/* Legal Notice: Some portions of the source code contained in this file were derived from the source code of Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux and which is governed by the 'License Agreement for Encryption for the Masses'. Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2003-2012 TrueCrypt Developers Association and are governed by the TrueCrypt License 3.0 the full text of which is contained in the file License.txt included in TrueCrypt binary and source code distribution packages. */ #include "TCdefs.h" #include #include "Crypto.h" #include "Fat.h" #include "Tests.h" #include "Apidrvr.h" #include "Boot/Windows/BootDefs.h" #include "EncryptedIoQueue.h" #include "EncryptionThreadPool.h" #include "Ntdriver.h" #include "Ntvol.h" #include "DriveFilter.h" #include "DumpFilter.h" #include "Cache.h" #include "Volumes.h" #include "VolumeFilter.h" #include #include #include #include #include #include #include /* Init section, which is thrown away as soon as DriverEntry returns */ #pragma alloc_text(INIT,DriverEntry) #pragma alloc_text(INIT,TCCreateRootDeviceObject) PDRIVER_OBJECT TCDriverObject; PDEVICE_OBJECT RootDeviceObject = NULL; static KMUTEX RootDeviceControlMutex; BOOL DriverShuttingDown = FALSE; BOOL SelfTestsPassed; int LastUniqueVolumeId; ULONG OsMajorVersion = 0; ULONG OsMinorVersion; BOOL DriverUnloadDisabled = FALSE; BOOL PortableMode = FALSE; BOOL VolumeClassFilterRegistered = FALSE; BOOL CacheBootPassword = FALSE; BOOL NonAdminSystemFavoritesAccessDisabled = FALSE; static size_t EncryptionThreadPoolFreeCpuCountLimit = 0; static BOOL SystemFavoriteVolumeDirty = FALSE; static BOOL PagingFileCreationPrevented = FALSE; PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1]; NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) { PKEY_VALUE_PARTIAL_INFORMATION startKeyValue; LONG version; int i; Dump ("DriverEntry " TC_APP_NAME " " VERSION_STRING "\n"); PsGetVersion (&OsMajorVersion, &OsMinorVersion, NULL, NULL); // Load dump filter if the main driver is already loaded if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version)))) return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath); TCDriverObject = DriverObject; memset (VirtualVolumeDeviceObjects, 0, sizeof (VirtualVolumeDeviceObjects)); ReadRegistryConfigFlags (TRUE); EncryptionThreadPoolStart (EncryptionThreadPoolFreeCpuCountLimit); SelfTestsPassed = AutoTestAlgorithms(); // Enable device class filters and load boot arguments if the driver is set to start at system boot if (NT_SUCCESS (TCReadRegistryKey (RegistryPath, L"Start", &startKeyValue))) { if (startKeyValue->Type == REG_DWORD && *((uint32 *) startKeyValue->Data) == SERVICE_BOOT_START) { if (!SelfTestsPassed) TC_BUG_CHECK (STATUS_INVALID_PARAMETER); LoadBootArguments(); VolumeClassFilterRegistered = IsVolumeClassFilterRegistered(); DriverObject->DriverExtension->AddDevice = DriverAddDevice; } TCfree (startKeyValue); } for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; ++i) { DriverObject->MajorFunction[i] = TCDispatchQueueIRP; } DriverObject->DriverUnload = TCUnloadDriver; return TCCreateRootDeviceObject (DriverObject); } NTSTATUS DriverAddDevice (PDRIVER_OBJECT driverObject, PDEVICE_OBJECT pdo) { #ifdef DEBUG char nameInfoBuffer[128]; POBJECT_NAME_INFORMATION nameInfo = (POBJECT_NAME_INFORMATION) nameInfoBuffer; ULONG nameInfoSize; Dump ("AddDevice pdo=%p type=%x name=%ws\n", pdo, pdo->DeviceType, NT_SUCCESS (ObQueryNameString (pdo, nameInfo, sizeof (nameInfoBuffer), &nameInfoSize)) ? nameInfo->Name.Buffer : L"?"); #endif if (VolumeClassFilterRegistered && BootArgsValid && BootArgs.HiddenSystemPartitionStart != 0) { PWSTR interfaceLinks; if (NT_SUCCESS (IoGetDeviceInterfaces (&GUID_DEVINTERFACE_VOLUME, pdo, DEVICE_INTERFACE_INCLUDE_NONACTIVE, &interfaceLinks))) { if (interfaceLinks[0] != UNICODE_NULL) { Dump ("Volume pdo=%p interface=%ws\n", pdo, interfaceLinks); ExFreePool (interfaceLinks); return VolumeFilterAddDevice (driverObject, pdo); } ExFreePool (interfaceLinks); } } return DriveFilterAddDevice (driverObject, pdo); } // Dumps a memory region to debug output void DumpMemory (void *mem, int size) { unsigned char str[20]; unsigned char *m = mem; int i,j; for (j = 0; j < size / 8; j++) { memset (str,0,sizeof str); for (i = 0; i < 8; i++) { if (m[i] > ' ' && m[i] <= '~') str[i]=m[i]; else str[i]='.'; } Dump ("0x%08p %02x %02x %02x %02x %02x %02x %02x %02x %s\n", m, m[0], m[1], m[2], m[3], m[4], m[5], m[6], m[7], str); m+=8; } } BOOL ValidateIOBufferSize (PIRP irp, size_t requiredBufferSize, ValidateIOBufferSizeType type) { PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (irp); BOOL input = (type == ValidateInput || type == ValidateInputOutput); BOOL output = (type == ValidateOutput || type == ValidateInputOutput); if ((input && irpSp->Parameters.DeviceIoControl.InputBufferLength < requiredBufferSize) || (output && irpSp->Parameters.DeviceIoControl.OutputBufferLength < requiredBufferSize)) { Dump ("STATUS_BUFFER_TOO_SMALL ioctl=0x%x,%d in=%d out=%d reqsize=%d insize=%d outsize=%d\n", (int) (irpSp->Parameters.DeviceIoControl.IoControlCode >> 16), (int) ((irpSp->Parameters.DeviceIoControl.IoControlCode & 0x1FFF) >> 2), input, output, requiredBufferSize, irpSp->Parameters.DeviceIoControl.InputBufferLength, irpSp->Parameters.DeviceIoControl.OutputBufferLength); irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL; irp->IoStatus.Information = 0; return FALSE; } if (!input && output) memset (irp->AssociatedIrp.SystemBuffer, 0, irpSp->Parameters.DeviceIoControl.OutputBufferLength); return TRUE; } PDEVICE_OBJECT GetVirtualVolumeDeviceObject (int driveNumber) { if (driveNumber < MIN_MOUNTED_VOLUME_DRIVE_NUMBER || driveNumber > MAX_MOUNTED_VOLUME_DRIVE_NUMBER) return NULL; return VirtualVolumeDeviceObjects[driveNumber]; } /* TCDispatchQueueIRP queues any IRP's so that they can be processed later by the thread -- or in some cases handles them immediately! */ NTSTATUS TCDispatchQueueIRP (PDEVICE_OBJECT DeviceObject, PIRP Irp) { PEXTENSION Extension = (PEXTENSION) DeviceObject->DeviceExtension; PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp); NTSTATUS ntStatus; #ifdef _DEBUG if (irpSp->MajorFunction == IRP_MJ_DEVICE_CONTROL && (Extension->bRootDevice || Extension->IsVolumeDevice)) { switch (irpSp->Parameters.DeviceIoControl.IoControlCode) { case TC_IOCTL_GET_MOUNTED_VOLUMES: case TC_IOCTL_GET_PASSWORD_CACHE_STATUS: case TC_IOCTL_GET_PORTABLE_MODE_STATUS: case TC_IOCTL_SET_PORTABLE_MODE_STATUS: case TC_IOCTL_OPEN_TEST: case TC_IOCTL_GET_RESOLVED_SYMLINK: case TC_IOCTL_GET_DEVICE_REFCOUNT: case TC_IOCTL_GET_DRIVE_PARTITION_INFO: case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES: case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS: case TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS: case TC_IOCTL_GET_WARNING_FLAGS: case TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING: case IOCTL_DISK_CHECK_VERIFY: break; default: Dump ("%ls (0x%x %d)\n", TCTranslateCode (irpSp->Parameters.DeviceIoControl.IoControlCode), (int) (irpSp->Parameters.DeviceIoControl.IoControlCode >> 16), (int) ((irpSp->Parameters.DeviceIoControl.IoControlCode & 0x1FFF) >> 2)); } } #endif if (!Extension->bRootDevice) { // Drive filter IRP if (Extension->IsDriveFilterDevice) return DriveFilterDispatchIrp (DeviceObject, Irp); // Volume filter IRP if (Extension->IsVolumeFilterDevice) return VolumeFilterDispatchIrp (DeviceObject, Irp); } switch (irpSp->MajorFunction) { case IRP_MJ_CLOSE: case IRP_MJ_CREATE: case IRP_MJ_CLEANUP: return COMPLETE_IRP (DeviceObject, Irp, STATUS_SUCCESS, 0); case IRP_MJ_SHUTDOWN: if (Extension->bRootDevice) { Dump ("Driver shutting down\n"); DriverShuttingDown = TRUE; if (EncryptionSetupThread) while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP, NULL, 0, NULL, 0) == STATUS_INSUFFICIENT_RESOURCES); if (DecoySystemWipeThread) while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE, NULL, 0, NULL, 0) == STATUS_INSUFFICIENT_RESOURCES); OnShutdownPending(); } return COMPLETE_IRP (DeviceObject, Irp, STATUS_SUCCESS, 0); case IRP_MJ_FLUSH_BUFFERS: case IRP_MJ_READ: case IRP_MJ_WRITE: case IRP_MJ_DEVICE_CONTROL: if (Extension->bRootDevice) { if (irpSp->MajorFunction == IRP_MJ_DEVICE_CONTROL) { NTSTATUS status = KeWaitForMutexObject (&RootDeviceControlMutex, Executive, KernelMode, FALSE, NULL); if (!NT_SUCCESS (status)) return status; status = ProcessMainDeviceControlIrp (DeviceObject, Extension, Irp); KeReleaseMutex (&RootDeviceControlMutex, FALSE); return status; } break; } if (Extension->bShuttingDown) { Dump ("Device %d shutting down: STATUS_DELETE_PENDING\n", Extension->nDosDriveNo); return TCCompleteDiskIrp (Irp, STATUS_DELETE_PENDING, 0); } if (Extension->bRemovable && (DeviceObject->Flags & DO_VERIFY_VOLUME) && !(irpSp->Flags & SL_OVERRIDE_VERIFY_VOLUME) && irpSp->MajorFunction != IRP_MJ_FLUSH_BUFFERS) { Dump ("Removable device %d has DO_VERIFY_VOLUME flag: STATUS_DEVICE_NOT_READY\n", Extension->nDosDriveNo); return TCCompleteDiskIrp (Irp, STATUS_DEVICE_NOT_READY, 0); } switch (irpSp->MajorFunction) { case IRP_MJ_READ: case IRP_MJ_WRITE: ntStatus = EncryptedIoQueueAddIrp (&Extension->Queue, Irp); if (ntStatus != STATUS_PENDING) TCCompleteDiskIrp (Irp, ntStatus, 0); return ntStatus; case IRP_MJ_DEVICE_CONTROL: ntStatus = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp); if (!NT_SUCCESS (ntStatus)) return TCCompleteIrp (Irp, ntStatus, 0); IoMarkIrpPending (Irp); ExInterlockedInsertTailList (&Extension->ListEntry, &Irp->Tail.Overlay.ListEntry, &Extension->ListSpinLock); KeReleaseSemaphore (&Extension->RequestSemaphore, IO_DISK_INCREMENT, 1, FALSE); return STATUS_PENDING; case IRP_MJ_FLUSH_BUFFERS: return TCCompleteDiskIrp (Irp, STATUS_SUCCESS, 0); } break; case IRP_MJ_PNP: if (!Extension->bRootDevice && Extension->IsVolumeDevice && irpSp->MinorFunction == IRP_MN_DEVICE_USAGE_NOTIFICATION && irpSp->Parameters.UsageNotification.Type == DeviceUsageTypePaging && irpSp->Parameters.UsageNotification.InPath) { PagingFileCreationPrevented = TRUE; return TCCompleteIrp (Irp, STATUS_UNSUCCESSFUL, 0); } break; } return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0); } NTSTATUS TCCreateRootDeviceObject (PDRIVER_OBJECT DriverObject) { UNICODE_STRING Win32NameString, ntUnicodeString; WCHAR dosname[32], ntname[32]; PDEVICE_OBJECT DeviceObject; NTSTATUS ntStatus; BOOL *bRootExtension; Dump ("TCCreateRootDeviceObject BEGIN\n"); ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL); RtlStringCbCopyW (dosname, sizeof(dosname),(LPWSTR) DOS_ROOT_PREFIX); RtlStringCbCopyW (ntname, sizeof(ntname),(LPWSTR) NT_ROOT_PREFIX); RtlInitUnicodeString (&ntUnicodeString, ntname); RtlInitUnicodeString (&Win32NameString, dosname); Dump ("Creating root device nt=%ls dos=%ls\n", ntname, dosname); ntStatus = IoCreateDevice ( DriverObject, sizeof (BOOL), &ntUnicodeString, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &DeviceObject); if (!NT_SUCCESS (ntStatus)) { Dump ("TCCreateRootDeviceObject NTSTATUS = 0x%08x END\n", ntStatus); return ntStatus;/* Failed to create DeviceObject */ } DeviceObject->Flags |= DO_DIRECT_IO; DeviceObject->AlignmentRequirement = FILE_WORD_ALIGNMENT; /* Setup the device extension */ bRootExtension = (BOOL *) DeviceObject->DeviceExtension; *bRootExtension = TRUE; KeInitializeMutex (&RootDeviceControlMutex, 0); ntStatus = IoCreateSymbolicLink (&Win32NameString, &ntUnicodeString); if (!NT_SUCCESS (ntStatus)) { Dump ("TCCreateRootDeviceObject NTSTATUS = 0x%08x END\n", ntStatus); IoDeleteDevice (DeviceObject); return ntStatus; } IoRegisterShutdownNotification (DeviceObject); RootDeviceObject = DeviceObject; Dump ("TCCreateRootDeviceObject STATUS_SUCCESS END\n"); return STATUS_SUCCESS; } NTSTATUS TCCreateDeviceObject (PDRIVER_OBJECT DriverObject, PDEVICE_OBJECT * ppDeviceObject, MOUNT_STRUCT * mount) { UNICODE_STRING Win32NameString, ntUnicodeString; WCHAR dosname[32], ntname[32]; PEXTENSION Extension; NTSTATUS ntStatus; ULONG devChars = 0; Dump ("TCCreateDeviceObject BEGIN\n"); ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL); TCGetDosNameFromNumber (dosname, sizeof(dosname),mount->nDosDriveNo); TCGetNTNameFromNumber (ntname, sizeof(ntname),mount->nDosDriveNo); RtlInitUnicodeString (&ntUnicodeString, ntname); RtlInitUnicodeString (&Win32NameString, dosname); devChars = FILE_DEVICE_SECURE_OPEN; devChars |= mount->bMountReadOnly ? FILE_READ_ONLY_DEVICE : 0; devChars |= mount->bMountRemovable ? FILE_REMOVABLE_MEDIA : 0; Dump ("Creating device nt=%ls dos=%ls\n", ntname, dosname); ntStatus = IoCreateDevice ( DriverObject, /* Our Driver Object */ sizeof (EXTENSION), /* Size of state information */ &ntUnicodeString, /* Device name "\Device\Name" */ FILE_DEVICE_DISK, /* Device type */ devChars, /* Device characteristics */ FALSE, /* Exclusive device */ ppDeviceObject); /* Returned ptr to Device Object */ if (!NT_SUCCESS (ntStatus)) { Dump ("TCCreateDeviceObject NTSTATUS = 0x%08x END\n", ntStatus); return ntStatus;/* Failed to create DeviceObject */ } /* Initialize device object and extension. */ (*ppDeviceObject)->Flags |= DO_DIRECT_IO; (*ppDeviceObject)->StackSize += 6; // Reduce occurrence of NO_MORE_IRP_STACK_LOCATIONS bug check caused by buggy drivers /* Setup the device extension */ Extension = (PEXTENSION) (*ppDeviceObject)->DeviceExtension; memset (Extension, 0, sizeof (EXTENSION)); Extension->IsVolumeDevice = TRUE; Extension->nDosDriveNo = mount->nDosDriveNo; Extension->bRemovable = mount->bMountRemovable; Extension->PartitionInInactiveSysEncScope = mount->bPartitionInInactiveSysEncScope; Extension->SystemFavorite = mount->SystemFavorite; KeInitializeEvent (&Extension->keCreateEvent, SynchronizationEvent, FALSE); KeInitializeSemaphore (&Extension->RequestSemaphore, 0L, MAXLONG); KeInitializeSpinLock (&Extension->ListSpinLock); InitializeListHead (&Extension->ListEntry); IoInitializeRemoveLock (&Extension->Queue.RemoveLock, 'LRCT', 0, 0); VirtualVolumeDeviceObjects[mount->nDosDriveNo] = *ppDeviceObject; Dump ("TCCreateDeviceObject STATUS_SUCCESS END\n"); return STATUS_SUCCESS; } BOOL RootDeviceControlMutexAcquireNoWait () { NTSTATUS status; LARGE_INTEGER timeout; timeout.QuadPart = 0; status = KeWaitForMutexObject (&RootDeviceControlMutex, Executive, KernelMode, FALSE, &timeout); return NT_SUCCESS (status) && status != STATUS_TIMEOUT; } void RootDeviceControlMutexRelease () { KeReleaseMutex (&RootDeviceControlMutex, FALSE); } NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension, PIRP Irp) { PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp); switch (irpSp->Parameters.DeviceIoControl.IoControlCode) { case IOCTL_MOUNTDEV_QUERY_DEVICE_NAME: if (!ValidateIOBufferSize (Irp, sizeof (MOUNTDEV_NAME), ValidateOutput)) { Irp->IoStatus.Information = sizeof (MOUNTDEV_NAME); Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW; } else { ULONG outLength; UNICODE_STRING ntUnicodeString; WCHAR ntName[256]; PMOUNTDEV_NAME outputBuffer = (PMOUNTDEV_NAME) Irp->AssociatedIrp.SystemBuffer; TCGetNTNameFromNumber (ntName, sizeof(ntName),Extension->nDosDriveNo); RtlInitUnicodeString (&ntUnicodeString, ntName); outputBuffer->NameLength = ntUnicodeString.Length; outLength = ntUnicodeString.Length + sizeof(USHORT); if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < outLength) { Irp->IoStatus.Information = sizeof (MOUNTDEV_NAME); Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW; break; } RtlCopyMemory ((PCHAR)outputBuffer->Name,ntUnicodeString.Buffer, ntUnicodeString.Length); Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = outLength; Dump ("name = %ls\n",ntName); } break; case IOCTL_MOUNTDEV_QUERY_UNIQUE_ID: if (!ValidateIOBufferSize (Irp, sizeof (MOUNTDEV_UNIQUE_ID), ValidateOutput)) { Irp->IoStatus.Information = sizeof (MOUNTDEV_UNIQUE_ID); Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW; } else { ULONG outLength; UCHAR volId[128], tmp[] = { 0,0 }; PMOUNTDEV_UNIQUE_ID outputBuffer = (PMOUNTDEV_UNIQUE_ID) Irp->AssociatedIrp.SystemBuffer; RtlStringCbCopyA (volId, sizeof(volId),TC_UNIQUE_ID_PREFIX); tmp[0] = 'A' + (UCHAR) Extension->nDosDriveNo; RtlStringCbCatA (volId, sizeof(volId),tmp); outputBuffer->UniqueIdLength = (USHORT) strlen (volId); outLength = (ULONG) (strlen (volId) + sizeof (USHORT)); if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < outLength) { Irp->IoStatus.Information = sizeof (MOUNTDEV_UNIQUE_ID); Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW; break; } RtlCopyMemory ((PCHAR)outputBuffer->UniqueId, volId, strlen (volId)); Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = outLength; Dump ("id = %s\n",volId); } break; case IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME: { ULONG outLength; UNICODE_STRING ntUnicodeString; WCHAR ntName[256]; PMOUNTDEV_SUGGESTED_LINK_NAME outputBuffer = (PMOUNTDEV_SUGGESTED_LINK_NAME) Irp->AssociatedIrp.SystemBuffer; if (!ValidateIOBufferSize (Irp, sizeof (MOUNTDEV_SUGGESTED_LINK_NAME), ValidateOutput)) { Irp->IoStatus.Status = STATUS_INVALID_PARAMETER; Irp->IoStatus.Information = 0; break; } TCGetDosNameFromNumber (ntName, sizeof(ntName),Extension->nDosDriveNo); RtlInitUnicodeString (&ntUnicodeString, ntName); outLength = FIELD_OFFSET(MOUNTDEV_SUGGESTED_LINK_NAME,Name) + ntUnicodeString.Length; outputBuffer->UseOnlyIfThereAreNoOtherLinks = FALSE; outputBuffer->NameLength = ntUnicodeString.Length; if(irpSp->Parameters.DeviceIoControl.OutputBufferLength < outLength) { Irp->IoStatus.Information = sizeof (MOUNTDEV_SUGGESTED_LINK_NAME); Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW; break; } RtlCopyMemory ((PCHAR)outputBuffer->Name,ntUnicodeString.Buffer, ntUnicodeString.Length); Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = outLength; Dump ("link = %ls\n",ntName); } break; case IOCTL_DISK_GET_MEDIA_TYPES: case IOCTL_DISK_GET_DRIVE_GEOMETRY: /* Return the drive geometry for the disk. Note that we return values which were made up to suit the disk size. */ if (ValidateIOBufferSize (Irp, sizeof (DISK_GEOMETRY), ValidateOutput)) { PDISK_GEOMETRY outputBuffer = (PDISK_GEOMETRY) Irp->AssociatedIrp.SystemBuffer; outputBuffer->MediaType = Extension->bRemovable ? RemovableMedia : FixedMedia; outputBuffer->Cylinders.QuadPart = Extension->NumberOfCylinders; outputBuffer->TracksPerCylinder = Extension->TracksPerCylinder; outputBuffer->SectorsPerTrack = Extension->SectorsPerTrack; outputBuffer->BytesPerSector = Extension->BytesPerSector; Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = sizeof (DISK_GEOMETRY); } break; case IOCTL_DISK_GET_PARTITION_INFO: if (ValidateIOBufferSize (Irp, sizeof (PARTITION_INFORMATION), ValidateOutput)) { PPARTITION_INFORMATION outputBuffer = (PPARTITION_INFORMATION) Irp->AssociatedIrp.SystemBuffer; outputBuffer->PartitionType = Extension->PartitionType; outputBuffer->BootIndicator = FALSE; outputBuffer->RecognizedPartition = TRUE; outputBuffer->RewritePartition = FALSE; outputBuffer->StartingOffset.QuadPart = Extension->BytesPerSector; outputBuffer->PartitionLength.QuadPart= Extension->DiskLength; outputBuffer->HiddenSectors = 0; Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = sizeof (PARTITION_INFORMATION); } break; case IOCTL_DISK_GET_PARTITION_INFO_EX: if (ValidateIOBufferSize (Irp, sizeof (PARTITION_INFORMATION_EX), ValidateOutput)) { PPARTITION_INFORMATION_EX outputBuffer = (PPARTITION_INFORMATION_EX) Irp->AssociatedIrp.SystemBuffer; outputBuffer->PartitionStyle = PARTITION_STYLE_MBR; outputBuffer->RewritePartition = FALSE; outputBuffer->StartingOffset.QuadPart = Extension->BytesPerSector; outputBuffer->PartitionLength.QuadPart= Extension->DiskLength; outputBuffer->Mbr.PartitionType = Extension->PartitionType; outputBuffer->Mbr.BootIndicator = FALSE; outputBuffer->Mbr.RecognizedPartition = TRUE; outputBuffer->Mbr.HiddenSectors = 0; Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = sizeof (PARTITION_INFORMATION_EX); } break; case IOCTL_DISK_GET_DRIVE_LAYOUT: if (ValidateIOBufferSize (Irp, sizeof (DRIVE_LAYOUT_INFORMATION), ValidateOutput)) { PDRIVE_LAYOUT_INFORMATION outputBuffer = (PDRIVE_LAYOUT_INFORMATION) Irp->AssociatedIrp.SystemBuffer; outputBuffer->PartitionCount = 1; outputBuffer->Signature = 0; outputBuffer->PartitionEntry->PartitionType = Extension->PartitionType; outputBuffer->PartitionEntry->BootIndicator = FALSE; outputBuffer->PartitionEntry->RecognizedPartition = TRUE; outputBuffer->PartitionEntry->RewritePartition = FALSE; outputBuffer->PartitionEntry->StartingOffset.QuadPart = Extension->BytesPerSector; outputBuffer->PartitionEntry->PartitionLength.QuadPart = Extension->DiskLength; outputBuffer->PartitionEntry->HiddenSectors = 0; Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = sizeof (PARTITION_INFORMATION); } break; case IOCTL_DISK_GET_LENGTH_INFO: if (!ValidateIOBufferSize (Irp, sizeof (GET_LENGTH_INFORMATION), ValidateOutput)) { Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW; Irp->IoStatus.Information = sizeof (GET_LENGTH_INFORMATION); } else { PGET_LENGTH_INFORMATION outputBuffer = (PGET_LENGTH_INFORMATION) Irp->AssociatedIrp.SystemBuffer; outputBuffer->Length.QuadPart = Extension->DiskLength; Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = sizeof (GET_LENGTH_INFORMATION); } break; case IOCTL_DISK_VERIFY: if (ValidateIOBufferSize (Irp, sizeof (VERIFY_INFORMATION), ValidateInput)) { HRESULT hResult; ULONGLONG ullStartingOffset, ullNewOffset, ullEndOffset; PVERIFY_INFORMATION pVerifyInformation; pVerifyInformation = (PVERIFY_INFORMATION) Irp->AssociatedIrp.SystemBuffer; ullStartingOffset = (ULONGLONG) pVerifyInformation->StartingOffset.QuadPart; hResult = ULongLongAdd(ullStartingOffset, (ULONGLONG) Extension->cryptoInfo->hiddenVolume ? Extension->cryptoInfo->hiddenVolumeOffset : Extension->cryptoInfo->volDataAreaOffset, &ullNewOffset); if (hResult != S_OK) Irp->IoStatus.Status = STATUS_INVALID_PARAMETER; else if (S_OK != ULongLongAdd(ullNewOffset, (ULONGLONG) pVerifyInformation->Length, &ullEndOffset)) Irp->IoStatus.Status = STATUS_INVALID_PARAMETER; else if (ullEndOffset > (ULONGLONG) Extension->DiskLength) Irp->IoStatus.Status = STATUS_INVALID_PARAMETER; else { IO_STATUS_BLOCK ioStatus; PVOID buffer = TCalloc (max (pVerifyInformation->Length, PAGE_SIZE)); if (!buffer) { Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES; } else { LARGE_INTEGER offset = pVerifyInformation->StartingOffset; offset.QuadPart = ullNewOffset; Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, pVerifyInformation->Length, &offset, NULL); TCfree (buffer); if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != pVerifyInformation->Length) Irp->IoStatus.Status = STATUS_INVALID_PARAMETER; } } Irp->IoStatus.Information = 0; } break; case IOCTL_DISK_CHECK_VERIFY: case IOCTL_STORAGE_CHECK_VERIFY: { Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; if (irpSp->Parameters.DeviceIoControl.OutputBufferLength >= sizeof (ULONG)) { *((ULONG *) Irp->AssociatedIrp.SystemBuffer) = 0; Irp->IoStatus.Information = sizeof (ULONG); } } break; case IOCTL_DISK_IS_WRITABLE: { if (Extension->bReadOnly) Irp->IoStatus.Status = STATUS_MEDIA_WRITE_PROTECTED; else Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; } break; case IOCTL_VOLUME_ONLINE: Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; break; case IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS: // Vista's filesystem defragmenter fails if IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS does not succeed. if (!(OsMajorVersion == 6 && OsMinorVersion == 0)) { Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST; Irp->IoStatus.Information = 0; } else if (ValidateIOBufferSize (Irp, sizeof (VOLUME_DISK_EXTENTS), ValidateOutput)) { VOLUME_DISK_EXTENTS *extents = (VOLUME_DISK_EXTENTS *) Irp->AssociatedIrp.SystemBuffer; // No extent data can be returned as this is not a physical drive. memset (extents, 0, sizeof (*extents)); extents->NumberOfDiskExtents = 0; Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = sizeof (*extents); } break; default: return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0); } #ifdef DEBUG if (!NT_SUCCESS (Irp->IoStatus.Status)) { Dump ("IOCTL error 0x%08x (0x%x %d)\n", Irp->IoStatus.Status, (int) (irpSp->Parameters.DeviceIoControl.IoControlCode >> 16), (int) ((irpSp->Parameters.DeviceIoControl.IoControlCode & 0x1FFF) >> 2)); } #endif return TCCompleteDiskIrp (Irp, Irp->IoStatus.Status, Irp->IoStatus.Information); } NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension, PIRP Irp) { PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp); NTSTATUS ntStatus; switch (irpSp->Parameters.DeviceIoControl.IoControlCode) { case TC_IOCTL_GET_DRIVER_VERSION: case TC_IOCTL_LEGACY_GET_DRIVER_VERSION: if (ValidateIOBufferSize (Irp, sizeof (LONG), ValidateOutput)) { LONG tmp = VERSION_NUM; memcpy (Irp->AssociatedIrp.SystemBuffer, &tmp, 4); Irp->IoStatus.Information = sizeof (LONG); Irp->IoStatus.Status = STATUS_SUCCESS; } break; case TC_IOCTL_GET_DEVICE_REFCOUNT: if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput)) { *(int *) Irp->AssociatedIrp.SystemBuffer = DeviceObject->ReferenceCount; Irp->IoStatus.Information = sizeof (int); Irp->IoStatus.Status = STATUS_SUCCESS; } break; case TC_IOCTL_IS_DRIVER_UNLOAD_DISABLED: if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput)) { LONG deviceObjectCount = 0; *(int *) Irp->AssociatedIrp.SystemBuffer = DriverUnloadDisabled; if (IoEnumerateDeviceObjectList (TCDriverObject, NULL, 0, &deviceObjectCount) == STATUS_BUFFER_TOO_SMALL && deviceObjectCount > 1) *(int *) Irp->AssociatedIrp.SystemBuffer = TRUE; Irp->IoStatus.Information = sizeof (int); Irp->IoStatus.Status = STATUS_SUCCESS; } break; case TC_IOCTL_IS_ANY_VOLUME_MOUNTED: if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput)) { int drive; *(int *) Irp->AssociatedIrp.SystemBuffer = 0; for (drive = MIN_MOUNTED_VOLUME_DRIVE_NUMBER; drive <= MAX_MOUNTED_VOLUME_DRIVE_NUMBER; ++drive) { if (GetVirtualVolumeDeviceObject (drive)) { *(int *) Irp->AssociatedIrp.SystemBuffer = 1; break; } } if (IsBootDriveMounted()) *(int *) Irp->AssociatedIrp.SystemBuffer = 1; Irp->IoStatus.Information = sizeof (int); Irp->IoStatus.Status = STATUS_SUCCESS; } break; case TC_IOCTL_OPEN_TEST: { OPEN_TEST_STRUCT *opentest = (OPEN_TEST_STRUCT *) Irp->AssociatedIrp.SystemBuffer; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE NtFileHandle; UNICODE_STRING FullFileName; IO_STATUS_BLOCK IoStatus; LARGE_INTEGER offset; ACCESS_MASK access = FILE_READ_ATTRIBUTES; if (!ValidateIOBufferSize (Irp, sizeof (OPEN_TEST_STRUCT), ValidateInputOutput)) break; EnsureNullTerminatedString (opentest->wszFileName, sizeof (opentest->wszFileName)); RtlInitUnicodeString (&FullFileName, opentest->wszFileName); InitializeObjectAttributes (&ObjectAttributes, &FullFileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); if (opentest->bDetectTCBootLoader || opentest->DetectFilesystem) access |= FILE_READ_DATA; ntStatus = ZwCreateFile (&NtFileHandle, SYNCHRONIZE | access, &ObjectAttributes, &IoStatus, NULL, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if (NT_SUCCESS (ntStatus)) { opentest->TCBootLoaderDetected = FALSE; opentest->FilesystemDetected = FALSE; if (opentest->bDetectTCBootLoader || opentest->DetectFilesystem) { byte *readBuffer = TCalloc (TC_MAX_VOLUME_SECTOR_SIZE); if (!readBuffer) { ntStatus = STATUS_INSUFFICIENT_RESOURCES; } else { // Determine if the first sector contains a portion of the VeraCrypt Boot Loader offset.QuadPart = 0; ntStatus = ZwReadFile (NtFileHandle, NULL, NULL, NULL, &IoStatus, readBuffer, TC_MAX_VOLUME_SECTOR_SIZE, &offset, NULL); if (NT_SUCCESS (ntStatus)) { size_t i; if (opentest->bDetectTCBootLoader && IoStatus.Information >= TC_SECTOR_SIZE_BIOS) { // Search for the string "VeraCrypt" for (i = 0; i < TC_SECTOR_SIZE_BIOS - strlen (TC_APP_NAME); ++i) { if (memcmp (readBuffer + i, TC_APP_NAME, strlen (TC_APP_NAME)) == 0) { opentest->TCBootLoaderDetected = TRUE; break; } } } if (opentest->DetectFilesystem && IoStatus.Information >= sizeof (int64)) { switch (BE64 (*(uint64 *) readBuffer)) { case 0xEB52904E54465320: // NTFS case 0xEB3C904D53444F53: // FAT16 case 0xEB58904D53444F53: // FAT32 case 0xEB76904558464154: // exFAT opentest->FilesystemDetected = TRUE; break; } } } TCfree (readBuffer); } } ZwClose (NtFileHandle); Dump ("Open test on file %ls success.\n", opentest->wszFileName); } else { #if 0 Dump ("Open test on file %ls failed NTSTATUS 0x%08x\n", opentest->wszFileName, ntStatus); #endif } Irp->IoStatus.Information = NT_SUCCESS (ntStatus) ? sizeof (OPEN_TEST_STRUCT) : 0; Irp->IoStatus.Status = ntStatus; } break; case TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG: { GetSystemDriveConfigurationRequest *request = (GetSystemDriveConfigurationRequest *) Irp->AssociatedIrp.SystemBuffer; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE NtFileHandle; UNICODE_STRING FullFileName; IO_STATUS_BLOCK IoStatus; LARGE_INTEGER offset; byte readBuffer [TC_SECTOR_SIZE_BIOS]; if (!ValidateIOBufferSize (Irp, sizeof (GetSystemDriveConfigurationRequest), ValidateInputOutput)) break; EnsureNullTerminatedString (request->DevicePath, sizeof (request->DevicePath)); RtlInitUnicodeString (&FullFileName, request->DevicePath); InitializeObjectAttributes (&ObjectAttributes, &FullFileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); ntStatus = ZwCreateFile (&NtFileHandle, SYNCHRONIZE | GENERIC_READ, &ObjectAttributes, &IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT | FILE_RANDOM_ACCESS, NULL, 0); if (NT_SUCCESS (ntStatus)) { // Determine if the first sector contains a portion of the VeraCrypt Boot Loader offset.QuadPart = 0; // MBR ntStatus = ZwReadFile (NtFileHandle, NULL, NULL, NULL, &IoStatus, readBuffer, sizeof(readBuffer), &offset, NULL); if (NT_SUCCESS (ntStatus)) { size_t i; // Check for dynamic drive request->DriveIsDynamic = FALSE; if (readBuffer[510] == 0x55 && readBuffer[511] == 0xaa) { int i; for (i = 0; i < 4; ++i) { if (readBuffer[446 + i * 16 + 4] == PARTITION_LDM) { request->DriveIsDynamic = TRUE; break; } } } request->BootLoaderVersion = 0; request->Configuration = 0; request->UserConfiguration = 0; request->CustomUserMessage[0] = 0; // Search for the string "VeraCrypt" for (i = 0; i < sizeof (readBuffer) - strlen (TC_APP_NAME); ++i) { if (memcmp (readBuffer + i, TC_APP_NAME, strlen (TC_APP_NAME)) == 0) { request->BootLoaderVersion = BE16 (*(uint16 *) (readBuffer + TC_BOOT_SECTOR_VERSION_OFFSET)); request->Configuration = readBuffer[TC_BOOT_SECTOR_CONFIG_OFFSET]; if (request->BootLoaderVersion != 0 && request->BootLoaderVersion <= VERSION_NUM) { request->UserConfiguration = readBuffer[TC_BOOT_SECTOR_USER_CONFIG_OFFSET]; memcpy (request->CustomUserMessage, readBuffer + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH); } break; } } Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = sizeof (*request); } else { Irp->IoStatus.Status = ntStatus; Irp->IoStatus.Information = 0; } ZwClose (NtFileHandle); } else { Irp->IoStatus.Status = ntStatus; Irp->IoStatus.Information = 0; } } break; case TC_IOCTL_WIPE_PASSWORD_CACHE: WipeCache (); Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; break; case TC_IOCTL_GET_PASSWORD_CACHE_STATUS: Irp->IoStatus.Status = cacheEmpty ? STATUS_PIPE_EMPTY : STATUS_SUCCESS; Irp->IoStatus.Information = 0; break; case TC_IOCTL_SET_PORTABLE_MODE_STATUS: if (!UserCanAccessDriveDevice()) { Irp->IoStatus.Status = STATUS_ACCESS_DENIED; Irp->IoStatus.Information = 0; } else { PortableMode = TRUE; Dump ("Setting portable mode\n"); } break; case TC_IOCTL_GET_PORTABLE_MODE_STATUS: Irp->IoStatus.Status = PortableMode ? STATUS_SUCCESS : STATUS_PIPE_EMPTY; Irp->IoStatus.Information = 0; break; case TC_IOCTL_GET_MOUNTED_VOLUMES: if (ValidateIOBufferSize (Irp, sizeof (MOUNT_LIST_STRUCT), ValidateOutput)) { MOUNT_LIST_STRUCT *list = (MOUNT_LIST_STRUCT *) Irp->AssociatedIrp.SystemBuffer; PDEVICE_OBJECT ListDevice; int drive; list->ulMountedDrives = 0; for (drive = MIN_MOUNTED_VOLUME_DRIVE_NUMBER; drive <= MAX_MOUNTED_VOLUME_DRIVE_NUMBER; ++drive) { PEXTENSION ListExtension; ListDevice = GetVirtualVolumeDeviceObject (drive); if (!ListDevice) continue; ListExtension = (PEXTENSION) ListDevice->DeviceExtension; if (IsVolumeAccessibleByCurrentUser (ListExtension)) { list->ulMountedDrives |= (1 << ListExtension->nDosDriveNo); RtlStringCbCopyW (list->wszVolume[ListExtension->nDosDriveNo], sizeof(list->wszVolume[ListExtension->nDosDriveNo]),ListExtension->wszVolume); list->diskLength[ListExtension->nDosDriveNo] = ListExtension->DiskLength; list->ea[ListExtension->nDosDriveNo] = ListExtension->cryptoInfo->ea; if (ListExtension->cryptoInfo->hiddenVolume) list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_HIDDEN; // Hidden volume else if (ListExtension->cryptoInfo->bHiddenVolProtectionAction) list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_OUTER_VOL_WRITE_PREVENTED; // Normal/outer volume (hidden volume protected AND write already prevented) else if (ListExtension->cryptoInfo->bProtectHiddenVolume) list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_OUTER; // Normal/outer volume (hidden volume protected) else list->volumeType[ListExtension->nDosDriveNo] = PROP_VOL_TYPE_NORMAL; // Normal volume } } Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = sizeof (MOUNT_LIST_STRUCT); } break; case TC_IOCTL_LEGACY_GET_MOUNTED_VOLUMES: if (ValidateIOBufferSize (Irp, sizeof (uint32), ValidateOutput)) { // Prevent the user from downgrading to versions lower than 5.0 by faking mounted volumes. // The user could render the system unbootable by downgrading when boot encryption // is active or being set up. memset (Irp->AssociatedIrp.SystemBuffer, 0, irpSp->Parameters.DeviceIoControl.OutputBufferLength); *(uint32 *) Irp->AssociatedIrp.SystemBuffer = 0xffffFFFF; Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = irpSp->Parameters.DeviceIoControl.OutputBufferLength; } break; case TC_IOCTL_GET_VOLUME_PROPERTIES: if (ValidateIOBufferSize (Irp, sizeof (VOLUME_PROPERTIES_STRUCT), ValidateInputOutput)) { VOLUME_PROPERTIES_STRUCT *prop = (VOLUME_PROPERTIES_STRUCT *) Irp->AssociatedIrp.SystemBuffer; PDEVICE_OBJECT ListDevice = GetVirtualVolumeDeviceObject (prop->driveNo); Irp->IoStatus.Status = STATUS_INVALID_PARAMETER; Irp->IoStatus.Information = 0; if (ListDevice) { PEXTENSION ListExtension = (PEXTENSION) ListDevice->DeviceExtension; if (IsVolumeAccessibleByCurrentUser (ListExtension)) { prop->uniqueId = ListExtension->UniqueVolumeId; RtlStringCbCopyW (prop->wszVolume, sizeof(prop->wszVolume),ListExtension->wszVolume); prop->diskLength = ListExtension->DiskLength; prop->ea = ListExtension->cryptoInfo->ea; prop->mode = ListExtension->cryptoInfo->mode; prop->pkcs5 = ListExtension->cryptoInfo->pkcs5; prop->pkcs5Iterations = ListExtension->cryptoInfo->noIterations; #if 0 prop->volumeCreationTime = ListExtension->cryptoInfo->volume_creation_time; prop->headerCreationTime = ListExtension->cryptoInfo->header_creation_time; #endif prop->volumeHeaderFlags = ListExtension->cryptoInfo->HeaderFlags; prop->readOnly = ListExtension->bReadOnly; prop->removable = ListExtension->bRemovable; prop->partitionInInactiveSysEncScope = ListExtension->PartitionInInactiveSysEncScope; prop->hiddenVolume = ListExtension->cryptoInfo->hiddenVolume; if (ListExtension->cryptoInfo->bProtectHiddenVolume) prop->hiddenVolProtection = ListExtension->cryptoInfo->bHiddenVolProtectionAction ? HIDVOL_PROT_STATUS_ACTION_TAKEN : HIDVOL_PROT_STATUS_ACTIVE; else prop->hiddenVolProtection = HIDVOL_PROT_STATUS_NONE; prop->totalBytesRead = ListExtension->Queue.TotalBytesRead; prop->totalBytesWritten = ListExtension->Queue.TotalBytesWritten; prop->volFormatVersion = ListExtension->cryptoInfo->LegacyVolume ? TC_VOLUME_FORMAT_VERSION_PRE_6_0 : TC_VOLUME_FORMAT_VERSION; Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = sizeof (VOLUME_PROPERTIES_STRUCT); } } } break; case TC_IOCTL_GET_RESOLVED_SYMLINK: if (ValidateIOBufferSize (Irp, sizeof (RESOLVE_SYMLINK_STRUCT), ValidateInputOutput)) { RESOLVE_SYMLINK_STRUCT *resolve = (RESOLVE_SYMLINK_STRUCT *) Irp->AssociatedIrp.SystemBuffer; { NTSTATUS ntStatus; EnsureNullTerminatedString (resolve->symLinkName, sizeof (resolve->symLinkName)); ntStatus = SymbolicLinkToTarget (resolve->symLinkName, resolve->targetName, sizeof (resolve->targetName)); Irp->IoStatus.Information = sizeof (RESOLVE_SYMLINK_STRUCT); Irp->IoStatus.Status = ntStatus; } } break; case TC_IOCTL_GET_DRIVE_PARTITION_INFO: if (ValidateIOBufferSize (Irp, sizeof (DISK_PARTITION_INFO_STRUCT), ValidateInputOutput)) { DISK_PARTITION_INFO_STRUCT *info = (DISK_PARTITION_INFO_STRUCT *) Irp->AssociatedIrp.SystemBuffer; { PARTITION_INFORMATION_EX pi; NTSTATUS ntStatus; EnsureNullTerminatedString (info->deviceName, sizeof (info->deviceName)); ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &pi, sizeof (pi)); if (NT_SUCCESS(ntStatus)) { memset (&info->partInfo, 0, sizeof (info->partInfo)); info->partInfo.PartitionLength = pi.PartitionLength; info->partInfo.PartitionNumber = pi.PartitionNumber; info->partInfo.StartingOffset = pi.StartingOffset; if (pi.PartitionStyle == PARTITION_STYLE_MBR) { info->partInfo.PartitionType = pi.Mbr.PartitionType; info->partInfo.BootIndicator = pi.Mbr.BootIndicator; } info->IsGPT = pi.PartitionStyle == PARTITION_STYLE_GPT; } else { // Windows 2000 does not support IOCTL_DISK_GET_PARTITION_INFO_EX ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_PARTITION_INFO, NULL, 0, &info->partInfo, sizeof (info->partInfo)); info->IsGPT = FALSE; } if (!NT_SUCCESS (ntStatus)) { GET_LENGTH_INFORMATION lengthInfo; ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_LENGTH_INFO, NULL, 0, &lengthInfo, sizeof (lengthInfo)); if (NT_SUCCESS (ntStatus)) { memset (&info->partInfo, 0, sizeof (info->partInfo)); info->partInfo.PartitionLength = lengthInfo.Length; } } info->IsDynamic = FALSE; if (NT_SUCCESS (ntStatus) && OsMajorVersion >= 6) { # define IOCTL_VOLUME_IS_DYNAMIC CTL_CODE(IOCTL_VOLUME_BASE, 18, METHOD_BUFFERED, FILE_ANY_ACCESS) if (!NT_SUCCESS (TCDeviceIoControl (info->deviceName, IOCTL_VOLUME_IS_DYNAMIC, NULL, 0, &info->IsDynamic, sizeof (info->IsDynamic)))) info->IsDynamic = FALSE; } Irp->IoStatus.Information = sizeof (DISK_PARTITION_INFO_STRUCT); Irp->IoStatus.Status = ntStatus; } } break; case TC_IOCTL_GET_DRIVE_GEOMETRY: if (ValidateIOBufferSize (Irp, sizeof (DISK_GEOMETRY_STRUCT), ValidateInputOutput)) { DISK_GEOMETRY_STRUCT *g = (DISK_GEOMETRY_STRUCT *) Irp->AssociatedIrp.SystemBuffer; { NTSTATUS ntStatus; EnsureNullTerminatedString (g->deviceName, sizeof (g->deviceName)); ntStatus = TCDeviceIoControl (g->deviceName, IOCTL_DISK_GET_DRIVE_GEOMETRY, NULL, 0, &g->diskGeometry, sizeof (g->diskGeometry)); Irp->IoStatus.Information = sizeof (DISK_GEOMETRY_STRUCT); Irp->IoStatus.Status = ntStatus; } } break; case TC_IOCTL_PROBE_REAL_DRIVE_SIZE: if (ValidateIOBufferSize (Irp, sizeof (ProbeRealDriveSizeRequest), ValidateInputOutput)) { ProbeRealDriveSizeRequest *request = (ProbeRealDriveSizeRequest *) Irp->AssociatedIrp.SystemBuffer; NTSTATUS status; UNICODE_STRING name; PFILE_OBJECT fileObject; PDEVICE_OBJECT deviceObject; EnsureNullTerminatedString (request->DeviceName, sizeof (request->DeviceName)); RtlInitUnicodeString (&name, request->DeviceName); status = IoGetDeviceObjectPointer (&name, FILE_READ_ATTRIBUTES, &fileObject, &deviceObject); if (!NT_SUCCESS (status)) { Irp->IoStatus.Information = 0; Irp->IoStatus.Status = status; break; } status = ProbeRealDriveSize (deviceObject, &request->RealDriveSize); ObDereferenceObject (fileObject); if (status == STATUS_TIMEOUT) { request->TimeOut = TRUE; Irp->IoStatus.Information = sizeof (ProbeRealDriveSizeRequest); Irp->IoStatus.Status = STATUS_SUCCESS; } else if (!NT_SUCCESS (status)) { Irp->IoStatus.Information = 0; Irp->IoStatus.Status = status; } else { request->TimeOut = FALSE; Irp->IoStatus.Information = sizeof (ProbeRealDriveSizeRequest); Irp->IoStatus.Status = status; } } break; case TC_IOCTL_MOUNT_VOLUME: if (ValidateIOBufferSize (Irp, sizeof (MOUNT_STRUCT), ValidateInputOutput)) { MOUNT_STRUCT *mount = (MOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer; if (mount->VolumePassword.Length > MAX_PASSWORD || mount->ProtectedHidVolPassword.Length > MAX_PASSWORD) { Irp->IoStatus.Status = STATUS_INVALID_PARAMETER; Irp->IoStatus.Information = 0; break; } EnsureNullTerminatedString (mount->wszVolume, sizeof (mount->wszVolume)); Irp->IoStatus.Information = sizeof (MOUNT_STRUCT); Irp->IoStatus.Status = MountDevice (DeviceObject, mount); burn (&mount->VolumePassword, sizeof (mount->VolumePassword)); burn (&mount->ProtectedHidVolPassword, sizeof (mount->ProtectedHidVolPassword)); } break; case TC_IOCTL_DISMOUNT_VOLUME: if (ValidateIOBufferSize (Irp, sizeof (UNMOUNT_STRUCT), ValidateInputOutput)) { UNMOUNT_STRUCT *unmount = (UNMOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer; PDEVICE_OBJECT ListDevice = GetVirtualVolumeDeviceObject (unmount->nDosDriveNo); unmount->nReturnCode = ERR_DRIVE_NOT_FOUND; if (ListDevice) { PEXTENSION ListExtension = (PEXTENSION) ListDevice->DeviceExtension; if (IsVolumeAccessibleByCurrentUser (ListExtension)) unmount->nReturnCode = UnmountDevice (unmount, ListDevice, unmount->ignoreOpenFiles); } Irp->IoStatus.Information = sizeof (UNMOUNT_STRUCT); Irp->IoStatus.Status = STATUS_SUCCESS; } break; case TC_IOCTL_DISMOUNT_ALL_VOLUMES: if (ValidateIOBufferSize (Irp, sizeof (UNMOUNT_STRUCT), ValidateInputOutput)) { UNMOUNT_STRUCT *unmount = (UNMOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer; unmount->nReturnCode = UnmountAllDevices (unmount, unmount->ignoreOpenFiles); Irp->IoStatus.Information = sizeof (UNMOUNT_STRUCT); Irp->IoStatus.Status = STATUS_SUCCESS; } break; case TC_IOCTL_BOOT_ENCRYPTION_SETUP: Irp->IoStatus.Status = StartBootEncryptionSetup (DeviceObject, Irp, irpSp); Irp->IoStatus.Information = 0; break; case TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP: Irp->IoStatus.Status = AbortBootEncryptionSetup(); Irp->IoStatus.Information = 0; break; case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS: GetBootEncryptionStatus (Irp, irpSp); break; case TC_IOCTL_GET_BOOT_ENCRYPTION_SETUP_RESULT: Irp->IoStatus.Information = 0; Irp->IoStatus.Status = GetSetupResult(); break; case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES: GetBootDriveVolumeProperties (Irp, irpSp); break; case TC_IOCTL_GET_BOOT_LOADER_VERSION: GetBootLoaderVersion (Irp, irpSp); break; case TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER: ReopenBootVolumeHeader (Irp, irpSp); break; case TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME: GetBootEncryptionAlgorithmName (Irp, irpSp); break; case TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING: if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput)) { *(int *) Irp->AssociatedIrp.SystemBuffer = IsHiddenSystemRunning() ? 