RET_NAME (TC_IOCTL_WRITE_BOOT_DRIVE_SECTOR);
    		TC_CASE_RET_NAME (VC_IOCTL_GET_DRIVE_GEOMETRY_EX);
    
    		TC_CASE_RET_NAME (IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS);
    
    #undef TC_CASE_RET_NAME
    	}
    
    	if (ulCode ==			 IOCTL_DISK_GET_DRIVE_GEOMETRY)
    		return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_GEOMETRY");
    	else if (ulCode ==		 IOCTL_DISK_GET_DRIVE_GEOMETRY_EX)
    		return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_GEOMETRY_EX");
    	else if (ulCode ==		 IOCTL_MOUNTDEV_QUERY_DEVICE_NAME)
    		return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_DEVICE_NAME");
    	else if (ulCode ==		 IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME)
    		return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME");
    	else if (ulCode ==		 IOCTL_MOUNTDEV_QUERY_UNIQUE_ID)
    		return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_UNIQUE_ID");
    	else if (ulCode ==		 IOCTL_VOLUME_ONLINE)
    		return (LPWSTR) _T ("IOCTL_VOLUME_ONLINE");
    	else if (ulCode ==		 IOCTL_MOUNTDEV_LINK_CREATED)
    		return (LPWSTR) _T ("IOCTL_MOUNTDEV_LINK_CREATED");
    	else if (ulCode ==		 IOCTL_MOUNTDEV_LINK_DELETED)
    		return (LPWSTR) _T ("IOCTL_MOUNTDEV_LINK_DELETED");
    	else if (ulCode ==		 IOCTL_MOUNTMGR_QUERY_POINTS)
    		return (LPWSTR) _T ("IOCTL_MOUNTMGR_QUERY_POINTS");
    	else if (ulCode ==		 IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED)
    		return (LPWSTR) _T ("IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED");
    	else if (ulCode ==		 IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED)
    		return (LPWSTR) _T ("IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED");
    	else if (ulCode ==		 IOCTL_DISK_GET_LENGTH_INFO)
    		return (LPWSTR) _T ("IOCTL_DISK_GET_LENGTH_INFO");
    	else if (ulCode ==		 IOCTL_STORAGE_GET_DEVICE_NUMBER)
    		return (LPWSTR) _T ("IOCTL_STORAGE_GET_DEVICE_NUMBER");
    	else if (ulCode ==		 IOCTL_DISK_GET_PARTITION_INFO)
    		return (LPWSTR) _T ("IOCTL_DISK_GET_PARTITION_INFO");
    	else if (ulCode ==		 IOCTL_DISK_GET_PARTITION_INFO_EX)
    		return (LPWSTR) _T ("IOCTL_DISK_GET_PARTITION_INFO_EX");
    	else if (ulCode ==		 IOCTL_DISK_SET_PARTITION_INFO)
    		return (LPWSTR) _T ("IOCTL_DISK_SET_PARTITION_INFO");
    	else if (ulCode ==		 IOCTL_DISK_GET_DRIVE_LAYOUT)
    		return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_LAYOUT");
    	else if (ulCode ==		 IOCTL_DISK_GET_DRIVE_LAYOUT_EX)
    		return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_LAYOUT_EX");
    	else if (ulCode ==		 IOCTL_DISK_SET_DRIVE_LAYOUT_EX)
    		return (LPWSTR) _T ("IOCTL_DISK_SET_DRIVE_LAYOUT_EX");
    	else if (ulCode ==		 IOCTL_DISK_VERIFY)
    		return (LPWSTR) _T ("IOCTL_DISK_VERIFY");
    	else if (ulCode == IOCTL_DISK_FORMAT_TRACKS)
    		return (LPWSTR) _T ("IOCTL_DISK_FORMAT_TRACKS");
    	else if (ulCode == IOCTL_DISK_REASSIGN_BLOCKS)
    		return (LPWSTR) _T ("IOCTL_DISK_REASSIGN_BLOCKS");
    	else if (ulCode == IOCTL_DISK_PERFORMANCE)
    		return (LPWSTR) _T ("IOCTL_DISK_PERFORMANCE");
    	else if (ulCode == IOCTL_DISK_IS_WRITABLE)
    		return (LPWSTR) _T ("IOCTL_DISK_IS_WRITABLE");
    	else if (ulCode == IOCTL_DISK_LOGGING)
    		return (LPWSTR) _T ("IOCTL_DISK_LOGGING");
    	else if (ulCode == IOCTL_DISK_FORMAT_TRACKS_EX)
    		return (LPWSTR) _T ("IOCTL_DISK_FORMAT_TRACKS_EX");
    	else if (ulCode == IOCTL_DISK_HISTOGRAM_STRUCTURE)
    		return (LPWSTR) _T ("IOCTL_DISK_HISTOGRAM_STRUCTURE");
    	else if (ulCode == IOCTL_DISK_HISTOGRAM_DATA)
    		return (LPWSTR) _T ("IOCTL_DISK_HISTOGRAM_DATA");
    	else if (ulCode == IOCTL_DISK_HISTOGRAM_RESET)
    		return (LPWSTR) _T ("IOCTL_DISK_HISTOGRAM_RESET");
    	else if (ulCode == IOCTL_DISK_REQUEST_STRUCTURE)
    		return (LPWSTR) _T ("IOCTL_DISK_REQUEST_STRUCTURE");
    	else if (ulCode == IOCTL_DISK_REQUEST_DATA)
    		return (LPWSTR) _T ("IOCTL_DISK_REQUEST_DATA");
    	else if (ulCode == IOCTL_DISK_CONTROLLER_NUMBER)
    		return (LPWSTR) _T ("IOCTL_DISK_CONTROLLER_NUMBER");
    	else if (ulCode == SMART_GET_VERSION)
    		return (LPWSTR) _T ("SMART_GET_VERSION");
    	else if (ulCode == SMART_SEND_DRIVE_COMMAND)
    		return (LPWSTR) _T ("SMART_SEND_DRIVE_COMMAND");
    	else if (ulCode == SMART_RCV_DRIVE_DATA)
    		return (LPWSTR) _T ("SMART_RCV_DRIVE_DATA");
    	else if (ulCode == IOCTL_DISK_INTERNAL_SET_VERIFY)
    		return (LPWSTR) _T ("IOCTL_DISK_INTERNAL_SET_VERIFY");
    	else if (ulCode == IOCTL_DISK_INTERNAL_CLEAR_VERIFY)
    		return (LPWSTR) _T ("IOCTL_DISK_INTERNAL_CLEAR_VERIFY");
    	else if (ulCode == IOCTL_DISK_CHECK_VERIFY)
    		return (LPWSTR) _T ("IOCTL_DISK_CHECK_VERIFY");
    	else if (ulCode == IOCTL_DISK_MEDIA_REMOVAL)
    		return (LPWSTR) _T ("IOCTL_DISK_MEDIA_REMOVAL");
    	else if (ulCode == IOCTL_DISK_EJECT_MEDIA)
    		return (LPWSTR) _T ("IOCTL_DISK_EJECT_MEDIA");
    	else if (ulCode == IOCTL_DISK_LOAD_MEDIA)
    		return (LPWSTR) _T ("IOCTL_DISK_LOAD_MEDIA");
    	else if (ulCode == IOCTL_DISK_RESERVE)
    		return (LPWSTR) _T ("IOCTL_DISK_RESERVE");
    	else if (ulCode == IOCTL_DISK_RELEASE)
    		return (LPWSTR) _T ("IOCTL_DISK_RELEASE");
    	else if (ulCode == IOCTL_DISK_FIND_NEW_DEVICES)
    		return (LPWSTR) _T ("IOCTL_DISK_FIND_NEW_DEVICES");
    	else if (ulCode == IOCTL_DISK_GET_MEDIA_TYPES)
    		return (LPWSTR) _T ("IOCTL_DISK_GET_MEDIA_TYPES");
    	else if (ulCode == IOCTL_DISK_IS_CLUSTERED)
    		return (LPWSTR) _T ("IOCTL_DISK_IS_CLUSTERED");	
    	else if (ulCode == IOCTL_DISK_UPDATE_DRIVE_SIZE)
    		return (LPWSTR) _T ("IOCTL_DISK_UPDATE_DRIVE_SIZE");
    	else if (ulCode == IOCTL_STORAGE_GET_MEDIA_TYPES)
    		return (LPWSTR) _T ("IOCTL_STORAGE_GET_MEDIA_TYPES");
    	else if (ulCode == IOCTL_STORAGE_GET_HOTPLUG_INFO)
    		return (LPWSTR) _T ("IOCTL_STORAGE_GET_HOTPLUG_INFO");
    	else if (ulCode == IOCTL_STORAGE_SET_HOTPLUG_INFO)
    		return (LPWSTR) _T ("IOCTL_STORAGE_SET_HOTPLUG_INFO");
    	else if (ulCode == IOCTL_STORAGE_QUERY_PROPERTY)
    		return (LPWSTR) _T ("IOCTL_STORAGE_QUERY_PROPERTY");
    	else if (ulCode == IOCTL_VOLUME_GET_GPT_ATTRIBUTES)
    		return (LPWSTR) _T ("IOCTL_VOLUME_GET_GPT_ATTRIBUTES");	
    	else if (ulCode == FT_BALANCED_READ_MODE)
    		return (LPWSTR) _T ("FT_BALANCED_READ_MODE");
    	else if (ulCode == IOCTL_VOLUME_QUERY_ALLOCATION_HINT)
    		return (LPWSTR) _T ("IOCTL_VOLUME_QUERY_ALLOCATION_HINT");
    	else if (ulCode == IOCTL_DISK_GET_CLUSTER_INFO)
    		return (LPWSTR) _T ("IOCTL_DISK_GET_CLUSTER_INFO");
    	else if (ulCode == IOCTL_DISK_ARE_VOLUMES_READY)
    		return (LPWSTR) _T ("IOCTL_DISK_ARE_VOLUMES_READY");			
    	else if (ulCode == IOCTL_VOLUME_IS_DYNAMIC)
    		return (LPWSTR) _T ("IOCTL_VOLUME_IS_DYNAMIC");
    	else if (ulCode == IOCTL_MOUNTDEV_QUERY_STABLE_GUID)
    		return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_STABLE_GUID");
    	else if (ulCode == IOCTL_VOLUME_POST_ONLINE)
    		return (LPWSTR) _T ("IOCTL_VOLUME_POST_ONLINE");
    	else if (ulCode == IOCTL_STORAGE_CHECK_PRIORITY_HINT_SUPPORT)
    		return (LPWSTR) _T ("IOCTL_STORAGE_CHECK_PRIORITY_HINT_SUPPORT");
    	else if (ulCode == IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES)
    		return (LPWSTR) _T ("IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES");
    	else if (ulCode == IRP_MJ_READ)
    		return (LPWSTR) _T ("IRP_MJ_READ");
    	else if (ulCode == IRP_MJ_WRITE)
    		return (LPWSTR) _T ("IRP_MJ_WRITE");
    	else if (ulCode == IRP_MJ_CREATE)
    		return (LPWSTR) _T ("IRP_MJ_CREATE");
    	else if (ulCode == IRP_MJ_CLOSE)
    		return (LPWSTR) _T ("IRP_MJ_CLOSE");
    	else if (ulCode == IRP_MJ_CLEANUP)
    		return (LPWSTR) _T ("IRP_MJ_CLEANUP");
    	else if (ulCode == IRP_MJ_FLUSH_BUFFERS)
    		return (LPWSTR) _T ("IRP_MJ_FLUSH_BUFFERS");
    	else if (ulCode == IRP_MJ_SHUTDOWN)
    		return (LPWSTR) _T ("IRP_MJ_SHUTDOWN");
    	else if (ulCode == IRP_MJ_DEVICE_CONTROL)
    		return (LPWSTR) _T ("IRP_MJ_DEVICE_CONTROL");
    	else
    	{
    		return (LPWSTR) _T ("IOCTL");
    	}
    }
    
    #endif
    
    void TCDeleteDeviceObject (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension)
    {
    	UNICODE_STRING Win32NameString;
    	NTSTATUS ntStatus;
    
    	Dump ("TCDeleteDeviceObject BEGIN\n");
    
    	if (Extension->bRootDevice)
    	{
    		RtlInitUnicodeString (&Win32NameString, (LPWSTR) DOS_ROOT_PREFIX);
    		ntStatus = IoDeleteSymbolicLink (&Win32NameString);
    		if (!NT_SUCCESS (ntStatus))
    			Dump ("IoDeleteSymbolicLink failed ntStatus = 0x%08x\n", ntStatus);
    
    		RootDeviceObject = NULL;
    	}
    	else
    	{
    		if (Extension->peThread != NULL)
    			TCStopVolumeThread (DeviceObject, Extension);
    
    		if (Extension->UserSid)
    			TCfree (Extension->UserSid);
    
    		if (Extension->SecurityClientContextValid)
    		{
    			if (OsMajorVersion == 5 && OsMinorVersion == 0)
    			{
    				ObDereferenceObject (Extension->SecurityClientContext.ClientToken);
    			}
    			else
    			{
    				// Windows 2000 does not support PsDereferenceImpersonationToken() used by SeDeleteClientSecurity().
    				// TODO: Use only SeDeleteClientSecurity() once support for Windows 2000 is dropped.
    
    				VOID (*PsDereferenceImpersonationTokenD) (PACCESS_TOKEN ImpersonationToken);
    				UNICODE_STRING name;
    				RtlInitUnicodeString (&name, L"PsDereferenceImpersonationToken");
    
    				PsDereferenceImpersonationTokenD = MmGetSystemRoutineAddress (&name);
    				if (!PsDereferenceImpersonationTokenD)
    					TC_BUG_CHECK (STATUS_NOT_IMPLEMENTED);
    
    #				define PsDereferencePrimaryToken
    #				define PsDereferenceImpersonationToken PsDereferenceImpersonationTokenD
    
    				SeDeleteClientSecurity (&Extension->SecurityClientContext);
    
    #				undef PsDereferencePrimaryToken
    #				undef PsDereferenceImpersonationToken
    			}
    		}
    
    		VirtualVolumeDeviceObjects[Extension->nDosDriveNo] = NULL;
    	}
    
    	IoDeleteDevice (DeviceObject);
    
    	Dump ("TCDeleteDeviceObject END\n");
    }
    
    
    VOID TCUnloadDriver (PDRIVER_OBJECT DriverObject)
    {
    	Dump ("TCUnloadDriver BEGIN\n");
    
    	OnShutdownPending();
    
    	if (IsBootDriveMounted())
    		TC_BUG_CHECK (STATUS_INVALID_DEVICE_STATE);
    
    	EncryptionThreadPoolStop();
    	TCDeleteDeviceObject (RootDeviceObject, (PEXTENSION) RootDeviceObject->DeviceExtension);
    
    	Dump ("TCUnloadDriver END\n");
    }
    
    
    void OnShutdownPending ()
    {
    	UNMOUNT_STRUCT unmount;
    	memset (&unmount, 0, sizeof (unmount));
    	unmount.ignoreOpenFiles = TRUE;
    
    	while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_DISMOUNT_ALL_VOLUMES, &unmount, sizeof (unmount), &unmount, sizeof (unmount)) == STATUS_INSUFFICIENT_RESOURCES || unmount.HiddenVolumeProtectionTriggered)
    		unmount.HiddenVolumeProtectionTriggered = FALSE;
    
    	while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_WIPE_PASSWORD_CACHE, NULL, 0, NULL, 0) == STATUS_INSUFFICIENT_RESOURCES);
    }
    
    
    NTSTATUS TCDeviceIoControl (PWSTR deviceName, ULONG IoControlCode, void *InputBuffer, ULONG InputBufferSize, void *OutputBuffer, ULONG OutputBufferSize)
    {
    	IO_STATUS_BLOCK ioStatusBlock;
    	NTSTATUS ntStatus;
    	PIRP irp;
    	PFILE_OBJECT fileObject;
    	PDEVICE_OBJECT deviceObject;
    	KEVENT event;
    	UNICODE_STRING name;
    
    	RtlInitUnicodeString(&name, deviceName);
    	ntStatus = IoGetDeviceObjectPointer (&name, FILE_READ_ATTRIBUTES, &fileObject, &deviceObject);
    
    	if (!NT_SUCCESS (ntStatus))
    		return ntStatus;
    
