Windows: Remove support for 32-bit driver code. Set build target as Windows 10. Simplify code and fix all warnings in driver.

2025-11-11 02:58:02 -06:00 · 2024-11-13 02:08:51 +01:00
parent ec4b44c238
commit cb97351250
31 changed files with 513 additions and 778 deletions
--- a/src/Boot/Windows/BootCommon.h
+++ b/src/Boot/Windows/BootCommon.h
@@ -58,7 +58,7 @@ typedef struct
 	uint16 CryptoInfoOffset;
 	uint16 CryptoInfoLength;
 	uint32 HeaderSaltCrc32;
-	PasswordLegacy BootPassword;
+	__declspec(align(8)) PasswordLegacy BootPassword;
 	uint64 HiddenSystemPartitionStart;
 	uint64 DecoySystemPartitionStart;
 	uint32 Flags;
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -4382,14 +4382,14 @@ namespace VeraCrypt
 		if (!IsRandomNumberGeneratorStarted())
 			throw ParameterIncorrect (SRC_POS);
-		throw_sys_if (CreateVolumeHeaderInMemory (ParentWindow, TRUE, (char *) VolumeHeader, ea, mode, password, pkcs5, pim, NULL, &cryptoInfo,
+		throw_sys_if (CreateVolumeHeaderInMemory (ParentWindow, TRUE, VolumeHeader, ea, mode, password, pkcs5, pim, NULL, &cryptoInfo,
 			volumeSize, 0, encryptedAreaStart, 0, TC_SYSENC_KEYSCOPE_MIN_REQ_PROG_VERSION, TC_HEADER_FLAG_ENCRYPTED_SYSTEM, TC_SECTOR_SIZE_BIOS, FALSE) != 0);
 		finally_do_arg (PCRYPTO_INFO*, &cryptoInfo, { crypto_close (*finally_arg); });
 		// Initial rescue disk assumes encryption of the drive has been completed (EncryptedAreaLength == volumeSize)
 		memcpy (RescueVolumeHeader, VolumeHeader, sizeof (RescueVolumeHeader));
-		if (0 != ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, pim, NULL, cryptoInfo))
+		if (0 != ReadVolumeHeader (TRUE, RescueVolumeHeader, password, pkcs5, pim, NULL, cryptoInfo))
 			throw ParameterIncorrect (SRC_POS);
 		DecryptBuffer (RescueVolumeHeader + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);
@@ -5391,7 +5391,7 @@ namespace VeraCrypt
 		SystemDriveConfiguration config = GetSystemDriveConfiguration ();
-		char header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE];
+		unsigned char header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE];
 		Device device (config.DevicePath);
 		device.CheckOpened (SRC_POS);
@@ -5421,7 +5421,7 @@ namespace VeraCrypt
 		}
 		device.SeekAt (headerOffset);
-		device.Read ((uint8 *) header, sizeof (header));
+		device.Read (header, sizeof (header));
 		PCRYPTO_INFO cryptoInfo = NULL;
--- a/src/Common/Cache.c
+++ b/src/Common/Cache.c
@@ -43,7 +43,7 @@ void VcUnprotectPassword (Password* pPassword, uint64 encID)
 #endif
-int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo)
+int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo)
 {
 	int nReturnCode = ERR_PASSWORD_WRONG;
 	int i, effectivePim;
--- a/src/Common/Cache.h
+++ b/src/Common/Cache.h
@@ -22,5 +22,5 @@ extern int cacheEmpty;
 void AddPasswordToCache (Password *password, int pim, BOOL bCachePim);
 void AddLegacyPasswordToCache (PasswordLegacy *password, int pim);
-int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim,char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo);
+int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo);
 void WipeCache (void);
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -659,8 +659,8 @@ int EAGetNextMode (int ea, int previousModeId)
 	return 0;
 }
-// Returns the name of the mode of operation of the whole EA
+// Returns the name of the mode of operation
-wchar_t *EAGetModeName (int ea, int mode, BOOL capitalLetters)
+const wchar_t *EAGetModeName (int mode)
 {
 	switch (mode)
 	{
@@ -669,7 +669,7 @@ wchar_t *EAGetModeName (int ea, int mode, BOOL capitalLetters)
 		return L"XTS";
 	}
-	return L"[unknown]";
+	return L"[UNKNOWN]";
 }
 #endif // TC_WINDOWS_BOOT
@@ -891,7 +891,7 @@ PCRYPTO_INFO crypto_open ()
 }
 #ifndef TC_WINDOWS_BOOT
-void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen)
+void crypto_loadkey (PKEY_INFO keyInfo, unsigned char *lpszUserKey, int nUserKeyLen)
 {
 	keyInfo->keyLength = nUserKeyLen;
 	burn (keyInfo->userKey, sizeof (keyInfo->userKey));
@@ -1239,9 +1239,11 @@ static BOOL RamEncryptionEnabled = FALSE;
 BOOL IsCpuRngSupported ()
 {
 #ifndef _M_ARM64
 	if (HasRDSEED() || HasRDRAND())
 		return TRUE;
 	else
 #endif
 		return FALSE;
 }
@@ -1313,7 +1315,7 @@ uint8 GetRandomIndex (ChaCha20RngCtx* pCtx, uint8 elementsCount)
 	return index;
 }
-#if defined(_WIN64) && !defined (_UEFI)
+#if !defined (_UEFI)
 /* declaration of variables and functions used for RAM encryption on 64-bit build */
 static uint8* pbKeyDerivationArea = NULL;
 static ULONG cbKeyDerivationArea = 0;
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -228,9 +228,9 @@ typedef struct keyInfo_t
 	int noIterations;					/* Number of times to iterate (PKCS-5) */
 	int keyLength;						/* Length of the key */
 	uint64 dummy;						/* Dummy field to ensure 16-byte alignment of this structure */
-	__int8 salt[PKCS5_SALT_SIZE];		/* PKCS-5 salt */
+	unsigned __int8 salt[PKCS5_SALT_SIZE];		/* PKCS-5 salt */
-	CRYPTOPP_ALIGN_DATA(16) __int8 master_keydata[MASTER_KEYDATA_SIZE];		/* Concatenated master primary and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
+	CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE];		/* Concatenated master primary and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
-	CRYPTOPP_ALIGN_DATA(16) __int8 userKey[MAX_PASSWORD];		/* Password (to which keyfiles may have been applied). WITHOUT +1 for the null terminator. */
+	CRYPTOPP_ALIGN_DATA(16) unsigned __int8 userKey[MAX_PASSWORD];		/* Password (to which keyfiles may have been applied). WITHOUT +1 for the null terminator. */
 } KEY_INFO, *PKEY_INFO;
 #endif
@@ -309,7 +309,7 @@ typedef struct BOOT_CRYPTO_HEADER_t
 PCRYPTO_INFO crypto_open (void);
 #ifndef TC_WINDOWS_BOOT
-void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen);
+void crypto_loadkey (PKEY_INFO keyInfo, unsigned char *lpszUserKey, int nUserKeyLen);
 void crypto_eraseKeys (PCRYPTO_INFO cryptoInfo);
 #endif
 void crypto_close (PCRYPTO_INFO cryptoInfo);
@@ -348,7 +348,7 @@ int EAGetKeySize (int ea);
 int EAGetFirstMode (int ea);
 int EAGetNextMode (int ea, int previousModeId);
 #ifndef TC_WINDOWS_BOOT
-wchar_t * EAGetModeName (int ea, int mode, BOOL capitalLetters);
+const wchar_t * EAGetModeName (int mode);
 #endif
 int EAGetKeyScheduleSize (int ea);
 int EAGetLargestKey ();
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -859,11 +859,6 @@ BOOL VerifyModuleSignature (const wchar_t* path)
 	WINTRUST_DATA      WVTData = {0};
 	wchar_t filePath [TC_MAX_PATH + 1024];
    // we check our own authenticode signature only starting from Windows 10 since this is
 	// the minimal supported OS apart from XP where we can't verify SHA256 signatures
 	if (!IsOSAtLeast (WIN_10))
 		return TRUE;
 	// Strip quotation marks (if any)
 	if (path [0] == L'"')
 	{
@@ -3603,10 +3598,10 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
 	InitOSVersionInfo();
-	if (!IsOSAtLeast (WIN_7))
+	if (!IsOSAtLeast (WIN_10))
 	{
-		// abort using a message that says that VeraCrypt can run only on Windows 7 and later and that it is officially supported only on Windows 10 and later
+		// abort using a message that says that VeraCrypt can run only on Windows 10 and later
-		AbortProcessDirect(L"VeraCrypt requires at least Windows 7 to run.");
+		AbortProcessDirect(L"VeraCrypt requires at least Windows 10 to run.");
 	}
 	SetDefaultDllDirectoriesFn = (SetDefaultDllDirectoriesPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDefaultDllDirectories");
@@ -6266,7 +6261,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
 	*/
 	{
 		int thid, i;
-		char dk[MASTER_KEYDATA_SIZE];
+		unsigned char dk[MASTER_KEYDATA_SIZE];
 		char *tmp_salt = {"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF\x01\x23\x45\x67\x89\xAB\xCD\xEF\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF\x01\x23\x45\x67\x89\xAB\xCD\xEF\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"};
 		for (thid = FIRST_PRF_ID; thid <= LAST_PRF_ID; thid++) 
@@ -6284,27 +6279,27 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
 				case SHA512:
 					/* PKCS-5 test with HMAC-SHA-512 used as the PRF */
-					derive_key_sha512 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
+					derive_key_sha512 ((unsigned char*) "passphrase-1234567890", 21, (unsigned char*) tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
 					break;
 				case SHA256:
 					/* PKCS-5 test with HMAC-SHA-256 used as the PRF */
-					derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
+					derive_key_sha256 ((unsigned char*)"passphrase-1234567890", 21, (unsigned char*) tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
 					break;
                          #ifndef WOLFCRYPT_BACKEND
 				case BLAKE2S:
 					/* PKCS-5 test with HMAC-BLAKE2s used as the PRF */
-					derive_key_blake2s ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
+					derive_key_blake2s ((unsigned char*)"passphrase-1234567890", 21, (unsigned char*) tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
 					break;
 				case WHIRLPOOL:
 					/* PKCS-5 test with HMAC-Whirlpool used as the PRF */
-					derive_key_whirlpool ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
+					derive_key_whirlpool ((unsigned char*)"passphrase-1234567890", 21, (unsigned char*) tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
 					break;
 				case STREEBOG:
 					/* PKCS-5 test with HMAC-STREEBOG used as the PRF */
-					derive_key_streebog("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
+					derive_key_streebog((unsigned char*)"passphrase-1234567890", 21, (unsigned char*) tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
 					break;
 				}
 	                   #endif	
@@ -7639,7 +7634,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
 				else
 				{
-					CipherInit2(idTestCipher, key, ks_tmp, ks);
+					CipherInit2(idTestCipher, key, ks_tmp);
 					if (bEncrypt)
 					{
@@ -11480,7 +11475,7 @@ int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password
 	int volumeType;
 	wchar_t szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
 	wchar_t szDosDevice[TC_MAX_PATH];
-	char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
+	unsigned char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
 	LARGE_INTEGER headerOffset;
 	DWORD dwResult;
 	DISK_GEOMETRY_EX deviceGeometry;
@@ -11694,7 +11689,7 @@ void CloseVolume (OpenVolumeContext *context)
 }
-int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, int pim, BOOL wipeMode)
+int ReEncryptVolumeHeader (HWND hwndDlg, unsigned char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, int pim, BOOL wipeMode)
 {
 	CRYPTO_INFO *newCryptoInfo = NULL;
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -540,7 +540,7 @@ BOOL GetSysDevicePaths (HWND hwndDlg);
 BOOL DoDriverInstall (HWND hwndDlg);
 int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password *password, int pkcs5_prf, int pim, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader);
 void CloseVolume (OpenVolumeContext *context);
-int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, int pim, BOOL wipeMode);
+int ReEncryptVolumeHeader (HWND hwndDlg, unsigned char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, int pim, BOOL wipeMode);
 BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly);
 BOOL IsPagingFileWildcardActive ();
 BOOL DisablePagingFile ();
--- a/src/Common/EncryptionThreadPool.c
+++ b/src/Common/EncryptionThreadPool.c
@@ -98,14 +98,14 @@ typedef struct EncryptionThreadPoolWorkItemStruct
 		{
 			TC_EVENT *CompletionEvent;
 			LONG *CompletionFlag;
-			char *DerivedKey;
+			unsigned char *DerivedKey;
 			int IterationCount;
 			TC_EVENT *NoOutstandingWorkItemEvent;
 			LONG *OutstandingWorkItemCount;
-			char *Password;
+			unsigned char *Password;
 			int PasswordLength;
 			int Pkcs5Prf;
-			char *Salt;
+			unsigned char *Salt;
 		} KeyDerivation;
@@ -533,7 +533,7 @@ void EncryptionThreadPoolStop ()
 }
-void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, char *password, int passwordLength, char *salt, int iterationCount, char *derivedKey)
+void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, unsigned char *password, int passwordLength, unsigned char *salt, int iterationCount, unsigned char *derivedKey)
 {
 	EncryptionThreadPoolWorkItem *workItem;
--- a/src/Common/EncryptionThreadPool.h
+++ b/src/Common/EncryptionThreadPool.h
@@ -32,7 +32,7 @@ typedef enum
 size_t GetCpuCount (WORD* pGroupCount);
 #endif
-void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, char *password, int passwordLength, char *salt, int iterationCount, char *derivedKey);
+void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, unsigned char *password, int passwordLength, unsigned char *salt, int iterationCount, unsigned char *derivedKey);
 void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyInfoBuffer, int keyInfoBufferSize, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize);
 void EncryptionThreadPoolDoWork (EncryptionThreadPoolWorkType type, uint8 *data, const UINT64_STRUCT *startUnitNo, uint32 unitCount, PCRYPTO_INFO cryptoInfo);
 BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount);
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -84,7 +84,7 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
 	PCRYPTO_INFO cryptoInfo = NULL;
 	HANDLE dev = INVALID_HANDLE_VALUE;
 	DWORD dwError;
-	char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
+	unsigned char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
 	unsigned __int64 num_sectors, startSector;
 	fatparams ft;
 	FILETIME ftCreationTime;
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -173,7 +173,7 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
 	int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
 	wchar_t szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
 	wchar_t szDosDevice[TC_MAX_PATH];
-	char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
+	unsigned char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
 	PCRYPTO_INFO cryptoInfo = NULL, ci = NULL;
 	void *dev = INVALID_HANDLE_VALUE;
 	DWORD dwError;
--- a/src/Common/Pkcs5.c
+++ b/src/Common/Pkcs5.c
@@ -43,13 +43,13 @@ typedef struct hmac_sha256_ctx_struct
 	sha256_ctx ctx;
 	sha256_ctx inner_digest_ctx; /*pre-computed inner digest context */
 	sha256_ctx outer_digest_ctx; /*pre-computed outer digest context */
-	char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the SHA256 hash */
+	unsigned char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the SHA256 hash */
-	char u[SHA256_DIGESTSIZE];
+	unsigned char u[SHA256_DIGESTSIZE];
 } hmac_sha256_ctx;
 void hmac_sha256_internal
 (
-	  char *d,		/* input data. d pointer is guaranteed to be at least 32-bytes long */
+	unsigned char *d,		/* input data. d pointer is guaranteed to be at least 32-bytes long */
 	  int ld,		/* length of input data in bytes */
 	  hmac_sha256_ctx* hmac /* HMAC-SHA256 context which holds temporary variables */
 )
@@ -60,44 +60,38 @@ void hmac_sha256_internal
 	memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (sha256_ctx));
-	sha256_hash ((unsigned char *) d, ld, ctx);
+	sha256_hash (d, ld, ctx);
-	sha256_end ((unsigned char *) d, ctx); /* d = inner digest */
+	sha256_end (d, ctx); /* d = inner digest */
 	/**** Restore Precomputed Outer Digest Context ****/
 	memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (sha256_ctx));
-	sha256_hash ((unsigned char *) d, SHA256_DIGESTSIZE, ctx);
+	sha256_hash (d, SHA256_DIGESTSIZE, ctx);
-	sha256_end ((unsigned char *) d, ctx); /* d = outer digest */
+	sha256_end (d, ctx); /* d = outer digest */
 }
 #ifndef TC_WINDOWS_BOOT
 void hmac_sha256
 (
-	char *k,    /* secret key */
+	unsigned char *k,    /* secret key */
 	int lk,    /* length of the key in bytes */
-	char *d,    /* data */
+	unsigned char *d,    /* data */
 	int ld    /* length of data in bytes */
 )
 {
 	hmac_sha256_ctx hmac;
 	sha256_ctx* ctx;
-	char* buf = hmac.k;
+	unsigned char* buf = hmac.k;
 	int b;
-	char key[SHA256_DIGESTSIZE];
+	unsigned char key[SHA256_DIGESTSIZE];
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 #ifdef _WIN64
 	XSTATE_SAVE SaveState;
 	if (IsCpuIntel() && HasSAVX())
 		saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
 #else
 	KFLOATING_SAVE floatingPointState;	
 	if (HasSSE2())
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
 #endif
    /* If the key is longer than the hash algorithm block size,
 	   let key = sha256(key), as per HMAC specifications. */
@@ -106,8 +100,8 @@ void hmac_sha256
 		sha256_ctx tctx;
 		sha256_begin (&tctx);
-		sha256_hash ((unsigned char *) k, lk, &tctx);
+		sha256_hash (k, lk, &tctx);
-		sha256_end ((unsigned char *) key, &tctx);
+		sha256_end (key, &tctx);