1 : 0; Irp->IoStatus.Information = sizeof (int); Irp->IoStatus.Status = STATUS_SUCCESS; } break; case TC_IOCTL_START_DECOY_SYSTEM_WIPE: Irp->IoStatus.Status = StartDecoySystemWipe (DeviceObject, Irp, irpSp); Irp->IoStatus.Information = 0; break; case TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE: Irp->IoStatus.Status = AbortDecoySystemWipe(); Irp->IoStatus.Information = 0; break; case TC_IOCTL_GET_DECOY_SYSTEM_WIPE_RESULT: Irp->IoStatus.Status = GetDecoySystemWipeResult(); Irp->IoStatus.Information = 0; break; case TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS: GetDecoySystemWipeStatus (Irp, irpSp); break; case TC_IOCTL_WRITE_BOOT_DRIVE_SECTOR: Irp->IoStatus.Status = WriteBootDriveSector (Irp, irpSp); Irp->IoStatus.Information = 0; break; case TC_IOCTL_GET_WARNING_FLAGS: if (ValidateIOBufferSize (Irp, sizeof (GetWarningFlagsRequest), ValidateOutput)) { GetWarningFlagsRequest *flags = (GetWarningFlagsRequest *) Irp->AssociatedIrp.SystemBuffer; flags->PagingFileCreationPrevented = PagingFileCreationPrevented; PagingFileCreationPrevented = FALSE; flags->SystemFavoriteVolumeDirty = SystemFavoriteVolumeDirty; SystemFavoriteVolumeDirty = FALSE; Irp->IoStatus.Information = sizeof (GetWarningFlagsRequest); Irp->IoStatus.Status = STATUS_SUCCESS; } break; case TC_IOCTL_SET_SYSTEM_FAVORITE_VOLUME_DIRTY: if (UserCanAccessDriveDevice()) { SystemFavoriteVolumeDirty = TRUE; Irp->IoStatus.Status = STATUS_SUCCESS; } else Irp->IoStatus.Status = STATUS_ACCESS_DENIED; Irp->IoStatus.Information = 0; break; case TC_IOCTL_REREAD_DRIVER_CONFIG: Irp->IoStatus.Status = ReadRegistryConfigFlags (FALSE); Irp->IoStatus.Information = 0; break; case TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG: if ( (ValidateIOBufferSize (Irp, sizeof (GetSystemDriveDumpConfigRequest), ValidateOutput)) && (Irp->RequestorMode == KernelMode) ) { GetSystemDriveDumpConfigRequest *request = (GetSystemDriveDumpConfigRequest *) Irp->AssociatedIrp.SystemBuffer; request->BootDriveFilterExtension = GetBootDriveFilterExtension(); if (IsBootDriveMounted() && request->BootDriveFilterExtension) { request->HwEncryptionEnabled = IsHwEncryptionEnabled(); Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = sizeof (*request); } else { Irp->IoStatus.Status = STATUS_INVALID_PARAMETER; Irp->IoStatus.Information = 0; } } break; default: return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0); } #ifdef DEBUG if (!NT_SUCCESS (Irp->IoStatus.Status)) { switch (irpSp->Parameters.DeviceIoControl.IoControlCode) { case TC_IOCTL_GET_MOUNTED_VOLUMES: case TC_IOCTL_GET_PASSWORD_CACHE_STATUS: case TC_IOCTL_GET_PORTABLE_MODE_STATUS: case TC_IOCTL_SET_PORTABLE_MODE_STATUS: case TC_IOCTL_OPEN_TEST: case TC_IOCTL_GET_RESOLVED_SYMLINK: case TC_IOCTL_GET_DRIVE_PARTITION_INFO: case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES: case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS: case TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING: break; default: Dump ("IOCTL error 0x%08x\n", Irp->IoStatus.Status); } } #endif return TCCompleteIrp (Irp, Irp->IoStatus.Status, Irp->IoStatus.Information); } NTSTATUS TCStartThread (PKSTART_ROUTINE threadProc, PVOID threadArg, PKTHREAD *kThread) { return TCStartThreadInProcess (threadProc, threadArg, kThread, NULL); } NTSTATUS TCStartThreadInProcess (PKSTART_ROUTINE threadProc, PVOID threadArg, PKTHREAD *kThread, PEPROCESS process) { NTSTATUS status; HANDLE threadHandle; HANDLE processHandle = NULL; OBJECT_ATTRIBUTES threadObjAttributes; if (process) { status = ObOpenObjectByPointer (process, OBJ_KERNEL_HANDLE, NULL, 0, NULL, KernelMode, &processHandle); if (!NT_SUCCESS (status)) return status; } InitializeObjectAttributes (&threadObjAttributes, NULL, OBJ_KERNEL_HANDLE, NULL, NULL); status = PsCreateSystemThread (&threadHandle, THREAD_ALL_ACCESS, &threadObjAttributes, processHandle, NULL, threadProc, threadArg); if (!NT_SUCCESS (status)) return status; status = ObReferenceObjectByHandle (threadHandle, THREAD_ALL_ACCESS, NULL, KernelMode, (PVOID *) kThread, NULL); if (!NT_SUCCESS (status)) { ZwClose (threadHandle); *kThread = NULL; return status; } if (processHandle) ZwClose (processHandle); ZwClose (threadHandle); return STATUS_SUCCESS; } void TCStopThread (PKTHREAD kThread, PKEVENT wakeUpEvent) { if (wakeUpEvent) KeSetEvent (wakeUpEvent, 0, FALSE); KeWaitForSingleObject (kThread, Executive, KernelMode, FALSE, NULL); ObDereferenceObject (kThread); } NTSTATUS TCStartVolumeThread (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension, MOUNT_STRUCT * mount) { PTHREAD_BLOCK pThreadBlock = TCalloc (sizeof (THREAD_BLOCK)); HANDLE hThread; NTSTATUS ntStatus; OBJECT_ATTRIBUTES threadObjAttributes; SECURITY_QUALITY_OF_SERVICE qos; Dump ("Starting thread...\n"); if (pThreadBlock == NULL) { return STATUS_INSUFFICIENT_RESOURCES; } else { pThreadBlock->DeviceObject = DeviceObject; pThreadBlock->mount = mount; } qos.Length = sizeof (qos); qos.ContextTrackingMode = SECURITY_STATIC_TRACKING; qos.EffectiveOnly = TRUE; qos.ImpersonationLevel = SecurityImpersonation; ntStatus = SeCreateClientSecurity (PsGetCurrentThread(), &qos, FALSE, &Extension->SecurityClientContext); if (!NT_SUCCESS (ntStatus)) goto ret; Extension->SecurityClientContextValid = TRUE; Extension->bThreadShouldQuit = FALSE; InitializeObjectAttributes (&threadObjAttributes, NULL, OBJ_KERNEL_HANDLE, NULL, NULL); ntStatus = PsCreateSystemThread (&hThread, THREAD_ALL_ACCESS, &threadObjAttributes, NULL, NULL, VolumeThreadProc, pThreadBlock); if (!NT_SUCCESS (ntStatus)) { Dump ("PsCreateSystemThread Failed END\n"); goto ret; } ntStatus = ObReferenceObjectByHandle (hThread, THREAD_ALL_ACCESS, NULL, KernelMode, &Extension->peThread, NULL); ZwClose (hThread); if (!NT_SUCCESS (ntStatus)) goto ret; Dump ("Waiting for thread to initialize...\n"); KeWaitForSingleObject (&Extension->keCreateEvent, Executive, KernelMode, FALSE, NULL); Dump ("Waiting completed! Thread returns 0x%08x\n", pThreadBlock->ntCreateStatus); ntStatus = pThreadBlock->ntCreateStatus; ret: TCfree (pThreadBlock); return ntStatus; } void TCStopVolumeThread (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension) { NTSTATUS ntStatus; if (DeviceObject); /* Remove compiler warning */ Dump ("Signalling thread to quit...\n"); Extension->bThreadShouldQuit = TRUE; KeReleaseSemaphore (&Extension->RequestSemaphore, 0, 1, TRUE); ntStatus = KeWaitForSingleObject (Extension->peThread, Executive, KernelMode, FALSE, NULL); ASSERT (NT_SUCCESS (ntStatus)); ObDereferenceObject (Extension->peThread); Extension->peThread = NULL; Dump ("Thread exited\n"); } // Suspend current thread for a number of milliseconds void TCSleep (int milliSeconds) { PKTIMER timer = (PKTIMER) TCalloc (sizeof (KTIMER)); LARGE_INTEGER duetime; if (!timer) return; duetime.QuadPart = (__int64) milliSeconds * -10000; KeInitializeTimerEx(timer, NotificationTimer); KeSetTimerEx(timer, duetime, 0, NULL); KeWaitForSingleObject (timer, Executive, KernelMode, FALSE, NULL); TCfree (timer); } BOOL IsDeviceName(wchar_t wszVolume[TC_MAX_PATH]) { if ( (wszVolume[0] == '\\') && (wszVolume[1] == 'D' || wszVolume[1] == 'd') && (wszVolume[2] == 'E' || wszVolume[2] == 'e') && (wszVolume[3] == 'V' || wszVolume[3] == 'v') && (wszVolume[4] == 'I' || wszVolume[4] == 'i') && (wszVolume[5] == 'C' || wszVolume[5] == 'c') && (wszVolume[6] == 'E' || wszVolume[6] == 'e') ) { return TRUE; } else return FALSE; } /* VolumeThreadProc does all the work of processing IRP's, and dispatching them to either the ReadWrite function or the DeviceControl function */ VOID VolumeThreadProc (PVOID Context) { PTHREAD_BLOCK pThreadBlock = (PTHREAD_BLOCK) Context; PDEVICE_OBJECT DeviceObject = pThreadBlock->DeviceObject; PEXTENSION Extension = (PEXTENSION) DeviceObject->DeviceExtension; BOOL bDevice; /* Set thread priority to lowest realtime level. */ KeSetPriorityThread (KeGetCurrentThread (), LOW_REALTIME_PRIORITY); Dump ("Mount THREAD OPENING VOLUME BEGIN\n"); if ( !IsDeviceName (pThreadBlock->mount->wszVolume)) { RtlStringCbCopyW (pThreadBlock->wszMountVolume, sizeof(pThreadBlock->wszMountVolume),WIDE ("\\??\\")); RtlStringCbCatW (pThreadBlock->wszMountVolume, sizeof(pThreadBlock->wszMountVolume),pThreadBlock->mount->wszVolume); bDevice = FALSE; } else { pThreadBlock->wszMountVolume[0] = 0; RtlStringCbCatW (pThreadBlock->wszMountVolume, sizeof(pThreadBlock->wszMountVolume),pThreadBlock->mount->wszVolume); bDevice = TRUE; } Dump ("Mount THREAD request for File %ls DriveNumber %d Device = %d\n", pThreadBlock->wszMountVolume, pThreadBlock->mount->nDosDriveNo, bDevice); pThreadBlock->ntCreateStatus = TCOpenVolume (DeviceObject, Extension, pThreadBlock->mount, pThreadBlock->wszMountVolume, bDevice); if (!NT_SUCCESS (pThreadBlock->ntCreateStatus) || pThreadBlock->mount->nReturnCode != 0) { KeSetEvent (&Extension->keCreateEvent, 0, FALSE); PsTerminateSystemThread (STATUS_SUCCESS); } // Start IO queue Extension->Queue.IsFilterDevice = FALSE; Extension->Queue.DeviceObject = DeviceObject; Extension->Queue.CryptoInfo = Extension->cryptoInfo; Extension->Queue.HostFileHandle = Extension->hDeviceFile; Extension->Queue.VirtualDeviceLength = Extension->DiskLength; Extension->Queue.MaxReadAheadOffset.QuadPart = Extension->HostLength; if (Extension->SecurityClientContextValid) Extension->Queue.SecurityClientContext = &Extension->SecurityClientContext; else Extension->Queue.SecurityClientContext = NULL; pThreadBlock->ntCreateStatus = EncryptedIoQueueStart (&Extension->Queue); if (!NT_SUCCESS (pThreadBlock->ntCreateStatus)) { TCCloseVolume (DeviceObject, Extension); pThreadBlock->mount->nReturnCode = ERR_OS_ERROR; KeSetEvent (&Extension->keCreateEvent, 0, FALSE); PsTerminateSystemThread (STATUS_SUCCESS); } KeSetEvent (&Extension->keCreateEvent, 0, FALSE); /* From this point on pThreadBlock cannot be used as it will have been released! */ pThreadBlock = NULL; for (;;) { /* Wait for a request from the dispatch routines. */ KeWaitForSingleObject ((PVOID) & Extension->RequestSemaphore, Executive, KernelMode, FALSE, NULL); for (;;) { PIO_STACK_LOCATION irpSp; PLIST_ENTRY request; PIRP irp; request = ExInterlockedRemoveHeadList (&Extension->ListEntry, &Extension->ListSpinLock); if (request == NULL) break; irp = CONTAINING_RECORD (request, IRP, Tail.Overlay.ListEntry); irpSp = IoGetCurrentIrpStackLocation (irp); ASSERT (irpSp->MajorFunction == IRP_MJ_DEVICE_CONTROL); ProcessVolumeDeviceControlIrp (DeviceObject, Extension, irp); IoReleaseRemoveLock (&Extension->Queue.RemoveLock, irp); } if (Extension->bThreadShouldQuit) { Dump ("Closing volume\n"); EncryptedIoQueueStop (&Extension->Queue); TCCloseVolume (DeviceObject, Extension); PsTerminateSystemThread (STATUS_SUCCESS); } } } void TCGetNTNameFromNumber (LPWSTR ntname, int cbNtName, int nDriveNo) { WCHAR tmp[3] = {0, ':', 0}; int j = nDriveNo + (WCHAR) 'A'; tmp[0] = (short) j; RtlStringCbCopyW (ntname, cbNtName,(LPWSTR) NT_MOUNT_PREFIX); RtlStringCbCatW (ntname, cbNtName, tmp); } void TCGetDosNameFromNumber (LPWSTR dosname,int cbDosName, int nDriveNo) { WCHAR tmp[3] = {0, ':', 0}; int j = nDriveNo + (WCHAR) 'A'; tmp[0] = (short) j; RtlStringCbCopyW (dosname, cbDosName, (LPWSTR) DOS_MOUNT_PREFIX); RtlStringCbCatW (dosname, cbDosName, tmp); } #ifdef _DEBUG LPWSTR TCTranslateCode (ULONG ulCode) { switch (ulCode) { #define TC_CASE_RET_NAME(CODE) case CODE : return L###CODE TC_CASE_RET_NAME (TC_IOCTL_ABORT_BOOT_ENCRYPTION_SETUP); TC_CASE_RET_NAME (TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE); TC_CASE_RET_NAME (TC_IOCTL_BOOT_ENCRYPTION_SETUP); TC_CASE_RET_NAME (TC_IOCTL_DISMOUNT_ALL_VOLUMES); TC_CASE_RET_NAME (TC_IOCTL_DISMOUNT_VOLUME); TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES); TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME); TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_SETUP_RESULT); TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS); TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_LOADER_VERSION); TC_CASE_RET_NAME (TC_IOCTL_GET_DECOY_SYSTEM_WIPE_RESULT); TC_CASE_RET_NAME (TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS); TC_CASE_RET_NAME (TC_IOCTL_GET_DEVICE_REFCOUNT); TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVE_GEOMETRY); TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVE_PARTITION_INFO); TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVER_VERSION); TC_CASE_RET_NAME (TC_IOCTL_GET_MOUNTED_VOLUMES); TC_CASE_RET_NAME (TC_IOCTL_GET_PASSWORD_CACHE_STATUS); TC_CASE_RET_NAME (TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG); TC_CASE_RET_NAME (TC_IOCTL_GET_PORTABLE_MODE_STATUS); TC_CASE_RET_NAME (TC_IOCTL_SET_PORTABLE_MODE_STATUS); TC_CASE_RET_NAME (TC_IOCTL_GET_RESOLVED_SYMLINK); TC_CASE_RET_NAME (TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG); TC_CASE_RET_NAME (TC_IOCTL_GET_VOLUME_PROPERTIES); TC_CASE_RET_NAME (TC_IOCTL_GET_WARNING_FLAGS); TC_CASE_RET_NAME (TC_IOCTL_DISK_IS_WRITABLE); TC_CASE_RET_NAME (TC_IOCTL_IS_ANY_VOLUME_MOUNTED); TC_CASE_RET_NAME (TC_IOCTL_IS_DRIVER_UNLOAD_DISABLED); TC_CASE_RET_NAME (TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING); TC_CASE_RET_NAME (TC_IOCTL_MOUNT_VOLUME); TC_CASE_RET_NAME (TC_IOCTL_OPEN_TEST); TC_CASE_RET_NAME (TC_IOCTL_PROBE_REAL_DRIVE_SIZE); TC_CASE_RET_NAME (TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER); TC_CASE_RET_NAME (TC_IOCTL_REREAD_DRIVER_CONFIG); TC_CASE_RET_NAME (TC_IOCTL_SET_SYSTEM_FAVORITE_VOLUME_DIRTY); TC_CASE_RET_NAME (TC_IOCTL_START_DECOY_SYSTEM_WIPE); TC_CASE_RET_NAME (TC_IOCTL_WIPE_PASSWORD_CACHE); TC_CASE_RET_NAME (TC_IOCTL_WRITE_BOOT_DRIVE_SECTOR); TC_CASE_RET_NAME (IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS); #undef TC_CASE_RET_NAME } if (ulCode == IOCTL_DISK_GET_DRIVE_GEOMETRY) return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_GEOMETRY"); else if (ulCode == IOCTL_DISK_GET_DRIVE_GEOMETRY_EX) return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_GEOMETRY_EX"); else if (ulCode == IOCTL_MOUNTDEV_QUERY_DEVICE_NAME) return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"); else if (ulCode == IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME) return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME"); else if (ulCode == IOCTL_MOUNTDEV_QUERY_UNIQUE_ID) return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_UNIQUE_ID"); else if (ulCode == IOCTL_VOLUME_ONLINE) return (LPWSTR) _T ("IOCTL_VOLUME_ONLINE"); else if (ulCode == IOCTL_MOUNTDEV_LINK_CREATED) return (LPWSTR) _T ("IOCTL_MOUNTDEV_LINK_CREATED"); else if (ulCode == IOCTL_MOUNTDEV_LINK_DELETED) return (LPWSTR) _T ("IOCTL_MOUNTDEV_LINK_DELETED"); else if (ulCode == IOCTL_MOUNTMGR_QUERY_POINTS) return (LPWSTR) _T ("IOCTL_MOUNTMGR_QUERY_POINTS"); else if (ulCode == IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED) return (LPWSTR) _T ("IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED"); else if (ulCode == IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED) return (LPWSTR) _T ("IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED"); else if (ulCode == IOCTL_DISK_GET_LENGTH_INFO) return (LPWSTR) _T ("IOCTL_DISK_GET_LENGTH_INFO"); else if (ulCode == IOCTL_STORAGE_GET_DEVICE_NUMBER) return (LPWSTR) _T ("IOCTL_STORAGE_GET_DEVICE_NUMBER"); else if (ulCode == IOCTL_DISK_GET_PARTITION_INFO) return (LPWSTR) _T ("IOCTL_DISK_GET_PARTITION_INFO"); else if (ulCode == IOCTL_DISK_GET_PARTITION_INFO_EX) return (LPWSTR) _T ("IOCTL_DISK_GET_PARTITION_INFO_EX"); else if (ulCode == IOCTL_DISK_SET_PARTITION_INFO) return (LPWSTR) _T ("IOCTL_DISK_SET_PARTITION_INFO"); else if (ulCode == IOCTL_DISK_GET_DRIVE_LAYOUT) return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_LAYOUT"); else if (ulCode == IOCTL_DISK_SET_DRIVE_LAYOUT_EX) return (LPWSTR) _T ("IOCTL_DISK_SET_DRIVE_LAYOUT_EX"); else if (ulCode == IOCTL_DISK_VERIFY) return (LPWSTR) _T ("IOCTL_DISK_VERIFY"); else if (ulCode == IOCTL_DISK_FORMAT_TRACKS) return (LPWSTR) _T ("IOCTL_DISK_FORMAT_TRACKS"); else if (ulCode == IOCTL_DISK_REASSIGN_BLOCKS) return (LPWSTR) _T ("IOCTL_DISK_REASSIGN_BLOCKS"); else if (ulCode == IOCTL_DISK_PERFORMANCE) return (LPWSTR) _T ("IOCTL_DISK_PERFORMANCE"); else if (ulCode == IOCTL_DISK_IS_WRITABLE) return (LPWSTR) _T ("IOCTL_DISK_IS_WRITABLE"); else if (ulCode == IOCTL_DISK_LOGGING) return (LPWSTR) _T ("IOCTL_DISK_LOGGING"); else if (ulCode == IOCTL_DISK_FORMAT_TRACKS_EX) return (LPWSTR) _T ("IOCTL_DISK_FORMAT_TRACKS_EX"); else if (ulCode == IOCTL_DISK_HISTOGRAM_STRUCTURE) return (LPWSTR) _T ("IOCTL_DISK_HISTOGRAM_STRUCTURE"); else if (ulCode == IOCTL_DISK_HISTOGRAM_DATA) return (LPWSTR) _T ("IOCTL_DISK_HISTOGRAM_DATA"); else if (ulCode == IOCTL_DISK_HISTOGRAM_RESET) return (LPWSTR) _T ("IOCTL_DISK_HISTOGRAM_RESET"); else if (ulCode == IOCTL_DISK_REQUEST_STRUCTURE) return (LPWSTR) _T ("IOCTL_DISK_REQUEST_STRUCTURE"); else if (ulCode == IOCTL_DISK_REQUEST_DATA) return (LPWSTR) _T ("IOCTL_DISK_REQUEST_DATA"); else if (ulCode == IOCTL_DISK_CONTROLLER_NUMBER) return (LPWSTR) _T ("IOCTL_DISK_CONTROLLER_NUMBER"); else if (ulCode == SMART_GET_VERSION) return (LPWSTR) _T ("SMART_GET_VERSION"); else if (ulCode == SMART_SEND_DRIVE_COMMAND) return (LPWSTR) _T ("SMART_SEND_DRIVE_COMMAND"); else if (ulCode == SMART_RCV_DRIVE_DATA) return (LPWSTR) _T ("SMART_RCV_DRIVE_DATA"); else if (ulCode == IOCTL_DISK_INTERNAL_SET_VERIFY) return (LPWSTR) _T ("IOCTL_DISK_INTERNAL_SET_VERIFY"); else if (ulCode == IOCTL_DISK_INTERNAL_CLEAR_VERIFY) return (LPWSTR) _T ("IOCTL_DISK_INTERNAL_CLEAR_VERIFY"); else if (ulCode == IOCTL_DISK_CHECK_VERIFY) return (LPWSTR) _T ("IOCTL_DISK_CHECK_VERIFY"); else if (ulCode == IOCTL_DISK_MEDIA_REMOVAL) return (LPWSTR) _T ("IOCTL_DISK_MEDIA_REMOVAL"); else if (ulCode == IOCTL_DISK_EJECT_MEDIA) return (LPWSTR) _T ("IOCTL_DISK_EJECT_MEDIA"); else if (ulCode == IOCTL_DISK_LOAD_MEDIA) return (LPWSTR) _T ("IOCTL_DISK_LOAD_MEDIA"); else if (ulCode == IOCTL_DISK_RESERVE) return (LPWSTR) _T ("IOCTL_DISK_RESERVE"); else if (ulCode == IOCTL_DISK_RELEASE) return (LPWSTR) _T ("IOCTL_DISK_RELEASE"); else if (ulCode == IOCTL_DISK_FIND_NEW_DEVICES) return (LPWSTR) _T ("IOCTL_DISK_FIND_NEW_DEVICES"); else if (ulCode == IOCTL_DISK_GET_MEDIA_TYPES) return (LPWSTR) _T ("IOCTL_DISK_GET_MEDIA_TYPES"); else if (ulCode == IOCTL_STORAGE_SET_HOTPLUG_INFO) return (LPWSTR) _T ("IOCTL_STORAGE_SET_HOTPLUG_INFO"); else if (ulCode == IRP_MJ_READ) return (LPWSTR) _T ("IRP_MJ_READ"); else if (ulCode == IRP_MJ_WRITE) return (LPWSTR) _T ("IRP_MJ_WRITE"); else if (ulCode == IRP_MJ_CREATE) return (LPWSTR) _T ("IRP_MJ_CREATE"); else if (ulCode == IRP_MJ_CLOSE) return (LPWSTR) _T ("IRP_MJ_CLOSE"); else if (ulCode == IRP_MJ_CLEANUP) return (LPWSTR) _T ("IRP_MJ_CLEANUP"); else if (ulCode == IRP_MJ_FLUSH_BUFFERS) return (LPWSTR) _T ("IRP_MJ_FLUSH_BUFFERS"); else if (ulCode == IRP_MJ_SHUTDOWN) return (LPWSTR) _T ("IRP_MJ_SHUTDOWN"); else if (ulCode == IRP_MJ_DEVICE_CONTROL) return (LPWSTR) _T ("IRP_MJ_DEVICE_CONTROL"); else { return (LPWSTR) _T ("IOCTL"); } } #endif void TCDeleteDeviceObject (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension) { UNICODE_STRING Win32NameString; NTSTATUS ntStatus; Dump ("TCDeleteDeviceObject BEGIN\n"); if (Extension->bRootDevice) { RtlInitUnicodeString (&Win32NameString, (LPWSTR) DOS_ROOT_PREFIX); ntStatus = IoDeleteSymbolicLink (&Win32NameString); if (!NT_SUCCESS (ntStatus)) Dump ("IoDeleteSymbolicLink failed ntStatus = 0x%08x\n", ntStatus); RootDeviceObject = NULL; } else { if (Extension->peThread != NULL) TCStopVolumeThread (DeviceObject, Extension); if (Extension->UserSid) TCfree (Extension->UserSid); if (Extension->SecurityClientContextValid) { if (OsMajorVersion == 5 && OsMinorVersion == 0) { ObDereferenceObject (Extension->SecurityClientContext.ClientToken); } else { // Windows 2000 does not support PsDereferenceImpersonationToken() used by SeDeleteClientSecurity(). // TODO: Use only SeDeleteClientSecurity() once support for Windows 2000 is dropped. VOID (*PsDereferenceImpersonationTokenD) (PACCESS_TOKEN ImpersonationToken); UNICODE_STRING name; RtlInitUnicodeString (&name, L"PsDereferenceImpersonationToken"); PsDereferenceImpersonationTokenD = MmGetSystemRoutineAddress (&name); if (!PsDereferenceImpersonationTokenD) TC_BUG_CHECK (STATUS_NOT_IMPLEMENTED); # define PsDereferencePrimaryToken # define PsDereferenceImpersonationToken PsDereferenceImpersonationTokenD SeDeleteClientSecurity (&Extension->SecurityClientContext); # undef PsDereferencePrimaryToken # undef PsDereferenceImpersonationToken } } VirtualVolumeDeviceObjects[Extension->nDosDriveNo] = NULL; } IoDeleteDevice (DeviceObject); Dump ("TCDeleteDeviceObject END\n"); } VOID TCUnloadDriver (PDRIVER_OBJECT DriverObject) { Dump ("TCUnloadDriver BEGIN\n"); OnShutdownPending(); if (IsBootDriveMounted()) TC_BUG_CHECK (STATUS_INVALID_DEVICE_STATE); EncryptionThreadPoolStop(); TCDeleteDeviceObject (RootDeviceObject, (PEXTENSION) RootDeviceObject->DeviceExtension); Dump ("TCUnloadDriver END\n"); } void OnShutdownPending () { UNMOUNT_STRUCT unmount; memset (&unmount, 0, sizeof (unmount)); unmount.ignoreOpenFiles = TRUE; while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_DISMOUNT_ALL_VOLUMES, &unmount, sizeof (unmount), &unmount, sizeof (unmount)) == STATUS_INSUFFICIENT_RESOURCES || unmount.HiddenVolumeProtectionTriggered) unmount.HiddenVolumeProtectionTriggered = FALSE; while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_WIPE_PASSWORD_CACHE, NULL, 0, NULL, 0) == STATUS_INSUFFICIENT_RESOURCES); } NTSTATUS TCDeviceIoControl (PWSTR deviceName, ULONG IoControlCode, void *InputBuffer, ULONG InputBufferSize, void *OutputBuffer, ULONG OutputBufferSize) { IO_STATUS_BLOCK ioStatusBlock; NTSTATUS ntStatus; PIRP irp; PFILE_OBJECT fileObject; PDEVICE_OBJECT deviceObject; KEVENT event; UNICODE_STRING name; RtlInitUnicodeString(&name, deviceName); ntStatus = IoGetDeviceObjectPointer (&name, FILE_READ_ATTRIBUTES, &fileObject, &deviceObject); if (!NT_SUCCESS (ntStatus)) return ntStatus; KeInitializeEvent(&event, NotificationEvent, FALSE); irp = IoBuildDeviceIoControlRequest (IoControlCode, deviceObject, InputBuffer, InputBufferSize, OutputBuffer, OutputBufferSize, FALSE, &event, &ioStatusBlock); if (irp == NULL) { Dump ("IRP allocation failed\n"); ntStatus = STATUS_INSUFFICIENT_RESOURCES; goto ret; } IoGetNextIrpStackLocation (irp)->FileObject = fileObject; ntStatus = IoCallDriver (deviceObject, irp); if (ntStatus == STATUS_PENDING) { KeWaitForSingleObject (&event, Executive, KernelMode, FALSE, NULL); ntStatus = ioStatusBlock.Status; } ret: ObDereferenceObject (fileObject); return ntStatus; } typedef struct { PDEVICE_OBJECT deviceObject; ULONG ioControlCode; void *inputBuffer; int inputBufferSize; void *outputBuffer; int outputBufferSize; NTSTATUS Status; KEVENT WorkItemCompletedEvent; } SendDeviceIoControlRequestWorkItemArgs; static VOID SendDeviceIoControlRequestWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, SendDeviceIoControlRequestWorkItemArgs *arg) { arg->Status = SendDeviceIoControlRequest (arg->deviceObject, arg->ioControlCode, arg->inputBuffer, arg->inputBufferSize, arg->outputBuffer, arg->outputBufferSize); KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE); } NTSTATUS SendDeviceIoControlRequest (PDEVICE_OBJECT deviceObject, ULONG ioControlCode, void *inputBuffer, int inputBufferSize, void *outputBuffer, int outputBufferSize) { IO_STATUS_BLOCK ioStatusBlock; NTSTATUS status; PIRP irp; KEVENT event; if (KeGetCurrentIrql() > APC_LEVEL) { SendDeviceIoControlRequestWorkItemArgs args; PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject); if (!workItem) return STATUS_INSUFFICIENT_RESOURCES; args.deviceObject = deviceObject; args.ioControlCode = ioControlCode; args.inputBuffer = inputBuffer; args.inputBufferSize = inputBufferSize; args.outputBuffer = outputBuffer; args.outputBufferSize = outputBufferSize; KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE); IoQueueWorkItem (workItem, SendDeviceIoControlRequestWorkItemRoutine, DelayedWorkQueue, &args); KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL); IoFreeWorkItem (workItem); return args.Status; } KeInitializeEvent (&event, NotificationEvent, FALSE); irp = IoBuildDeviceIoControlRequest (ioControlCode, deviceObject, inputBuffer, inputBufferSize, outputBuffer, outputBufferSize, FALSE, &event, &ioStatusBlock); if (!irp) return STATUS_INSUFFICIENT_RESOURCES; ObReferenceObject (deviceObject); status = IoCallDriver (deviceObject, irp); if (status == STATUS_PENDING) { KeWaitForSingleObject (&event, Executive, KernelMode, FALSE, NULL); status = ioStatusBlock.Status; } ObDereferenceObject (deviceObject); return status; } NTSTATUS ProbeRealDriveSize (PDEVICE_OBJECT driveDeviceObject, LARGE_INTEGER *driveSize) { NTSTATUS status; LARGE_INTEGER sysLength; LARGE_INTEGER offset; byte *sectorBuffer; ULONGLONG startTime; if (!UserCanAccessDriveDevice()) return STATUS_ACCESS_DENIED; sectorBuffer = TCalloc (TC_SECTOR_SIZE_BIOS); if (!sectorBuffer) return STATUS_INSUFFICIENT_RESOURCES; status = SendDeviceIoControlRequest (driveDeviceObject, IOCTL_DISK_GET_LENGTH_INFO, NULL, 0, &sysLength, sizeof (sysLength)); if (!NT_SUCCESS (status)) { Dump ("Failed to get drive size - error %x\n", status); TCfree (sectorBuffer); return status; } startTime = KeQueryInterruptTime (); for (offset.QuadPart = sysLength.QuadPart; ; offset.QuadPart += TC_SECTOR_SIZE_BIOS) { status = TCReadDevice (driveDeviceObject, sectorBuffer, offset, TC_SECTOR_SIZE_BIOS); if (NT_SUCCESS (status)) status = TCWriteDevice (driveDeviceObject, sectorBuffer, offset, TC_SECTOR_SIZE_BIOS); if (!NT_SUCCESS (status)) { driveSize->QuadPart = offset.QuadPart; Dump ("Real drive size = %I64d bytes (%I64d hidden)\n", driveSize->QuadPart, driveSize->QuadPart - sysLength.QuadPart); TCfree (sectorBuffer); return STATUS_SUCCESS; } if (KeQueryInterruptTime() - startTime > 3ULL * 60 * 1000 * 1000 * 10) { // Abort if probing for more than 3 minutes driveSize->QuadPart = sysLength.QuadPart; TCfree (sectorBuffer); return STATUS_TIMEOUT; } } } NTSTATUS TCOpenFsVolume (PEXTENSION Extension, PHANDLE volumeHandle, PFILE_OBJECT * fileObject) { NTSTATUS ntStatus; OBJECT_ATTRIBUTES objectAttributes; UNICODE_STRING fullFileName; IO_STATUS_BLOCK ioStatus; WCHAR volumeName[TC_MAX_PATH]; TCGetNTNameFromNumber (volumeName, sizeof(volumeName),Extension->nDosDriveNo); RtlInitUnicodeString (&fullFileName, volumeName); InitializeObjectAttributes (&objectAttributes, &fullFileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); ntStatus = ZwCreateFile (volumeHandle, SYNCHRONIZE | GENERIC_READ, &objectAttributes, &ioStatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); Dump ("Volume %ls open NTSTATUS 0x%08x\n", volumeName, ntStatus); if (!NT_SUCCESS (ntStatus)) return ntStatus; ntStatus = ObReferenceObjectByHandle (*volumeHandle, FILE_READ_DATA, NULL, KernelMode, fileObject, NULL); if (!NT_SUCCESS (ntStatus)) ZwClose (*volumeHandle); return ntStatus; } void TCCloseFsVolume (HANDLE volumeHandle, PFILE_OBJECT fileObject) { ObDereferenceObject (fileObject); ZwClose (volumeHandle); } static NTSTATUS TCReadWriteDevice (BOOL write, PDEVICE_OBJECT deviceObject, PVOID buffer, LARGE_INTEGER offset, ULONG length) { NTSTATUS status; IO_STATUS_BLOCK ioStatusBlock; PIRP irp; KEVENT completionEvent; ASSERT (KeGetCurrentIrql() <= APC_LEVEL); KeInitializeEvent (&completionEvent, NotificationEvent, FALSE); irp = IoBuildSynchronousFsdRequest (write ? IRP_MJ_WRITE : IRP_MJ_READ, deviceObject, buffer, length, &offset, &completionEvent, &ioStatusBlock); if (!irp) return STATUS_INSUFFICIENT_RESOURCES; ObReferenceObject (deviceObject); status = IoCallDriver (deviceObject, irp); if (status == STATUS_PENDING) { status = KeWaitForSingleObject (&completionEvent, Executive, KernelMode, FALSE, NULL); if (NT_SUCCESS (status)) status = ioStatusBlock.Status; } ObDereferenceObject (deviceObject); return status; } NTSTATUS TCReadDevice (PDEVICE_OBJECT deviceObject, PVOID buffer, LARGE_INTEGER offset, ULONG length) { return TCReadWriteDevice (FALSE, deviceObject, buffer, offset, length); } NTSTATUS TCWriteDevice (PDEVICE_OBJECT deviceObject, PVOID buffer, LARGE_INTEGER offset, ULONG length) { return TCReadWriteDevice (TRUE, deviceObject, buffer, offset, length); } NTSTATUS TCFsctlCall (PFILE_OBJECT fileObject, LONG IoControlCode, void *InputBuffer, int InputBufferSize, void *OutputBuffer, int OutputBufferSize) { IO_STATUS_BLOCK ioStatusBlock; NTSTATUS ntStatus; PIRP irp; KEVENT event; PIO_STACK_LOCATION stack; PDEVICE_OBJECT deviceObject = IoGetRelatedDeviceObject (fileObject); KeInitializeEvent(&event, NotificationEvent, FALSE); irp = IoBuildDeviceIoControlRequest (IoControlCode, deviceObject, InputBuffer, InputBufferSize, OutputBuffer, OutputBufferSize, FALSE, &event, &ioStatusBlock); if (irp == NULL) return STATUS_INSUFFICIENT_RESOURCES; stack = IoGetNextIrpStackLocation(irp); stack->MajorFunction = IRP_MJ_FILE_SYSTEM_CONTROL; stack->MinorFunction = IRP_MN_USER_FS_REQUEST; stack->FileObject = fileObject; ntStatus = IoCallDriver (deviceObject, irp); if (ntStatus == STATUS_PENDING) { KeWaitForSingleObject (&event, Executive, KernelMode, FALSE, NULL); ntStatus = ioStatusBlock.Status; } return ntStatus; } NTSTATUS CreateDriveLink (int nDosDriveNo) { WCHAR dev[128], link[128]; UNICODE_STRING deviceName, symLink; NTSTATUS ntStatus; TCGetNTNameFromNumber (dev, sizeof(dev),nDosDriveNo); TCGetDosNameFromNumber (link, sizeof(link),nDosDriveNo); RtlInitUnicodeString (&deviceName, dev); RtlInitUnicodeString (&symLink, link); ntStatus = IoCreateSymbolicLink (&symLink, &deviceName); Dump ("IoCreateSymbolicLink returned %X\n", ntStatus); return ntStatus; } NTSTATUS RemoveDriveLink (int nDosDriveNo) { WCHAR link[256]; UNICODE_STRING symLink; NTSTATUS ntStatus; TCGetDosNameFromNumber (link, sizeof(link),nDosDriveNo); RtlInitUnicodeString (&symLink, link); ntStatus = IoDeleteSymbolicLink (&symLink); Dump ("IoDeleteSymbolicLink returned %X\n", ntStatus); return ntStatus; } NTSTATUS MountManagerMount (MOUNT_STRUCT *mount) { NTSTATUS ntStatus; WCHAR arrVolume[256]; char buf[200]; PMOUNTMGR_TARGET_NAME in = (PMOUNTMGR_TARGET_NAME) buf; PMOUNTMGR_CREATE_POINT_INPUT point = (PMOUNTMGR_CREATE_POINT_INPUT) buf; UNICODE_STRING symName, devName; TCGetNTNameFromNumber (arrVolume, sizeof(arrVolume),mount->nDosDriveNo); in->DeviceNameLength = (USHORT) wcslen (arrVolume) * 2; RtlStringCbCopyW(in->DeviceName, sizeof(buf) - sizeof(in->DeviceNameLength),arrVolume); ntStatus = TCDeviceIoControl (MOUNTMGR_DEVICE_NAME, IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION, in, (ULONG) (sizeof (in->DeviceNameLength) + wcslen (arrVolume) * 2), 0, 0); memset (buf, 0, sizeof buf); TCGetDosNameFromNumber ((PWSTR) &point[1], sizeof(buf) - sizeof(MOUNTMGR_CREATE_POINT_INPUT),mount->nDosDriveNo); point->SymbolicLinkNameOffset = sizeof (MOUNTMGR_CREATE_POINT_INPUT); point->SymbolicLinkNameLength = (USHORT) wcslen ((PWSTR) &point[1]) * 2; RtlInitUnicodeString(&symName, (PWSTR) (buf + point->SymbolicLinkNameOffset)); point->DeviceNameOffset = point->SymbolicLinkNameOffset + point->SymbolicLinkNameLength; TCGetNTNameFromNumber ((PWSTR) (buf + point->DeviceNameOffset), sizeof(buf) - point->DeviceNameOffset,mount->nDosDriveNo); point->DeviceNameLength = (USHORT) wcslen ((PWSTR) (buf + point->DeviceNameOffset)) * 2; RtlInitUnicodeString(&devName, (PWSTR) (buf + point->DeviceNameOffset)); ntStatus = TCDeviceIoControl (MOUNTMGR_DEVICE_NAME, IOCTL_MOUNTMGR_CREATE_POINT, point, point->DeviceNameOffset + point->DeviceNameLength, 0, 0); return ntStatus; } NTSTATUS MountManagerUnmount (int nDosDriveNo) { NTSTATUS ntStatus; char buf[256], out[300]; PMOUNTMGR_MOUNT_POINT in = (PMOUNTMGR_MOUNT_POINT) buf; memset (buf, 0, sizeof buf); TCGetDosNameFromNumber ((PWSTR) &in[1], sizeof(buf) - sizeof(MOUNTMGR_MOUNT_POINT),nDosDriveNo); // Only symbolic link can be deleted with IOCTL_MOUNTMGR_DELETE_POINTS. If any other entry is specified, the mount manager will ignore subsequent IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION for the same volume ID. in->SymbolicLinkNameOffset = sizeof (MOUNTMGR_MOUNT_POINT); in->SymbolicLinkNameLength = (USHORT) wcslen ((PWCHAR) &in[1]) * 2; ntStatus = TCDeviceIoControl (MOUNTMGR_DEVICE_NAME, IOCTL_MOUNTMGR_DELETE_POINTS, in, sizeof(MOUNTMGR_MOUNT_POINT) + in->SymbolicLinkNameLength, out, sizeof out); Dump ("IOCTL_MOUNTMGR_DELETE_POINTS returned 0x%08x\n", ntStatus); return ntStatus; } NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount) { PDEVICE_OBJECT NewDeviceObject; NTSTATUS ntStatus; // Make sure the user is asking for a reasonable nDosDriveNo if (mount->nDosDriveNo >= 0 && mount->nDosDriveNo <= 25 && IsDriveLetterAvailable (mount->nDosDriveNo)) { Dump ("Mount request looks valid\n"); } else { Dump ("WARNING: MOUNT DRIVE LETTER INVALID\n"); mount->nReturnCode = ERR_DRIVE_NOT_FOUND; return ERR_DRIVE_NOT_FOUND; } if (!SelfTestsPassed) { mount->nReturnCode = ERR_SELF_TESTS_FAILED; return ERR_SELF_TESTS_FAILED; } ntStatus = TCCreateDeviceObject (DeviceObject->DriverObject, &NewDeviceObject, mount); if (!NT_SUCCESS (ntStatus)) { Dump ("Mount CREATE DEVICE ERROR, ntStatus = 0x%08x\n", ntStatus); return ntStatus; } else { PEXTENSION NewExtension = (PEXTENSION) NewDeviceObject->DeviceExtension; SECURITY_SUBJECT_CONTEXT subContext; PACCESS_TOKEN accessToken; SeCaptureSubjectContext (&subContext); accessToken = SeQuerySubjectContextToken (&subContext); if (!accessToken) { ntStatus = STATUS_INVALID_PARAMETER; } else { PTOKEN_USER tokenUser; ntStatus = SeQueryInformationToken (accessToken, TokenUser, &tokenUser); if (NT_SUCCESS (ntStatus)) { ULONG sidLength = RtlLengthSid (tokenUser->User.Sid); NewExtension->UserSid = TCalloc (sidLength); if (!NewExtension->UserSid) ntStatus = STATUS_INSUFFICIENT_RESOURCES; else ntStatus = RtlCopySid (sidLength, NewExtension->UserSid, tokenUser->User.Sid); ExFreePool (tokenUser); // Documented in newer versions of WDK } } SeReleaseSubjectContext (&subContext); if (NT_SUCCESS (ntStatus)) ntStatus = TCStartVolumeThread (NewDeviceObject, NewExtension, mount); if (!NT_SUCCESS (ntStatus)) { Dump ("Mount FAILURE NT ERROR, ntStatus = 0x%08x\n", ntStatus); TCDeleteDeviceObject (NewDeviceObject, NewExtension); return ntStatus; } else { if (mount->nReturnCode == 0) { HANDLE volumeHandle; PFILE_OBJECT volumeFileObject; Dump ("Mount SUCCESS TC code = 0x%08x READ-ONLY = %d\n", mount->nReturnCode, NewExtension->bReadOnly); if (NewExtension->bReadOnly) NewDeviceObject->Characteristics |= FILE_READ_ONLY_DEVICE; NewDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING; NewExtension->UniqueVolumeId = LastUniqueVolumeId++; if (mount->bMountManager) MountManagerMount (mount); NewExtension->bMountManager = mount->bMountManager; // We create symbolic link even if mount manager is notified of // arriving volume as it apparently sometimes fails to create the link CreateDriveLink (mount->nDosDriveNo); mount->FilesystemDirty = FALSE; if (NT_SUCCESS (TCOpenFsVolume (NewExtension, &volumeHandle, &volumeFileObject))) { __try { ULONG fsStatus; if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_IS_VOLUME_DIRTY, NULL, 0, &fsStatus, sizeof (fsStatus))) && (fsStatus & VOLUME_IS_DIRTY)) { mount->FilesystemDirty = TRUE; } } __except (EXCEPTION_EXECUTE_HANDLER) { mount->FilesystemDirty = TRUE; } TCCloseFsVolume (volumeHandle, volumeFileObject); } } else { Dump ("Mount FAILURE TC code = 0x%08x\n", mount->nReturnCode); TCDeleteDeviceObject (NewDeviceObject, NewExtension); } return STATUS_SUCCESS; } } } NTSTATUS UnmountDevice (UNMOUNT_STRUCT *unmountRequest, PDEVICE_OBJECT deviceObject, BOOL ignoreOpenFiles) { PEXTENSION extension = deviceObject->DeviceExtension; NTSTATUS ntStatus; HANDLE volumeHandle; PFILE_OBJECT volumeFileObject; Dump ("UnmountDevice %d\n", extension->nDosDriveNo); ntStatus = TCOpenFsVolume (extension, &volumeHandle, &volumeFileObject); if (NT_SUCCESS (ntStatus)) { int dismountRetry; // Dismounting a writable NTFS filesystem prevents the driver from being unloaded on Windows 7 if (IsOSAtLeast (WIN_7) && !extension->bReadOnly) { NTFS_VOLUME_DATA_BUFFER ntfsData; if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_GET_NTFS_VOLUME_DATA, NULL, 0, &ntfsData, sizeof (ntfsData)))) DriverUnloadDisabled = TRUE; } // Lock volume ntStatus = TCFsctlCall (volumeFileObject, FSCTL_LOCK_VOLUME, NULL, 0, NULL, 0); Dump ("FSCTL_LOCK_VOLUME returned %X\n", ntStatus); if (!NT_SUCCESS (ntStatus) && !ignoreOpenFiles) { TCCloseFsVolume (volumeHandle, volumeFileObject); return ERR_FILES_OPEN; } // Dismount volume for (dismountRetry = 0; dismountRetry < 200; ++dismountRetry) { ntStatus = TCFsctlCall (volumeFileObject, FSCTL_DISMOUNT_VOLUME, NULL, 0, NULL, 0); Dump ("FSCTL_DISMOUNT_VOLUME returned %X\n", ntStatus); if (NT_SUCCESS (ntStatus) || ntStatus == STATUS_VOLUME_DISMOUNTED) break; if (!ignoreOpenFiles) { TCCloseFsVolume (volumeHandle, volumeFileObject); return ERR_FILES_OPEN; } TCSleep (100); } } else { // Volume cannot be opened => force dismount if allowed if (!ignoreOpenFiles) return ERR_FILES_OPEN; else volumeHandle = NULL; } if (extension->bMountManager) MountManagerUnmount (extension->nDosDriveNo); // We always remove symbolic link as mount manager might fail to do so RemoveDriveLink (extension->nDosDriveNo); extension->bShuttingDown = TRUE; ntStatus = IoAcquireRemoveLock (&extension->Queue.RemoveLock, NULL); ASSERT (NT_SUCCESS (ntStatus)); IoReleaseRemoveLockAndWait (&extension->Queue.RemoveLock, NULL); if (volumeHandle != NULL) TCCloseFsVolume (volumeHandle, volumeFileObject); if (unmountRequest) { PCRYPTO_INFO cryptoInfo = ((PEXTENSION) deviceObject->DeviceExtension)->cryptoInfo; unmountRequest->HiddenVolumeProtectionTriggered = (cryptoInfo->bProtectHiddenVolume && cryptoInfo->bHiddenVolProtectionAction); } TCDeleteDeviceObject (deviceObject, (PEXTENSION) deviceObject->DeviceExtension); return 0; } static PDEVICE_OBJECT FindVolumeWithHighestUniqueId (int maxUniqueId) { PDEVICE_OBJECT highestIdDevice = NULL; int highestId = -1; int drive; for (drive = MIN_MOUNTED_VOLUME_DRIVE_NUMBER; drive <= MAX_MOUNTED_VOLUME_DRIVE_NUMBER; ++drive) { PDEVICE_OBJECT device = GetVirtualVolumeDeviceObject (drive); if (device) { PEXTENSION extension = (PEXTENSION) device->DeviceExtension; if (extension->UniqueVolumeId > highestId && extension->UniqueVolumeId <= maxUniqueId) { highestId = extension->UniqueVolumeId; highestIdDevice = device; } } } return highestIdDevice; } NTSTATUS UnmountAllDevices (UNMOUNT_STRUCT *unmountRequest, BOOL ignoreOpenFiles) { NTSTATUS status = 0; PDEVICE_OBJECT ListDevice; int maxUniqueId = LastUniqueVolumeId; Dump ("Unmounting all volumes\n"); if (unmountRequest) unmountRequest->HiddenVolumeProtectionTriggered = FALSE; // Dismount volumes in the reverse order they were mounted to properly dismount nested volumes while ((ListDevice = FindVolumeWithHighestUniqueId (maxUniqueId)) != NULL) { PEXTENSION ListExtension = (PEXTENSION) ListDevice->DeviceExtension; maxUniqueId = ListExtension->UniqueVolumeId - 1; if (IsVolumeAccessibleByCurrentUser (ListExtension)) { NTSTATUS ntStatus; if (unmountRequest) unmountRequest->nDosDriveNo = ListExtension->nDosDriveNo; ntStatus = UnmountDevice (unmountRequest, ListDevice, ignoreOpenFiles); status = ntStatus == 0 ? status : ntStatus; if (unmountRequest && unmountRequest->HiddenVolumeProtectionTriggered) break; } } return status; } // Resolves symbolic link name to its target name NTSTATUS SymbolicLinkToTarget (PWSTR symlinkName, PWSTR targetName, USHORT maxTargetNameLength) { NTSTATUS ntStatus; OBJECT_ATTRIBUTES objectAttributes; UNICODE_STRING fullFileName; HANDLE handle; RtlInitUnicodeString (&fullFileName, symlinkName); InitializeObjectAttributes (&objectAttributes, &fullFileName, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL); ntStatus = ZwOpenSymbolicLinkObject (&handle, GENERIC_READ, &objectAttributes); if (NT_SUCCESS (ntStatus)) { UNICODE_STRING target; target.Buffer = targetName; target.Length = 0; target.MaximumLength = maxTargetNameLength; memset (targetName, 0, maxTargetNameLength); ntStatus = ZwQuerySymbolicLinkObject (handle, &target, NULL); ZwClose (handle); } return ntStatus; } // Checks if two regions overlap (borders are parts of regions) BOOL RegionsOverlap (unsigned __int64 start1, unsigned __int64 end1, unsigned __int64 start2, unsigned __int64 end2) { return (start1 < start2) ? (end1 >= start2) : (start1 <= end2); } void GetIntersection (uint64 start1, uint32 length1, uint64 start2, uint64 end2, uint64 *intersectStart, uint32 *intersectLength) { uint64 end1 = start1 + length1 - 1; uint64 intersectEnd = (end1 <= end2) ? end1 : end2; *intersectStart = (start1 >= start2) ? start1 : start2; *intersectLength = (uint32) ((*intersectStart > intersectEnd) ? 0 : intersectEnd + 1 - *intersectStart); if (*intersectLength == 0) *intersectStart = start1; } BOOL IsAccessibleByUser (PUNICODE_STRING objectFileName, BOOL readOnly) { OBJECT_ATTRIBUTES fileObjAttributes; IO_STATUS_BLOCK ioStatusBlock; HANDLE fileHandle; NTSTATUS status; ASSERT (!IoIsSystemThread (PsGetCurrentThread())); InitializeObjectAttributes (&fileObjAttributes, objectFileName, OBJ_CASE_INSENSITIVE | OBJ_FORCE_ACCESS_CHECK | OBJ_KERNEL_HANDLE, NULL, NULL); status = ZwCreateFile (&fileHandle, readOnly ? GENERIC_READ : GENERIC_READ | GENERIC_WRITE, &fileObjAttributes, &ioStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if (NT_SUCCESS (status)) { ZwClose (fileHandle); return TRUE; } return FALSE; } BOOL UserCanAccessDriveDevice () { UNICODE_STRING name; RtlInitUnicodeString (&name, L"\\Device\\MountPointManager"); return IsAccessibleByUser (&name, FALSE); } BOOL IsDriveLetterAvailable (int nDosDriveNo) { OBJECT_ATTRIBUTES objectAttributes; UNICODE_STRING objectName; WCHAR link[128]; HANDLE handle; TCGetDosNameFromNumber (link, sizeof(link),nDosDriveNo); RtlInitUnicodeString (&objectName, link); InitializeObjectAttributes (&objectAttributes, &objectName, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL); if (NT_SUCCESS (ZwOpenSymbolicLinkObject (&handle, GENERIC_READ, &objectAttributes))) { ZwClose (handle); return FALSE; } return TRUE; } NTSTATUS TCCompleteIrp (PIRP irp, NTSTATUS status, ULONG_PTR information) { irp->IoStatus.Status = status; irp->IoStatus.Information = information; IoCompleteRequest (irp, IO_NO_INCREMENT); return status; } NTSTATUS TCCompleteDiskIrp (PIRP irp, NTSTATUS status, ULONG_PTR information) { irp->IoStatus.Status = status; irp->IoStatus.Information = information; IoCompleteRequest (irp, NT_SUCCESS (status) ? IO_DISK_INCREMENT : IO_NO_INCREMENT); return status; } size_t GetCpuCount () { KAFFINITY activeCpuMap = KeQueryActiveProcessors(); size_t mapSize = sizeof (activeCpuMap) * 8; size_t cpuCount = 0; while (mapSize--) { if (activeCpuMap & 1) ++cpuCount; activeCpuMap >>= 1; } if (cpuCount == 0) return 1; return cpuCount; } void EnsureNullTerminatedString (wchar_t *str, size_t maxSizeInBytes) { ASSERT ((maxSizeInBytes & 1) == 0); str[maxSizeInBytes / sizeof (wchar_t) - 1] = 0; } void *AllocateMemoryWithTimeout (size_t size, int retryDelay, int timeout) { LARGE_INTEGER waitInterval; waitInterval.QuadPart = retryDelay * -10000; ASSERT (KeGetCurrentIrql() <= APC_LEVEL); ASSERT (retryDelay > 0 && retryDelay <= timeout); while (TRUE) { void *memory = TCalloc (size); if (memory) return memory; timeout -= retryDelay; if (timeout <= 0) break; KeDelayExecutionThread (KernelMode, FALSE, &waitInterval); } return NULL; } NTSTATUS TCReadRegistryKey (PUNICODE_STRING keyPath, wchar_t *keyValueName, PKEY_VALUE_PARTIAL_INFORMATION *keyData) { OBJECT_ATTRIBUTES regObjAttribs; HANDLE regKeyHandle; NTSTATUS status; UNICODE_STRING valName; ULONG size = 0; ULONG resultSize; InitializeObjectAttributes (®ObjAttribs, keyPath, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL); status = ZwOpenKey (®KeyHandle, KEY_READ, ®ObjAttribs); if (!NT_SUCCESS (status)) return status; RtlInitUnicodeString (&valName, keyValueName); status = ZwQueryValueKey (regKeyHandle, &valName, KeyValuePartialInformation, NULL, 0, &size); if (!NT_SUCCESS (status) && status != STATUS_BUFFER_OVERFLOW && status != STATUS_BUFFER_TOO_SMALL) { ZwClose (regKeyHandle); return status; } if (size == 0) { ZwClose (regKeyHandle); return STATUS_NO_DATA_DETECTED; } *keyData = (PKEY_VALUE_PARTIAL_INFORMATION) TCalloc (size); if (!*keyData) { ZwClose (regKeyHandle); return STATUS_INSUFFICIENT_RESOURCES; } status = ZwQueryValueKey (regKeyHandle, &valName, KeyValuePartialInformation, *keyData, size, &resultSize); ZwClose (regKeyHandle); return status; } NTSTATUS TCWriteRegistryKey (PUNICODE_STRING keyPath, wchar_t *keyValueName, ULONG keyValueType, void *valueData, ULONG valueSize) { OBJECT_ATTRIBUTES regObjAttribs; HANDLE regKeyHandle; NTSTATUS status; UNICODE_STRING valName; InitializeObjectAttributes (®ObjAttribs, keyPath, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL); status = ZwOpenKey (®KeyHandle, KEY_READ | KEY_WRITE, ®ObjAttribs); if (!NT_SUCCESS (status)) return status; RtlInitUnicodeString (&valName, keyValueName); status = ZwSetValueKey (regKeyHandle, &valName, 0, keyValueType, valueData, valueSize); ZwClose (regKeyHandle); return status; } BOOL IsVolumeClassFilterRegistered () { UNICODE_STRING name; NTSTATUS status; BOOL registered = FALSE; PKEY_VALUE_PARTIAL_INFORMATION data; RtlInitUnicodeString (&name, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{71A27CDD-812A-11D0-BEC7-08002BE2092F}"); status = TCReadRegistryKey (&name, L"UpperFilters", &data); if (NT_SUCCESS (status)) { if (data->Type == REG_MULTI_SZ && data->DataLength >= 9 * sizeof (wchar_t)) { // Search for the string "veracrypt" ULONG i; for (i = 0; i <= data->DataLength - 9 * sizeof (wchar_t); ++i) { if (memcmp (data->Data + i, L"veracrypt", 9 * sizeof (wchar_t)) == 0) { Dump ("Volume class filter active\n"); registered = TRUE; break; } } } TCfree (data); } return registered; } NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry) { PKEY_VALUE_PARTIAL_INFORMATION data; UNICODE_STRING name; NTSTATUS status; uint32 flags = 0; RtlInitUnicodeString (&name, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\veracrypt"); status = TCReadRegistryKey (&name, TC_DRIVER_CONFIG_REG_VALUE_NAME, &data); if (NT_SUCCESS (status)) { if (data->Type == REG_DWORD) { flags = *(uint32 *) data->Data; Dump ("Configuration flags = 0x%x\n", flags); if (driverEntry) { if (flags & (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD | TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES)) CacheBootPassword = TRUE; if (flags & TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS) NonAdminSystemFavoritesAccessDisabled = TRUE; } EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE); } else status = STATUS_INVALID_PARAMETER; TCfree (data); } if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, TC_ENCRYPTION_FREE_CPU_COUNT_REG_VALUE_NAME, &data))) { if (data->Type == REG_DWORD) EncryptionThreadPoolFreeCpuCountLimit = *(uint32 *) data->Data; TCfree (data); } return status; } NTSTATUS WriteRegistryConfigFlags (uint32 flags) { UNICODE_STRING name; RtlInitUnicodeString (&name, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\veracrypt"); return TCWriteRegistryKey (&name, TC_DRIVER_CONFIG_REG_VALUE_NAME, REG_DWORD, &flags, sizeof (flags)); } NTSTATUS GetDeviceSectorSize (PDEVICE_OBJECT deviceObject, ULONG *bytesPerSector) { NTSTATUS status; DISK_GEOMETRY geometry; status = SendDeviceIoControlRequest (deviceObject, IOCTL_DISK_GET_DRIVE_GEOMETRY, NULL, 0, &geometry, sizeof (geometry)); if (!NT_SUCCESS (status)) return status; *bytesPerSector = geometry.BytesPerSector; return STATUS_SUCCESS; } NTSTATUS ZeroUnreadableSectors (PDEVICE_OBJECT deviceObject, LARGE_INTEGER startOffset, ULONG size, uint64 *zeroedSectorCount) { NTSTATUS status; ULONG sectorSize; ULONG sectorCount; byte *sectorBuffer = NULL; *zeroedSectorCount = 0; status = GetDeviceSectorSize (deviceObject, §orSize); if (!NT_SUCCESS (status)) return status; sectorBuffer = TCalloc (sectorSize); if (!sectorBuffer) return STATUS_INSUFFICIENT_RESOURCES; for (sectorCount = size / sectorSize; sectorCount > 0; --sectorCount, startOffset.QuadPart += sectorSize) { status = TCReadDevice (deviceObject, sectorBuffer, startOffset, sectorSize); if (!NT_SUCCESS (status)) { Dump ("Zeroing sector at %I64d\n", startOffset.QuadPart); memset (sectorBuffer, 0, sectorSize); status = TCWriteDevice (deviceObject, sectorBuffer, startOffset, sectorSize); if (!NT_SUCCESS (status)) goto err; ++(*zeroedSectorCount); } } status = STATUS_SUCCESS; err: if (sectorBuffer) TCfree (sectorBuffer); return status; } NTSTATUS ReadDeviceSkipUnreadableSectors (PDEVICE_OBJECT deviceObject, byte *buffer, LARGE_INTEGER startOffset, ULONG size, uint64 *badSectorCount) { NTSTATUS status; ULONG sectorSize; ULONG sectorCount; *badSectorCount = 0; status = GetDeviceSectorSize (deviceObject, §orSize); if (!NT_SUCCESS (status)) return status; for (sectorCount = size / sectorSize; sectorCount > 0; --sectorCount, startOffset.QuadPart += sectorSize, buffer += sectorSize) { status = TCReadDevice (deviceObject, buffer, startOffset, sectorSize); if (!NT_SUCCESS (status)) { Dump ("Skipping bad sector at %I64d\n", startOffset.QuadPart); memset (buffer, 0, sectorSize); ++(*badSectorCount); } } return STATUS_SUCCESS; } BOOL IsVolumeAccessibleByCurrentUser (PEXTENSION volumeDeviceExtension) { SECURITY_SUBJECT_CONTEXT subContext; PACCESS_TOKEN accessToken; PTOKEN_USER tokenUser; BOOL result = FALSE; if (IoIsSystemThread (PsGetCurrentThread()) || UserCanAccessDriveDevice() || !volumeDeviceExtension->UserSid || (volumeDeviceExtension->SystemFavorite && !NonAdminSystemFavoritesAccessDisabled)) { return TRUE; } SeCaptureSubjectContext (&subContext); accessToken = SeQuerySubjectContextToken (&subContext); if (!accessToken) goto ret; if (SeTokenIsAdmin (accessToken)) { result = TRUE; goto ret; } if (!NT_SUCCESS (SeQueryInformationToken (accessToken, TokenUser, &tokenUser))) goto ret; result = RtlEqualSid (volumeDeviceExtension->UserSid, tokenUser->User.Sid); ExFreePool (tokenUser); // Documented in newer versions of WDK ret: SeReleaseSubjectContext (&subContext); return result; } void GetElapsedTimeInit (LARGE_INTEGER *lastPerfCounter) { *lastPerfCounter = KeQueryPerformanceCounter (NULL); } // Returns elapsed time in microseconds since last call int64 GetElapsedTime (LARGE_INTEGER *lastPerfCounter) { LARGE_INTEGER freq; LARGE_INTEGER counter = KeQueryPerformanceCounter (&freq); int64 elapsed = (counter.QuadPart - lastPerfCounter->QuadPart) * 1000000LL / freq.QuadPart; *lastPerfCounter = counter; return elapsed; } BOOL IsOSAtLeast (OSVersionEnum reqMinOS) { /* When updating this function, update IsOSVersionAtLeast() in Dlgcode.c too. */ ULONG major = 0, minor = 0; ASSERT (OsMajorVersion != 0); switch (reqMinOS) { case WIN_2000: major = 5; minor = 0; break; case WIN_XP: major = 5; minor = 1; break; case WIN_SERVER_2003: major = 5; minor = 2; break; case WIN_VISTA: major = 6; minor = 0; break; case WIN_7: major = 6; minor = 1; break; default: TC_THROW_FATAL_EXCEPTION; break; } return ((OsMajorVersion << 16 | OsMinorVersion << 8) >= (major << 16 | minor << 8)); } /entry>
<entry lang="en" key="CANNOT_RESTORE_KEYBOARD_LAYOUT">Warning: VeraCrypt could not restore the original keyboard layout. This may cause you to enter a password incorrectly.</entry>
<entry lang="en" key="CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION">Error: Cannot set the keyboard layout for VeraCrypt to the standard US keyboard layout.\n\nNote that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout.</entry>
- <entry lang="en" key="ALT_KEY_CHARS_NOT_FOR_SYS_ENCRYPTION">As VeraCrypt temporarily changed the keyboard layout to the standard US keyboard layout, it is not possible to type characters by pressing keys while the right Alt key is held down. However, you can type most of such characters by pressing appropriate keys while the Shift key is held down.</entry>
+ <entry lang="en" key="ALT_KEY_CHARS_NOT_FOR_SYS_ENCRYPTION">It is not possible to type characters by pressing keys while the right Alt key is held down. However, you can type most of such characters by pressing appropriate keys while the Shift key is held down.</entry>
<entry lang="en" key="KEYB_LAYOUT_CHANGE_PREVENTED">VeraCrypt prevented change of keyboard layout.</entry>
<entry lang="en" key="KEYB_LAYOUT_SYS_ENC_EXPLANATION">Note: The password will need to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout. However, it is important to note that you do NOT need a real US keyboard. VeraCrypt automatically ensures that you can safely type the password (right now and in the pre-boot environment) even if you do NOT have a real US keyboard.</entry>
<entry lang="en" key="RESCUE_DISK_INFO">Before you can encrypt the partition/drive, you must create a VeraCrypt Rescue Disk (VRD), which serves the following purposes:\n\n- If the VeraCrypt Boot Loader, master key, or other critical data gets damaged, the VRD allows you to restore it (note, however, that you will still have to enter the correct password then).\n\n- If Windows gets damaged and cannot start, the VRD allows you to permanently decrypt the partition/drive before Windows starts.\n\n- The VRD will contain a backup of the present content of the first drive track (which typically contains a system loader or boot manager) and will allow you to restore it if necessary.\n\nThe VeraCrypt Rescue Disk ISO image will be created in the location specified below.</entry>
<entry lang="en" key="RESCUE_DISK_WIN_ISOBURN_PRELAUNCH_NOTE">After you click OK, Microsoft Windows Disc Image Burner will be launched. Please use it to burn the VeraCrypt Rescue Disk ISO image to a CD or DVD.\n\nAfter you do so, return to the VeraCrypt Volume Creation Wizard and follow its instructions.</entry>
<entry lang="en" key="RESCUE_DISK_BURN_INFO">The Rescue Disk image has been created and stored in this file:\n%s\n\nNow you need to burn it to a CD or DVD.\n\n%lsAfter you burn the Rescue Disk, click Next to verify that it has been correctly burned.</entry>
<entry lang="en" key="RESCUE_DISK_BURN_INFO_NO_CHECK">The Rescue Disk image has been created and stored in this file:\n%s\n\nNow you should either burn the image to a CD/DVD or move it to a safe location for later use.\n\n%lsClick Next to continue.</entry>
<entry lang="en" key="RESCUE_DISK_BURN_INFO_NONWIN_ISO_BURNER">IMPORTANT: Note that the file must be written to the CD/DVD as an ISO disk image (not as an individual file). For information on how to do so, please refer to the documentation of your CD/DVD recording software. If you do not have any CD/DVD recording software that can write the ISO disk image to a CD/DVD, click the link below to download such free software.\n\n</entry>
<entry lang="en" key="LAUNCH_WIN_ISOBURN">Launch Microsoft Windows Disc Image Burner</entry>
<entry lang="en" key="RESCUE_DISK_BURN_NO_CHECK_WARN">WARNING: If you already created a VeraCrypt Rescue Disk in the past, it cannot be reused for this system partition/drive because it was created for a different master key! Every time you encrypt a system partition/drive, you must create a new VeraCrypt Rescue Disk for it even if you use the same password.</entry>
<entry lang="en" key="CANNOT_SAVE_SYS_ENCRYPTION_SETTINGS">Error: Cannot save system encryption settings.</entry>
<entry lang="en" key="CANNOT_INITIATE_SYS_ENCRYPTION_PRETEST">Cannot initiate the system encryption pretest.</entry>
<entry lang="en" key="CANNOT_INITIATE_HIDDEN_OS_CREATION">Cannot initiate the process of creation of the hidden operating system.</entry>
<entry lang="en" key="WIPE_MODE_TITLE">Wipe Mode</entry>
<entry lang="en" key="INPLACE_ENC_WIPE_MODE_INFO">On some types of storage media, when data is overwritten with other data, it may be possible to recover the overwritten data using techniques such as magnetic force microscopy. This also applies to data that are overwritten with their encrypted form (which happens when VeraCrypt initially encrypts an unencrypted partition or drive). According to some studies and governmental publications, recovery of overwritten data can be prevented (or made very difficult) by overwriting the data with pseudorandom and certain non-random data a certain number of times. Therefore, if you believe that an adversary might be able to use such techniques to recover the data you intend to encrypt, you may want to select one of the wipe modes (existing data will NOT be lost). Note that wiping will NOT be performed after the partition/drive is encrypted. When the partition/drive is fully encrypted, no unencrypted data is written to it. Any data being written to it is first encrypted on the fly in memory and only then is the (encrypted) data written to the disk.</entry>
<entry lang="en" key="WIPE_MODE_INFO">On some types of storage media, when data is overwritten with other data (e.g. when the data is erased), it may be possible to recover the overwritten data using techniques such as magnetic force microscopy. According to some studies and governmental publications, recovery of overwritten data can be prevented (or made very difficult) by overwriting the data with pseudorandom and certain non-random data a certain number of times. Therefore, if you believe that an adversary might be able to use such techniques to recover the data that is to be erased, you may want to select one of the multi-pass wipe modes.\n\nNote: The more wipe passes you use, the longer it takes to erase the data.</entry>
<entry lang="en" key="DEVICE_WIPE_PAGE_TITLE">Wiping</entry>
<entry lang="en" key="DEVICE_WIPE_PAGE_INFO_HIDDEN_OS">\nNote: You can interrupt the process of wiping, shut down your computer, start the hidden system again and then resume the process (this wizard will be launched automatically). However, if you interrupt it, the entire process of wiping will have to start from the beginning.</entry>
<entry lang="en" key="DEVICE_WIPE_PAGE_INFO">\n\nNote: If you interrupt the process of wiping and then attempt to resume it, the entire process will have to start from the beginning.</entry>
<entry lang="en" key="CONFIRM_WIPE_ABORT">Do you want to abort the process of wiping?</entry>
<entry lang="en" key="CONFIRM_WIPE_START">Warning: The entire content of the selected partition/device will be erased and lost.</entry>
<entry lang="en" key="CONFIRM_WIPE_START_DECOY_SYS_PARTITION">The entire content of the partition where the original system resides will be erased.\n\nNote: The entire content of the partition that is to be erased has been copied to this hidden system partition.</entry>
<entry lang="en" key="WIPE_MODE_WARN">WARNING: Note that when you choose e.g. the 3-pass wipe mode, the time necessary to encrypt the partition/drive will be up to 4 times longer. Likewise, if you choose the 35-pass wipe mode, it will be up to 36 times longer (it might even take several weeks).\n\nHowever, please note that wiping will NOT be performed after the partition/drive is fully encrypted. When the partition/drive is fully encrypted, no unencrypted data is written to it. Any data being written to it is first encrypted on the fly in memory and only then is the (encrypted) data written to the disk (so the performance will NOT be affected).\n\nAre you sure you want to use the wipe mode?</entry>
<entry lang="en" key="WIPE_MODE_NONE">None (fastest)</entry>
<entry lang="en" key="WIPE_MODE_1_RAND">1-pass (random data)</entry>
<entry lang="en" key="WIPE_MODE_3_DOD_5220">3-pass (US DoD 5220.22-M)</entry>
<entry lang="en" key="WIPE_MODE_7_DOD_5220">7-pass (US DoD 5220.22-M)</entry>
<entry lang="en" key="WIPE_MODE_35_GUTMANN">35-pass ("Gutmann")</entry>
<entry lang="en" key="WIPE_MODE_256">256-pass</entry>
<entry lang="en" key="SYS_MULTI_BOOT_MODE_TITLE">Number of Operating Systems</entry>
<entry lang="en" key="MULTI_BOOT_FOR_ADVANCED_ONLY">WARNING: Inexperienced users should never attempt to encrypt Windows in multi-boot configurations.\n\nContinue?</entry>
<entry lang="en" key="HIDDEN_OS_MULTI_BOOT">When creating/using a hidden operating system, VeraCrypt supports multi-boot configurations only when the following conditions are met:\n\n- The currently running operating system must be installed on the boot drive, which must not contain any other operating systems.\n\n- Operating systems installed on other drives must not use any boot loader residing on the drive on which the currently running operating system is installed.\n\nAre the above conditions met?</entry>
<entry lang="en" key="UNSUPPORTED_HIDDEN_OS_MULTI_BOOT_CFG">VeraCrypt does not support this multi-boot configuration when creating/using a hidden operating system.</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_SYS_EQ_BOOT_TITLE">Boot Drive</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_SYS_EQ_BOOT_HELP">Is the currently running operating system installed on the boot drive?\n\nNote: Sometimes, Windows is not installed on the same drive as the Windows boot loader (boot partition). If that is the case, select 'No'.</entry>
<entry lang="en" key="SYS_PARTITION_MUST_BE_ON_BOOT_DRIVE">VeraCrypt currently does not support encrypting an operating system that does not boot from the drive on which it is installed.</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_NBR_SYS_DRIVES_TITLE">Number of System Drives</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_NBR_SYS_DRIVES_HELP">How many drives contain an operating system?\n\nNote: For example, if you have any operating system (e.g. Windows, Mac OS X, Linux, etc.) installed on your primary drive and any additional operating system installed on your secondary drive, select '2 or more'.</entry>
<entry lang="en" key="WDE_UNSUPPORTED_FOR_MULTIPLE_SYSTEMS_ON_ONE_DRIVE">VeraCrypt currently does not support encrypting a whole drive that contains multiple operating systems.\n\nPossible Solutions:\n\n- You can still encrypt one of the systems if you go back and choose to encrypt only a single system partition (as opposed to choosing to encrypt the entire system drive).\n\n- Alternatively, you will be able to encrypt the entire drive if you move some of the systems to other drives leaving only one system on the drive you want to encrypt.</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_ADJACENT_SYS_TITLE">Multiple Systems on Single Drive</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_ADJACENT_SYS_HELP">Are there any other operating systems installed on the drive on which the currently running operating system is installed?\n\nNote: For example, if the currently running operating system is installed on the drive #0, which contains several partitions, and if one of the partitions contains Windows and another partition contains any additional operating system (e.g. Windows, Mac OS X, Linux, etc.), select 'Yes'.</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_NONWIN_BOOT_LOADER_TITLE">Non-Windows Boot Loader</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_NONWIN_BOOT_LOADER_HELP">Is a non-Windows boot loader (or boot manager) installed in the master boot record (MBR)?\n\nNote: For example, if the first track of the boot drive contains GRUB, LILO, XOSL, or some other non-Windows boot manager (or boot loader), select 'Yes'.</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_OUTCOME_TITLE">Multi-Boot</entry>
<entry lang="en" key="CUSTOM_BOOT_MANAGERS_IN_MBR_UNSUPPORTED">VeraCrypt currently does not support multi-boot configurations where a non-Windows boot loader is installed in the Master Boot Record.\n\nPossible Solutions:\n\n- If you use a boot manager to boot Windows and Linux, move the boot manager (typically, GRUB) from the Master Boot Record to a partition. Then start this wizard again and encrypt the system partition/drive. Note that the VeraCrypt Boot Loader will become your primary boot manager and it will allow you to launch the original boot manager (e.g. GRUB) as your secondary boot manager (by pressing Esc in the VeraCrypt Boot Loader screen) and thus you will be able boot Linux.</entry>
<entry lang="en" key="WINDOWS_BOOT_LOADER_HINTS">If the currently running operating system is installed on the boot partition, then, after you encrypt it, you will need to enter the correct password even if you want to start any other unencrypted Windows system(s) (as they will share a single encrypted Windows boot loader/manager).\n\nIn contrast, if the currently running operating system is not installed on the boot partition (or if the Windows boot loader/manager is not used by any other system), then, after you encrypt this system, you will not need to enter the correct password to boot the other unencrypted system(s) -- you will only need to press the Esc key to start the unencrypted system (if there are multiple unencrypted systems, you will also need to choose which system to start in the VeraCrypt Boot Manager menu).\n\nNote: Typically, the earliest installed Windows system is installed on the boot partition.</entry>
<entry lang="en" key="SYSENC_PRE_DRIVE_ANALYSIS_TITLE">Encryption of Host Protected Area</entry>
<entry lang="en" key="SYSENC_PRE_DRIVE_ANALYSIS_HELP">At the end of many drives, there is an area that is normally hidden from the operating system (such areas are usually referred to as Host Protected Areas). However, some programs can read and write data from/to such areas.\n\nWARNING: Some computer manufacturers may use such areas to store tools and data for RAID, system recovery, system setup, diagnostic, or other purposes. If such tools or data must be accessible before booting, the hidden area should NOT be encrypted (choose 'No' above).\n\nDo you want VeraCrypt to detect and encrypt such a hidden area (if any) at the end of the system drive?</entry>
- <entry lang="en" key="SYSENC_TYPE_PAGE_TITLE">Type of System Encryption</entry>
+ <entry lang="en" key="SYSENC_TYPE_PAGE_TITLE">Encrypt Windows Drive (%c:)</entry>
<entry lang="en" key="SYSENC_NORMAL_TYPE_HELP">Select this option if you merely want to encrypt the system partition or the entire system drive.</entry>
<entry lang="en" key="SYSENC_HIDDEN_TYPE_HELP">It may happen that you are forced by somebody to decrypt the operating system. There are many situations where you cannot refuse to do so (for example, due to extortion). If you select this option, you will create a hidden operating system whose existence should be impossible to prove (provided that certain guidelines are followed). Thus, you will not have to decrypt or reveal the password to the hidden operating system. For a detailed explanation, please click the link below.</entry>
<entry lang="en" key="HIDDEN_OS_PREINFO">It may happen that you are forced by somebody to decrypt the operating system. There are many situations where you cannot refuse to do so (for example, due to extortion).\n\nUsing this wizard, you can create a hidden operating system whose existence should be impossible to prove (provided that certain guidelines are followed). Thus, you will not have to decrypt or reveal the password for the hidden operating system.</entry>
<entry lang="en" key="SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_TITLE">Hidden Operating System</entry>
<entry lang="en" key="SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_HELP">In the following steps, you will create two VeraCrypt volumes (outer and hidden) within the first partition behind the system partition. The hidden volume will contain the hidden operating system (OS). VeraCrypt will create the hidden OS by copying the content of the system partition (where the currently running OS is installed) to the hidden volume. To the outer volume, you will copy some sensitive looking files that you actually do NOT want to hide. They will be there for anyone forcing you to disclose the password for the hidden OS partition. You can reveal the password for the outer volume within the hidden OS partition (the existence of the hidden OS remains secret).\n\nFinally, on the system partition of the currently running OS, you will install a new OS, so-called decoy OS, and encrypt it. It must not contain sensitive data and will be there for anyone forcing you to reveal your pre-boot authentication password. In total, there will be three passwords. Two of them can be disclosed (for the decoy OS and outer volume). If you use the third one, the hidden OS will start.</entry>
<entry lang="en" key="SYSENC_DRIVE_ANALYSIS_TITLE">Detecting Hidden Sectors</entry>
<entry lang="en" key="SYSENC_DRIVE_ANALYSIS_INFO">Please wait while VeraCrypt is detecting possible hidden sectors at the end of the system drive. Note that it may take a long time to complete.\n\nNote: In very rare cases, on some computers, the system may become unresponsive during this detection process. If it happens, restart the computer, start VeraCrypt, repeat the previous steps but skip this detection process. Note that this issue is not caused by a bug in VeraCrypt.</entry>
<entry lang="en" key="SYS_ENCRYPTION_SPAN_TITLE">Area to Encrypt</entry>
<entry lang="en" key="SYS_ENCRYPTION_SPAN_WHOLE_SYS_DRIVE_HELP">Select this option if you want to encrypt the entire drive on which the currently running Windows system is installed. The whole drive, including all its partitions, will be encrypted except the first track where the VeraCrypt Boot Loader will reside. Anyone who wants to access a system installed on the drive, or files stored on the drive, will need to enter the correct password each time before the system starts. This option cannot be used to encrypt a secondary or external drive if Windows is not installed on it and does not boot from it.</entry>
<entry lang="en" key="COLLECTING_RANDOM_DATA_TITLE">Collecting Random Data</entry>
<entry lang="en" key="KEYS_GEN_TITLE">Keys Generated</entry>
<entry lang="en" key="CD_BURNER_NOT_PRESENT">VeraCrypt has found no CD/DVD burner connected to your computer. VeraCrypt needs a CD/DVD burner to burn a bootable VeraCrypt Rescue Disk containing a backup of the encryption keys, VeraCrypt boot loader, original system loader, etc.\n\nWe strongly recommend that you burn the VeraCrypt Rescue Disk.</entry>
<entry lang="en" key="CD_BURNER_NOT_PRESENT_WILL_STORE_ISO">I have no CD/DVD burner but I will store the Rescue Disk ISO image on a removable drive (e.g. USB flash drive).</entry>
<entry lang="en" key="CD_BURNER_NOT_PRESENT_WILL_CONNECT_LATER">I will connect a CD/DVD burner to my computer later. Terminate the process now.</entry>
<entry lang="en" key="CD_BURNER_NOT_PRESENT_CONNECTED_NOW">A CD/DVD burner is connected to my computer now. Continue and write the Rescue Disk.</entry>
<entry lang="en" key="CD_BURNER_NOT_PRESENT_WILL_STORE_ISO_INFO">Please follow these steps:\n\n1) Connect a removable drive, such as a USB flash drive, to your computer now.\n\n2) Copy the VeraCrypt Rescue Disk image file (%s) to the removable drive.\n\nIn case you need to use the VeraCrypt Rescue Disk in the future, you will be able to connect your removable drive (containing the VeraCrypt Rescue Disk image) to a computer with a CD/DVD burner and create a bootable VeraCrypt Rescue Disk by burning the image to a CD or DVD. IMPORTANT: Note that the VeraCrypt Rescue Disk image file must be written to the CD/DVD as an ISO disk image (not as an individual file).</entry>
<entry lang="en" key="RESCUE_DISK_RECORDING_TITLE">Rescue Disk Recording</entry>
<entry lang="en" key="RESCUE_DISK_CREATED_TITLE">Rescue Disk Created</entry>
- <entry lang="en" key="SYS_ENCRYPTION_PRETEST_TITLE">System Encryption Pretest</entry>
+ <entry lang="en" key="SYS_ENCRYPTION_PRETEST_TITLE">System Encryption Test</entry>
<entry lang="en" key="RESCUE_DISK_DISK_VERIFIED_TITLE">Rescue Disk Verified</entry>
<entry lang="en" key="RESCUE_DISK_VERIFIED_INFO">\nThe VeraCrypt Rescue Disk has been successfully verified. Please remove it from the drive now and store it in a safe place.\n\nClick Next to continue.</entry>
<entry lang="en" key="REMOVE_RESCUE_DISK_FROM_DRIVE">WARNING: During the next steps, the VeraCrypt Rescue Disk must not be in the drive. Otherwise, it will not be possible to complete the steps correctly.\n\nPlease remove it from the drive now and store it in a safe place. Then click OK.</entry>
<entry lang="en" key="PREBOOT_NOT_LOCALIZED">Warning: Due to technical limitations of the pre-boot environment, texts displayed by VeraCrypt in the pre-boot environment (i.e. before Windows starts) cannot be localized. The VeraCrypt Boot Loader user interface is completely in English.\n\nContinue?</entry>
<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO">Before encrypting your system partition or drive, VeraCrypt needs to verify that everything works correctly.\n\nAfter you click Test, all the necessary components (for example, the pre-boot authentication component, i.e. the VeraCrypt Boot Loader) will be installed and your computer will be restarted. Then you will have to enter your password in the VeraCrypt Boot Loader screen that will appear before Windows starts. After Windows starts, you will be automatically informed about the result of this pretest.\n\nThe following device will be modified: Drive #%d\n\n\nIf you click Cancel now, nothing will be installed and the pretest will not be performed.</entry>
<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_1">IMPORTANT NOTES -- PLEASE READ OR PRINT (click 'Print'):\n\nNote that none of your files will be encrypted before you successfully restart your computer and start Windows. Thus, if anything fails, your data will NOT be lost. However, if something does go wrong, you might encounter difficulties in starting Windows. Therefore, please read (and, if possible, print) the following guidelines on what to do if Windows cannot start after you restart the computer.\n\n</entry>
<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_2">What to Do If Windows Cannot Start\n------------------------------------------------\n\nNote: These instructions are valid only if you have not started encrypting.\n\n- If Windows does not start after you enter the correct password (or if you repeatedly enter the correct password but VeraCrypt says that the password is incorrect), do not panic. Restart (power off and on) the computer, and in the VeraCrypt Boot Loader screen, press the Esc key on your keyboard (and if you have multiple systems, choose which to start). Then Windows should start (provided that it is not encrypted) and VeraCrypt will automatically ask whether you want to uninstall the pre-boot authentication component. Note that the previous steps do NOT work if the system partition/drive is encrypted (nobody can start Windows or access encrypted data on the drive without the correct password even if he or she follows the previous steps).\n\n</entry>
<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_3">- If the previous steps do not help or if the VeraCrypt Boot Loader screen does not appear (before Windows starts), insert the VeraCrypt Rescue Disk into your CD/DVD drive and restart your computer. If the VeraCrypt Rescue Disk screen does not appear (or if you do not see the 'Repair Options' item in the 'Keyboard Controls' section of the VeraCrypt Rescue Disk screen), it is possible that your BIOS is configured to attempt to boot from hard drives before CD/DVD drives. If that is the case, restart your computer, press F2 or Delete (as soon as you see a BIOS start-up screen), and wait until a BIOS configuration screen appears. If no BIOS configuration screen appears, restart (reset) the computer again and start pressing F2 or Delete repeatedly as soon as you restart (reset) the computer. When a BIOS configuration screen appears, configure your BIOS to boot from the CD/DVD drive first (for information on how to do so, please refer to the documentation for your BIOS/motherboard or contact your computer vendor's technical support team for assistance). Then restart your computer. The VeraCrypt Rescue Disk screen should appear now. In the VeraCrypt Rescue Disk screen, select 'Repair Options' by pressing F8 on your keyboard. From the 'Repair Options' menu, select 'Restore original system loader'. Then remove the Rescue Disk from your CD/DVD drive and restart your computer. Windows should start normally (provided that it is not encrypted).\n\n</entry>
<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_4">Note that the previous steps do NOT work if the system partition/drive is encrypted (nobody can start Windows or access encrypted data on the drive without the correct password even if he or she follows the previous steps).\n\n\nNote that even if you lose your VeraCrypt Rescue Disk and an attacker finds it, he or she will NOT be able to decrypt the system partition or drive without the correct password.</entry>
- <entry lang="en" key="SYS_ENCRYPTION_PRETEST_RESULT_TITLE">Pretest Completed</entry>
- <entry lang="en" key="SYS_ENCRYPTION_PRETEST_RESULT_INFO">The pretest has been successfully completed.\n\nWARNING: Please note that if power supply is suddenly interrupted while encrypting existing data in place, or when the operating system crashes due to a software error or hardware malfunction while VeraCrypt is encrypting existing data in place, portions of the data will be corrupted or lost. Therefore, before you start encrypting, please make sure that you have backup copies of the files you want to encrypt. If you do not, please back up the files now (you can click Defer, back up the files, then run VeraCrypt again anytime, and select 'System' &gt; 'Resume Interrupted Process' to start encrypting).\n\nWhen ready, click Encrypt to start encrypting.</entry>
- <entry lang="en" key="SYSENC_ENCRYPTION_PAGE_INFO">You can click Pause or Defer anytime to interrupt the process of encryption or decryption, exit this wizard, restart or shut down your computer, and then resume the process, which will continue from the point it was stopped. To prevent slowdown when the system or applications write or read data from the system drive, VeraCrypt automatically waits until the data is written or read (see Status above) and then automatically continues encrypting or decrypting.</entry>
+ <entry lang="en" key="SYS_ENCRYPTION_PRETEST_RESULT_TITLE">Pretest Successfully Completed</entry>
+ <entry lang="en" key="SYS_ENCRYPTION_PRETEST_RESULT_INFO">If the encryption is interrupted you can resume it restarting VeraCrypt and selecting 'System' > 'Resume Interrupted Process'\n\nPlease make sure, that your device does not run out of power during the encryption process.</entry>
+ <entry lang="en" key="SYSENC_ENCRYPTION_PAGE_INFO">Make sure that your device does not run out of power.\nIf the encryption is interrupted you can resume it restarting VeraCrypt and selecting 'System' > 'Resume Interrupted Process'.</entry>
<entry lang="en" key="NONSYS_INPLACE_ENC_ENCRYPTION_PAGE_INFO">\n\nYou can click Pause or Defer anytime to interrupt the process of encryption, exit this wizard, restart or shut down your computer, and then resume the process, which will continue from the point it was stopped. Note that the volume cannot be mounted until it has been fully encrypted.</entry>
<entry lang="en" key="NONSYS_INPLACE_DEC_DECRYPTION_PAGE_INFO">\n\nYou can click Pause or Defer anytime to interrupt the process of decryption, exit this wizard, restart or shut down the computer, and then resume the process, which will continue from the point where it was stopped. Note that the volume cannot be mounted until it has been fully decrypted.</entry>
<entry lang="en" key="SYSENC_HIDDEN_OS_INITIAL_INFO_TITLE">Hidden System Started</entry>
<entry lang="en" key="SYSENC_HIDDEN_OS_WIPE_INFO_TITLE">Original System</entry>
<entry lang="en" key="SYSENC_HIDDEN_OS_WIPE_INFO">Windows creates (typically, without your knowledge or consent) various log files, temporary files, etc., on the system partition. It also saves the content of RAM to hibernation and paging files located on the system partition. Therefore, if an adversary analyzed files stored on the partition where the original system (of which the hidden system is a clone) resides, he might find out, for example, that you used the VeraCrypt wizard in the hidden-system-creation mode (which might indicate the existence of a hidden operating system on your computer).\n\nTo prevent such issues, VeraCrypt will, in the next steps, securely erase the entire content of the partition where the original system resides. Afterwards, in order to achieve plausible deniability, you will need to install a new system on the partition and encrypt it. Thus you will create the decoy system and the whole process of creation of the hidden operating system will be completed.</entry>
<entry lang="en" key="OS_WIPING_NOT_FINISHED_ASK">The hidden operating system has been successfully created. However, before you can start using it (and achieve plausible deniability), you need to securely erase (using VeraCrypt) the entire content of the partition where the currently running operating system is installed. Before you can do that, you need to restart the computer and, in the VeraCrypt Boot Loader screen (which appears before Windows starts), enter the pre-boot authentication password for the hidden operating system. Then, after the hidden system starts, the VeraCrypt wizard will be launched automatically.\n\nNote: If you choose to terminate the process of creation of the hidden operating system now, you will NOT be able to resume the process and the hidden system will NOT be accessible (because the VeraCrypt Boot Loader will be removed).</entry>
<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_ASK">You have scheduled the process of creation of a hidden operating system. The process has not been completed yet. To complete it, you need to restart the computer and, in the VeraCrypt Boot Loader screen (which appears before Windows starts), enter the password for the hidden operating system.\n\nNote: If you choose to terminate the process of creation of the hidden operating system now, you will NOT be able to resume the process.</entry>
<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_RETRY">Restart the computer and proceed</entry>
<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_TERMINATE">Permanently terminate the process of creation of the hidden operating system</entry>
<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_ASK_LATER">Do nothing now and ask again later</entry>
<entry lang="en" key="RESCUE_DISK_HELP_PORTION_1">\nIF POSSIBLE, PLEASE PRINT THIS TEXT (click 'Print' below).\n\n\nHow and When to Use VeraCrypt Rescue Disk (After Encrypting)\n-----------------------------------------------------------------------------------\n\n</entry>
<entry lang="en" key="RESCUE_DISK_HELP_PORTION_2">I. How to Boot VeraCrypt Rescue Disk\n\nTo boot a VeraCrypt Rescue Disk, insert it into your CD/DVD drive and restart your computer. If the VeraCrypt Rescue Disk screen does not appear (or if you do not see the 'Repair Options' item in the 'Keyboard Controls' section of the screen), it is possible that your BIOS is configured to attempt to boot from hard drives before CD/DVD drives. If that is the case, restart your computer, press F2 or Delete (as soon as you see a BIOS start-up screen), and wait until a BIOS configuration screen appears. If no BIOS configuration screen appears, restart (reset) the computer again and start pressing F2 or Delete repeatedly as soon as you restart (reset) the computer. When a BIOS configuration screen appears, configure your BIOS to boot from the CD/DVD drive first (for information on how to do so, please refer to the documentation for your BIOS/motherboard or contact your computer vendor's technical support team for assistance). Then restart your computer. The VeraCrypt Rescue Disk screen should appear now. Note: In the VeraCrypt Rescue Disk screen, you can select 'Repair Options' by pressing F8 on your keyboard.\n\n\n</entry>
<entry lang="en" key="RESCUE_DISK_HELP_PORTION_3">II. When and How to Use VeraCrypt Rescue Disk (After Encrypting)\n\n</entry>
<entry lang="en" key="RESCUE_DISK_HELP_PORTION_4">1) If the VeraCrypt Boot Loader screen does not appear after you start your computer (or if Windows does not boot), the VeraCrypt Boot Loader may be damaged. The VeraCrypt Rescue Disk allows you to restore it and thus to regain access to your encrypted system and data (however, note that you will still have to enter the correct password then). In the Rescue Disk screen, select 'Repair Options' > 'Restore VeraCrypt Boot Loader'. Then press 'Y' to confirm the action, remove the Rescue Disk from your CD/DVD drive and restart your computer.\n\n</entry>
<entry lang="en" key="RESCUE_DISK_HELP_PORTION_5">2) If you repeatedly enter the correct password but VeraCrypt says that the password is incorrect, the master key or other critical data may be damaged. The VeraCrypt Rescue Disk allows you to restore them and thus to regain access to your encrypted system and data (however, note that you will still have to enter the correct password then). In the Rescue Disk screen, select 'Repair Options' > 'Restore key data'. Then enter your password, press 'Y' to confirm the action, remove the Rescue Disk from your CD/DVD drive, and restart your computer.\n\n</entry>
<entry lang="en" key="RESCUE_DISK_HELP_PORTION_6">3) If the VeraCrypt Boot Loader is damaged, you can avoid running it by booting directly from the VeraCrypt Rescue Disk. Insert your Rescue Disk into your CD/DVD drive and then enter your password in the Rescue Disk screen.\n\n</entry>
<entry lang="en" key="RESCUE_DISK_HELP_PORTION_7">4) If Windows is damaged and cannot start, the VeraCrypt Rescue Disk allows you to permanently decrypt the partition/drive before Windows starts. In the Rescue Disk screen, select 'Repair Options' > 'Permanently decrypt system partition/drive'. Enter the correct password and wait until decryption is complete. Then you can e.g. boot your MS Windows setup CD/DVD to repair your Windows installation.\n\n</entry>
<entry lang="en" key="RESCUE_DISK_HELP_PORTION_8">Note: Alternatively, if Windows is damaged (cannot start) and you need to repair it (or access files on it), you can avoid decrypting the system partition/drive by following these steps: If you have multiple operating systems installed on your computer, boot the one that does not require pre-boot authentication. If you do not have multiple operating systems installed on your computer, you can boot a WinPE or BartPE CD/DVD or you can connect your system drive as a secondary or external drive to another computer and then boot the operating system installed on the computer. After you boot a system, run VeraCrypt, click 'Select Device', select the affected system partition, click 'OK', select 'System' > 'Mount Without Pre-Boot Authentication', enter your pre-boot authentication password and click 'OK'. The partition will be mounted as a regular VeraCrypt volume (data will be on-the-fly decrypted/encrypted in RAM on access, as usual).\n\n\n</entry>
<entry lang="en" key="RESCUE_DISK_HELP_PORTION_9">Note that even if you lose your VeraCrypt Rescue Disk and an attacker finds it, he or she will NOT be able to decrypt the system partition or drive without the correct password.</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_1">\n\nI M P O R T A N T -- PLEASE PRINT THIS TEXT IF POSSIBLE (click 'Print' below).\n\n\nNote: This text will be automatically displayed each time you start the hidden system until you start creating the decoy system.\n\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_2">How to Create Decoy System Safely and Securely\n----------------------------------------------------------------------------\n\nIn order to achieve plausible deniability, you need to create the decoy operating system now. To do so, follow these steps:\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_3">1) For security reasons, shut down your computer and leave it powered off for at least several minutes (the longer, the better). This is required to clear the memory, which contains sensitive data. Then turn on the computer but do not boot the hidden system.\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_4">2) Install Windows on the partition whose content has been erased (i.e. on the partition where the original system, of which the hidden system is a clone, was installed).\n\nIMPORTANT: WHEN YOU START INSTALLING THE DECOY SYSTEM, THE HIDDEN SYSTEM WILL *NOT* BE POSSIBLE TO BOOT (because the VeraCrypt Boot Loader will be erased by the Windows system installer). THIS IS NORMAL AND EXPECTED. PLEASE DO NOT PANIC. YOU WILL BE ABLE TO BOOT THE HIDDEN SYSTEM AGAIN AS SOON AS YOU START ENCRYPTING THE DECOY SYSTEM (because VeraCrypt will then automatically install the VeraCrypt Boot Loader on the system drive).\n\nImportant: The size of the decoy system partition must remain the same as the size of the hidden volume (this condition is now met). Moreover, you must not create any partition between the decoy system partition and the partition where the hidden system resides.\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_5">3) Boot the decoy system (which you installed in step 2 and install VeraCrypt on it).\n\nKeep in mind that the decoy system must never contain any sensitive data.\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_6">4) On the decoy system, run VeraCrypt and select 'System' &gt; 'Encrypt System Partition/Drive'. The VeraCrypt Volume Creation Wizard window should appear.\n\nThe following steps apply to the VeraCrypt Volume Creation Wizard.\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_7">5) In the VeraCrypt Volume Creation Wizard, do NOT select the 'Hidden' option. Leave the 'Normal' option selected and click 'Next'.\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_8">6) Select the option 'Encrypt the Windows system partition' and then click 'Next'.\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_9">7) If there are only the hidden system and the decoy system installed on the computer, select the option 'Single-boot' (if there are more than these two systems installed on the computer, select 'Multi-boot'). Then click 'Next'.\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_10">8) IMPORTANT: In this step, FOR THE DECOY SYSTEM, YOU MUST SELECT THE SAME ENCRYPTION ALGORITHM AND HASH ALGORITHM THAT YOU SELECTED FOR THE HIDDEN SYSTEM! OTHERWISE, THE HIDDEN SYSTEM WILL BE INACCESSIBLE! In other words, the decoy system must be encrypted with the same encryption algorithm as the hidden system. Note: The reason is that the decoy system and the hidden system will share a single boot loader, which supports only a single algorithm, selected by the user (for each algorithm, there is a special version of the VeraCrypt Boot Loader).\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_11">9) In this step, choose a password for the decoy operating system. This will be the password that you will be able to reveal to an adversary if you are asked or forced to disclose your pre-boot authentication password (the other password you can reveal is the one for the outer volume). The existence of the third password (i.e. of the pre-boot authentication password for the hidden operating system) will remain secret.\n\nImportant: The password you choose for the decoy system must be substantially different from the one you chose for the hidden volume (i.e. for the hidden operating system).\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_12">10) Follow the remaining instructions in the wizard so as to encrypt the decoy operating system.\n\n\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_13">After Decoy System Is Created\n------------------------------------------------\n\nAfter you encrypt the decoy system, the whole process of creation of the hidden operating system will be completed and you will be able to use these three passwords:\n\n1) Pre-boot authentication password for the hidden operating system.\n\n2) Pre-boot authentication password for the decoy operating system.\n\n3) Password for the outer volume.\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_14">If you want to start the hidden operating system, you will just need to enter the password for the hidden operating system in the VeraCrypt Boot Loader screen (which appears after you turn on or restart your computer).\n\nIf you want to start the decoy operating system, you will just need to enter the password for the decoy operating system in the VeraCrypt Boot Loader screen.\n\nThe password for the decoy system can be disclosed to anyone forcing you to reveal your pre-boot authentication password. The existence of the hidden volume (and of the hidden operating system) will remain secret.\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_15">The third password (for the outer volume) can be disclosed to anyone forcing you to reveal the password for the first partition behind the system partition, where both the outer volume and the hidden volume (containing the hidden operating system) reside. The existence of the hidden volume (and of the hidden operating system) will remain secret.\n\n\n</entry>
<entry lang="en" key="DECOY_OS_INSTRUCTIONS_PORTION_16">If you revealed the password for the decoy system to an adversary and he asked you why the free space of the (decoy) system partition contains random data, you could answer, for example: "The partition previously contained a system encrypted by VeraCrypt, but I forgot the pre-boot authentication password (or the system was damaged and stopped booting), so I had to reinstall Windows and encrypt the partition again."\n\n\n</entry>
@@ -1275,71 +1276,71 @@
<entry lang="en" key="INVALID_TOKEN_KEYFILE_PATH">Security token keyfile path is invalid.</entry>
<entry lang="en" key="SECURITY_TOKEN_ERROR">Security token error</entry>
<entry lang="en" key="CKR_PIN_INCORRECT">Password for security token is incorrect.</entry>
<entry lang="en" key="CKR_DEVICE_MEMORY">The security token does not have enough memory/space to perform the requested operation.\n\nIf you are attempting to import a keyfile, you should select a smaller file or use a keyfile generated by VeraCrypt (select 'Tools' > 'Keyfile Generator').</entry>
<entry lang="en" key="ALL_TOKEN_SESSIONS_CLOSED">All open security token sessions have been closed.</entry>
<entry lang="en" key="SELECT_TOKEN_KEYFILES">Select Security Token Keyfiles</entry>
<entry lang="en" key="TOKEN_SLOT_ID">Slot</entry>
<entry lang="en" key="TOKEN_NAME">Token name</entry>
<entry lang="en" key="TOKEN_DATA_OBJECT_LABEL">File name</entry>
<entry lang="en" key="BOOT_PASSWORD_CACHE_KEYBOARD_WARNING">IMPORTANT: Please note that pre-boot authentication passwords are always typed using the standard US keyboard layout. Therefore, a volume that uses a password typed using any other keyboard layout may be impossible to mount using a pre-boot authentication password (note that this is not a bug in VeraCrypt). To allow such a volume to be mounted using a pre-boot authentication password, follow these steps:\n\n1) Click 'Select File' or 'Select Device' and select the volume.\n2) Select 'Volumes' > 'Change Volume Password'.\n3) Enter the current password for the volume.\n4) Change the keyboard layout to English (US) by clicking the Language bar icon in the Windows taskbar and selecting 'EN English (United States)'.\n5) In VeraCrypt, in the field for the new password, type the pre-boot authentication password.\n6) Confirm the new password by retyping it in the confirmation field and click 'OK'.\nWARNING: Please keep in mind that if you follow these steps, the volume password will always have to be typed using the US keyboard layout (which is automatically ensured only in the pre-boot environment).</entry>
<entry lang="en" key="SYS_FAVORITES_KEYBOARD_WARNING">System favorite volumes will be mounted using the pre-boot authentication password. If any system favorite volume uses a different password, it will not be mounted.</entry>
<entry lang="en" key="SYS_FAVORITES_ADMIN_ONLY_INFO">Please note that if you need to prevent normal VeraCrypt volume actions (such as 'Dismount All', auto-dismount, etc.) from affecting system favorite volumes, you should enable the option 'Allow only administrators to view and dismount system favorite volumes in VeraCrypt'. In addition, when VeraCrypt is run without administrator privileges (the default on Windows Vista and later), system favorite volumes will not be displayed in the drive letter list in the main VeraCrypt application window.</entry>
<entry lang="en" key="SYS_FAVORITES_ADMIN_ONLY_WARNING">IMPORTANT: Please keep in mind that if this option is enabled and VeraCrypt does not have administrator privileges, mounted system favorite volumes are NOT displayed in the VeraCrypt application window and they cannot be dismounted. Therefore, if you need e.g. to dismount a system favorite volume, please right-click the VeraCrypt icon (in the Start menu) and select 'Run as administrator' first. The same limitation applies to the 'Dismount All' function, 'Auto-Dismount' functions, 'Dismount All' hot keys, etc.</entry>
<entry lang="en" key="SETTING_REQUIRES_REBOOT">Note that this setting takes effect only after the operating system is restarted.</entry>
<entry lang="en" key="COMMAND_LINE_ERROR">Error while parsing command line.</entry>
<entry lang="en" key="RESCUE_DISK">Rescue Disk</entry>
<entry lang="en" key="SELECT_FILE_AND_MOUNT">Select &amp;File and Mount...</entry>
<entry lang="en" key="SELECT_DEVICE_AND_MOUNT">Select &amp;Device and Mount...</entry>
<entry lang="en" key="DISABLE_NONADMIN_SYS_FAVORITES_ACCESS">Allow only administrators to view and dismount system favorite volumes in VeraCrypt</entry>
<entry lang="en" key="MOUNT_SYSTEM_FAVORITES_ON_BOOT">Mount system favorite volumes when Windows starts (in the initial phase of the startup procedure)</entry>
<entry lang="en" key="MOUNTED_VOLUME_DIRTY">Warning: The filesystem on the volume mounted as '%s' was not cleanly dismounted and thus may contain errors. Using a corrupted filesystem can cause data loss or data corruption.\n\nNote: Before you physically remove or switch off a device (such as a USB flash drive or an external hard drive) where a mounted VeraCrypt volume resides, you should always dismount the VeraCrypt volume in VeraCrypt first.\n\n\nDo you want Windows to attempt to detect and fix errors (if any) on the filesystem?</entry>
<entry lang="en" key="SYS_FAVORITE_VOLUME_DIRTY">Warning: One or more system favorite volumes were not cleanly dismounted and thus may contain filesystem errors. Please see the system event log for further details.\n\nUsing a corrupted filesystem can cause data loss or data corruption. You should check the affected system favorite volume(s) for errors (right-click each of them in VeraCrypt and select 'Repair Filesystem').</entry>
<entry lang="en" key="FILESYS_REPAIR_CONFIRM_BACKUP">Warning: Repairing a damaged filesystem using the Microsoft 'chkdsk' tool might cause loss of files in damaged areas. Therefore, it is recommended that you first back up the files stored on the VeraCrypt volume to another, healthy, VeraCrypt volume.\n\nDo you want to repair the filesystem now?</entry>
<entry lang="en" key="MOUNTED_CONTAINER_FORCED_READ_ONLY">Volume '%s' has been mounted as read-only because write access was denied.\n\nPlease make sure the security permissions of the file container allow you to write to it (right-click the container and select Properties > Security).\n\nNote that, due to a Windows issue, you may see this warning even after setting the appropriate security permissions. This is not caused by a bug in VeraCrypt. A possible solution is to move your container to, e.g., your 'Documents' folder.\n\nIf you intend to keep your volume read-only, set the read-only attribute of the container (right-click the container and select Properties > Read-only), which will suppress this warning.</entry>
<entry lang="en" key="MOUNTED_DEVICE_FORCED_READ_ONLY">Volume '%s' had to be mounted as read-only because write access was denied.\n\nPlease make sure no other application (e.g. antivirus software) is accessing the partition/device on which the volume is hosted.</entry>
<entry lang="en" key="MOUNTED_DEVICE_FORCED_READ_ONLY_WRITE_PROTECTION">Volume '%s' has been mounted as read-only because the operating system reported the host device to be write-protected.\n\nPlease note that some custom chipset drivers have been reported to cause writable media to falsely appear write-protected. This problem is not caused by VeraCrypt. It may be solved by updating or uninstalling any custom (non-Microsoft) chipset drivers that are currently installed on this system.</entry>
<entry lang="en" key="LIMIT_ENC_THREAD_POOL_NOTE">Note that the Hyper-Threading technology provides multiple logical cores per a single physical core. When Hyper Threading is enabled, the number selected above represents the number of logical processors/cores.</entry>
<entry lang="en" key="NUMBER_OF_THREADS">%d threads</entry>
<entry lang="en" key="DISABLED_HW_AES_AFFECTS_PERFORMANCE">Note that hardware-accelerated AES is disabled, which will affect benchmark results (worse performance).\n\nTo enable hardware acceleration, select 'Settings' > 'Performance' and enable the corresponding option.</entry>
<entry lang="en" key="LIMITED_THREAD_COUNT_AFFECTS_PERFORMANCE">Note that the number of threads is currently limited, which will affect benchmark results (worse performance).\n\nTo utilize the full potential of the processor(s), select 'Settings' > 'Performance' and disable the corresponding option.</entry>
<entry lang="en" key="ASK_REMOVE_DEVICE_WRITE_PROTECTION">Do you want VeraCrypt to attempt to disable write protection of the partition/drive?</entry>
<entry lang="en" key="CONFIRM_SETTING_DEGRADES_PERFORMANCE">WARNING: This setting may degrade performance.\n\nAre you sure you want to use this setting?</entry>
<entry lang="en" key="HOST_DEVICE_REMOVAL_DISMOUNT_WARN_TITLE">Warning: VeraCrypt volume auto-dismounted</entry>
<entry lang="en" key="HOST_DEVICE_REMOVAL_DISMOUNT_WARN">Before you physically remove or turn off a device containing a mounted volume, you should always dismount the volume in VeraCrypt first.\n\nUnexpected spontaneous dismount is usually caused by an intermittently failing cable, drive (enclosure), etc.</entry>
<entry lang="en" key="UNSUPPORTED_TRUECRYPT_FORMAT">This volume was created with TrueCrypt %x.%x but VeraCrypt supports only TrueCrypt volumes created with TrueCrypt 6.x/7.x series</entry>
- <entry lang="en" key="TEST">Test</entry>
+ <entry lang="en" key="TEST">Start pretest</entry>
<entry lang="en" key="KEYFILE">Keyfile</entry>
<entry lang="en" key="VKEY_08">Backspace</entry>
<entry lang="en" key="VKEY_09">Tab</entry>
<entry lang="en" key="VKEY_0C">Clear</entry>
<entry lang="en" key="VKEY_0D">Enter</entry>
<entry lang="en" key="VKEY_13">Pause</entry>
<entry lang="en" key="VKEY_14">Caps Lock</entry>
<entry lang="en" key="VKEY_20">Spacebar</entry>
<entry lang="en" key="VKEY_21">Page Up</entry>
<entry lang="en" key="VKEY_22">Page Down</entry>
<entry lang="en" key="VKEY_23">End</entry>
<entry lang="en" key="VKEY_24">Home</entry>
<entry lang="en" key="VKEY_25">Left Arrow</entry>
<entry lang="en" key="VKEY_26">Up Arrow</entry>
<entry lang="en" key="VKEY_27">Right Arrow</entry>
<entry lang="en" key="VKEY_28">Down Arrow</entry>
<entry lang="en" key="VKEY_29">Select Key</entry>
<entry lang="en" key="VKEY_2A">Print Key</entry>
<entry lang="en" key="VKEY_2B">Execute Key</entry>
<entry lang="en" key="VKEY_2C">Print Screen</entry>
<entry lang="en" key="VKEY_2D">Insert</entry>
<entry lang="en" key="VKEY_2E">Delete</entry>
<entry lang="en" key="VKEY_5D">Applications Key</entry>
<entry lang="en" key="VKEY_5F">Sleep</entry>
<entry lang="en" key="VKEY_90">Num Lock</entry>
<entry lang="en" key="VKEY_91">Scroll Lock</entry>
<entry lang="en" key="VKEY_A6">Browser Back</entry>
<entry lang="en" key="VKEY_A7">Browser Forward</entry>
<entry lang="en" key="VKEY_A8">Browser Refresh</entry>
<entry lang="en" key="VKEY_A9">Browser Stop</entry>
<entry lang="en" key="VKEY_AA">Browser Search</entry>
<entry lang="en" key="VKEY_AB">Browser Favorites</entry>
<entry lang="en" key="VKEY_AC">Browser Home</entry>
<entry lang="en" key="VKEY_AD">Mute</entry>
<entry lang="en" key="VKEY_AE">Volume Down</entry>
@@ -1368,96 +1369,96 @@
<entry lang="en" key="GB">GiB</entry>
<entry lang="en" key="TB">TiB</entry>
<entry lang="en" key="PB">PiB</entry>
<entry lang="en" key="B_PER_SEC">B/s</entry>
<entry lang="en" key="KB_PER_SEC">KiB/s</entry>
<entry lang="en" key="MB_PER_SEC">MiB/s</entry>
<entry lang="en" key="GB_PER_SEC">GiB/s</entry>
<entry lang="en" key="TB_PER_SEC">TiB/s</entry>
<entry lang="en" key="PB_PER_SEC">PiB/s</entry>
<entry lang="en" key="TRIPLE_DOT_GLYPH_ELLIPSIS">…</entry>
<entry lang="en" key="IDC_BOOT_LOADER_CACHE_PIM">Include &amp;PIM when caching pre-boot authentication password</entry>
<entry lang="en" key="IDC_PREF_CACHE_PIM">Include PIM when caching a password</entry>
<entry lang="en" key="IDC_SHOW_DISCONNECTED_NETWORK_DRIVES">Make disconnected network drives available for mounting</entry>
<entry lang="en" key="PASSWORD_UTF8_TOO_LONG">The entered password is too long: its UTF-8 representation exceeds %d bytes.</entry>
<entry lang="en" key="PASSWORD_UTF8_INVALID">The entered password contains Unicode characters that couldn't be converted to UTF-8 representation.</entry>
<entry lang="en" key="INIT_DLL">Error: Failed to load a system library.</entry>
<entry lang="en" key="ERR_EXFAT_INVALID_VOLUME_SIZE">The volume file size specified in the command line is incompatible with selected exFAT filesystem.</entry>
<entry lang="en" key="IDT_ENTROPY_BAR">Randomness Collected From Mouse Movements</entry>
<entry lang="en" key="IDT_VOLUME_ID">Volume ID:</entry>
<entry lang="en" key="VOLUME_ID">Volume ID</entry>
<entry lang="en" key="IDC_FAVORITE_USE_VOLUME_ID">Use Volume ID to mount favorite</entry>
<entry lang="en" key="VOLUME_ID_INVALID">The Volume ID value is invalid</entry>
<entry lang="en" key="VOLUME_ID_NOT_FOUND">No Volume with the specified ID was found on the system</entry>
<entry lang="en" key="IDPM_COPY_VALUE_TO_CLIPBOARD">Copy Value to Clipboard...</entry>
<entry lang="en" key="IDC_DISABLE_BOOT_LOADER_PIM_PROMPT">Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)</entry>
<entry lang="en" key="DISABLE_BOOT_LOADER_PIM_PROMPT">WARNING: Please keep in mind that if you enable this option, the PIM value will be stored unencrypted on the disk.\n\nAre you sure you want to enable this option?</entry>
<entry lang="en" key="PIM_TOO_BIG">Personal Iterations Multiplier (PIM) maximum value is 2147468.</entry>
<entry lang="en" key="IDC_SKIP_RESCUE_VERIFICATION">Skip Rescue Disk verification</entry>
<entry lang="en" key="IDC_HIDE_WAITING_DIALOG">Don't show wait message dialog when performing operations</entry>
<entry lang="en" key="IDC_DISABLE_BOOT_LOADER_HASH_PROMPT">Do not request Hash algorithm in the pre-boot authentication screen</entry>
<entry lang="en" key="KUZNYECHIK_HELP">Kuznyechik is a block cipher first published in 2015 and defined in the National Standard of the Russian Federation GOST R 34.12-2015 and also in RFC 7801. 256-bit key, 128-bit block. Mode of operation is XTS.</entry>
<entry lang="en" key="CAMELLIA_HELP">Jointly developed by Mitsubishi Electric and NTT of Japan. First published on 2000. 256-bit key, 128-bit block. Mode of operation is XTS. It has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.</entry>
<entry lang="en" key="TIME">Time</entry>
<entry lang="en" key="ITERATIONS">Iterations</entry>
<entry lang="en" key="PRE-BOOT">Pre-Boot</entry>
- <entry lang="en" key="RESCUE_DISK_EFI_INFO">Before you can encrypt the partition, you must create a VeraCrypt Rescue Disk (VRD), which serves the following purposes:\n\n- If the VeraCrypt Boot Loader, master key, or other critical data gets damaged, the VRD allows you to restore it (note, however, that you will still have to enter the correct password then).\n\n- If Windows gets damaged and cannot start, the VRD allows you to permanently decrypt the partition before Windows starts.\n\n- The VRD will contain a backup of the present EFI boot loader and will allow you to restore it if necessary.\n\nThe VeraCrypt Rescue Disk ZIP image will be created in the location specified below.</entry>
+ <entry lang="en" key="RESCUE_DISK_EFI_INFO">\n\nIf Windows gets damaged and cannot start, the VeraCrypt Rescue Disk allows you to permanently decrypt the partition. Note, however, that you will still have to enter the correct password then!\n\n\nWARNING: If you have already created a VeraCrypt Rescue Disk in the past, it cannot be reused for this encryption! Every time you use this encryption tool, you must create and securely store a new VeraCrypt Rescue Disk for it even if you use the same password.</entry>
<entry lang="en" key="RESCUE_DISK_EFI_EXTRACT_INFO">The Rescue Disk ZIP image has been created and stored in this file:\n%s\n\nNow you need to extract it to a USB stick that is formatted as FAT/FAT32.\n\n%lsAfter you create the Rescue Disk, click Next to verify that it has been correctly created.</entry>
- <entry lang="en" key="RESCUE_DISK_EFI_EXTRACT_INFO_NO_CHECK">The Rescue Disk ZIP image has been created and stored in this file:\n%s\n\nNow you should either extract the image to a USB stick that is formatted as FAT/FAT32 or move it to a safe location for later use.\n\n%lsClick Next to continue.</entry>
+ <entry lang="en" key="RESCUE_DISK_EFI_EXTRACT_INFO_NO_CHECK">The Rescue Disk ZIP image has been created and stored in this file:\n%s\n\nNow you should either extract the image to a USB stick that is formatted as FAT/FAT32 or move it to a safe location for later use.\n\n\n\n%lsClick Next to continue.</entry>
<entry lang="en" key="RESCUE_DISK_EFI_EXTRACT_INFO_NOTE">IMPORTANT: Note that the zip file must be extracted directly to the root of the USB stick. For example, if the drive letter of the USB stick is E: then extracting the zip file should create a folder E:\\EFI on the USB stick.\n\n</entry>
<entry lang="en" key="RESCUE_DISK_EFI_CHECK_FAILED">Cannot verify that the Rescue Disk has been correctly extracted.\n\nIf you have extracted the Rescue Disk, please eject and reinsert the USB stick; then click Next to try again. If this does not help, please try another USB stick and/or another ZIP software.\n\nIf you have not extracted the Rescue Disk yet, please do so, and then click Next.\n\nIf you attempted to verify a VeraCrypt Rescue Disk created before you started this wizard, please note that such Rescue Disk cannot be used, because it was created for a different master key. You need to extract the newly generated Rescue Disk ZIP image.</entry>
<entry lang="en" key="RESCUE_DISK_EFI_NON_WIZARD_CHECK_FAILED">Cannot verify that the Rescue Disk has been correctly extracted.\n\nIf you have extracted the Rescue Disk image to a USB stick, please eject it and reinsert it; then try again. If this does not help, please try other ZIP software and/or medium.\n\nIf you attempted to verify a VeraCrypt Rescue Disk created for a different master key, password, salt, etc., please note that such Rescue Disk will always fail this verification. To create a new Rescue Disk fully compatible with your current configuration, select 'System' > 'Create Rescue Disk'.</entry>
<entry lang="en" key="RESCUE_DISK_EFI_NON_WIZARD_CREATION">The Rescue Disk image has been created and stored in this file:\n%s\n\nNow you need to extract the Rescue Disk image to a USB stick that is formatted as FAT/FAT32.\n\nIMPORTANT: Note that the zip file must be extracted directly to the root of the USB stick. For example, if the drive letter of the USB stick is E: then extracting the zip file should create a folder E:\\EFI on the USB stick.\n\nAfter you create the Rescue Disk, select 'System' > 'Verify Rescue Disk' to verify that it has been correctly created.</entry>
<entry lang="en" key="IDC_SECURE_DESKTOP_PASSWORD_ENTRY">Use Secure Desktop for password entry</entry>
<entry lang="en" key="ERR_REFS_INVALID_VOLUME_SIZE">The volume file size specified in the command line is incompatible with selected ReFS filesystem.</entry>
<entry lang="en" key="IDC_EDIT_DCSPROP">Edit Boot Loader Configuration</entry>
<entry lang="en" key="IDC_SHOW_PLATFORMINFO">Display EFI Platform Information</entry>
<entry lang="en" key="BOOT_LOADER_CONFIGURATION_FILE">Boot Loader Configuration File</entry>
<entry lang="en" key="EFI_PLATFORM_INFORMATION">EFI Platform Information</entry>
<entry lang="en" key="EDIT_DCSPROP_FOR_ADVANCED_ONLY">WARNING: Inexperienced users should never attempt to manually edit boot loader configurations.\n\nContinue?</entry>
<entry lang="en" key="DCSPROP_XML_VALIDATION_FAILED">WARNING: Failed to validate the XML format of the Boot Loader configuration. Please check your modifications.</entry>
<entry lang="en" key="IDT_ADVANCED_OPTIONS">Advanced Options</entry>
<entry lang="en" key="AFTER_UPGRADE_RESCUE_DISK">It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now?</entry>
<entry lang="en" key="IDC_ALLOW_TRIM_NONSYS_SSD">Allow TRIM command for non-system SSD partition/drive</entry>
<entry lang="en" key="IDC_BLOCK_SYSENC_TRIM">Block TRIM command on system partition/drive</entry>
<entry lang="en" key="WINDOWS_EFI_BOOT_LOADER_MISSING">ERROR: Windows EFI system loader could not be located on the disk. Operation will be aborted.</entry>
<entry lang="en" key="SYSENC_EFI_UNSUPPORTED_SECUREBOOT">It is currently not possible to encrypt a system if SecureBoot is enabled and if VeraCrypt custom keys are not loaded into the machine firmware. SecureBoot needs to be disabled in the BIOS configuration in order to allow system encryption to proceed.</entry>
<entry lang="en" key="PASSWORD_PASTED_TRUNCATED">Pasted text truncated because the password maximum length is %d characters</entry>
<entry lang="en" key="PASSWORD_MAXLENGTH_REACHED">Password already reached its maximum length of %d characters.\nNo additional character is allowed.</entry>
<entry lang="en" key="IDC_SELECT_LANGUAGE_LABEL">Select the language to use during the installation:</entry>
<entry lang="en" key="VOLUME_TOO_LARGE_FOR_HOST">ERROR: The size of the file container is larger than the available free space on disk.</entry>
- <entry lang="en" key="IDC_ALLOW_WINDOWS_DEFRAG">Allow Windows Disk Defragmenter to defragment non-system partition/drive</entry>
+ <entry lang="en" key="IDC_ALLOW_WINDOWS_DEFRAG">Allow Windows Disk Defragmenter to defragment non-system partition/drive</entry>
<entry lang="en" key="CONFIRM_ALLOW_WINDOWS_DEFRAG">WARNING: Defragmenting non-system partitions/drives may leak metadata about their content or cause issues with hidden volumes they may contain.\n\nContinue?</entry>
<entry lang="en" key="VIRTUAL_DEVICE">Virtual Device</entry>
<entry lang="en" key="MOUNTED_VOLUME_NOT_ASSOCIATED">The selected mounted volume is not associated with its drive letter in Windows and so it can not be opened in Windows Explorer.</entry>
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
<entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
<entry lang="en" key="IDC_USE_LEGACY_MAX_PASSWORD_LENGTH">Use legacy maximum password length (64 characters)</entry>
<entry lang="en" key="IDC_ENABLE_RAM_ENCRYPTION">Activate encryption of keys and passwords stored in RAM</entry>
<entry lang="en" key="IDT_BENCHMARK">Benchmark:</entry>
<entry lang="en" key="IDC_DISABLE_MOUNT_MANAGER">Only create virtual device without mounting on selected drive letter</entry>
<entry lang="en" key="LEGACY_PASSWORD_UTF8_TOO_LONG">The entered password is too long: its UTF-8 representation exceeds 64 bytes.</entry>
<entry lang="en" key="HIDDEN_CREDS_SAME_AS_OUTER">The Hidden volume can't have the same password, PIM and keyfiles as the Outer volume</entry>
<entry lang="en" key="SYSENC_BITLOCKER_CONFLICT">VeraCrypt does not support encrypting a system drive that is already encrypted by BitLocker.</entry>
<entry lang="en" key="IDC_UPDATE_BOOTLOADER_ON_SHUTDOWN">Automatically fix boot configuration issues that may prevent Windows from starting</entry>
<entry lang="en" key="IDC_FORCE_NEXT_BOOT_VERACRYPT">Force machine to boot on VeraCrypt in the next startup</entry>
<entry lang="en" key="IDC_FORCE_VERACRYPT_BOOT_ENTRY">Force the presence of VeraCrypt entry in the EFI firmware boot menu</entry>
<entry lang="en" key="IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY">Force VeraCrypt entry to be the first in the EFI firmware boot menu</entry>
<entry lang="en" key="RAM_ENCRYPTION_DISABLE_HIBERNATE">WARNING: RAM encryption is not compatible with Windows Hibernate and Windows Fast Startup features. VeraCrypt needs to disable them before activating RAM encryption.\n\nContinue?</entry>
<entry lang="en" key="CONFIRM_DISABLE_FAST_STARTUP">WARNING: Windows Fast Startup is enabled and it is known to cause issues when working with VeraCrypt volumes. It is advised to disable it for better security and usability.\n\nDo you want to disable Windows Fast Startup?</entry>
<entry lang="en" key="QUICK_FORMAT_HELP">In order to enable your operating system to mount your new volume, it has to be formatted with a filesystem. Please select a filesystem type.\n\nIf your volume is going to be hosted on a device or partition, you can use 'Quick format' to skip encryption of free space of the volume.</entry>
<entry lang="en" key="IDC_ENABLE_HARDWARE_ENCRYPTION_NEG">Do not accelerate AES encryption/decryption by using the AES instructions of the processor</entry>
<entry lang="en" key="IDM_ADD_ALL_VOLUME_TO_FAVORITES">Add All Mounted Volumes to Favorites...</entry>
<entry lang="en" key="TASKICON_PREF_MENU_ITEMS">Task Icon Menu Items</entry>
<entry lang="en" key="TASKICON_PREF_OPEN_VOL">Open Mounted Volumes</entry>
<entry lang="en" key="TASKICON_PREF_DISMOUNT_VOL">Dismount Mounted Volumes</entry>
<entry lang="en" key="DISK_FREE">Free space available: {0}</entry>
<entry lang="en" key="VOLUME_SIZE_HELP">Please specify the size of the container to create. Note that the minimum possible size of a volume is 292 KiB.</entry>
<entry lang="en" key="LINUX_CONFIRM_INNER_VOLUME_CALC">WARNING: You have selected a filesystem other than FAT for the outer volume.\nPlease Note that in this case VeraCrypt can't calculate the exact maximum allowed size for the hidden volume and it will use only an estimation that can be wrong.\nThus, it is your responsibility to use an adequate value for the size of the hidden volume so that it does not overlap the outer volume.\n\nDo you want to continue using the selected filesystem for the outer volume?</entry>
<entry lang="en" key="LINUX_PREF_TAB_SECURITY">Security</entry>
<entry lang="en" key="LINUX_PREF_TAB_MOUNT_OPTIONS">Mount Options</entry>
<entry lang="en" key="LINUX_PREF_TAB_BACKGROUND_TASK">Background Task</entry>
<entry lang="en" key="LINUX_PREF_TAB_SYSTEM_INTEGRATION">System Integration</entry>
<entry lang="en" key="LINUX_PREF_TAB_SYSTEM_INTEGRATION_EXPLORER">Filesystem Explorer</entry>
<entry lang="en" key="LINUX_PREF_TAB_PERFORMANCE">Performance</entry>
@@ -1536,70 +1537,117 @@
<entry lang="en" key="LINUX_EX2MSG_MOUNTPOINTREQUIRED">Mount point required.</entry>
<entry lang="en" key="LINUX_EX2MSG_MOUNTPOINTUNAVAILABLE">Mount point is already in use.</entry>
<entry lang="en" key="LINUX_EX2MSG_PASSWORDEMPTY">No password or keyfile specified.</entry>
<entry lang="en" key="LINUX_EX2MSG_PASSWORDORKEYBOARDLAYOUTINCORRECT">\n\nNote that pre-boot authentication passwords need to be typed in the pre-boot environment where non-US keyboard layouts are not available. Therefore, pre-boot authentication passwords must always be typed using the standard US keyboard layout (otherwise, the password will be typed incorrectly in most cases). However, note that you do NOT need a real US keyboard; you just need to change the keyboard layout in your operating system.</entry>
<entry lang="en" key="LINUX_EX2MSG_PASSWORDORMOUNTOPTIONSINCORRECT">\n\nNote: If you are attempting to mount a partition located on an encrypted system drive without pre-boot authentication or to mount the encrypted system partition of an operating system that is not running, you can do so by selecting 'Options >' > 'Mount partition using system encryption'.</entry>
<entry lang="en" key="LINUX_EX2MSG_PASSWORDTOOLONG">Password is longer than {0} characters.</entry>
<entry lang="en" key="LINUX_EX2MSG_PARTITIONDEVICEREQUIRED">Partition device required.</entry>
<entry lang="en" key="LINUX_EX2MSG_PROTECTIONPASSWORDINCORRECT">Incorrect password to the protected hidden volume or the hidden volume does not exist.</entry>
<entry lang="en" key="LINUX_EX2MSG_PROTECTIONPASSWORDKEYFILESINCORRECT">Incorrect keyfile(s) and/or password to the protected hidden volume or the hidden volume does not exist.</entry>
<entry lang="en" key="LINUX_EX2MSG_STRINGCONVERSIONFAILED">Invalid characters encountered.</entry>
<entry lang="en" key="LINUX_EX2MSG_STRINGFORMATTEREXCEPTION">Error while parsing formatted string.</entry>
<entry lang="en" key="LINUX_EX2MSG_TEMPORARYDIRECTORYFAILURE">Failed to create a file or directory in a temporary directory.\n\nPlease make sure that the temporary directory exists, its security permissions allow you to access it, and there is sufficient disk space.</entry>
<entry lang="en" key="LINUX_EX2MSG_UNSUPPORTEDSECTORSIZEHIDDENVOLUMEPROTECTION">Error: The drive uses a sector size other than 512 bytes.\n\nDue to limitations of components available on your platform, outer volumes hosted on the drive cannot be mounted using hidden volume protection.\n\nPossible solutions:\n- Use a drive with 512-byte sectors.\n- Create a file-hosted volume (container) on the drive.\n- Backup the contents of the hidden volume and then update the outer volume.</entry>
<entry lang="en" key="LINUX_EX2MSG_UNSUPPORTEDSECTORSIZENOKERNELCRYPTO">Error: The drive uses a sector size other than 512 bytes.\n\nDue to limitations of components available on your platform, partition/device-hosted volumes on the drive can only be mounted using kernel cryptographic services.\n\nPossible solutions:\n- Enable use of the kernel cryptographic services (Preferences > System Integration).\n- Use a drive with 512-byte sectors.\n- Create a file-hosted volume (container) on the drive.</entry>
<entry lang="en" key="LINUX_EX2MSG_UNSUPPORTEDSECTORSIZE">Error: The drive uses a sector size other than 512 bytes.\n\nDue to limitations of components available on your platform, partition/device-hosted volumes cannot be created/used on the drive.\n\nPossible solutions:\n- Create a file-hosted volume (container) on the drive.\n- Use a drive with 512-byte sectors.\n- Use VeraCrypt on another platform.</entry>
<entry lang="en" key="LINUX_EX2MSG_VOLUMEHOSTINUSE">The host file/device is already in use.</entry>
<entry lang="en" key="LINUX_EX2MSG_VOLUMESLOTUNAVAILABLE">Volume slot unavailable.</entry>
<entry lang="en" key="LINUX_EX2MSG_HIGHERFUSEVERSIONREQUIRED">VeraCrypt requires OSXFUSE 2.5 or above.</entry>
<entry lang="en" key="EXCEPTION_OCCURRED">Exception occurred</entry>
<entry lang="en" key="ENTER_PASSWORD">Enter password</entry>
<entry lang="en" key="ENTER_TC_VOL_PASSWORD">Enter VeraCrypt Volume Password</entry>
<entry lang="en" key="MOUNT">Mount</entry>
<entry lang="en" key="MOUNT_POINT">Mount Directory</entry>
<entry lang="en" key="NO_VOLUMES_MOUNTED">No volumes mounted.</entry>
<entry lang="en" key="OPEN_NEW_VOLUME">Specify a New VeraCrypt Volume</entry>
<entry lang="en" key="PARAMETER_INCORRECT">Parameter incorrect</entry>
<entry lang="en" key="SELECT_KEYFILES">Select Keyfiles</entry>
<entry lang="en" key="START_TC">Start VeraCrypt</entry>
<entry lang="en" key="VOLUME_ALREADY_MOUNTED">The volume {0} is already mounted.</entry>
<entry lang="en" key="UNKNOWN_OPTION">Unknown option</entry>
<entry lang="en" key="VOLUME_LOCATION">Volume Location</entry>
<entry lang="en" key="VOLUME_HOST_IN_USE">WARNING: The host file/device {0} is already in use!\n\nIgnoring this can cause undesired results including system instability. All applications that might be using the host file/device should be closed before mounting the volume.\n\nContinue mounting?</entry>
<entry lang="en" key="CANT_INSTALL_WITH_EXE_OVER_MSI">VeraCrypt was previously installed using an MSI package and so it can't be updated using the standard installer.\n\nPlease use the MSI package to update your VeraCrypt installation.</entry>
<entry lang="en" key="IDC_USE_ALL_FREE_SPACE">Use all available free space</entry>
<entry lang="en" key="SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM">VeraCrypt cannot be upgraded because the system partition/drive was encrypted using an algorithm that is not supported anymore.\nPlease decrypt your system before upgrading VeraCrypt and then encrypt it again.</entry>
+ <entry lang="en" key="RESCUE_DISK_BACK_BUTTON">The Rescue Disk was already created depending on the selected options. In order to prevent incompatibility, you have to click 'cancel' and restart the system encryption process, if you want to modify any configuration.</entry>
+ <entry lang="en" key="AES_BOX_HELP">AES is secure according to NIST</entry>
+ <entry lang="en" key="BACKUP_RESCUE_DISK_TITLE">Backup Rescue Disk</entry>
+ <entry lang="en" key="RESCUE_DISK_CHECKLIST_A">Store your password in a safe location. You can not recover your data without your password.\nThat is why VeraCrypt is considered to be secure.</entry>
+ <entry lang="en" key="RESCUE_DISK_CHECKLIST_B">Make sure that the rescue file is stored on an external medium. This could be a flash drive, an external hard drive or even a cloud storage.\nYour rescue file is located here:</entry>
+ <entry lang="en" key="RESCUE_DISK_CHECKLIST_C">Before you start encrypting your system, it is always a good idea to backup your personal data on an external drive for the unlikely case that the encryption process fails.</entry>
+ <entry lang="en" key="RESCUE_DISK_INFO_2">The VeraCrypt Rescue Disk ZIP image will be created by clicking the Next button in location specified below.</entry>
+ <entry lang="en" key="REMEMBER_PASSWORD"> I remember my Password</entry>
+ <entry lang="en" key="STORE_RESCUE_DISK"> I stored my rescue file</entry>
+ <entry lang="en" key="BACKUP_DATA"> I considered doing a backup of my personal Data</entry>
+ <entry lang="en" key="CHECKLIST_TITLE">Checklist - Before clicking 'Next'</entry>
+ <entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO">Some tests have to be done now to verify that everything works correctly.\n\nFor this test, your computer has to be restarted. Then you will have to enter your password in the VeraCrypt Boot Loader screen that will appear before Windows starts. After Windows starts, VeraCrypt is started automatically and you will be informed about the result of this pretest.\n\n\nThe following device will be modified: Drive %c:</entry>
+ <entry lang="en" key="SYSENC_DECRYPTION_PAGE_INFO">Make sure that your device does not run out of power.\nIf the decryption is interrupted you can resume it restarting VeraCrypt and selecting 'System' > 'Resume Interrupted Process'.</entry>
+ <entry lang="en" key="ADVANCED_FEATURES">Advanced features</entry>
+ <entry lang="en" key="VERY_WEAK_PASSWORD">very weak</entry>
+ <entry lang="en" key="WEAK_PASSWORD">weak</entry>
+ <entry lang="en" key="MEDIUM_PASSWORD">medium</entry>
+ <entry lang="en" key="STRONG_PASSWORD">strong</entry>
+ <entry lang="en" key="VERY_STRONG_PASSWORD">very strong</entry>
+ <entry lang="en" key="IDT_PASSWORD_STRENGTH">Password strength:</entry>
+ <entry lang="en" key="PASSWORD_HELP_SYSENC">You might consider to write the password down somewhere safe. Please note, that the field to repeat your password is greyed out until your password has the minimum required strength.</entry>
+ <entry lang="en" key="AES_HELP_NEW">AES is secure accoring to the National Institute of Standards and Technology (NIST) and the privacy and security research community.</entry>
+ <entry lang="en" key="SHA512_HELP">SHA-512 is secure accoring to the National Institute of Standards and Technology (NIST) and the privacy and security research community.</entry>
+ <entry lang="en" key="CHOOSE_PASSWORD_TITLE">Choose Password</entry>
+ <entry lang="en" key="TRANSLATED_PWD_NOT_WRITTEN">Warning: Error occured while writing translated password! Please try again. If this error happens again, change keyboard layout to US keyboard layout manually.</entry>
+ <entry lang="en" key="ERROR_TRANSLATE_PWD">Warning: Error occured while translating password!\nPlease type password again and try. If this error happens again, switch keyboard layout to US keyboard layout manually.</entry>
+ <entry lang="en" key="ERROR_KEYB_LAYOUT_NOT_LOADED">Your system does not support the standard US-Keyboard layout. Please make sure the layout is available. For further help, please visit: https://support.microsoft.com/en-us/windows/manage-the-input-and-display-language-settings-in-windows-10-12a10cb4-8626-9b77-0ccb-5013e0c7c7a2 </entry>
+ <entry lang="en" key="ERROR_PASTE_ACTION">Pasting text is disabled. Please type your password.</entry>
+ <entry lang="en" key="WARNING_PASSWORD_NOT_IDENTICAL">Passwords are not identical! Please type identic passwords in both fields!</entry>
+ <entry lang="en" key="SYSENC_INFO">This assistant will help you encrypt your drive (%c:)</entry>
+ <entry lang="en" key="SYSENC_INFO_2">A windows password can easily be circumvented by bad actors with physical access to your device. Drive encryption helps to secure your data from beeing accessed by bad actors. VeraCrypt Drive Encryption will keep them out by protecting your data with an additional password. </entry>
+ <entry lang="en" key="ADV_FEATURES_INTRO_TOOLTIP">Activate hidden OS here.</entry>
+ <entry lang="en" key="ADV_FEATURES_NOTE">Most experts agree that the following preselected options are secure. Only change them if you know what you are doing. </entry>
+ <entry lang="en" key="PIM_INFO">A Personal Iterations Multiplier (PIM) allows you to set the number of password hash iterations. This provides more flexibility for adjusting the desired security level while also controling the performance of the mount/boot operation.</entry>
+ <entry lang="en" key="WIPE_INFO">Overrides your data before the encryption. This prevents possible data recovery. Wipe is not needed under normal circumstances.</entry>
+ <entry lang="en" key="PRETEST_INFO">Before encrypting VeraCrypt will verify that everything is working correctly.\n\nVeraCrypt will run some tests, restart your computer and you have to enter you password before windows starts.</entry>
+ <entry lang="en" key="PRETEST_CANCEL">If you click cancel now, no changes will be made your system.</entry>
+ <entry lang="en" key="ERROR_GETTING_PATH">Error occured while getting path to executable file.</entry>
+ <entry lang="en" key="ERROR_GETTING_PWD">Error occured while getting the password. Please try again.</entry>
+ <entry lang="en" key="ERROR_GETTING_KEYB_STATE">Error occured while getting the keyboard state.</entry>
+ <entry lang="en" key="ERR_NO_TRANSLATION">There is no translation for that key you just pressed!</entry>
+ <entry lang="en" key="DEAD_KEY_SUPPORT">Dead keys will not reproduce dead char in this case because your password need to be translated to US keyboard layout so you can type your password in pre-boot environment.</entry>
+ <entry lang="en" key="PRETEST_CHECKBOX"> I made sure that my device will not run out of power during the encryption process.</entry>
+ <entry lang="en" key="OPEN_PATH_CHECKLIST_PAGE">Open path</entry>
+ <entry lang="en" key="RESCUE_DISK_PATH">Rescue Disk Path</entry>
+ <entry lang="en" key="PRETEST_BACK_BUTTON">If you want to cancel the encryption wizard, please click on cancel. In this case no changes will be made to your computer.</entry>
+ <entry lang="en" key="WIPE_WARNING">Wiping can take a long time (Up to hours). Wiping is not recommended if you have an SSD Drive.</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
<xs:complexType>
<xs:sequence>
<xs:element name="localization">
<xs:complexType>
<xs:sequence>
<xs:element name="language">
<xs:complexType>
<xs:attribute name="langid" type="xs:string" use="required" />
<xs:attribute name="name" type="xs:string" use="required" />
<xs:attribute name="en-name" type="xs:string" use="required" />
<xs:attribute name="version" type="xs:string" use="required" />
<xs:attribute name="translators" type="xs:string" use="required" />
</xs:complexType>
</xs:element>
<xs:element minOccurs="4" maxOccurs="4" name="font">
<xs:complexType>
<xs:attribute name="lang" type="xs:string" use="required" />
<xs:attribute name="class" type="xs:string" use="required" />
<xs:attribute name="size" type="xs:unsignedByte" use="required" />
<xs:attribute name="face" type="xs:string" use="required" />
</xs:complexType>
</xs:element>
<xs:element maxOccurs="unbounded" name="entry">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="lang" type="xs:string" use="required" />
<xs:attribute name="key" type="xs:string" use="required" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
diff --git a/src/Common/Password.c b/src/Common/Password.c
index 4caf3a21..3c9faa82 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -7,83 +7,89 @@
and which is governed by the 'License Agreement for Encryption for the Masses'
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2017 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages. */
#include "Tcdefs.h"
#include "Crypto.h"
#include "Volumes.h"
#include "Password.h"
#include "Dlgcode.h"
#include "Language.h"
#include "Pkcs5.h"
#include "Endian.h"
#include "Random.h"
#include <io.h>
#include <strsafe.h>
#ifndef SRC_POS
#define SRC_POS (__FUNCTION__ ":" TC_TO_STRING(__LINE__))
#endif
void VerifyPasswordAndUpdate (HWND hwndDlg, HWND hButton, HWND hPassword,
HWND hVerify, unsigned char *szPassword,
char *szVerify,
BOOL keyFilesEnabled)
{
wchar_t szTmp1[MAX_PASSWORD + 1];
wchar_t szTmp2[MAX_PASSWORD + 1];
char szTmp1Utf8[MAX_PASSWORD + 1];
char szTmp2Utf8[MAX_PASSWORD + 1];
int k = GetWindowTextLength (hPassword);
+ int j = GetWindowTextLength (hVerify);
BOOL bEnable = FALSE;
int utf8Len1, utf8Len2;
UNREFERENCED_PARAMETER (hwndDlg); /* Remove warning */
GetWindowText (hPassword, szTmp1, ARRAYSIZE (szTmp1));
GetWindowText (hVerify, szTmp2, ARRAYSIZE (szTmp2));
utf8Len1 = WideCharToMultiByte (CP_UTF8, 0, szTmp1, -1, szTmp1Utf8, MAX_PASSWORD + 1, NULL, NULL);
utf8Len2 = WideCharToMultiByte (CP_UTF8, 0, szTmp2, -1, szTmp2Utf8, MAX_PASSWORD + 1, NULL, NULL);
if (wcscmp (szTmp1, szTmp2) != 0)
+ {
bEnable = FALSE;
+ if(k > 0 && j == k)
+ Warning ("WARNING_PASSWORD_NOT_IDENTICAL", hwndDlg);
+
+ }
else if (utf8Len1 <= 0)
bEnable = FALSE;
else
{
if (k >= MIN_PASSWORD || keyFilesEnabled)
bEnable = TRUE;
else
bEnable = FALSE;
}
if (szPassword != NULL)
{
if (utf8Len1 > 0)
memcpy (szPassword, szTmp1Utf8, sizeof (szTmp1Utf8));
else
szPassword [0] = 0;
}
if (szVerify != NULL)
{
if (utf8Len2 > 0)
memcpy (szVerify, szTmp2Utf8, sizeof (szTmp2Utf8));
else
szVerify [0] = 0;
}
burn (szTmp1, sizeof (szTmp1));
burn (szTmp2, sizeof (szTmp2));
burn (szTmp1Utf8, sizeof (szTmp1Utf8));
burn (szTmp2Utf8, sizeof (szTmp2Utf8));
EnableWindow (hButton, bEnable);
}
@@ -113,75 +119,70 @@ BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw)
wchar_t s[MAX_PASSWORD + 1];
len = GetWindowTextLength (hPassword);
if (len > (bUseLegacyMaxPasswordLength? MAX_LEGACY_PASSWORD: MAX_PASSWORD))
return FALSE;
GetWindowTextW (hPassword, s, sizeof (s) / sizeof (wchar_t));
for (i = 0; i < len; i++)
{
if (s[i] >= 0x7f || s[i] < 0x20) // A non-ASCII or non-printable character?