    	KeInitializeEvent(&event, NotificationEvent, FALSE);
    
    	irp = IoBuildDeviceIoControlRequest (IoControlCode,
    					     deviceObject,
    					     InputBuffer, InputBufferSize,
    					     OutputBuffer, OutputBufferSize,
    					     FALSE,
    					     &event,
    					     &ioStatusBlock);
    
    	if (irp == NULL)
    	{
    		Dump ("IRP allocation failed\n");
    		ntStatus = STATUS_INSUFFICIENT_RESOURCES;
    		goto ret;
    	}
    
    	IoGetNextIrpStackLocation (irp)->FileObject = fileObject;
    
    	ntStatus = IoCallDriver (deviceObject, irp);
    	if (ntStatus == STATUS_PENDING)
    	{
    		KeWaitForSingleObject (&event, Executive, KernelMode, FALSE, NULL);
    		ntStatus = ioStatusBlock.Status;
    	}
    
    ret:
    	ObDereferenceObject (fileObject);
    	return ntStatus;
    }
    
    
    typedef struct
    {
    	PDEVICE_OBJECT deviceObject; ULONG ioControlCode; void *inputBuffer; int inputBufferSize; void *outputBuffer; int outputBufferSize;
    	NTSTATUS Status;
    	KEVENT WorkItemCompletedEvent;
    } SendDeviceIoControlRequestWorkItemArgs;
    
    
    static VOID SendDeviceIoControlRequestWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, SendDeviceIoControlRequestWorkItemArgs *arg)
    {
    	arg->Status = SendDeviceIoControlRequest (arg->deviceObject, arg->ioControlCode, arg->inputBuffer, arg->inputBufferSize, arg->outputBuffer, arg->outputBufferSize);
    	KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
    }
    
    
    NTSTATUS SendDeviceIoControlRequest (PDEVICE_OBJECT deviceObject, ULONG ioControlCode, void *inputBuffer, int inputBufferSize, void *outputBuffer, int outputBufferSize)
    {
    	IO_STATUS_BLOCK ioStatusBlock;
    	NTSTATUS status;
    	PIRP irp;
    	KEVENT event;
    
    	if (KeGetCurrentIrql() > APC_LEVEL)
    	{
    		SendDeviceIoControlRequestWorkItemArgs args;
    
    		PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);
    		if (!workItem)
    			return STATUS_INSUFFICIENT_RESOURCES;
    
    		args.deviceObject = deviceObject;
    		args.ioControlCode = ioControlCode;
    		args.inputBuffer = inputBuffer;
    		args.inputBufferSize = inputBufferSize;
    		args.outputBuffer = outputBuffer;
    		args.outputBufferSize = outputBufferSize;
    
    		KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);
    		IoQueueWorkItem (workItem, SendDeviceIoControlRequestWorkItemRoutine, DelayedWorkQueue, &args);
    
    		KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);
    		IoFreeWorkItem (workItem);
    
    		return args.Status;
    	}
    
    	KeInitializeEvent (&event, NotificationEvent, FALSE);
    
    	irp = IoBuildDeviceIoControlRequest (ioControlCode, deviceObject, inputBuffer, inputBufferSize,
    		outputBuffer, outputBufferSize, FALSE, &event, &ioStatusBlock);
    
    	if (!irp)
    		return STATUS_INSUFFICIENT_RESOURCES;
    
    	ObReferenceObject (deviceObject);
    
    	status = IoCallDriver (deviceObject, irp);
    	if (status == STATUS_PENDING)
    	{
    		KeWaitForSingleObject (&event, Executive, KernelMode, FALSE, NULL);
    		status = ioStatusBlock.Status;
    	}
    
    	ObDereferenceObject (deviceObject);
    	return status;
    }
    
    
    NTSTATUS ProbeRealDriveSize (PDEVICE_OBJECT driveDeviceObject, LARGE_INTEGER *driveSize)
    {
    	NTSTATUS status;
    	LARGE_INTEGER sysLength;
    	LARGE_INTEGER offset;
    	byte *sectorBuffer;
    	ULONGLONG startTime;
    
    	if (!UserCanAccessDriveDevice())
    		return STATUS_ACCESS_DENIED;
    
    	sectorBuffer = TCalloc (TC_SECTOR_SIZE_BIOS);
    	if (!sectorBuffer)
    		return STATUS_INSUFFICIENT_RESOURCES;
    
    	status = SendDeviceIoControlRequest (driveDeviceObject, IOCTL_DISK_GET_LENGTH_INFO,
    		NULL, 0, &sysLength, sizeof (sysLength));
    
    	if (!NT_SUCCESS (status))
    	{
    		Dump ("Failed to get drive size - error %x\n", status);
    		TCfree (sectorBuffer);
    		return status;
    	}
    
    	startTime = KeQueryInterruptTime ();
    	for (offset.QuadPart = sysLength.QuadPart; ; offset.QuadPart += TC_SECTOR_SIZE_BIOS)
    	{
    		status = TCReadDevice (driveDeviceObject, sectorBuffer, offset, TC_SECTOR_SIZE_BIOS);
    
    		if (NT_SUCCESS (status))
    			status = TCWriteDevice (driveDeviceObject, sectorBuffer, offset, TC_SECTOR_SIZE_BIOS);
    
    		if (!NT_SUCCESS (status))
    		{
    			driveSize->QuadPart = offset.QuadPart;
    			Dump ("Real drive size = %I64d bytes (%I64d hidden)\n", driveSize->QuadPart, driveSize->QuadPart - sysLength.QuadPart);
    			TCfree (sectorBuffer);
    			return STATUS_SUCCESS;
    		}
    
    		if (KeQueryInterruptTime() - startTime > 3ULL * 60 * 1000 * 1000 * 10)
    		{
    			// Abort if probing for more than 3 minutes
    			driveSize->QuadPart = sysLength.QuadPart;
    			TCfree (sectorBuffer);
    			return STATUS_TIMEOUT;
    		}
    	}
    }
    
    
    NTSTATUS TCOpenFsVolume (PEXTENSION Extension, PHANDLE volumeHandle, PFILE_OBJECT * fileObject)
    {
    	NTSTATUS ntStatus;
    	OBJECT_ATTRIBUTES objectAttributes;
    	UNICODE_STRING fullFileName;
    	IO_STATUS_BLOCK ioStatus;
    	WCHAR volumeName[TC_MAX_PATH];
    
    	TCGetNTNameFromNumber (volumeName, sizeof(volumeName),Extension->nDosDriveNo);
    	RtlInitUnicodeString (&fullFileName, volumeName);
    	InitializeObjectAttributes (&objectAttributes, &fullFileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
    
    	ntStatus = ZwCreateFile (volumeHandle,
    		SYNCHRONIZE | GENERIC_READ,
    		&objectAttributes,
    		&ioStatus,
    		NULL,
    		FILE_ATTRIBUTE_NORMAL,
    		FILE_SHARE_READ | FILE_SHARE_WRITE,
    		FILE_OPEN,
    		FILE_SYNCHRONOUS_IO_NONALERT,
    		NULL,
    		0);
    
    	Dump ("Volume %ls open NTSTATUS 0x%08x\n", volumeName, ntStatus);
    
    	if (!NT_SUCCESS (ntStatus))
    		return ntStatus;
    
    	ntStatus = ObReferenceObjectByHandle (*volumeHandle,
    		FILE_READ_DATA,
    		NULL,
    		KernelMode,
    		fileObject,
    		NULL);
    
    	if (!NT_SUCCESS (ntStatus))
    		ZwClose (*volumeHandle);
    
    	return ntStatus;
    }
    
    
    void TCCloseFsVolume (HANDLE volumeHandle, PFILE_OBJECT fileObject)
    {
    	ObDereferenceObject (fileObject);
    	ZwClose (volumeHandle);
    }
    
    
    static NTSTATUS TCReadWriteDevice (BOOL write, PDEVICE_OBJECT deviceObject, PVOID buffer, LARGE_INTEGER offset, ULONG length)
    {
    	NTSTATUS status;
    	IO_STATUS_BLOCK ioStatusBlock;
    	PIRP irp;
    	KEVENT completionEvent;
    
    	ASSERT (KeGetCurrentIrql() <= APC_LEVEL);
    
