Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows Driver Security: Use enhanced protection of NX pool under Windows 8 and later.

Browse Source
This commit is contained in:
Mounir IDRASSI
2017-06-10 18:43:15 +02:00
parent c7cd89a24a
commit 458bb091bb
4 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Common/Tcdefs.h
View File

@@ -235,7 +235,15 @@ void ThrowFatalException(int line);
#include <ntddk.h> /* Standard header file for nt drivers */ #include <ntddk.h> /* Standard header file for nt drivers */
#include <ntdddisk.h> /* Standard I/O control codes */ #include <ntdddisk.h> /* Standard I/O control codes */
#define TCalloc(size) ((void *) ExAllocatePoolWithTag( NonPagedPool, size, 'MMCV' )) /* defines needed for using enhanced protection of NX pool under Windows 8 and later */
#define NonPagedPoolNx 512
#define MdlMappingNoExecute 0x40000000
/* variables used in the implementation of enhanced protection of NX pool under Windows 8 and later */
extern POOL_TYPE ExDefaultNonPagedPoolType;
extern ULONG ExDefaultMdlProtection;
#define TCalloc(size) ((void *) ExAllocatePoolWithTag( ExDefaultNonPagedPoolType, size, 'MMCV' ))
#define TCfree(memblock) ExFreePoolWithTag( memblock, 'MMCV' ) #define TCfree(memblock) ExFreePoolWithTag( memblock, 'MMCV' )
#define DEVICE_DRIVER #define DEVICE_DRIVER

2
src/Driver/DumpFilter.c
View File

@@ -189,7 +189,7 @@ static NTSTATUS DumpFilterWrite (PFILTER_EXTENSION filterExtension, PLARGE_INTEG
if ((offset & (ENCRYPTION_DATA_UNIT_SIZE - 1)) != 0) if ((offset & (ENCRYPTION_DATA_UNIT_SIZE - 1)) != 0)
TC_BUG_CHECK (STATUS_INVALID_PARAMETER); TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
writeBuffer = MmGetSystemAddressForMdlSafe (writeMdl, HighPagePriority); writeBuffer = MmGetSystemAddressForMdlSafe (writeMdl, (HighPagePriority | ExDefaultMdlProtection));
if (!writeBuffer) if (!writeBuffer)
TC_BUG_CHECK (STATUS_INSUFFICIENT_RESOURCES); TC_BUG_CHECK (STATUS_INSUFFICIENT_RESOURCES);

4
src/Driver/EncryptedIoQueue.c
View File

@@ -638,7 +638,7 @@ static VOID MainThreadProc (PVOID threadArg)
{ {
UINT64_STRUCT dataUnit; UINT64_STRUCT dataUnit;
dataBuffer = (PUCHAR) MmGetSystemAddressForMdlSafe (irp->MdlAddress, HighPagePriority); dataBuffer = (PUCHAR) MmGetSystemAddressForMdlSafe (irp->MdlAddress, (HighPagePriority | ExDefaultMdlProtection));
if (!dataBuffer) if (!dataBuffer)
{ {
TCfree (buffer); TCfree (buffer);
@@ -758,7 +758,7 @@ static VOID MainThreadProc (PVOID threadArg)
continue; continue;
} }
dataBuffer = (PUCHAR) MmGetSystemAddressForMdlSafe (irp->MdlAddress, HighPagePriority); dataBuffer = (PUCHAR) MmGetSystemAddressForMdlSafe (irp->MdlAddress, (HighPagePriority | ExDefaultMdlProtection));
if (dataBuffer == NULL) if (dataBuffer == NULL)
{ {

10
src/Driver/Ntdriver.c
View File

@@ -92,6 +92,9 @@ static BOOL SystemFavoriteVolumeDirty = FALSE;
static BOOL PagingFileCreationPrevented = FALSE; static BOOL PagingFileCreationPrevented = FALSE;
static BOOL EnableExtendedIoctlSupport = FALSE; static BOOL EnableExtendedIoctlSupport = FALSE;
POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
ULONG ExDefaultMdlProtection = 0;
PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1]; PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1];
@@ -109,6 +112,13 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
Dump ("OsMajorVersion=%d OsMinorVersion=%d\n", OsMajorVersion, OsMinorVersion); Dump ("OsMajorVersion=%d OsMinorVersion=%d\n", OsMajorVersion, OsMinorVersion);
// NX pool support is available starting from Windows 8
if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2))
{
ExDefaultNonPagedPoolType = (POOL_TYPE) NonPagedPoolNx;
ExDefaultMdlProtection = MdlMappingNoExecute;
}
// Load dump filter if the main driver is already loaded // Load dump filter if the main driver is already loaded
if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version)))) if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version))))
return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath); return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath);