Windows: Add an SDK for VeraCrypt Format that allows third-party application to create volumes

Author: idrassi

src/Common/BootEncryption.cpp

@@ -298,7 +298,7 @@ static BOOL IsWindowsMBR (const uint8 *buffer, size_t bufferSize)
 
 namespace VeraCrypt
 {
-#if !defined (SETUP)
+#if !defined (SETUP) && !defined (VCSDK_DLL)
 
 	class Elevator
 	{
@@ -755,6 +755,12 @@ namespace VeraCrypt
 		static void WriteEfiBootSectorUserConfig (uint8 userConfig, const string &customUserMessage, int pim, int hashAlg) { throw ParameterIncorrect (SRC_POS); }
 		static void UpdateSetupConfigFile (bool bForInstall) { throw ParameterIncorrect (SRC_POS); }
 		static void GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded) { throw ParameterIncorrect (SRC_POS); }
+		static void RegisterSystemFavoritesService(BOOL registerService) { throw ParameterIncorrect(SRC_POS); }
+		static BOOL IsPagingFileActive(BOOL checkNonWindowsPartitionsOnly) { throw ParameterIncorrect(SRC_POS); }
+		static void WriteLocalMachineRegistryDwordValue(wchar_t* keyPath, wchar_t* valueName, DWORD value) { throw ParameterIncorrect(SRC_POS); }
+		static void NotifyService(DWORD dwNotifyCmd) { throw ParameterIncorrect(SRC_POS); }
+		static void CopyFile(const wstring& sourceFile, const wstring& destinationFile) { throw ParameterIncorrect(SRC_POS); }
+		static void DeleteFile(const wstring& file) { throw ParameterIncorrect(SRC_POS); }
 	};
 
 #endif // SETUP

src/Common/Dlgcode.c

@@ -1012,7 +1012,7 @@ BOOL VerifyModuleSignature (const wchar_t* path)
 
 DWORD handleWin32Error (HWND hwndDlg, const char* srcPos)
 {
-#ifndef VC_COMREG
+#if !defined(VC_COMREG) && !defined(VCSDK_DLL)
 	PWSTR lpMsgBuf;
 	DWORD dwError = GetLastError ();	
 	wchar_t szErrorValue[32];
@@ -3675,7 +3675,7 @@ void DoPostInstallTasks (HWND hwndDlg)
 		SavePostInstallTasksSettings (TC_POST_INSTALL_CFG_REMOVE_ALL);
 }
 
-#ifndef SETUP_DLL
+#if !defined(SETUP_DLL) && !defined(VCSDK_DLL)
 // Use an idea proposed in https://medium.com/@1ndahous3/safe-code-pitfalls-dll-side-loading-winapi-and-c-73baaf48bdf5
 // it allows to set safe DLL search mode for the entire process very early on, before even the CRT is initialized and global constructors are called
 #pragma comment(linker, "/ENTRY:CustomMainCrtStartup")
@@ -3715,13 +3715,14 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
 	WNDCLASSW wc;
 	char langId[6];	
 	SetDefaultDllDirectoriesPtr SetDefaultDllDirectoriesFn = NULL;
-#if !defined(SETUP)
+#if !defined(SETUP) && !defined(VCSDK_DLL)
 	wchar_t modPath[MAX_PATH];
 #endif
 	INITCOMMONCONTROLSEX InitCtrls;
 
 	InitOSVersionInfo();
 
+#ifndef VCSDK_DLL
 	if (!IsWin10BuildAtLeast(WIN_10_1809_BUILD))
 	{
 		// abort using a message that says that VeraCrypt can run only on Windows 10 version 1809 or later
@@ -3740,6 +3741,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
 		// This can happen only if KB2533623 is missing from Windows 7
 		AbortProcessDirect(L"VeraCrypt requires KB2533623 to be installed on Windows 7 and Windows Server 2008 R2 in order to run.");
 	}
+#endif
 
 	VirtualLock (&CmdTokenPin, sizeof (CmdTokenPin));
 
@@ -3753,13 +3755,11 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
 	// Load RichEdit library in order to be able to use RichEdit20W class
 	LoadLibraryEx (L"Riched20.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
 