 		k = key;
 		lk = SHA256_DIGESTSIZE;
@@ -122,10 +116,10 @@ void hmac_sha256
 	/* Pad the key for inner digest */
 	for (b = 0; b < lk; ++b)
-		buf[b] = (char) (k[b] ^ 0x36);
+		buf[b] = (unsigned char) (k[b] ^ 0x36);
 	memset (&buf[lk], 0x36, SHA256_BLOCKSIZE - lk);
-	sha256_hash ((unsigned char *) buf, SHA256_BLOCKSIZE, ctx);
+	sha256_hash (buf, SHA256_BLOCKSIZE, ctx);
 	/**** Precompute HMAC Outer Digest ****/
@@ -133,20 +127,16 @@ void hmac_sha256
 	sha256_begin (ctx);
 	for (b = 0; b < lk; ++b)
-		buf[b] = (char) (k[b] ^ 0x5C);
+		buf[b] = (unsigned char) (k[b] ^ 0x5C);
 	memset (&buf[lk], 0x5C, SHA256_BLOCKSIZE - lk);
-	sha256_hash ((unsigned char *) buf, SHA256_BLOCKSIZE, ctx);
+	sha256_hash (buf, SHA256_BLOCKSIZE, ctx);
 	hmac_sha256_internal(d, ld, &hmac);
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	if (NT_SUCCESS (saveStatus))
 #ifdef _WIN64
 		KeRestoreExtendedProcessorStateVC(&SaveState);
 #else
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 #endif
 	/* Prevent leaks */
@@ -155,10 +145,10 @@ void hmac_sha256
 }
 #endif
-static void derive_u_sha256 (char *salt, int salt_len, uint32 iterations, int b, hmac_sha256_ctx* hmac)
+static void derive_u_sha256 (unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_sha256_ctx* hmac)
 {
-	char* k = hmac->k;
+	unsigned char* k = hmac->k;
-	char* u = hmac->u;
+	unsigned char* u = hmac->u;
 	uint32 c;
 	int i;	
@@ -184,7 +174,7 @@ static void derive_u_sha256 (char *salt, int salt_len, uint32 iterations, int b,
 #ifdef TC_WINDOWS_BOOT
    /* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256 */
 	memset (&k[salt_len], 0, 3);
-	k[salt_len + 3] = (char) b;
+	k[salt_len + 3] = (unsigned char) b;
 #else
    b = bswap_32 (b);
    memcpy (&k[salt_len], &b, 4);
@@ -206,25 +196,19 @@ static void derive_u_sha256 (char *salt, int salt_len, uint32 iterations, int b,
 }
-void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
+void derive_key_sha256 (unsigned char *pwd, int pwd_len, unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen)
 {	
 	hmac_sha256_ctx hmac;
 	sha256_ctx* ctx;
-	char* buf = hmac.k;
+	unsigned char* buf = hmac.k;
 	int b, l, r;
 #ifndef TC_WINDOWS_BOOT
-	char key[SHA256_DIGESTSIZE];
+	unsigned char key[SHA256_DIGESTSIZE];
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 #ifdef _WIN64
 	XSTATE_SAVE SaveState;
 	if (IsCpuIntel() && HasSAVX())
 		saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
 #else
 	KFLOATING_SAVE floatingPointState;	
 	if (HasSSE2())
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
 #endif
    /* If the password is longer than the hash algorithm block size,
 	   let pwd = sha256(pwd), as per HMAC specifications. */
@@ -233,8 +217,8 @@ void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
 		sha256_ctx tctx;
 		sha256_begin (&tctx);
-		sha256_hash ((unsigned char *) pwd, pwd_len, &tctx);
+		sha256_hash (pwd, pwd_len, &tctx);
-		sha256_end ((unsigned char *) key, &tctx);
+		sha256_end (key, &tctx);
 		pwd = key;
 		pwd_len = SHA256_DIGESTSIZE;
@@ -261,10 +245,10 @@ void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
 	/* Pad the key for inner digest */
 	for (b = 0; b < pwd_len; ++b)
-		buf[b] = (char) (pwd[b] ^ 0x36);
+		buf[b] = (unsigned char) (pwd[b] ^ 0x36);
 	memset (&buf[pwd_len], 0x36, SHA256_BLOCKSIZE - pwd_len);
-	sha256_hash ((unsigned char *) buf, SHA256_BLOCKSIZE, ctx);
+	sha256_hash (buf, SHA256_BLOCKSIZE, ctx);
 	/**** Precompute HMAC Outer Digest ****/
@@ -272,10 +256,10 @@ void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
 	sha256_begin (ctx);
 	for (b = 0; b < pwd_len; ++b)
-		buf[b] = (char) (pwd[b] ^ 0x5C);
+		buf[b] = (unsigned char) (pwd[b] ^ 0x5C);
 	memset (&buf[pwd_len], 0x5C, SHA256_BLOCKSIZE - pwd_len);
-	sha256_hash ((unsigned char *) buf, SHA256_BLOCKSIZE, ctx);
+	sha256_hash (buf, SHA256_BLOCKSIZE, ctx);
 	/* first l - 1 blocks */
 	for (b = 1; b < l; b++)
@@ -289,13 +273,9 @@ void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
 	derive_u_sha256 (salt, salt_len, iterations, b, &hmac);
 	memcpy (dk, hmac.u, r);
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	if (NT_SUCCESS (saveStatus))
 #ifdef _WIN64
 		KeRestoreExtendedProcessorStateVC(&SaveState);
 #else
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 #endif
 	/* Prevent possible leaks. */
@@ -314,13 +294,13 @@ typedef struct hmac_sha512_ctx_struct
 	sha512_ctx ctx;
 	sha512_ctx inner_digest_ctx; /*pre-computed inner digest context */
 	sha512_ctx outer_digest_ctx; /*pre-computed outer digest context */
-	char k[SHA512_BLOCKSIZE]; /* enough to hold (salt_len + 4) and also the SHA512 hash */
+	unsigned char k[SHA512_BLOCKSIZE]; /* enough to hold (salt_len + 4) and also the SHA512 hash */
-	char u[SHA512_DIGESTSIZE];
+	unsigned char u[SHA512_DIGESTSIZE];
 } hmac_sha512_ctx;
 void hmac_sha512_internal
 (
-	  char *d,		/* data and also output buffer of at least 64 bytes */
+	unsigned char *d,		/* data and also output buffer of at least 64 bytes */
 	  int ld,			/* length of data in bytes */
 	  hmac_sha512_ctx* hmac
 )
@@ -331,43 +311,37 @@ void hmac_sha512_internal
 	memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (sha512_ctx));
-	sha512_hash ((unsigned char *) d, ld, ctx);
+	sha512_hash (d, ld, ctx);
-	sha512_end ((unsigned char *) d, ctx);
+	sha512_end (d, ctx);
 	/**** Restore Precomputed Outer Digest Context ****/
 	memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (sha512_ctx));
-	sha512_hash ((unsigned char *) d, SHA512_DIGESTSIZE, ctx);
+	sha512_hash (d, SHA512_DIGESTSIZE, ctx);
-	sha512_end ((unsigned char *) d, ctx);
+	sha512_end (d, ctx);
 }
 void hmac_sha512
 (
-	  char *k,		/* secret key */
+	  unsigned char *k,		/* secret key */
 	  int lk,		/* length of the key in bytes */
-	  char *d,		/* data and also output buffer of at least 64 bytes */
+ 	  unsigned char *d,		/* data and also output buffer of at least 64 bytes */
 	  int ld			/* length of data in bytes */	  
 )
 {
 	hmac_sha512_ctx hmac;
 	sha512_ctx* ctx;
-	char* buf = hmac.k;
+	unsigned char* buf = hmac.k;
 	int b;
-	char key[SHA512_DIGESTSIZE];
+	unsigned char key[SHA512_DIGESTSIZE];
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 #ifdef _WIN64
 	XSTATE_SAVE SaveState;
 	if (IsCpuIntel() && HasSAVX())
 		saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
 #else
 	KFLOATING_SAVE floatingPointState;	
 	if (HasSSSE3() && HasMMX())
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
 #endif
    /* If the key is longer than the hash algorithm block size,
@@ -377,8 +351,8 @@ void hmac_sha512
 		sha512_ctx tctx;
 		sha512_begin (&tctx);
-		sha512_hash ((unsigned char *) k, lk, &tctx);
+		sha512_hash (k, lk, &tctx);
-		sha512_end ((unsigned char *) key, &tctx);
+		sha512_end (key, &tctx);
 		k = key;
 		lk = SHA512_DIGESTSIZE;
@@ -393,10 +367,10 @@ void hmac_sha512
 	/* Pad the key for inner digest */
 	for (b = 0; b < lk; ++b)
-		buf[b] = (char) (k[b] ^ 0x36);
+		buf[b] = (unsigned char) (k[b] ^ 0x36);
 	memset (&buf[lk], 0x36, SHA512_BLOCKSIZE - lk);
-	sha512_hash ((unsigned char *) buf, SHA512_BLOCKSIZE, ctx);
+	sha512_hash (buf, SHA512_BLOCKSIZE, ctx);
 	/**** Precompute HMAC Outer Digest ****/
@@ -404,20 +378,16 @@ void hmac_sha512
 	sha512_begin (ctx);
 	for (b = 0; b < lk; ++b)
-		buf[b] = (char) (k[b] ^ 0x5C);
+		buf[b] = (unsigned char) (k[b] ^ 0x5C);
 	memset (&buf[lk], 0x5C, SHA512_BLOCKSIZE - lk);
-	sha512_hash ((unsigned char *) buf, SHA512_BLOCKSIZE, ctx);
+	sha512_hash (buf, SHA512_BLOCKSIZE, ctx);
 	hmac_sha512_internal (d, ld, &hmac);
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	if (NT_SUCCESS (saveStatus))
 #ifdef _WIN64
 		KeRestoreExtendedProcessorStateVC(&SaveState);
 #else
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 #endif
 	/* Prevent leaks */
@@ -425,10 +395,10 @@ void hmac_sha512
 	burn (key, sizeof(key));
 }
-static void derive_u_sha512 (char *salt, int salt_len, uint32 iterations, int b, hmac_sha512_ctx* hmac)
+static void derive_u_sha512 (unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_sha512_ctx* hmac)
 {
-	char* k = hmac->k;
+	unsigned char* k = hmac->k;
-	char* u = hmac->u;
+	unsigned char* u = hmac->u;
 	uint32 c, i;
 	/* iteration 1 */
@@ -452,24 +422,18 @@ static void derive_u_sha512 (char *salt, int salt_len, uint32 iterations, int b,
 }
-void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
+void derive_key_sha512 (unsigned char *pwd, int pwd_len, unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen)
 {
 	hmac_sha512_ctx hmac;
 	sha512_ctx* ctx;
-	char* buf = hmac.k;
+	unsigned char* buf = hmac.k;
 	int b, l, r;
-	char key[SHA512_DIGESTSIZE];
+	unsigned char key[SHA512_DIGESTSIZE];
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 #ifdef _WIN64
 	XSTATE_SAVE SaveState;
 	if (IsCpuIntel() && HasSAVX())
 		saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
 #else
 	KFLOATING_SAVE floatingPointState;	
 	if (HasSSSE3() && HasMMX())
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
 #endif
    /* If the password is longer than the hash algorithm block size,
@@ -479,8 +443,8 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
 		sha512_ctx tctx;
 		sha512_begin (&tctx);
-		sha512_hash ((unsigned char *) pwd, pwd_len, &tctx);
+		sha512_hash (pwd, pwd_len, &tctx);
-		sha512_end ((unsigned char *) key, &tctx);
+		sha512_end (key, &tctx);
 		pwd = key;
 		pwd_len = SHA512_DIGESTSIZE;
@@ -506,10 +470,10 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
 	/* Pad the key for inner digest */
 	for (b = 0; b < pwd_len; ++b)
-		buf[b] = (char) (pwd[b] ^ 0x36);
+		buf[b] = (unsigned char) (pwd[b] ^ 0x36);
 	memset (&buf[pwd_len], 0x36, SHA512_BLOCKSIZE - pwd_len);
-	sha512_hash ((unsigned char *) buf, SHA512_BLOCKSIZE, ctx);
+	sha512_hash (buf, SHA512_BLOCKSIZE, ctx);
 	/**** Precompute HMAC Outer Digest ****/
@@ -517,10 +481,10 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
 	sha512_begin (ctx);
 	for (b = 0; b < pwd_len; ++b)
-		buf[b] = (char) (pwd[b] ^ 0x5C);
+		buf[b] = (unsigned char) (pwd[b] ^ 0x5C);
 	memset (&buf[pwd_len], 0x5C, SHA512_BLOCKSIZE - pwd_len);
-	sha512_hash ((unsigned char *) buf, SHA512_BLOCKSIZE, ctx);
+	sha512_hash (buf, SHA512_BLOCKSIZE, ctx);
 	/* first l - 1 blocks */
 	for (b = 1; b < l; b++)
@@ -534,13 +498,9 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
 	derive_u_sha512 (salt, salt_len, iterations, b, &hmac);
 	memcpy (dk, hmac.u, r);
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	if (NT_SUCCESS (saveStatus))
 #ifdef _WIN64
 		KeRestoreExtendedProcessorStateVC(&SaveState);
 #else
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 #endif
 	/* Prevent possible leaks. */
@@ -557,13 +517,13 @@ typedef struct hmac_blake2s_ctx_struct
 	blake2s_state ctx;
 	blake2s_state inner_digest_ctx; /*pre-computed inner digest context */
 	blake2s_state outer_digest_ctx; /*pre-computed outer digest context */
-	char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Blake2s hash */
+	unsigned char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Blake2s hash */
-	char u[BLAKE2S_DIGESTSIZE];
+	unsigned char u[BLAKE2S_DIGESTSIZE];
 } hmac_blake2s_ctx;
 void hmac_blake2s_internal
 (
-	  char *d,		/* input data. d pointer is guaranteed to be at least 32-bytes long */
+	unsigned char *d,		/* input data. d pointer is guaranteed to be at least 32-bytes long */
 	  int ld,		/* length of input data in bytes */
 	  hmac_blake2s_ctx* hmac /* HMAC-BLAKE2S context which holds temporary variables */
 )
@@ -576,7 +536,7 @@ void hmac_blake2s_internal
 	blake2s_update (ctx, d, ld);
-	blake2s_final (ctx, (unsigned char*) d); /* d = inner digest */
+	blake2s_final (ctx, d); /* d = inner digest */
 	/**** Restore Precomputed Outer Digest Context ****/
@@ -584,34 +544,28 @@ void hmac_blake2s_internal
 	blake2s_update (ctx, d, BLAKE2S_DIGESTSIZE);
-	blake2s_final (ctx, (unsigned char *) d); /* d = outer digest */
+	blake2s_final (ctx, d); /* d = outer digest */
 }
 #ifndef TC_WINDOWS_BOOT
 void hmac_blake2s
 (
-	char *k,    /* secret key */
+	unsigned char *k,    /* secret key */
 	int lk,    /* length of the key in bytes */
-	char *d,    /* data */
+	unsigned char *d,    /* data */
 	int ld    /* length of data in bytes */
 )
 {
 	hmac_blake2s_ctx hmac;
 	blake2s_state* ctx;
-	char* buf = hmac.k;
+	unsigned char* buf = hmac.k;
 	int b;
-	char key[BLAKE2S_DIGESTSIZE];
+	unsigned char key[BLAKE2S_DIGESTSIZE];
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 #ifdef _WIN64
 	XSTATE_SAVE SaveState;
 	if (IsCpuIntel() && HasSAVX())
 		saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
 #else
 	KFLOATING_SAVE floatingPointState;	
 	if (HasSSE2())
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
 #endif
    /* If the key is longer than the hash algorithm block size,
 	   let key = blake2s(key), as per HMAC specifications. */
@@ -621,7 +575,7 @@ void hmac_blake2s
 		blake2s_init (&tctx);
 		blake2s_update (&tctx, k, lk);
-		blake2s_final (&tctx, (unsigned char *) key);
+		blake2s_final (&tctx, key);
 		k = key;
 		lk = BLAKE2S_DIGESTSIZE;
@@ -636,10 +590,10 @@ void hmac_blake2s
 	/* Pad the key for inner digest */
 	for (b = 0; b < lk; ++b)
-		buf[b] = (char) (k[b] ^ 0x36);
+		buf[b] = (unsigned char) (k[b] ^ 0x36);
 	memset (&buf[lk], 0x36, BLAKE2S_BLOCKSIZE - lk);
-	blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE);
+	blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);
 	/**** Precompute HMAC Outer Digest ****/
@@ -647,20 +601,16 @@ void hmac_blake2s
 	blake2s_init (ctx);
 	for (b = 0; b < lk; ++b)
-		buf[b] = (char) (k[b] ^ 0x5C);
+		buf[b] = (unsigned char) (k[b] ^ 0x5C);
 	memset (&buf[lk], 0x5C, BLAKE2S_BLOCKSIZE - lk);
-	blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE);
+	blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);
 	hmac_blake2s_internal(d, ld, &hmac);
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	if (NT_SUCCESS (saveStatus))
 #ifdef _WIN64
 		KeRestoreExtendedProcessorStateVC(&SaveState);
 #else
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 #endif
 	/* Prevent leaks */
@@ -669,10 +619,10 @@ void hmac_blake2s
 }
 #endif
-static void derive_u_blake2s (char *salt, int salt_len, uint32 iterations, int b, hmac_blake2s_ctx* hmac)
+static void derive_u_blake2s (unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_blake2s_ctx* hmac)
 {
-	char* k = hmac->k;
+	unsigned char* k = hmac->k;
-	char* u = hmac->u;
+	unsigned char* u = hmac->u;
 	uint32 c;
 	int i;	
@@ -698,7 +648,7 @@ static void derive_u_blake2s (char *salt, int salt_len, uint32 iterations, int b
 #ifdef TC_WINDOWS_BOOT
    /* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256 */
 	memset (&k[salt_len], 0, 3);
-	k[salt_len + 3] = (char) b;
+	k[salt_len + 3] = (unsigned char) b;
 #else
    b = bswap_32 (b);
    memcpy (&k[salt_len], &b, 4);
@@ -720,25 +670,22 @@ static void derive_u_blake2s (char *salt, int salt_len, uint32 iterations, int b
 }
-void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
+void derive_key_blake2s (unsigned char *pwd, int pwd_len, unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen)
 {	
 	hmac_blake2s_ctx hmac;
 	blake2s_state* ctx;
-	char* buf = hmac.k;
+	unsigned char* buf = hmac.k;
 	int b, l, r;
 #ifndef TC_WINDOWS_BOOT
-	char key[BLAKE2S_DIGESTSIZE];
+	unsigned char key[BLAKE2S_DIGESTSIZE];
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 #ifdef _WIN64
 	XSTATE_SAVE SaveState;
 	if (IsCpuIntel() && HasSAVX())
 		saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
 #else
 	KFLOATING_SAVE floatingPointState;	
 	if (HasSSE2())
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
 #endif
    /* If the password is longer than the hash algorithm block size,
 	   let pwd = blake2s(pwd), as per HMAC specifications. */
@@ -748,7 +695,7 @@ void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint3
 		blake2s_init (&tctx);
 		blake2s_update (&tctx, pwd, pwd_len);
-		blake2s_final (&tctx, (unsigned char *) key);
+		blake2s_final (&tctx, key);
 		pwd = key;
 		pwd_len = BLAKE2S_DIGESTSIZE;
@@ -775,7 +722,7 @@ void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint3
 	/* Pad the key for inner digest */
 	for (b = 0; b < pwd_len; ++b)
-		buf[b] = (char) (pwd[b] ^ 0x36);
+		buf[b] = (unsigned char) (pwd[b] ^ 0x36);
 	memset (&buf[pwd_len], 0x36, BLAKE2S_BLOCKSIZE - pwd_len);
 	blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);
@@ -786,7 +733,7 @@ void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint3
 	blake2s_init (ctx);
 	for (b = 0; b < pwd_len; ++b)
-		buf[b] = (char) (pwd[b] ^ 0x5C);
+		buf[b] = (unsigned char) (pwd[b] ^ 0x5C);
 	memset (&buf[pwd_len], 0x5C, BLAKE2S_BLOCKSIZE - pwd_len);
 	blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);
@@ -803,13 +750,9 @@ void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint3
 	derive_u_blake2s (salt, salt_len, iterations, b, &hmac);
 	memcpy (dk, hmac.u, r);
-#if defined (DEVICE_DRIVER)
+#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
 	if (NT_SUCCESS (saveStatus))
 #ifdef _WIN64
 		KeRestoreExtendedProcessorStateVC(&SaveState);
 #else
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 #endif
 	/* Prevent possible leaks. */
@@ -828,13 +771,13 @@ typedef struct hmac_whirlpool_ctx_struct
 	WHIRLPOOL_CTX ctx;
 	WHIRLPOOL_CTX inner_digest_ctx; /*pre-computed inner digest context */
 	WHIRLPOOL_CTX outer_digest_ctx; /*pre-computed outer digest context */
-	CRYPTOPP_ALIGN_DATA(16) char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Whirlpool hash */
+	CRYPTOPP_ALIGN_DATA(16) unsigned char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Whirlpool hash */
-	char u[WHIRLPOOL_DIGESTSIZE];
+	unsigned char u[WHIRLPOOL_DIGESTSIZE];
 } hmac_whirlpool_ctx;
 void hmac_whirlpool_internal
 (
-	  char *d,		/* input/output data. d pointer is guaranteed to be at least 64-bytes long */
+	unsigned char *d,		/* input/output data. d pointer is guaranteed to be at least 64-bytes long */
 	  int ld,		/* length of input data in bytes */
 	  hmac_whirlpool_ctx* hmac /* HMAC-Whirlpool context which holds temporary variables */
 )
@@ -845,38 +788,32 @@ void hmac_whirlpool_internal
 	memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (WHIRLPOOL_CTX));
-	WHIRLPOOL_add ((unsigned char *) d, ld, ctx);
+	WHIRLPOOL_add (d, ld, ctx);
-	WHIRLPOOL_finalize (ctx, (unsigned char *) d);
+	WHIRLPOOL_finalize (ctx, d);
 	/**** Restore Precomputed Outer Digest Context ****/
 	memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (WHIRLPOOL_CTX));
-	WHIRLPOOL_add ((unsigned char *) d, WHIRLPOOL_DIGESTSIZE, ctx);
+	WHIRLPOOL_add (d, WHIRLPOOL_DIGESTSIZE, ctx);
-	WHIRLPOOL_finalize (ctx, (unsigned char *) d);
+	WHIRLPOOL_finalize (ctx, d);
 }
 void hmac_whirlpool
 (
-	  char *k,		/* secret key */
+	  unsigned char *k,		/* secret key */
 	  int lk,		/* length of the key in bytes */
-	  char *d,		/* input data. d pointer is guaranteed to be at least 32-bytes long */
+	  unsigned char *d,		/* input data. d pointer is guaranteed to be at least 32-bytes long */
 	  int ld		/* length of data in bytes */
 )
 {
 	hmac_whirlpool_ctx hmac;
 	WHIRLPOOL_CTX* ctx;
-	char* buf = hmac.k;
+	unsigned char* buf = hmac.k;
 	int b;
-	char key[WHIRLPOOL_DIGESTSIZE];
+	unsigned char key[WHIRLPOOL_DIGESTSIZE];
 #if defined (DEVICE_DRIVER) && !defined (_WIN64)
 	KFLOATING_SAVE floatingPointState;
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 	if (HasISSE())
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
    /* If the key is longer than the hash algorithm block size,
 	   let key = whirlpool(key), as per HMAC specifications. */
 	if (lk > WHIRLPOOL_BLOCKSIZE)
@@ -884,8 +821,8 @@ void hmac_whirlpool
 		WHIRLPOOL_CTX tctx;
 		WHIRLPOOL_init (&tctx);
-		WHIRLPOOL_add ((unsigned char *) k, lk, &tctx);
+		WHIRLPOOL_add (k, lk, &tctx);
-		WHIRLPOOL_finalize (&tctx, (unsigned char *) key);
+		WHIRLPOOL_finalize (&tctx, key);
 		k = key;
 		lk = WHIRLPOOL_DIGESTSIZE;
@@ -900,10 +837,10 @@ void hmac_whirlpool
 	/* Pad the key for inner digest */
 	for (b = 0; b < lk; ++b)
-		buf[b] = (char) (k[b] ^ 0x36);
+		buf[b] = (unsigned char) (k[b] ^ 0x36);
 	memset (&buf[lk], 0x36, WHIRLPOOL_BLOCKSIZE - lk);
-	WHIRLPOOL_add ((unsigned char *) buf, WHIRLPOOL_BLOCKSIZE, ctx);
+	WHIRLPOOL_add (buf, WHIRLPOOL_BLOCKSIZE, ctx);
 	/**** Precompute HMAC Outer Digest ****/
@@ -911,25 +848,21 @@ void hmac_whirlpool
 	WHIRLPOOL_init (ctx);
 	for (b = 0; b < lk; ++b)
-		buf[b] = (char) (k[b] ^ 0x5C);
+		buf[b] = (unsigned char) (k[b] ^ 0x5C);
 	memset (&buf[lk], 0x5C, WHIRLPOOL_BLOCKSIZE - lk);
-	WHIRLPOOL_add ((unsigned char *) buf, WHIRLPOOL_BLOCKSIZE, ctx);
+	WHIRLPOOL_add (buf, WHIRLPOOL_BLOCKSIZE, ctx);
 	hmac_whirlpool_internal(d, ld, &hmac);
 #if defined (DEVICE_DRIVER) && !defined (_WIN64)
 	if (NT_SUCCESS (saveStatus))
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 	/* Prevent leaks */
 	burn(&hmac, sizeof(hmac));
 }
-static void derive_u_whirlpool (char *salt, int salt_len, uint32 iterations, int b, hmac_whirlpool_ctx* hmac)
+static void derive_u_whirlpool (unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_whirlpool_ctx* hmac)
 {
-	char* u = hmac->u;
+	unsigned char* u = hmac->u;
-	char* k = hmac->k;
+	unsigned char* k = hmac->k;
 	uint32 c, i;
 	/* iteration 1 */
@@ -952,19 +885,13 @@ static void derive_u_whirlpool (char *salt, int salt_len, uint32 iterations, int
 	}
 }
-void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
+void derive_key_whirlpool (unsigned char *pwd, int pwd_len, unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen)
 {
 	hmac_whirlpool_ctx hmac;
 	WHIRLPOOL_CTX* ctx;
-	char* buf = hmac.k;
+	unsigned char* buf = hmac.k;
-	char key[WHIRLPOOL_DIGESTSIZE];
+	unsigned char key[WHIRLPOOL_DIGESTSIZE];
 	int b, l, r;
 #if defined (DEVICE_DRIVER) && !defined (_WIN64)
 	KFLOATING_SAVE floatingPointState;
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 	if (HasISSE())
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
    /* If the password is longer than the hash algorithm block size,
 	   let pwd = whirlpool(pwd), as per HMAC specifications. */
 	if (pwd_len > WHIRLPOOL_BLOCKSIZE)
@@ -972,8 +899,8 @@ void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uin
 		WHIRLPOOL_CTX tctx;
 		WHIRLPOOL_init (&tctx);
-		WHIRLPOOL_add ((unsigned char *) pwd, pwd_len, &tctx);
+		WHIRLPOOL_add (pwd, pwd_len, &tctx);
-		WHIRLPOOL_finalize (&tctx, (unsigned char *) key);
+		WHIRLPOOL_finalize (&tctx, key);
 		pwd = key;
 		pwd_len = WHIRLPOOL_DIGESTSIZE;
@@ -999,10 +926,10 @@ void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uin
 	/* Pad the key for inner digest */
 	for (b = 0; b < pwd_len; ++b)
-		buf[b] = (char) (pwd[b] ^ 0x36);
+		buf[b] = (unsigned char) (pwd[b] ^ 0x36);
 	memset (&buf[pwd_len], 0x36, WHIRLPOOL_BLOCKSIZE - pwd_len);
-	WHIRLPOOL_add ((unsigned char *) buf, WHIRLPOOL_BLOCKSIZE, ctx);
+	WHIRLPOOL_add (buf, WHIRLPOOL_BLOCKSIZE, ctx);
 	/**** Precompute HMAC Outer Digest ****/
@@ -1010,10 +937,10 @@ void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uin
 	WHIRLPOOL_init (ctx);
 	for (b = 0; b < pwd_len; ++b)
-		buf[b] = (char) (pwd[b] ^ 0x5C);
+		buf[b] = (unsigned char) (pwd[b] ^ 0x5C);
 	memset (&buf[pwd_len], 0x5C, WHIRLPOOL_BLOCKSIZE - pwd_len);
-	WHIRLPOOL_add ((unsigned char *) buf, WHIRLPOOL_BLOCKSIZE, ctx);
+	WHIRLPOOL_add (buf, WHIRLPOOL_BLOCKSIZE, ctx);
 	/* first l - 1 blocks */
 	for (b = 1; b < l; b++)
@@ -1027,11 +954,6 @@ void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uin
 	derive_u_whirlpool (salt, salt_len, iterations, b, &hmac);
 	memcpy (dk, hmac.u, r);
 #if defined (DEVICE_DRIVER) && !defined (_WIN64)
 	if (NT_SUCCESS (saveStatus))
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 	/* Prevent possible leaks. */
 	burn (&hmac, sizeof(hmac));
 	burn (key, sizeof(key));
@@ -1043,13 +965,13 @@ typedef struct hmac_streebog_ctx_struct
 	STREEBOG_CTX ctx;
 	STREEBOG_CTX inner_digest_ctx; /*pre-computed inner digest context */
 	STREEBOG_CTX outer_digest_ctx; /*pre-computed outer digest context */
-	CRYPTOPP_ALIGN_DATA(16) char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Streebog hash */
+	CRYPTOPP_ALIGN_DATA(16) unsigned char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Streebog hash */
-	char u[STREEBOG_DIGESTSIZE];
+	unsigned char u[STREEBOG_DIGESTSIZE];
 } hmac_streebog_ctx;
 void hmac_streebog_internal
 (
-	  char *d,		/* input/output data. d pointer is guaranteed to be at least 64-bytes long */
+	  unsigned char *d,		/* input/output data. d pointer is guaranteed to be at least 64-bytes long */
 	  int ld,		/* length of input data in bytes */
 	  hmac_streebog_ctx* hmac /* HMAC-Whirlpool context which holds temporary variables */
 )
@@ -1060,38 +982,32 @@ void hmac_streebog_internal
 	memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (STREEBOG_CTX));
-	STREEBOG_add (ctx, (unsigned char *) d, ld);
+	STREEBOG_add (ctx, d, ld);
-	STREEBOG_finalize (ctx, (unsigned char *) d);
+	STREEBOG_finalize (ctx, d);
 	/**** Restore Precomputed Outer Digest Context ****/
 	memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (STREEBOG_CTX));
-	STREEBOG_add (ctx, (unsigned char *) d, STREEBOG_DIGESTSIZE);
+	STREEBOG_add (ctx, d, STREEBOG_DIGESTSIZE);
-	STREEBOG_finalize (ctx, (unsigned char *) d);
+	STREEBOG_finalize (ctx, d);
 }
 void hmac_streebog
 (
-	  char *k,		/* secret key */
+	  unsigned char *k,		/* secret key */
 	  int lk,		/* length of the key in bytes */
-	  char *d,		/* input data. d pointer is guaranteed to be at least 32-bytes long */
+	  unsigned char *d,		/* input data. d pointer is guaranteed to be at least 32-bytes long */
 	  int ld		/* length of data in bytes */
 )
 {
 	hmac_streebog_ctx hmac;
 	STREEBOG_CTX* ctx;
-	char* buf = hmac.k;
+	unsigned char* buf = hmac.k;
 	int b;
-	CRYPTOPP_ALIGN_DATA(16) char key[STREEBOG_DIGESTSIZE];
+	CRYPTOPP_ALIGN_DATA(16) unsigned char key[STREEBOG_DIGESTSIZE];
 #if defined (DEVICE_DRIVER) && !defined (_WIN64)
 	KFLOATING_SAVE floatingPointState;
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 	if (HasSSE2() || HasSSE41())
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
    /* If the key is longer than the hash algorithm block size,
 	   let key = streebog(key), as per HMAC specifications. */
 	if (lk > STREEBOG_BLOCKSIZE)
@@ -1099,8 +1015,8 @@ void hmac_streebog
 		STREEBOG_CTX tctx;
 		STREEBOG_init (&tctx);
-		STREEBOG_add (&tctx, (unsigned char *) k, lk);
+		STREEBOG_add (&tctx, k, lk);
-		STREEBOG_finalize (&tctx, (unsigned char *) key);
+		STREEBOG_finalize (&tctx, key);
 		k = key;
 		lk = STREEBOG_DIGESTSIZE;
@@ -1115,10 +1031,10 @@ void hmac_streebog
 	/* Pad the key for inner digest */
 	for (b = 0; b < lk; ++b)
-		buf[b] = (char) (k[b] ^ 0x36);
+		buf[b] = (unsigned char) (k[b] ^ 0x36);
 	memset (&buf[lk], 0x36, STREEBOG_BLOCKSIZE - lk);
-	STREEBOG_add (ctx, (unsigned char *) buf, STREEBOG_BLOCKSIZE);
+	STREEBOG_add (ctx, buf, STREEBOG_BLOCKSIZE);
 	/**** Precompute HMAC Outer Digest ****/
@@ -1126,25 +1042,21 @@ void hmac_streebog
 	STREEBOG_init (ctx);
 	for (b = 0; b < lk; ++b)
-		buf[b] = (char) (k[b] ^ 0x5C);
+		buf[b] = (unsigned char) (k[b] ^ 0x5C);
 	memset (&buf[lk], 0x5C, STREEBOG_BLOCKSIZE - lk);
-	STREEBOG_add (ctx, (unsigned char *) buf, STREEBOG_BLOCKSIZE);
+	STREEBOG_add (ctx, buf, STREEBOG_BLOCKSIZE);
 	hmac_streebog_internal(d, ld, &hmac);
 #if defined (DEVICE_DRIVER) && !defined (_WIN64)
 	if (NT_SUCCESS (saveStatus))
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 	/* Prevent leaks */
 	burn(&hmac, sizeof(hmac));
 }
-static void derive_u_streebog (char *salt, int salt_len, uint32 iterations, int b, hmac_streebog_ctx* hmac)
+static void derive_u_streebog (unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_streebog_ctx* hmac)
 {
-	char* u = hmac->u;
+	unsigned char* u = hmac->u;
-	char* k = hmac->k;
+	unsigned char* k = hmac->k;
 	uint32 c, i;
 	/* iteration 1 */
@@ -1167,19 +1079,13 @@ static void derive_u_streebog (char *salt, int salt_len, uint32 iterations, int
 	}
 }
-void derive_key_streebog (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
+void derive_key_streebog (unsigned char *pwd, int pwd_len, unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen)
 {
 	hmac_streebog_ctx hmac;
 	STREEBOG_CTX* ctx;
-	char* buf = hmac.k;
+	unsigned char* buf = hmac.k;
-	char key[STREEBOG_DIGESTSIZE];
+	unsigned char key[STREEBOG_DIGESTSIZE];
 	int b, l, r;
 #if defined (DEVICE_DRIVER) && !defined (_WIN64)
 	KFLOATING_SAVE floatingPointState;
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 	if (HasSSE2() || HasSSE41())
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
    /* If the password is longer than the hash algorithm block size,
 	   let pwd = streebog(pwd), as per HMAC specifications. */
 	if (pwd_len > STREEBOG_BLOCKSIZE)
@@ -1187,8 +1093,8 @@ void derive_key_streebog (char *pwd, int pwd_len, char *salt, int salt_len, uint
 		STREEBOG_CTX tctx;
 		STREEBOG_init (&tctx);
-		STREEBOG_add (&tctx, (unsigned char *) pwd, pwd_len);
+		STREEBOG_add (&tctx, pwd, pwd_len);
-		STREEBOG_finalize (&tctx, (unsigned char *) key);
+		STREEBOG_finalize (&tctx, key);
 		pwd = key;
 		pwd_len = STREEBOG_DIGESTSIZE;
@@ -1214,10 +1120,10 @@ void derive_key_streebog (char *pwd, int pwd_len, char *salt, int salt_len, uint
 	/* Pad the key for inner digest */
 	for (b = 0; b < pwd_len; ++b)
-		buf[b] = (char) (pwd[b] ^ 0x36);
+		buf[b] = (unsigned char) (pwd[b] ^ 0x36);
 	memset (&buf[pwd_len], 0x36, STREEBOG_BLOCKSIZE - pwd_len);
-	STREEBOG_add (ctx, (unsigned char *) buf, STREEBOG_BLOCKSIZE);
+	STREEBOG_add (ctx, buf, STREEBOG_BLOCKSIZE);
 	/**** Precompute HMAC Outer Digest ****/
@@ -1225,10 +1131,10 @@ void derive_key_streebog (char *pwd, int pwd_len, char *salt, int salt_len, uint
 	STREEBOG_init (ctx);
 	for (b = 0; b < pwd_len; ++b)
-		buf[b] = (char) (pwd[b] ^ 0x5C);
+		buf[b] = (unsigned char) (pwd[b] ^ 0x5C);
 	memset (&buf[pwd_len], 0x5C, STREEBOG_BLOCKSIZE - pwd_len);
-	STREEBOG_add (ctx, (unsigned char *) buf, STREEBOG_BLOCKSIZE);
+	STREEBOG_add (ctx, buf, STREEBOG_BLOCKSIZE);
 	/* first l - 1 blocks */
 	for (b = 1; b < l; b++)
@@ -1242,11 +1148,6 @@ void derive_key_streebog (char *pwd, int pwd_len, char *salt, int salt_len, uint
 	derive_u_streebog (salt, salt_len, iterations, b, &hmac);
 	memcpy (dk, hmac.u, r);
 #if defined (DEVICE_DRIVER) && !defined (_WIN64)
 	if (NT_SUCCESS (saveStatus))
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 	/* Prevent possible leaks. */
 	burn (&hmac, sizeof(hmac));
 	burn (key, sizeof(key));
--- a/src/Common/Pkcs5.h
+++ b/src/Common/Pkcs5.h
@@ -21,24 +21,24 @@ extern "C"
 {
 #endif
 /* output written to input_digest which must be at lease 32 bytes long */
-void hmac_blake2s (char *key, int keylen, char *input_digest, int len);
+void hmac_blake2s (unsigned char *key, int keylen, unsigned char *input_digest, int len);
-void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
+void derive_key_blake2s (unsigned char *pwd, int pwd_len, unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
 /* output written to d which must be at lease 32 bytes long */
-void hmac_sha256 (char *k, int lk, char *d, int ld);
+void hmac_sha256 (unsigned char *k, int lk, unsigned char *d, int ld);
-void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
+void derive_key_sha256 (unsigned char *pwd, int pwd_len, unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
 #ifndef TC_WINDOWS_BOOT
 /* output written to d which must be at lease 64 bytes long */
-void hmac_sha512 (char *k, int lk, char *d, int ld);
+void hmac_sha512 (unsigned char *k, int lk, unsigned char *d, int ld);
-void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
+void derive_key_sha512 (unsigned char *pwd, int pwd_len, unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
 /* output written to d which must be at lease 64 bytes long */
-void hmac_whirlpool (char *k, int lk, char *d, int ld);
+void hmac_whirlpool (unsigned char *k, int lk, unsigned char *d, int ld);
-void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
+void derive_key_whirlpool (unsigned char *pwd, int pwd_len, unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
-void hmac_streebog (char *k, int32 lk, char *d, int32 ld);
+void hmac_streebog (unsigned char *k, int32 lk, unsigned char *d, int32 ld);
-void derive_key_streebog (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
+void derive_key_streebog (unsigned char *pwd, int pwd_len, unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
 int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL bBoot);
 wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id);
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -255,20 +255,10 @@ void ThrowFatalException(int line);
 #include <ntddk.h>		/* Standard header file for nt drivers */
 #include <ntdddisk.h>		/* Standard I/O control codes  */
 /* defines needed for using enhanced protection of NX pool under Windows 8 and later */
 #define NonPagedPoolNx  512
 #define MdlMappingNoExecute     0x40000000
 /* variables used in the implementation of enhanced protection of NX pool under Windows 8 and later */
 extern POOL_TYPE ExDefaultNonPagedPoolType;
 extern ULONG ExDefaultMdlProtection;
 #ifdef _WIN64
 extern ULONG AllocTag;
 #else
 #define AllocTag 'MMCV'
 #endif
-#define TCalloc(size) ((void *) ExAllocatePoolWithTag( ExDefaultNonPagedPoolType, size, AllocTag ))
