Windows: Add CLI switches to control memory/screen protection features. Disable non-configurable settings in portable mode

2026-06-09 22:36:59 -05:00 · 2025-06-24 15:48:01 +09:00
parent c1dbcb32e6
commit 5627e7a738
6 changed files with 263 additions and 43 deletions
@@ -885,16 +885,19 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 			enum
 			{
 				OptionEnableMemoryProtection,
+				OptionEnableScreenProtection,
 			};

 			argument args[]=
 			{
 				{ OptionEnableMemoryProtection,	L"/protectMemory",	NULL, FALSE },
+				{ OptionEnableScreenProtection,	L"/protectScreen",	NULL, FALSE },
 			};

 			argumentspec as;

 			int x;
+			wchar_t szTmp[32] = {0};

 			if (lpszCommandLineArgs[i] == NULL)
 				continue;
@@ -908,7 +911,33 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
 			{

 			case OptionEnableMemoryProtection:
-				EnableMemoryProtection = TRUE;
+				if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs,
+					&i, nNoCommandLineArgs, szTmp, ARRAYSIZE (szTmp)))
+				{
+					if ((!_wcsicmp (szTmp, L"no") || !_wcsicmp (szTmp, L"n")) && IsNonInstallMode())
+						EnableMemoryProtection = FALSE;
+					else if (!_wcsicmp (szTmp, L"yes") || !_wcsicmp (szTmp, L"y"))
+						EnableMemoryProtection = TRUE;
+					else
+						AbortProcess ("COMMAND_LINE_ERROR");
+				}
+				else
+					EnableMemoryProtection = TRUE;
+				break;
+
+			case OptionEnableScreenProtection:
+				if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs,
+					&i, nNoCommandLineArgs, szTmp, ARRAYSIZE (szTmp)))
+				{
+					if ((!_wcsicmp (szTmp, L"no") || !_wcsicmp (szTmp, L"n")) && IsNonInstallMode())
+						EnableScreenProtection = FALSE;
+					else if (!_wcsicmp (szTmp, L"yes") || !_wcsicmp (szTmp, L"y"))
+						EnableScreenProtection = TRUE;
+					else
+						AbortProcess ("COMMAND_LINE_ERROR");
+				}
+				else
+					EnableScreenProtection = TRUE;
 				break;

 			default:
@@ -966,12 +995,6 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 				RestoreDefaultKeyFilesParam ();
 			}

-			if (EnableMemoryProtection)
-			{
-				/* Protect this process memory from being accessed by non-admin users */
-				ActivateMemoryProtection ();
-			}
-
 			InitMainDialog (hwndDlg);

 			// Quit
@@ -1087,6 +1110,47 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpszCommandLine, int nCmdShow)
 {
 	int status;
+	int argc;
+	LPWSTR *argv = CommandLineToArgvW (GetCommandLineW(), &argc);
+
+	for (int i = 0; argv && i < argc; i++)
+	{
+		if (_wcsicmp (argv[i], L"/protectScreen") == 0)
+		{
+			if ((i < argc - 1) && _wcsicmp (argv[i + 1], L"no") == 0)
+			{
+				// Disabling screen protection is only allowed in portable mode
+				if (IsNonInstallMode())
+					EnableScreenProtection = FALSE;
+			}
+			else
+			{
+				EnableScreenProtection = TRUE;
+			}
+		}
+		if (_wcsicmp (argv[i], L"/protectMemory") == 0)
+		{
+			if ((i < argc - 1) && _wcsicmp (argv[i + 1], L"no") == 0)
+			{
+				// Disabling memory protection is only allowed in portable mode
+				if (IsNonInstallMode())
+					EnableMemoryProtection = FALSE;
+			}
+			else
+			{
+				EnableMemoryProtection = TRUE;
+			}
+		}
+	}
+
+	LocalFree (argv); // free memory allocated by CommandLineToArgvW
+
+	if (EnableMemoryProtection)
+	{
+		/* Protect this process memory from being accessed by non-admin users */
+		ActivateMemoryProtection ();
+	}
+
 	ScreenCaptureBlocker blocker;
 	atexit (VeraCryptExpander::localcleanup);
 	SetProcessShutdownParameters (0x100, 0);