-#if !defined(SETUP)
+#if !defined(SETUP) && !defined(VCSDK_DLL)
 	GetModuleFileNameW (NULL, modPath, ARRAYSIZE (modPath));
 	if (!VerifyModuleSignature (modPath))
 		AbortProcessDirect (L"This distribution package is damaged. Please try downloading it again (preferably from the official VeraCrypt website at https://veracrypt.jp).");
-#endif
 
-#ifndef SETUP
 	/* enable drag-n-drop when we are running elevated */
 	AllowMessageInUIPI (WM_DROPFILES);
 	AllowMessageInUIPI (WM_COPYDATA);
@@ -3772,7 +3772,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
 	SetErrorMode (SetErrorMode (0) | SEM_FAILCRITICALERRORS | SEM_NOOPENFILEERRORBOX);
 	CoInitializeEx(NULL, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE);
 
-#ifndef SETUP
+#if !defined(SETUP) && !defined(VCSDK_DLL)
 	// Application ID
 	SetCurrentProcessExplicitAppUserModelID (TC_APPLICATION_ID);
 #endif
@@ -3781,7 +3781,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
 	langId[0] = 0;
 	SetPreferredLangId (ConfigReadString ("Language", "", langId, sizeof (langId)));
 
-#ifndef SETUP
+#if !defined(SETUP) && !defined(VCSDK_DLL)
 	if (langId[0] == 0)
 	{
 		// check if user selected a language during installation
@@ -3820,7 +3820,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
 
 	LoadLanguageFile ();
 
-#ifndef SETUP
+#if !defined(SETUP) && !defined(VCSDK_DLL)
 	// UAC elevation moniker cannot be used in portable mode.
 	// A new instance of the application must be created with elevated privileges.
 	if (IsNonInstallMode () && !IsAdmin () && IsUacSupported ())
@@ -3918,7 +3918,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
 
 	InitHelpFileName ();
 
-#ifndef SETUP
+#if !defined(SETUP) && !defined(VCSDK_DLL)
 
 	EnableRamEncryption ((ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? TRUE : FALSE);
 	if (IsRamEncryptionEnabled())
@@ -10226,7 +10226,7 @@ void CleanLastVisitedMRU (void)
 }
 
 
-#ifndef SETUP
+#if !defined(SETUP) && !defined(VCSDK_DLL)
 void ClearHistory (HWND hwndDlgItem)
 {
 	ArrowWaitCursor ();
@@ -12582,7 +12582,7 @@ extern "C" BOOL IsThreadInSecureDesktop(DWORD dwThreadID)
 	return bRet;
 }
 
-
+#ifndef VCSDK_DLL
 BOOL InitSecurityTokenLibrary (HWND hwndDlg)
 {
 	if (SecurityTokenLibraryPath[0] == 0)
@@ -12648,7 +12648,7 @@ BOOL InitSecurityTokenLibrary (HWND hwndDlg)
 
 	return TRUE;
 }
-
+#endif
 std::vector <HostDevice> GetAvailableHostDevices (bool noDeviceProperties, bool singleList, bool noFloppy, bool detectUnencryptedFilesystems)
 {
 	vector <HostDevice> devices;
@@ -15032,7 +15032,7 @@ void SafeOpenURL (LPCWSTR szUrl)
 	}
 }
 
-#if !defined(SETUP)
+#if !defined(SETUP) && !defined(VCSDK_DLL)
 
 #define RtlGenRandom SystemFunction036
 extern "C" BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
@@ -16179,7 +16179,7 @@ BOOL ModifyFileSecurityPermissions(const wchar_t* filePath, PSECURITY_INFO_BACKU
 }
 #endif
 
-#if !defined(SETUP) && !defined(VC_COMREG)
+#if !defined(SETUP) && !defined(VC_COMREG) && !defined(VCSDK_DLL)
 