break;
}
burn (s, sizeof(s));
if (i < len)
return FALSE;
}
return TRUE;
}
BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, int bootPRF, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning)
{
BOOL bootPimCondition = (bForBoot && (bootPRF != SHA512 && bootPRF != WHIRLPOOL))? TRUE : FALSE;
BOOL bCustomPimSmall = ((pim != 0) && (pim < (bootPimCondition? 98 : 485)))? TRUE : FALSE;
if (passwordLength < PASSWORD_LEN_WARNING)
{
if (bCustomPimSmall)
{
Error (bootPimCondition? "BOOT_PIM_REQUIRE_LONG_PASSWORD": "PIM_REQUIRE_LONG_PASSWORD", hwndDlg);
return FALSE;
}
-
-#ifndef _DEBUG
- if (!bSkipPasswordWarning && (MessageBoxW (hwndDlg, GetString ("PASSWORD_LENGTH_WARNING"), lpszTitle, MB_YESNO|MB_ICONWARNING|MB_DEFBUTTON2) != IDYES))
- return FALSE;
-#endif
}
#ifndef _DEBUG
else if (bCustomPimSmall)
{
if (!bSkipPimWarning && AskWarnNoYes ("PIM_SMALL_WARNING", hwndDlg) != IDYES)
return FALSE;
}
#endif
if ((pim != 0) && (pim > (bootPimCondition? 98 : 485)))
{
// warn that mount/boot will take more time
Warning ("PIM_LARGE_WARNING", hwndDlg);
}
return TRUE;
}
int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg)
{
int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
wchar_t szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
wchar_t szDosDevice[TC_MAX_PATH];
char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
PCRYPTO_INFO cryptoInfo = NULL, ci = NULL;
void *dev = INVALID_HANDLE_VALUE;
DWORD dwError;
DWORD bytesRead;
BOOL bDevice;
unsigned __int64 hostSize = 0;
int volumeType;
int wipePass;
FILETIME ftCreationTime;
FILETIME ftLastWriteTime;
FILETIME ftLastAccessTime;
@@ -531,36 +532,35 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
nStatus = 0;
error:
dwError = GetLastError ();
burn (buffer, sizeof (buffer));
if (cryptoInfo != NULL)
crypto_close (cryptoInfo);
if (bTimeStampValid)
SetFileTime (dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime);
if (dev != INVALID_HANDLE_VALUE)
CloseHandle ((HANDLE) dev);
if (nDosLinkCreated == 0)
RemoveFakeDosName (szDiskFile, szDosDevice);
RandStop (FALSE);
NormalCursor ();
SetLastError (dwError);
if (nStatus == ERR_OS_ERROR && dwError == ERROR_ACCESS_DENIED
&& bDevice
&& !UacElevated
&& IsUacSupported ())
return nStatus;
if (nStatus != 0)
handleError (hwndDlg, nStatus, SRC_POS);
return nStatus;
}
-
diff --git a/src/Format/Format.rc b/src/Format/Format.rc
index d4a9a5f5..8a14f413 100644
--- a/src/Format/Format.rc
+++ b/src/Format/Format.rc
@@ -53,108 +53,114 @@ BEGIN
VALUE "ProductVersion", "1.26"
END
END
BLOCK "VarFileInfo"
BEGIN
VALUE "Translation", 0x409, 1200
END
END
/////////////////////////////////////////////////////////////////////////////
//
// HEADER
//
IDR_FORMAT_RSRC_HEADER HEADER "resource.h"
/////////////////////////////////////////////////////////////////////////////
//
// TYPELIB
//
IDR_FORMAT_TLB TYPELIB "Format.tlb"
/////////////////////////////////////////////////////////////////////////////
//
// Dialog
//
IDD_VOL_CREATION_WIZARD_DLG DIALOGEX 0, 0, 450, 250
STYLE DS_SETFONT | DS_SETFOREGROUND | DS_FIXEDSYS | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt Volume Creation Wizard"
CLASS "VeraCryptCustomDlg"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- PUSHBUTTON "&Help",IDHELP,166,234,60,14
- PUSHBUTTON "",IDC_PREV,238,234,60,14
- DEFPUSHBUTTON "",IDC_NEXT,310,234,60,14
+ PUSHBUTTON "&Documentation",IDHELP,166,234,60,14
+ PUSHBUTTON "",IDC_PREV,243,234,60,14
+ DEFPUSHBUTTON "",IDC_NEXT,305,234,60,14
PUSHBUTTON "Cancel",IDCANCEL,382,234,60,14
- LTEXT "",IDC_BOX_TITLE,160,8,283,17
- GROUPBOX "",IDC_STATIC,4,0,439,230
- CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,9,137,193
+ LTEXT "",IDC_BOX_TITLE,160,10,283,17
+ GROUPBOX "",IDC_STATIC,4,0,440,230
+ CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,18,137,200
LTEXT "",IDC_POS_BOX,160,24,281,193
END
IDD_CIPHER_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
COMBOBOX IDC_COMBO_BOX,7,23,172,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
PUSHBUTTON "&Test",IDC_CIPHER_TEST,191,22,81,14
PUSHBUTTON "&Benchmark",IDC_BENCHMARK,191,122,81,14
COMBOBOX IDC_COMBO_BOX_HASH_ALGO,7,169,95,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
LTEXT "",IDC_BOX_HELP,7,40,266,78
GROUPBOX "Encryption Algorithm",IDT_ENCRYPTION_ALGO,0,10,273,131
GROUPBOX "Hash Algorithm",IDT_HASH_ALGO,0,156,273,35
LTEXT "More information",IDC_LINK_MORE_INFO_ABOUT_CIPHER,7,124,176,10,SS_NOTIFY
LTEXT "Information on hash algorithms",IDC_LINK_HASH_INFO,121,171,148,8,SS_NOTIFY
END
IDD_PASSWORD_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_PASSWORD,71,3,202,14,ES_PASSWORD | ES_AUTOHSCROLL
- EDITTEXT IDC_VERIFY,71,19,202,14,ES_PASSWORD | ES_AUTOHSCROLL
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,35,103,10
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,182,36,91,14,WS_DISABLED
- CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,45,108,11,WS_EX_TRANSPARENT
- CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,56,114,10
- RTEXT "Password:",IDT_PASSWORD,1,6,68,8
- RTEXT "&Confirm:",IDT_CONFIRM,1,23,68,8
- LTEXT "",IDC_BOX_HELP,0,71,273,121
+ EDITTEXT IDC_PASSWORD,69,3,202,14,ES_PASSWORD | ES_AUTOHSCROLL
+ EDITTEXT IDC_VERIFY,69,20,202,14,ES_PASSWORD | ES_AUTOHSCROLL
+ LTEXT "Password strength: ", IDT_PASSWORD_STRENGTH, 71, 54, 70, 10
+ LTEXT "", PASSWORD_METER, 140, 55, 50, 20
+ CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,41,108,11,WS_EX_TRANSPARENT
+ RTEXT "Password:", IDT_PASSWORD, 1, 6, 40, 8
+ RTEXT "&Confirm:", IDT_CONFIRM, 1, 23, 40, 8
+ LTEXT "", IDC_BOX_HELP, 1, 95, 270, 120
+ PUSHBUTTON "Advanced features", IDC_ADVANCE, 203, 156, 68, 14, NOT WS_VISIBLE
+ CONTROL "",IDC_SYS_POOL_CONTENTS,"Static",SS_LEFTNOWORDWRAP | WS_GROUP | NOT WS_VISIBLE,33,17,209,63,WS_EX_TRANSPARENT
+ CONTROL "", IDC_ENTROPY_BAR, "msctls_progress32", WS_BORDER | NOT WS_VISIBLE, 11, 140, 202, 6
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,64,103,10
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,192,65,71,14,WS_DISABLED
+ CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,76,114,10
+
END
IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_SIZEBOX,0,22,96,14,ES_AUTOHSCROLL | ES_NUMBER
CONTROL "&KB",IDC_KB,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,105,25,27,10
CONTROL "&MB",IDC_MB,"Button",BS_AUTORADIOBUTTON,140,25,27,10
CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,175,25,27,10
LTEXT "",IDC_BOX_HELP,0,65,273,123
LTEXT "",IDC_SPACE_LEFT,0,44,273,18
CONTROL "&TB",IDC_TB,"Button",BS_AUTORADIOBUTTON,210,25,27,10
END
IDD_VOLUME_LOCATION_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
COMBOBOX IDC_COMBO_BOX,0,9,174,80,CBS_DROPDOWN | CBS_AUTOHSCROLL | WS_VSCROLL | WS_TABSTOP
CONTROL "&Never save history",IDC_NO_HISTORY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,3,28,270,10
PUSHBUTTON "",IDC_SELECT_VOLUME_LOCATION,181,9,92,14
LTEXT "",IDC_BOX_HELP,0,45,273,143
END
IDD_FORMAT_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
COMBOBOX IDC_FILESYS,50,13,36,90,CBS_DROPDOWNLIST | WS_TABSTOP
COMBOBOX IDC_CLUSTERSIZE,135,13,42,90,CBS_DROPDOWNLIST | WS_TABSTOP
CONTROL "Quick Format",IDC_QUICKFORMAT,"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,181,9,92,8
CONTROL "",IDC_SHOW_KEYS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,265,38,9,8
PUSHBUTTON "Abort",IDC_ABORT_BUTTON,200,75,64,14
RTEXT "Header Key: ",IDT_HEADER_KEY,2,47,76,8
@@ -170,244 +176,271 @@ BEGIN
LTEXT "",IDC_BYTESWRITTEN,29,93,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
RTEXT "Done",IDT_DONE,5,94,22,8
RTEXT "Speed",IDT_SPEED,81,94,45,8
RTEXT "Left",IDT_LEFT,177,94,35,8
GROUPBOX "",IDC_STATIC,0,67,276,41
RTEXT "Filesystem ",IDT_FILESYSTEM,1,15,46,8,0,WS_EX_RIGHT
RTEXT "Random Pool: ",IDT_RANDOM_POOL,2,39,76,8
GROUPBOX "",IDC_STATIC,0,32,276,35
CONTROL "",IDC_RANDOM_BYTES,"Static",SS_SIMPLE | WS_GROUP,83,38,177,8,WS_EX_TRANSPARENT
GROUPBOX "Randomness Collected From Mouse Movements",IDT_ENTROPY_BAR,0,175,276,18
CONTROL "",IDC_ENTROPY_BAR,"msctls_progress32",WS_BORDER,20,184,235,6
CONTROL "Dynamic",SPARSE_FILE,"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,181,21,92,8
END
IDD_INTRO_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Create an encrypted file container",IDC_FILE_CONTAINER,
"Button",BS_AUTORADIOBUTTON,0,7,269,10
LTEXT "More information",IDC_MORE_INFO_ON_CONTAINERS,16,40,253,10,SS_NOTIFY
CONTROL "Encrypt a non-system partition/drive",IDC_NONSYS_DEVICE,
"Button",BS_AUTORADIOBUTTON,0,55,269,10
CONTROL "Encrypt the system partition or entire system drive",IDC_SYS_DEVICE,
"Button",BS_AUTORADIOBUTTON,0,98,269,10
LTEXT "More information about system encryption",IDC_MORE_INFO_ON_SYS_ENCRYPTION,16,177,253,10,SS_NOTIFY
LTEXT "Creates a virtual encrypted disk within a file. Recommended for inexperienced users.",IDT_FILE_CONTAINER,16,20,253,16
LTEXT "Encrypts a non-system partition on any internal or external drive (e.g. a flash drive). Optionally, creates a hidden volume.",IDT_NON_SYS_DEVICE,16,68,253,26
LTEXT "Encrypts the partition/drive where Windows is installed. Anyone who wants to gain access and use the system, read and write files, etc., will need to enter the correct password each time before Windows boots. Optionally, creates a hidden system.",IDT_SYS_DEVICE,16,112,253,59
END
IDD_INFO_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,31,269,155
+ LTEXT "",IDC_BOX_HELP,0,15,267,155
+ CONTROL "", IDC_CHECKBOX_PRETEST, "Button", BS_AUTOCHECKBOX | BS_MULTILINE | NOT WS_VISIBLE, 0, 150, 267, 50
END
IDD_HIDVOL_HOST_FILL_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
LTEXT "",IDC_BOX_HELP,0,6,269,167
PUSHBUTTON "Open Outer Volume",IDC_OPEN_OUTER_VOLUME,0,176,85,14
END
IDD_HIDDEN_VOL_WIZARD_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Normal mode",IDC_HIDVOL_WIZ_MODE_FULL,"Button",BS_AUTORADIOBUTTON,0,7,269,10
CONTROL "Direct mode",IDC_HIDVOL_WIZ_MODE_DIRECT,"Button",BS_AUTORADIOBUTTON,0,97,269,10
LTEXT "",IDC_BOX_HELP,16,20,253,72
LTEXT "",IDC_BOX_HELP2,16,110,253,72
END
IDD_PASSWORD_ENTRY_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_PASSWORD_DIRECT,75,2,198,14,ES_PASSWORD | ES_AUTOHSCROLL
COMBOBOX IDC_PKCS5_PRF_ID,75,17,131,90,CBS_DROPDOWNLIST | WS_TABSTOP
EDITTEXT IDC_PIM,75,32,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER | NOT WS_VISIBLE
LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,121,34,152,8,NOT WS_VISIBLE
CONTROL "&Display password",IDC_SHOW_PASSWORD_SINGLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,46,109,11,WS_EX_TRANSPARENT
CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,57,106,11
PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,188,54,85,14
LTEXT "",IDC_BOX_HELP,0,74,273,119
RTEXT "Password:",IDT_PASSWORD,0,6,71,8
RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,19,71,8
RTEXT "Volume PIM:",IDT_PIM,0,35,71,8,NOT WS_VISIBLE
CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,35,97,10
END
IDD_VOLUME_TYPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Standard VeraCrypt volume",IDC_STD_VOL,"Button",BS_AUTORADIOBUTTON,0,7,269,10
CONTROL "Hi&dden VeraCrypt volume ",IDC_HIDDEN_VOL,"Button",BS_AUTORADIOBUTTON,0,76,269,10
LTEXT "More information about hidden volumes",IDC_HIDDEN_VOL_HELP,16,173,253,10,SS_NOTIFY
LTEXT "",IDC_BOX_HELP_NORMAL_VOL,16,20,253,52
LTEXT "",IDC_BOX_HELP,16,93,253,70
END
IDD_SYSENC_SPAN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Encrypt the Windows system partition",IDC_SYS_PARTITION,
"Button",BS_AUTORADIOBUTTON,0,7,269,10
CONTROL "Encrypt the whole drive",IDC_WHOLE_SYS_DRIVE,"Button",BS_AUTORADIOBUTTON,0,67,269,10
LTEXT "Select this option to encrypt the partition where the currently running Windows operating system is installed.",IDT_SYS_PARTITION,16,20,253,42
LTEXT "",IDT_WHOLE_SYS_DRIVE,16,82,253,104
END
IDD_SYSENC_RESCUE_DISK_CREATION_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_RESCUE_DISK_ISO_PATH,0,180,201,13,ES_AUTOHSCROLL
- PUSHBUTTON "Bro&wse...",IDC_BROWSE,204,179,70,14
- LTEXT "",IDT_RESCUE_DISK_INFO,0,1,273,137
+ EDITTEXT IDC_RESCUE_DISK_ISO_PATH, 0, 159, 180, 13, ES_AUTOHSCROLL
+ PUSHBUTTON "Bro&wse...",IDC_BROWSE,185,159,70,14
+ LTEXT "",IDT_RESCUE_DISK_INFO,0,1,266,137
+ LTEXT "",IDT_RESCUE_DISK_INFO_2,0,135,266,20
CONTROL "Skip Rescue Disk verification",IDC_SKIP_RESCUE_VERIFICATION,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,0,166,273,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,0,178,273,10
END
IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
CONTROL "Display pool content",IDC_DISPLAY_POOL_CONTENTS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,10,93,266,10
CONTROL "",IDC_SYS_POOL_CONTENTS,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,33,17,209,63,WS_EX_TRANSPARENT
LTEXT "IMPORTANT: Move your mouse as randomly as possible within this window. The longer you move it, the better. This significantly increases the cryptographic strength of the encryption keys. Then click Next to continue.",IDT_COLLECTING_RANDOM_DATA_NOTE,10,107,265,63
GROUPBOX "Current pool content (partial)",IDT_PARTIAL_POOL_CONTENTS,0,5,276,83
GROUPBOX "Randomness Collected From Mouse Movements",IDT_ENTROPY_BAR,0,174,276,18
CONTROL "",IDC_ENTROPY_BAR,"msctls_progress32",WS_BORDER,11,183,254,6
END
IDD_SYSENC_MULTI_BOOT_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Single-boot",IDC_SINGLE_BOOT,"Button",BS_AUTORADIOBUTTON,0,7,269,10
CONTROL "Multi-boot",IDC_MULTI_BOOT,"Button",BS_AUTORADIOBUTTON,0,75,217,10
LTEXT "Select this option if there is only one operating system installed on this computer (even if it has multiple users).",IDT_SINGLE_BOOT,16,20,253,48
LTEXT "Select this option if there are two or more operating systems installed on this computer.\n\nFor example:\n- Windows XP and Windows XP\n- Windows XP and Windows Vista\n- Windows and Mac OS X\n- Windows and Linux\n- Windows, Linux and Mac OS X",IDT_MULTI_BOOT,16,89,253,90
END
IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- LTEXT "Download CD/DVD recording software",IDC_DOWNLOAD_CD_BURN_SOFTWARE,0,159,273,10,SS_NOTIFY
- LTEXT "",IDT_RESCUE_DISK_BURN_INFO,0,4,273,148
+ LTEXT "",IDT_RESCUE_DISK_BURN_INFO,0,15,275,170
END
IDD_SYSENC_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- COMBOBOX IDC_WIPE_MODE,88,0,138,90,CBS_DROPDOWNLIST | WS_TABSTOP
- RTEXT "Wipe mode:",IDT_WIPE_MODE,0,2,83,8,0,WS_EX_RIGHT
- LTEXT "",IDT_WIPE_MODE_INFO,0,19,269,167
+ CONTROL "A", IDC_CHECKLIST_A, "Button", BS_AUTOCHECKBOX | WS_TABSTOP, 0, 13, 10, 10
+ CONTROL "B", IDC_CHECKLIST_B, "Button", BS_AUTOCHECKBOX | WS_TABSTOP, 0, 60, 10, 10
+ CONTROL "C", IDC_CHECKLIST_C, "Button", BS_AUTOCHECKBOX | WS_TABSTOP, 0, 135, 10, 10
+ LTEXT " I remember my Password", IDC_REMEMBER_PASSWORD, 11, 13, 212, 10
+ LTEXT " I securely stored the Rescue Disk", IDC_STORE_RESCUE_DISK, 11, 60, 217, 10
+ LTEXT " I considered doing a backup of my personal Data", IDC_BACKUP_DATA, 11, 135, 226, 10
+ LTEXT "", IDT_REMEMBER_PASSWORD, 16, 26, 205, 32
+ LTEXT "", IDT_STORE_RESCUE_DISK, 16, 73, 205, 60
+ PUSHBUTTON "",IDC_BROWSE,16,109,60,14
+ LTEXT "", IDT_BACKUP_DATA, 16, 146, 205, 72
+ COMBOBOX IDC_WIPE_MODE,88,0,138,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ RTEXT "Wipe mode:", IDT_WIPE_MODE,0,2,83,8,0,WS_EX_RIGHT
+ LTEXT "", IDT_WIPE_MODE_INFO,0,19,269,167
END
IDD_INPLACE_ENCRYPTION_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- COMBOBOX IDC_WIPE_MODE,96,13,125,90,CBS_DROPDOWNLIST | WS_TABSTOP
- PUSHBUTTON "&Pause",IDC_PAUSE,204,40,63,14
- LTEXT "More information",IDC_MORE_INFO_SYS_ENCRYPTION,1,176,266,10,SS_NOTIFY
- LTEXT "",IDC_BYTESWRITTEN,29,58,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_WRITESPEED,110,58,56,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_TIMEREMAIN,212,58,54,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "Wipe mode:",IDT_WIPE_MODE,6,15,85,8,0,WS_EX_RIGHT
- CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,41,192,12
- RTEXT "Done",IDT_DONE,5,59,22,8
- RTEXT "Status",IDT_STATUS,73,59,33,8
- RTEXT "Left",IDT_LEFT,172,59,35,8
- LTEXT "",IDC_BOX_HELP,1,77,266,95
- GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,3,267,29
- GROUPBOX "",IDC_STATIC,0,32,267,41
+ COMBOBOX IDC_WIPE_MODE,96,60,125,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ PUSHBUTTON "&Pause",IDC_PAUSE,204,8,63,14
+ LTEXT "More information",IDC_MORE_INFO_SYS_ENCRYPTION,1,176,266,10,SS_NOTIFY | NOT WS_VISIBLE
+ LTEXT "",IDC_BYTESWRITTEN,29,26,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "",IDC_WRITESPEED,110,26,56,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "",IDC_TIMEREMAIN,212,26,54,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,6,62,85,8,0,WS_EX_RIGHT
+ CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,9,192,12
+ RTEXT "Done",IDT_DONE,5,27,22,8
+ RTEXT "Status",IDT_STATUS,73,27,33,8
+ RTEXT "Left",IDT_LEFT,172,27,35,8
+ LTEXT "",IDC_BOX_HELP,1,100,266,90
+ GROUPBOX "",IDC_STATIC,0,3,268,41
+ GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,50,268,29
END
IDD_SYSENC_KEYS_GEN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
CONTROL "Display generated keys (their portions)",IDC_DISPLAY_KEYS,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,51,110,216,10
CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,100,87,163,8,WS_EX_TRANSPARENT
LTEXT "",IDC_DISK_KEY,100,95,163,8,0,WS_EX_TRANSPARENT
LTEXT "The keys, salt, and other data have been successfully generated. If you want to generate new keys, click Back and then Next. Otherwise, click Next to continue.",IDT_SYSENC_KEYS_GEN_INFO,1,23,266,57
RTEXT "Header Key: ",IDT_HEADER_KEY,2,88,93,8
RTEXT "Master Key: ",IDT_MASTER_KEY,2,96,93,8
GROUPBOX "",-1,0,81,267,26
END
IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "",IDC_CHOICE1,"Button",BS_AUTORADIOBUTTON,0,7,269,10
CONTROL "",IDC_CHOICE2,"Button",BS_AUTORADIOBUTTON,0,17,269,10
LTEXT "",IDC_BOX_HELP,1,34,268,152
END
IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
LTEXT "",IDT_SYSENC_DRIVE_ANALYSIS_INFO,0,10,267,109
CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,0,135,267,12
LTEXT "Progress:",IDT_PROGRESS,2,124,172,8
END
IDD_SYSENC_TYPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Normal",IDC_SYSENC_NORMAL,"Button",BS_AUTORADIOBUTTON,0,7,269,10
- CONTROL "Hi&dden",IDC_SYSENC_HIDDEN,"Button",BS_AUTORADIOBUTTON,0,64,269,10
- LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,16,173,253,10,SS_NOTIFY
- LTEXT "",IDC_BOX_HELP_SYSENC_NORMAL,16,20,253,41
- LTEXT "",IDC_BOX_HELP,16,78,253,90
+ LTEXT "", IDC_BOX_HELP, 5, 20, 250, 16
+ LTEXT "", IDT_SYSENC_INFO_2, 5, 50, 250, 60
+ PUSHBUTTON "Advanced features", IDC_ADVANCE_INTRO, 190, 160, 68, 14
+ CONTROL "", IDC_INFORMATION_TIP, "Static", SS_ICON | SS_NOTIFY, 262,163,10,5
+END
+
+IDD_ADVANCE_MBR DIALOGEX 102, -10, 245, 233
+STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Advanced Options"
+FONT 8, "MS Shell Dlg", 0, 0, 0x1
+BEGIN
+ CONTROL " Normal",IDC_SYSENC_NORMAL,"Button", BS_AUTOCHECKBOX, 10,40,200,10
+ CONTROL " Hi&dden",IDC_SYSENC_HIDDEN,"Button", BS_AUTOCHECKBOX, 10,99,200,10
+ LTEXT "Select this option if you merely want to encrypt the system partition or the entire system drive.",-1,26,57,200,30
+ LTEXT "If you select this option, you will create a hidden operating system whose existence should be impossible to prove (provided that certain guidelines are followed). Thus, you will not have to decrypt or reveal the password to the hidden operating system.",-1,26,116,200,50
+ LTEXT "For a detailed explanation, please click the Help button. ",-1,26,180,200,10
+ LTEXT "IMPORTANT: Only advanced users should make modifications on this page.", -1, 10, 12, 217, 19,
+
+ GROUPBOX "", -1, 6, 30, 232, 178
+ DEFPUSHBUTTON "OK", IDOK, 129, 213, 50, 14
+ PUSHBUTTON "Cancel", IDCANCEL, 180, 213, 50, 14
+ PUSHBUTTON "&Help",IDHELP,15,213,50,14
END
-
IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,0,172,273,10,SS_NOTIFY
LTEXT "",IDC_BOX_HELP,0,2,273,166
END
IDD_DEVICE_WIPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
PUSHBUTTON "Abort",IDC_ABORT_BUTTON,217,48,50,14
LTEXT "",IDC_BYTESWRITTEN,29,66,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
RTEXT "",IDC_WRITESPEED,119,66,46,11,SS_CENTERIMAGE | NOT WS_VISIBLE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
RTEXT "",IDC_TIMEREMAIN,219,66,48,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
RTEXT "Wipe mode:",IDT_WIPE_MODE,6,22,92,8,0,WS_EX_RIGHT
CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,49,208,12
RTEXT "Done",IDT_DONE,5,67,22,8
RTEXT "Pass",IDT_PASS,73,67,44,8,NOT WS_VISIBLE
RTEXT "Left",IDT_LEFT,180,67,34,8
LTEXT "",IDC_BOX_HELP,1,96,266,91
GROUPBOX "",IDT_FORMAT_OPTIONS,0,10,267,29
GROUPBOX "",IDC_STATIC,0,40,267,42
LTEXT "",IDC_WIPE_MODE,101,21,125,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_STATICEDGE
END
IDD_DEVICE_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
COMBOBOX IDC_WIPE_MODE,89,9,127,90,CBS_DROPDOWNLIST | WS_TABSTOP
RTEXT "Wipe mode:",IDT_WIPE_MODE,0,11,86,8,0,WS_EX_RIGHT
LTEXT "",IDT_WIPE_MODE_INFO,0,29,269,157
END
@@ -421,70 +454,94 @@ BEGIN
CONTROL "Encrypt partition in place",IDC_DEVICE_TRANSFORM_MODE_INPLACE,
"Button",BS_AUTORADIOBUTTON,0,111,269,10
LTEXT "",IDC_BOX_HELP,16,21,253,84
LTEXT "",IDC_BOX_HELP2,16,125,253,61
END
IDD_EXPANDED_LIST_SELECT_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
LTEXT "",IDC_BOX_HELP,0,117,269,69
LISTBOX IDC_LIST_BOX,0,3,269,107,LBS_NOINTEGRALHEIGHT | LBS_DISABLENOSCROLL | WS_VSCROLL
END
IDD_DRIVE_LETTER_SELECTION_PAGE DIALOGEX 0, 0, 277, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
LTEXT "",IDC_BOX_HELP,0,40,270,146
COMBOBOX IDC_DRIVE_LETTER_LIST,115,15,38,69,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
RTEXT "Drive letter:",IDT_DRIVE_LETTER,5,17,106,8
END
IDD_PIM_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_PIM,74,0,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER
LTEXT "",IDC_BOX_HELP,0,32,273,142
RTEXT "Volume PIM:",IDT_PIM,1,3,69,8
LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,120,3,153,8
LTEXT "Information on PIM",IDC_LINK_PIM_INFO,0,179,273,8,SS_NOTIFY
CONTROL "Display PIM",IDC_SHOW_PIM,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,74,17,196,10
END
+IDD_ADVANCE DIALOGEX 75, -62, 245, 362
+STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Advanced Algorithm Options"
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ DEFPUSHBUTTON "OK", IDOK, 129, 345, 50, 14
+ PUSHBUTTON "Cancel", IDCANCEL, 180, 345, 50, 14
+ COMBOBOX IDC_COMBO_BOX_HASH_ALGO, 21, 47, 137, 130, CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ LTEXT "", IDC_SHA512_HELP, 21, 65, 205, 40
+ COMBOBOX IDC_COMBO_BOX, 21, 113, 137, 126, CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ LTEXT "", IDC_BOX_HELP, 21, 131, 205, 40
+ PUSHBUTTON "&Verify", IDC_CIPHER_TEST, 40, 181, 59, 14
+ PUSHBUTTON "&Benchmark", IDC_BENCHMARK, 140, 181, 59, 14, BS_PUSHBUTTON | WS_TABSTOP | WS_VISIBLE
+ GROUPBOX "Encryption Algorithm", IDT_ENCRYPTION_ALGO, 14, 100, 217, 60
+ GROUPBOX "Hash Algorithm", IDT_HASH_ALGO, 14, 35, 217, 60
+ GROUPBOX "Test Algorithms", IDT_TEST_ALGO, 14, 168, 217, 35
+ GROUPBOX "PIM", -1, 14, 206, 217, 59
+ CONTROL "Modify P&IM", IDC_PIM_ENABLE, "Button", BS_AUTOCHECKBOX | WS_TABSTOP, 19, 217, 97, 10
+ LTEXT "", IDT_PIM_INFO, 21, 231, 203, 25
+ GROUPBOX "Wipe Mode", IDT_WIPE_MODE, 14, 270, 217, 71
+ COMBOBOX IDC_WIPE_MODE, 21, 284, 127, 90, CBS_DROPDOWNLIST | WS_TABSTOP
+ LTEXT "", IDT_WIPE_INFO, 21, 303, 200, 32
+ LTEXT "", IDT_IMPORTANT_NOTE, 18, 10, 217, 19
+END
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//
1 TEXTINCLUDE
BEGIN
"resource.h\0"
END
2 TEXTINCLUDE
BEGIN
"#include ""afxres.h""\r\n"
"#include ""..\\\\common\\\\resource.h""\r\n"
"\0"
END
3 TEXTINCLUDE
BEGIN
"#include ""..\\\\common\\\\common.rc""\r\n"
"\0"
END
#endif // APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// DESIGNINFO
//
#ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO
@@ -591,70 +648,86 @@ BEGIN
BOTTOMMARGIN, 174
HORZGUIDE, 80
HORZGUIDE, 96
END
IDD_SYSENC_MULTI_BOOT_MODE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 269
TOPMARGIN, 7
BOTTOMMARGIN, 186
END
IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 273
BOTTOMMARGIN, 188
END
IDD_SYSENC_WIPE_MODE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 269
TOPMARGIN, 7
BOTTOMMARGIN, 186
END
IDD_INPLACE_ENCRYPTION_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 267
BOTTOMMARGIN, 187
HORZGUIDE, 80
HORZGUIDE, 96
END
+ IDD_ADVANCE, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 238
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 242
+ END
+
+ IDD_ADVANCE_MBR, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 238
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 242
+ END
+
IDD_SYSENC_KEYS_GEN_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 267
BOTTOMMARGIN, 174
HORZGUIDE, 80
HORZGUIDE, 96
END
IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 269
TOPMARGIN, 7
BOTTOMMARGIN, 186
END
IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 267
BOTTOMMARGIN, 174
HORZGUIDE, 80
HORZGUIDE, 96
END
IDD_SYSENC_TYPE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 269
TOPMARGIN, 7
BOTTOMMARGIN, 186
END
IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 273
@@ -709,36 +782,35 @@ BEGIN
END
#endif // APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Bitmap
//
IDB_WIZARD BITMAP "VeraCrypt_wizard.bmp"
/////////////////////////////////////////////////////////////////////////////
//
// String Table
//
STRINGTABLE
BEGIN
IDS_UACSTRING_FMT "VeraCrypt"
END
#endif // English (U.S.) resources
/////////////////////////////////////////////////////////////////////////////
#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//
#include "..\\common\\common.rc"
/////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INVOKED
-
diff --git a/src/Format/Resource.h b/src/Format/Resource.h
index c37a6f4a..d031a7dd 100644
--- a/src/Format/Resource.h
+++ b/src/Format/Resource.h
@@ -86,75 +86,98 @@
#define IDT_RANDOM_POOL 1047
#define IDT_HEADER_KEY 1048
#define IDT_MASTER_KEY 1049
#define IDT_DONE 1050
#define IDT_SPEED 1051
#define IDT_LEFT 1052
#define IDT_CONFIRM 1053
#define IDT_PASSWORD 1054
#define IDC_SHOW_PASSWORD_SINGLE 1055
#define IDC_SHOW_PASSWORD 1056
#define IDC_LINK_MORE_INFO_ABOUT_CIPHER 1057
#define IDC_LINK_HASH_INFO 1058
#define IDC_POS_BOX 1059
#define IDC_BITMAP_WIZARD 1060
#define IDC_FILE_CONTAINER 1061
#define IDC_NONSYS_DEVICE 1062
#define IDC_SYS_DEVICE 1063
#define IDT_FILE_CONTAINER 1064
#define IDT_NON_SYS_DEVICE 1065
#define IDT_SYS_DEVICE 1066
#define IDC_WHOLE_SYS_DRIVE 1067
#define IDC_SYS_PARTITION 1068
#define IDT_WHOLE_SYS_DRIVE 1069
#define IDT_SYS_PARTITION 1070
#define IDT_RESCUE_DISK_INFO 1071
#define IDC_MORE_INFO 1072
#define IDC_MORE_INFO_ON_SYS_ENCRYPTION 1073
#define IDT_COLLECTING_RANDOM_DATA_NOTE 1074
#define IDC_MORE_INFO_ON_CONTAINERS 1075
#define IDC_SINGLE_BOOT 1076
#define IDC_MULTI_BOOT 1077
#define IDT_MULTI_BOOT 1078
#define IDT_SINGLE_BOOT 1079
#define IDC_SYS_POOL_CONTENTS 1080
#define IDT_PARTIAL_POOL_CONTENTS 1081
-#define IDC_DOWNLOAD_CD_BURN_SOFTWARE 1082
#define IDT_RESCUE_DISK_BURN_INFO 1083
#define IDT_WIPE_MODE_INFO 1084
#define IDC_WIPE_MODE 1085
#define IDC_SELECT 1086
#define IDT_SYSENC_KEYS_GEN_INFO 1087
#define IDC_DISPLAY_KEYS 1088
#define IDC_PAUSE 1089
#define IDT_WIPE_MODE 1090
#define IDC_MORE_INFO_SYS_ENCRYPTION 1091
#define IDC_BOX_HELP_NORMAL_VOL 1092
#define IDT_STATUS 1093
#define IDT_PROGRESS 1094
#define IDT_SYSENC_DRIVE_ANALYSIS_INFO 1095
#define IDC_SYSENC_NORMAL 1096
#define IDC_SYSENC_HIDDEN 1097
#define IDC_BOX_HELP_SYSENC_NORMAL 1098
#define IDC_HIDDEN_SYSENC_INFO_LINK 1099
#define IDT_PASS 1100
#define IDC_DEVICE_TRANSFORM_MODE_FORMAT 1101
#define IDC_DEVICE_TRANSFORM_MODE_INPLACE 1102
#define IDC_DRIVE_LETTER_LIST 1103
#define IDT_DRIVE_LETTER 1104
#define IDC_LINK_PIM_INFO 1105
#define IDC_SHOW_PIM 1106
#define IDC_TB 1107
#define IDC_SKIP_RESCUE_VERIFICATION 1108
#define SPARSE_FILE 1109
+#define IDC_ADVANCE_INTRO 1110
+#define IDD_ADVANCE 1111
+#define IDC_ADVANCE 1112
+#define PASSWORD_METER 1113
+#define IDC_REMEMBER_PASSWORD 1114
+#define IDC_STORE_RESCUE_DISK 1115
+#define IDC_BACKUP_DATA 1116
+#define IDT_REMEMBER_PASSWORD 1117
+#define IDT_STORE_RESCUE_DISK 1118
+#define IDT_BACKUP_DATA 1119
+#define IDC_CHECKLIST_A 1120
+#define IDC_CHECKLIST_B 1121
+#define IDC_CHECKLIST_C 1122
+#define IDD_ADVANCE_MBR 1123
+#define IDC_INFORMATION_TIP 1124
+#define IDC_SHA512_HELP 1125
+#define IDT_PASSWORD_STRENGTH 1126
+#define IDT_RESCUE_DISK_INFO_2 1127
+#define IDT_SYSENC_INFO_2 1128
+#define IDT_IMPORTANT_NOTE 1129
+#define IDT_PIM_INFO 1130
+#define IDT_WIPE_INFO 1131
+#define IDT_TEST_ALGO 1132
+#define IDC_CHECKBOX_PRETEST 1133
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 134
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1110
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index efd95caf..db0a8209 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -1,57 +1,62 @@
/*
Legal Notice: Some portions of the source code contained in this file were
derived from the source code of TrueCrypt 7.1a, which is
Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
and which is governed by the 'License Agreement for Encryption for the Masses'
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2017 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages. */
#include "Tcdefs.h"
+#include <iostream>
+#include <fstream>
+#include <set>
+#include <iterator>
#include <stdlib.h>
#include <limits.h>
#include <time.h>
#include <errno.h>
#include <io.h>
#include <sys/stat.h>
#include <shlobj.h>
+#include <commctrl.h>
#include "Crypto.h"
#include "cpu.h"
#include "Apidrvr.h"
#include "Dlgcode.h"
#include "Language.h"
#include "Combo.h"
#include "Registry.h"
#include "Boot/Windows/BootDefs.h"
#include "Common/Common.h"
#include "Common/BootEncryption.h"
#include "Common/Dictionary.h"
#include "Common/Endian.h"
#include "Common/resource.h"
#include "Common/Pkcs5.h"
#include "Platform/Finally.h"
#include "Platform/ForEach.h"
#include "Random.h"
#include "Fat.h"
#include "InPlace.h"
#include "Resource.h"
#include "TcFormat.h"
#include "Format.h"
#include "FormatCom.h"
#include "Password.h"
#include "Progress.h"
#include "Tests.h"
#include "Cmdline.h"
#include "Volumes.h"
#include "Wipe.h"
#include "Xml.h"
#include "SecurityToken.h"
#include <Strsafe.h>
@@ -96,103 +101,119 @@ enum wizard_pages
SYSENC_PRETEST_RESULT_PAGE,
SYSENC_ENCRYPTION_PAGE,
NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE,
NONSYS_INPLACE_ENC_RESUME_PARTITION_SEL_PAGE,
NONSYS_INPLACE_ENC_RAND_DATA_PAGE,
NONSYS_INPLACE_ENC_WIPE_MODE_PAGE,
NONSYS_INPLACE_ENC_TRANSFORM_PAGE,
NONSYS_INPLACE_ENC_TRANSFORM_FINISHED_PAGE,
NONSYS_INPLACE_DEC_TRANSFORM_FINISHED_DRIVE_LETTER_PAGE,
FORMAT_PAGE,
FORMAT_FINISHED_PAGE,
SYSENC_HIDDEN_OS_INITIAL_INFO_PAGE,
SYSENC_HIDDEN_OS_WIPE_INFO_PAGE,
DEVICE_WIPE_MODE_PAGE,
DEVICE_WIPE_PAGE
};
#define TIMER_INTERVAL_RANDVIEW 30
#define TIMER_INTERVAL_SYSENC_PROGRESS 30
#define TIMER_INTERVAL_NONSYS_INPLACE_ENC_PROGRESS 30
#define TIMER_INTERVAL_SYSENC_DRIVE_ANALYSIS_PROGRESS 100
#define TIMER_INTERVAL_WIPE_PROGRESS 30
#define TIMER_INTERVAL_KEYB_LAYOUT_GUARD 10
enum sys_encryption_cmd_line_switches
{
SYSENC_COMMAND_NONE = 0,
SYSENC_COMMAND_RESUME,
SYSENC_COMMAND_STARTUP_SEQ_RESUME,
SYSENC_COMMAND_ENCRYPT,
SYSENC_COMMAND_DECRYPT,
SYSENC_COMMAND_CREATE_HIDDEN_OS,
SYSENC_COMMAND_CREATE_HIDDEN_OS_ELEV
};
+enum password_status
+{
+ very_weak = 0,
+ weak,
+ medium,
+ strong,
+ very_strong
+};
+
typedef struct
{
int NumberOfSysDrives; // Number of drives that contain an operating system. -1: unknown, 1: one, 2: two or more
int MultipleSystemsOnDrive; // Multiple systems are installed on the drive where the currently running system resides. -1: unknown, 0: no, 1: yes
int BootLoaderLocation; // Boot loader (boot manager) installed in: 1: MBR/1st cylinder, 0: partition/bootsector: -1: unknown
int BootLoaderBrand; // -1: unknown, 0: Microsoft Windows, 1: any non-Windows boot manager/loader
int SystemOnBootDrive; // If the currently running operating system is installed on the boot drive. -1: unknown, 0: no, 1: yes
} SYSENC_MULTIBOOT_CFG;
#define SYSENC_PAUSE_RETRY_INTERVAL 100
#define SYSENC_PAUSE_RETRIES 200
// Expected duration of system drive analysis, in ms
#define SYSENC_DRIVE_ANALYSIS_ETA (4*60000)
BootEncryption *BootEncObj = NULL;
BootEncryptionStatus BootEncStatus;
HWND hCurPage = NULL; /* Handle to current wizard page */
int nCurPageNo = -1; /* The current wizard page */
int nLastPageNo = -1;
volatile int WizardMode = DEFAULT_VOL_CREATION_WIZARD_MODE; /* IMPORTANT: Never change this value directly -- always use ChangeWizardMode() instead. */
volatile BOOL bHiddenOS = FALSE; /* If TRUE, we are performing or (or supposed to perform) actions relating to an operating system installed in a hidden volume (i.e., encrypting a decoy OS partition or creating the outer/hidden volume for the hidden OS). To determine or set the phase of the process, call ChangeHiddenOSCreationPhase() and DetermineHiddenOSCreationPhase()) */
BOOL bDirectSysEncMode = FALSE;
BOOL bDirectSysEncModeCommand = SYSENC_COMMAND_NONE;
BOOL DirectDeviceEncMode = FALSE;
BOOL DirectNonSysInplaceDecStartMode = FALSE;
BOOL DirectNonSysInplaceEncResumeMode = FALSE;
BOOL DirectNonSysInplaceDecResumeMode = FALSE;
BOOL DirectPromptNonSysInplaceEncResumeMode = FALSE;
BOOL DirectCreationMode = FALSE;
-volatile BOOL bInPlaceEncNonSys = FALSE; /* If TRUE, existing data on a non-system partition/volume are to be encrypted (or decrypted if bInPlaceDecNonSys is TRUE) in place (for system encryption, this flag is ignored) */
+int iIconX=0;
+int iIconY=0;
+HWND hDlgItemTooltip = NULL;
+HANDLE hIconTooltip = NULL;
+char tempPassword[MAX_PASSWORD + 1];
+int iPasswordStrength;
+
+volatile BOOL bInPlaceEncNonSys = TRUE; /* If TRUE, existing data on a non-system partition/volume are to be encrypted (or decrypted if bInPlaceDecNonSys is TRUE) in place (for system encryption, this flag is ignored) */
volatile BOOL bInPlaceDecNonSys = FALSE; /* If TRUE, existing data on a non-system partition/volume are to be decrypted in place (for system encryption, this flag is ignored) */
volatile BOOL bInPlaceEncNonSysResumed = FALSE; /* If TRUE, the wizard is supposed to resume (or has resumed) process of non-system in-place encryption/decryption. */
volatile BOOL bFirstNonSysInPlaceEncResumeDone = FALSE;
__int64 NonSysInplaceEncBytesDone = 0;
__int64 NonSysInplaceEncTotalSize = 0;
BOOL bDeviceTransformModeChoiceMade = FALSE; /* TRUE if the user has at least once manually selected the 'in-place' or 'format' option (on the 'device transform mode' page). */
int nNeedToStoreFilesOver4GB = 0; /* Whether the user wants to be able to store files larger than 4GB on the volume: -1 = Undecided or error, 0 = No, 1 = Yes */
int nVolumeEA = 1; /* Default encryption algorithm */
BOOL bSystemEncryptionInProgress = FALSE; /* TRUE when encrypting/decrypting the system partition/drive (FALSE when paused). */
BOOL bWholeSysDrive = FALSE; /* Whether to encrypt the entire system drive or just the system partition. */
static BOOL bSystemEncryptionStatusChanged = FALSE; /* TRUE if this instance changed the value of SystemEncryptionStatus (it's set to FALSE each time the system encryption settings are saved to the config file). This value is to be treated as protected -- only the wizard can change this value (others may only read it). */
volatile BOOL bSysEncDriveAnalysisInProgress = FALSE;
volatile BOOL bSysEncDriveAnalysisTimeOutOccurred = FALSE;
int SysEncDetectHiddenSectors = -1; /* Whether the user wants us to detect and encrypt the Host Protect Area (if any): -1 = Undecided or error, 0 = No, 1 = Yes */
int SysEncDriveAnalysisStart;
BOOL bDontVerifyRescueDisk = FALSE;
BOOL bFirstSysEncResumeDone = FALSE;
BOOL bDontCheckFileContainerSize = FALSE; /* If true, we don't check if the given size of file container is smaller than the available size on the hosting disk */
int nMultiBoot = 0; /* The number of operating systems installed on the computer, according to the user. 0: undetermined, 1: one, 2: two or more */
volatile BOOL bHiddenVol = FALSE; /* If true, we are (or will be) creating a hidden volume. */
volatile BOOL bHiddenVolHost = FALSE; /* If true, we are (or will be) creating the host volume (called "outer") for a hidden volume. */
volatile BOOL bHiddenVolDirect = FALSE; /* If true, the wizard omits creating a host volume in the course of the process of hidden volume creation. */
volatile BOOL bHiddenVolFinished = FALSE;
int hiddenVolHostDriveNo = -1; /* Drive letter for the volume intended to host a hidden volume. */
BOOL bRemovableHostDevice = FALSE; /* TRUE when creating a device/partition-hosted volume on a removable device. State undefined when creating file-hosted volumes. */
int realClusterSize; /* Parameter used when determining the maximum possible size of a hidden volume. */
int hash_algo = DEFAULT_HASH_ALGORITHM; /* Which PRF to use in header key derivation (PKCS #5) and in the RNG. */
unsigned __int64 nUIVolumeSize = 0; /* The volume size. Important: This value is not in bytes. It has to be multiplied by nMultiplier. Do not use this value when actually creating the volume (it may chop off sector size, if it is not a multiple of 1024 bytes). */
unsigned __int64 nVolumeSize = 0; /* The volume size, in bytes. */
unsigned __int64 nHiddenVolHostSize = 0; /* Size of the hidden volume host, in bytes */
__int64 nMaximumHiddenVolSize = 0; /* Maximum possible size of the hidden volume, in bytes */
__int64 nbrFreeClusters = 0;
__int64 nMultiplier = BYTES_PER_MB; /* Size selection multiplier. */
wchar_t szFileName[TC_MAX_PATH+1]; /* The file selected by the user */