+#define TCalloc(size) ((void *) ExAllocatePool2( POOL_FLAG_NON_PAGED, size, AllocTag ))
 #define TCfree(memblock) ExFreePoolWithTag( memblock, AllocTag )
 #define DEVICE_DRIVER
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -567,19 +567,13 @@ unsigned long HexStringToByteArray(const char* hexStr, unsigned char* pbData)
 	return count;
 }
-BOOL RunHashTest (HashFunction fn, HashTestVector* vector, BOOL bUseSSE)
+BOOL RunHashTest (HashFunction fn, HashTestVector* vector)
 {
 	CRYPTOPP_ALIGN_DATA (16) unsigned char input[256];
 	unsigned char output[64];
 	unsigned char digest[64];
 	unsigned long i = 0, inputLen, outputLen, digestLen;
 	BOOL bRet = TRUE;
 #if defined (DEVICE_DRIVER) && !defined (_WIN64)
 	KFLOATING_SAVE floatingPointState;
 	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 	if (bUseSSE)
 		saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
 	while (vector[i].hexInput && vector[i].hexOutput)
 	{
 		inputLen = HexStringToByteArray (vector[i].hexInput, input);
@@ -593,11 +587,6 @@ BOOL RunHashTest (HashFunction fn, HashTestVector* vector, BOOL bUseSSE)
 		i++;
 	}
 #if defined (DEVICE_DRIVER) && !defined (_WIN64)
 	if (NT_SUCCESS (saveStatus))
 		KeRestoreFloatingPointState (&floatingPointState);
 #endif
 	return bRet;
 }
@@ -651,7 +640,7 @@ HashTestVector Blake2sTestVectors[] = {
 unsigned char ks_tmp[MAX_EXPANDED_KEY];
-void CipherInit2(int cipher, void* key, void* ks, int key_len)
+void CipherInit2(int cipher, void* key, void* ks)
 {
 	switch (cipher)
 	{
@@ -1307,7 +1296,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
 static BOOL DoAutoTestAlgorithms (void)
 {
 	PCRYPTO_INFO ci;
-	CRYPTOPP_ALIGN_DATA(16) char key[32];
+	CRYPTOPP_ALIGN_DATA(16) unsigned char key[32];
 	unsigned char tmp[16];
 	BOOL bFailed = FALSE;
 	int i;
@@ -1342,7 +1331,6 @@ static BOOL DoAutoTestAlgorithms (void)
 	{
 		uint8 testData[1024];
 		uint32 origCrc;
 		size_t i;
 		for (i = 0; i < sizeof (testData); ++i)
 		{
@@ -1526,12 +1514,12 @@ BOOL test_hmac_sha256 ()
 	for (i = 0; i < sizeof (hmac_sha256_test_data) / sizeof(char *); i++)
 	{
-		char digest[1024]; /* large enough to hold digets and test vector inputs */
+		unsigned char digest[1024]; /* large enough to hold digets and test vector inputs */
 		size_t dataLen = strlen (hmac_sha256_test_data[i]);
 		if (dataLen <= sizeof(digest))
 		{
 			memcpy (digest, hmac_sha256_test_data[i], dataLen);
-			hmac_sha256 (hmac_sha256_test_keys[i], (int) strlen (hmac_sha256_test_keys[i]), digest, (int) dataLen);
+			hmac_sha256 ((unsigned char*) hmac_sha256_test_keys[i], (int) strlen (hmac_sha256_test_keys[i]), digest, (int) dataLen);
 			if (memcmp (digest, hmac_sha256_test_vectors[i], SHA256_DIGESTSIZE) != 0)
 				return FALSE;
 			else
@@ -1553,12 +1541,12 @@ BOOL test_hmac_sha512 ()
 	for (i = 0; i < sizeof (hmac_sha512_test_data) / sizeof(char *); i++)
 	{
-		char digest[1024]; /* large enough to hold digets and test vector inputs */
+		unsigned char digest[1024]; /* large enough to hold digets and test vector inputs */
 		size_t dataLen = strlen (hmac_sha512_test_data[i]);
 		if (dataLen <= sizeof(digest))
 		{
 			memcpy (digest, hmac_sha512_test_data[i], dataLen );
-			hmac_sha512 (hmac_sha512_test_keys[i], (int) strlen (hmac_sha512_test_keys[i]), digest, (int) dataLen);
+			hmac_sha512 ((unsigned char*) hmac_sha512_test_keys[i], (int) strlen (hmac_sha512_test_keys[i]), digest, (int) dataLen);
 			if (memcmp (digest, hmac_sha512_test_vectors[i], SHA512_DIGESTSIZE) != 0)
 				return FALSE;
 			else
@@ -1581,12 +1569,12 @@ BOOL test_hmac_blake2s ()
 	for (i = 0; i < sizeof (hmac_blake2s_test_data) / sizeof(char *); i++)
 	{
-		char digest[1024]; /* large enough to hold digets and test vector inputs */
+		unsigned char digest[1024]; /* large enough to hold digets and test vector inputs */
 		size_t dataLen = strlen (hmac_blake2s_test_data[i]);
 		if (dataLen <= sizeof(digest))
 		{
 			memcpy (digest, hmac_blake2s_test_data[i], dataLen);
-			hmac_blake2s (hmac_blake2s_test_keys[i], (int) strlen (hmac_blake2s_test_keys[i]), digest, (int) dataLen);
+			hmac_blake2s ((unsigned char*)(unsigned char*)hmac_blake2s_test_keys[i], (int) strlen (hmac_blake2s_test_keys[i]), digest, (int) dataLen);
 			if (memcmp (digest, hmac_blake2s_test_vectors[i], BLAKE2S_DIGESTSIZE) != 0)
 				return FALSE;
 			else
@@ -1612,7 +1600,7 @@ BOOL test_hmac_whirlpool ()
 	unsigned char digest[1024]; /* large enough to hold digets and test vector inputs */
 	memcpy (digest, hmac_whirlpool_test_data, strlen (hmac_whirlpool_test_data));
-	hmac_whirlpool (hmac_whirlpool_test_key, 64, digest, (int) strlen (hmac_whirlpool_test_data));
+	hmac_whirlpool ((unsigned char*) hmac_whirlpool_test_key, 64, digest, (int) strlen (hmac_whirlpool_test_data));
 	if (memcmp (digest, hmac_whirlpool_test_vectors, WHIRLPOOL_DIGESTSIZE) != 0)
 		return FALSE;
@@ -1646,10 +1634,10 @@ static const unsigned char gost3411_2012_hmac_r1[] = {
 #ifndef WOLFCRYPT_BACKEND
 BOOL test_hmac_streebog ()
 {
-	CRYPTOPP_ALIGN_DATA(16) char digest[64]; /* large enough to hold digets and test vector inputs */
+	CRYPTOPP_ALIGN_DATA(16) unsigned char digest[64]; /* large enough to hold digets and test vector inputs */
 	memcpy (digest, gost3411_2012_hmac_m1, sizeof (gost3411_2012_hmac_m1));
-	hmac_streebog ((char*) gost3411_2012_hmac_k1, sizeof(gost3411_2012_hmac_k1), digest, (int) sizeof (gost3411_2012_hmac_m1));
+	hmac_streebog ((unsigned char*) gost3411_2012_hmac_k1, sizeof(gost3411_2012_hmac_k1), digest, (int) sizeof (gost3411_2012_hmac_m1));
 	if (memcmp (digest, gost3411_2012_hmac_r1, STREEBOG_DIGESTSIZE) != 0)
 		return FALSE;
@@ -1668,7 +1656,7 @@ int __cdecl StreebogHash (unsigned char* input, unsigned long inputLen, unsigned
 BOOL test_pkcs5 ()
 {
-	char dk[144];
+	unsigned char dk[144];
 	/* HMAC-SHA-256 tests */
 	if (!test_hmac_sha256())
@@ -1684,7 +1672,7 @@ BOOL test_pkcs5 ()
 		return FALSE;
 	/* Blake2s hash tests */
-	if (RunHashTest (Blake2sHash, Blake2sTestVectors, (HasSSE2())? TRUE : FALSE) == FALSE)
+	if (RunHashTest (Blake2sHash, Blake2sTestVectors))
 		return FALSE;
 	/* HMAC-Whirlpool tests */
@@ -1696,68 +1684,68 @@ BOOL test_pkcs5 ()
 		return FALSE;
 	/* STREEBOG hash tests */
-	if (RunHashTest (StreebogHash, Streebog512TestVectors, (HasSSE2() || HasSSE41())? TRUE : FALSE) == FALSE)
+	if (RunHashTest (StreebogHash, Streebog512TestVectors))
 		return FALSE;
 #endif
 	/* PKCS-5 test 1 with HMAC-SHA-256 used as the PRF (https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00) */
-	derive_key_sha256 ("passwd", 6, "\x73\x61\x6C\x74", 4, 1, dk, 64);
+	derive_key_sha256 ((unsigned char*) "passwd", 6, (unsigned char*) "\x73\x61\x6C\x74", 4, 1, dk, 64);
 	if (memcmp (dk, "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5\x09\x11\x20\x41\xd3\xa1\x97\x83", 64) != 0)
 		return FALSE;
 	/* PKCS-5 test 2 with HMAC-SHA-256 used as the PRF (https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors) */
-	derive_key_sha256 ("password", 8, "\x73\x61\x6C\x74", 4, 2, dk, 32);
+	derive_key_sha256 ((unsigned char*) "password", 8, (unsigned char*) "\x73\x61\x6C\x74", 4, 2, dk, 32);
 	if (memcmp (dk, "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32) != 0)
 		return FALSE;
 	/* PKCS-5 test 3 with HMAC-SHA-256 used as the PRF (MS CryptoAPI) */
-	derive_key_sha256 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
+	derive_key_sha256 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4);
 	if (memcmp (dk, "\xf2\xa0\x4f\xb2", 4) != 0)
 		return FALSE;
 	/* PKCS-5 test 4 with HMAC-SHA-256 used as the PRF (MS CryptoAPI) */
-	derive_key_sha256 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 144);
+	derive_key_sha256 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 144);
 	if (memcmp (dk, "\xf2\xa0\x4f\xb2\xd3\xe9\xa5\xd8\x51\x0b\x5c\x06\xdf\x70\x8e\x24\xe9\xc7\xd9\x15\x3d\x22\xcd\xde\xb8\xa6\xdb\xfd\x71\x85\xc6\x99\x32\xc0\xee\x37\x27\xf7\x24\xcf\xea\xa6\xac\x73\xa1\x4c\x4e\x52\x9b\x94\xf3\x54\x06\xfc\x04\x65\xa1\x0a\x24\xfe\xf0\x98\x1d\xa6\x22\x28\xeb\x24\x55\x74\xce\x6a\x3a\x28\xe2\x04\x3a\x59\x13\xec\x3f\xf2\xdb\xcf\x58\xdd\x53\xd9\xf9\x17\xf6\xda\x74\x06\x3c\x0b\x66\xf5\x0f\xf5\x58\xa3\x27\x52\x8c\x5b\x07\x91\xd0\x81\xeb\xb6\xbc\x30\x69\x42\x71\xf2\xd7\x18\x42\xbe\xe8\x02\x93\x70\x66\xad\x35\x65\xbc\xf7\x96\x8e\x64\xf1\xc6\x92\xda\xe0\xdc\x1f\xb5\xf4", 144) != 0)
 		return FALSE;
 	/* PKCS-5 test 1 with HMAC-SHA-512 used as the PRF */
-	derive_key_sha512 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
+	derive_key_sha512 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4);
 	if (memcmp (dk, "\x13\x64\xae\xf8", 4) != 0)
 		return FALSE;
 	/* PKCS-5 test 2 with HMAC-SHA-512 used as the PRF (derives a key longer than the underlying
 	hash output size and block size) */
-	derive_key_sha512 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 144);
+	derive_key_sha512 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 144);
 	if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)
 		return FALSE;
 #ifndef WOLFCRYPT_BACKEND
 	/* PKCS-5 test 1 with HMAC-BLAKE2s used as the PRF */
-	derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
+	derive_key_blake2s ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4);
 	if (memcmp (dk, "\x8d\x51\xfa\x31", 4) != 0)
 		return FALSE;
 	/* PKCS-5 test 2 with HMAC-BLAKE2s used as the PRF (derives a key longer than the underlying hash) */
-	derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
+	derive_key_blake2s ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 48);
 	if (memcmp (dk, "\x8d\x51\xfa\x31\x46\x25\x37\x67\xa3\x29\x6b\x3c\x6b\xc1\x5d\xb2\xee\xe1\x6c\x28\x00\x26\xea\x08\x65\x9c\x12\xf1\x07\xde\x0d\xb9\x9b\x4f\x39\xfa\xc6\x80\x26\xb1\x8f\x8e\x48\x89\x85\x2d\x24\x2d", 48) != 0)
 		return FALSE;
 	/* PKCS-5 test 1 with HMAC-Whirlpool used as the PRF */
-	derive_key_whirlpool ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
+	derive_key_whirlpool ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4);
 	if (memcmp (dk, "\x50\x7c\x36\x6f", 4) != 0)
 		return FALSE;
 	/* PKCS-5 test 2 with HMAC-Whirlpool used as the PRF (derives a key longer than the underlying hash) */
-	derive_key_whirlpool ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 96);
+	derive_key_whirlpool ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 96);
 	if (memcmp (dk, "\x50\x7c\x36\x6f\xee\x10\x2e\x9a\xe2\x8a\xd5\x82\x72\x7d\x27\x0f\xe8\x4d\x7f\x68\x7a\xcf\xb5\xe7\x43\x67\xaa\x98\x93\x52\x2b\x09\x6e\x42\xdf\x2c\x59\x4a\x91\x6d\x7e\x10\xae\xb2\x1a\x89\x8f\xb9\x8f\xe6\x31\xa9\xd8\x9f\x98\x26\xf4\xda\xcd\x7d\x65\x65\xde\x10\x95\x91\xb4\x84\x26\xae\x43\xa1\x00\x5b\x1e\xb8\x38\x97\xa4\x1e\x4b\xd2\x65\x64\xbc\xfa\x1f\x35\x85\xdb\x4f\x97\x65\x6f\xbd\x24", 96) != 0)
 		return FALSE;
 	/* PKCS-5 test 1 with HMAC-STREEBOG used as the PRF */
-	derive_key_streebog ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
+	derive_key_streebog ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4);
 	if (memcmp (dk, "\xd0\x53\xa2\x30", 4) != 0)
 		return FALSE;
 	/* PKCS-5 test 2 with HMAC-STREEBOG used as the PRF (derives a key longer than the underlying hash) */
-	derive_key_streebog ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 96);
+	derive_key_streebog ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 96);
 	if (memcmp (dk, "\xd0\x53\xa2\x30\x6f\x45\x81\xeb\xbc\x06\x81\xc5\xe7\x53\xa8\x5d\xc7\xf1\x23\x33\x1e\xbe\x64\x2c\x3b\x0f\x26\xd7\x00\xe1\x95\xc9\x65\x26\xb1\x85\xbe\x1e\xe2\xf4\x9b\xfc\x6b\x14\x84\xda\x24\x61\xa0\x1b\x9e\x79\x5c\xee\x69\x6e\xf9\x25\xb1\x1d\xca\xa0\x31\xba\x02\x6f\x9e\x99\x0f\xdb\x25\x01\x5b\xf1\xc7\x10\x19\x53\x3b\x29\x3f\x18\x00\xd6\xfc\x85\x03\xdc\xf2\xe5\xe9\x5a\xb1\x1e\x61\xde", 96) != 0)
 		return FALSE;
 #endif
--- a/src/Common/Tests.h
+++ b/src/Common/Tests.h
@@ -17,7 +17,7 @@ extern "C" {
 extern unsigned char ks_tmp[MAX_EXPANDED_KEY];
-void CipherInit2(int cipher, void* key, void* ks, int key_len);
+void CipherInit2(int cipher, void* key, void* ks);
 BOOL test_hmac_sha512 (void);
 BOOL test_hmac_blake2s (void);
 BOOL test_hmac_whirlpool (void);
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -160,7 +160,7 @@ UINT64_STRUCT GetHeaderField64 (uint8 *header, int offset)
 typedef struct
 {
-	char DerivedKey[MASTER_KEYDATA_SIZE];
+	unsigned char DerivedKey[MASTER_KEYDATA_SIZE];
 	BOOL Free;
 	LONG KeyReady;
 	int Pkcs5Prf;
@@ -169,15 +169,15 @@ typedef struct
 BOOL ReadVolumeHeaderRecoveryMode = FALSE;
-int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
+int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
 {
-	char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
+	unsigned char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
 	unsigned char* keyInfoBuffer = NULL;
 	int keyInfoBufferSize = sizeof (KEY_INFO) + 16;
 	size_t keyInfoBufferOffset;
 	PKEY_INFO keyInfo;
 	PCRYPTO_INFO cryptoInfo;
-	CRYPTOPP_ALIGN_DATA(16) char dk[MASTER_KEYDATA_SIZE];
+	CRYPTOPP_ALIGN_DATA(16) unsigned char dk[MASTER_KEYDATA_SIZE];
 	int enqPkcs5Prf, pkcs5_prf;
 	uint16 headerVersion;
 	int status = ERR_PARAMETER_INCORRECT;
@@ -704,12 +704,12 @@ void ComputeBootloaderFingerprint (uint8 *bootLoaderBuf, unsigned int bootLoader
 #else // TC_WINDOWS_BOOT
-int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
+int ReadVolumeHeader (BOOL bBoot, unsigned char *header, Password *password, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
 {
 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-	char dk[32 * 2];			// 2 * 256-bit key
+	unsigned char dk[32 * 2];			// 2 * 256-bit key
 #else
-	char dk[32 * 2 * 3];		// 6 * 256-bit key
+	unsigned char dk[32 * 2 * 3];		// 6 * 256-bit key
 #endif
 	PCRYPTO_INFO cryptoInfo;
@@ -882,18 +882,18 @@ ret:
 // Creates a volume header in memory
 #if defined(_UEFI)
-int CreateVolumeHeaderInMemory(BOOL bBoot, char *header, int ea, int mode, Password *password,
+int CreateVolumeHeaderInMemory(BOOL bBoot, unsigned char *header, int ea, int mode, Password *password,
 	int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo,
 	unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize,
 	unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode)
 #else
-int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea, int mode, Password *password,
+int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, unsigned char *header, int ea, int mode, Password *password,
 		   int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo,
 		   unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize,
 		   unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode)
 #endif // !defined(_UEFI)
 {
-	unsigned char *p = (unsigned char *) header;
+	unsigned char *p = header;
 	static CRYPTOPP_ALIGN_DATA(16) KEY_INFO keyInfo;
 	int nUserKeyLen = password? password->Length : 0;
--- a/src/Common/Volumes.h
+++ b/src/Common/Volumes.h
@@ -133,20 +133,20 @@ uint16 GetHeaderField16 (uint8 *header, int offset);
 uint32 GetHeaderField32 (uint8 *header, int offset);
 UINT64_STRUCT GetHeaderField64 (uint8 *header, int offset);
 #if defined(TC_WINDOWS_BOOT)
-int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *password, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
 #elif defined(_UEFI)
-int ReadVolumeHeader(BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+int ReadVolumeHeader(BOOL bBoot, unsigned char *encryptedHeader, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
-int CreateVolumeHeaderInMemory(BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
+int CreateVolumeHeaderInMemory(BOOL bBoot, unsigned char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
 BOOL RandgetBytes(unsigned char *buf, int len, BOOL forceSlowPoll);
 #else
-int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
 #if defined(_WIN32) && !defined(_UEFI)
 void ComputeBootloaderFingerprint (uint8 *bootLoaderBuf, unsigned int bootLoaderSize, uint8* fingerprint);
 #endif
 #endif
 #if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT) && !defined(_UEFI)
-int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
+int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, unsigned char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
 BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, uint8 *header, DWORD *bytesRead);
 BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, uint8 *header);
 int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly);
--- a/src/Common/Wipe.c
+++ b/src/Common/Wipe.c
@@ -14,11 +14,6 @@
 #include "Wipe.h"
 static BOOL Wipe1PseudoRandom (int pass, uint8 *buffer, size_t size)
 {
 	return FALSE;
 }
 // Fill buffer with wipe patterns defined in "National Industrial Security Program Operating Manual", US DoD 5220.22-M.