 /*
 * Screen Protection Functions
@@ -16404,4 +16404,37 @@ BOOL AttachProtectionToCurrentThread(HWND hwnd)
 void DetachProtectionFromCurrentThread()
 {
 }
-#endif
+#endif
+
+// This function moves the file pointer to the given offset. It first retrieves the current
+// file position using SetFilePointerEx() with FILE_CURRENT as the reference point, and then
+// calculates the difference between the current position and the desired position. Subsequently,
+// it moves the file pointer by the difference calculated using SetFilePointerEx() again.
+//
+// This approach of moving the file pointer relatively (instead of absolutely) was implemented 
+// as a workaround to address the performance issues related to in-place encryption. When using
+// SetFilePointerEx() with FILE_BEGIN as the reference point, reaching the end of large drives 
+// during in-place encryption can cause significant slowdowns. By moving the file pointer
+// relatively, these performance issues are mitigated.
+//
+// We fall back to absolute positioning if the relative positioning fails.
+BOOL MoveFilePointer(HANDLE dev, LARGE_INTEGER offset)
+{
+	LARGE_INTEGER currOffset;
+	LARGE_INTEGER diffOffset;
+
+	currOffset.QuadPart = 0;
+	if (SetFilePointerEx(dev, currOffset, &currOffset, FILE_CURRENT))
+	{
+		diffOffset.QuadPart = offset.QuadPart - currOffset.QuadPart;
+		if (diffOffset.QuadPart == 0)
+			return TRUE;
+
+		// Moves the file pointer by the difference between current and desired positions
+		if (SetFilePointerEx(dev, diffOffset, NULL, FILE_CURRENT))
+			return TRUE;
+	}
+
+	// An error occurred, fallback to absolute positioning
+	return SetFilePointerEx(dev, offset, NULL, FILE_BEGIN);
+}

src/Common/Dlgcode.h

@@ -600,12 +600,13 @@ BitLockerEncryptionStatus GetBitLockerEncryptionStatus(WCHAR driveLetter);
 BOOL IsTestSigningModeEnabled ();
 DWORD SendServiceNotification (DWORD dwNotificationCmd);
 DWORD FastResizeFile (const wchar_t* filePath, __int64 fileSize);
-#if !defined(SETUP)
+#if !defined(SETUP) && !defined(VCSDK_DLL)
 void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);
 #endif
 BOOL IsInternetConnected();
 BOOL AttachProtectionToCurrentThread(HWND hwnd);
 void DetachProtectionFromCurrentThread();
+BOOL MoveFilePointer(HANDLE dev, LARGE_INTEGER offset);
 
 #if defined(SETUP) && !defined (PORTABLE)
 typedef struct _SECURITY_INFO_BACKUP {

src/Common/Fat.c

@@ -24,6 +24,7 @@
 #include "Progress.h"
 #include "Random.h"
 #include "Volumes.h"
+#include "Dlgcode.h"
 
 void
 GetFatParams (fatparams * ft)
@@ -255,7 +256,7 @@ static void PutFSInfo (unsigned char *sector, fatparams *ft)
 
 
 int
-FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void * dev, PCRYPTO_INFO cryptoInfo, BOOL quickFormat, BOOL bDevice)
+FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void * dev, PCRYPTO_INFO cryptoInfo, volatile void *volParamsArg)
 {
 	int write_buf_cnt = 0;
 	char sector[TC_MAX_VOLUME_SECTOR_SIZE], *write_buf;
@@ -267,6 +268,9 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
 	int retVal;
 	CRYPTOPP_ALIGN_DATA(16) char temporaryKey[MASTER_KEYDATA_SIZE];
 	HWND hwndDlg = (HWND) hwndDlgPtr;
+	volatile FORMAT_VOL_PARAMETERS* volParams = (volatile FORMAT_VOL_PARAMETERS*)volParamsArg;
+	BOOL quickFormat = volParams->quickFormat;
+	BOOL bDevice = volParams->bDevice;
 
 	LARGE_INTEGER startOffset;
 	LARGE_INTEGER newOffset;
@@ -292,7 +296,7 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
 
 	PutBoot (ft, (unsigned char *) sector);
 	if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, startSector,
-		cryptoInfo) == FALSE)
+		cryptoInfo, volParams) == FALSE)
 		goto fail;
 
 	/* fat32 boot area */
@@ -301,7 +305,7 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
 		/* fsinfo */
 		PutFSInfo((unsigned char *) sector, ft);
 		if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, startSector,
-			cryptoInfo) == FALSE)
+			cryptoInfo, volParams) == FALSE)
 			goto fail;
 
 		/* reserved */
@@ -311,20 +315,20 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
 			sector[508+3]=0xaa; /* TrailSig */
 			sector[508+2]=0x55;
 			if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, startSector,
-				cryptoInfo) == FALSE)
+				cryptoInfo, volParams) == FALSE)
 				goto fail;
 		}
 