    	KeInitializeEvent (&completionEvent, NotificationEvent, FALSE);
    	irp = IoBuildSynchronousFsdRequest (write ? IRP_MJ_WRITE : IRP_MJ_READ, deviceObject, buffer, length, &offset, &completionEvent, &ioStatusBlock);
    	if (!irp)
    		return STATUS_INSUFFICIENT_RESOURCES;
    
    	ObReferenceObject (deviceObject);
    	status = IoCallDriver (deviceObject, irp);
    
    	if (status == STATUS_PENDING)
    	{
    		status = KeWaitForSingleObject (&completionEvent, Executive, KernelMode, FALSE, NULL);
    		if (NT_SUCCESS (status))
    			status = ioStatusBlock.Status;
    	}
    
    	ObDereferenceObject (deviceObject);
    	return status;
    }
    
    
    NTSTATUS TCReadDevice (PDEVICE_OBJECT deviceObject, PVOID buffer, LARGE_INTEGER offset, ULONG length)
    {
    	return TCReadWriteDevice (FALSE, deviceObject, buffer, offset, length);
    }
    
    
    NTSTATUS TCWriteDevice (PDEVICE_OBJECT deviceObject, PVOID buffer, LARGE_INTEGER offset, ULONG length)
    {
    	return TCReadWriteDevice (TRUE, deviceObject, buffer, offset, length);
    }
    
    
    NTSTATUS TCFsctlCall (PFILE_OBJECT fileObject, LONG IoControlCode,
    	void *InputBuffer, int InputBufferSize, void *OutputBuffer, int OutputBufferSize)
    {
    	IO_STATUS_BLOCK ioStatusBlock;
    	NTSTATUS ntStatus;
    	PIRP irp;
    	KEVENT event;
    	PIO_STACK_LOCATION stack;
    	PDEVICE_OBJECT deviceObject = IoGetRelatedDeviceObject (fileObject);
    
    	KeInitializeEvent(&event, NotificationEvent, FALSE);
    
    	irp = IoBuildDeviceIoControlRequest (IoControlCode,
    					     deviceObject,
    					     InputBuffer, InputBufferSize,
    					     OutputBuffer, OutputBufferSize,
    					     FALSE,
    					     &event,
    					     &ioStatusBlock);
    
    	if (irp == NULL)
    		return STATUS_INSUFFICIENT_RESOURCES;
    
    	stack = IoGetNextIrpStackLocation(irp);
    
    	stack->MajorFunction = IRP_MJ_FILE_SYSTEM_CONTROL;
    	stack->MinorFunction = IRP_MN_USER_FS_REQUEST;
    	stack->FileObject = fileObject;
    
    	ntStatus = IoCallDriver (deviceObject, irp);
    	if (ntStatus == STATUS_PENDING)
    	{
    		KeWaitForSingleObject (&event, Executive, KernelMode, FALSE, NULL);
    		ntStatus = ioStatusBlock.Status;
    	}
    
    	return ntStatus;
    }
    
    
    NTSTATUS CreateDriveLink (int nDosDriveNo)
    {
    	WCHAR dev[128], link[128];
    	UNICODE_STRING deviceName, symLink;
    	NTSTATUS ntStatus;
    
    	TCGetNTNameFromNumber (dev, sizeof(dev),nDosDriveNo);
    	TCGetDosNameFromNumber (link, sizeof(link),nDosDriveNo, DeviceNamespaceDefault);
    
    	RtlInitUnicodeString (&deviceName, dev);
    	RtlInitUnicodeString (&symLink, link);
    
    	ntStatus = IoCreateSymbolicLink (&symLink, &deviceName);
    	Dump ("IoCreateSymbolicLink returned %X\n", ntStatus);
    	return ntStatus;
    }
    
    
    NTSTATUS RemoveDriveLink (int nDosDriveNo)
    {
    	WCHAR link[256];
    	UNICODE_STRING symLink;
    	NTSTATUS ntStatus;
    
    	TCGetDosNameFromNumber (link, sizeof(link),nDosDriveNo, DeviceNamespaceDefault);
    	RtlInitUnicodeString (&symLink, link);
    
    	ntStatus = IoDeleteSymbolicLink (&symLink);
    	Dump ("IoDeleteSymbolicLink returned %X\n", ntStatus);
    	return ntStatus;
    }
    
    
    NTSTATUS MountManagerMount (MOUNT_STRUCT *mount)
    {
    	NTSTATUS ntStatus;
    	WCHAR arrVolume[256];
    	char buf[200];
    	PMOUNTMGR_TARGET_NAME in = (PMOUNTMGR_TARGET_NAME) buf;
    	PMOUNTMGR_CREATE_POINT_INPUT point = (PMOUNTMGR_CREATE_POINT_INPUT) buf;
    
    	TCGetNTNameFromNumber (arrVolume, sizeof(arrVolume),mount->nDosDriveNo);
    	in->DeviceNameLength = (USHORT) wcslen (arrVolume) * 2;
    	RtlStringCbCopyW(in->DeviceName, sizeof(buf) - sizeof(in->DeviceNameLength),arrVolume);
    
    	ntStatus = TCDeviceIoControl (MOUNTMGR_DEVICE_NAME, IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION,
    		in, (ULONG) (sizeof (in->DeviceNameLength) + wcslen (arrVolume) * 2), 0, 0);
    
    	memset (buf, 0, sizeof buf);
    	TCGetDosNameFromNumber ((PWSTR) &point[1], sizeof(buf) - sizeof(MOUNTMGR_CREATE_POINT_INPUT),mount->nDosDriveNo, DeviceNamespaceDefault);
    
    	point->SymbolicLinkNameOffset = sizeof (MOUNTMGR_CREATE_POINT_INPUT);
    	point->SymbolicLinkNameLength = (USHORT) wcslen ((PWSTR) &point[1]) * 2;
    
    	point->DeviceNameOffset = point->SymbolicLinkNameOffset + point->SymbolicLinkNameLength;
    	TCGetNTNameFromNumber ((PWSTR) (buf + point->DeviceNameOffset), sizeof(buf) - point->DeviceNameOffset,mount->nDosDriveNo);
    	point->DeviceNameLength = (USHORT) wcslen ((PWSTR) (buf + point->DeviceNameOffset)) * 2;
    
    	ntStatus = TCDeviceIoControl (MOUNTMGR_DEVICE_NAME, IOCTL_MOUNTMGR_CREATE_POINT, point,
    			point->DeviceNameOffset + point->DeviceNameLength, 0, 0);
    
    	return ntStatus;
    }
    
    
    NTSTATUS MountManagerUnmount (int nDosDriveNo)
    {
    	NTSTATUS ntStatus;
    	char buf[256], out[300];
    	PMOUNTMGR_MOUNT_POINT in = (PMOUNTMGR_MOUNT_POINT) buf;
    
    	memset (buf, 0, sizeof buf);
    
    	TCGetDosNameFromNumber ((PWSTR) &in[1], sizeof(buf) - sizeof(MOUNTMGR_MOUNT_POINT),nDosDriveNo, DeviceNamespaceDefault);
    
    	// Only symbolic link can be deleted with IOCTL_MOUNTMGR_DELETE_POINTS. If any other entry is specified, the mount manager will ignore subsequent IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION for the same volume ID.
    	in->SymbolicLinkNameOffset = sizeof (MOUNTMGR_MOUNT_POINT);
    	in->SymbolicLinkNameLength = (USHORT) wcslen ((PWCHAR) &in[1]) * 2;
    
    	ntStatus = TCDeviceIoControl (MOUNTMGR_DEVICE_NAME, IOCTL_MOUNTMGR_DELETE_POINTS,
    		in, sizeof(MOUNTMGR_MOUNT_POINT) + in->SymbolicLinkNameLength, out, sizeof out);
    
    	Dump ("IOCTL_MOUNTMGR_DELETE_POINTS returned 0x%08x\n", ntStatus);
    
    	return ntStatus;
    }
    
    
    NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
    {
    	PDEVICE_OBJECT NewDeviceObject;
    	NTSTATUS ntStatus;
    
