From c5ad16fdeb0a6f2dc272b5aa5c835093fe49fa7e Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Tue, 15 Aug 2023 11:15:16 +0100 Subject: [PATCH] [wue] add an expert feature to restrict a Windows installation to S Mode * This is placed behind an expert wall (Ctrl-Alt-E) on account that: - If you happen to boot a Windows To Go drive in S Mode on a computer, it may set any existing Windows installation there to S Mode as well, *even if their disk is offline!* - It can be *exceedingly* tricky to get out of S Mode, as the SkuPolicyRequired registry trick alone may not be enough (i.e. You can have very much a Windows install in S Mode *without* SkuPolicyRequired being set anywhere). * Also set version to rufus-next and fix a ChangeLog typo. --- ChangeLog.txt | 2 +- configure | 20 ++++++++++---------- configure.ac | 2 +- res/loc/rufus.loc | 2 ++ src/rufus.c | 38 ++++++++++++++++++++++++++++---------- src/rufus.h | 3 ++- src/rufus.rc | 12 ++++++------ src/settings.h | 1 + src/wue.c | 9 +++++++++ 9 files changed, 60 insertions(+), 29 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index d947f451..0cb2abaf 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -4,7 +4,7 @@ o Version 4.2 (2023.07.26) Add saving and restoring current drive to/from compressed VHDX image Add saving and restoring current drive to/from compressed FFU (Full Flash Update) image [EXPERIMENTAL] Fix a crash when trying to open Windows ISOs, with the MinGW compiled x86 32-bit version - Fix an issue where ISOs that contain a boot image with an 'EFI' label are not be detected bootable + Fix an issue where ISOs that contain a boot image with an 'EFI' label are not detected as bootable Increase the ISO → ESP limit for Debian 12 netinst images Ensure that the main partition size is aligned to the cluster size diff --git a/configure b/configure index d2115037..69835a42 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for rufus 4.2. +# Generated by GNU Autoconf 2.71 for rufus 4.3. # # Report bugs to . # @@ -611,8 +611,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='rufus' PACKAGE_TARNAME='rufus' -PACKAGE_VERSION='4.2' -PACKAGE_STRING='rufus 4.2' +PACKAGE_VERSION='4.3' +PACKAGE_STRING='rufus 4.3' PACKAGE_BUGREPORT='https://github.com/pbatard/rufus/issues' PACKAGE_URL='https://rufus.ie' @@ -1269,7 +1269,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures rufus 4.2 to adapt to many kinds of systems. +\`configure' configures rufus 4.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1336,7 +1336,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of rufus 4.2:";; + short | recursive ) echo "Configuration of rufus 4.3:";; esac cat <<\_ACEOF @@ -1428,7 +1428,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -rufus configure 4.2 +rufus configure 4.3 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1504,7 +1504,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by rufus $as_me 4.2, which was +It was created by rufus $as_me 4.3, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2767,7 +2767,7 @@ fi # Define the identity of the package. PACKAGE='rufus' - VERSION='4.2' + VERSION='4.3' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -5309,7 +5309,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by rufus $as_me 4.2, which was +This file was extended by rufus $as_me 4.3, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5365,7 +5365,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -rufus config.status 4.2 +rufus config.status 4.3 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 2a531578..d1f2b960 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([rufus], [4.2], [https://github.com/pbatard/rufus/issues], [rufus], [https://rufus.ie]) +AC_INIT([rufus], [4.3], [https://github.com/pbatard/rufus/issues], [rufus], [https://rufus.ie]) AM_INIT_AUTOMAKE([-Wno-portability foreign no-dist no-dependencies]) AC_CONFIG_SRCDIR([src/rufus.c]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/res/loc/rufus.loc b/res/loc/rufus.loc index 3d99cea8..6456538f 100644 --- a/res/loc/rufus.loc +++ b/res/loc/rufus.loc @@ -609,6 +609,8 @@ t MSG_344 "Full Flash Update Image" t MSG_345 "Some additional data must be downloaded from Microsoft to use this functionality:\n" "- Select 'Yes' to connect to the Internet and download it\n" "- Select 'No' to cancel the operation" +t MSG_346 "Restrict Windows to S-Mode (INCOMPATIBLE with online account bypass)" +t MSG_347 "Expert Mode" # The following messages are for the Windows Store listing only and are not used by the application t MSG_900 "Rufus is a utility that helps format and create bootable USB flash drives, such as USB keys/pendrives, memory sticks, etc." t MSG_901 "Official site: %s" diff --git a/src/rufus.c b/src/rufus.c index 79ba301d..64b8a9ee 100755 --- a/src/rufus.c +++ b/src/rufus.c @@ -129,6 +129,7 @@ BOOL usb_debug, use_fake_units, preserve_timestamps = FALSE, fast_zeroing = FALS BOOL zero_drive = FALSE, list_non_usb_removable_drives = FALSE, enable_file_indexing, large_drive = FALSE; BOOL write_as_image = FALSE, write_as_esp = FALSE, use_vds = FALSE, ignore_boot_marker = FALSE; BOOL appstore_version = FALSE, is_vds_available = TRUE, persistent_log = FALSE, has_ffu_support = FALSE; +BOOL expert_mode = FALSE; float fScale = 1.0f; int dialog_showing = 0, selection_default = BT_IMAGE, persistence_unit_selection = -1, imop_win_sel = 0; int default_fs, fs_type, boot_type, partition_type, target_type; @@ -1514,8 +1515,8 @@ static DWORD WINAPI BootCheckThread(LPVOID param) if ((WindowsVersion.Version >= WINDOWS_8) && IS_WINDOWS_1X(img_report)) { StrArray options; int arch = _log2(img_report.has_efi >> 1); - uint8_t map[8] = { 0 }, b = 1; - StrArrayCreate(&options, 2); + uint16_t map[16] = { 0 }, b = 1; + StrArrayCreate(&options, 8); StrArrayAdd(&options, lmprintf(MSG_332), TRUE); MAP_BIT(UNATTEND_OFFLINE_INTERNAL_DRIVES); if (img_report.win_version.build >= 22500) { @@ -1529,16 +1530,20 @@ static DWORD WINAPI BootCheckThread(LPVOID param) MAP_BIT(UNATTEND_DUPLICATE_LOCALE); StrArrayAdd(&options, lmprintf(MSG_331), TRUE); MAP_BIT(UNATTEND_NO_DATA_COLLECTION); + if (expert_mode) { + StrArrayAdd(&options, lmprintf(MSG_346), TRUE); + MAP_BIT(UNATTEND_FORCE_S_MODE); + } i = CustomSelectionDialog(BS_AUTOCHECKBOX, lmprintf(MSG_327), lmprintf(MSG_328), - options.String, options.Index, remap8(unattend_xml_mask, map, FALSE), username_index); + options.String, options.Index, remap16(unattend_xml_mask, map, FALSE), username_index); StrArrayDestroy(&options); if (i < 0) goto out; // Remap i to the correct bit positions before calling CreateUnattendXml() - i = remap8(i, map, TRUE); + i = remap16(i, map, TRUE); unattend_xml_path = CreateUnattendXml(arch, i | UNATTEND_WINDOWS_TO_GO); // Keep the bits we didn't process - unattend_xml_mask &= ~(remap8(0xff, map, TRUE)); + unattend_xml_mask &= ~(remap16(0x1ff, map, TRUE)); // And add back the bits we did process unattend_xml_mask |= i; WriteSetting32(SETTING_WUE_OPTIONS, (UNATTEND_DEFAULT_MASK << 16) | unattend_xml_mask); @@ -1576,8 +1581,8 @@ static DWORD WINAPI BootCheckThread(LPVOID param) if ((WindowsVersion.Version >= WINDOWS_8) && IS_WINDOWS_1X(img_report) && (!is_windows_to_go)) { StrArray options; int arch = _log2(img_report.has_efi >> 1); - uint8_t map[8] = { 0 }, b = 1; - StrArrayCreate(&options, 4); + uint16_t map[16] = { 0 }, b = 1; + StrArrayCreate(&options, 10); if (IS_WINDOWS_11(img_report)) { StrArrayAdd(&options, lmprintf(MSG_329), TRUE); MAP_BIT(UNATTEND_SECUREBOOT_TPM_MINRAM); @@ -1595,15 +1600,19 @@ static DWORD WINAPI BootCheckThread(LPVOID param) MAP_BIT(UNATTEND_NO_DATA_COLLECTION); StrArrayAdd(&options, lmprintf(MSG_335), TRUE); MAP_BIT(UNATTEND_DISABLE_BITLOCKER); + if (expert_mode) { + StrArrayAdd(&options, lmprintf(MSG_346), TRUE); + MAP_BIT(UNATTEND_FORCE_S_MODE); + } i = CustomSelectionDialog(BS_AUTOCHECKBOX, lmprintf(MSG_327), lmprintf(MSG_328), - options.String, options.Index, remap8(unattend_xml_mask, map, FALSE), username_index); + options.String, options.Index, remap16(unattend_xml_mask, map, FALSE), username_index); StrArrayDestroy(&options); if (i < 0) goto out; - i = remap8(i, map, TRUE); + i = remap16(i, map, TRUE); unattend_xml_path = CreateUnattendXml(arch, i); // Remember the user preferences for the current session. - unattend_xml_mask &= ~(remap8(0xff, map, TRUE)); + unattend_xml_mask &= ~(remap16(0x1ff, map, TRUE)); unattend_xml_mask |= i; WriteSetting32(SETTING_WUE_OPTIONS, (UNATTEND_DEFAULT_MASK << 16) | unattend_xml_mask); } @@ -3556,6 +3565,7 @@ skip_args_processing: enable_file_indexing = ReadSettingBool(SETTING_ENABLE_FILE_INDEXING); enable_VHDs = !ReadSettingBool(SETTING_DISABLE_VHDS); enable_extra_hashes = ReadSettingBool(SETTING_ENABLE_EXTRA_HASHES); + expert_mode = ReadSettingBool(SETTING_EXPERT_MODE); ignore_boot_marker = ReadSettingBool(SETTING_IGNORE_BOOT_MARKER); persistent_log = ReadSettingBool(SETTING_PERSISTENT_LOG); save_image_type = ReadSettingStr(SETTING_PREFERRED_SAVE_IMAGE_TYPE); @@ -4074,6 +4084,14 @@ extern int TestHashes(void); } // Other hazardous cheat modes require Ctrl + Alt + // Ctrl-Alt-E => Expert Mode + if ((msg.message == WM_KEYDOWN) && (msg.wParam == 'E') && + (GetKeyState(VK_CONTROL) & 0x8000) && (GetKeyState(VK_MENU) & 0x8000)) { + expert_mode = !expert_mode; + WriteSettingBool(SETTING_EXPERT_MODE, expert_mode); + PrintStatusTimeout(lmprintf(MSG_347), expert_mode); + continue; + } // Ctrl-Alt-F => List non USB removable drives such as eSATA, etc - CAUTION!!! if ((msg.message == WM_KEYDOWN) && (msg.wParam == 'F') && (GetKeyState(VK_CONTROL) & 0x8000) && (GetKeyState(VK_MENU) & 0x8000)) { diff --git a/src/rufus.h b/src/rufus.h index 012530a6..e1fc1cf8 100644 --- a/src/rufus.h +++ b/src/rufus.h @@ -572,6 +572,7 @@ typedef struct { #define UNATTEND_DUPLICATE_LOCALE 0x00020 #define UNATTEND_SET_USER 0x00040 #define UNATTEND_DISABLE_BITLOCKER 0x00080 +#define UNATTEND_FORCE_S_MODE 0x00100 #define UNATTEND_DEFAULT_MASK 0x000FF #define UNATTEND_WINDOWS_TO_GO 0x10000 // Special flag for Windows To Go @@ -580,7 +581,7 @@ typedef struct { #define UNATTEND_OOBE_SHELL_SETUP_MASK (UNATTEND_NO_DATA_COLLECTION | UNATTEND_SET_USER) #define UNATTEND_OOBE_INTERNATIONAL_MASK (UNATTEND_DUPLICATE_LOCALE) #define UNATTEND_OOBE_MASK (UNATTEND_OOBE_SHELL_SETUP_MASK | UNATTEND_OOBE_INTERNATIONAL_MASK | UNATTEND_DISABLE_BITLOCKER) -#define UNATTEND_OFFLINE_SERVICING_MASK (UNATTEND_OFFLINE_INTERNAL_DRIVES) +#define UNATTEND_OFFLINE_SERVICING_MASK (UNATTEND_OFFLINE_INTERNAL_DRIVES | UNATTEND_FORCE_S_MODE) #define UNATTEND_DEFAULT_SELECTION_MASK (UNATTEND_SECUREBOOT_TPM_MINRAM | UNATTEND_NO_ONLINE_ACCOUNT | UNATTEND_OFFLINE_INTERNAL_DRIVES) /* diff --git a/src/rufus.rc b/src/rufus.rc index bf3084b4..32b1fed1 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 4.2.2074" +CAPTION "Rufus 4.3.2075" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -392,8 +392,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 4,2,2074,0 - PRODUCTVERSION 4,2,2074,0 + FILEVERSION 4,3,2075,0 + PRODUCTVERSION 4,3,2075,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -411,13 +411,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "4.2.2074" + VALUE "FileVersion", "4.3.2075" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2023 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" - VALUE "OriginalFilename", "rufus-4.2.exe" + VALUE "OriginalFilename", "rufus-4.3.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "4.2.2074" + VALUE "ProductVersion", "4.3.2075" END END BLOCK "VarFileInfo" diff --git a/src/settings.h b/src/settings.h index bf8c8ab2..0a95d1f6 100644 --- a/src/settings.h +++ b/src/settings.h @@ -42,6 +42,7 @@ extern char* ini_file; #define SETTING_ENABLE_USB_DEBUG "EnableUsbDebug" #define SETTING_ENABLE_VMDK_DETECTION "EnableVmdkDetection" #define SETTING_ENABLE_WIN_DUAL_EFI_BIOS "EnableWindowsDualUefiBiosMode" +#define SETTING_EXPERT_MODE "ExpertMode" #define SETTING_FORCE_LARGE_FAT32_FORMAT "ForceLargeFat32Formatting" #define SETTING_IGNORE_BOOT_MARKER "IgnoreBootMarker" #define SETTING_INCLUDE_BETAS "CheckForBetas" diff --git a/src/wue.c b/src/wue.c index 5e76609b..d81fb25a 100644 --- a/src/wue.c +++ b/src/wue.c @@ -117,6 +117,7 @@ char* CreateUnattendXml(int arch, int flags) "publicKeyToken=\"31bf3856ad364e35\" versionScope=\"nonSxS\">\n", xml_arch_names[arch]); fprintf(fd, " \n"); // This part was picked from https://github.com/AveYo/MediaCreationTool.bat/blob/main/bypass11/AutoUnattend.xml + // NB: This is INCOMPATIBLE with S-Mode below if (flags & UNATTEND_NO_ONLINE_ACCOUNT) { uprintf("• Bypass online account requirement"); fprintf(fd, " \n"); @@ -226,6 +227,14 @@ char* CreateUnattendXml(int arch, int flags) fprintf(fd, " 4\n"); fprintf(fd, " \n"); } + if (flags & UNATTEND_FORCE_S_MODE) { + uprintf("• Enforce S Mode"); + fprintf(fd, " \n", xml_arch_names[arch]); + fprintf(fd, " 1\n"); + fprintf(fd, " \n"); + } fprintf(fd, " \n"); }