* This is accomplished through Fido (https://github.com/pbatard/Fido), a *SIGNED*
PowerShell script, that is downloaded from GitHub and that resides in memory for
the duration of a session.
* The reason we use a downloaded PS script, rather than an embedded on, is because:
- Microsoft have regularly been changing the deal with regards to how retail ISOs
can be downloaded, and not for the better, so we can't simply embed a static
means of downloading ISOs and expect that to work forever.
- By using an external script, we can immediately respond to whatever new means of
*ANNOYING* their legitimate users Microsoft will come up with next, as well as
make sure that, the minute a new retail version of Windows becomes available, it
also becomes available for download in Rufus.
* Note that if you are concerned about downloading a remote PS script that is being
run at the same level as an elevated application, you should understand that:
- Only scripts downloaded from GitHub, from an account that is protected with 2FA,
are allowed to run (i.e. someone would first have to steal a *physical* 2FA key
to be in a position to upload a malicious script).
- On top of this, only scripts that are signed with a separate private key (RSA +
AES-256), that is itself also protected with a strong unique password which only
a single person knows (and must manually enter each time they want to make a new
version of the script available for download), are allowed to run.
The above means that there's about as much chance for someone to manage to upload
a malicious script on the GitHub servers, that Rufus would allow to run, as there
is for someone to upload a malicious version of Rufus itself.
Still, if you are paranoid and have concerns that, even as you can validate from
its source that Rufus does not attempt to execute any remote script unless a user
actively selected and clicked the DOWNLOAD button, you can also completely disable
the remote script download feature, if you just set the update check to disabled
(which, by the way, Rufus *EXPLICITLY* asks you to choose whether you want to
enable or not, the very first time you run the application).
* Also remove _unlinkU() which duplicates what DeleteFileU() already does.
* Closes#1268
* Issue was introduced in 521034da99 and has
to do with VS2017's handling of static strings in RELEASE mode.
Fix is to use a static char array instead.
* Also fix MinGw build warnings and increase process search timeout
* Relying on system MUIs was too brittle and provides us with no guarantee
that the translated messages we need will actually be there.
* Also fix space before question mark in French translation.
* With no thanks whatsoever to Microsoft for *NOT* documenting that you need
to pass flag 0x2000000 to WIMCreateFile() if you want to avoid an open error.
One has to wonder if Microsoft isn't deliberately adding *BULLSHIT FLAGS*
that only they know of, to hinder competing third-party tools...
* FAT32 would become available and selected as default FS when
selecting a Windows ISO with a >4GB file and then clicking
"Show advanced drive properties".
* Range not being set when plugging a drive
* Set position to zero when no drive is selected
* Make sure the restored position can not be greater than the max
* Now only use major.minor for version references
* Drop the use of LOC_FRAMEWORK_VERSION. We'll use custom handling if we ever need a framework change.
* Also update/fix some of the UI elements for persistent partition
* Also reposition the language selection menu when we don't have a large number of them
* Ctrl-Alt-Z can now be used to zero a drive, while skipping blocks that are detected empty
* Depending on your hardware, as well as the existing drive content, this strategy can greatly
speed up zeroing operations, especially if the flash memory's read speed is much higher than
its write speed.
* Closes#1174
* Also add a test ISO to display these controls
* The intent is to use the next round of translation to get these new UI elements localized,
as any translation work takes _months_, and it is a precondition to start working on #691.
* Also fix new issues with image options when switching language
* This doesn't mean we'll get persistence support any time soon, but any UI work
on this needs to be carried out *MONTHS* in advance because of the translators.
* Use a default block size of 128 KB (can speed up read operations)
* Reorganise patterns to suit different types of NAND cells (SLC, MLC and TLC)
* Only run fake drive test on first pass
* Also update rufus-next to 3.2
* We now auto resize the height of the Notification dialog according to the
number of lines of the message.
* Also harmonize local RECT variable names according to what we do elsewhere.
* *THIS* is what you need to do to replace Microsoft's broken SetDllDirectory("")
implementation and mitigate DLL sideloading from local directories.
* Also fix some comment typos
* Because of Windows' poor handling of toolbar buttons' tooltips, an unwanted
tooltip could be displayed onscreen after closing the log.
* Also fix an issue when Rufus would reset the partition type to GPT after a
user created an MBR flash drive (e.g. after creating a Windows bootable USB).
* Whole screen was being refreshed when calling InvalidateRect() in ResizeMoveCtrl()
* Progress bar bounding rectangle could be erased at 0.0%
* No progress was displayed when writing ISOHybrid images in DD mode
* Also fix an issue when write error would not display the error string
* File indexing is too much of an annoyance on removable drives anyway
and this should help with perf and access issues
* Alt-Q cheat mode is now changed to re-enable file indexing
* Also fix a rogue 'else' in the code
* Needed because native Windows produces obnoxious tearing on redrawing.
* Also rename global partition scheme variable back to 'pt'
* Also fix major and minor version numbers in the .rc
* Super-strange behaviour, that happens on Windows 7, at low zoom
factors, only when compiled with MSVC (MinGW is fine) and only
when the advanced options are set to be displayed on startup...
* Looks like TB_GETIDEALSIZE is screwy - Thanks a lot Microsoft!
* Add timestamp processing for nested signature and check for anomalous differences
* Also prevent attack scenarios that may attempt to leverage multiple nested signatures or countersigners
* Simplify code by using CryptDecodeObjectEx/WinVerifyTrustEx and improve timestamp reporting
* Required to support Debian Live 9.1 in ISO mode
* Note that this only works if the efi.img boot files do not require
additional content besides the one extracted from the ISO.
* Don't duplicate the PrintInfo() from DownloadFile()
* Make sure caret is disabled and displayed text will not appear selected
* Also update MSG_085 and remove unneeded MSG_240
* Add a WaitForSingleObjectWithMessages() call so that we can process Windows messages
while waiting on events (prevents lockup while issuing log messages)
* Limit the total duration of CheckDriveAccess() to 2 seconds
* Allow for user cancellation
* Also update code to use the Edit_####() predefined macros for Edit controls instead of EM_### messages
* The process search appears to be blocking on some platform, and we
also don't want users to have to wait too long on format startup
* Also update the update check for Windows XP SSL errors
* Rufus now checks for processes with handles opened on the drives/volumes before
starting the format operation and asks the user if they want to continue.
* This mimics Windows' behaviour when formatting drives, and actually uses the
same message as the one from shell32.dll.mui.
* Closes#773
* Fix memory leaks due to not releasing the heap
* Also speed up lookups by not reopening the same process twice in a row
* Also make the usb_debug variable global so we can use uuprintf everywhere
* Enable the use of GPT on REMOVABLE drives, if the host is Windows 10 CU
* Don't display the message about REMOVABLE boot, if the target is Windows 10 CU
* Not having FILE_SHARE_WRITE on a disk or volume handle helps
prevent spurious accesses from the OS or other apps while we
are repartitioning/refomatting.
* It appears that 1.5TB and 2TB HDDs, accessed trough some Seagate ow WD USB ↔ SATA
controllers, can report that 0 bytes were written on WriteFile(), even though all
the data was effectively written. 1TB HDDs, accessed through the same controller,
do not report this issue. So add a workaround for that.
* Also see #787
* Tooltips can only be manipulated from the same thread as the one that created their parent
* Also increase the SetLGP() timeout as this seems to be problematic
* Closes#764
* Since, despite what Microsoft states, having 'requireAdministrator' in a manifest STILL isn't
enough to prevent an app from launching as non elevated for some weird account configurations...
* Closes#757
* Downloadable content will now be indicating, in the log, whether it can be trusted with ✓ (validated) or ✗ (caution)
* Of course this validation only applies for files we know of, i.e. the downloadable content that existed at the time the DB was
created. So, if Syslinux 8.x gets released tomorrow and we put it on our server, you'll get an ✗ regardless of its integrity.
* Closes#758
* Could be useful for current tails user (6.03 based, same as ours)
who want to create an UFD without downloading files.
* Also improve the buffer overflow check in syslinux/libinstaller/syslxmod.c