    	// Make sure the user is asking for a reasonable nDosDriveNo
    	if (mount->nDosDriveNo >= 0 && mount->nDosDriveNo <= 25
    		&& IsDriveLetterAvailable (mount->nDosDriveNo, DeviceNamespaceDefault) // drive letter must not exist both locally and globally
    		&& IsDriveLetterAvailable (mount->nDosDriveNo, DeviceNamespaceGlobal)
    		)
    	{
    		Dump ("Mount request looks valid\n");
    	}
    	else
    	{
    		Dump ("WARNING: MOUNT DRIVE LETTER INVALID\n");
    		mount->nReturnCode = ERR_DRIVE_NOT_FOUND;
    		return ERR_DRIVE_NOT_FOUND;
    	}
    
    	if (!SelfTestsPassed)
    	{
    		Dump ("Failure of built-in automatic self-tests! Mounting not allowed.\n");
    		mount->nReturnCode = ERR_SELF_TESTS_FAILED;
    		return ERR_SELF_TESTS_FAILED;
    	}
    
    	ntStatus = TCCreateDeviceObject (DeviceObject->DriverObject, &NewDeviceObject, mount);
    
    	if (!NT_SUCCESS (ntStatus))
    	{
    		Dump ("Mount CREATE DEVICE ERROR, ntStatus = 0x%08x\n", ntStatus);
    		return ntStatus;
    	}
    	else
    	{
    		PEXTENSION NewExtension = (PEXTENSION) NewDeviceObject->DeviceExtension;
    		SECURITY_SUBJECT_CONTEXT subContext;
    		PACCESS_TOKEN accessToken;
    
    		SeCaptureSubjectContext (&subContext);
    		SeLockSubjectContext(&subContext);
    		if (subContext.ClientToken && subContext.ImpersonationLevel >= SecurityImpersonation)
    			accessToken = subContext.ClientToken;
    		else
    			accessToken = subContext.PrimaryToken;
    
    		if (!accessToken)
    		{
    			ntStatus = STATUS_INVALID_PARAMETER;
    		}
    		else
    		{
    			PTOKEN_USER tokenUser;
    
    			ntStatus = SeQueryInformationToken (accessToken, TokenUser, &tokenUser);
    			if (NT_SUCCESS (ntStatus))
    			{
    				ULONG sidLength = RtlLengthSid (tokenUser->User.Sid);
    
    				NewExtension->UserSid = TCalloc (sidLength);
    				if (!NewExtension->UserSid)
    					ntStatus = STATUS_INSUFFICIENT_RESOURCES;
    				else
    					ntStatus = RtlCopySid (sidLength, NewExtension->UserSid, tokenUser->User.Sid);
    
    				ExFreePool (tokenUser);		// Documented in newer versions of WDK
    			}
    		}
    
    		SeUnlockSubjectContext(&subContext);
    		SeReleaseSubjectContext (&subContext);
    
    		if (NT_SUCCESS (ntStatus))
    			ntStatus = TCStartVolumeThread (NewDeviceObject, NewExtension, mount);
    
    		if (!NT_SUCCESS (ntStatus))
    		{
    			Dump ("Mount FAILURE NT ERROR, ntStatus = 0x%08x\n", ntStatus);
    			TCDeleteDeviceObject (NewDeviceObject, NewExtension);
    			return ntStatus;
    		}
    		else
    		{
    			if (mount->nReturnCode == 0)
    			{
    				HANDLE volumeHandle;
    				PFILE_OBJECT volumeFileObject;
    				ULONG labelLen = (ULONG) wcslen (mount->wszLabel);
    				BOOL bIsNTFS = FALSE;
    				ULONG labelMaxLen, labelEffectiveLen;
    
    				Dump ("Mount SUCCESS TC code = 0x%08x READ-ONLY = %d\n", mount->nReturnCode, NewExtension->bReadOnly);
    
    				if (NewExtension->bReadOnly)
    					NewDeviceObject->Characteristics |= FILE_READ_ONLY_DEVICE;
    
    				NewDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
    
    				NewExtension->UniqueVolumeId = LastUniqueVolumeId++;
    
    				// check again that the drive letter is available globally and locally
    				if (	!IsDriveLetterAvailable (mount->nDosDriveNo, DeviceNamespaceDefault)
    					|| !IsDriveLetterAvailable (mount->nDosDriveNo, DeviceNamespaceGlobal)
    					)
    				{
    						TCDeleteDeviceObject (NewDeviceObject, NewExtension);
    						mount->nReturnCode = ERR_DRIVE_NOT_FOUND;
    						return ERR_DRIVE_NOT_FOUND;
    				}
    
    				if (mount->bMountManager)
    					MountManagerMount (mount);
    
    				NewExtension->bMountManager = mount->bMountManager;
    
    				// We create symbolic link even if mount manager is notified of
    				// arriving volume as it apparently sometimes fails to create the link
    				CreateDriveLink (mount->nDosDriveNo);
    
    				mount->FilesystemDirty = FALSE;
    
    				if (NT_SUCCESS (TCOpenFsVolume (NewExtension, &volumeHandle, &volumeFileObject)))
    				{
    					__try
    					{
    						ULONG fsStatus;
    
    						if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_IS_VOLUME_DIRTY, NULL, 0, &fsStatus, sizeof (fsStatus)))
    							&& (fsStatus & VOLUME_IS_DIRTY))
    						{
    							mount->FilesystemDirty = TRUE;
    						}
    					}
    					__except (EXCEPTION_EXECUTE_HANDLER)
    					{
    						mount->FilesystemDirty = TRUE;
    					}
    
    					// detect if the filesystem is NTFS or FAT
    					__try
    					{
    						NTFS_VOLUME_DATA_BUFFER ntfsData;
    						if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_GET_NTFS_VOLUME_DATA, NULL, 0, &ntfsData, sizeof (ntfsData))))
    						{
    							bIsNTFS = TRUE;
    						}
    					}
    					__except (EXCEPTION_EXECUTE_HANDLER)
    					{
    						bIsNTFS = FALSE;
    					}
    
    					NewExtension->bIsNTFS = bIsNTFS;
    					mount->bIsNTFS = bIsNTFS;
    
    					if (labelLen > 0)
    					{
    						if (bIsNTFS)
    							labelMaxLen = 32; // NTFS maximum label length
    						else
    							labelMaxLen = 11; // FAT maximum label length
    
    						// calculate label effective length
    						labelEffectiveLen = labelLen > labelMaxLen? labelMaxLen : labelLen;
    
    						// correct the label in the device
    						memset (&NewExtension->wszLabel[labelEffectiveLen], 0, 33 - labelEffectiveLen);
    						memcpy (mount->wszLabel, NewExtension->wszLabel, 33);
    
    						// set the volume label
    						__try
    						{
    							IO_STATUS_BLOCK ioblock;
    							ULONG labelInfoSize = sizeof(FILE_FS_LABEL_INFORMATION) + (labelEffectiveLen * sizeof(WCHAR));
    							FILE_FS_LABEL_INFORMATION* labelInfo = (FILE_FS_LABEL_INFORMATION*) TCalloc (labelInfoSize);
    							labelInfo->VolumeLabelLength = labelEffectiveLen * sizeof(WCHAR);
    							memcpy (labelInfo->VolumeLabel, mount->wszLabel, labelInfo->VolumeLabelLength);
    
    							if (STATUS_SUCCESS == ZwSetVolumeInformationFile (volumeHandle, &ioblock, labelInfo, labelInfoSize, FileFsLabelInformation))
    							{
    								mount->bDriverSetLabel = TRUE;
    								NewExtension->bDriverSetLabel = TRUE;
    							}
    
    							TCfree(labelInfo);
    						}
    						__except (EXCEPTION_EXECUTE_HANDLER)
    						{
    
    						}
    					}
    
    					TCCloseFsVolume (volumeHandle, volumeFileObject);
    				}
    			}
    			else
    			{
    				Dump ("Mount FAILURE TC code = 0x%08x\n", mount->nReturnCode);
    				TCDeleteDeviceObject (NewDeviceObject, NewExtension);
    			}
    
    			return STATUS_SUCCESS;
    		}
    	}
    }
    
    NTSTATUS UnmountDevice (UNMOUNT_STRUCT *unmountRequest, PDEVICE_OBJECT deviceObject, BOOL ignoreOpenFiles)
    {
    	PEXTENSION extension = deviceObject->DeviceExtension;
    	NTSTATUS ntStatus;
    	HANDLE volumeHandle;
    	PFILE_OBJECT volumeFileObject;
    
    	Dump ("UnmountDevice %d\n", extension->nDosDriveNo);
    
    	ntStatus = TCOpenFsVolume (extension, &volumeHandle, &volumeFileObject);
    
    	if (NT_SUCCESS (ntStatus))
    	{
    		int dismountRetry;
    
    		// Dismounting a writable NTFS filesystem prevents the driver from being unloaded on Windows 7
    		if (IsOSAtLeast (WIN_7) && !extension->bReadOnly)
    		{
    			NTFS_VOLUME_DATA_BUFFER ntfsData;
    
    			if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_GET_NTFS_VOLUME_DATA, NULL, 0, &ntfsData, sizeof (ntfsData))))
    				DriverUnloadDisabled = TRUE;
    		}
    
    		// Lock volume
    		ntStatus = TCFsctlCall (volumeFileObject, FSCTL_LOCK_VOLUME, NULL, 0, NULL, 0);
    		Dump ("FSCTL_LOCK_VOLUME returned %X\n", ntStatus);
    
    		if (!NT_SUCCESS (ntStatus) && !ignoreOpenFiles)
    		{
    			TCCloseFsVolume (volumeHandle, volumeFileObject);
    			return ERR_FILES_OPEN;
    		}
    
    		// Dismount volume
    		for (dismountRetry = 0; dismountRetry < 200; ++dismountRetry)
    		{
    			ntStatus = TCFsctlCall (volumeFileObject, FSCTL_DISMOUNT_VOLUME, NULL, 0, NULL, 0);
    			Dump ("FSCTL_DISMOUNT_VOLUME returned %X\n", ntStatus);
    
    			if (NT_SUCCESS (ntStatus) || ntStatus == STATUS_VOLUME_DISMOUNTED)
    				break;
    
    			if (!ignoreOpenFiles)
    			{
    				TCCloseFsVolume (volumeHandle, volumeFileObject);
    				return ERR_FILES_OPEN;
    			}
    
    			TCSleep (100);
    		}
    	}
    	else
    	{
    		// Volume cannot be opened => force dismount if allowed
    		if (!ignoreOpenFiles)
    			return ERR_FILES_OPEN;
    		else
    			volumeHandle = NULL;
    	}
    
    	if (extension->bMountManager)
    		MountManagerUnmount (extension->nDosDriveNo);
    
    	// We always remove symbolic link as mount manager might fail to do so
    	RemoveDriveLink (extension->nDosDriveNo);
    
    	extension->bShuttingDown = TRUE;
    
    	ntStatus = IoAcquireRemoveLock (&extension->Queue.RemoveLock, NULL);
    	ASSERT (NT_SUCCESS (ntStatus));
    	IoReleaseRemoveLockAndWait (&extension->Queue.RemoveLock, NULL);
    
    	if (volumeHandle != NULL)
    		TCCloseFsVolume (volumeHandle, volumeFileObject);
    
    	if (unmountRequest)
    	{
    		PCRYPTO_INFO cryptoInfo = ((PEXTENSION) deviceObject->DeviceExtension)->cryptoInfo;
    		unmountRequest->HiddenVolumeProtectionTriggered = (cryptoInfo->bProtectHiddenVolume && cryptoInfo->bHiddenVolProtectionAction);
    	}
    
    	TCDeleteDeviceObject (deviceObject, (PEXTENSION) deviceObject->DeviceExtension);
    	return 0;
    }
    
    
    static PDEVICE_OBJECT FindVolumeWithHighestUniqueId (int maxUniqueId)
    {
    	PDEVICE_OBJECT highestIdDevice = NULL;
    	int highestId = -1;
    	int drive;
    
    	for (drive = MIN_MOUNTED_VOLUME_DRIVE_NUMBER; drive <= MAX_MOUNTED_VOLUME_DRIVE_NUMBER; ++drive)
    	{
    		PDEVICE_OBJECT device = GetVirtualVolumeDeviceObject (drive);
    		if (device)
    		{
    			PEXTENSION extension = (PEXTENSION) device->DeviceExtension;
    			if (extension->UniqueVolumeId > highestId && extension->UniqueVolumeId <= maxUniqueId)
    			{
    				highestId = extension->UniqueVolumeId;
    				highestIdDevice = device;
    			}
    		}
    	}
    
    	return highestIdDevice;
    }
    
    
    NTSTATUS UnmountAllDevices (UNMOUNT_STRUCT *unmountRequest, BOOL ignoreOpenFiles)
    {
    	NTSTATUS status = 0;
    	PDEVICE_OBJECT ListDevice;
    	int maxUniqueId = LastUniqueVolumeId;
    
    	Dump ("Unmounting all volumes\n");
    
    	if (unmountRequest)
    		unmountRequest->HiddenVolumeProtectionTriggered = FALSE;
    
    	// Dismount volumes in the reverse order they were mounted to properly dismount nested volumes
    	while ((ListDevice = FindVolumeWithHighestUniqueId (maxUniqueId)) != NULL)
    	{
    		PEXTENSION ListExtension = (PEXTENSION) ListDevice->DeviceExtension;
    		maxUniqueId = ListExtension->UniqueVolumeId - 1;
    
    		if (IsVolumeAccessibleByCurrentUser (ListExtension))
    		{
    			NTSTATUS ntStatus;
    
    			if (unmountRequest)
    				unmountRequest->nDosDriveNo = ListExtension->nDosDriveNo;
    
    			ntStatus = UnmountDevice (unmountRequest, ListDevice, ignoreOpenFiles);
    			status = ntStatus == 0 ? status : ntStatus;
    
    			if (unmountRequest && unmountRequest->HiddenVolumeProtectionTriggered)
    				break;
    		}
    	}
    
    	return status;
    }
    
    // Resolves symbolic link name to its target name
    NTSTATUS SymbolicLinkToTarget (PWSTR symlinkName, PWSTR targetName, USHORT maxTargetNameLength)
    {
    	NTSTATUS ntStatus;
    	OBJECT_ATTRIBUTES objectAttributes;
    	UNICODE_STRING fullFileName;
    	HANDLE handle;
    
    	RtlInitUnicodeString (&fullFileName, symlinkName);
    	InitializeObjectAttributes (&objectAttributes, &fullFileName, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL);
    
    	ntStatus = ZwOpenSymbolicLinkObject (&handle, GENERIC_READ, &objectAttributes);
    
    	if (NT_SUCCESS (ntStatus))
    	{
    		UNICODE_STRING target;
    		target.Buffer = targetName;
    		target.Length = 0;
    		target.MaximumLength = maxTargetNameLength;
    		memset (targetName, 0, maxTargetNameLength);
    
    		ntStatus = ZwQuerySymbolicLinkObject (handle, &target, NULL);
    
    		ZwClose (handle);
    	}
    
    	return ntStatus;
    }
    
    
    // Checks if two regions overlap (borders are parts of regions)
    BOOL RegionsOverlap (unsigned __int64 start1, unsigned __int64 end1, unsigned __int64 start2, unsigned __int64 end2)
    {
    	return (start1 < start2) ? (end1 >= start2) : (start1 <= end2);
    }
    
    
    void GetIntersection (uint64 start1, uint32 length1, uint64 start2, uint64 end2, uint64 *intersectStart, uint32 *intersectLength)
    {
    	uint64 end1 = start1 + length1 - 1;
    	uint64 intersectEnd = (end1 <= end2) ? end1 : end2;
    
    	*intersectStart = (start1 >= start2) ? start1 : start2;
    	*intersectLength = (uint32) ((*intersectStart > intersectEnd) ? 0 : intersectEnd + 1 - *intersectStart);
    
    	if (*intersectLength == 0)
    		*intersectStart = start1;
    }
    
    
    BOOL IsAccessibleByUser (PUNICODE_STRING objectFileName, BOOL readOnly)
    {
    	OBJECT_ATTRIBUTES fileObjAttributes;
    	IO_STATUS_BLOCK ioStatusBlock;
    	HANDLE fileHandle;
    	NTSTATUS status;
    
    	ASSERT (!IoIsSystemThread (PsGetCurrentThread()));
    
