Windows: Add setting in main UI and setup wizard to disable memory protection
This can be useful for users who need Accessibility software that may not work when memory protection is active in VeraCrypt
This commit is contained in:
parent
b1657e88e4
commit
0f3ae268a4
|
@ -32,8 +32,8 @@
|
|||
#include <process.h>
|
||||
#include <Tlhelp32.h>
|
||||
#endif
|
||||
#ifdef _WIN32_WINNT >= 0x0602
|
||||
#include "processthreadsapi.h""
|
||||
#if _WIN32_WINNT >= 0x0602
|
||||
#include "processthreadsapi.h"
|
||||
#endif
|
||||
|
||||
#include "Resource.h"
|
||||
|
@ -3256,6 +3256,13 @@ BOOL ReadMemoryProtectionConfig ()
|
|||
return (config)? TRUE: FALSE;
|
||||
}
|
||||
|
||||
BOOL WriteMemoryProtectionConfig (BOOL bEnable)
|
||||
{
|
||||
DWORD config = bEnable? 1: 0;
|
||||
|
||||
return WriteLocalMachineRegistryDword (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config);
|
||||
}
|
||||
|
||||
BOOL LoadSysEncSettings ()
|
||||
{
|
||||
BOOL status = TRUE;
|
||||
|
|
|
@ -350,6 +350,7 @@ uint32 ReadDriverConfigurationFlags ();
|
|||
uint32 ReadServiceConfigurationFlags ();
|
||||
uint32 ReadEncryptionThreadPoolFreeCpuCountLimit ();
|
||||
BOOL ReadMemoryProtectionConfig ();
|
||||
BOOL WriteMemoryProtectionConfig (BOOL bEnable);
|
||||
BOOL LoadSysEncSettings ();
|
||||
int LoadNonSysInPlaceEncSettings (WipeAlgorithmId *wipeAlgorithm);
|
||||
void RemoveNonSysInPlaceEncNotifications (void);
|
||||
|
|
|
@ -1633,6 +1633,7 @@
|
|||
<entry lang="en" key="EXPANDER_EXTENDING_FILESYSTEM">Extending file system ...\n</entry>
|
||||
<entry lang="en" key="PARTIAL_SYSENC_MOUNT_READONLY">Warning: The system partition you attempted to mount was not fully encrypted. As a safety measure to prevent potential corruption or unwanted modifications, volume '%s' was mounted as read-only.</entry>
|
||||
<entry lang="en" key="IDC_LINK_KEYFILES_EXTENSIONS_WARNING">Important information on using third-party file extensions</entry>
|
||||
<entry lang="en" key="IDC_DISABLE_MEMORY_PROTECTION">Disable memory protection in VeraCrypt</entry>
|
||||
</localization>
|
||||
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
|
||||
<xs:element name="VeraCrypt">
|
||||
|
|
|
@ -226,6 +226,7 @@
|
|||
#define IDC_DISABLE_MOUNT_MANAGER 5142
|
||||
#define IDC_KEYFILES_SIZE_UNIT 5143
|
||||
#define IDC_LINK_KEYFILES_EXTENSIONS_WARNING 5144
|
||||
#define IDC_DISABLE_MEMORY_PROTECTION 5145
|
||||
|
||||
// Next default values for new objects
|
||||
//
|
||||
|
@ -234,7 +235,7 @@
|
|||
#define _APS_NO_MFC 1
|
||||
#define _APS_NEXT_RESOURCE_VALUE 578
|
||||
#define _APS_NEXT_COMMAND_VALUE 40001
|
||||
#define _APS_NEXT_CONTROL_VALUE 5145
|
||||
#define _APS_NEXT_CONTROL_VALUE 5146
|
||||
#define _APS_NEXT_SYMED_VALUE 101
|
||||
#endif
|
||||
#endif
|
||||
|
|
|
@ -11559,6 +11559,12 @@ void SetServiceConfigurationFlag (uint32 flag, BOOL state)
|
|||
BootEncObj->SetServiceConfigurationFlag (flag, state ? true : false);
|
||||
}
|
||||
|
||||
void SetMemoryProtectionConfig (BOOL bEnable)
|
||||
{
|
||||
DWORD config = bEnable? 1: 0;
|
||||
if (BootEncObj)
|
||||
BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config);
|
||||
}
|
||||
|
||||
void NotifyService (DWORD dwNotifyCmd)
|
||||
{
|
||||
|
@ -11611,6 +11617,8 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
|
|||
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION), FALSE);
|
||||
}
|
||||
|
||||
CheckDlgButton (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, ReadMemoryProtectionConfig() ? BST_UNCHECKED : BST_CHECKED);
|
||||
|
||||
size_t cpuCount = GetCpuCount(NULL);
|
||||
|
||||
HWND freeCpuCombo = GetDlgItem (hwndDlg, IDC_ENCRYPTION_FREE_CPU_COUNT);
|
||||
|
@ -11670,6 +11678,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
|
|||
BOOL enableExtendedIOCTL = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EXTENDED_IOCTL_SUPPORT);
|
||||
BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD);
|
||||
BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG);
|
||||
BOOL bDisableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION);
|
||||
|
||||
try
|
||||
{
|
||||
|
@ -11738,6 +11747,11 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
|
|||
}
|
||||
SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION, enableRamEncryption);
|
||||
|
||||
BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig();
|
||||
if(originalDisableMemoryProtection != bDisableMemoryProtection)
|
||||
rebootRequired = true;
|
||||
SetMemoryProtectionConfig (!bDisableMemoryProtection);
|
||||
|
||||
DWORD bytesReturned;
|
||||
if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL))
|
||||
handleWin32Error (hwndDlg, SRC_POS);
|
||||
|
@ -11832,6 +11846,16 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
|
|||
}
|
||||
return 1;
|
||||
|
||||
case IDC_DISABLE_MEMORY_PROTECTION:
|
||||
{
|
||||
BOOL disableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION);
|
||||
BOOL originalDisableMemoryProtection = !ReadMemoryProtectionConfig();
|
||||
if (disableMemoryProtection != originalDisableMemoryProtection)
|
||||
{
|
||||
Warning ("SETTING_REQUIRES_REBOOT", hwndDlg);
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
case IDC_BENCHMARK:
|
||||
Benchmark (hwndDlg);
|
||||
return 1;
|
||||
|
|
|
@ -321,7 +321,7 @@ BEGIN
|
|||
DEFPUSHBUTTON "OK",IDOK,255,226,50,14
|
||||
END
|
||||
|
||||
IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 293
|
||||
IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 300
|
||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||
CAPTION "VeraCrypt - Performance Options"
|
||||
FONT 8, "MS Shell Dlg", 400, 0, 0x1
|
||||
|
@ -338,20 +338,22 @@ BEGIN
|
|||
CONTROL "Enable extended disk control codes support",IDC_ENABLE_EXTENDED_IOCTL_SUPPORT,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,198,337,10
|
||||
CONTROL "Allow TRIM command for non-system SSD partition/drive",IDC_ALLOW_TRIM_NONSYS_SSD,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,212,337,10
|
||||
PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,272,59,14
|
||||
DEFPUSHBUTTON "OK",IDOK,257,272,50,14
|
||||
PUSHBUTTON "Cancel",IDCANCEL,314,272,50,14
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,211,337,10
|
||||
CONTROL "Allow Windows Disk Defragmenter to defragment non-system partition/drive",IDC_ALLOW_WINDOWS_DEFRAG,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,224,337,10
|
||||
CONTROL "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,335,10
|
||||
CONTROL "Activate encryption of keys and passwords stored in RAM",IDC_ENABLE_RAM_ENCRYPTION,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,250,337,10
|
||||
CONTROL "Disable memory protection in VeraCrypt",IDC_DISABLE_MEMORY_PROTECTION,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,263,339,10
|
||||
PUSHBUTTON "&Benchmark",IDC_BENCHMARK,7,279,59,14
|
||||
DEFPUSHBUTTON "OK",IDOK,257,279,50,14
|
||||
PUSHBUTTON "Cancel",IDCANCEL,314,279,50,14
|
||||
LTEXT "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9
|
||||
GROUPBOX "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74
|
||||
GROUPBOX "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93
|
||||
GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,86
|
||||
CONTROL "Allow Windows Disk Defragmenter to defragment non-system partition/drive",IDC_ALLOW_WINDOWS_DEFRAG,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,226,337,10
|
||||
CONTROL "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,240,335,10
|
||||
CONTROL "Activate encryption of keys and passwords stored in RAM",IDC_ENABLE_RAM_ENCRYPTION,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,254,337,10
|
||||
GROUPBOX "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,95
|
||||
END
|
||||
|
||||
IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 368
|
||||
|
@ -521,7 +523,7 @@ BEGIN
|
|||
LEFTMARGIN, 7
|
||||
RIGHTMARGIN, 364
|
||||
TOPMARGIN, 7
|
||||
BOTTOMMARGIN, 286
|
||||
BOTTOMMARGIN, 293
|
||||
END
|
||||
|
||||
IDD_FAVORITE_VOLUMES, DIALOG
|
||||
|
|
|
@ -74,6 +74,7 @@ BOOL UnloadDriver = TRUE;
|
|||
BOOL bSystemRestore = TRUE;
|
||||
BOOL bDisableSwapFiles = FALSE;
|
||||
BOOL bForAllUsers = TRUE;
|
||||
BOOL bDisableMemoryProtection = FALSE;
|
||||
BOOL bRegisterFileExt = TRUE;
|
||||
BOOL bAddToStartMenu = TRUE;
|
||||
BOOL bDesktopIcon = TRUE;
|
||||
|
@ -2335,6 +2336,11 @@ void DoInstall (void *arg)
|
|||
if (bSystemRestore)
|
||||
SetSystemRestorePoint (hwndDlg, TRUE);
|
||||
|
||||
if (bOK && bDisableMemoryProtection)
|
||||
{
|
||||
WriteMemoryProtectionConfig(FALSE);
|
||||
}
|
||||
|
||||
if (bOK)
|
||||
{
|
||||
UpdateProgressBarProc(100);
|
||||
|
|
|
@ -120,6 +120,7 @@ extern BOOL bReinstallMode;
|
|||
extern BOOL bSystemRestore;
|
||||
extern BOOL bDisableSwapFiles;
|
||||
extern BOOL bForAllUsers;
|
||||
extern BOOL bDisableMemoryProtection;
|
||||
extern BOOL bRegisterFileExt;
|
||||
extern BOOL bAddToStartMenu;
|
||||
extern BOOL bDesktopIcon;
|
||||
|
|
|
@ -146,12 +146,14 @@ FONT 8, "MS Shell Dlg", 0, 0, 0x0
|
|||
BEGIN
|
||||
EDITTEXT IDC_DESTINATION,11,41,260,13,ES_AUTOHSCROLL
|
||||
PUSHBUTTON "Bro&wse...",IDC_BROWSE,278,40,59,14
|
||||
CONTROL "Install &for all users",IDC_ALL_USERS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,77,168,11
|
||||
CONTROL "Install &for all users",IDC_ALL_USERS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,168,11
|
||||
CONTROL "Add VeraCrypt to &Start menu",IDC_PROG_GROUP,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,80,168,11
|
||||
CONTROL "Add VeraCrypt icon to &desktop",IDC_DESKTOP_ICON,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,92,168,11
|
||||
CONTROL "Associate the .hc file &extension with VeraCrypt",IDC_FILE_TYPE,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,113,232,11
|
||||
CONTROL "Add VeraCrypt to &Start menu",IDC_PROG_GROUP,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,89,168,11
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,104,232,11
|
||||
CONTROL "Disable memory protection in VeraCrypt",IDC_DISABLE_MEMORY_PROTECTION,
|
||||
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,115,218,10
|
||||
CONTROL "Create System &Restore point",IDC_SYSTEM_RESTORE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,125,194,11
|
||||
CONTROL "Add VeraCrypt icon to &desktop",IDC_DESKTOP_ICON,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,101,168,11
|
||||
LTEXT "Please select or type the location where you want to install the VeraCrypt program files. If the specified folder does not exist, it will be automatically created.",IDT_INSTALL_DESTINATION,11,14,319,25
|
||||
END
|
||||
|
||||
|
|
|
@ -685,6 +685,10 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
|
|||
bForAllUsers = IsButtonChecked (GetDlgItem (hCurPage, IDC_ALL_USERS));
|
||||
return 1;
|
||||
|
||||
case IDC_DISABLE_MEMORY_PROTECTION:
|
||||
bDisableMemoryProtection = IsButtonChecked (GetDlgItem (hCurPage, IDC_DISABLE_MEMORY_PROTECTION));
|
||||
return 1;
|
||||
|
||||
case IDC_FILE_TYPE:
|
||||
bRegisterFileExt = IsButtonChecked (GetDlgItem (hCurPage, IDC_FILE_TYPE));
|
||||
return 1;
|
||||
|
|
Loading…
Reference in New Issue