 		/* bootsector backup */
 		memset (sector, 0, ft->sector_size);
 		PutBoot (ft, (unsigned char *) sector);
 		if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, startSector,
-				 cryptoInfo) == FALSE)
+				 cryptoInfo, volParams) == FALSE)
 			goto fail;
 
 		PutFSInfo((unsigned char *) sector, ft);
 		if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, startSector,
-			cryptoInfo) == FALSE)
+			cryptoInfo, volParams) == FALSE)
 			goto fail;
 	}
 
@@ -333,7 +337,7 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
 	{
 		memset (sector, 0, ft->sector_size);
 		if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, startSector,
-			cryptoInfo) == FALSE)
+			cryptoInfo, volParams) == FALSE)
 			goto fail;
 	}
 
@@ -377,7 +381,7 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
 			}
 
 			if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, startSector,
-				    cryptoInfo) == FALSE)
+				    cryptoInfo, volParams) == FALSE)
 				goto fail;
 		}
 	}
@@ -388,7 +392,7 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
 	{
 		memset (sector, 0, ft->sector_size);
 		if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, startSector,
-				 cryptoInfo) == FALSE)
+				 cryptoInfo, volParams) == FALSE)
 			goto fail;
 
 	}
@@ -452,10 +456,19 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
 		while (x--)
 		{
 			if (WriteSector (dev, sector, write_buf, &write_buf_cnt, &nSecNo, startSector,
-				cryptoInfo) == FALSE)
+				cryptoInfo, volParams) == FALSE)
 				goto fail;
 		}
-		UpdateProgressBar ((nSecNo - startSector) * ft->sector_size);
+
+		if (volParams->progress_callback)
+		{
+			// Call the progress callback function if it is set
+			volParams->progress_callback ((nSecNo - startSector) * ft->sector_size, volParams->progress_callback_user_data);
+		}
+		else
+		{
+			UpdateProgressBar ((nSecNo - startSector) * ft->sector_size);
+		}
 
 		if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
 		{
@@ -498,16 +511,44 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
 			nSecNo++;
 			num_sectors -= nSkipSectors;
 
-			if (UpdateProgressBar ((nSecNo - startSector)* ft->sector_size))
-				goto fail;
+			if (volParams->progress_callback)
+			{
+				// Call the progress callback function if it is set
+				if (!volParams->progress_callback ((nSecNo - startSector) * ft->sector_size, volParams->progress_callback_user_data))
+				{
+					goto fail;
+				}
+			}
+			else
+			{
+				if (UpdateProgressBar ((nSecNo - startSector)* ft->sector_size))
+					goto fail;
+		   }
+			
 		}
 
 		nSecNo += num_sectors;
-		UpdateProgressBar ((nSecNo - startSector)* ft->sector_size);
+		if (volParams->progress_callback)
+	 	{
+			// Call the progress callback function if it is set
+			volParams->progress_callback ((nSecNo - startSector) * ft->sector_size, volParams->progress_callback_user_data);
+		}
+		else
+		{
+			UpdateProgressBar ((nSecNo - startSector)* ft->sector_size);
+		}
 	}
 	else
 	{
-		UpdateProgressBar ((uint64) ft->num_sectors * ft->sector_size);
+		if (volParams->progress_callback)
+		{
+			// Call the progress callback function if it is set
+			volParams->progress_callback ((uint64) ft->num_sectors * ft->sector_size, volParams->progress_callback_user_data);
+		}
+		else
+		{
+			UpdateProgressBar ((uint64) ft->num_sectors * ft->sector_size);
+		}
 
 		if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
 			goto fail;

src/Common/Fat.h

@@ -66,4 +66,4 @@ struct msdos_boot_sector
 
 void GetFatParams ( fatparams *ft );
 void PutBoot ( fatparams *ft , unsigned char *boot );
-int FormatFat (void* hwndDlg, unsigned __int64 startSector, fatparams * ft, void * dev, PCRYPTO_INFO cryptoInfo, BOOL quickFormat, BOOL bDevice);
+int FormatFat (void* hwndDlg, unsigned __int64 startSector, fatparams * ft, void * dev, PCRYPTO_INFO cryptoInfo, volatile void *);