    	InitializeObjectAttributes (&fileObjAttributes, objectFileName, OBJ_CASE_INSENSITIVE | OBJ_FORCE_ACCESS_CHECK | OBJ_KERNEL_HANDLE, NULL, NULL);
    
    	status = ZwCreateFile (&fileHandle,
    		readOnly ? GENERIC_READ : GENERIC_READ | GENERIC_WRITE,
    		&fileObjAttributes,
    		&ioStatusBlock,
    		NULL,
    		FILE_ATTRIBUTE_NORMAL,
    		FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
    		FILE_OPEN,
    		FILE_SYNCHRONOUS_IO_NONALERT,
    		NULL,
    		0);
    
    	if (NT_SUCCESS (status))
    	{
    		ZwClose (fileHandle);
    		return TRUE;
    	}
    
    	return FALSE;
    }
    
    
    BOOL UserCanAccessDriveDevice ()
    {
    	UNICODE_STRING name;
    	RtlInitUnicodeString (&name, L"\\Device\\MountPointManager");
    
    	return IsAccessibleByUser (&name, FALSE);
    }
    
    BOOL IsDriveLetterAvailable (int nDosDriveNo, DeviceNamespaceType namespaceType)
    {
    	OBJECT_ATTRIBUTES objectAttributes;
    	UNICODE_STRING objectName;
    	WCHAR link[128];
    	HANDLE handle;
    	NTSTATUS ntStatus;
    
    	TCGetDosNameFromNumber (link, sizeof(link),nDosDriveNo, namespaceType);
    	RtlInitUnicodeString (&objectName, link);
    	InitializeObjectAttributes (&objectAttributes, &objectName, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL);
    
    	if (NT_SUCCESS (ntStatus = ZwOpenSymbolicLinkObject (&handle, GENERIC_READ, &objectAttributes)))
    	{
    		ZwClose (handle);
    		return FALSE;
    	}
    
    	return (ntStatus == STATUS_OBJECT_NAME_NOT_FOUND)? TRUE : FALSE;
    }
    
    
    NTSTATUS TCCompleteIrp (PIRP irp, NTSTATUS status, ULONG_PTR information)
    {
    	irp->IoStatus.Status = status;
    	irp->IoStatus.Information = information;
    	IoCompleteRequest (irp, IO_NO_INCREMENT);
    	return status;
    }
    
    
    NTSTATUS TCCompleteDiskIrp (PIRP irp, NTSTATUS status, ULONG_PTR information)
    {
    	irp->IoStatus.Status = status;
    	irp->IoStatus.Information = information;
    	IoCompleteRequest (irp, NT_SUCCESS (status) ? IO_DISK_INCREMENT : IO_NO_INCREMENT);
    	return status;
    }
    
    
    size_t GetCpuCount ()
    {
    	KAFFINITY activeCpuMap = KeQueryActiveProcessors();
    	size_t mapSize = sizeof (activeCpuMap) * 8;
    	size_t cpuCount = 0;
    
    	while (mapSize--)
    	{
    		if (activeCpuMap & 1)
    			++cpuCount;
    
    		activeCpuMap >>= 1;
    	}
    
    	if (cpuCount == 0)
    		return 1;
    
    	return cpuCount;
    }
    
    
    void EnsureNullTerminatedString (wchar_t *str, size_t maxSizeInBytes)
    {
    	ASSERT ((maxSizeInBytes & 1) == 0);
    	str[maxSizeInBytes / sizeof (wchar_t) - 1] = 0;
    }
    
    
    void *AllocateMemoryWithTimeout (size_t size, int retryDelay, int timeout)
    {
    	LARGE_INTEGER waitInterval;
    	waitInterval.QuadPart = retryDelay * -10000;
    
    	ASSERT (KeGetCurrentIrql() <= APC_LEVEL);
    	ASSERT (retryDelay > 0 && retryDelay <= timeout);
    
    	while (TRUE)
    	{
    		void *memory = TCalloc (size);
    		if (memory)
    			return memory;
    
    		timeout -= retryDelay;
    		if (timeout <= 0)
    			break;
    
    		KeDelayExecutionThread (KernelMode, FALSE, &waitInterval);
    	}
    
    	return NULL;
    }
    
    
    NTSTATUS TCReadRegistryKey (PUNICODE_STRING keyPath, wchar_t *keyValueName, PKEY_VALUE_PARTIAL_INFORMATION *keyData)
    {
    	OBJECT_ATTRIBUTES regObjAttribs;
    	HANDLE regKeyHandle;
    	NTSTATUS status;
    	UNICODE_STRING valName;
    	ULONG size = 0;
    	ULONG resultSize;
    
    	InitializeObjectAttributes (&regObjAttribs, keyPath, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL);
    	status = ZwOpenKey (&regKeyHandle, KEY_READ, &regObjAttribs);
    	if (!NT_SUCCESS (status))
    		return status;
    
    	RtlInitUnicodeString (&valName, keyValueName);
    	status = ZwQueryValueKey (regKeyHandle, &valName, KeyValuePartialInformation, NULL, 0, &size);
    
    	if (!NT_SUCCESS (status) && status != STATUS_BUFFER_OVERFLOW && status != STATUS_BUFFER_TOO_SMALL)
    	{
    		ZwClose (regKeyHandle);
    		return status;
    	}
    
    	if (size == 0)
    	{
    		ZwClose (regKeyHandle);
    		return STATUS_NO_DATA_DETECTED;
    	}
    
    	*keyData = (PKEY_VALUE_PARTIAL_INFORMATION) TCalloc (size);
    	if (!*keyData)
    	{
    		ZwClose (regKeyHandle);
    		return STATUS_INSUFFICIENT_RESOURCES;
    	}
    
    	status = ZwQueryValueKey (regKeyHandle, &valName, KeyValuePartialInformation, *keyData, size, &resultSize);
    
    	ZwClose (regKeyHandle);
    	return status;
    }
    
    
    NTSTATUS TCWriteRegistryKey (PUNICODE_STRING keyPath, wchar_t *keyValueName, ULONG keyValueType, void *valueData, ULONG valueSize)
    {
    	OBJECT_ATTRIBUTES regObjAttribs;
    	HANDLE regKeyHandle;
    	NTSTATUS status;
    	UNICODE_STRING valName;
    
    	InitializeObjectAttributes (&regObjAttribs, keyPath, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL);
    	status = ZwOpenKey (&regKeyHandle, KEY_READ | KEY_WRITE, &regObjAttribs);
    	if (!NT_SUCCESS (status))
    		return status;
    
    	RtlInitUnicodeString (&valName, keyValueName);
    
    	status = ZwSetValueKey (regKeyHandle, &valName, 0, keyValueType, valueData, valueSize);
    
    	ZwClose (regKeyHandle);
    	return status;
    }
    
    
    BOOL IsVolumeClassFilterRegistered ()
    {
    	UNICODE_STRING name;
    	NTSTATUS status;
    	BOOL registered = FALSE;
    
    	PKEY_VALUE_PARTIAL_INFORMATION data;
    
    	RtlInitUnicodeString (&name, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{71A27CDD-812A-11D0-BEC7-08002BE2092F}");
    	status = TCReadRegistryKey (&name, L"UpperFilters", &data);
    
    	if (NT_SUCCESS (status))
    	{
    		if (data->Type == REG_MULTI_SZ && data->DataLength >= 9 * sizeof (wchar_t))
    		{
    			// Search for the string "veracrypt"
    			ULONG i;
    			for (i = 0; i <= data->DataLength - 9 * sizeof (wchar_t); ++i)
    			{
    				if (memcmp (data->Data + i, L"veracrypt", 9 * sizeof (wchar_t)) == 0)
    				{
    					Dump ("Volume class filter active\n");
    					registered = TRUE;
    					break;
    				}
    			}
    		}
    
    		TCfree (data);
    	}
    
    	return registered;
    }
    
    
    NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
    {
    	PKEY_VALUE_PARTIAL_INFORMATION data;
    	UNICODE_STRING name;
    	NTSTATUS status;
    	uint32 flags = 0;
    
    	RtlInitUnicodeString (&name, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\veracrypt");
    	status = TCReadRegistryKey (&name, TC_DRIVER_CONFIG_REG_VALUE_NAME, &data);
    
    	if (NT_SUCCESS (status))
    	{
    		if (data->Type == REG_DWORD)
    		{
    			flags = *(uint32 *) data->Data;
    			Dump ("Configuration flags = 0x%x\n", flags);
    
    			if (driverEntry)
    			{
    				if (flags & (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD | TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES))
    					CacheBootPassword = TRUE;
    
    				if (flags & TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS)
    					NonAdminSystemFavoritesAccessDisabled = TRUE;
    
    				if (flags & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)
    					CacheBootPim = TRUE;
    
    				if (flags & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)
    					BlockSystemTrimCommand = TRUE;
    			}
    
    			EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);
    
    			EnableExtendedIoctlSupport = (flags & TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL)? TRUE : FALSE;
    			AllowTrimCommand = (flags & VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM)? TRUE : FALSE;
    		}
    		else
    			status = STATUS_INVALID_PARAMETER;
    
    		TCfree (data);
    	}
    
    	if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, TC_ENCRYPTION_FREE_CPU_COUNT_REG_VALUE_NAME, &data)))
    	{
    		if (data->Type == REG_DWORD)
    			EncryptionThreadPoolFreeCpuCountLimit = *(uint32 *) data->Data;
    
    		TCfree (data);
    	}
    
    	return status;
    }
    
    
    NTSTATUS WriteRegistryConfigFlags (uint32 flags)
    {
    	UNICODE_STRING name;
    	RtlInitUnicodeString (&name, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\veracrypt");
    
    	return TCWriteRegistryKey (&name, TC_DRIVER_CONFIG_REG_VALUE_NAME, REG_DWORD, &flags, sizeof (flags));
    }
    
    
    NTSTATUS GetDeviceSectorSize (PDEVICE_OBJECT deviceObject, ULONG *bytesPerSector)
    {
    	NTSTATUS status;
    	DISK_GEOMETRY geometry;
    
    	status = SendDeviceIoControlRequest (deviceObject, IOCTL_DISK_GET_DRIVE_GEOMETRY, NULL, 0, &geometry, sizeof (geometry));
    	if (!NT_SUCCESS (status))
    		return status;
    
    	*bytesPerSector = geometry.BytesPerSector;
    	
    	return STATUS_SUCCESS;
    }
    
    
    NTSTATUS ZeroUnreadableSectors (PDEVICE_OBJECT deviceObject, LARGE_INTEGER startOffset, ULONG size, uint64 *zeroedSectorCount)
    {
    	NTSTATUS status;
    	ULONG sectorSize;
    	ULONG sectorCount;
    	byte *sectorBuffer = NULL;
    
    	*zeroedSectorCount = 0;
    
    	status = GetDeviceSectorSize (deviceObject, &sectorSize);
    	if (!NT_SUCCESS (status))
    		return status;
    
    	sectorBuffer = TCalloc (sectorSize);
    	if (!sectorBuffer)
    		return STATUS_INSUFFICIENT_RESOURCES;
    
    	for (sectorCount = size / sectorSize; sectorCount > 0; --sectorCount, startOffset.QuadPart += sectorSize)
    	{
    		status = TCReadDevice (deviceObject, sectorBuffer, startOffset, sectorSize);
    		if (!NT_SUCCESS (status))
    		{
    			Dump ("Zeroing sector at %I64d\n", startOffset.QuadPart);
    			memset (sectorBuffer, 0, sectorSize);
    
    			status = TCWriteDevice (deviceObject, sectorBuffer, startOffset, sectorSize);
    			if (!NT_SUCCESS (status))
    				goto err;
    
    			++(*zeroedSectorCount);
    		}
    	}
    
    	status = STATUS_SUCCESS;
    
    err:
    	if (sectorBuffer)
    		TCfree (sectorBuffer);
    
    	return status;
    }
    
    
    NTSTATUS ReadDeviceSkipUnreadableSectors (PDEVICE_OBJECT deviceObject, byte *buffer, LARGE_INTEGER startOffset, ULONG size, uint64 *badSectorCount)
    {
    	NTSTATUS status;
    	ULONG sectorSize;
    	ULONG sectorCount;
    
    	*badSectorCount = 0;
    
    	status = GetDeviceSectorSize (deviceObject, &sectorSize);
    	if (!NT_SUCCESS (status))
    		return status;
    
    	for (sectorCount = size / sectorSize; sectorCount > 0; --sectorCount, startOffset.QuadPart += sectorSize, buffer += sectorSize)
    	{
    		status = TCReadDevice (deviceObject, buffer, startOffset, sectorSize);
    		if (!NT_SUCCESS (status))
    		{
    			Dump ("Skipping bad sector at %I64d\n", startOffset.QuadPart);
    			memset (buffer, 0, sectorSize);
    			++(*badSectorCount);
    		}
    	}
    
    	return STATUS_SUCCESS;
    }
    
    
    BOOL IsVolumeAccessibleByCurrentUser (PEXTENSION volumeDeviceExtension)
    {
    	SECURITY_SUBJECT_CONTEXT subContext;
    	PACCESS_TOKEN accessToken;
    	PTOKEN_USER tokenUser;
    	BOOL result = FALSE;
    
    	if (IoIsSystemThread (PsGetCurrentThread())
    		|| UserCanAccessDriveDevice()
    		|| !volumeDeviceExtension->UserSid
    		|| (volumeDeviceExtension->SystemFavorite && !NonAdminSystemFavoritesAccessDisabled))
    	{
    		return TRUE;
    	}
    
    	SeCaptureSubjectContext (&subContext);
    	SeLockSubjectContext(&subContext);
    	if (subContext.ClientToken && subContext.ImpersonationLevel >= SecurityImpersonation)
    		accessToken = subContext.ClientToken;
    	else
    		accessToken = subContext.PrimaryToken;
    
    	if (!accessToken)
    		goto ret;
    
    	if (SeTokenIsAdmin (accessToken))
    	{
    		result = TRUE;
    		goto ret;
    	}
    
    	if (!NT_SUCCESS (SeQueryInformationToken (accessToken, TokenUser, &tokenUser)))
    		goto ret;
    
    	result = RtlEqualSid (volumeDeviceExtension->UserSid, tokenUser->User.Sid);
    	ExFreePool (tokenUser);		// Documented in newer versions of WDK
    
    ret:
    	SeUnlockSubjectContext(&subContext);
    	SeReleaseSubjectContext (&subContext);
    	return result;
    }
    
    
    void GetElapsedTimeInit (LARGE_INTEGER *lastPerfCounter)
    {
    	*lastPerfCounter = KeQueryPerformanceCounter (NULL);
    }
    
    
    // Returns elapsed time in microseconds since last call
    int64 GetElapsedTime (LARGE_INTEGER *lastPerfCounter)
    {
    	LARGE_INTEGER freq;
    	LARGE_INTEGER counter = KeQueryPerformanceCounter (&freq);
    
    	int64 elapsed = (counter.QuadPart - lastPerfCounter->QuadPart) * 1000000LL / freq.QuadPart;
    	*lastPerfCounter = counter;
    
    	return elapsed;
    }
    
    
    BOOL IsOSAtLeast (OSVersionEnum reqMinOS)
    {
    	/* When updating this function, update IsOSVersionAtLeast() in Dlgcode.c too. */
    
    	ULONG major = 0, minor = 0;
    
    	ASSERT (OsMajorVersion != 0);
    
    	switch (reqMinOS)
    	{
    	case WIN_2000:			major = 5; minor = 0; break;
    	case WIN_XP:			major = 5; minor = 1; break;
    	case WIN_SERVER_2003:	major = 5; minor = 2; break;
    	case WIN_VISTA:			major = 6; minor = 0; break;
    	case WIN_7:				major = 6; minor = 1; break;
    	case WIN_8:				major = 6; minor = 2; break;
    	case WIN_8_1:			major = 6; minor = 3; break;
    	case WIN_10:			major = 10; minor = 0; break;
    
    	default:
    		TC_THROW_FATAL_EXCEPTION;
    		break;
    	}
    
    	return ((OsMajorVersion << 16 | OsMinorVersion << 8)
    		>= (major << 16 | minor << 8));
    }
    
    NTSTATUS NTAPI KeSaveExtendedProcessorState (
        __in ULONG64 Mask,
        PXSTATE_SAVE XStateSave
        )
    {
    	if (KeSaveExtendedProcessorStatePtr)
    	{
    		return (KeSaveExtendedProcessorStatePtr) (Mask, XStateSave);
    	}
    	else
    	{
    		return STATUS_SUCCESS;
    	}
    }
    
    VOID NTAPI KeRestoreExtendedProcessorState (
    	PXSTATE_SAVE XStateSave
    	)
    {
    	if (KeRestoreExtendedProcessorStatePtr)
    	{
    		(KeRestoreExtendedProcessorStatePtr) (XStateSave);
    	}
    }