 // Return: FALSE = buffer must be filled with random data
@@ -173,7 +168,7 @@ BOOL WipeBuffer (WipeAlgorithmId algorithm, uint8 randChars[TC_WIPE_RAND_CHAR_CO
 	{
 	case TC_WIPE_1_RAND:
 	case TC_WIPE_256:
-		return Wipe1PseudoRandom (pass, buffer, size);
+		return FALSE; // Delegate buffer filling to the caller
 	case TC_WIPE_3_DOD_5220:
 		return Wipe3Dod5220 (pass, buffer, size);
--- a/src/Crypto/Whirlpool.c
+++ b/src/Crypto/Whirlpool.c
@@ -957,28 +957,35 @@ void WHIRLPOOL_add(const unsigned char * input,
 		}
 		// now process the input data in blocks of 64 bytes and save the leftovers to ctx->data
-		if (len >= 64)
+        if (len >= 64)
-		{
+        {
-			if (input == data)
+            if (input == data)
-			{
+            {
-				HashMultipleBlocks(ctx, dataBuf, 64);
+                HashMultipleBlocks(ctx, dataBuf, 64);
-				return;
+                return;
-			}
+            }
-			else if (IsAligned16(input))
+            else
-			{
+            {
-				uint64 leftOver = HashMultipleBlocks(ctx, (uint64 *)input, len);
+#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
-				input += (len - leftOver);
+                if (IsAligned16(input))
-				len = leftOver;
+#endif
-			}
+                {
-			else
+                    uint64 leftOver = HashMultipleBlocks(ctx, (uint64*)input, len);
-				do
+                    input += (len - leftOver);
-				{   // copy input first if it's not aligned correctly
+                    len = leftOver;
-					memcpy(data, input, 64);
+                }
-					HashMultipleBlocks(ctx, dataBuf, 64);
+#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
-					input+=64;
+                else
-					len-=64;
+                    do
-				} while (len >= 64);
+                    {   // copy input first if it's not aligned correctly
-		}
+                        memcpy(data, input, 64);
                        HashMultipleBlocks(ctx, dataBuf, 64);
                        input += 64;
                        len -= 64;
                    } while (len >= 64);
 #endif
            }
        }
 		if (len && data != input)
 			memcpy(data, input, (size_t) len);
--- a/src/Crypto/chacha-xmm.c
+++ b/src/Crypto/chacha-xmm.c
@@ -81,45 +81,6 @@ static void salsa20_wordtobyte(uint8 output[64],const uint32 input[16], unsigned
  for (i = 0;i < 16;++i) U32TO8_LITTLE(output + 4 * i,x[i]);
 }
 void chacha_ECRYPT_init(void)
 {
  return;
 }
 static const char sigma[17] = "expand 32-byte k";
 static const char tau[17] = "expand 16-byte k";
 void chacha_ECRYPT_keysetup(uint32* input,const uint8 *k,uint32 kbits,uint32 ivbits)
 {
  const char *constants;
  input[4] = U8TO32_LITTLE(k + 0);
  input[5] = U8TO32_LITTLE(k + 4);
  input[6] = U8TO32_LITTLE(k + 8);
  input[7] = U8TO32_LITTLE(k + 12);
  if (kbits == 256) { /* recommended */
    k += 16;
    constants = sigma;
  } else { /* kbits == 128 */
    constants = tau;
  }
  input[8] = U8TO32_LITTLE(k + 0);
  input[9] = U8TO32_LITTLE(k + 4);
  input[10] = U8TO32_LITTLE(k + 8);
  input[11] = U8TO32_LITTLE(k + 12);
  input[0] = U8TO32_LITTLE(constants + 0);
  input[1] = U8TO32_LITTLE(constants + 4);
  input[2] = U8TO32_LITTLE(constants + 8);
  input[3] = U8TO32_LITTLE(constants + 12);
 }
 void chacha_ECRYPT_ivsetup(uint32* input,const uint8 *iv)
 {
  input[12] = 0;
  input[13] = 0;
  input[14] = U8TO32_LITTLE(iv + 0);
  input[15] = U8TO32_LITTLE(iv + 4);
 }
 void chacha_ECRYPT_encrypt_bytes(size_t bytes, uint32* x, const uint8* m, uint8* out, uint8* output, unsigned int r)
 {
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -359,15 +359,11 @@ static void ComputeBootLoaderFingerprint(PDEVICE_OBJECT LowerDeviceObject, uint8
 	status = TCReadDevice (LowerDeviceObject, ioBuffer, offset, TC_SECTOR_SIZE_BIOS);
 	if (NT_SUCCESS (status))
 	{
 #ifndef _M_ARM64
 		NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
 #ifdef _WIN64
 		XSTATE_SAVE SaveState;
 		if (IsCpuIntel() && HasSAVX())
 			saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
 #else
 		KFLOATING_SAVE floatingPointState;		
 		if (HasISSE() || (HasSSSE3() && HasMMX()))
 			saveStatus = KeSaveFloatingPointState (&floatingPointState);
 #endif
 		WHIRLPOOL_add (ioBuffer, TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &whirlpool);
 		WHIRLPOOL_add (ioBuffer + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &whirlpool);
@@ -403,11 +399,9 @@ static void ComputeBootLoaderFingerprint(PDEVICE_OBJECT LowerDeviceObject, uint8
 			sha512_end (&BootLoaderFingerprint [WHIRLPOOL_DIGESTSIZE], &sha2);
 		}
-		if (NT_SUCCESS (saveStatus))
+#ifndef _M_ARM64
-#ifdef _WIN64
+		if (NT_SUCCESS(saveStatus))
 			KeRestoreExtendedProcessorStateVC(&SaveState);
 #else
 			KeRestoreFloatingPointState (&floatingPointState);
 #endif
 	}
 	else
@@ -423,7 +417,7 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
 	int64 hiddenHeaderOffset = BootArgs.HiddenSystemPartitionStart + TC_HIDDEN_VOLUME_HEADER_OFFSET;
 	NTSTATUS status;
 	LARGE_INTEGER offset;
-	char *header;
+	unsigned char *header;
 	int pkcs5_prf = 0, pim = 0;
 	PARTITION_INFORMATION_EX pi;
 	BOOL bIsGPT = FALSE;
@@ -662,19 +656,12 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
 		if (!NT_SUCCESS (status))
 			TC_BUG_CHECK (status);
-		if (IsOSAtLeast (WIN_VISTA))
+		CrashDumpEnabled = TRUE;
 		HibernationEnabled = TRUE;
 		if (IsRamEncryptionEnabled())
 		{
-			CrashDumpEnabled = TRUE;
+			HibernationEnabled = FALSE;
 			HibernationEnabled = TRUE;
 #ifdef _WIN64
 			if (IsRamEncryptionEnabled())
 			{
 				HibernationEnabled = FALSE;
 			}
 #endif
 		}
 		else if (!LegacyHibernationDriverFilterActive)
 			StartLegacyHibernationDriverFilter();
 		// Hidden system hibernation is not supported if an extra boot partition is present as the system is not allowed to update the boot partition
 		if (IsHiddenSystemRunning() && (BootArgs.Flags & TC_BOOT_ARGS_FLAG_EXTRA_BOOT_PARTITION))
@@ -866,6 +853,7 @@ static void CheckDeviceTypeAndMount (DriveFilterExtension *filterExtension)
 static VOID MountDriveWorkItemRoutine (PDEVICE_OBJECT deviceObject, DriveFilterExtension *filterExtension)
 {
 	UNREFERENCED_PARAMETER(deviceObject);
 	CheckDeviceTypeAndMount (filterExtension);
 	KeSetEvent (&filterExtension->MountWorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
 }
@@ -983,6 +971,7 @@ static NTSTATUS DispatchPnp (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilterE
 static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilterExtension *Extension, PIO_STACK_LOCATION irpSp)
 {
 	NTSTATUS status;
 	UNREFERENCED_PARAMETER(DeviceObject);
 	Dump ("IRP_MJ_POWER minor=%d type=%d shutdown=%d\n", (int) irpSp->MinorFunction, (int) irpSp->Parameters.Power.Type, (int) irpSp->Parameters.Power.ShutdownType);
 	if (SetupInProgress
@@ -1024,6 +1013,7 @@ static NTSTATUS DispatchControl (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFil
 {
 	BOOL bBlockTrim = BlockSystemTrimCommand || IsHiddenSystemRunning();
 	NTSTATUS status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp);
 	UNREFERENCED_PARAMETER(DeviceObject);
 	if (!NT_SUCCESS (status))
 		return TCCompleteIrp (Irp, status, 0);
@@ -1033,7 +1023,6 @@ static NTSTATUS DispatchControl (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFil
 			Dump ("DriverFilter-DispatchControl: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES\n");
 			if (bBlockTrim)
 			{
 				PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 				DWORD inputLength = irpSp->Parameters.DeviceIoControl.InputBufferLength;
 				if (inputLength >= sizeof (DEVICE_MANAGE_DATA_SET_ATTRIBUTES))
 				{
@@ -1109,7 +1098,7 @@ NTSTATUS DriveFilterDispatchIrp (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 	return status;
 }
-void EmergencyClearAllKeys (PIRP irp, PIO_STACK_LOCATION irpSp)
+void EmergencyClearAllKeys (PIRP irp)
 {
 	irp->IoStatus.Information = 0;
@@ -1136,18 +1125,16 @@ void EmergencyClearAllKeys (PIRP irp, PIO_STACK_LOCATION irpSp)
 		if (BootDriveFound && BootDriveFilterExtension && BootDriveFilterExtension->DriveMounted)
 			InvalidateDriveFilterKeys (BootDriveFilterExtension);
 #ifdef _WIN64
 		ClearSecurityParameters();
 #endif
 		irp->IoStatus.Status = STATUS_SUCCESS;
 	}
 }
-void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp)
+void ReopenBootVolumeHeader (PIRP irp)
 {
 	LARGE_INTEGER offset;
-	char *header;
+	unsigned char *header;
 	ReopenBootVolumeHeaderRequest *request = (ReopenBootVolumeHeaderRequest *) irp->AssociatedIrp.SystemBuffer;
 	irp->IoStatus.Information = 0;
@@ -1192,22 +1179,20 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp)
 		goto ret;
 	}
 #ifdef _WIN64
 	if (IsRamEncryptionEnabled())
 	{
 		VcUnprotectKeys (BootDriveFilterExtension->HeaderCryptoInfo, VcGetEncryptionID (BootDriveFilterExtension->HeaderCryptoInfo));
 	}
 #endif
 	if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, request->pkcs5_prf, request->pim, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0)
 	{
 		Dump ("Header reopened\n");
-#ifdef _WIN64
+
 		if (IsRamEncryptionEnabled())
 		{
 			VcProtectKeys (BootDriveFilterExtension->HeaderCryptoInfo, VcGetEncryptionID(BootDriveFilterExtension->HeaderCryptoInfo));
 		}
-#endif
+
 		ComputeBootLoaderFingerprint (BootDriveFilterExtension->LowerDeviceObject, header);
 		BootDriveFilterExtension->Queue.CryptoInfo->pkcs5 = BootDriveFilterExtension->HeaderCryptoInfo->pkcs5;
@@ -1458,6 +1443,8 @@ static VOID LoadImageNotifyRoutine (PUNICODE_STRING fullImageName, HANDLE proces
 	ModuleTableItem *moduleItem;
 	LIST_ENTRY *listEntry;
 	KIRQL origIrql;
 	UNREFERENCED_PARAMETER(fullImageName);
 	UNREFERENCED_PARAMETER(processId);
 	if (!imageInfo || !imageInfo->SystemModeImage || !imageInfo->ImageBase || !TCDriverObject->DriverSection)
 		return;
@@ -1512,62 +1499,6 @@ static VOID LoadImageNotifyRoutine (PUNICODE_STRING fullImageName, HANDLE proces
 }
 void StartLegacyHibernationDriverFilter ()
 {
 	PHYSICAL_ADDRESS highestAcceptableWriteBufferAddr;
 	NTSTATUS status;
 	ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL);
 	ASSERT (!IsOSAtLeast (WIN_VISTA));
 	if (!TCDriverObject->DriverSection || !*(ModuleTableItem **) TCDriverObject->DriverSection)
 		goto err;
 	// All buffers required for hibernation must be allocated here
 #ifdef _WIN64
 	highestAcceptableWriteBufferAddr.QuadPart = 0x7FFffffFFFFULL;
 #else
 	highestAcceptableWriteBufferAddr.QuadPart = 0xffffFFFFULL;
 #endif
 	HibernationWriteBuffer = MmAllocateContiguousMemory (TC_HIBERNATION_WRITE_BUFFER_SIZE, highestAcceptableWriteBufferAddr);
 	if (!HibernationWriteBuffer)
 		goto err;
 	HibernationWriteBufferMdl = IoAllocateMdl (HibernationWriteBuffer, TC_HIBERNATION_WRITE_BUFFER_SIZE, FALSE, FALSE, NULL);
 	if (!HibernationWriteBufferMdl)
 		goto err;
 	MmBuildMdlForNonPagedPool (HibernationWriteBufferMdl);
 	status = PsSetLoadImageNotifyRoutine (LoadImageNotifyRoutine);
 	if (!NT_SUCCESS (status))
 		goto err;
 	LegacyHibernationDriverFilterActive = TRUE;
 	CrashDumpEnabled = FALSE;
 	HibernationEnabled = TRUE;
 	return;
 err:
 	LegacyHibernationDriverFilterActive = FALSE;
 	CrashDumpEnabled = FALSE;
 	HibernationEnabled = FALSE;
 	if (HibernationWriteBufferMdl)
 	{
 		IoFreeMdl (HibernationWriteBufferMdl);
 		HibernationWriteBufferMdl = NULL;
 	}
 	if (HibernationWriteBuffer)
 	{
 		MmFreeContiguousMemory (HibernationWriteBuffer);
 		HibernationWriteBuffer = NULL;
 	}
 }
 static VOID SetupThreadProc (PVOID threadArg)
 {
 	DriveFilterExtension *Extension = BootDriveFilterExtension;
@@ -1590,6 +1521,7 @@ static VOID SetupThreadProc (PVOID threadArg)
 	// wipeRandCharsUpdate instead of relying on uninitialized stack memory
 	ChaCha20RngCtx rngCtx;
 	uint8 pbSeed[CHACHA20RNG_KEYSZ + CHACHA20RNG_IVSZ];
 	UNREFERENCED_PARAMETER(threadArg);
 	GetDriverRandomSeed (pbSeed, sizeof (pbSeed));
 	ChaCha20RngInit (&rngCtx, pbSeed, GetDriverRandomSeed, 0);
@@ -1951,7 +1883,7 @@ NTSTATUS StartBootEncryptionSetup (PDEVICE_OBJECT DeviceObject, PIRP irp, PIO_ST
 }
-void GetBootDriveVolumeProperties (PIRP irp, PIO_STACK_LOCATION irpSp)
+void GetBootDriveVolumeProperties (PIRP irp)
 {
 	if (ValidateIOBufferSize (irp, sizeof (VOLUME_PROPERTIES_STRUCT), ValidateOutput))
 	{
@@ -1989,7 +1921,7 @@ void GetBootDriveVolumeProperties (PIRP irp, PIO_STACK_LOCATION irpSp)
 }
-void GetBootEncryptionStatus (PIRP irp, PIO_STACK_LOCATION irpSp)
+void GetBootEncryptionStatus (PIRP irp)
 {
 	/* IMPORTANT: Do NOT add any potentially time-consuming operations to this function. */
@@ -2051,7 +1983,7 @@ void GetBootEncryptionStatus (PIRP irp, PIO_STACK_LOCATION irpSp)
 }
-void GetBootLoaderVersion (PIRP irp, PIO_STACK_LOCATION irpSp)
+void GetBootLoaderVersion (PIRP irp)
 {
 	if (ValidateIOBufferSize (irp, sizeof (uint16), ValidateOutput))
 	{
@@ -2069,7 +2001,7 @@ void GetBootLoaderVersion (PIRP irp, PIO_STACK_LOCATION irpSp)
 	}
 }
-void GetBootLoaderFingerprint (PIRP irp, PIO_STACK_LOCATION irpSp)
+void GetBootLoaderFingerprint (PIRP irp)
 {
 	if (ValidateIOBufferSize (irp, sizeof (BootLoaderFingerprintRequest), ValidateOutput))
 	{
@@ -2079,7 +2011,7 @@ void GetBootLoaderFingerprint (PIRP irp, PIO_STACK_LOCATION irpSp)
 			BootLoaderFingerprintRequest *bootLoaderFingerprint = (BootLoaderFingerprintRequest *) irp->AssociatedIrp.SystemBuffer;			
 			/* compute the fingerprint again and check if it is the same as the one retrieved during boot */
-			char *header = TCalloc (TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE);
+			unsigned char *header = TCalloc (TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE);
 			if (!header)
 			{
 				irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
@@ -2111,7 +2043,7 @@ void GetBootLoaderFingerprint (PIRP irp, PIO_STACK_LOCATION irpSp)
 	}
 }
-void GetBootEncryptionAlgorithmName (PIRP irp, PIO_STACK_LOCATION irpSp)
+void GetBootEncryptionAlgorithmName (PIRP irp)
 {
 	if (ValidateIOBufferSize (irp, sizeof (GetBootEncryptionAlgorithmNameRequest), ValidateOutput))
 	{
@@ -2193,6 +2125,7 @@ NTSTATUS AbortBootEncryptionSetup ()
 static VOID DecoySystemWipeThreadProc (PVOID threadArg)
 {
 	UNREFERENCED_PARAMETER(threadArg);
 	DriveFilterExtension *Extension = BootDriveFilterExtension;
 	LARGE_INTEGER offset;
@@ -2376,7 +2309,7 @@ BOOL IsDecoySystemWipeInProgress()
 }
-void GetDecoySystemWipeStatus (PIRP irp, PIO_STACK_LOCATION irpSp)
+void GetDecoySystemWipeStatus (PIRP irp)
 {
 	if (ValidateIOBufferSize (irp, sizeof (DecoySystemWipeStatus), ValidateOutput))
 	{
--- a/src/Driver/DriveFilter.h
+++ b/src/Driver/DriveFilter.h
@@ -59,11 +59,11 @@ extern PKTHREAD DecoySystemWipeThread;
 NTSTATUS AbortBootEncryptionSetup ();
 NTSTATUS DriveFilterAddDevice (PDRIVER_OBJECT driverObject, PDEVICE_OBJECT pdo);
