Windows: Enable screen protection by default to block screenshots, recordings & Windows Recall. Add configurable setting in Preferences, Installer, and MSI.

This update introduces a screen protection mechanism that leverages the Windows Display Affinity API to prevent screen capture, screen recording, and inclusion in the Windows 11 Recall feature. By default, all VeraCrypt windows, menus, and tooltips are protected. Users can enable or disable this feature through a new setting available in the application Preferences, as well as in the installer and MSI configurations. This enhances user privacy by mitigating potential leaks of sensitive interface content. Note: Due to a regression in Windows 11 affecting layered windows, ComboBox dropdowns cannot currently be protected by this mechanism.
2025-12-30 02:19:44 -06:00 · 2025-05-24 15:28:39 +09:00
parent 44a9f8bcff
commit 9ea5ccc4aa
68 changed files with 691 additions and 40 deletions
--- a/src/ExpandVolume/DlgExpandVolume.cpp
+++ b/src/ExpandVolume/DlgExpandVolume.cpp
@@ -208,6 +208,9 @@ BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
 		}
 		return 0;

+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;

 	case WM_COMMAND:
 		if (lw == IDCANCEL)
@@ -477,6 +480,10 @@ BOOL CALLBACK ExpandVolProgressDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, L
 		burn (&mouseEntropyGathered, sizeof(mouseEntropyGathered));
 		burn (maskRandPool, sizeof(maskRandPool));
 		return 0;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}

 	return 0;
--- a/src/ExpandVolume/ExpandVolume.c
+++ b/src/ExpandVolume/ExpandVolume.c
@@ -1130,6 +1130,7 @@ void __cdecl volTransformThreadFunction (void *pExpandDlgParam)
 	int nStatus;
 	EXPAND_VOL_THREAD_PARAMS *pParam=(EXPAND_VOL_THREAD_PARAMS *)pExpandDlgParam;
 	HWND hwndDlg = (HWND) pParam->hwndDlg;
+	AttachProtectionToCurrentThread(NULL);

 	nStatus = ExpandVolume (hwndDlg, (wchar_t*)pParam->szVolumeName, pParam->pVolumePassword,
 		pParam->VolumePkcs5, pParam->VolumePim, pParam->newSize, pParam->bInitFreeSpace, pParam->bQuickExpand );
@@ -1141,5 +1142,7 @@ void __cdecl volTransformThreadFunction (void *pExpandDlgParam)

 	PostMessage (hwndDlg, TC_APPMSG_VOL_TRANSFORM_THREAD_ENDED, 0, nStatus);

+	DetachProtectionFromCurrentThread();
+
 	_endthread ();
 }
--- a/src/ExpandVolume/InitDataArea.c
+++ b/src/ExpandVolume/InitDataArea.c
@@ -218,6 +218,7 @@ static volatile DWORD WriteRequestResult;
 static void __cdecl FormatWriteThreadProc (void *arg)
 {
 	DWORD bytesWritten;
+	AttachProtectionToCurrentThread(NULL);

 	SetThreadPriority (GetCurrentThread(), THREAD_PRIORITY_HIGHEST);

@@ -245,6 +246,7 @@ static void __cdecl FormatWriteThreadProc (void *arg)
 	}

 	WriteThreadRunning = FALSE;
+	DetachProtectionFromCurrentThread();
 	_endthread();
 }

--- a/src/ExpandVolume/WinMain.cpp
+++ b/src/ExpandVolume/WinMain.cpp
@@ -783,6 +783,10 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
 			DragFinish (hdrop);
 		}
 		return 1;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}

 	return 0;
@@ -1066,6 +1070,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 		VeraCryptExpander::EndMainDlg (hwndDlg);
 		return 1;

+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	default:
 		;
 	}
@@ -1079,6 +1087,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpszCommandLine, int nCmdShow)
 {
 	int status;
+	ScreenCaptureBlocker blocker;
 	atexit (VeraCryptExpander::localcleanup);
 	SetProcessShutdownParameters (0x100, 0);