📄 drivefilter.c
字号:
// Make sure volume header can be updated
if (Extension->HeaderCryptoInfo == NULL)
{
SetupResult = STATUS_INVALID_PARAMETER;
goto ret;
}
buffer = TCalloc (TC_ENCRYPTION_SETUP_IO_BLOCK_SIZE);
if (!buffer)
{
SetupResult = STATUS_INSUFFICIENT_RESOURCES;
goto ret;
}
if (SetupRequest.SetupMode == SetupEncryption && SetupRequest.WipeAlgorithm != TC_WIPE_NONE)
{
wipeBuffer = TCalloc (TC_ENCRYPTION_SETUP_IO_BLOCK_SIZE);
if (!wipeBuffer)
{
SetupResult = STATUS_INSUFFICIENT_RESOURCES;
goto ret;
}
}
while (!NT_SUCCESS (EncryptedIoQueueHoldWhenIdle (&Extension->Queue, 1000)))
{
if (EncryptionSetupThreadAbortRequested)
goto abort;
TransformWaitingForIdle = TRUE;
}
TransformWaitingForIdle = FALSE;
switch (SetupRequest.SetupMode)
{
case SetupEncryption:
Dump ("Encrypting...\n");
if (Extension->Queue.EncryptedAreaStart == -1 || Extension->Queue.EncryptedAreaEnd == -1)
{
// Start encryption
Extension->Queue.EncryptedAreaStart = Extension->ConfiguredEncryptedAreaStart;
Extension->Queue.EncryptedAreaEnd = -1;
offset.QuadPart = Extension->ConfiguredEncryptedAreaStart;
}
else
{
// Resume aborted encryption
if (Extension->Queue.EncryptedAreaEnd == Extension->ConfiguredEncryptedAreaEnd)
goto err;
offset.QuadPart = Extension->Queue.EncryptedAreaEnd + 1;
}
break;
case SetupDecryption:
Dump ("Decrypting...\n");
if (Extension->Queue.EncryptedAreaStart == -1 || Extension->Queue.EncryptedAreaEnd == -1)
{
SetupResult = STATUS_SUCCESS;
goto abort;
}
offset.QuadPart = Extension->Queue.EncryptedAreaEnd + 1;
break;
default:
goto err;
}
EncryptedIoQueueResumeFromHold (&Extension->Queue);
Dump ("EncryptedAreaStart=%I64d\n", Extension->Queue.EncryptedAreaStart);
Dump ("EncryptedAreaEnd=%I64d\n", Extension->Queue.EncryptedAreaEnd);
Dump ("ConfiguredEncryptedAreaStart=%I64d\n", Extension->ConfiguredEncryptedAreaStart);
Dump ("ConfiguredEncryptedAreaEnd=%I64d\n", Extension->ConfiguredEncryptedAreaEnd);
Dump ("offset=%I64d\n", offset.QuadPart);
Dump ("EncryptedAreaStart=%I64d (%I64d) EncryptedAreaEnd=%I64d\n", Extension->Queue.EncryptedAreaStart / 1024 / 1024, Extension->Queue.EncryptedAreaStart, Extension->Queue.EncryptedAreaEnd / 1024 / 1024);
while (!EncryptionSetupThreadAbortRequested)
{
if (SetupRequest.SetupMode == SetupEncryption)
{
if (offset.QuadPart + setupBlockSize > Extension->ConfiguredEncryptedAreaEnd + 1)
setupBlockSize = (ULONG) (Extension->ConfiguredEncryptedAreaEnd + 1 - offset.QuadPart);
if (offset.QuadPart > Extension->ConfiguredEncryptedAreaEnd)
break;
}
else
{
if (offset.QuadPart - setupBlockSize < Extension->Queue.EncryptedAreaStart)
setupBlockSize = (ULONG) (offset.QuadPart - Extension->Queue.EncryptedAreaStart);
offset.QuadPart -= setupBlockSize;
if (setupBlockSize == 0 || offset.QuadPart < Extension->Queue.EncryptedAreaStart)
break;
}
while (!NT_SUCCESS (EncryptedIoQueueHoldWhenIdle (&Extension->Queue, 500)))
{
if (EncryptionSetupThreadAbortRequested)
goto abort;
TransformWaitingForIdle = TRUE;
}
TransformWaitingForIdle = FALSE;
status = TCReadDevice (BootDriveFilterExtension->LowerDeviceObject, buffer, offset, setupBlockSize);