wchar_t szDiskFile[TC_MAX_PATH+1]; /* Fully qualified name derived from szFileName */
@@ -204,135 +225,141 @@ volatile BOOL DiscardUnreadableEncryptedSectors = FALSE;
volatile BOOL bVolTransformThreadCancel = FALSE; /* TRUE if the user cancels/pauses volume encryption/format */
volatile BOOL bVolTransformThreadRunning = FALSE; /* Is the volume encryption/format thread running */
volatile BOOL bVolTransformThreadToRun = FALSE; /* TRUE if the Format/Encrypt button has been clicked and we are proceeding towards launching the thread. */
volatile BOOL bConfirmQuit = FALSE; /* If TRUE, the user is asked to confirm exit when he clicks the X icon, Exit, etc. */
volatile BOOL bConfirmQuitSysEncPretest = FALSE;
BOOL bDevice = FALSE; /* Is this a partition volume ? */
BOOL showKeys = FALSE;
volatile HWND hMasterKey = NULL; /* Text box showing hex dump of the master key */
volatile HWND hHeaderKey = NULL; /* Text box showing hex dump of the header key */
volatile HWND hRandPool = NULL; /* Text box showing hex dump of the random pool */
volatile HWND hRandPoolSys = NULL; /* Text box showing hex dump of the random pool for system encryption */
volatile HWND hPasswordInputField = NULL; /* Password input field */
volatile HWND hVerifyPasswordInputField = NULL; /* Verify-password input field */
HBITMAP hbmWizardBitmapRescaled = NULL;
wchar_t OrigKeyboardLayout [8+1] = L"00000409";
BOOL bKeyboardLayoutChanged = FALSE; /* TRUE if the keyboard layout was changed to the standard US keyboard layout (from any other layout). */
BOOL bKeybLayoutAltKeyWarningShown = FALSE; /* TRUE if the user has been informed that it is not possible to type characters by pressing keys while the right Alt key is held down. */
#ifndef _DEBUG
BOOL bWarnDeviceFormatAdvanced = TRUE;
#else
BOOL bWarnDeviceFormatAdvanced = FALSE;
#endif
BOOL bWarnOuterVolSuitableFileSys = TRUE;
Password volumePassword; /* User password */
Password outerVolumePassword; /* Outer volume user password */
char szVerify[MAX_PASSWORD + 1]; /* Tmp password buffer */
char szRawPassword[MAX_PASSWORD + 1]; /* Password before keyfile was applied to it */
+BOOL bNextButtonClicked = FALSE;
int volumePim = 0;
int outerVolumePim = 0;
BOOL bHistoryCmdLine = FALSE; /* History control is always disabled */
BOOL ComServerMode = FALSE;
Password CmdVolumePassword = {0}; /* Password passed from command line */
int CmdVolumeEA = 0;
int CmdVolumePkcs5 = 0;
int CmdVolumePim = 0;
int CmdVolumeFilesystem = FILESYS_NONE;
unsigned __int64 CmdVolumeFileSize = 0;
BOOL CmdSparseFileSwitch = FALSE;
BOOL CmdQuickFormat = FALSE;
BOOL CmdFastCreateFile = FALSE;
BOOL bForceOperation = FALSE;
BOOL bOperationSuccess = FALSE;
BOOL bGuiMode = TRUE;
BOOL bSystemIsGPT = FALSE;
KeyFile *FirstCmdKeyFile = NULL;
int nPbar = 0; /* Control ID of progress bar:- for format code */
wchar_t HeaderKeyGUIView [KEY_GUI_VIEW_SIZE];
wchar_t MasterKeyGUIView [KEY_GUI_VIEW_SIZE];
#define RANDPOOL_DISPLAY_COLUMNS 15
#define RANDPOOL_DISPLAY_ROWS 8
#define RANDPOOL_DISPLAY_BYTE_PORTION (RANDPOOL_DISPLAY_COLUMNS * RANDPOOL_DISPLAY_ROWS)
#define RANDPOOL_DISPLAY_SIZE (RANDPOOL_DISPLAY_BYTE_PORTION * 3 + RANDPOOL_DISPLAY_ROWS + 2)
unsigned char randPool [RANDPOOL_DISPLAY_BYTE_PORTION];
unsigned char lastRandPool [RANDPOOL_DISPLAY_BYTE_PORTION];
static unsigned char maskRandPool [RANDPOOL_DISPLAY_BYTE_PORTION];
static BOOL bUseMask = FALSE;
static DWORD mouseEntropyGathered = 0xFFFFFFFF;
static DWORD mouseEventsInitialCount = 0;
/* max value of entropy needed to fill all random pool = 8 * RNG_POOL_SIZE = 2560 bits */
static const DWORD maxEntropyLevel = RNG_POOL_SIZE * 8;
static HWND hEntropyBar = NULL;
wchar_t outRandPoolDispBuffer [RANDPOOL_DISPLAY_SIZE];
BOOL bDisplayPoolContents = TRUE;
volatile BOOL bSparseFileSwitch = FALSE;
volatile BOOL quickFormat = FALSE;
volatile BOOL fastCreateFile = FALSE;
volatile BOOL dynamicFormat = FALSE; /* this variable represents the sparse file flag. */
volatile int fileSystem = FILESYS_NONE;
volatile int clusterSize = 0;
SYSENC_MULTIBOOT_CFG SysEncMultiBootCfg;
wchar_t SysEncMultiBootCfgOutcome [4096] = {L'N',L'/',L'A',0};
volatile int NonSysInplaceEncStatus = NONSYS_INPLACE_ENC_STATUS_NONE;
LONGLONG nAvailableFreeSpace = -1;
BOOL bIsSparseFilesSupportedByHost = FALSE;
vector <HostDevice> DeferredNonSysInPlaceEncDevices;
+BOOL bChecklistA;
+BOOL bChecklistB;
+BOOL bChecklistC;
+BOOL bCheckboxPretest;
+
int iMaxPasswordLength = MAX_PASSWORD;
// specific definitions and implementation for support of resume operation
// in wait dialog mechanism
void CALLBACK ResumeInPlaceEncWaitThreadProc(void* pArg, HWND hwndDlg)
{
wchar_t szDevicePath[MAX_PATH] = {0};
RawDevicesDlgParam param;
param.devices = GetAvailableHostDevices (false, true, false);
param.pszFileName = szDevicePath;
DeferredNonSysInPlaceEncDevices.clear();
if ((IDOK == DialogBoxParamW (hInst,
MAKEINTRESOURCEW (IDD_RAWDEVICES_DLG), hwndDlg,
(DLGPROC) RawDevicesDlgProc, (LPARAM) &param)) && wcslen(szDevicePath))
{
foreach (const HostDevice &device, param.devices)
{
if (device.Path == szDevicePath)
{
OpenVolumeContext volume;
int status = OpenVolume (&volume, device.Path.c_str(), &volumePassword, hash_algo, volumePim, FALSE, FALSE, FALSE, TRUE);
if ( status == ERR_SUCCESS)
{
if ((volume.CryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC) != 0
&& volume.CryptoInfo->EncryptedAreaLength.Value != volume.CryptoInfo->VolumeSize.Value)
{
DeferredNonSysInPlaceEncDevices.push_back (device);
}
else if (volume.CryptoInfo->EncryptedAreaLength.Value == volume.CryptoInfo->VolumeSize.Value)
{
WCHAR szMsg[1024];
@@ -1387,153 +1414,75 @@ static BOOL ForceRemoveSysEnc (void)
e.Show (MainDlg);
return FALSE;
}
return TRUE;
}
else
return FALSE;
}
// Returns 0 if there's an error.
__int64 GetSystemPartitionSize (void)
{
try
{
return BootEncObj->GetSystemDriveConfiguration().SystemPartition.Info.PartitionLength.QuadPart;
}
catch (Exception &e)
{
e.Show (MainDlg);
return 0;
}
}
void ComboSelChangeEA (HWND hwndDlg)
{
int nIndex = (int) SendMessage (GetDlgItem (hwndDlg, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0);
if (nIndex == CB_ERR)
{
SetWindowText (GetDlgItem (hwndDlg, IDC_BOX_HELP), L"");
}
else
{
wchar_t name[100];
- wchar_t auxLine[4096];
- wchar_t hyperLink[256] = { 0 };
- int cipherIDs[5];
- int i, cnt = 0;
nIndex = (int) SendMessage (GetDlgItem (hwndDlg, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0);
EAGetName (name, ARRAYSIZE(name),nIndex, 0);
- if (wcscmp (name, L"AES") == 0)
- {
- StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("AES_HELP"));
- }
- else if (wcscmp (name, L"Serpent") == 0)
- {
- StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SERPENT_HELP"));
- }
- else if (wcscmp (name, L"Twofish") == 0)
- {
- StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("TWOFISH_HELP"));
- }
- else if (wcscmp (name, L"Kuznyechik") == 0)
- {
- StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("KUZNYECHIK_HELP"));
- }
- else if (wcscmp (name, L"Camellia") == 0)
- {
- StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("CAMELLIA_HELP"));
- }
- else if (EAGetCipherCount (nIndex) > 1)
- {
- // Cascade
- cipherIDs[cnt++] = i = EAGetLastCipher(nIndex);
- while (i = EAGetPreviousCipher(nIndex, i))
- {
- cipherIDs[cnt] = i;
- cnt++;
- }
-
- switch (cnt) // Number of ciphers in the cascade
- {
- case 2:
- StringCbPrintfW (auxLine, sizeof(auxLine), GetString ("TWO_LAYER_CASCADE_HELP"),
- CipherGetName (cipherIDs[1]),
- CipherGetKeySize (cipherIDs[1])*8,
- CipherGetName (cipherIDs[0]),
- CipherGetKeySize (cipherIDs[0])*8);
- break;
-
- case 3:
- StringCbPrintfW (auxLine, sizeof(auxLine), GetString ("THREE_LAYER_CASCADE_HELP"),
- CipherGetName (cipherIDs[2]),
- CipherGetKeySize (cipherIDs[2])*8,
- CipherGetName (cipherIDs[1]),
- CipherGetKeySize (cipherIDs[1])*8,
- CipherGetName (cipherIDs[0]),
- CipherGetKeySize (cipherIDs[0])*8);
- break;
- }
-
- StringCbCopyW (hyperLink, sizeof(hyperLink), GetString ("IDC_LINK_MORE_INFO_ABOUT_CIPHER"));
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), auxLine);
- }
- else
- {
- // No info available for this encryption algorithm
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), L"");
- }
-
-
- // Update hyperlink
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_LINK_MORE_INFO_ABOUT_CIPHER), hyperLink);
- AccommodateTextField (hwndDlg, IDC_LINK_MORE_INFO_ABOUT_CIPHER, FALSE, hUserUnderlineFont);
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("AES_HELP_NEW"));
}
}
static void VerifySizeAndUpdate (HWND hwndDlg, BOOL bUpdate)
{
BOOL bEnable = TRUE;
wchar_t szTmp[50];
__int64 lTmp;
__int64 i;
static unsigned __int64 nLastVolumeSize = 0;
GetWindowText (GetDlgItem (hwndDlg, IDC_SIZEBOX), szTmp, ARRAYSIZE (szTmp));
for (i = 0; i < (__int64) wcslen (szTmp); i++)
{
if (szTmp[i] >= L'0' && szTmp[i] <= L'9')
continue;
else
{
bEnable = FALSE;
break;
}
}
if (IsButtonChecked (GetDlgItem (hwndDlg, IDC_KB)))
nMultiplier = BYTES_PER_KB;
else if (IsButtonChecked (GetDlgItem (hwndDlg, IDC_MB)))
nMultiplier = BYTES_PER_MB;
else if (IsButtonChecked (GetDlgItem (hwndDlg, IDC_GB)))
nMultiplier = BYTES_PER_GB;
else
nMultiplier = BYTES_PER_TB;
if (bDevice && !(bHiddenVol && !bHiddenVolHost)) // If raw device but not a hidden volume
{
@@ -3744,130 +3693,178 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
PimValueChangedWarning = FALSE;
LocalizeDialog (hwndDlg, "IDD_VOL_CREATION_WIZARD_DLG");
burn (randPool, sizeof(randPool));
burn (lastRandPool, sizeof(lastRandPool));
burn (maskRandPool, sizeof (maskRandPool));
UpdateLastDialogId ();
switch (nCurPageNo)
{
case INTRO_PAGE:
SendMessage (GetDlgItem (hwndDlg, IDC_FILE_CONTAINER), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
SendMessage (GetDlgItem (hwndDlg, IDC_NONSYS_DEVICE), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
SendMessage (GetDlgItem (hwndDlg, IDC_SYS_DEVICE), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("INTRO_TITLE"));
ToHyperlink (hwndDlg, IDC_MORE_INFO_ON_CONTAINERS);
ToHyperlink (hwndDlg, IDC_MORE_INFO_ON_SYS_ENCRYPTION);
EnableWindow (GetDlgItem (hwndDlg, IDC_STD_VOL), TRUE);
EnableWindow (GetDlgItem (hwndDlg, IDC_HIDDEN_VOL), TRUE);
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
UpdateWizardModeControls (hwndDlg, WizardMode);
break;
case SYSENC_TYPE_PAGE:
+ {
bHiddenVolHost = bHiddenVol = bHiddenOS;
- SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYSENC_TYPE_PAGE_TITLE"));
-
- SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
- SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
+ wchar_t finalMsg[8024] = {0};
- DisableIfGpt(GetDlgItem(hwndDlg, IDC_SYSENC_HIDDEN));
+ try
+ {
+ StringCbPrintfW (finalMsg, sizeof(finalMsg),
+ GetString ("SYSENC_TYPE_PAGE_TITLE"),
+ GetSystemDriveLetter ());
+ }
+ catch (Exception &e)
+ {
+ e.Show (hwndDlg);
+ EndMainDlg (MainDlg);
+ return 0;
+ }
- CheckButton (GetDlgItem (hwndDlg, bHiddenOS ? IDC_SYSENC_HIDDEN : IDC_SYSENC_NORMAL));
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), finalMsg);
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_HIDDEN_TYPE_HELP"));
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP_SYSENC_NORMAL), GetString ("SYSENC_NORMAL_TYPE_HELP"));
+ memset (finalMsg, 0, sizeof (finalMsg));
+ try
+ {
+ StringCbPrintfW (finalMsg, sizeof(finalMsg),
+ GetString ("SYSENC_INFO"),
+ GetSystemDriveLetter ());
+ }
+ catch (Exception &e)
+ {
+ e.Show (hwndDlg);
+ EndMainDlg (MainDlg);
+ return 0;
+ }
- ToHyperlink (hwndDlg, IDC_HIDDEN_SYSENC_INFO_LINK);
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), finalMsg);
+ SetWindowTextW (GetDlgItem (hwndDlg, IDT_SYSENC_INFO_2), GetString ("SYSENC_INFO_2"));
+
+ if (bSystemIsGPT)
+ {
+ ShowWindow (GetDlgItem(hwndDlg, IDC_ADVANCE_INTRO), SW_HIDE);
+ ShowWindow (GetDlgItem(hwndDlg, IDC_INFORMATION_TIP), SW_HIDE);
+ }
+ else
+ {
+ EnableWindow (GetDlgItem(hwndDlg, IDC_ADVANCE_INTRO), TRUE);
+ iIconX = GetSystemMetrics (SM_CXSMICON);
+ iIconY = GetSystemMetrics (SM_CYSMICON);
+ hIconTooltip = LoadImage (NULL, MAKEINTRESOURCE (104), IMAGE_ICON, iIconX, iIconY, LR_DEFAULTCOLOR);
+ SendDlgItemMessage (hwndDlg, IDC_INFORMATION_TIP, STM_SETICON, (WPARAM) hIconTooltip, 0);
+
+ hDlgItemTooltip = GetDlgItem (hwndDlg, IDC_INFORMATION_TIP);
+ if (hDlgItemTooltip)
+ {
+ CreateToolTip (hwndDlg, hDlgItemTooltip, GetString ("ADV_FEATURES_INTRO_TOOLTIP"));
+ }
+ else
+ {
+ MessageBox (0, TEXT("Cannot find dialog item"), 0, 0);
+ }
+ }
+
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), !bDirectSysEncMode);
SetWindowTextW (GetDlgItem (MainDlg, IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (MainDlg, IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (MainDlg, IDCANCEL), GetString ("CANCEL"));
+
+ // Start loading the password dictonary into memory ("need" is just a random word for initializing the process)
+ CheckWord("need");
break;
-
+ }
case SYSENC_HIDDEN_OS_REQ_CHECK_PAGE:
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_HELP"));
SetWindowTextW (GetDlgItem (MainDlg, IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (MainDlg, IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (MainDlg, IDCANCEL), GetString ("CANCEL"));
EnableWindow (GetDlgItem (MainDlg, IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (MainDlg, IDC_PREV), bDirectSysEncModeCommand != SYSENC_COMMAND_CREATE_HIDDEN_OS && bDirectSysEncModeCommand != SYSENC_COMMAND_CREATE_HIDDEN_OS_ELEV);
ToHyperlink (hwndDlg, IDC_HIDDEN_SYSENC_INFO_LINK);
break;
case SYSENC_SPAN_PAGE:
SendMessage (GetDlgItem (hwndDlg, IDC_WHOLE_SYS_DRIVE), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
SendMessage (GetDlgItem (hwndDlg, IDC_SYS_PARTITION), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYS_ENCRYPTION_SPAN_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_WHOLE_SYS_DRIVE), GetString ("SYS_ENCRYPTION_SPAN_WHOLE_SYS_DRIVE_HELP"));
CheckButton (GetDlgItem (hwndDlg, bWholeSysDrive ? IDC_WHOLE_SYS_DRIVE : IDC_SYS_PARTITION));
DisableIfGpt(GetDlgItem(hwndDlg, IDC_WHOLE_SYS_DRIVE));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
break;
-
case SYSENC_PRE_DRIVE_ANALYSIS_PAGE:
Init2RadButtonPageYesNo (SysEncDetectHiddenSectors);
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYSENC_PRE_DRIVE_ANALYSIS_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_PRE_DRIVE_ANALYSIS_HELP"));
break;
case SYSENC_DRIVE_ANALYSIS_PAGE:
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYSENC_DRIVE_ANALYSIS_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_SYSENC_DRIVE_ANALYSIS_INFO), GetString ("SYSENC_DRIVE_ANALYSIS_INFO"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL"));
EnableWindow (GetDlgItem (MainDlg, IDC_NEXT), FALSE);
EnableWindow (GetDlgItem (MainDlg, IDC_PREV), FALSE);
EnableWindow (GetDlgItem (MainDlg, IDCANCEL), FALSE);
LoadSettings (hwndDlg);
if (HiddenSectorDetectionStatus == 1)
{
// Detection of hidden sectors was already in progress but it did not finish successfully.
// Ask the user if he wants to try again (to prevent repeated system freezing, etc.)
char *tmpStr[] = {0, "HIDDEN_SECTOR_DETECTION_FAILED_PREVIOUSLY", "SKIP_HIDDEN_SECTOR_DETECTION", "RETRY_HIDDEN_SECTOR_DETECTION", "IDC_EXIT", 0};
switch (AskMultiChoice ((void **) tmpStr, FALSE, MainDlg))
{
case 1:
// Do not try again
LoadPage (MainDlg, SYSENC_DRIVE_ANALYSIS_PAGE + 1);
return 0;
case 2:
@@ -4331,155 +4328,197 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
hPasswordInputField = GetDlgItem (hwndDlg, IDC_PASSWORD_DIRECT);
hVerifyPasswordInputField = NULL;
ToNormalPwdField (hwndDlg, IDC_PASSWORD_DIRECT);
SetPassword (hwndDlg, IDC_PASSWORD_DIRECT, szRawPassword);
SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD_DIRECT));
SendMessage (GetDlgItem (hwndDlg, IDC_PIM), EM_LIMITTEXT, MAX_PIM, 0);
SetPim (hwndDlg, IDC_PIM, volumePim);
ShowWindow (GetDlgItem( hwndDlg, IDC_PIM_ENABLE), PimEnable? SW_HIDE : SW_SHOW);
ShowWindow (GetDlgItem( hwndDlg, IDT_PIM), PimEnable? SW_SHOW : SW_HIDE);
ShowWindow (GetDlgItem( hwndDlg, IDC_PIM), PimEnable? SW_SHOW : SW_HIDE);
ShowWindow (GetDlgItem( hwndDlg, IDC_PIM_HELP), PimEnable? SW_SHOW : SW_HIDE);
SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString (bInPlaceEncNonSys ? (bInPlaceEncNonSysResumed ? "NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE_HELP" : "NONSYS_INPLACE_DEC_PASSWORD_PAGE_HELP") : "PASSWORD_HIDDENVOL_HOST_DIRECT_HELP"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString (bInPlaceEncNonSys ? "PASSWORD" : "PASSWORD_HIDVOL_HOST_TITLE"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), !bInPlaceEncNonSys);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
}
break;
case PASSWORD_PAGE:
{
wchar_t str[1000];
+ EnableWindow(GetDlgItem(hwndDlg, IDC_VERIFY), FALSE);
+
hPasswordInputField = GetDlgItem (hwndDlg, IDC_PASSWORD);
hVerifyPasswordInputField = GetDlgItem (hwndDlg, IDC_VERIFY);
ToNormalPwdField (hwndDlg, IDC_PASSWORD);
ToNormalPwdField (hwndDlg, IDC_VERIFY);
if (SysEncInEffect ())
{
ToBootPwdField (hwndDlg, IDC_PASSWORD);
ToBootPwdField (hwndDlg, IDC_VERIFY);
- StringCbPrintfW (OrigKeyboardLayout, sizeof(OrigKeyboardLayout), L"%08X", (DWORD) GetKeyboardLayout (NULL) & 0xFFFF);
+ StringCbPrintfW(OrigKeyboardLayout, sizeof(OrigKeyboardLayout), L"%08X", (DWORD)GetKeyboardLayout(NULL) & 0xFFFF);
- if ((DWORD) GetKeyboardLayout (NULL) != 0x00000409 && (DWORD) GetKeyboardLayout (NULL) != 0x04090409)
+ if ((DWORD)GetKeyboardLayout(NULL) != 0x00000409 && (DWORD)GetKeyboardLayout(NULL) != 0x04090409)
{
- DWORD keybLayout = (DWORD) LoadKeyboardLayout (L"00000409", KLF_ACTIVATE);
+ DWORD keybLayout = (DWORD)LoadKeyboardLayout(L"00000409", KLF_ACTIVATE);
if (keybLayout != 0x00000409 && keybLayout != 0x04090409)
{
- Error ("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", MainDlg);
- EndMainDlg (MainDlg);
+ Error("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", MainDlg);
+ EndMainDlg(MainDlg);
return 1;
}
bKeyboardLayoutChanged = TRUE;
}
-
if (SetTimer (MainDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)
{
Error ("CANNOT_SET_TIMER", MainDlg);
EndMainDlg (MainDlg);
return 1;
}
+
+ ShowWindow(GetDlgItem(hwndDlg, IDC_KEYFILES_ENABLE), SW_HIDE);
+ ShowWindow(GetDlgItem(hwndDlg, IDC_KEY_FILES), SW_HIDE);
+ ShowWindow(GetDlgItem(hwndDlg, IDC_PIM_ENABLE), SW_HIDE);
+
+ ShowWindow(GetDlgItem(hwndDlg, IDC_ADVANCE), SW_SHOW);
+ }
+ else
+ {
+ SetCheckBox (hwndDlg, IDC_PIM_ENABLE, PimEnable);
+
+ SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable && !SysEncInEffect());
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), KeyFilesEnable && !SysEncInEffect());
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEYFILES_ENABLE), !SysEncInEffect());
}
if (bHiddenVolHost)
{
StringCbCopyW (str, sizeof(str), GetString (bHiddenOS ? "PASSWORD_SYSENC_OUTERVOL_HELP" : "PASSWORD_HIDDENVOL_HOST_HELP"));
}
else if (bHiddenVol)
{
StringCbPrintfW (str, sizeof str, L"%s%s",
GetString (bHiddenOS ? "PASSWORD_HIDDEN_OS_HELP" : "PASSWORD_HIDDENVOL_HELP"),
GetString ("PASSWORD_HELP"));
}
else
{
- StringCbCopyW (str, sizeof(str), GetString ("PASSWORD_HELP"));
+ StringCbCopyW (str, sizeof(str), GetString ("PASSWORD_HELP_SYSENC"));
}
- SetPassword (hwndDlg, IDC_PASSWORD, szRawPassword);
- SetPassword (hwndDlg, IDC_VERIFY, szVerify);
+ SetPassword(hwndDlg, IDC_PASSWORD, szRawPassword);
+ SetPassword(hwndDlg, IDC_VERIFY, szVerify);
SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD));
- SetCheckBox (hwndDlg, IDC_PIM_ENABLE, PimEnable);
-
- SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable && !SysEncInEffect());
- EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), KeyFilesEnable && !SysEncInEffect());
- EnableWindow (GetDlgItem (hwndDlg, IDC_KEYFILES_ENABLE), !SysEncInEffect());
-
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), str);
if (CreatingHiddenSysVol())
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PASSWORD_HIDDEN_OS_TITLE"));
else if (bHiddenVol)
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString (bHiddenVolHost ? "PASSWORD_HIDVOL_HOST_TITLE" : "PASSWORD_HIDVOL_TITLE"));
else if (WizardMode == WIZARD_MODE_SYS_DEVICE)
- SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PASSWORD"));
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("CHOOSE_PASSWORD_TITLE"));
else
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PASSWORD_TITLE"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (GetParent (hwndDlg), IDC_NEXT),
GetDlgItem (hwndDlg, IDC_PASSWORD),
GetDlgItem (hwndDlg, IDC_VERIFY),
NULL,
NULL,
KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect());
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
+
+ if(SysEncInEffect ())
+ {
+ /* Random pool parameter is here because random page is removed */
+
+ mouseEntropyGathered = 0xFFFFFFFF;
+ mouseEventsInitialCount = 0;
+ bUseMask = FALSE;
+
+ {
+ HCRYPTPROV hRngProv;
+ if (CryptAcquireContext (&hRngProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+ {
+ if (CryptGenRandom (hRngProv, sizeof (maskRandPool), maskRandPool))
+ bUseMask = TRUE;
+ CryptReleaseContext (hRngProv, 0);
+ }
+ }
+
+ SetTimer(GetParent(hwndDlg), TIMER_ID_RANDVIEW, TIMER_INTERVAL_RANDVIEW, NULL);
+ hRandPoolSys = GetDlgItem(hwndDlg, IDC_SYS_POOL_CONTENTS);
+ hEntropyBar = GetDlgItem(hwndDlg, IDC_ENTROPY_BAR);
+ SendMessage(hEntropyBar, PBM_SETRANGE32, 0, maxEntropyLevel);
+ SendMessage(hEntropyBar, PBM_SETSTEP, 1, 0);
+ SendMessage(GetDlgItem(hwndDlg, IDC_SYS_POOL_CONTENTS), WM_SETFONT, (WPARAM)hFixedDigitFont, (LPARAM)TRUE);
+
+ /* set default values */
+
+ hash_algo = bSystemIsGPT ? SHA512 : DEFAULT_HASH_ALGORITHM_BOOT;
+ RandSetHashFunction(hash_algo);
+
+ nWipeMode = TC_WIPE_NONE;
+ }
}
break;
case PIM_PAGE:
{
SendMessage (GetDlgItem (hwndDlg, IDC_PIM), EM_LIMITTEXT, SysEncInEffect()? MAX_BOOT_PIM: MAX_PIM, 0);
if (volumePim > 0)
{
SetPim (hwndDlg, IDC_PIM, volumePim);
PimValueChangedWarning = TRUE;
SetDlgItemTextW (hwndDlg, IDC_PIM_HELP, GetString (SysEncInEffect ()? "PIM_SYSENC_CHANGE_WARNING" : "PIM_CHANGE_WARNING"));
}
SetFocus (GetDlgItem (hwndDlg, IDC_PIM));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString (SysEncInEffect () && hash_algo != SHA512 && hash_algo != WHIRLPOOL? "PIM_SYSENC_HELP" : "PIM_HELP"));
ToHyperlink (hwndDlg, IDC_LINK_PIM_INFO);
if (CreatingHiddenSysVol())
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PIM_HIDDEN_OS_TITLE"));
else if (bHiddenVol)
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString (bHiddenVolHost ? "PIM_HIDVOL_HOST_TITLE" : "PIM_HIDVOL_TITLE"));
else if (WizardMode == WIZARD_MODE_SYS_DEVICE)
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PIM"));
else
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PIM_TITLE"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
}
@@ -4545,273 +4584,333 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SendMessage (GetDlgItem (hwndDlg, IDC_SYS_POOL_CONTENTS), WM_SETFONT, (WPARAM) hFixedDigitFont, (LPARAM) TRUE);
SendMessage (GetDlgItem (hwndDlg, IDC_DISPLAY_POOL_CONTENTS), BM_SETCHECK, showKeys ? BST_CHECKED : BST_UNCHECKED, 0);
DisplayRandPool (hwndDlg, hRandPoolSys, showKeys);
break;
case SYSENC_KEYS_GEN_PAGE:
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("KEYS_GEN_TITLE"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
hMasterKey = GetDlgItem (hwndDlg, IDC_DISK_KEY);
hHeaderKey = GetDlgItem (hwndDlg, IDC_HEADER_KEY);
SendMessage (GetDlgItem (hwndDlg, IDC_DISK_KEY), WM_SETFONT, (WPARAM) hFixedDigitFont, (LPARAM) TRUE);
SendMessage (GetDlgItem (hwndDlg, IDC_HEADER_KEY), WM_SETFONT, (WPARAM) hFixedDigitFont, (LPARAM) TRUE);
SendMessage (GetDlgItem (hwndDlg, IDC_DISPLAY_KEYS), BM_SETCHECK, showKeys ? BST_CHECKED : BST_UNCHECKED, 0);
DisplayPortionsOfKeys (hHeaderKey, hMasterKey, HeaderKeyGUIView, MasterKeyGUIView, !showKeys);
break;
case SYSENC_RESCUE_DISK_CREATION_PAGE:
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("RESCUE_DISK"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_RESCUE_DISK_INFO), bSystemIsGPT? GetString ("RESCUE_DISK_EFI_INFO"): GetString ("RESCUE_DISK_INFO"));
+ SetWindowTextW(GetDlgItem(hwndDlg, IDT_RESCUE_DISK_INFO_2), GetString("RESCUE_DISK_INFO_2"));
+
SetCheckBox (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);
SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
break;
case SYSENC_RESCUE_DISK_BURN_PAGE:
{
wchar_t szTmp[8192];
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString (bDontVerifyRescueDisk ? "RESCUE_DISK_CREATED_TITLE" : "RESCUE_DISK_RECORDING_TITLE"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
if (bSystemIsGPT)
{
StringCbPrintfW (szTmp, sizeof szTmp,
GetString (bDontVerifyRescueDisk ? "RESCUE_DISK_EFI_EXTRACT_INFO_NO_CHECK" : "RESCUE_DISK_EFI_EXTRACT_INFO"),
szRescueDiskISO, GetString ("RESCUE_DISK_EFI_EXTRACT_INFO_NOTE"));
}
else
{
StringCbPrintfW (szTmp, sizeof szTmp,
GetString (bDontVerifyRescueDisk ? "RESCUE_DISK_BURN_INFO_NO_CHECK" : "RESCUE_DISK_BURN_INFO"),
szRescueDiskISO, IsWindowsIsoBurnerAvailable() ? L"" : GetString ("RESCUE_DISK_BURN_INFO_NONWIN_ISO_BURNER"));
}
SetWindowTextW (GetDlgItem (hwndDlg, IDT_RESCUE_DISK_BURN_INFO), szTmp);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
- /* The 'Back' button must be disabled now because the user could burn a Rescue Disk, then go back, and
- generate a different master key, which would cause the Rescue Disk verification to fail (the result
- would be confusion and bug reports). */
- EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
-
- if (bSystemIsGPT)
- {
- ShowWindow (GetDlgItem (hwndDlg, IDC_DOWNLOAD_CD_BURN_SOFTWARE), SW_HIDE);
- }
- else
- {
- if (IsWindowsIsoBurnerAvailable())
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_DOWNLOAD_CD_BURN_SOFTWARE), GetString ("LAUNCH_WIN_ISOBURN"));
-
- ToHyperlink (hwndDlg, IDC_DOWNLOAD_CD_BURN_SOFTWARE);
-
- if (IsWindowsIsoBurnerAvailable() && !bDontVerifyRescueDisk)
- LaunchWindowsIsoBurner (hwndDlg, szRescueDiskISO);
- }
+ /* The 'Back' button is enabled but user can't go back, instead warning is provided */
+ EnableWindow(GetDlgItem(GetParent(hwndDlg), IDC_PREV), TRUE);
+
}
break;
case SYSENC_RESCUE_DISK_VERIFIED_PAGE:
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("RESCUE_DISK_DISK_VERIFIED_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("RESCUE_DISK_VERIFIED_INFO"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
// Rescue Disk has been verified, no need to go back
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
// Prevent losing the burned rescue disk by inadvertent exit
bConfirmQuit = TRUE;
break;
case SYSENC_WIPE_MODE_PAGE:
case NONSYS_INPLACE_ENC_WIPE_MODE_PAGE:
{
- if (nWipeMode == TC_WIPE_1_RAND)
- nWipeMode = TC_WIPE_NONE;
-
- SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("WIPE_MODE_TITLE"));
- SetWindowTextW (GetDlgItem (hwndDlg, IDT_WIPE_MODE_INFO), GetString ("INPLACE_ENC_WIPE_MODE_INFO"));
-
- PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE),
- SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING && !bInPlaceEncNonSys,
- TRUE,
- FALSE);
+ if (SysEncInEffect ())
+ {
+ /* Wipe mode page is now checklist page */
+ ShowWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDT_WIPE_MODE), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDT_WIPE_MODE_INFO), SW_HIDE);
+
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_REMEMBER_PASSWORD), GetString ("REMEMBER_PASSWORD"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_STORE_RESCUE_DISK), GetString ("STORE_RESCUE_DISK"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_BACKUP_DATA), GetString ("BACKUP_DATA"));
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_REMEMBER_PASSWORD), WM_SETFONT, (WPARAM)hUserBoldFont, (LPARAM)TRUE);
+ SendMessage(GetDlgItem(hwndDlg, IDC_STORE_RESCUE_DISK), WM_SETFONT, (WPARAM)hUserBoldFont, (LPARAM)TRUE);
+ SendMessage(GetDlgItem(hwndDlg, IDC_BACKUP_DATA), WM_SETFONT, (WPARAM)hUserBoldFont, (LPARAM)TRUE);
+
+ bChecklistA = FALSE;
+ bChecklistB = FALSE;
+ bChecklistC = FALSE;
+
+ SetWindowTextW(GetDlgItem(GetParent(hwndDlg), IDC_BOX_TITLE), GetString("CHECKLIST_TITLE"));
+
+ SetDlgItemText(hwndDlg, IDC_BROWSE, GetString ("OPEN_PATH_CHECKLIST_PAGE"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDT_STORE_RESCUE_DISK), GetString ("RESCUE_DISK_CHECKLIST_B"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDT_REMEMBER_PASSWORD), GetString ("RESCUE_DISK_CHECKLIST_A"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDT_BACKUP_DATA), GetString ("RESCUE_DISK_CHECKLIST_C"));
+
+ EnableWindow(GetDlgItem(hwndDlg, IDC_REMEMBER_PASSWORD), TRUE);
+ EnableWindow(GetDlgItem(hwndDlg, IDC_STORE_RESCUE_DISK), TRUE);
+ EnableWindow(GetDlgItem(hwndDlg, IDC_BACKUP_DATA), TRUE);
+
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
+
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), FALSE);
+ }
+ else
+ {
+ /* Hide elements from Checklist page and show Wipe mode page */
+ ShowWindow (GetDlgItem (hwndDlg, IDC_CHECKLIST_A), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_CHECKLIST_B), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_CHECKLIST_C), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_STORE_RESCUE_DISK), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_REMEMBER_PASSWORD), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_BACKUP_DATA), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDT_REMEMBER_PASSWORD), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDT_STORE_RESCUE_DISK), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDT_BACKUP_DATA), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_BROWSE), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH), SW_HIDE);
+
+ if (nWipeMode == TC_WIPE_1_RAND)
+ nWipeMode = TC_WIPE_NONE;
+
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("WIPE_MODE_TITLE"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDT_WIPE_MODE_INFO), GetString ("INPLACE_ENC_WIPE_MODE_INFO"));
+
+ PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE),
+ SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING && !bInPlaceEncNonSys,
+ TRUE,
+ FALSE);
- SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
+ SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
- SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
- SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
- EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
- EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
+ }
}
break;
case SYSENC_PRETEST_INFO_PAGE:
if (bHiddenOS)
{
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("HIDDEN_OS_CREATION_PREINFO_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("HIDDEN_OS_CREATION_PREINFO_HELP"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("START"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
}
else
{
wchar_t finalMsg[8024] = {0};
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYS_ENCRYPTION_PRETEST_TITLE"));
try
{
StringCbPrintfW (finalMsg, sizeof(finalMsg),
GetString ("SYS_ENCRYPTION_PRETEST_INFO"),
- BootEncObj->GetSystemDriveConfiguration().DriveNumber);
+ GetSystemDriveLetter ());
}
catch (Exception &e)
{
e.Show (hwndDlg);
EndMainDlg (MainDlg);
return 0;
}
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), finalMsg);
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("TEST"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
}
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
break;
case SYSENC_PRETEST_RESULT_PAGE:
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYS_ENCRYPTION_PRETEST_RESULT_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYS_ENCRYPTION_PRETEST_RESULT_INFO"));
+ ShowWindow (GetDlgItem (hwndDlg, IDC_CHECKBOX_PRETEST), SW_SHOW);
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_CHECKBOX_PRETEST), GetString ("PRETEST_CHECKBOX"));
+
+ bCheckboxPretest = FALSE;
+
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("ENCRYPT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("DEFER"));
- EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
- EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), FALSE);
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);
+ HWND hTooltip;
+ hTooltip = GetDlgItem (GetParent (hwndDlg), IDC_PREV);
+ if (hTooltip)
+ {
+ CreateToolTip (hwndDlg, hTooltip, GetString ("PRETEST_BACK_BUTTON"));
+ }
+ else
+ {
+ MessageBox (0, TEXT ("Cannot find dialog item for tooltip!"), 0, 0);
+ }
+
break;
case SYSENC_ENCRYPTION_PAGE:
if (CreateSysEncMutex ())
{
try
{
BootEncStatus = BootEncObj->GetStatus();
bSystemEncryptionInProgress = BootEncStatus.SetupInProgress;
}
catch (Exception &e)
{
e.Show (hwndDlg);
Error ("ERR_GETTING_SYSTEM_ENCRYPTION_STATUS", MainDlg);
EndMainDlg (MainDlg);
return 0;
}
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE),
GetString (SystemEncryptionStatus != SYSENC_STATUS_DECRYPTING ? "ENCRYPTION" : "DECRYPTION"));
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_ENCRYPTION_PAGE_INFO"));
+
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP),
+ GetString (SystemEncryptionStatus != SYSENC_STATUS_DECRYPTING ? "SYSENC_ENCRYPTION_PAGE_INFO" : "SYSENC_DECRYPTION_PAGE_INFO"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("DEFER"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT),
GetString (SystemEncryptionStatus != SYSENC_STATUS_DECRYPTING ? "ENCRYPT" : "DECRYPT"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_PAUSE),
GetString (bSystemEncryptionInProgress ? "IDC_PAUSE" : "RESUME"));
EnableWindow (GetDlgItem (hwndDlg, IDC_PAUSE), BootEncStatus.DriveEncrypted);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), !BootEncStatus.SetupInProgress);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDHELP), TRUE);
- ToHyperlink (hwndDlg, IDC_MORE_INFO_SYS_ENCRYPTION);
-
if (SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING)
{
nWipeMode = TC_WIPE_NONE;
EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDT_WIPE_MODE), FALSE);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), TRUE, TRUE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
}
else
{
EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), !bSystemEncryptionInProgress);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
}
+ if (nWipeMode == TC_WIPE_NONE)
+ {
+ ShowWindow (GetDlgItem(hwndDlg, IDC_WIPE_MODE), SW_HIDE);
+ ShowWindow (GetDlgItem(hwndDlg, IDT_FORMAT_OPTIONS), SW_HIDE);
+ ShowWindow (GetDlgItem(hwndDlg, IDT_WIPE_MODE), SW_HIDE);
+ }
+
PostMessage (hwndDlg, TC_APPMSG_PERFORM_POST_SYSENC_WMINIT_TASKS, 0, 0);
}
else
{
Error ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", MainDlg);
EndMainDlg (MainDlg);
return 0;
}
return 0;
case NONSYS_INPLACE_ENC_RESUME_PARTITION_SEL_PAGE:
{
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("FILE_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("NONSYS_INPLACE_ENC_RESUME_VOL_SELECT_HELP"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), FALSE);
foreach (const HostDevice &device, DeferredNonSysInPlaceEncDevices)
{
SendMessage (GetDlgItem (hwndDlg, IDC_LIST_BOX), LB_ADDSTRING, 0, (LPARAM) device.Path.c_str());
}
// Deselect all
SendMessage (GetDlgItem (hwndDlg, IDC_LIST_BOX), LB_SETCURSEL, (WPARAM) -1, 0);
}
break;
case NONSYS_INPLACE_ENC_TRANSFORM_PAGE:
if (bInPlaceEncNonSysResumed)
{
WipeAlgorithmId savedWipeAlgorithm = TC_WIPE_NONE;
@@ -5237,132 +5336,180 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (bHiddenOS && IsHiddenOSRunning())
{
// Decoy system partition wipe
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("DEVICE_WIPE_PAGE_INFO_HIDDEN_OS"));
}
else
{
// Regular device wipe (not decoy system partition wipe)
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("DEVICE_WIPE_PAGE_INFO"));
}
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("DEVICE_WIPE_PAGE_TITLE"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("WIPE"));
SetWindowTextW (GetDlgItem (hCurPage, IDC_WIPE_MODE), (wstring (L" ") + GetWipeModeName (nWipeMode)).c_str());
EnableWindow (GetDlgItem (hwndDlg, IDC_ABORT_BUTTON), FALSE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
break;
}
return 0;
case WM_HELP:
OpenPageHelp (GetParent (hwndDlg), nCurPageNo);
return 1;
case TC_APPMSG_PERFORM_POST_SYSENC_WMINIT_TASKS:
AfterSysEncProgressWMInitTasks (hwndDlg);
return 1;
case WM_CTLCOLORSTATIC:
{
+ if ((HWND)lParam == GetDlgItem (hwndDlg, PASSWORD_METER) && iPasswordStrength == 1)
+ {
+ // we're about to draw the static
+ // set the text colour in (HDC)lParam
+ SetBkMode ((HDC)wParam, TRANSPARENT);
+ SetTextColor ((HDC)wParam, RGB(255, 0, 0)); // password weak red
+ return (BOOL)GetSysColorBrush(COLOR_MENU);
+ }
+
+ if ((HWND)lParam == GetDlgItem (hwndDlg, PASSWORD_METER) && iPasswordStrength == 2)
+ {
+ // we're about to draw the static
+ // set the text colour in (HDC)lParam
+ SetBkMode ((HDC)wParam, TRANSPARENT);
+ SetTextColor ((HDC)wParam, RGB (255, 165, 0)); // password medium orange
+ return (BOOL) GetSysColorBrush (COLOR_MENU);
+ }
+
+ if ((HWND)lParam == GetDlgItem (hwndDlg, PASSWORD_METER) && iPasswordStrength == 3)
+ {
+ SetBkMode ((HDC)wParam, TRANSPARENT);
+ SetTextColor ((HDC)wParam, RGB (218, 218, 0)); // password strong yellow
+ return (BOOL) GetSysColorBrush (COLOR_MENU);
+ }
+
+ if ((HWND)lParam == GetDlgItem (hwndDlg, PASSWORD_METER) && iPasswordStrength == 4)
+ {
+ SetBkMode((HDC)wParam, TRANSPARENT);
+ SetTextColor((HDC)wParam, RGB(50, 205, 50)); // password very strong green
+ return (BOOL) GetSysColorBrush (COLOR_MENU);
+ }
+
if (PimValueChangedWarning && ((HWND)lParam == GetDlgItem(hwndDlg, IDC_PIM_HELP)) )
{
// we're about to draw the static
// set the text colour in (HDC)lParam
SetBkMode((HDC)wParam,TRANSPARENT);
SetTextColor((HDC)wParam, RGB(255,0,0));
// NOTE: per documentation as pointed out by selbie, GetSolidBrush would leak a GDI handle.
return (BOOL)GetSysColorBrush(COLOR_MENU);
}
}
return 0;
case WM_COMMAND:
if (nCurPageNo == INTRO_PAGE)
{
switch (lw)
{
case IDC_FILE_CONTAINER:
UpdateWizardModeControls (hwndDlg, WIZARD_MODE_FILE_CONTAINER);
return 1;
case IDC_NONSYS_DEVICE:
UpdateWizardModeControls (hwndDlg, WIZARD_MODE_NONSYS_DEVICE);
return 1;
case IDC_SYS_DEVICE:
UpdateWizardModeControls (hwndDlg, WIZARD_MODE_SYS_DEVICE);
return 1;
case IDC_MORE_INFO_ON_CONTAINERS:
Applink ("introcontainer");
return 1;
case IDC_MORE_INFO_ON_SYS_ENCRYPTION:
Applink ("introsysenc");
return 1;
}
}
if (nCurPageNo == SYSENC_TYPE_PAGE)
{
switch (lw)
{
case IDC_SYSENC_HIDDEN:
bHiddenOS = TRUE;
bHiddenVol = TRUE;
bHiddenVolHost = TRUE;
return 1;
case IDC_SYSENC_NORMAL:
bHiddenOS = FALSE;
bHiddenVol = FALSE;
bHiddenVolHost = FALSE;
return 1;
case IDC_HIDDEN_SYSENC_INFO_LINK:
Applink ("hiddensysenc");
return 1;
}
}
+ if (lw == IDC_ADVANCE_INTRO && nCurPageNo == SYSENC_TYPE_PAGE)
+ {
+ DialogBoxParamW(hInst,
+ MAKEINTRESOURCEW(IDD_ADVANCE_MBR), hwndDlg,
+ (DLGPROC)AdvanceDlgProcIntro, NULL);
+ return 1;
+ }
+
+ if (lw == IDC_ADVANCE && nCurPageNo == PASSWORD_PAGE)
+ {
+ DialogBoxParamW(hInst,
+ MAKEINTRESOURCEW(IDD_ADVANCE), hwndDlg,
+ (DLGPROC)AdvanceDlgProc, NULL);
+ return 1;
+ }
+
if (nCurPageNo == SYSENC_HIDDEN_OS_REQ_CHECK_PAGE && lw == IDC_HIDDEN_SYSENC_INFO_LINK)
{
Applink ("hiddensysenc");
return 1;
}
if (nCurPageNo == SYSENC_SPAN_PAGE)
{
switch (lw)
{
case IDC_WHOLE_SYS_DRIVE:
bWholeSysDrive = TRUE;
return 1;
case IDC_SYS_PARTITION:
bWholeSysDrive = FALSE;
return 1;
}
}
if (nCurPageNo == SYSENC_MULTI_BOOT_MODE_PAGE)
{
switch (lw)
{
case IDC_SINGLE_BOOT:
nMultiBoot = 1;
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
return 1;
case IDC_MULTI_BOOT:
nMultiBoot = 2;
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
return 1;
}
}
@@ -5647,112 +5794,180 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT),
bValidEntry);
bDeviceTransformModeChoiceMade = FALSE;
bInPlaceEncNonSys = FALSE;
return 1;
}
if (hw == CBN_SELCHANGE && nCurPageNo == VOLUME_LOCATION_PAGE)
{
LPARAM nIndex;
nIndex = MoveEditToCombo ((HWND) lParam, bHistory);
nIndex = UpdateComboOrder (GetDlgItem (hwndDlg, IDC_COMBO_BOX));
if (nIndex != CB_ERR)
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
else
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), FALSE);
bDeviceTransformModeChoiceMade = FALSE;
bInPlaceEncNonSys = FALSE;
return 1;
}
if (hw == EN_CHANGE && nCurPageNo == SIZE_PAGE)
{
VerifySizeAndUpdate (hwndDlg, FALSE);
return 1;
}
if (hw == EN_CHANGE && nCurPageNo == PASSWORD_PAGE)
{
- VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (GetParent (hwndDlg), IDC_NEXT),
- GetDlgItem (hwndDlg, IDC_PASSWORD),
- GetDlgItem (hwndDlg, IDC_VERIFY),
- NULL,
- NULL,
- KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect());
+ // If 'Next' button was clicked (and keyboard layout is not US), don't verify
+ if (!bNextButtonClicked)
+ {
+ VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (GetParent (hwndDlg), IDC_NEXT),
+ GetDlgItem(hCurPage, IDC_PASSWORD),
+ GetDlgItem(hCurPage, IDC_VERIFY),
+ NULL,
+ NULL,
+ KeyFilesEnable && FirstKeyFile != NULL && !SysEncInEffect());
+
+ bNextButtonClicked = FALSE;
+ }
+
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
+
+ SendMessage (GetDlgItem (hwndDlg, PASSWORD_METER), WM_SETFONT, (WPARAM)hUserBoldFont, (LPARAM)TRUE);
+
+ memset (&tempPassword[0], 0, sizeof (tempPassword));
+
+ if (GetPassword (hCurPage, IDC_PASSWORD, tempPassword, iMaxPasswordLength + 1, FALSE, TRUE))
+ iPasswordStrength = PrintStrongness (tempPassword, strlen (tempPassword));
+ else
+ Error ("ERROR_GETTING_PWD", hwndDlg);
+
+ burn (tempPassword, sizeof (tempPassword));
+ if (iPasswordStrength == very_strong)
+ {
+ SetWindowTextW (GetDlgItem (hwndDlg, PASSWORD_METER), GetString ("VERY_STRONG_PASSWORD"));
+ EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), TRUE);
+ }
+ else if (iPasswordStrength == strong)
+ {
+ SetWindowTextW (GetDlgItem (hwndDlg, PASSWORD_METER), GetString ("STRONG_PASSWORD"));
+ EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), TRUE);
+ }
+ else if (iPasswordStrength == medium)
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), TRUE);
+ SetWindowTextW (GetDlgItem (hwndDlg, PASSWORD_METER), GetString ("MEDIUM_PASSWORD"));
+ }
+ else if (iPasswordStrength == weak)
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE);
+ SetWindowTextW (GetDlgItem (hwndDlg, PASSWORD_METER), GetString ("WEAK_PASSWORD"));
+ }
+ else
+ {
+ SetWindowTextW (GetDlgItem (hwndDlg, PASSWORD_METER), GetString ("VERY_WEAK_PASSWORD"));
+ }
return 1;
}
if (hw == EN_CHANGE && nCurPageNo == PIM_PAGE)
{
if (lw == IDC_PIM)
{
if(GetPim (hwndDlg, IDC_PIM, 0) != 0)
{
PimValueChangedWarning = TRUE;
SetDlgItemTextW (hwndDlg, IDC_PIM_HELP, GetString (SysEncInEffect ()? "PIM_SYSENC_CHANGE_WARNING" : "PIM_CHANGE_WARNING"));
}
else
{
PimValueChangedWarning = FALSE;
SetDlgItemTextW (hwndDlg, IDC_PIM_HELP, (wchar_t *) GetDictionaryValueByInt (IDC_PIM_HELP));
}
}
return 1;
}
if (lw == IDC_SHOW_PASSWORD && nCurPageNo == PASSWORD_PAGE)
{
HandleShowPasswordFieldAction (hwndDlg, IDC_SHOW_PASSWORD, IDC_PASSWORD, IDC_VERIFY);
return 1;
}
if (lw == IDC_SHOW_PIM && nCurPageNo == PIM_PAGE)
{
HandleShowPasswordFieldAction (hwndDlg, IDC_SHOW_PIM, IDC_PIM, 0);
return 1;
}
+ if (lw == IDC_CHECKLIST_A)
+ {
+ bChecklistA = GetCheckBox (hwndDlg, IDC_CHECKLIST_A);
+ bChecklistB = GetCheckBox (hwndDlg, IDC_CHECKLIST_B);
+ bChecklistC = GetCheckBox (hwndDlg, IDC_CHECKLIST_C);
+ }
+
+ if (lw == IDC_CHECKLIST_B)
+ {
+ bChecklistA = GetCheckBox (hwndDlg, IDC_CHECKLIST_A);
+ bChecklistB = GetCheckBox (hwndDlg, IDC_CHECKLIST_B);
+ bChecklistC = GetCheckBox (hwndDlg, IDC_CHECKLIST_C);
+ }
+
+ if (lw == IDC_CHECKLIST_C)
+ {
+ bChecklistA = GetCheckBox (hwndDlg, IDC_CHECKLIST_A);
+ bChecklistB = GetCheckBox (hwndDlg, IDC_CHECKLIST_B);
+ bChecklistC = GetCheckBox (hwndDlg, IDC_CHECKLIST_C);
+ }
+
+ if (lw == IDC_CHECKBOX_PRETEST)
+ {
+ bCheckboxPretest = GetCheckBox (hwndDlg, IDC_CHECKBOX_PRETEST);
+ }
+
if (lw == IDC_PIM_ENABLE)
{
PimEnable = GetCheckBox (hwndDlg, IDC_PIM_ENABLE);
if (!PimEnable)
volumePim = 0;
if (nCurPageNo == HIDDEN_VOL_HOST_PASSWORD_PAGE
|| nCurPageNo == NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE
)
{
ShowWindow (GetDlgItem( hwndDlg, IDC_PIM_ENABLE), PimEnable? SW_HIDE : SW_SHOW);
ShowWindow (GetDlgItem( hwndDlg, IDT_PIM), PimEnable? SW_SHOW : SW_HIDE);
ShowWindow (GetDlgItem( hwndDlg, IDC_PIM), PimEnable? SW_SHOW : SW_HIDE);
ShowWindow (GetDlgItem( hwndDlg, IDC_PIM_HELP), PimEnable? SW_SHOW : SW_HIDE);
if (PimEnable)
{
SetFocus (GetDlgItem (hwndDlg, IDC_PIM));
}
}
return 1;
}
if (nCurPageNo == PASSWORD_PAGE
|| nCurPageNo == HIDDEN_VOL_HOST_PASSWORD_PAGE
|| nCurPageNo == NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE)
{
if (lw == IDC_KEY_FILES)
{
if (SysEncInEffect())
{
Warning ("KEYFILES_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", MainDlg);
return 1;
}
KeyFilesDlgParam param;
param.EnableKeyFiles = KeyFilesEnable;
@@ -6018,78 +6233,111 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
return 1;
}
if (lw == IDC_DISPLAY_KEYS && nCurPageNo == SYSENC_KEYS_GEN_PAGE)
{
showKeys = IsButtonChecked (GetDlgItem (hCurPage, IDC_DISPLAY_KEYS));
DisplayPortionsOfKeys (GetDlgItem (hwndDlg, IDC_HEADER_KEY), GetDlgItem (hwndDlg, IDC_DISK_KEY), HeaderKeyGUIView, MasterKeyGUIView, !showKeys);
return 1;
}
if (nCurPageNo == SYSENC_RESCUE_DISK_CREATION_PAGE)
{
if (lw == IDC_BROWSE)
{
wchar_t tmpszRescueDiskISO [TC_MAX_PATH+1];
if (!BrowseFiles (hwndDlg, "OPEN_TITLE", tmpszRescueDiskISO, FALSE, TRUE, NULL))
return 1;
StringCbCopyW (szRescueDiskISO, sizeof(szRescueDiskISO), tmpszRescueDiskISO);
SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO);
EnableWindow (GetDlgItem (MainDlg, IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
return 1;
}
if ( hw == EN_CHANGE )
{
GetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO, sizeof(szRescueDiskISO));
EnableWindow (GetDlgItem (MainDlg, IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
return 1;
}
}
- if (nCurPageNo == SYSENC_RESCUE_DISK_BURN_PAGE && lw == IDC_DOWNLOAD_CD_BURN_SOFTWARE)
+ /* The password and rescue checkbox have to be clicked in order to enable the next button */
+ if ((nCurPageNo == SYSENC_WIPE_MODE_PAGE || nCurPageNo == NONSYS_INPLACE_ENC_WIPE_MODE_PAGE) &&
+ (lw == IDC_CHECKLIST_A || lw == IDC_CHECKLIST_B || lw == IDC_CHECKLIST_C))
{
- if (IsWindowsIsoBurnerAvailable())
- LaunchWindowsIsoBurner (hwndDlg, szRescueDiskISO);
- else
- Applink ("isoburning");
+ if (SysEncInEffect ())
+ {
+ if (bChecklistA && bChecklistB && bChecklistC)
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
+ else
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), FALSE);
+ }
+ }
- return 1;
+ if (lw == IDC_BROWSE && (nCurPageNo == SYSENC_WIPE_MODE_PAGE || nCurPageNo == NONSYS_INPLACE_ENC_WIPE_MODE_PAGE))
+ {
+ wchar_t tmpszRescueDiskISO [TC_MAX_PATH+1];
+
+ StringCbCopyW (tmpszRescueDiskISO, sizeof(tmpszRescueDiskISO), szRescueDiskISO);
+
+ //detects the last '\' in order to remove the name of the zip file and save file name
+ for (int i = wcslen(tmpszRescueDiskISO); i > 1; i--)
+ {
+ if (tmpszRescueDiskISO[i] == '\\')
+ {
+ for (int j = i + 1; i < wcslen(tmpszRescueDiskISO); i++)
+ tmpszRescueDiskISO[j] = '\0';
+ break;
+ }
+ }
+
+ if(!BrowseFile (hwndDlg, "RESCUE_DISK_PATH", tmpszRescueDiskISO))
+ return 1;
+
+ return 0;
+ }
+ if (nCurPageNo == SYSENC_PRETEST_RESULT_PAGE && lw == IDC_CHECKBOX_PRETEST)
+ {
+ if (bCheckboxPretest)
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
+ else
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), FALSE);
}
if ((nCurPageNo == SYSENC_WIPE_MODE_PAGE
|| nCurPageNo == NONSYS_INPLACE_ENC_WIPE_MODE_PAGE
|| nCurPageNo == DEVICE_WIPE_MODE_PAGE)
&& hw == CBN_SELCHANGE)
{
nWipeMode = (WipeAlgorithmId) SendMessage (GetDlgItem (hCurPage, IDC_WIPE_MODE),
CB_GETITEMDATA,
SendMessage (GetDlgItem (hCurPage, IDC_WIPE_MODE), CB_GETCURSEL, 0, 0),
0);
return 1;
}
if (nCurPageNo == DEVICE_WIPE_PAGE)
{
switch (lw)
{
case IDC_ABORT_BUTTON:
if (AskWarnNoYes ("CONFIRM_WIPE_ABORT", MainDlg) == IDYES)
WipeAbort();
return 1;
}
}
if (lw == IDC_NO_HISTORY)
{
if (!(bHistory = !IsButtonChecked (GetDlgItem (hCurPage, IDC_NO_HISTORY))))
ClearHistory (GetDlgItem (hCurPage, IDC_COMBO_BOX));
return 1;
}
@@ -6339,75 +6587,73 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
// The host file system is FAT32
if (nVolumeSize >= 4 * BYTES_PER_GB)
{
AbortProcess ("VOLUME_TOO_LARGE_FOR_FAT32");
}
}
/* Verify that the volume would not be too large for the operating system */
if (!IsOSAtLeast (WIN_VISTA)
&& nVolumeSize > 2 * BYTES_PER_TB)
{
AbortProcess ("VOLUME_TOO_LARGE_FOR_WINXP");
}
if (volumePassword.Length > 0)
{
// Check password length (check also done for outer volume which is not the case in TrueCrypt).
if (!CheckPasswordLength (NULL, volumePassword.Length, volumePim, FALSE, 0, Silent, Silent))
{
exit (1);
}
}
if (!KeyFilesApply (hwndDlg, &volumePassword, FirstCmdKeyFile, NULL))
{
exit (1);
}
volTransformThreadFunction (hwndDlg);
exit (bOperationSuccess? 0 : 1);
}
SHGetFolderPath (NULL, CSIDL_MYDOCUMENTS, NULL, 0, szRescueDiskISO);
- if (bSystemIsGPT)
- StringCbCatW (szRescueDiskISO, sizeof(szRescueDiskISO), L"\\VeraCrypt Rescue Disk.zip");
- else
- StringCbCatW (szRescueDiskISO, sizeof(szRescueDiskISO), L"\\VeraCrypt Rescue Disk.iso");
+ StringCbCatW (szRescueDiskISO, sizeof(szRescueDiskISO), L"\\VeraCrypt Rescue Disk.zip");
+
if (IsOSAtLeast (WIN_VISTA))
{
// Availability of in-place encryption (which is pre-selected by default whenever
// possible) makes partition-hosted volume creation safer.
bWarnDeviceFormatAdvanced = FALSE;
}
#ifdef _DEBUG
// For faster testing
StringCchCopyA (szVerify, ARRAYSIZE(szVerify), "q");
StringCchCopyA (szRawPassword, ARRAYSIZE(szRawPassword), "q");
#endif
PasswordEditDropTarget* pTarget = new PasswordEditDropTarget ();
if (pTarget->Register (hwndDlg))
{
SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) pTarget);
}
else
delete pTarget;
PostMessage (hwndDlg, TC_APPMSG_PERFORM_POST_WMINIT_TASKS, 0, 0);
}
return 0;
case WM_SYSCOMMAND:
if (lw == IDC_ABOUT)
{
DialogBoxW (hInst, MAKEINTRESOURCEW (IDD_ABOUT_DLG), hwndDlg, (DLGPROC) AboutDlgProc);
return 1;
}
return 0;
case WM_TIMER:
@@ -6627,105 +6873,103 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
case TIMER_ID_NONSYS_INPLACE_ENC_PROGRESS:
if (bInPlaceEncNonSys)
{
// Non-system in-place encryption
if (!bVolTransformThreadRunning && !bVolTransformThreadToRun)
{
KillTimer (hwndDlg, TIMER_ID_NONSYS_INPLACE_ENC_PROGRESS);
UpdateLastDialogId ();
}
UpdateNonSysInPlaceEncControls ();
}
return 1;
case TIMER_ID_KEYB_LAYOUT_GUARD:
if (SysEncInEffect ())
{
DWORD keybLayout = (DWORD) GetKeyboardLayout (NULL);
/* Watch the keyboard layout */
if (keybLayout != 0x00000409 && keybLayout != 0x04090409)
{
// Keyboard layout is not standard US
WipePasswordsAndKeyfiles (true);
SetPassword (hCurPage, IDC_PASSWORD, szRawPassword);
SetPassword (hCurPage, IDC_VERIFY, szVerify);
keybLayout = (DWORD) LoadKeyboardLayout (L"00000409", KLF_ACTIVATE);
+ // East Asian languages are not translated to US keyboard layout so we need to change keyboard layout
if (keybLayout != 0x00000409 && keybLayout != 0x04090409)
{
KillTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD);
Error ("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", MainDlg);
EndMainDlg (MainDlg);
return 1;
}
-
+
bKeyboardLayoutChanged = TRUE;
-
wchar_t szTmp [4096];
StringCbCopyW (szTmp, sizeof(szTmp), GetString ("KEYB_LAYOUT_CHANGE_PREVENTED"));
StringCbCatW (szTmp, sizeof(szTmp), L"\n\n");
StringCbCatW (szTmp, sizeof(szTmp), GetString ("KEYB_LAYOUT_SYS_ENC_EXPLANATION"));
MessageBoxW (MainDlg, szTmp, lpszTitle, MB_ICONWARNING | MB_SETFOREGROUND | MB_TOPMOST);
- }
-
- /* Watch the right Alt key (which is used to enter various characters on non-US keyboards) */
- if (bKeyboardLayoutChanged && !bKeybLayoutAltKeyWarningShown)
- {
- if (GetAsyncKeyState (VK_RMENU) < 0)
+ if (bKeyboardLayoutChanged && !bKeybLayoutAltKeyWarningShown)
{
- bKeybLayoutAltKeyWarningShown = TRUE;
+ if (GetAsyncKeyState (VK_RMENU) < 0)
+ {
+ bKeybLayoutAltKeyWarningShown = TRUE;
- wchar_t szTmp [4096];
- StringCbCopyW (szTmp, sizeof(szTmp), GetString ("ALT_KEY_CHARS_NOT_FOR_SYS_ENCRYPTION"));
- StringCbCatW (szTmp, sizeof(szTmp), L"\n\n");
- StringCbCatW (szTmp, sizeof(szTmp), GetString ("KEYB_LAYOUT_SYS_ENC_EXPLANATION"));
- MessageBoxW (MainDlg, szTmp, lpszTitle, MB_ICONINFORMATION | MB_SETFOREGROUND | MB_TOPMOST);
+
+ wchar_t szTmp [4096];
+ StringCbCopyW (szTmp, sizeof(szTmp), GetString ("ALT_KEY_CHARS_NOT_FOR_SYS_ENCRYPTION"));
+ StringCbCatW (szTmp, sizeof(szTmp), L"\n\n");
+ StringCbCatW (szTmp, sizeof(szTmp), GetString ("KEYB_LAYOUT_SYS_ENC_EXPLANATION"));
+ MessageBoxW (MainDlg, szTmp, lpszTitle, MB_ICONINFORMATION | MB_SETFOREGROUND | MB_TOPMOST);
+ }
}
}
}
return 1;
-
case TIMER_ID_SYSENC_DRIVE_ANALYSIS_PROGRESS:
if (bSysEncDriveAnalysisInProgress)
{
UpdateProgressBarProc (GetTickCount() - SysEncDriveAnalysisStart);
if (GetTickCount() - SysEncDriveAnalysisStart > SYSENC_DRIVE_ANALYSIS_ETA)
{
// It's taking longer than expected -- reinit the progress bar
SysEncDriveAnalysisStart = GetTickCount ();
InitProgressBar (SYSENC_DRIVE_ANALYSIS_ETA, 0, FALSE, FALSE, FALSE, TRUE);
}
ArrowWaitCursor ();
}
else
{
KillTimer (hwndDlg, TIMER_ID_SYSENC_DRIVE_ANALYSIS_PROGRESS);
UpdateProgressBarProc (SYSENC_DRIVE_ANALYSIS_ETA);
Sleep (1500); // User-friendly GUI
if (bSysEncDriveAnalysisTimeOutOccurred)
Warning ("SYS_DRIVE_SIZE_PROBE_TIMEOUT", MainDlg);
LoadPage (hwndDlg, SYSENC_DRIVE_ANALYSIS_PAGE + 1);
}
return 1;
case TIMER_ID_WIPE_PROGRESS:
// Manage device wipe and update related GUI
if (bHiddenOS && IsHiddenOSRunning())
{
// Decoy system partition wipe
@@ -6982,140 +7226,153 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
catch (Exception &e)
{
e.Show (hwndDlg);
}
return 1; // Disallow close
}
else
return 1; // Disallow close
}
else if (bConfirmQuitSysEncPretest)
{
if (AskWarnNoYes (bHiddenOS ? "CONFIRM_CANCEL_HIDDEN_OS_CREATION" : "CONFIRM_CANCEL_SYS_ENC_PRETEST", MainDlg) == IDNO)
return 1; // Disallow close
}
else if (bConfirmQuit)
{
if (AskWarnNoYes ("CONFIRM_EXIT_UNIVERSAL", MainDlg) == IDNO)
return 1; // Disallow close
}
if (hiddenVolHostDriveNo > -1)
{
CloseVolumeExplorerWindows (hwndDlg, hiddenVolHostDriveNo);
UnmountVolume (hwndDlg, hiddenVolHostDriveNo, TRUE);
}
EndMainDlg (hwndDlg);
return 1;
case WM_COMMAND:
if (lw == IDHELP)
{
- OpenPageHelp (hwndDlg, nCurPageNo);
+ if (nCurPageNo == SYSENC_RESCUE_DISK_CREATION_PAGE ||
+ nCurPageNo == SYSENC_RESCUE_DISK_BURN_PAGE ||
+ nCurPageNo == SYSENC_RESCUE_DISK_VERIFIED_PAGE)
+ {
+ Applink("rescue");
+ }
+ else if (nCurPageNo == PASSWORD_PAGE)
+ {
+ Applink("passwords");
+ }
+ else
+ {
+ OpenPageHelp(hwndDlg, nCurPageNo);
+ }
return 1;
}
else if (lw == IDCANCEL)
{
PostMessage (hwndDlg, TC_APPMSG_FORMAT_USER_QUIT, 0, 0);
return 1;
}
else if (lw == IDC_NEXT)
{
if (nCurPageNo == INTRO_PAGE)
{
switch (GetSelectedWizardMode (hCurPage))
{
case WIZARD_MODE_FILE_CONTAINER:
if (CurrentOSMajor >= 6 && IsUacSupported() && IsAdmin() && !IsBuiltInAdmin() && !IsNonInstallMode())
{
static bool warningConfirmed = false;
if (!warningConfirmed)
{
if (AskWarnYesNo ("CONTAINER_ADMIN_WARNING", MainDlg) == IDYES)
exit (0);
warningConfirmed = true;
}
}
WaitCursor ();
CloseSysEncMutex ();
ChangeWizardMode (WIZARD_MODE_FILE_CONTAINER);
bHiddenOS = FALSE;
bInPlaceEncNonSys = FALSE;
nNewPageNo = VOLUME_TYPE_PAGE - 1; // Skip irrelevant pages
break;
case WIZARD_MODE_NONSYS_DEVICE:
WaitCursor ();
CloseSysEncMutex ();
if (!ChangeWizardMode (WIZARD_MODE_NONSYS_DEVICE))
{
NormalCursor ();
return 1;
}
bHiddenOS = FALSE;
nNewPageNo = VOLUME_TYPE_PAGE - 1; // Skip irrelevant pages
break;
case WIZARD_MODE_SYS_DEVICE:
WaitCursor ();
bHiddenVol = FALSE;
bInPlaceEncNonSys = FALSE;
SwitchWizardToSysEncMode ();
return 1;
}
}
else if (nCurPageNo == SYSENC_TYPE_PAGE)
{
if (bHiddenOS)
{
bWholeSysDrive = FALSE;
bHiddenVolDirect = FALSE;
}
if (!bHiddenOS)
- nNewPageNo = SYSENC_SPAN_PAGE - 1; // Skip irrelevant pages
+ nNewPageNo = PASSWORD_PAGE - 1; // Skip irrelevant pages
}
else if (nCurPageNo == SYSENC_HIDDEN_OS_REQ_CHECK_PAGE)
{
WaitCursor ();
try
{
BootEncObj->CheckRequirementsHiddenOS ();
if (CheckGapBetweenSysAndHiddenOS ())
Warning ("GAP_BETWEEN_SYS_AND_HIDDEN_OS_PARTITION", MainDlg);
}
catch (Exception &e)
{
e.Show (hwndDlg);
NormalCursor ();
return 1;
}
if (AskWarnYesNo ("DECOY_OS_REINSTALL_WARNING", MainDlg) == IDNO)
{
NormalCursor ();
return 1;
}
WarningDirect ((wstring (GetString ("HIDDEN_OS_WRITE_PROTECTION_BRIEF_INFO"))
+ L"\n\n"
+ GetString ("HIDDEN_OS_WRITE_PROTECTION_EXPLANATION")).c_str(), MainDlg);
if (!IsAdmin() && IsUacSupported())
{
// If UAC elevation is needed, we need to elevate the complete wizard process here, because
// we will need to switch to the non-sys-device mode, which requires the whole wizard process
// to have admin rights.
CloseSysEncMutex ();
@@ -7595,221 +7852,277 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
// The host file system is FAT32
if (nUIVolumeSize * nMultiplier >= 4 * BYTES_PER_GB)
{
Error ("VOLUME_TOO_LARGE_FOR_FAT32", hwndDlg);
return 1;
}
}
/* Verify that the volume would not be too large for the operating system */
if (!IsOSAtLeast (WIN_VISTA)
&& nUIVolumeSize * nMultiplier > 2 * BYTES_PER_TB)
{
Warning ("VOLUME_TOO_LARGE_FOR_WINXP", hwndDlg);
}
}
if (bHiddenVol && !bHiddenVolHost) // If it's a hidden volume
{
/* Ask for confirmation if the hidden volume is too large for the user to be
able to write much more data to the outer volume. */
if (((double) nUIVolumeSize / (nMaximumHiddenVolSize / nMultiplier)) > 0.85) // 85%
{
if (AskWarnNoYes ("FREE_SPACE_FOR_WRITING_TO_OUTER_VOLUME", hwndDlg) == IDNO)
return 1;
}
}
if (!(bHiddenVolDirect && bHiddenVolHost))
nNewPageNo = PASSWORD_PAGE - 1;
}
else if (nCurPageNo == PASSWORD_PAGE)
{
+ if (SysEncInEffect ())
+ {
+ wchar_t tmpPwd[MAX_PASSWORD + 1];
+ GetWindowText (GetDlgItem (hCurPage, IDC_PASSWORD), tmpPwd, iMaxPasswordLength + 1);
+ }
VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (MainDlg, IDC_NEXT),
GetDlgItem (hCurPage, IDC_PASSWORD),
GetDlgItem (hCurPage, IDC_VERIFY),
volumePassword.Text,
szVerify,
KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect());
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
if (volumePassword.Length > 0)
{
// Password character encoding
if (SysEncInEffect () && !CheckPasswordCharEncoding (GetDlgItem (hCurPage, IDC_PASSWORD), NULL))
{
Error ("UNSUPPORTED_CHARS_IN_PWD", hwndDlg);
return 1;
}
- // Check password length (check also done for outer volume which is not the case in TrueCrypt).
+ // Check password length (check also done for outer volume which is not the case in TrueCrypt).
else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, 0, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, FALSE, FALSE))
{
return 1;
}
}
// Store the password in case we need to restore it after keyfile is applied to it
if (!GetPassword (hCurPage, IDC_PASSWORD, szRawPassword, iMaxPasswordLength + 1, FALSE, TRUE))
return 1;
if (!SysEncInEffect ())
{
if (KeyFilesEnable)
{
WaitCursor ();
if (!KeyFilesApply (hwndDlg, &volumePassword, FirstKeyFile, NULL))
{
NormalCursor ();
return 1;
}
NormalCursor ();
}
}
else
{
KillTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD);
if (bKeyboardLayoutChanged)
{
// Restore the original keyboard layout
if (LoadKeyboardLayout (OrigKeyboardLayout, KLF_ACTIVATE | KLF_SUBSTITUTE_OK) == NULL)
Warning ("CANNOT_RESTORE_KEYBOARD_LAYOUT", hwndDlg);
else
bKeyboardLayoutChanged = FALSE;
}
-
}
if (!PimEnable)
{
// PIM not activated. Skip PIM page
nNewPageNo = PIM_PAGE;
volumePim = 0;
if (!CreatingHiddenSysVol() && bHiddenVol && !bHiddenVolHost)
{
if ( (volumePim == outerVolumePim)
&& (volumePassword.Length == outerVolumePassword.Length)
&& (0 == memcmp (volumePassword.Text, outerVolumePassword.Text, volumePassword.Length))
)
{
Warning ("HIDDEN_CREDS_SAME_AS_OUTER", hwndDlg);
return 1;
}
}
- if (SysEncInEffect ())
- {
- nNewPageNo = SYSENC_COLLECTING_RANDOM_DATA_PAGE - 1; // Skip irrelevant pages
- }
-
if (bInPlaceEncNonSys)
{
nNewPageNo = NONSYS_INPLACE_ENC_RAND_DATA_PAGE - 1; // Skip irrelevant pages
}
else if (WizardMode != WIZARD_MODE_SYS_DEVICE
&& !FileSize4GBLimitQuestionNeeded ()
|| CreatingHiddenSysVol()) // If we're creating a hidden volume for a hidden OS, we don't need to format it with any filesystem (the entire OS will be copied to the hidden volume sector by sector).
{
nNewPageNo = FORMAT_PAGE - 1; // Skip irrelevant pages
}
}
+
+
+ if (SysEncInEffect ())
+ {
+ if (PimEnable)
+ nNewPageNo = PIM_PAGE - 1;
+ else
+ {
+ nNewPageNo = SYSENC_RESCUE_DISK_CREATION_PAGE - 1; // Skip irrelevant pages
+
+ wchar_t tmp[RANDPOOL_DISPLAY_SIZE + 1];
+ if (!bInPlaceEncNonSys)
+ {
+ /* Generate master key and other related data (except the rescue disk) for system encryption. */
+ try
+ {
+ WaitCursor();
+ BootEncObj->PrepareInstallation(!bWholeSysDrive, volumePassword, nVolumeEA, FIRST_MODE_OF_OPERATION_ID, hash_algo, volumePim, L"");
+ }
+ catch (Exception &e)
+ {
+ e.Show(hwndDlg);
+ NormalCursor();
+ return 1;
+ }
+ }
+ KillTimer(hwndDlg, TIMER_ID_RANDVIEW);
+ // Attempt to wipe the GUI field showing portions of randpool
+ wmemset(tmp, L'X', ARRAYSIZE(tmp));
+ tmp[ARRAYSIZE(tmp) - 1] = 0;
+ SetWindowText(hRandPoolSys, tmp);
+ NormalCursor();
+ }
+
+ }
}
else if (nCurPageNo == PIM_PAGE)
{
volumePim = GetPim (hCurPage, IDC_PIM, 0);
if (!SysEncInEffect() && (volumePim > MAX_PIM_VALUE))
{
SetFocus (GetDlgItem(hCurPage, IDC_PIM));
Error ("PIM_TOO_BIG", hwndDlg);
return 1;
}
if (!CreatingHiddenSysVol() && bHiddenVol && !bHiddenVolHost)
{
if ( (volumePim == outerVolumePim)
&& (volumePassword.Length == outerVolumePassword.Length)
&& (0 == memcmp (volumePassword.Text, outerVolumePassword.Text, volumePassword.Length))
)
{
Warning ("HIDDEN_CREDS_SAME_AS_OUTER", hwndDlg);
return 1;
}
}
if (volumePassword.Length > 0)
{
// Password character encoding
if (SysEncInEffect() && (volumePim > MAX_BOOT_PIM_VALUE))
{
SetFocus (GetDlgItem(hCurPage, IDC_PIM));
Error ("PIM_SYSENC_TOO_BIG", hwndDlg);
return 1;
}
// Check password length (check also done for outer volume which is not the case in TrueCrypt).
- else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, volumePim, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, TRUE, FALSE))
+ else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, volumePim, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, FALSE, FALSE))
{
return 1;
}
}
- if (SysEncInEffect ())
- {
-
- nNewPageNo = SYSENC_COLLECTING_RANDOM_DATA_PAGE - 1; // Skip irrelevant pages
- }
-
if (bInPlaceEncNonSys)
{
nNewPageNo = NONSYS_INPLACE_ENC_RAND_DATA_PAGE - 1; // Skip irrelevant pages
}
else if (WizardMode != WIZARD_MODE_SYS_DEVICE
&& !FileSize4GBLimitQuestionNeeded ()
|| CreatingHiddenSysVol()) // If we're creating a hidden volume for a hidden OS, we don't need to format it with any filesystem (the entire OS will be copied to the hidden volume sector by sector).
{
nNewPageNo = FORMAT_PAGE - 1; // Skip irrelevant pages
}
+
+ if (SysEncInEffect ())
+ {
+ nNewPageNo = SYSENC_RESCUE_DISK_CREATION_PAGE - 1; // Skip irrelevant pages
+
+ wchar_t tmp[RANDPOOL_DISPLAY_SIZE + 1];
+ if (!bInPlaceEncNonSys)
+ {
+ /* Generate master key and other related data (except the rescue disk) for system encryption. */
+ try
+ {
+ WaitCursor();
+ BootEncObj->PrepareInstallation(!bWholeSysDrive, volumePassword, nVolumeEA, FIRST_MODE_OF_OPERATION_ID, hash_algo, volumePim, L"");
+ }
+ catch (Exception &e)
+ {
+ e.Show(hwndDlg);
+ NormalCursor();
+ return 1;
+ }
+ }
+ KillTimer(hwndDlg, TIMER_ID_RANDVIEW);
+ // Attempt to wipe the GUI field showing portions of randpool
+ wmemset(tmp, L'X', ARRAYSIZE(tmp));
+ tmp[ARRAYSIZE(tmp) - 1] = 0;
+ SetWindowText(hRandPoolSys, tmp);
+ NormalCursor();
+ }
}
else if (nCurPageNo == HIDDEN_VOL_HOST_PASSWORD_PAGE
|| nCurPageNo == NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE)
{
WaitCursor ();
if (!GetPassword (hCurPage, IDC_PASSWORD_DIRECT, (char*) volumePassword.Text, iMaxPasswordLength + 1, FALSE, TRUE))
{
NormalCursor ();
return 1;
}
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
hash_algo = (int) SendMessage (GetDlgItem (hCurPage, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hCurPage, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
volumePim = GetPim (hCurPage, IDC_PIM, 0);
// Store the password in case we need to restore it after keyfile is applied to it
if (!GetPassword (hCurPage, IDC_PASSWORD_DIRECT, szRawPassword, iMaxPasswordLength + 1, FALSE, TRUE))
{
NormalCursor ();
return 1;
}
if (KeyFilesEnable)
{
KeyFilesApply (hwndDlg, &volumePassword, FirstKeyFile, NULL);
}
if (!bInPlaceEncNonSys)
{
/* Mount the volume which is to host the new hidden volume as read only */
@@ -8771,70 +9084,90 @@ retryCDDriveCheck:
EnableWindow (GetDlgItem (MainDlg, IDC_NEXT), TRUE);
NormalCursor ();
}
break;
}
break;
}
}
}
}
else if (nCurPageNo == DEVICE_WIPE_PAGE)
{
if (AskWarnOkCancel (bHiddenOS && IsHiddenOSRunning() ? "CONFIRM_WIPE_START_DECOY_SYS_PARTITION" : "CONFIRM_WIPE_START", hwndDlg) == IDOK)
{
WipeStart ();
ArrowWaitCursor();
}
return 1;
}
LoadPage (hwndDlg, nNewPageNo + 1);
ovf_end:
return 1;
}
else if (lw == IDC_PREV)
{
if (nCurPageNo == SYSENC_SPAN_PAGE)
{
// Skip irrelevant pages when going back
if (!bHiddenOS)
nNewPageNo = SYSENC_TYPE_PAGE + 1;
}
+
+ if (nCurPageNo == SYSENC_RESCUE_DISK_CREATION_PAGE)
+ {
+ if (SysEncInEffect ())
+ {
+ nNewPageNo = (PimEnable? PIM_PAGE : PASSWORD_PAGE) + 1;
+ }
+ }
+
+ if (nCurPageNo == SYSENC_RESCUE_DISK_BURN_PAGE)
+ {
+ nNewPageNo = SYSENC_RESCUE_DISK_BURN_PAGE + 1; // Stay on the same page
+ Warning("RESCUE_DISK_BACK_BUTTON", hwndDlg);
+ }
+
+ if (nCurPageNo == SYSENC_PRETEST_RESULT_PAGE)
+ {
+ nNewPageNo = SYSENC_PRETEST_RESULT_PAGE + 1; // Stay on the same page
+ }
+
if (nCurPageNo == SYSENC_MULTI_BOOT_MODE_PAGE)
{
// Skip the drive analysis page(s) or other irrelevant pages when going back
if (bHiddenOS)
nNewPageNo = SYSENC_HIDDEN_OS_REQ_CHECK_PAGE + 1;
else if (bWholeSysDrive)
nNewPageNo = SYSENC_PRE_DRIVE_ANALYSIS_PAGE + 1;
else
nNewPageNo = SYSENC_SPAN_PAGE + 1;
}
else if (nCurPageNo == SYSENC_MULTI_BOOT_NONWIN_BOOT_LOADER_PAGE)
{
if (SysEncMultiBootCfg.NumberOfSysDrives == 1)
{
// We can skip SYSENC_MULTI_BOOT_ADJACENT_SYS_PAGE (it is implied that there are multiple systems on the drive)
nNewPageNo = SYSENC_MULTI_BOOT_NBR_SYS_DRIVES_PAGE + 1;
}
}
else if (nCurPageNo == HIDDEN_VOL_HOST_PRE_CIPHER_PAGE)
{
if (bHiddenOS)
{
if (!ChangeWizardMode (WIZARD_MODE_SYS_DEVICE))
{
NormalCursor ();
return 1;
}
// Skip irrelevant pages.
// Note that we're ignoring nMultiBoot here, as the multi-boot question pages are skipped
// when creating a hidden OS (only a single message box is displayed with requirements).
nNewPageNo = SYSENC_MULTI_BOOT_MODE_PAGE + 1;
}
else
{
@@ -8896,71 +9229,74 @@ ovf_end:
else if (nCurPageNo == SIZE_PAGE)
{
VerifySizeAndUpdate (hCurPage, TRUE);
}
else if (nCurPageNo == FILESYS_PAGE)
{
if (nNeedToStoreFilesOver4GB != Get2RadButtonPageAnswer())
fileSystem = FILESYS_NONE; // The user may have gone back and changed the answer, so default file system must be reselected
nNeedToStoreFilesOver4GB = Get2RadButtonPageAnswer();
nNewPageNo = (PimEnable? PIM_PAGE : PASSWORD_PAGE) + 1; // Skip PIM page if it is not enabled
}
else if (nCurPageNo == PASSWORD_PAGE)
{
// Store the password in case we need to restore it after keyfile is applied to it
GetPassword (hCurPage, IDC_PASSWORD, szRawPassword, iMaxPasswordLength + 1, FALSE, FALSE);
VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (MainDlg, IDC_NEXT),
GetDlgItem (hCurPage, IDC_PASSWORD),
GetDlgItem (hCurPage, IDC_VERIFY),
volumePassword.Text,
szVerify,
KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect ());
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
nNewPageNo = SIZE_PAGE + 1; // Skip the hidden volume host password page
if (SysEncInEffect ())
{
- nNewPageNo = CIPHER_PAGE + 1; // Skip irrelevant pages
+ if (!bHiddenOS)
+ nNewPageNo = SYSENC_TYPE_PAGE + 1; // Skip irrelevant pages
+ else
+ nNewPageNo = CIPHER_PAGE + 1; // Skip irrelevant pages
KillTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD);
if (bKeyboardLayoutChanged)
{
// Restore the original keyboard layout
if (LoadKeyboardLayout (OrigKeyboardLayout, KLF_ACTIVATE | KLF_SUBSTITUTE_OK) == NULL)
Warning ("CANNOT_RESTORE_KEYBOARD_LAYOUT", hwndDlg);
else
bKeyboardLayoutChanged = FALSE;
}
}
else if (bInPlaceEncNonSys)
nNewPageNo = CIPHER_PAGE + 1;
}
else if (nCurPageNo == PIM_PAGE)
{
volumePim = GetPim (hCurPage, IDC_PIM, 0);
}
else if (nCurPageNo == HIDDEN_VOL_HOST_PASSWORD_PAGE
|| nCurPageNo == NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE)
{
// Store the password in case we need to restore it after keyfile is applied to it
GetPassword (hCurPage, IDC_PASSWORD_DIRECT, szRawPassword, iMaxPasswordLength + 1, FALSE, FALSE);
memcpy (volumePassword.Text, szRawPassword, iMaxPasswordLength + 1);
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
if (!bInPlaceEncNonSys)
nNewPageNo = VOLUME_LOCATION_PAGE + 1;
}
else if (nCurPageNo == SYSENC_COLLECTING_RANDOM_DATA_PAGE
@@ -10599,35 +10935,544 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz
if (status == ERR_OS_ERROR)
handleWin32Error (NULL, SRC_POS);
else
handleError (NULL, status, SRC_POS);
AbortProcess ("NODRIVER");
}
if (!AutoTestAlgorithms())
AbortProcess ("ERR_SELF_TESTS_FAILED");
/* Create the main dialog box */
DialogBoxParamW (hInstance, MAKEINTRESOURCEW (IDD_VOL_CREATION_WIZARD_DLG), NULL, (DLGPROC) MainDialogProc,
(LPARAM)lpszCommandLine);
FinalizeApp ();
return 0;
}
static DWORD GetFormatSectorSize ()
{
if (!bDevice)
return TC_SECTOR_SIZE_FILE_HOSTED_VOLUME;
DISK_GEOMETRY_EX geometry;
if (!GetDriveGeometry (szDiskFile, &geometry))
{
handleWin32Error (MainDlg, SRC_POS);
AbortProcessSilent();
}
return geometry.Geometry.BytesPerSector;
}
+
+/* This function is called when advanced dialog in intro page is open */
+BOOL CALLBACK AdvanceDlgProcIntro (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
+{
+ WORD lw = LOWORD(wParam);
+
+ switch (msg)
+ {
+ case WM_INITDIALOG:
+
+ bHiddenVolHost = bHiddenVol = bHiddenOS;
+
+ SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
+ SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
+
+ CheckButton (GetDlgItem (hwndDlg, bHiddenOS ? IDC_SYSENC_HIDDEN : IDC_SYSENC_NORMAL));
+
+ return 1;
+ case WM_COMMAND:
+ {
+ if (lw == IDCANCEL)
+ {
+ EndDialog(hwndDlg, lw);
+ return 1;
+ }
+
+ if(lw == IDOK)
+ {
+ if (bHiddenOS)
+ {
+ bWholeSysDrive = FALSE;
+ bHiddenVolDirect = FALSE;
+ }
+ EndDialog(hwndDlg, lw);
+ return 1;
+ }
+
+ if (lw == IDC_SYSENC_HIDDEN)
+ {
+ SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), BM_SETCHECK, BST_UNCHECKED, 0);
+
+ bHiddenOS = TRUE;
+ bHiddenVol = TRUE;
+ bHiddenVolHost = TRUE;
+ return 1;
+ }
+
+ if (lw == IDC_SYSENC_NORMAL)
+ {
+ SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), BM_SETCHECK, BST_UNCHECKED, 0);
+
+ bHiddenOS = FALSE;
+ bHiddenVol = FALSE;
+ bHiddenVolHost = FALSE;
+ return 1;
+ }
+
+ if(lw == IDHELP)
+ {
+ Applink ("hiddensysenc");
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
+/* AES, HASH, Pim and Wipe mode can be selected here */
+BOOL CALLBACK AdvanceDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
+{
+ WORD lw = LOWORD(wParam);
+ WORD hw = HIWORD(wParam);
+ int ea, hid;
+ wchar_t buf[100];
+ BOOL bNTFSallowed = FALSE;
+ BOOL bFATallowed = FALSE;
+ BOOL bEXFATallowed = FALSE;
+ BOOL bReFSallowed = FALSE;
+ BOOL bNoFSallowed = FALSE;
+ hCurPage = hwndDlg;
+
+ switch (msg)
+ {
+ case WM_INITDIALOG:
+ {
+ SetWindowTextW ( GetDlgItem (hwndDlg, IDT_IMPORTANT_NOTE), GetString ("ADV_FEATURES_NOTE"));
+ SetWindowTextW ( GetDlgItem (hwndDlg, IDT_PIM_INFO), GetString ("PIM_INFO"));
+ SetWindowTextW ( GetDlgItem (hwndDlg, IDT_WIPE_INFO), GetString ("WIPE_INFO"));
+
+ /* Encryption algorithms */
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_COMBO_BOX), CB_RESETCONTENT, 0, 0);
+
+ for (ea = EAGetFirst (); ea != 0; ea = EAGetNext (ea))
+ {
+ if (EAIsFormatEnabled (ea) && (!SysEncInEffect () || bSystemIsGPT || EAIsMbrSysEncEnabled (ea)))
+ AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX), EAGetName (buf, ARRAYSIZE(buf), ea, 1), ea);
+ }
+
+ SelectAlgo (GetDlgItem (hwndDlg, IDC_COMBO_BOX), &nVolumeEA);
+ ComboSelChangeEA (hwndDlg);
+ SetFocus (GetDlgItem (hwndDlg, IDC_COMBO_BOX));
+
+ /* Hash algorithms */
+ if (SysEncInEffect())
+ {
+ RandSetHashFunction(hash_algo);
+ for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
+ {
+ // Use blake2s for hashing
+ if (((hid == BLAKE2S) || !HashIsDeprecated(hid)) && (bSystemIsGPT || HashForSystemEncryption(hid)))
+ AddComboPair(GetDlgItem(hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
+ }
+ }
+ else
+ {
+ hash_algo = RandGetHashFunction();
+ for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
+ {
+ if (!HashIsDeprecated(hid))
+ AddComboPair(GetDlgItem(hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
+ }
+ }
+
+ if (CreatingHiddenSysVol())
+ Warning ("HIDDEN_OS_PRE_CIPHER_WARNING", MainDlg);
+
+ SetWindowText(GetDlgItem(hwndDlg, IDC_SHA512_HELP), GetString("SHA512_HELP"));
+ SelectAlgo(GetDlgItem(hwndDlg, IDC_COMBO_BOX_HASH_ALGO), &hash_algo);
+
+ /* file system options */
+ SetTimer(GetParent(hwndDlg), TIMER_ID_RANDVIEW, TIMER_INTERVAL_RANDVIEW, NULL);
+
+ hMasterKey = GetDlgItem(hwndDlg, IDC_DISK_KEY);
+ hHeaderKey = GetDlgItem(hwndDlg, IDC_HEADER_KEY);
+ hRandPool = GetDlgItem(hwndDlg, IDC_RANDOM_BYTES);
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_RANDOM_BYTES), WM_SETFONT, (WPARAM)hFixedDigitFont, (LPARAM)TRUE);
+ SendMessage(GetDlgItem(hwndDlg, IDC_DISK_KEY), WM_SETFONT, (WPARAM)hFixedDigitFont, (LPARAM)TRUE);
+ SendMessage(GetDlgItem(hwndDlg, IDC_HEADER_KEY), WM_SETFONT, (WPARAM)hFixedDigitFont, (LPARAM)TRUE);
+
+ /* Quick/Dynamic */
+
+ if (bHiddenVol)
+ {
+ quickFormat = !bHiddenVolHost;
+ dynamicFormat = FALSE;
+ bSparseFileSwitch = FALSE;
+ }
+ else
+ {
+ if (bDevice)
+ {
+ dynamicFormat = FALSE;
+ bSparseFileSwitch = FALSE;
+ }
+ else
+ {
+ wchar_t root[TC_MAX_PATH];
+ DWORD fileSystemFlags = 0;
+
+ /* Check if the host file system supports sparse files */
+
+ if (GetVolumePathName (szFileName, root, array_capacity (root)))
+ {
+ GetVolumeInformation (root, NULL, 0, NULL, NULL, &fileSystemFlags, NULL, 0);
+ bSparseFileSwitch = fileSystemFlags & FILE_SUPPORTS_SPARSE_FILES;
+ }
+ else
+ bSparseFileSwitch = FALSE;
+ if (!bSparseFileSwitch)
+ {
+ dynamicFormat = FALSE;
+ }
+ }
+ }
+ SendMessage (GetDlgItem (hwndDlg, IDC_SHOW_KEYS), BM_SETCHECK, showKeys ? BST_CHECKED : BST_UNCHECKED, 0);
+ SetWindowText (GetDlgItem (hwndDlg, IDC_RANDOM_BYTES), showKeys ? L"" : L"******************************** ");
+ SetWindowText (GetDlgItem (hwndDlg, IDC_HEADER_KEY), showKeys ? L"" : L"******************************** ");
+ SetWindowText (GetDlgItem (hwndDlg, IDC_DISK_KEY), showKeys ? L"" : L"******************************** ");
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_CLUSTERSIZE), CB_RESETCONTENT, 0, 0);
+ AddComboPairW(GetDlgItem(hwndDlg, IDC_CLUSTERSIZE), GetString("DEFAULT"), 0);
+ SendMessage(GetDlgItem(hwndDlg, IDC_CLUSTERSIZE), CB_SETCURSEL, 0, 0);
+ EnableWindow(GetDlgItem(hwndDlg, IDC_CLUSTERSIZE), TRUE);
+
+ /* Filesystems */
+ bNTFSallowed = FALSE;
+ bFATallowed = FALSE;
+ bEXFATallowed = FALSE;
+ bReFSallowed = FALSE;
+ bNoFSallowed = FALSE;
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_FILESYS), CB_RESETCONTENT, 0, 0);
+ EnableWindow(GetDlgItem(hwndDlg, IDC_FILESYS), TRUE);
+
+ uint64 dataAreaSize = GetVolumeDataAreaSize (bHiddenVol && !bHiddenVolHost, nVolumeSize);
+
+ if (!CreatingHiddenSysVol())
+ {
+ if (dataAreaSize >= TC_MIN_NTFS_FS_SIZE && dataAreaSize <= TC_MAX_NTFS_FS_SIZE)
+ {
+ AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"NTFS", FILESYS_NTFS);
+ bNTFSallowed = TRUE;
+ }
+
+ if (dataAreaSize >= TC_MIN_FAT_FS_SIZE && dataAreaSize <= TC_MAX_FAT_SECTOR_COUNT * GetFormatSectorSize())
+ {
+ AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"FAT", FILESYS_FAT);
+ bFATallowed = TRUE;
+ }
+
+ //exFAT support added starting from Vista SP1
+ if (IsOSVersionAtLeast (WIN_VISTA, 1) && dataAreaSize >= TC_MIN_EXFAT_FS_SIZE && dataAreaSize <= TC_MAX_EXFAT_FS_SIZE)
+ {
+ AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"exFAT", FILESYS_EXFAT);
+ bEXFATallowed = TRUE;
+ }
+
+ //ReFS write support activated by default starting from Windows 10
+ //We don't support it yet for the creation of hidden volumes
+ if ((!bHiddenVolHost) && IsOSVersionAtLeast (WIN_10, 0) && dataAreaSize >= TC_MIN_REFS_FS_SIZE && dataAreaSize <= TC_MAX_REFS_FS_SIZE)
+ {
+ AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"ReFS", FILESYS_REFS);
+ bReFSallowed = TRUE;
+ }
+ }
+ else
+ {
+ // We're creating a hidden volume for a hidden OS, so we don't need to format it with
+ // any filesystem (the entire OS will be copied to the hidden volume sector by sector).
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FILESYS), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_CLUSTERSIZE), FALSE);
+ }
+ if (!bHiddenVolHost)
+ {
+ AddComboPairW(GetDlgItem(hwndDlg, IDC_FILESYS), GetString("NONE"), FILESYS_NONE);
+ bNoFSallowed = TRUE;
+ }
+ if (fileSystem == FILESYS_NONE) // If no file system has been previously selected
+ {
+ // Set default file system
+
+ if (bFATallowed && !(nNeedToStoreFilesOver4GB == 1 && (bNTFSallowed || bEXFATallowed || bReFSallowed)))
+ fileSystem = FILESYS_FAT;
+ else if (bEXFATallowed)
+ fileSystem = FILESYS_EXFAT;
+ else if (bNTFSallowed)
+ fileSystem = FILESYS_NTFS;
+ else if (bReFSallowed)
+ fileSystem = FILESYS_REFS;
+ else if (bNoFSallowed)
+ fileSystem = FILESYS_NONE;
+ else
+ {
+ AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"---", 0);
+ }
+ }
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_FILESYS), CB_SETCURSEL, 0, 0);
+ SelectAlgo(GetDlgItem(hwndDlg, IDC_FILESYS), (int *)&fileSystem);
+
+ /* PIM and Wipe mode */
+ SetCheckBox(hwndDlg, IDC_PIM_ENABLE, PimEnable);
+
+ PopulateWipeModeCombo(GetDlgItem(hwndDlg, IDC_WIPE_MODE),
+ SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING && !bInPlaceEncNonSys,
+ TRUE,
+ FALSE);
+ SelectAlgo(GetDlgItem(hwndDlg, IDC_WIPE_MODE), (int *)&nWipeMode);
+ SetFocus(GetDlgItem(GetParent(hwndDlg), IDOK));
+ }
+ return 1;
+ case WM_COMMAND:
+ if (lw == IDCANCEL)
+ {
+ EndDialog(hwndDlg, lw);
+ return 1;
+ }
+ if (lw == IDOK)
+ {
+ /* Save hash and encryption algo */
+ LPARAM nIndex;
+ nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0);
+ nVolumeEA = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0);
+
+ if (!bSystemIsGPT && SysEncInEffect ()
+ && EAGetCipherCount (nVolumeEA) > 1) // Cascade?
+ {
+ if (AskWarnNoYes ("CONFIRM_CASCADE_FOR_SYS_ENCRYPTION", hwndDlg) == IDNO)
+ return 1;
+
+ if (!bHiddenOS)
+ Info ("NOTE_CASCADE_FOR_SYS_ENCRYPTION", hwndDlg);
+ }
+
+ nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX_HASH_ALGO), CB_GETCURSEL, 0, 0);
+ hash_algo = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX_HASH_ALGO), CB_GETITEMDATA, nIndex, 0);
+
+ RandSetHashFunction (hash_algo);
+
+ /* Save PIM and Wipe mode */
+ nWipeMode = (WipeAlgorithmId)SendMessage(GetDlgItem(hwndDlg, IDC_WIPE_MODE),
+ CB_GETITEMDATA,
+ SendMessage(GetDlgItem(hwndDlg, IDC_WIPE_MODE), CB_GETCURSEL, 0, 0),
+ 0);
+
+ PimEnable = GetCheckBox(hwndDlg, IDC_PIM_ENABLE);
+ SetCheckBox(hwndDlg, IDC_PIM_ENABLE, PimEnable);
+
+ EndDialog(hwndDlg, lw);
+ return 1;
+ }
+ if (lw == IDC_CIPHER_TEST)
+ {
+ LPARAM nIndex;
+ int c;
+
+ nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0);
+ nVolumeEA = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0);
+
+ for (c = EAGetLastCipher (nVolumeEA); c != 0; c = EAGetPreviousCipher (nVolumeEA, c))
+ {
+ DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_CIPHER_TEST_DLG),
+ GetParent (hwndDlg), (DLGPROC) CipherTestDialogProc, (LPARAM) c);
+ }
+
+ return 1;
+ }
+
+ if (lw == IDC_BENCHMARK)
+ {
+ // Reduce CPU load
+ bFastPollEnabled = FALSE;
+ bRandmixEnabled = FALSE;
+
+ DialogBoxParamW (hInst,
+ MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg,
+ (DLGPROC) BenchmarkDlgProc, (LPARAM) bSystemIsGPT);
+
+ bFastPollEnabled = TRUE;
+ bRandmixEnabled = TRUE;
+ return 1;
+ }
+
+ if (lw == IDC_WIPE_MODE && hw == CBN_SELCHANGE)
+ {
+ Warning ("WIPE_WARNING", hwndDlg);
+ return 1;
+ }
+
+ if (hw == CBN_SELCHANGE && lw == IDC_COMBO_BOX)
+ {
+ ComboSelChangeEA (hwndDlg);
+ SetWindowTextW (GetDlgItem (hCurPage, IDC_BENCHMARK), GetString ("IDC_BENCHMARK"));
+ return 1;
+ }
+
+ if (hw == CBN_SELCHANGE && lw == IDC_COMBO_BOX_HASH_ALGO)
+ {
+ ShowWindow (GetDlgItem (hwndDlg, IDT_HASH_ALGO), SW_SHOW);
+ if (SysEncInEffect())
+ {
+ HWND hHashAlgoItem = GetDlgItem (hCurPage, IDC_COMBO_BOX_HASH_ALGO);
+ int selectedAlgo = (int)SendMessage (hHashAlgoItem, CB_GETITEMDATA, SendMessage (hHashAlgoItem, CB_GETCURSEL, 0, 0), 0);
+
+ if (!bSystemIsGPT && !HashForSystemEncryption (selectedAlgo))
+ {
+ hash_algo = DEFAULT_HASH_ALGORITHM_BOOT;
+ RandSetHashFunction (DEFAULT_HASH_ALGORITHM_BOOT);
+ Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", MainDlg);
+ SelectAlgo (GetDlgItem (hCurPage, IDC_COMBO_BOX_HASH_ALGO), &hash_algo);
+ }
+ }
+ return 1;
+ }
+
+ if (lw == IDC_PIM_ENABLE)
+ {
+ PimEnable = GetCheckBox (hwndDlg, IDC_PIM_ENABLE);
+ if (!PimEnable)
+ volumePim = 0;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+void
+AddComboPairW (HWND hComboBox, const wchar_t *lpszItem, int value)
+{
+ LPARAM nIndex;
+ nIndex = SendMessageW(hComboBox, CB_ADDSTRING, 0, (LPARAM)lpszItem);
+ nIndex = SendMessage(hComboBox, CB_SETITEMDATA, nIndex, (LPARAM)value);
+}
+
+/* Acording to NIST, only a blacklist check and at least 8 character should be compulsary, no special character check... */
+int PrintStrongness (char input[], unsigned int length)
+{
+ unsigned int n = length;
+ int iReturnValue = 0;
+ if (n < 10)
+ {
+ burn (input, sizeof(input));
+ return iReturnValue = weak;
+ }
+ else if (CheckWord(input))
+ {
+ burn (input, sizeof(input));
+ return iReturnValue = weak;
+ }
+ //Tetermine the strength of the passsord
+ if ((n >= 13))
+ {
+ iReturnValue = very_strong;
+ }
+ //if 3 out of 4 paramters are true
+ else if (n >= 10)
+ {
+ iReturnValue = strong;
+ }
+ //if 2 out of 4 values are true
+ else if (n >= 8)
+ {
+ iReturnValue = medium;
+ }
+ else
+ {
+ iReturnValue = weak;
+ }
+ burn (input, sizeof(input));
+ return iReturnValue;
+}
+
+/* Check if password is in list
+Credits go Martin York from https://codereview.stackexchange.com/questions/52702/how-to-search-for-a-word-in-a-sorted-text-file-efficiently */
+BOOL CheckWord (char* search)
+{
+
+ bool isWordInDict(std::string const& word);
+ {
+ struct MyDict : std::set<std::string>
+ {
+ typedef std::set<std::string>::const_iterator const_iterator;
+ MyDict()
+ {
+ wchar_t path[TC_MAX_PATH];
+ wchar_t tmp[TC_MAX_PATH];
+ wchar_t destFileName[TC_MAX_PATH] = L"password1000000.txt";
+
+ if (GetModuleFileName (NULL, path, ARRAYSIZE (path)) == 0)
+ {
+ Error ("ERROR_GETTING_PATH", MainDlg);
+ }
+
+ StringCbCopyW(tmp, ARRAYSIZE(tmp), path);
+
+ //detects the last '\' in order to remove the name of the exe file. Afterwards add .txt file in the path
+ for (int i = wcslen(path); i > 1; i--)
+ {
+ if (tmp[i] == '\\')
+ {
+ for(unsigned int j = i + 1; j < wcslen(path); j++)
+ {
+ tmp[j] = '\0';
+ }
+ break;
+ }
+ }
+ StringCbCatW(tmp, sizeof(tmp), destFileName);
+
+ std::ifstream fin(tmp);
+ std::copy(std::istream_iterator<std::string>(fin), std::istream_iterator<std::string>(),
+ std::inserter(*this, end()));
+ }
+ };
+ static const MyDict dict;
+ MyDict::const_iterator find = dict.find(search);
+
+ return find != dict.end();
+ }
+}
+
+/* Credits go to Barmak Shemirani from https://stackoverflow.com/questions/31407492/c-tooltip-function-for-checkbox */
+void CreateToolTip(HWND hWndParent, HWND hControlItem, PTSTR pszText)
+{
+ if (!hControlItem || !hWndParent || !pszText)
+ return;
+
+ HWND hwndTip = CreateWindowEx(NULL, TOOLTIPS_CLASS, NULL,
+ WS_POPUP | TTS_NOFADE | TTS_ALWAYSTIP /*| TTS_BALLOON*/,
+ CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT,
+ hWndParent, NULL, GetModuleHandle(NULL), NULL);
+
+ if (!hwndTip)
+ return;
+
+ TOOLINFO toolInfo = { 0 };
+ toolInfo.cbSize = sizeof(toolInfo);
+ toolInfo.hwnd = hWndParent;
+ toolInfo.uFlags = TTF_IDISHWND | TTF_SUBCLASS;
+ toolInfo.uId = (UINT_PTR)hControlItem;
+ toolInfo.lpszText = pszText;
+ GetClientRect(hWndParent, &toolInfo.rect);
+ if (!SendMessage(hwndTip, TTM_ADDTOOL, 0, (LPARAM)&toolInfo))
+ {
+ MessageBox(0, TEXT("TTM_ADDTOOL failed\nWrong project manifest!"), 0, 0);
+ }
+}
diff --git a/src/Format/Tcformat.h b/src/Format/Tcformat.h
index f9328afd..a8237521 100644
--- a/src/Format/Tcformat.h
+++ b/src/Format/Tcformat.h
@@ -72,38 +72,46 @@ void ShowNonSysInPlaceEncUIStatus (void);
void UpdateNonSysInPlaceEncControls (void);
int MountHiddenVolHost ( HWND hwndDlg, wchar_t *volumePath, int *driveNo, Password *password, int pkcs5_prf, int pim, BOOL bReadOnly );
int AnalyzeHiddenVolumeHost (HWND hwndDlg, int *driveNo, __int64 hiddenVolHostSize, int *realClusterSize, __int64 *pnbrFreeClusters);
int ScanVolClusterBitmap ( HWND hwndDlg, int *driveNo, __int64 nbrClusters, __int64 *nbrFreeClusters);
static void WipeStart (void);
static void WipeAbort (void);
static void UpdateWipeProgressBar (void);
static void InitWipeProgressBar (void);
static void UpdateWipeControls (void);
static DWORD GetFormatSectorSize ();
extern BOOL showKeys;
extern volatile HWND hMasterKey;
extern volatile HWND hHeaderKey;
extern volatile BOOL bHiddenVolHost;
extern volatile BOOL bHiddenVolDirect;
extern BOOL bRemovableHostDevice;
extern BOOL bWarnDeviceFormatAdvanced;
extern HWND hCurPage;
extern HWND hProgressBar;
extern volatile BOOL bVolTransformThreadCancel;
extern volatile BOOL bInPlaceEncNonSysResumed;
extern volatile BOOL bFirstNonSysInPlaceEncResumeDone;
extern volatile BOOL bInPlaceEncNonSys;
extern volatile BOOL bInPlaceDecNonSys;
extern __int64 NonSysInplaceEncBytesDone;
extern __int64 NonSysInplaceEncTotalSize;
extern int nPbar;
extern volatile int WizardMode;
extern volatile BOOL bInPlaceEncNonSysResumed;
extern wchar_t HeaderKeyGUIView [KEY_GUI_VIEW_SIZE];
extern wchar_t MasterKeyGUIView [KEY_GUI_VIEW_SIZE];
extern volatile int NonSysInplaceEncStatus;
+BOOL CALLBACK AdvanceDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
+BOOL CALLBACK FinishDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
+void AddComboPairW (HWND hComboBox, const wchar_t *lpszItem, int value);
+int PrintStrongness (char* input, unsigned int length);
+BOOL CheckWord (char search[]);
+BOOL CALLBACK AdvanceDlgProcIntro (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
+void CreateToolTip (HWND hWndParent, HWND hControlItem, PTSTR pszText);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/Release/Setup Files/Product64.wxs b/src/Release/Setup Files/Product64.wxs
index e20fd1dc..2f43edd1 100644
--- a/src/Release/Setup Files/Product64.wxs
+++ b/src/Release/Setup Files/Product64.wxs
@@ -835,73 +835,70 @@
<File Id="filBE0C2BED7FB2DD3D2FC511AC4D7D385A" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Protection of Hidden Volumes.html" DiskId="1" />
</Component>
<Component Id="cmp493A37205039E2A3A476A1A4F5360EBF" Guid="{3D92A6B0-B03F-4C86-8020-F756FBAADDC8}">
<File Id="filC70F6B9415FAADA8160DB4529D0BE54D" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Protection of Hidden Volumes_Image_027.jpg" DiskId="1" />
</Component>
<Component Id="cmpF36A771DF9B1C4CD8E82C08A6D3D0786" Guid="{C0D77203-5FAC-4052-A490-ABB0346384AF}">
<File Id="filE1423115AD04FF5AEC6F63AA963CB4D6" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Protection of Hidden Volumes_Image_028.jpg" DiskId="1" />
</Component>
<Component Id="cmp63F6A68C5538B45661168554BC3B93D1" Guid="{252A5E82-AD3A-49A7-8185-421735A09DCE}">
<File Id="fil5286E3B666BFB60D10FBA4CF8D8F6925" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Protection of Hidden Volumes_Image_029.jpg" DiskId="1" />
</Component>
<Component Id="cmp0158A6D8BED6391AC7150B6C6AE2A9F9" Guid="{5A0D3271-1439-4E71-B7F6-D645FEC8FD49}">
<File Id="fil2C5151D680BC4575AC607487970F87D8" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Protection of Hidden Volumes_Image_030.jpg" DiskId="1" />
</Component>
<Component Id="cmpDE45667E9E3CD9F800EAC1E02B57AAB7" Guid="{333167EF-38B6-49E2-A24A-04E08F7D87BE}">
<File Id="fil1B03C5F8575364F36A893E5EE4723659" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Protection of Hidden Volumes_Image_031.jpg" DiskId="1" />
</Component>
<Component Id="cmp632453049391BAACDD117A40EC442743" Guid="{75B50C72-2495-4A22-BFDA-5BFE041EB265}">
<File Id="fil37E6C8BC6738BF93446E4F2D13E312EC" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Random Number Generator.html" DiskId="1" />
</Component>
<Component Id="cmpCE16E453CAD75A461B4FEBF451A51B7B" Guid="{E68D3F57-0A30-4492-9088-F2D1B0C7934A}">
<File Id="filC3043FC38C97C7B8038FF12DD7882D85" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Reallocated Sectors.html" DiskId="1" />
</Component>
<Component Id="cmpC741D187A28A87BD33866C9AC09A1298" Guid="{FB850461-6BD1-495F-9C10-19A34CFA0F16}">
<File Id="filFFB70B91C00A69849F9E36950C6606B3" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\References.html" DiskId="1" />
</Component>
<Component Id="cmpB313B00E647A121B2CBE47F3048A18A7" Guid="{5985576D-6F6C-4D96-9B3E-9E0961CF9FAF}">
<File Id="fil2EB5F87C05CCC55D3964D595C85EF19E" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Release Notes.html" DiskId="1" />
</Component>
<Component Id="cmp400428F6494DE58618E3B92539548C39" Guid="{0A1869ED-25F1-4430-97A5-4C6EA8CDA7FC}">
<File Id="filEDEDEF956F04F36B4163989F9AB9285F" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Removable Medium Volume.html" DiskId="1" />
</Component>
<Component Id="cmpFB2313AB16EF2467366ED136C0E61CE6" Guid="{CFEC9559-9F85-46C6-9E98-AEBB573B96FE}">
<File Id="filE496203C4727FDF47F8352CB9722A8C7" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Removing Encryption.html" DiskId="1" />
</Component>
- <Component Id="cmp960F36632D3FB602421D1195E4EB6FE1" Guid="{321F49A5-8A1B-4881-A32D-12EDA99D1B85}">
- <File Id="fil324009D5856BF4C5270D40F1EC4110EB" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\RIPEMD-160.html" DiskId="1" />
- </Component>
<Component Id="cmpB4C7B1A7A3EC0CB2DE805AC5CC5FC0D7" Guid="{4534E8B2-114E-4173-AE3E-75E0D96EB573}">
<File Id="fil8CFD1CFDCBE261B6F91D9E587F8720C0" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Security Model.html" DiskId="1" />
</Component>
<Component Id="cmp00540BF93A805E0B9996945B61E1BC2F" Guid="{1D5B7A85-87F3-45AF-9C09-BA7E088A835D}">
<File Id="filA7A29851126AC571C090BB0FBEE83CB5" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Security Requirements and Precautions.html" DiskId="1" />
</Component>
<Component Id="cmp4C46C6668AD830D543AFE593D51676B3" Guid="{4CD21E9D-243F-4A58-A535-AA8EF9D2BFD1}">
<File Id="fil440C5158A3CD96689918C976DC917325" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Security Requirements for Hidden Volumes.html" DiskId="1" />
</Component>
<Component Id="cmp6EE914124966E3A0F695359116413DD4" Guid="{724FA79D-49BC-4075-ABF4-0C318AE39855}">
<File Id="filD229058EB41E2E150C0CA4D0EC1DF39B" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Security Tokens &amp; Smart Cards.html" DiskId="1" />
</Component>
<Component Id="cmp28E29B4CA17AB51913B756CD9397EEFE" Guid="{1B9083B9-8E76-44CA-AE3E-0771B1ABA62B}">
<File Id="filC173058120D357E87951F41755A9210B" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Serpent.html" DiskId="1" />
</Component>
<Component Id="cmp5DF24509F284FABC600232197F803DE5" Guid="{120A40CF-E44A-4F4F-9072-93248DABACA2}">
<File Id="fil01F3ACD810057C4A059A5C424E1B79E1" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\SHA-256.html" DiskId="1" />
</Component>
<Component Id="cmp09E31B885345FBEA1F473AF7A10FD88D" Guid="{1B1C80CF-6C3C-4C7D-BE7B-579042701D0F}">
<File Id="fil2E702CC679444D8DDB66A3FBDB32C807" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\SHA-512.html" DiskId="1" />
</Component>
<Component Id="cmpAE05C79A35A43ECCAC995A711DC4D60B" Guid="{151A493F-38A5-4EF1-9740-255B610B4117}">
<File Id="fil167B9CF3B9CD2FA5458778733095F780" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Sharing over Network.html" DiskId="1" />
</Component>
<Component Id="cmpB6D91209A93313D08150643F1738DED8" Guid="{270DF8A0-8859-49F3-BF05-2F155C3CA428}">
<File Id="filF3B75776C2FEC0F4397274BCA02330DB" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Source Code.html" DiskId="1" />
</Component>
<Component Id="cmpDB66E821EC13977824FB1069DF5DAA69" Guid="{D08B0614-2B88-4445-9B47-52BEA0E29E77}">
<File Id="filA67FBF7D25BFBA155A0E4570F404CBEE" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Standard Compliance.html" DiskId="1" />
</Component>
<Component Id="cmp159AB26E32632FC87229090B3AA89BF8" Guid="{B35B4FD4-D82C-47E9-BB2A-5539115F40CC}">
<File Id="filBFED47E502C7539F724D68EAF73A554D" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Streebog.html" DiskId="1" />
</Component>
<Component Id="cmp5BE3E12343551B853E1B143371CBEBE6" Guid="{5ACC0589-AD8D-4BAC-BD40-201BAD7D07BC}">
<File Id="filA40C816E149FB745F49DAF482DF97F3B" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\styles.css" DiskId="1" />
@@ -1351,71 +1348,70 @@
<ComponentRef Id="cmp1E4F8137AD337BEA1B902E6B003AB953" />
<ComponentRef Id="cmp8D35F7D61B2B7DF0EDEAE2E56031E7CB" />
<ComponentRef Id="cmpDE2C66707086A509EABD0F9F6E8BDB1A" />
<ComponentRef Id="cmpA80443C3767E3E51F3DE88BFD0D7A33B" />
<ComponentRef Id="cmp214446AAABEBAC0C3827B8977083FAE2" />
<ComponentRef Id="cmp4AF022868FE6883520C700676C43B15D" />
<ComponentRef Id="cmpC27AA2C4496C9EFA95DCD663B031B5D0" />
<ComponentRef Id="cmp9CBBC8311BBFC54C8DC1162BB17E5AED" />
<ComponentRef Id="cmp033461B0777614621A2ED7B4E2B08D55" />
<ComponentRef Id="cmp0E43CDBBAE343957423AE2907AC16883" />
<ComponentRef Id="cmp8A8526D2061A14810E1B7A8A6E527DCD" />
<ComponentRef Id="cmpAE2DADEF126C59D8CCD3A18D8CDC49C8" />
<ComponentRef Id="cmp2F972A5C99F7EE708B7C232EE8647672" />
<ComponentRef Id="cmpB21F7D781FE7B006ABCA7974A21F29E2" />
<ComponentRef Id="cmpF345174585735CD7A31AE138DDE8B439" />
<ComponentRef Id="cmp06772C03A0ECA40F11F1D5C5ACD607D8" />
<ComponentRef Id="cmp79E890B8891FA87AA5B10A67E15E7E8E" />
<ComponentRef Id="cmp89C46AE8EC4175E62A9CFE3DF9DF924A" />
<ComponentRef Id="cmpC8F860B10D41961424874F69C6D84ED3" />
<ComponentRef Id="cmp285021B8CBC8E92B1CBCE4C88731083C" />
<ComponentRef Id="cmpABE9B0A93A9B14C0732EBD8CD17A11AE" />
<ComponentRef Id="cmpD9B960879A3227B971E33222CE13BC18" />
<ComponentRef Id="cmp3B3BB414D13FDBF2B0C7A9CEBD7D98F5" />
<ComponentRef Id="cmpB39B1096387C2617720F515D24953B37" />
<ComponentRef Id="cmp493A37205039E2A3A476A1A4F5360EBF" />
<ComponentRef Id="cmpF36A771DF9B1C4CD8E82C08A6D3D0786" />
<ComponentRef Id="cmp63F6A68C5538B45661168554BC3B93D1" />
<ComponentRef Id="cmp0158A6D8BED6391AC7150B6C6AE2A9F9" />
<ComponentRef Id="cmpDE45667E9E3CD9F800EAC1E02B57AAB7" />
<ComponentRef Id="cmp632453049391BAACDD117A40EC442743" />
<ComponentRef Id="cmpCE16E453CAD75A461B4FEBF451A51B7B" />
<ComponentRef Id="cmpC741D187A28A87BD33866C9AC09A1298" />
<ComponentRef Id="cmpB313B00E647A121B2CBE47F3048A18A7" />
<ComponentRef Id="cmp400428F6494DE58618E3B92539548C39" />
<ComponentRef Id="cmpFB2313AB16EF2467366ED136C0E61CE6" />
- <ComponentRef Id="cmp960F36632D3FB602421D1195E4EB6FE1" />
<ComponentRef Id="cmpB4C7B1A7A3EC0CB2DE805AC5CC5FC0D7" />
<ComponentRef Id="cmp00540BF93A805E0B9996945B61E1BC2F" />
<ComponentRef Id="cmp4C46C6668AD830D543AFE593D51676B3" />
<ComponentRef Id="cmp6EE914124966E3A0F695359116413DD4" />
<ComponentRef Id="cmp28E29B4CA17AB51913B756CD9397EEFE" />
<ComponentRef Id="cmp5DF24509F284FABC600232197F803DE5" />
<ComponentRef Id="cmp09E31B885345FBEA1F473AF7A10FD88D" />
<ComponentRef Id="cmpAE05C79A35A43ECCAC995A711DC4D60B" />
<ComponentRef Id="cmpB6D91209A93313D08150643F1738DED8" />
<ComponentRef Id="cmpDB66E821EC13977824FB1069DF5DAA69" />
<ComponentRef Id="cmp159AB26E32632FC87229090B3AA89BF8" />
<ComponentRef Id="cmp5BE3E12343551B853E1B143371CBEBE6" />
<ComponentRef Id="cmp0E081D9499DA225BB788494A1D86893D" />
<ComponentRef Id="cmpBC7134AF21BAE309E9FD1A52ADF92527" />
<ComponentRef Id="cmpB586F01E9F9657C498F2AB64E1F51BD7" />
<ComponentRef Id="cmp6EB049078039C276CADA69E7B79FDFA8" />
<ComponentRef Id="cmp3135BB68A1F44DDD9FE19B7D5FB4ED7B" />
<ComponentRef Id="cmp98ECAD990DF7B535B05EF6E840B7B2DF" />
<ComponentRef Id="cmpFE417CCCB859A1C3E4FB90A9C4E132F0" />
<ComponentRef Id="cmpD91C00B1B2AACF38761B45D0574884D7" />
<ComponentRef Id="cmp590EDE3CE6E09D0D43B35287E849B75A" />
<ComponentRef Id="cmp9D6F95F912C3B9C95E92E39BA1CE6BC9" />
<ComponentRef Id="cmpAD429D8A050A0D31B661626BDCA9C952" />
<ComponentRef Id="cmp3BDE199844AB81673ABB0E5E61E9B7B5" />
<ComponentRef Id="cmp0A4AB9AEF0D351FA5E63BCD67DC00607" />
<ComponentRef Id="cmpCC25F1CB6A1C9D8B47C407B818F73B59" />
<ComponentRef Id="cmpE0F5E8A2D6FEF181686370F0E1EAC632" />
<ComponentRef Id="cmp46B2E8BCD50BD668153E793EB737BC39" />
<ComponentRef Id="cmp0305CC2824E44F697B402E56A0CD1754" />
<ComponentRef Id="cmp0E00CBDCB82A904FD6AD82E458CA6AA7" />
<ComponentRef Id="cmp594B5E68E63675F4986F6717BC1F5950" />
<ComponentRef Id="cmp62748E79EC04EBE33DC46770AD65CDCE" />
<ComponentRef Id="cmpE1265CF3CC5E0B487E99D9D5936BB3F4" />
<ComponentRef Id="cmp1C162513D52824629D7C9FAF96054182" />
<ComponentRef Id="cmpB5FA2A488D2C7E59E0B52D18820CE00A" />
@@ -1674,36 +1670,36 @@
<!-- UNINSTALLATION ONLY CAs -->
<!-- Execute PreUninst_SetData before RemoveFiles action when uninstalling ONLY
and before DoPreUninstall to set the DoPreUninstall's Custom Action Data -->
<Custom Action="PreUninst_SetData" Before="DoPreUninstall">REMOVE~="ALL" AND NOT UPGRADINGPRODUCTCODE</Custom>
<!-- Execute DoPreUninstall before RemoveFiles when uninstalling ONLY -->
<Custom Action="DoPreUninstall" Before="RemoveFiles">REMOVE~="ALL" AND NOT UPGRADINGPRODUCTCODE</Custom>
<!-- Execute PostUninst_SetData after RemoveFiles action when uninstalling ONLY
and before DoPostUninstall to set the DoPostUninstall's Custom Action Data -->
<Custom Action="PostUninst_SetData" Before="DoPostUninstall">REMOVE~="ALL" AND NOT UPGRADINGPRODUCTCODE</Custom>
<!-- Execute DoPostUninstall after RemoveFiles action when uninstalling ONLY -->
<Custom Action="DoPostUninstall" After="RemoveFiles">REMOVE~="ALL" AND NOT UPGRADINGPRODUCTCODE</Custom>
<!-- Execute DoChecks after InstallFinalize action of first installation or repair or uninstall.
Since we schedule RemoveExistingProducts after InstallExecute, if we execute this CA at UPGRADINGPRODUCTCODE,
it will execute it twice : once when it installs new files (NOT Installed), and then when it removes unnecessary files (actual upgrade: UPGRADINGPRODUCTCODE).
Since the first time it executes, it will delete the RegKeys, the second time it executes will fail, and with
it the whole upgrade.
Therefore, we do not need to execute it at UPGRADINGPRODUCTCODE. -->
<Custom Action="DoChecks" After="InstallFinalize">(NOT Installed AND NOT REMOVE) OR REINSTALL OR (REMOVE~="ALL" AND NOT UPGRADINGPRODUCTCODE)</Custom>
<!-- Set the ARP -->
<Custom Action="SetARPINSTALLLOCATION" After="InstallValidate"></Custom>
<!-- ScheduleReboot only after DoChecks, which sets ISREBOOTREQUIRED -->
<ScheduleReboot After="DoChecks">ISREBOOTREQUIRED = "1"</ScheduleReboot>
</InstallExecuteSequence>
</Product>
-</Wix> \ No newline at end of file
+</Wix>
diff --git a/src/Release/Setup Files/password1000000.txt b/src/Release/Setup Files/password1000000.txt
new file mode 100644
index 00000000..e6e50bf5
--- /dev/null
+++ b/src/Release/Setup Files/password1000000.txt
@@ -0,0 +1,999999 @@
+123456
+password
+12345678
+qwerty
+123456789
+12345
+1234
+111111
+1234567
+dragon
+123123
+baseball
+abc123
+football
+monkey
+letmein
+696969
+shadow
+master
+666666
+qwertyuiop
+123321
+mustang
+1234567890
+michael
+654321
+pussy
+superman
+1qaz2wsx
+7777777
+fuckyou
+121212
+000000
+qazwsx
+123qwe
+killer
+trustno1
+jordan
+jennifer
+zxcvbnm
+asdfgh
+hunter
+buster
+soccer
+harley
+batman
+andrew
+tigger
+sunshine
+iloveyou
+fuckme
+2000
+charlie
+robert
+thomas
+hockey
+ranger
+daniel
+starwars
+klaster
+112233
+george
+asshole
+computer
+michelle
+jessica
+pepper
+1111
+zxcvbn
+555555
+11111111
+131313
+freedom
+777777
+pass
+fuck
+maggie
+159753
+aaaaaa
+ginger
+princess
+joshua
+cheese
+amanda
+summer
+love
+ashley
+6969
+nicole
+chelsea
+biteme
+matthew
+access
+yankees
+987654321
+dallas
+austin
+thunder
+taylor
+matrix
+william
+corvette
+hello
+martin
+heather
+secret
+fucker
+merlin
+diamond
+1234qwer
+gfhjkm
+hammer
+silver
+222222
+88888888
+anthony
+justin
+test
+bailey
+q1w2e3r4t5
+patrick
+internet
+scooter
+orange
+11111
+golfer
+cookie
+richard
+samantha
+bigdog
+guitar
+jackson
+whatever
+mickey
+chicken
+sparky
+snoopy
+maverick
+phoenix
+camaro
+sexy
+peanut
+morgan
+welcome
+falcon
+cowboy
+ferrari
+samsung
+andrea
+smokey
+steelers
+joseph
+mercedes
+dakota
+arsenal
+eagles
+melissa
+boomer
+booboo
+spider
+nascar
+monster
+tigers
+yellow
+xxxxxx
+123123123
+gateway
+marina
+diablo
+bulldog
+qwer1234
+compaq
+purple
+hardcore
+banana
+junior
+hannah
+123654
+porsche
+lakers
+iceman
+money
+cowboys
+987654
+london
+tennis
+999999
+ncc1701
+coffee
+scooby
+0000
+miller
+boston
+q1w2e3r4
+fuckoff
+brandon
+yamaha
+chester
+mother
+forever
+johnny
+edward
+333333
+oliver
+redsox
+player
+nikita
+knight
+fender
+barney
+midnight
+please
+brandy
+chicago
+badboy
+iwantu
+slayer
+rangers
+charles
+angel
+flower
+bigdaddy
+rabbit
+wizard
+bigdick
+jasper
+enter
+rachel
+chris
+steven
+winner
+adidas
+victoria
+natasha
+1q2w3e4r
+jasmine
+winter
+prince
+panties
+marine
+ghbdtn
+fishing
+cocacola
+casper
+james
+232323
+raiders
+888888
+marlboro
+gandalf
+asdfasdf
+crystal
+87654321
+12344321
+sexsex
+golden
+blowme
+bigtits
+8675309
+panther
+lauren
+angela
+bitch
+spanky
+thx1138
+angels
+madison
+winston
+shannon
+mike
+toyota
+blowjob
+jordan23
+canada
+sophie
+Password
+apples
+dick
+tiger
+razz
+123abc
+pokemon
+qazxsw
+55555
+qwaszx
+muffin
+johnson
+murphy
+cooper