 NTSTATUS DriveFilterDispatchIrp (PDEVICE_OBJECT DeviceObject, PIRP Irp);
-void GetBootDriveVolumeProperties (PIRP irp, PIO_STACK_LOCATION irpSp);
+void GetBootDriveVolumeProperties (PIRP irp);
-void GetBootEncryptionAlgorithmName (PIRP irp, PIO_STACK_LOCATION irpSp);
+void GetBootEncryptionAlgorithmName (PIRP irp);
-void GetBootEncryptionStatus (PIRP irp, PIO_STACK_LOCATION irpSp);
+void GetBootEncryptionStatus (PIRP irp);
-void GetBootLoaderVersion (PIRP irp, PIO_STACK_LOCATION irpSp);
+void GetBootLoaderVersion (PIRP irp);
-void GetBootLoaderFingerprint (PIRP irp, PIO_STACK_LOCATION irpSp);
+void GetBootLoaderFingerprint (PIRP irp);
 NTSTATUS GetSetupResult ();
 DriveFilterExtension *GetBootDriveFilterExtension ();
 CRYPTO_INFO *GetSystemDriveCryptoInfo ();
@@ -73,14 +73,13 @@ BOOL IsHiddenSystemRunning ();
 NTSTATUS LoadBootArguments (BOOL bIsEfi);
 static NTSTATUS SaveDriveVolumeHeader (DriveFilterExtension *Extension);
 NTSTATUS StartBootEncryptionSetup (PDEVICE_OBJECT DeviceObject, PIRP irp, PIO_STACK_LOCATION irpSp);
-void EmergencyClearAllKeys (PIRP irp, PIO_STACK_LOCATION irpSp);
+void EmergencyClearAllKeys (PIRP irp);
-void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp);
+void ReopenBootVolumeHeader (PIRP irp);
 NTSTATUS StartDecoySystemWipe (PDEVICE_OBJECT DeviceObject, PIRP irp, PIO_STACK_LOCATION irpSp);
 void StartLegacyHibernationDriverFilter ();
 NTSTATUS AbortDecoySystemWipe ();
 BOOL IsDecoySystemWipeInProgress();
 NTSTATUS GetDecoySystemWipeResult();
-void GetDecoySystemWipeStatus (PIRP irp, PIO_STACK_LOCATION irpSp);
+void GetDecoySystemWipeStatus (PIRP irp);
 uint64 GetBootDriveLength ();
 NTSTATUS WriteBootDriveSector (PIRP irp, PIO_STACK_LOCATION irpSp);
--- a/src/Driver/DumpFilter.c
+++ b/src/Driver/DumpFilter.c
@@ -158,6 +158,7 @@ err:
 static NTSTATUS DumpFilterStart (PFILTER_EXTENSION filterExtension)
 {
 	UNREFERENCED_PARAMETER(filterExtension);
 	Dump ("DumpFilterStart type=%d\n", filterExtension->DumpType);
 	if (BootDriveFilterExtension->MagicNumber != TC_BOOT_DRIVE_FILTER_EXTENSION_MAGIC_NUMBER)
@@ -175,6 +176,7 @@ static NTSTATUS DumpFilterWrite (PFILTER_EXTENSION filterExtension, PLARGE_INTEG
 	uint32 intersectLength;
 	PVOID writeBuffer;
 	CSHORT origMdlFlags;
 	UNREFERENCED_PARAMETER(filterExtension);
 	if (BootDriveFilterExtension->MagicNumber != TC_BOOT_DRIVE_FILTER_EXTENSION_MAGIC_NUMBER)
 		TC_BUG_CHECK (STATUS_CRC_ERROR);
@@ -194,7 +196,7 @@ static NTSTATUS DumpFilterWrite (PFILTER_EXTENSION filterExtension, PLARGE_INTEG
 	if ((offset & (ENCRYPTION_DATA_UNIT_SIZE - 1)) != 0)
 		TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
-	writeBuffer = MmGetSystemAddressForMdlSafe (writeMdl, (HighPagePriority | ExDefaultMdlProtection));
+	writeBuffer = MmGetSystemAddressForMdlSafe (writeMdl, (HighPagePriority | MdlMappingNoExecute));
 	if (!writeBuffer)
 		TC_BUG_CHECK (STATUS_INSUFFICIENT_RESOURCES);
@@ -242,6 +244,7 @@ static NTSTATUS DumpFilterWrite (PFILTER_EXTENSION filterExtension, PLARGE_INTEG
 static NTSTATUS DumpFilterFinish (PFILTER_EXTENSION filterExtension)
 {
 	UNREFERENCED_PARAMETER(filterExtension);
 	Dump ("DumpFilterFinish type=%d\n", filterExtension->DumpType);
 	return STATUS_SUCCESS;
@@ -250,6 +253,7 @@ static NTSTATUS DumpFilterFinish (PFILTER_EXTENSION filterExtension)
 static NTSTATUS DumpFilterUnload (PFILTER_EXTENSION filterExtension)
 {
 	UNREFERENCED_PARAMETER(filterExtension);
 	Dump ("DumpFilterUnload type=%d\n", filterExtension->DumpType);
 	if (WriteFilterBuffer)
--- a/src/Driver/EncryptedIoQueue.c
+++ b/src/Driver/EncryptedIoQueue.c
@@ -640,7 +640,7 @@ static VOID MainThreadProc (PVOID threadArg)
 				{
 					UINT64_STRUCT dataUnit;
-					dataBuffer = (PUCHAR) MmGetSystemAddressForMdlSafe (irp->MdlAddress, (HighPagePriority | ExDefaultMdlProtection));
+					dataBuffer = (PUCHAR) MmGetSystemAddressForMdlSafe (irp->MdlAddress, (HighPagePriority | MdlMappingNoExecute));
 					if (!dataBuffer)
 					{
 						TCfree (buffer);
@@ -760,7 +760,7 @@ static VOID MainThreadProc (PVOID threadArg)
 				continue;
 			}
-			dataBuffer = (PUCHAR) MmGetSystemAddressForMdlSafe (irp->MdlAddress, (HighPagePriority | ExDefaultMdlProtection));
+			dataBuffer = (PUCHAR) MmGetSystemAddressForMdlSafe (irp->MdlAddress, (HighPagePriority | MdlMappingNoExecute));
 			if (dataBuffer == NULL)
 			{
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -154,9 +154,6 @@ int EncryptionIoRequestCount = 0;
 int EncryptionItemCount = 0;
 int EncryptionFragmentSize = 0;
 POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
 ULONG ExDefaultMdlProtection = 0;
 PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1];
 BOOL AlignValue (ULONG ulValue, ULONG ulAlignment, ULONG *pulResult)
@@ -241,7 +238,7 @@ void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed)
 		WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx);
 		if (KeQueryInterruptTimePrecisePtr)
 		{
-			iSeed.QuadPart = KeQueryInterruptTimePrecisePtr (&iSeed2.QuadPart);
+			iSeed.QuadPart = KeQueryInterruptTimePrecisePtr ((PULONG64)  & iSeed2.QuadPart);
 			WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
 			WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx);
 		}
@@ -294,26 +291,19 @@ void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed)
 }
-NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
+NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 {
 	PKEY_VALUE_PARTIAL_INFORMATION startKeyValue;
 	LONG version;
 	int i;
-	Dump ("DriverEntry " TC_APP_NAME " " VERSION_STRING VERSION_STRING_SUFFIX "\n");
+	Dump("DriverEntry " TC_APP_NAME " " VERSION_STRING VERSION_STRING_SUFFIX "\n");
-	DetectX86Features ();
+	DetectX86Features();
-	PsGetVersion (&OsMajorVersion, &OsMinorVersion, NULL, NULL);
+	PsGetVersion(&OsMajorVersion, &OsMinorVersion, NULL, NULL);
-	Dump ("OsMajorVersion=%d OsMinorVersion=%d\n", OsMajorVersion, OsMinorVersion);
+	Dump("OsMajorVersion=%d OsMinorVersion=%d\n", OsMajorVersion, OsMinorVersion);
 	// NX pool support is available starting from Windows 8
 	if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2))
 	{
 		ExDefaultNonPagedPoolType = (POOL_TYPE) NonPagedPoolNx;
 		ExDefaultMdlProtection = MdlMappingNoExecute;
 	}
 	// KeAreAllApcsDisabled is available starting from Windows Server 2003
 	if ((OsMajorVersion > 5) || (OsMajorVersion == 5 && OsMinorVersion >= 2))
@@ -321,7 +311,7 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 		UNICODE_STRING KeAreAllApcsDisabledFuncName;
 		RtlInitUnicodeString(&KeAreAllApcsDisabledFuncName, L"KeAreAllApcsDisabled");
-		KeAreAllApcsDisabledPtr = (KeAreAllApcsDisabledFn) MmGetSystemRoutineAddress(&KeAreAllApcsDisabledFuncName);
+		KeAreAllApcsDisabledPtr = (KeAreAllApcsDisabledFn)MmGetSystemRoutineAddress(&KeAreAllApcsDisabledFuncName);
 	}
 	// KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7
@@ -334,19 +324,19 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 		RtlInitUnicodeString(&groupCountFuncName, L"KeQueryActiveGroupCount");
 		RtlInitUnicodeString(&procCountFuncName, L"KeQueryActiveProcessorCountEx");
 		RtlInitUnicodeString(&setAffinityFuncName, L"KeSetSystemGroupAffinityThread");
-		KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName);
+		KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn)MmGetSystemRoutineAddress(&saveFuncName);
-		KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName);
+		KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn)MmGetSystemRoutineAddress(&restoreFuncName);
-		KeSetSystemGroupAffinityThreadPtr = (KeSetSystemGroupAffinityThreadFn) MmGetSystemRoutineAddress(&setAffinityFuncName);
+		KeSetSystemGroupAffinityThreadPtr = (KeSetSystemGroupAffinityThreadFn)MmGetSystemRoutineAddress(&setAffinityFuncName);
-		KeQueryActiveGroupCountPtr = (KeQueryActiveGroupCountFn) MmGetSystemRoutineAddress(&groupCountFuncName);
+		KeQueryActiveGroupCountPtr = (KeQueryActiveGroupCountFn)MmGetSystemRoutineAddress(&groupCountFuncName);
-		KeQueryActiveProcessorCountExPtr = (KeQueryActiveProcessorCountExFn) MmGetSystemRoutineAddress(&procCountFuncName);
+		KeQueryActiveProcessorCountExPtr = (KeQueryActiveProcessorCountExFn)MmGetSystemRoutineAddress(&procCountFuncName);
 	}
-	
+
 	// ExGetFirmwareEnvironmentVariable is available starting from Windows 8
 	if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2))
 	{
 		UNICODE_STRING funcName;
 		RtlInitUnicodeString(&funcName, L"ExGetFirmwareEnvironmentVariable");
-		ExGetFirmwareEnvironmentVariablePtr = (ExGetFirmwareEnvironmentVariableFn) MmGetSystemRoutineAddress(&funcName);
+		ExGetFirmwareEnvironmentVariablePtr = (ExGetFirmwareEnvironmentVariableFn)MmGetSystemRoutineAddress(&funcName);
 	}
 	// KeQueryInterruptTimePrecise is available starting from Windows 8.1
@@ -354,62 +344,57 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 	{
 		UNICODE_STRING funcName;
 		RtlInitUnicodeString(&funcName, L"KeQueryInterruptTimePrecise");
-		KeQueryInterruptTimePrecisePtr = (KeQueryInterruptTimePreciseFn) MmGetSystemRoutineAddress(&funcName);
+		KeQueryInterruptTimePrecisePtr = (KeQueryInterruptTimePreciseFn)MmGetSystemRoutineAddress(&funcName);
 	}
 	// Load dump filter if the main driver is already loaded
-	if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version))))
+	if (NT_SUCCESS(TCDeviceIoControl(NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof(version))))
-		return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath);
+		return DumpFilterEntry((PFILTER_EXTENSION)DriverObject, (PFILTER_INITIALIZATION_DATA)RegistryPath);
 	TCDriverObject = DriverObject;
-	memset (VirtualVolumeDeviceObjects, 0, sizeof (VirtualVolumeDeviceObjects));
+	memset(VirtualVolumeDeviceObjects, 0, sizeof(VirtualVolumeDeviceObjects));
-	ReadRegistryConfigFlags (TRUE);
+	ReadRegistryConfigFlags(TRUE);
-	EncryptionThreadPoolStart (EncryptionThreadPoolFreeCpuCountLimit);
+	EncryptionThreadPoolStart(EncryptionThreadPoolFreeCpuCountLimit);
 	SelfTestsPassed = AutoTestAlgorithms();
 	// Enable device class filters and load boot arguments if the driver is set to start at system boot
-	if (NT_SUCCESS (TCReadRegistryKey (RegistryPath, L"Start", &startKeyValue)))
+	if (NT_SUCCESS(TCReadRegistryKey(RegistryPath, L"Start", &startKeyValue)))
 	{
-		if (startKeyValue->Type == REG_DWORD && *((uint32 *) startKeyValue->Data) == SERVICE_BOOT_START)
+		if (startKeyValue->Type == REG_DWORD && *((uint32*)startKeyValue->Data) == SERVICE_BOOT_START)
 		{
 			if (!SelfTestsPassed)
 			{
 				// in case of system encryption, if self-tests fail, disable all extended CPU
 				// features and try again in order to workaround faulty configurations
-				DisableCPUExtendedFeatures ();
+				DisableCPUExtendedFeatures();
 				SelfTestsPassed = AutoTestAlgorithms();
 				// BUG CHECK if the self-tests still fail
 				if (!SelfTestsPassed)
-					TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
+					TC_BUG_CHECK(STATUS_INVALID_PARAMETER);
 			}
-			LoadBootArguments(IsUefiBoot ());
+			LoadBootArguments(IsUefiBoot());
 			VolumeClassFilterRegistered = IsVolumeClassFilterRegistered();
 			DriverObject->DriverExtension->AddDevice = DriverAddDevice;
 		}
-		TCfree (startKeyValue);
+		TCfree(startKeyValue);
 	}
-#ifdef _WIN64
+
-	if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
+	if (RamEncryptionActivated)
 	{
-		// we enable RAM encryption only starting from Windows 7
+		if (t1ha_selfcheck__t1ha2() != 0)
-		if (RamEncryptionActivated)
+			TC_BUG_CHECK(STATUS_INVALID_PARAMETER);
-		{
+		if (!InitializeSecurityParameters(GetDriverRandomSeed))
-			if (t1ha_selfcheck__t1ha2() != 0)
+			TC_BUG_CHECK(STATUS_INVALID_PARAMETER);
 				TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
 			if (!InitializeSecurityParameters(GetDriverRandomSeed))
 				TC_BUG_CHECK (STATUS_INVALID_PARAMETER);
-			EnableRamEncryption (TRUE);
+		EnableRamEncryption(TRUE);
 		}
 	}
 #endif
 	for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; ++i)
 	{
@@ -417,7 +402,7 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 	}
 	DriverObject->DriverUnload = TCUnloadDriver;
-	return TCCreateRootDeviceObject (DriverObject);
+	return TCCreateRootDeviceObject(DriverObject);
 }
@@ -878,6 +863,7 @@ IOCTL_STORAGE_QUERY_PROPERTY 0x002D1400
 NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension, PIRP Irp)
 {
 	PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 	UNREFERENCED_PARAMETER(DeviceObject);
 	switch (irpSp->Parameters.DeviceIoControl.IoControlCode)
 	{
@@ -929,7 +915,7 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
 		else
 		{
 			ULONG outLength;
-			UCHAR volId[128], tmp[] = { 0,0 };
+			CHAR volId[128], tmp[] = { 0,0 };
 			PMOUNTDEV_UNIQUE_ID outputBuffer = (PMOUNTDEV_UNIQUE_ID) Irp->AssociatedIrp.SystemBuffer;
 			RtlStringCbCopyA (volId, sizeof(volId),TC_UNIQUE_ID_PREFIX);
@@ -1024,7 +1010,6 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
 			if (ValidateIOBufferSize (Irp, minOutputSize, ValidateOutput))
 			{
 				PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 				BOOL bFullBuffer = (irpSp->Parameters.DeviceIoControl.OutputBufferLength >= fullOutputSize)? TRUE : FALSE;
 				PDISK_GEOMETRY_EX outputBuffer = (PDISK_GEOMETRY_EX) Irp->AssociatedIrp.SystemBuffer;
@@ -1338,7 +1323,6 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
 		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_DISK_GET_DRIVE_LAYOUT)\n");
 		if (ValidateIOBufferSize (Irp, sizeof (DRIVE_LAYOUT_INFORMATION), ValidateOutput))
 		{
 			PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 			BOOL bFullBuffer = (irpSp->Parameters.DeviceIoControl.OutputBufferLength >= (sizeof (DRIVE_LAYOUT_INFORMATION) + 3*sizeof(PARTITION_INFORMATION)))? TRUE : FALSE;
 			PDRIVE_LAYOUT_INFORMATION outputBuffer = (PDRIVE_LAYOUT_INFORMATION)
 			Irp->AssociatedIrp.SystemBuffer;
@@ -1373,7 +1357,6 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
 		{
 			if (ValidateIOBufferSize (Irp, sizeof (DRIVE_LAYOUT_INFORMATION_EX), ValidateOutput))
 			{
 				PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 				BOOL bFullBuffer = (irpSp->Parameters.DeviceIoControl.OutputBufferLength >= (sizeof (DRIVE_LAYOUT_INFORMATION_EX) + 3*sizeof(PARTITION_INFORMATION_EX)))? TRUE : FALSE;
 				PDRIVE_LAYOUT_INFORMATION_EX outputBuffer = (PDRIVE_LAYOUT_INFORMATION_EX)
 				Irp->AssociatedIrp.SystemBuffer;
@@ -1528,37 +1511,20 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
 	case IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS:
 		Dump ("ProcessVolumeDeviceControlIrp (IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS)\n");
 		// Vista's, Windows 8.1 and later filesystem defragmenter fails if IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS does not succeed.
-		if (!(OsMajorVersion == 6 && OsMinorVersion == 0) 
+		if (ValidateIOBufferSize(Irp, sizeof(VOLUME_DISK_EXTENTS), ValidateOutput))
 			&& !(IsOSAtLeast (WIN_8_1) && AllowWindowsDefrag && Extension->bRawDevice)
 			)
 		{
-			Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
+			VOLUME_DISK_EXTENTS* extents = (VOLUME_DISK_EXTENTS*)Irp->AssociatedIrp.SystemBuffer;
 			Irp->IoStatus.Information = 0;
 		}
 		else if (ValidateIOBufferSize (Irp, sizeof (VOLUME_DISK_EXTENTS), ValidateOutput))
 		{
 			VOLUME_DISK_EXTENTS *extents = (VOLUME_DISK_EXTENTS *) Irp->AssociatedIrp.SystemBuffer;
-			if (IsOSAtLeast (WIN_8_1))
+			// Windows 10 filesystem defragmenter works only if we report an extent with a real disk number
-			{
+			// So in the case of a VeraCrypt disk based volume, we use the disk number
-				// Windows 10 filesystem defragmenter works only if we report an extent with a real disk number
+			// of the underlaying physical disk and we report a single extent 
-				// So in the case of a VeraCrypt disk based volume, we use the disk number
+			extents->NumberOfDiskExtents = 1;
-				// of the underlaying physical disk and we report a single extent 
+			extents->Extents[0].DiskNumber = Extension->DeviceNumber;
-				extents->NumberOfDiskExtents = 1;
+			extents->Extents[0].StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk
-				extents->Extents[0].DiskNumber = Extension->DeviceNumber;
+			extents->Extents[0].ExtentLength.QuadPart = Extension->DiskLength;
 				extents->Extents[0].StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk
 				extents->Extents[0].ExtentLength.QuadPart = Extension->DiskLength;
 			}
 			else
 			{
 				// Vista: No extent data can be returned as this is not a physical drive.				
 				memset (extents, 0, sizeof (*extents));
 				extents->NumberOfDiskExtents = 0;
 			}
 			Irp->IoStatus.Status = STATUS_SUCCESS;
-			Irp->IoStatus.Information = sizeof (*extents);
+			Irp->IoStatus.Information = sizeof(*extents);
 		}
 		break;
@@ -1723,7 +1689,6 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
 		{
 			if (ValidateIOBufferSize (Irp, sizeof (DEVICE_MANAGE_DATA_SET_ATTRIBUTES), ValidateInput))
 			{
 				PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 				DWORD inputLength = irpSp->Parameters.DeviceIoControl.InputBufferLength;
 				PDEVICE_MANAGE_DATA_SET_ATTRIBUTES pInputAttrs = (PDEVICE_MANAGE_DATA_SET_ATTRIBUTES) Irp->AssociatedIrp.SystemBuffer;
 				DEVICE_DATA_MANAGEMENT_SET_ACTION action = pInputAttrs->Action;
@@ -1955,6 +1920,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 {
 	PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 	NTSTATUS ntStatus;
 	UNREFERENCED_PARAMETER(Extension);
 	switch (irpSp->Parameters.DeviceIoControl.IoControlCode)
 	{
@@ -1981,7 +1947,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 	case TC_IOCTL_IS_DRIVER_UNLOAD_DISABLED:
 		if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput))
 		{
-			LONG deviceObjectCount = 0;
+			ULONG deviceObjectCount = 0;
 			*(int *) Irp->AssociatedIrp.SystemBuffer = DriverUnloadDisabled;
@@ -2025,7 +1991,6 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 			IO_STATUS_BLOCK IoStatus;
 			LARGE_INTEGER offset;
 			ACCESS_MASK access = FILE_READ_ATTRIBUTES;
 			PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 			if (!ValidateIOBufferSize (Irp, sizeof (OPEN_TEST_STRUCT), ValidateInputOutput))
 				break;
@@ -2266,7 +2231,6 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 							if (readBuffer[510] == 0x55 && readBuffer[511] == 0xaa)
 							{
 								int i;
 								for (i = 0; i < 4; ++i)
 								{
 									if (readBuffer[446 + i * 16 + 4] == PARTITION_LDM)
@@ -2459,16 +2423,16 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		{
 			RESOLVE_SYMLINK_STRUCT *resolve = (RESOLVE_SYMLINK_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
 			{
-				NTSTATUS ntStatus;
+				NTSTATUS ntStatusLocal;
 				EnsureNullTerminatedString (resolve->symLinkName, sizeof (resolve->symLinkName));
-				ntStatus = SymbolicLinkToTarget (resolve->symLinkName,
+				ntStatusLocal = SymbolicLinkToTarget (resolve->symLinkName,
 					resolve->targetName,
 					sizeof (resolve->targetName));
 				Irp->IoStatus.Information = sizeof (RESOLVE_SYMLINK_STRUCT);
-				Irp->IoStatus.Status = ntStatus;
+				Irp->IoStatus.Status = ntStatusLocal;
 			}
 		}
 		break;
@@ -2479,12 +2443,12 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 			DISK_PARTITION_INFO_STRUCT *info = (DISK_PARTITION_INFO_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
 			{
 				PARTITION_INFORMATION_EX pi;
-				NTSTATUS ntStatus;
+				NTSTATUS ntStatusLocal;
 				EnsureNullTerminatedString (info->deviceName, sizeof (info->deviceName));
-				ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &pi, sizeof (pi));
+				ntStatusLocal = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &pi, sizeof (pi));
-				if (NT_SUCCESS(ntStatus))
+				if (NT_SUCCESS(ntStatusLocal))
 				{
 					memset (&info->partInfo, 0, sizeof (info->partInfo));
@@ -2503,16 +2467,16 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 				else
 				{
 					// Windows 2000 does not support IOCTL_DISK_GET_PARTITION_INFO_EX
-					ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_PARTITION_INFO, NULL, 0, &info->partInfo, sizeof (info->partInfo));
+					ntStatusLocal = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_PARTITION_INFO, NULL, 0, &info->partInfo, sizeof (info->partInfo));
 					info->IsGPT = FALSE;
 				}
-				if (!NT_SUCCESS (ntStatus))
+				if (!NT_SUCCESS (ntStatusLocal))
 				{
 					GET_LENGTH_INFORMATION lengthInfo;
-					ntStatus = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_LENGTH_INFO, NULL, 0, &lengthInfo, sizeof (lengthInfo));
+					ntStatusLocal = TCDeviceIoControl (info->deviceName, IOCTL_DISK_GET_LENGTH_INFO, NULL, 0, &lengthInfo, sizeof (lengthInfo));
-					if (NT_SUCCESS (ntStatus))
+					if (NT_SUCCESS (ntStatusLocal))
 					{
 						memset (&info->partInfo, 0, sizeof (info->partInfo));
 						info->partInfo.PartitionLength = lengthInfo.Length;
@@ -2521,7 +2485,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 				info->IsDynamic = FALSE;
-				if (NT_SUCCESS (ntStatus) && OsMajorVersion >= 6)
+				if (NT_SUCCESS (ntStatusLocal))
 				{
 #					define IOCTL_VOLUME_IS_DYNAMIC CTL_CODE(IOCTL_VOLUME_BASE, 18, METHOD_BUFFERED, FILE_ANY_ACCESS)
 					if (!NT_SUCCESS (TCDeviceIoControl (info->deviceName, IOCTL_VOLUME_IS_DYNAMIC, NULL, 0, &info->IsDynamic, sizeof (info->IsDynamic))))
@@ -2529,7 +2493,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 				}
 				Irp->IoStatus.Information = sizeof (DISK_PARTITION_INFO_STRUCT);
-				Irp->IoStatus.Status = ntStatus;
+				Irp->IoStatus.Status = ntStatusLocal;
 			}
 		}
 		break;
@@ -2539,17 +2503,17 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		{
 			DISK_GEOMETRY_STRUCT *g = (DISK_GEOMETRY_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
 			{
-				NTSTATUS ntStatus;
+				NTSTATUS ntStatusLocal;
 				EnsureNullTerminatedString (g->deviceName, sizeof (g->deviceName));
 				Dump ("Calling IOCTL_DISK_GET_DRIVE_GEOMETRY on %ls\n", g->deviceName);
-				ntStatus = TCDeviceIoControl (g->deviceName,
+				ntStatusLocal = TCDeviceIoControl (g->deviceName,
 					IOCTL_DISK_GET_DRIVE_GEOMETRY,
 					NULL, 0, &g->diskGeometry, sizeof (g->diskGeometry));
 				Irp->IoStatus.Information = sizeof (DISK_GEOMETRY_STRUCT);
-				Irp->IoStatus.Status = ntStatus;
+				Irp->IoStatus.Status = ntStatusLocal;
 			}
 		}
 		break;
@@ -2559,18 +2523,18 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		{
 			DISK_GEOMETRY_EX_STRUCT *g = (DISK_GEOMETRY_EX_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
 			{
-				NTSTATUS ntStatus;
+				NTSTATUS ntStatusLocal;
 				PVOID buffer = TCalloc (256); // enough for DISK_GEOMETRY_EX and padded data
 				if (buffer)
 				{
 					EnsureNullTerminatedString (g->deviceName, sizeof (g->deviceName));
 					Dump ("Calling IOCTL_DISK_GET_DRIVE_GEOMETRY_EX on %ls\n", g->deviceName);
-					ntStatus = TCDeviceIoControl (g->deviceName,
+					ntStatusLocal = TCDeviceIoControl (g->deviceName,
 						IOCTL_DISK_GET_DRIVE_GEOMETRY_EX,
 						NULL, 0, buffer, 256);
-					if (NT_SUCCESS(ntStatus))
+					if (NT_SUCCESS(ntStatusLocal))
 					{
 						PDISK_GEOMETRY_EX pGeo = (PDISK_GEOMETRY_EX) buffer;
 						memcpy (&g->diskGeometry, &pGeo->Geometry, sizeof (DISK_GEOMETRY));
@@ -2580,30 +2544,27 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 					{
 						DISK_GEOMETRY dg = {0};
 						Dump ("Failed. Calling IOCTL_DISK_GET_DRIVE_GEOMETRY on %ls\n", g->deviceName);
-						ntStatus = TCDeviceIoControl (g->deviceName,
+						ntStatusLocal = TCDeviceIoControl (g->deviceName,
 							IOCTL_DISK_GET_DRIVE_GEOMETRY,
 							NULL, 0, &dg, sizeof (dg));
-						if (NT_SUCCESS(ntStatus))
+						if (NT_SUCCESS(ntStatusLocal))
 						{
-							memcpy (&g->diskGeometry, &dg, sizeof (DISK_GEOMETRY));
+							memcpy(&g->diskGeometry, &dg, sizeof(DISK_GEOMETRY));
 							g->DiskSize.QuadPart = dg.Cylinders.QuadPart * dg.SectorsPerTrack * dg.TracksPerCylinder * dg.BytesPerSector;
-							if (OsMajorVersion >= 6)
+							STORAGE_READ_CAPACITY storage = { 0 };
 							NTSTATUS lStatus;
 							storage.Version = sizeof(STORAGE_READ_CAPACITY);
 							Dump("Calling IOCTL_STORAGE_READ_CAPACITY on %ls\n", g->deviceName);
 							lStatus = TCDeviceIoControl(g->deviceName,
 								IOCTL_STORAGE_READ_CAPACITY,
 								NULL, 0, &storage, sizeof(STORAGE_READ_CAPACITY));
 							if (NT_SUCCESS(lStatus)
 								&& (storage.Size == sizeof(STORAGE_READ_CAPACITY))
 								)
 							{
-								STORAGE_READ_CAPACITY storage = {0};
+								g->DiskSize.QuadPart = storage.DiskLength.QuadPart;
 								NTSTATUS lStatus;
 								storage.Version = sizeof (STORAGE_READ_CAPACITY);
 								Dump ("Calling IOCTL_STORAGE_READ_CAPACITY on %ls\n", g->deviceName);
 								lStatus = TCDeviceIoControl (g->deviceName,
 									IOCTL_STORAGE_READ_CAPACITY,
 									NULL, 0, &storage, sizeof (STORAGE_READ_CAPACITY));
 								if (	NT_SUCCESS(lStatus)
 									&& (storage.Size == sizeof (STORAGE_READ_CAPACITY))
 									)
 								{
 									g->DiskSize.QuadPart = storage.DiskLength.QuadPart;
 								}
 							}
 						}
 					}
@@ -2611,7 +2572,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 					TCfree (buffer);
 					Irp->IoStatus.Information = sizeof (DISK_GEOMETRY_EX_STRUCT);
-					Irp->IoStatus.Status = ntStatus;
+					Irp->IoStatus.Status = ntStatusLocal;
 				}
 				else
 				{
@@ -2669,7 +2630,6 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		if (ValidateIOBufferSize (Irp, sizeof (MOUNT_STRUCT), ValidateInputOutput))
 		{
 			MOUNT_STRUCT *mount = (MOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
 			PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 			if ((irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (MOUNT_STRUCT))
 				|| mount->VolumePassword.Length > MAX_PASSWORD || mount->ProtectedHidVolPassword.Length > MAX_PASSWORD
@@ -2703,7 +2663,6 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		{
 			UNMOUNT_STRUCT *unmount = (UNMOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
 			PDEVICE_OBJECT ListDevice = GetVirtualVolumeDeviceObject (unmount->nDosDriveNo);
 			PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 			if (irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (UNMOUNT_STRUCT))
 			{
@@ -2731,7 +2690,6 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		if (ValidateIOBufferSize (Irp, sizeof (UNMOUNT_STRUCT), ValidateInputOutput))
 		{
 			UNMOUNT_STRUCT *unmount = (UNMOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
 			PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
 			if (irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (UNMOUNT_STRUCT))
 			{
@@ -2748,7 +2706,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		break;
 	case VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS:
-		EmergencyClearAllKeys (Irp, irpSp);
+		EmergencyClearAllKeys (Irp);
 		WipeCache();
 		break;
@@ -2763,7 +2721,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		break;
 	case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS:
-		GetBootEncryptionStatus (Irp, irpSp);
+		GetBootEncryptionStatus (Irp);
 		break;
 	case TC_IOCTL_GET_BOOT_ENCRYPTION_SETUP_RESULT:
@@ -2772,23 +2730,23 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		break;
 	case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES:
-		GetBootDriveVolumeProperties (Irp, irpSp);
+		GetBootDriveVolumeProperties (Irp);
 		break;
 	case TC_IOCTL_GET_BOOT_LOADER_VERSION:
-		GetBootLoaderVersion (Irp, irpSp);
+		GetBootLoaderVersion (Irp);
 		break;
 	case TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER:
-		ReopenBootVolumeHeader (Irp, irpSp);
+		ReopenBootVolumeHeader (Irp);
 		break;
 	case VC_IOCTL_GET_BOOT_LOADER_FINGERPRINT:
-		GetBootLoaderFingerprint (Irp, irpSp);
+		GetBootLoaderFingerprint (Irp);
 		break;
 	case TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME:
-		GetBootEncryptionAlgorithmName (Irp, irpSp);
+		GetBootEncryptionAlgorithmName (Irp);
 		break;
 	case TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING:
@@ -2816,7 +2774,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		break;
 	case TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS:
-		GetDecoySystemWipeStatus (Irp, irpSp);
+		GetDecoySystemWipeStatus (Irp);
 		break;
 	case TC_IOCTL_WRITE_BOOT_DRIVE_SECTOR:
@@ -3505,11 +3463,13 @@ void TCDeleteDeviceObject (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension)
 		if (Extension->SecurityClientContextValid)
 		{
-			VOID (*PsDereferenceImpersonationTokenD) (PACCESS_TOKEN ImpersonationToken);
+            typedef VOID (*PsDereferenceImpersonationTokenDType) (PACCESS_TOKEN ImpersonationToken);
            PsDereferenceImpersonationTokenDType PsDereferenceImpersonationTokenD;
 			UNICODE_STRING name;
 			RtlInitUnicodeString (&name, L"PsDereferenceImpersonationToken");
-			PsDereferenceImpersonationTokenD = MmGetSystemRoutineAddress (&name);
+			PsDereferenceImpersonationTokenD = (PsDereferenceImpersonationTokenDType) MmGetSystemRoutineAddress (&name);
 			if (!PsDereferenceImpersonationTokenD)
 				TC_BUG_CHECK (STATUS_NOT_IMPLEMENTED);
@@ -3534,7 +3494,7 @@ void TCDeleteDeviceObject (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension)
 VOID TCUnloadDriver (PDRIVER_OBJECT DriverObject)
 {
 	Dump ("TCUnloadDriver BEGIN\n");
-
+	UNREFERENCED_PARAMETER(DriverObject);
 	OnShutdownPending();
 	if (IsBootDriveMounted())
@@ -3568,6 +3528,7 @@ typedef struct
 static VOID TCDeviceIoControlWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, TCDeviceIoControlWorkItemArgs *arg)
 {
 	UNREFERENCED_PARAMETER(rootDeviceObject);
 	arg->Status = TCDeviceIoControl (arg->deviceName, arg->IoControlCode, arg->InputBuffer, arg->InputBufferSize, arg->OutputBuffer, arg->OutputBufferSize);
 	KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
 }
@@ -3654,6 +3615,7 @@ typedef struct
 static VOID SendDeviceIoControlRequestWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, SendDeviceIoControlRequestWorkItemArgs *arg)
 {
 	UNREFERENCED_PARAMETER(rootDeviceObject);
 	arg->Status = SendDeviceIoControlRequest (arg->deviceObject, arg->ioControlCode, arg->inputBuffer, arg->inputBufferSize, arg->outputBuffer, arg->outputBufferSize);
 	KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
 }
@@ -3998,6 +3960,7 @@ static NTSTATUS UpdateFsVolumeInformation (MOUNT_STRUCT* mount, PEXTENSION NewEx
 static VOID UpdateFsVolumeInformationWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, UpdateFsVolumeInformationWorkItemArgs *arg)
 {
 	UNREFERENCED_PARAMETER(rootDeviceObject);
 	arg->Status = UpdateFsVolumeInformation (arg->mount, arg->NewExtension);
 	KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
 }
@@ -4265,6 +4228,7 @@ typedef struct
 static VOID UnmountDeviceWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, UnmountDeviceWorkItemArgs *arg)
 {
 	UNREFERENCED_PARAMETER(rootDeviceObject);
 	arg->Status = UnmountDevice (arg->unmountRequest, arg->deviceObject, arg->ignoreOpenFiles);
 	KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
 }
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -53,7 +53,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 	LARGE_INTEGER lDiskLength = { 0 };
 	__int64 partitionStartingOffset = 0;
 	int volumeType;
-	char *readBuffer = 0;
+	unsigned char *readBuffer = 0;
 	NTSTATUS ntStatus = 0;
 	BOOL forceAccessCheck = !bRawDevice;
 	BOOL disableBuffering = TRUE;
@@ -98,65 +98,62 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 		PARTITION_INFORMATION_EX pix;
 		LARGE_INTEGER diskLengthInfo;
 		DISK_GEOMETRY_EX dg;
-		STORAGE_PROPERTY_QUERY storagePropertyQuery = {0};
+		STORAGE_PROPERTY_QUERY storagePropertyQuery = { 0 };
 		uint8* dgBuffer;
 		STORAGE_DEVICE_NUMBER storageDeviceNumber;
-		ntStatus = IoGetDeviceObjectPointer (&FullFileName,
+		ntStatus = IoGetDeviceObjectPointer(&FullFileName,
 			FILE_READ_DATA | FILE_READ_ATTRIBUTES,
 			&Extension->pfoDeviceFile,
 			&Extension->pFsdDevice);
-		if (!NT_SUCCESS (ntStatus))
+		if (!NT_SUCCESS(ntStatus))
 			goto error;
-		dgBuffer = TCalloc (256);
+		dgBuffer = TCalloc(256);
 		if (!dgBuffer)
 		{
 			ntStatus = STATUS_INSUFFICIENT_RESOURCES;
 			goto error;
 		}
-		ntStatus = TCSendHostDeviceIoControlRequest (DeviceObject, Extension, IOCTL_DISK_GET_DRIVE_GEOMETRY_EX, (char *) dgBuffer, 256);
+		ntStatus = TCSendHostDeviceIoControlRequest(DeviceObject, Extension, IOCTL_DISK_GET_DRIVE_GEOMETRY_EX, (char*)dgBuffer, 256);
-		if (!NT_SUCCESS (ntStatus))
+		if (!NT_SUCCESS(ntStatus))
 		{
 			DISK_GEOMETRY geo;
-			ntStatus = TCSendHostDeviceIoControlRequest (DeviceObject, Extension, IOCTL_DISK_GET_DRIVE_GEOMETRY, (char *) &geo, sizeof (geo));
+			ntStatus = TCSendHostDeviceIoControlRequest(DeviceObject, Extension, IOCTL_DISK_GET_DRIVE_GEOMETRY, (char*)&geo, sizeof(geo));
-			if (!NT_SUCCESS (ntStatus))
+			if (!NT_SUCCESS(ntStatus))
 			{
-				TCfree (dgBuffer);
+				TCfree(dgBuffer);
 				goto error;
 			}
-			memset (&dg, 0, sizeof (dg));
+			memset(&dg, 0, sizeof(dg));
-			memcpy (&dg.Geometry, &geo, sizeof (geo));
+			memcpy(&dg.Geometry, &geo, sizeof(geo));
 			dg.DiskSize.QuadPart = geo.Cylinders.QuadPart * geo.SectorsPerTrack * geo.TracksPerCylinder * geo.BytesPerSector;
-			if (OsMajorVersion >= 6)
+			STORAGE_READ_CAPACITY storage = { 0 };
-			{
+			NTSTATUS lStatus;
 				STORAGE_READ_CAPACITY storage = {0};
 				NTSTATUS lStatus;
-				storage.Version = sizeof (STORAGE_READ_CAPACITY);
+			storage.Version = sizeof(STORAGE_READ_CAPACITY);
-				storage.Size = sizeof (STORAGE_READ_CAPACITY);
+			storage.Size = sizeof(STORAGE_READ_CAPACITY);
-				lStatus = TCSendHostDeviceIoControlRequest (DeviceObject, Extension,
+			lStatus = TCSendHostDeviceIoControlRequest(DeviceObject, Extension,
-					IOCTL_STORAGE_READ_CAPACITY,
+				IOCTL_STORAGE_READ_CAPACITY,
-					(char*)  &storage, sizeof (STORAGE_READ_CAPACITY));
+				(char*)&storage, sizeof(STORAGE_READ_CAPACITY));
-				if (	NT_SUCCESS(lStatus)
+			if (NT_SUCCESS(lStatus)
-					&& (storage.Size == sizeof (STORAGE_READ_CAPACITY))
+				&& (storage.Size == sizeof(STORAGE_READ_CAPACITY))
-					)
+				)
-				{
+			{
-					dg.DiskSize.QuadPart = storage.DiskLength.QuadPart;
+				dg.DiskSize.QuadPart = storage.DiskLength.QuadPart;
 				}
 			}
 		}
 		else
-			memcpy (&dg, dgBuffer, sizeof (DISK_GEOMETRY_EX));
+			memcpy(&dg, dgBuffer, sizeof(DISK_GEOMETRY_EX));
-		TCfree (dgBuffer);
+		TCfree(dgBuffer);
-		if (NT_SUCCESS (TCSendHostDeviceIoControlRequest (DeviceObject, Extension,
+		if (NT_SUCCESS(TCSendHostDeviceIoControlRequest(DeviceObject, Extension,
-					IOCTL_STORAGE_GET_DEVICE_NUMBER,
+			IOCTL_STORAGE_GET_DEVICE_NUMBER,
-					(char*) &storageDeviceNumber, sizeof (storageDeviceNumber))))
+			(char*)&storageDeviceNumber, sizeof(storageDeviceNumber))))
 		{
 			Extension->DeviceNumber = storageDeviceNumber.DeviceNumber;
 		}
@@ -165,76 +162,72 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 		Extension->HostBytesPerSector = dg.Geometry.BytesPerSector;
 		Extension->HostBytesPerPhysicalSector = dg.Geometry.BytesPerSector;
-		/* IOCTL_STORAGE_QUERY_PROPERTY supported only on Vista and above */
+		STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR alignmentDesc = { 0 };
-		if (OsMajorVersion >= 6)
+		STORAGE_ADAPTER_DESCRIPTOR adapterDesc = { 0 };
 		DEVICE_SEEK_PENALTY_DESCRIPTOR penaltyDesc = { 0 };
 		DEVICE_TRIM_DESCRIPTOR trimDesc = { 0 };
 		storagePropertyQuery.PropertyId = StorageAccessAlignmentProperty;
 		storagePropertyQuery.QueryType = PropertyStandardQuery;
 		alignmentDesc.Version = sizeof(STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR);
 		alignmentDesc.Size = sizeof(STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR);
 		if (NT_SUCCESS(TCSendHostDeviceIoControlRequestEx(DeviceObject, Extension, IOCTL_STORAGE_QUERY_PROPERTY,
 			(char*)&storagePropertyQuery, sizeof(storagePropertyQuery),
 			(char*)&alignmentDesc, sizeof(alignmentDesc))))
 		{
-			STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR alignmentDesc = {0};
+			Extension->HostBytesPerPhysicalSector = alignmentDesc.BytesPerPhysicalSector;
-			STORAGE_ADAPTER_DESCRIPTOR adapterDesc = {0};
+		}
 			DEVICE_SEEK_PENALTY_DESCRIPTOR penaltyDesc = {0};
 			DEVICE_TRIM_DESCRIPTOR trimDesc = {0};
-			storagePropertyQuery.PropertyId = StorageAccessAlignmentProperty;
+		storagePropertyQuery.PropertyId = StorageAdapterProperty;
-			storagePropertyQuery.QueryType = PropertyStandardQuery;
+		adapterDesc.Version = sizeof(STORAGE_ADAPTER_DESCRIPTOR);
 		adapterDesc.Size = sizeof(STORAGE_ADAPTER_DESCRIPTOR);
-			alignmentDesc.Version = sizeof (STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR);
+		if (NT_SUCCESS(TCSendHostDeviceIoControlRequestEx(DeviceObject, Extension, IOCTL_STORAGE_QUERY_PROPERTY,
-			alignmentDesc.Size = sizeof (STORAGE_ACCESS_ALIGNMENT_DESCRIPTOR);
+			(char*)&storagePropertyQuery, sizeof(storagePropertyQuery),
 			(char*)&adapterDesc, sizeof(adapterDesc))))
 		{
 			Extension->HostMaximumTransferLength = adapterDesc.MaximumTransferLength;
 			Extension->HostMaximumPhysicalPages = adapterDesc.MaximumPhysicalPages;
 			Extension->HostAlignmentMask = adapterDesc.AlignmentMask;
 		}
-			if (NT_SUCCESS (TCSendHostDeviceIoControlRequestEx (DeviceObject, Extension, IOCTL_STORAGE_QUERY_PROPERTY,
+		storagePropertyQuery.PropertyId = StorageDeviceSeekPenaltyProperty;
-				(char*) &storagePropertyQuery, sizeof(storagePropertyQuery),
+		penaltyDesc.Version = sizeof(DEVICE_SEEK_PENALTY_DESCRIPTOR);
-				(char *) &alignmentDesc, sizeof (alignmentDesc))))
+		penaltyDesc.Size = sizeof(DEVICE_SEEK_PENALTY_DESCRIPTOR);
 			{
 				Extension->HostBytesPerPhysicalSector = alignmentDesc.BytesPerPhysicalSector;
 			}
-			storagePropertyQuery.PropertyId = StorageAdapterProperty;
+		if (NT_SUCCESS(TCSendHostDeviceIoControlRequestEx(DeviceObject, Extension, IOCTL_STORAGE_QUERY_PROPERTY,
-			adapterDesc.Version = sizeof (STORAGE_ADAPTER_DESCRIPTOR);
+			(char*)&storagePropertyQuery, sizeof(storagePropertyQuery),
-			adapterDesc.Size = sizeof (STORAGE_ADAPTER_DESCRIPTOR);
+			(char*)&penaltyDesc, sizeof(penaltyDesc))))
 		{
 			Extension->IncursSeekPenalty = penaltyDesc.IncursSeekPenalty;
 		}
-			if (NT_SUCCESS (TCSendHostDeviceIoControlRequestEx (DeviceObject, Extension, IOCTL_STORAGE_QUERY_PROPERTY,
+		storagePropertyQuery.PropertyId = StorageDeviceTrimProperty;
-				(char*) &storagePropertyQuery, sizeof(storagePropertyQuery),
+		trimDesc.Version = sizeof(DEVICE_TRIM_DESCRIPTOR);
-				(char *) &adapterDesc, sizeof (adapterDesc))))
+		trimDesc.Size = sizeof(DEVICE_TRIM_DESCRIPTOR);
 			{
 				Extension->HostMaximumTransferLength = adapterDesc.MaximumTransferLength;
 				Extension->HostMaximumPhysicalPages = adapterDesc.MaximumPhysicalPages;
 				Extension->HostAlignmentMask = adapterDesc.AlignmentMask;
 			}
-			storagePropertyQuery.PropertyId = StorageDeviceSeekPenaltyProperty;
+		if (NT_SUCCESS(TCSendHostDeviceIoControlRequestEx(DeviceObject, Extension, IOCTL_STORAGE_QUERY_PROPERTY,
-			penaltyDesc.Version = sizeof (DEVICE_SEEK_PENALTY_DESCRIPTOR);
+			(char*)&storagePropertyQuery, sizeof(storagePropertyQuery),
-			penaltyDesc.Size = sizeof (DEVICE_SEEK_PENALTY_DESCRIPTOR);
+			(char*)&trimDesc, sizeof(trimDesc))))
-
+		{
-			if (NT_SUCCESS (TCSendHostDeviceIoControlRequestEx (DeviceObject, Extension, IOCTL_STORAGE_QUERY_PROPERTY,
+			Extension->TrimEnabled = trimDesc.TrimEnabled;
 				(char*) &storagePropertyQuery, sizeof(storagePropertyQuery),
 				(char *) &penaltyDesc, sizeof (penaltyDesc))))
 			{
 				Extension->IncursSeekPenalty = penaltyDesc.IncursSeekPenalty;
 			}
 			storagePropertyQuery.PropertyId = StorageDeviceTrimProperty;
 			trimDesc.Version = sizeof (DEVICE_TRIM_DESCRIPTOR);
 			trimDesc.Size = sizeof (DEVICE_TRIM_DESCRIPTOR);
 			if (NT_SUCCESS (TCSendHostDeviceIoControlRequestEx (DeviceObject, Extension, IOCTL_STORAGE_QUERY_PROPERTY,
 				(char*) &storagePropertyQuery, sizeof(storagePropertyQuery),
 				(char *) &trimDesc, sizeof (trimDesc))))
 			{
 				Extension->TrimEnabled = trimDesc.TrimEnabled;
 			}
 		}
 		// Drive geometry is used only when IOCTL_DISK_GET_PARTITION_INFO fails
-		if (NT_SUCCESS (TCSendHostDeviceIoControlRequest (DeviceObject, Extension, IOCTL_DISK_GET_PARTITION_INFO_EX, (char *) &pix, sizeof (pix))))
+		if (NT_SUCCESS(TCSendHostDeviceIoControlRequest(DeviceObject, Extension, IOCTL_DISK_GET_PARTITION_INFO_EX, (char*)&pix, sizeof(pix))))
 		{
 			lDiskLength.QuadPart = pix.PartitionLength.QuadPart;
 			partitionStartingOffset = pix.StartingOffset.QuadPart;
 		}
 		// If IOCTL_DISK_GET_PARTITION_INFO_EX fails, switch to IOCTL_DISK_GET_PARTITION_INFO
-		else if (NT_SUCCESS (TCSendHostDeviceIoControlRequest (DeviceObject, Extension, IOCTL_DISK_GET_PARTITION_INFO, (char *) &pi, sizeof (pi))))
+		else if (NT_SUCCESS(TCSendHostDeviceIoControlRequest(DeviceObject, Extension, IOCTL_DISK_GET_PARTITION_INFO, (char*)&pi, sizeof(pi))))
 		{
 			lDiskLength.QuadPart = pi.PartitionLength.QuadPart;
 			partitionStartingOffset = pi.StartingOffset.QuadPart;
 		}
-		else if (NT_SUCCESS (TCSendHostDeviceIoControlRequest (DeviceObject, Extension, IOCTL_DISK_GET_LENGTH_INFO, &diskLengthInfo, sizeof (diskLengthInfo))))
+		else if (NT_SUCCESS(TCSendHostDeviceIoControlRequest(DeviceObject, Extension, IOCTL_DISK_GET_LENGTH_INFO, &diskLengthInfo, sizeof(diskLengthInfo))))
 		{
 			lDiskLength = diskLengthInfo;
 		}
@@ -242,7 +235,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 		ProbingHostDeviceForWrite = TRUE;
 		if (!mount->bMountReadOnly
-			&& TCSendHostDeviceIoControlRequest (DeviceObject, Extension,
+			&& TCSendHostDeviceIoControlRequest(DeviceObject, Extension,
 				IsHiddenSystemRunning() ? TC_IOCTL_DISK_IS_WRITABLE : IOCTL_DISK_IS_WRITABLE, NULL, 0) == STATUS_MEDIA_WRITE_PROTECTED)
 		{
 			mount->bMountReadOnly = TRUE;
@@ -937,6 +930,7 @@ typedef struct
 static VOID TCSendHostDeviceIoControlRequestExWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, TCSendHostDeviceIoControlRequestExWorkItemArgs *arg)
 {
 	UNREFERENCED_PARAMETER(rootDeviceObject);	/* Remove compiler warning */
 	arg->Status = TCSendHostDeviceIoControlRequestEx (arg->deviceObject, arg->Extension, arg->ioControlCode, arg->inputBuffer, arg->inputBufferSize, arg->outputBuffer, arg->outputBufferSize);
 	KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
 }
--- a/src/Driver/VolumeFilter.c
+++ b/src/Driver/VolumeFilter.c
@@ -155,6 +155,7 @@ static BOOL IsSystemVolumePartition (VolumeFilterExtension *Extension)
 static NTSTATUS DispatchControl (PDEVICE_OBJECT DeviceObject, PIRP Irp, VolumeFilterExtension *Extension, PIO_STACK_LOCATION irpSp)
 {
 	NTSTATUS status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp);
 	UNREFERENCED_PARAMETER(DeviceObject);
 	if (!NT_SUCCESS (status))
 		return TCCompleteIrp (Irp, status, 0);
@@ -270,9 +271,10 @@ static NTSTATUS DispatchPnp (PDEVICE_OBJECT DeviceObject, PIRP Irp, VolumeFilter
 }
-static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, VolumeFilterExtension *Extension, PIO_STACK_LOCATION irpSp)
+static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, VolumeFilterExtension *Extension)
 {
 	NTSTATUS status;
 	UNREFERENCED_PARAMETER(DeviceObject);
 	PoStartNextPowerIrp (Irp);
 	status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp);
@@ -304,7 +306,7 @@ NTSTATUS VolumeFilterDispatchIrp (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 		return DispatchPnp (DeviceObject, Irp, Extension, irpSp);
 	case IRP_MJ_POWER:
-		return DispatchPower (DeviceObject, Irp, Extension, irpSp);
+		return DispatchPower (DeviceObject, Irp, Extension);
 	default:
 		status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp);
--- a/src/Format/InPlace.c
+++ b/src/Format/InPlace.c
@@ -375,7 +375,7 @@ int EncryptPartitionInPlaceBegin (volatile FORMAT_VOL_PARAMETERS *volParams, vol
 	PCRYPTO_INFO cryptoInfo2 = NULL;
 	HANDLE dev = INVALID_HANDLE_VALUE;
 	DWORD dwError;
-	char *header;
+	unsigned char *header;
 	WCHAR dosDev[TC_MAX_PATH] = {0};
 	WCHAR devName[MAX_PATH] = {0};
 	int driveLetter = -1;
@@ -393,7 +393,7 @@ int EncryptPartitionInPlaceBegin (volatile FORMAT_VOL_PARAMETERS *volParams, vol
 		return ERR_DONT_REPORT;
-	header = (char *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE);
+	header = (unsigned char *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE);
 	if (!header)
 		return ERR_OUTOFMEMORY;
@@ -600,7 +600,7 @@ int EncryptPartitionInPlaceBegin (volatile FORMAT_VOL_PARAMETERS *volParams, vol
 		}
 		// Write the backup header to the partition
-		if (!WriteEffectiveVolumeHeader (TRUE, dev, (uint8 *) header))
+		if (!WriteEffectiveVolumeHeader (TRUE, dev, header))
 		{
 			nStatus = ERR_OS_ERROR;
 			goto closing_seq;
@@ -753,7 +753,7 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
 {
 	PCRYPTO_INFO masterCryptoInfo = NULL, headerCryptoInfo = NULL, tmpCryptoInfo = NULL;
 	UINT64_STRUCT unitNo;
-	char *buf = NULL, *header = NULL;
+	unsigned char *buf = NULL, *header = NULL;
 	uint8 *wipeBuffer = NULL;
 	uint8 wipeRandChars [TC_WIPE_RAND_CHAR_COUNT];
 	uint8 wipeRandCharsUpdate [TC_WIPE_RAND_CHAR_COUNT];
@@ -783,14 +783,14 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
 	bInPlaceEncNonSysResumed = TRUE;
-	buf = (char *) TCalloc (TC_MAX_NONSYS_INPLACE_ENC_WORK_CHUNK_SIZE);
+	buf = (unsigned char *) TCalloc (TC_MAX_NONSYS_INPLACE_ENC_WORK_CHUNK_SIZE);
 	if (!buf)
 	{
 		nStatus = ERR_OUTOFMEMORY;
 		goto closing_seq;
 	}
-	header = (char *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE);
+	header = (unsigned char *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE);
 	if (!header)
 	{
 		nStatus = ERR_OUTOFMEMORY;
@@ -2301,10 +2301,10 @@ static int OpenBackupHeader (HANDLE dev, const wchar_t *devicePath, Password *pa
 	LARGE_INTEGER offset;
 	DWORD n;
 	int nStatus = ERR_SUCCESS;
-	char *header;
+	unsigned char *header;
 	DWORD dwError;
-	header = (char *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE);
+	header = (unsigned char *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE);
 	if (!header)
 		return ERR_OUTOFMEMORY;
@@ -2315,7 +2315,7 @@ static int OpenBackupHeader (HANDLE dev, const wchar_t *devicePath, Password *pa
 	offset.QuadPart = deviceSize - TC_VOLUME_HEADER_GROUP_SIZE;
 	if (MoveFilePointer (dev, offset) == 0
-		|| !ReadEffectiveVolumeHeader (TRUE, dev, (uint8 *) header, &n) || n < TC_VOLUME_HEADER_EFFECTIVE_SIZE)
+		|| !ReadEffectiveVolumeHeader (TRUE, dev, header, &n) || n < TC_VOLUME_HEADER_EFFECTIVE_SIZE)
 	{
 		nStatus = ERR_OS_ERROR;
 		goto closing_seq;
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -4242,7 +4242,7 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
 				StringCbPrintfW (sw, sizeof(sw), L"%d %s", size * 8, GetString ("BITS"));
 				ListSubItemSet (list, i++, 1, sw);
-				if (wcscmp (EAGetModeName (prop.ea, prop.mode, TRUE), L"XTS") == 0)
+				if (wcscmp (EAGetModeName (prop.mode), L"XTS") == 0)
 				{
 					// Secondary key (XTS)
@@ -4260,7 +4260,7 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
 			// Mode
 			ListItemAdd (list, i, GetString ("MODE_OF_OPERATION"));
-			ListSubItemSet (list, i++, 1, EAGetModeName (prop.ea, prop.mode, TRUE));
+			ListSubItemSet (list, i++, 1, EAGetModeName (prop.mode));
 			// PKCS 5 PRF
 			ListItemAdd (list, i, GetString ("PKCS5_PRF"));
@@ -11047,13 +11047,13 @@ noHidden:
 	}
 	// Store header encrypted with a new key
-	nStatus = ReEncryptVolumeHeader (hwndDlg, (char *) backup, FALSE, volume.CryptoInfo, &VolumePassword, VolumePim, FALSE);
+	nStatus = ReEncryptVolumeHeader (hwndDlg, backup, FALSE, volume.CryptoInfo, &VolumePassword, VolumePim, FALSE);
 	if (nStatus != ERR_SUCCESS)
 		goto error;
 	if (hiddenVolume.VolumeIsOpen)
 	{
-		nStatus = ReEncryptVolumeHeader (hwndDlg, (char *) backup + (legacyVolume ? TC_VOLUME_HEADER_SIZE_LEGACY : TC_VOLUME_HEADER_SIZE),
+		nStatus = ReEncryptVolumeHeader (hwndDlg, backup + (legacyVolume ? TC_VOLUME_HEADER_SIZE_LEGACY : TC_VOLUME_HEADER_SIZE),
 			 FALSE, hiddenVolume.CryptoInfo, &hiddenVolPassword, hiddenVolPim, FALSE);
 		if (nStatus != ERR_SUCCESS)
@@ -11238,7 +11238,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
 		}
 		// Create a new header with a new salt
-		char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
+		unsigned char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
 		nStatus = ReEncryptVolumeHeader (hwndDlg, buffer, FALSE, volume.CryptoInfo, &VolumePassword, VolumePim, FALSE);
 		if (nStatus != 0)
@@ -11398,7 +11398,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
 		/* Read the volume header from the backup file */
-		char buffer[TC_VOLUME_HEADER_GROUP_SIZE];
+		unsigned char buffer[TC_VOLUME_HEADER_GROUP_SIZE];
 		DWORD bytesRead;
 		if (!ReadFile (fBackup, buffer, sizeof (buffer), &bytesRead, NULL))