if (!NT_SUCCESS (status))
{
Dump ("TCReadDevice error %x offset=%I64d\n", status, offset.QuadPart);
SetupResult = status;
goto err;
}
dataUnit.Value = offset.QuadPart / ENCRYPTION_DATA_UNIT_SIZE;
if (SetupRequest.SetupMode == SetupEncryption)
{
EncryptDataUnits (buffer, &dataUnit, setupBlockSize / ENCRYPTION_DATA_UNIT_SIZE, Extension->Queue.CryptoInfo);
if (SetupRequest.WipeAlgorithm != TC_WIPE_NONE)
{
byte wipePass;
for (wipePass = 1; wipePass <= GetWipePassCount (SetupRequest.WipeAlgorithm); ++wipePass)
{
if (!WipeBuffer (SetupRequest.WipeAlgorithm, wipeRandChars, wipePass, wipeBuffer, setupBlockSize))
{
ULONG i;
for (i = 0; i < setupBlockSize; ++i)
{
wipeBuffer[i] = buffer[i] + wipePass;
}
EncryptDataUnits (wipeBuffer, &dataUnit, setupBlockSize / ENCRYPTION_DATA_UNIT_SIZE, Extension->Queue.CryptoInfo);
memcpy (wipeRandCharsUpdate, wipeBuffer, sizeof (wipeRandCharsUpdate));
}
status = TCWriteDevice (BootDriveFilterExtension->LowerDeviceObject, wipeBuffer, offset, setupBlockSize);
if (!NT_SUCCESS (status))
{
SetupResult = status;
goto err;
}
}
memcpy (wipeRandChars, wipeRandCharsUpdate, sizeof (wipeRandCharsUpdate));
}
}
else
{
DecryptDataUnits (buffer, &dataUnit, setupBlockSize / ENCRYPTION_DATA_UNIT_SIZE, Extension->Queue.CryptoInfo);
}
status = TCWriteDevice (BootDriveFilterExtension->LowerDeviceObject, buffer, offset, setupBlockSize);
if (!NT_SUCCESS (status))
{
Dump ("TCWriteDevice error %x\n", status);
SetupResult = status;
goto err;
}
if (SetupRequest.SetupMode == SetupEncryption)
offset.QuadPart += setupBlockSize;
Extension->Queue.EncryptedAreaEnd = offset.QuadPart - 1;
headerUpdateRequired = TRUE;
EncryptedIoQueueResumeFromHold (&Extension->Queue);
KeAcquireSpinLock (&SetupStatusSpinLock, &irql);
SetupStatusEncryptedAreaEnd = Extension->Queue.EncryptedAreaEnd;
KeReleaseSpinLock (&SetupStatusSpinLock, irql);
// Update volume header
bytesWrittenSinceHeaderUpdate += setupBlockSize;
if (bytesWrittenSinceHeaderUpdate >= TC_ENCRYPTION_SETUP_HEADER_UPDATE_THRESHOLD)
{
status = SaveDriveVolumeHeader (Extension);
if (!NT_SUCCESS (status))
{
SetupResult = status;
goto err;
}
headerUpdateRequired = FALSE;
bytesWrittenSinceHeaderUpdate = 0;
}
}
abort:
SetupResult = STATUS_SUCCESS;
err:
if (EncryptedIoQueueIsSuspended (&Extension->Queue))
EncryptedIoQueueResumeFromHold (&Extension->Queue);
if (SetupRequest.SetupMode == SetupDecryption && Extension->Queue.EncryptedAreaStart >= Extension->Queue.EncryptedAreaEnd)
{
while (!NT_SUCCESS (EncryptedIoQueueHoldWhenIdle (&Extension->Queue, 0)));
Extension->ConfiguredEncryptedAreaStart = Extension->ConfiguredEncryptedAreaEnd = -1;
Extension->Queue.EncryptedAreaStart = Extension->Queue.EncryptedAreaEnd = -1;
EncryptedIoQueueResumeFromHold (&Extension->Queue);
headerUpdateRequired = TRUE;
}
Dump ("Setup completed: EncryptedAreaStart=%I64d (%I64d) EncryptedAreaEnd=%I64d (%I64d)\n", Extension->Queue.EncryptedAreaStart / 1024 / 1024, Extension->Queue.EncryptedAreaStart, Extension->Queue.EncryptedAreaEnd / 1024 / 1024, Extension->Queue.EncryptedAreaEnd);
if (headerUpdateRequired)
{
status = SaveDriveVolumeHeader (Extension);
if (!NT_SUCCESS (status) && NT_SUCCESS (SetupResult))
SetupResult = status;
}
if (SetupRequest.SetupMode == SetupDecryption && Extension->ConfiguredEncryptedAreaEnd == -1 && Extension->DriveMounted)
{
DismountDrive (Extension);
}
ret:
if (buffer)
TCfree (buffer);
if (wipeBuffer)
TCfree (wipeBuffer);
SetupInProgress = FALSE;
PsTerminateSystemThread (SetupResult);
}
NTSTATUS StartBootEncryptionSetup (PDEVICE_OBJECT DeviceObject, PIRP irp, PIO_STACK_LOCATION irpSp)
{
NTSTATUS status;
if (!UserCanAccessDriveDevice())
return STATUS_ACCESS_DENIED;
if (SetupInProgress || !BootDriveFound || !BootDriveFilterExtension)
return STATUS_INVALID_PARAMETER;
SetupRequest = *(BootEncryptionSetupRequest *) irp->AssociatedIrp.SystemBuffer;
EncryptionSetupThreadAbortRequested = FALSE;
KeInitializeSpinLock (&SetupStatusSpinLock);
SetupStatusEncryptedAreaEnd = BootDriveFilterExtension ? BootDriveFilterExtension->Queue.EncryptedAreaEnd : -1;
SetupInProgress = TRUE;
status = TCStartThread (SetupThreadProc, DeviceObject, &EncryptionSetupThread);
if (!NT_SUCCESS (status))
SetupInProgress = FALSE;
return status;
}
void GetBootDriveVolumeProperties (PIRP irp, PIO_STACK_LOCATION irpSp)
{
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (VOLUME_PROPERTIES_STRUCT))
{
irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
irp->IoStatus.Information = 0;
}
else
{
DriveFilterExtension *Extension = BootDriveFilterExtension;
VOLUME_PROPERTIES_STRUCT *prop = (VOLUME_PROPERTIES_STRUCT *) irp->AssociatedIrp.SystemBuffer;
memset (prop, 0, sizeof (*prop));
if (!BootDriveFound || !Extension)
{
irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
irp->IoStatus.Information = 0;
}
else
{
prop->diskLength = Extension->ConfiguredEncryptedAreaEnd + 1 - Extension->ConfiguredEncryptedAreaStart;
prop->ea = Extension->Queue.CryptoInfo->ea;
prop->mode = Extension->Queue.CryptoInfo->mode;
prop->pkcs5 = Extension->Queue.CryptoInfo->pkcs5;
prop->pkcs5Iterations = Extension->Queue.CryptoInfo->noIterations;
prop->volumeCreationTime = Extension->Queue.CryptoInfo->volume_creation_time;
prop->headerCreationTime = Extension->Queue.CryptoInfo->header_creation_time;
prop->totalBytesRead = Extension->Queue.TotalBytesRead;
prop->totalBytesWritten = Extension->Queue.TotalBytesWritten;
irp->IoStatus.Information = sizeof (VOLUME_PROPERTIES_STRUCT);
irp->IoStatus.Status = STATUS_SUCCESS;
}
}
}
void GetBootEncryptionStatus (PIRP irp, PIO_STACK_LOCATION irpSp)
{
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (BootEncryptionStatus))
{
irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
irp->IoStatus.Information = 0;
}
else
{
DriveFilterExtension *Extension = BootDriveFilterExtension;
BootEncryptionStatus *bootEncStatus = (BootEncryptionStatus *) irp->AssociatedIrp.SystemBuffer;
memset (bootEncStatus, 0, sizeof (*bootEncStatus));
if (BootArgsValid)
bootEncStatus->BootLoaderVersion = BootArgs.BootLoaderVersion;
bootEncStatus->DeviceFilterActive = DeviceFilterActive;
bootEncStatus->SetupInProgress = SetupInProgress;
bootEncStatus->SetupMode = SetupRequest.SetupMode;
bootEncStatus->TransformWaitingForIdle = TransformWaitingForIdle;
if (!BootDriveFound || !Extension)
{
bootEncStatus->DriveEncrypted = FALSE;
bootEncStatus->DriveMounted = FALSE;
bootEncStatus->VolumeHeaderPresent = FALSE;
}
else
{
bootEncStatus->DriveMounted = Extension->DriveMounted;
bootEncStatus->VolumeHeaderPresent = Extension->VolumeHeaderPresent;
bootEncStatus->DriveEncrypted = Extension->Queue.EncryptedAreaStart != -1;
bootEncStatus->BootDriveLength = BootDriveLength;
bootEncStatus->ConfiguredEncryptedAreaStart = Extension->ConfiguredEncryptedAreaStart;
bootEncStatus->ConfiguredEncryptedAreaEnd = Extension->ConfiguredEncryptedAreaEnd;
bootEncStatus->EncryptedAreaStart = Extension->Queue.EncryptedAreaStart;
if (SetupInProgress)
{
KIRQL irql;
KeAcquireSpinLock (&SetupStatusSpinLock, &irql);
bootEncStatus->EncryptedAreaEnd = SetupStatusEncryptedAreaEnd;
KeReleaseSpinLock (&SetupStatusSpinLock, irql);
}
else
bootEncStatus->EncryptedAreaEnd = Extension->Queue.EncryptedAreaEnd;
bootEncStatus->VolumeHeaderSaltCrc32 = Extension->VolumeHeaderSaltCrc32;
bootEncStatus->HibernationPreventionCount = HibernationPreventionCount;
}
irp->IoStatus.Information = sizeof (BootEncryptionStatus);
irp->IoStatus.Status = STATUS_SUCCESS;
}
}
void GetBootLoaderVersion (PIRP irp, PIO_STACK_LOCATION irpSp)
{
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (uint16))
{
irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
irp->IoStatus.Information = 0;
}
else
{
if (BootArgsValid)
{
*(uint16 *) irp->AssociatedIrp.SystemBuffer = BootArgs.BootLoaderVersion;
irp->IoStatus.Information = sizeof (uint16);
irp->IoStatus.Status = STATUS_SUCCESS;
}
else
{
irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
irp->IoStatus.Information = 0;
}
}
}
void GetBootEncryptionAlgorithmName (PIRP irp, PIO_STACK_LOCATION irpSp)
{
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof (GetBootEncryptionAlgorithmNameRequest))
{
irp->IoStatus.Status = STATUS_BUFFER_TOO_SMALL;
irp->IoStatus.Information = 0;
}
else
{
if (BootDriveFilterExtension && BootDriveFilterExtension->DriveMounted)
{
GetBootEncryptionAlgorithmNameRequest *request = (GetBootEncryptionAlgorithmNameRequest *) irp->AssociatedIrp.SystemBuffer;
EAGetName (request->BootEncryptionAlgorithmName, BootDriveFilterExtension->Queue.CryptoInfo->ea);
irp->IoStatus.Information = sizeof (GetBootEncryptionAlgorithmNameRequest);
irp->IoStatus.Status = STATUS_SUCCESS;
}
else
{
irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
irp->IoStatus.Information = 0;
}
}
}
NTSTATUS GetSetupResult()
{
return SetupResult;
}
BOOL IsBootDriveMounted ()
{
return BootDriveFilterExtension && BootDriveFilterExtension->DriveMounted;
}
BOOL IsBootEncryptionSetupInProgress ()
{
return SetupInProgress;
}
NTSTATUS AbortBootEncryptionSetup ()
{
if (!IoIsSystemThread (PsGetCurrentThread()) && !UserCanAccessDriveDevice())
return STATUS_ACCESS_DENIED;
if (!SetupInProgress)
return STATUS_SUCCESS;
EncryptionSetupThreadAbortRequested = TRUE;
TCStopThread (EncryptionSetupThread, NULL);
return STATUS_SUCCESS;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -