1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2026-07-09 06:55:39 +00:00
Commit graph

75 commits

Author SHA1 Message Date
Pete Batard
a8901f5e58
[core] switch to jserv/cregex for the regexp parser
* We need group support for group matches and tiny-regex-c doesn't support them.
2025-06-27 15:29:08 +01:00
ozone10
170440e51c
[ui] add dark mode support
* Also fix erroneous use of EndDialog() instead of DestroyWindow() in rufus.c,
  which resulted in WM_DESTROY/WM_NCDESTROY messages not being generated.
* Closes #2713.
* Closes #2510.
* Closes #1453.
2025-06-17 14:41:31 +01:00
Pete Batard
01d18d99de
[misc] remove manual hooks into ntdll
* Since we are now liking with ntdll directly, we can remove all the hooks we applied
  and just use regular calls. We also rename process.h to ntdll.h as a result.
2025-05-14 10:43:45 +01:00
Pete Batard
4adfa4f37e
[misc] more MinGW DLL side loading "improvements"
- Side load SetupAPI.dll, as this is the DLL that was causing the CfgMgr32.dll local load.
  This reverts part of 622e60659c since we no longer have to hook into CfgMgr32.dll directly.
- Also set the redefinition of DECLSPEC_IMPORT, which we need for MinGW32 x86, in the global AM_CFLAGS
  of configure.ac, so that we no longer have to worry about forgetting to do it in a source and experience
  crashes on 32-bit as a result (See 965759f58a).
- Also delay-load crypt32.dll while we're at it.
- Also add provision for enabling /DEPENDENTLOADFLAG:0x800 on MinGW, by leaving a properly crafted entry
  in the .rdata section that can then be used with the loadcfg.py Python script.
- Sadly, per https://github.com/pbatard/rufus/issues/2701#issuecomment-2874788564 and subsequent comment,
  having DependentLoadFlags set to LOAD_LIBRARY_SEARCH_SYSTEM32 is still not enough to take care of side
  loading issues, as, ever since the introduction of wimlib support, we are seeing CRYPTBASE.DLL being
  side-loaded in MinGW, and, even with crypt32.dll being delay-loaded there is literally *nothing* we can
  do about it!
- The end result of all the above is that we will have no choice but ditch MinGW for release executables
  as it's just impossible to properly take care of side-loading vulnerabilities with MinGW (and Microsoft
  are REALLY not helping with this whole mess either, when they don't even use LOAD_LIBRARY_SEARCH_SYSTEM32
  for Windows' system DLLs).
- In preparation for this, we add UPX compression to the x86_64 and x86_32 MSVC executables.
- Finally, we also fix one last Coverity warning in xml.c and remove duplicates in .vcxproj for ARM64.
2025-05-13 20:31:35 +01:00
Pete Batard
96996ae1ee
[vhd] add libcdio integration to wimlib
* Allows working with WIMs without mounting the ISO by referencing something like "C:\Downloads\Windows.iso|sources/install.wim".
2025-05-02 17:28:42 +01:00
Pete Batard
9f7d623e2e
[vhd] add wimlib support
* This includes all the changes applied to wimlib for MSVC compilation support.
* The vast majority of these changes were original, but a very small set came
  was lifted from https://github.com/ebiggers/wimlib/pull/6 (which we discovered
  after we went through this whole exercise on our own...)
2025-05-02 17:25:37 +01:00
Pete Batard
e60dd7edb8
[wue] add ezxml support for WIM index parsing
* ezxml was partially altered with some changes from PRs found at https://github.com/lxfontes/ezxml.
* Also apply some small improvements to msapi_utf8.h.
2025-05-02 16:51:30 +01:00
Pete Batard
b895f26ebc
[misc] miscellaneous cleanup
* Make sure we use _M_IX86 and _M_X64 where required.
* Fix some static analysis warnings.
* Update version for rufus-next.
2025-04-21 20:20:59 +01:00
Pete Batard
fdde687d46
[uefi] embed and allow the download of official signed DBX binaries
* With Microsoft having finally relinquished the terms of use of DBX binaries (where their
  previous legalese pretty much made it illegal for anyone who wasn't an OS manufacturer to
  download DBX for use in applications) we can now formally embed, as well as download the
  DBXs when they are updated.
* This is accomplished by querying the https://github.com/microsoft/secureboot_objects
  GitHub repo (which is now the official repository for the UEFI Forum's revocation files)
  through api.github.com and checking the timestamps of the last commit on the relevant files.
  If a more recent DBX is found than the one embedded (or a previously downloaded one), Rufus
  will now prompt the user to download it, as part of its regular update check (if enabled).
* Note that, since there have been no official revocations for them yet, IA64, RISCV64 and
  LoongArch64 are currently placeholders.
* Also note that we currently don't use this mechanism for Microsoft's SVN revocations, as
  we already have a more efficient check for it through SBAT.
* Also fix the handling of the RISCV64 MD5Sum UEFI bootloader, whose offset was incorrect.
2025-03-27 16:11:45 +00:00
Pete Batard
bc75274a9a
[msvc] further prevent DLL side-loading by using /DEPENDENTLOADFLAG:0x800
* Suggested by @dimhotepus per #2701.
* Sadly a similar feature can't be applied for MinGW builds. (See also https://sourceforge.net/p/mingw-w64/mailman/message/59156023/)
* While we're at it, also sure we use /BREPRO everywhere for MSVC reproducible builds.
2025-03-04 11:47:11 +00:00
Pete Batard
79f1209ab9
[misc] arch/cpu refactoring
* Move the cpu.c/cpu.h in more logical places and remove these sources files.
* Add detection for LoongArch64 EFI bootloaders.
* Pass the detected CPU arch when invoking Fido.
* Also fix some Bled Coverity warnings.
2024-12-02 19:04:51 +00:00
Pete Batard
8f3a9c1c7c
[cmp] update Bled to latest
* This mostly updates the ZSTD code to latest and properly removes all debug message.
* Also switch MinGW from gnu99 to gnu11.
2024-11-27 17:19:36 +00:00
Pete Batard
cef7a5cb0c
[cmp] add ztsd image compression support
* Based on the latest Bled, which adds ztsd compression support.
* Note that initial extraction of the 512 bytes MBR is very slow, because is seems
  clear that ZSTD was never designed for fast init or processing small elements of
  data, but instead for post init large volume streaming.
* Also note that this code adds 400 KB to the Rufus executable *AFTER UPX COMPRESSION*!
  Hopefully, the BusyBox folks can come up with a better and smaller way to add zstd
  support, because it's clear that the method used by the current BusyBox proposal,
  which is to leave as much of the original code untouched, isn't for the best...
* Closes #2590.
* Closes #2620.
* Closes #2621.
2024-11-22 23:25:33 +00:00
Mohmed abdel-fattah
9b3c11122b
[misc] reinstate delay-loading of wininet and virtdisk DLLs
* Per #2272 and #1877, MinGW has issues when delay loading libraries, but
  it is possible to apply a workaround to alleviate them, by redefining
  DECLSPEC_IMPORT before including the corresponding headers.
* This is a bit more tricky to accomplish for virtdisk, as MinGW's windows.h
  header does include virtdisk.h on its own (rather than expect a formal
  include as MSVC does), so we have to prevent the virtdisk.h inclusion
  first, by defining a macro, and then apply our workaround.
* Per https://sourceforge.net/p/mingw-w64/mailman/mingw-w64-public/thread/ea87573f-65ea-44a2-b4bb-ca96c0a136ab%40akeo.ie/#msg58793876
  we are hoping that this should be a temporary workaround and that the root
  cause of the issue will be fixed in binutils.
* Closes #2513.
2024-07-13 17:43:40 +01:00
Pete Batard
64e85ed09a
[uefi] don't revoke Windows 11 or post Windows 10 20H1 boot media yet
* As opposed to what we originally asserted, Microsoft did enact a blanket revocation
  in SkuSiPolicy.p7b for all post 1703 up to 2305 Windows UEFI bootloaders.
* As a result, unconditionally copying SkuSiPolicy.p7b will result in media as recent
  as Windows 11 22H2 (v1) being flagged as revoked, which we don't want to enforce as
  long as Microsoft themselves haven't entered the enforcing phase of their Black
  Lotus mitigation (currently planned for early 2024).
* Because of this, while we add some revocation detection for post 1703 bootloaders,
  we set it to only go as far as 20H1 for now, which means that all post 20H1 Windows
  10 media and all Windows 11 media will not yet be flagged by Rufus as revoked and
  will still boot in a Secure Boot environment due to lack of an SkuSiPolicy.p7b.
* Ultimately, per #2244 we may look for a BOOTMGRSECURITYVERSIONNUMBER resource to
  blanket revoke all post 1703 - pre 2305 Windows UEFI bootloaders.
* Also remove the now unused comdlg32 library from the linker.
2023-07-15 23:20:59 +02:00
Pete Batard
f9370e002e
[iso] fix a crash when parsing Windows ISOs with MinGW x86_32
* MinGW32's delay loading functionality is not yet up to par with MSVC's and especially, for
  some libraries (wininet, virtdisk) attempting to delay load them simply crashes the runtime.
* This results in the MinGW32 version of the app crashing when selecting a Windows ISO, as we
  will then try to mount the ISO using virtdisk to poke the build version. Note that this crash
  does not happen with the MinGW64 version or with MSVC.
* Closes #2272.
* Also fix a Coverity warning in SaveImageThread() and improve the VHD saving code.
2023-07-02 13:15:51 +01:00
Pete Batard
090bfb9770
[misc] rename checksum.c to hash.c 2023-06-11 16:18:26 +01:00
Pete Batard
0df68b6af9
[misc] further Windows 7 specifics removals
* Also remove some unused code in stdlg.c
* Note that virtdisk appears to be a vulnerable library, so we go
  through delay loading yet again...
2023-04-28 17:46:05 +01:00
Pete Batard
af8f68c305
[msvc] enable Structured Exception Handling (SEH) in process.c
* We are seeing reports of access violation exceptions being generated
  when looking for processes, with the App Store version.
* Since this is not critical code, add an SEH handler to ignore those.
2023-04-01 15:50:59 +02:00
Pete Batard
e524e81e99
[iso] improve Rock Ridge CE handling 2023-03-23 14:47:53 +00:00
Pete Batard
fac433a0fe
[loc] set up Windows Store listing translations (part 1)
* MSG_900+ will be used for Windows Store translation, so add them
  and makes sure these get filtered out from embedded.loc.
* Also make sure we don't get a "Translated by:" in the English version
  when compiled with VS2022.
* Also add Store screenshots and update listing.csv so that we can
  autogenerate and upload a complete translation update to the store.
2023-02-03 17:03:06 +00:00
Pete Batard
43c6290143
[misc] generate PDBs for Visual Studio builds
* Even if this makes the resulting executable slightly larger, this should help
  with troubleshooting, especially for the Windows Store releases.
* Also drop the "since 2019" from the Downloads badge, since once you reach 100M
  the start date for the counter becomes a bit meaningless...
2023-01-30 19:21:08 +00:00
Jeffrey Walton
36f4716afd
[checksum] enable x86 acceleration if the CPU supports it
* Newer Intel and AMD CPUs have SSE extensions for SHA-1 and SHA-256 acceleration.
* Add new cpu.c/cpu.h sources to detect the extensions, and use them in checksum.c
  if available.
* Acceleration code is taken from https://github.com/noloader/SHA-Intrinsics.
2022-12-08 11:15:48 +00:00
Pete Batard
8814944c35
[wue] improve Windows version reporting from ISO/.wim
* Pick the version and build number directly from the install[.wim|.esd] XML index.
  This forces us to mount the ISO during scan, but it's the only way to get an accurate Build number...
* Also drop linking to version.dll (along with the whole version.dll delay-loading shenanigans).
2022-10-04 11:58:30 +01:00
Pete Batard
fbad63666e
[wue] add fallback to index 1 if boot.wim index 2 is not available
* Some "unofficial" Windows ISOs use a custom boot.wim that only includes the Setup
  image at index 1, rather than at index 2, after the PE image, for official ISOs.
* Also refactor to add a long needed vhd.h header.
* Also fix a MinGW warning.
2022-08-02 20:14:29 +01:00
Pete Batard
a19828c9d1
[wue] move WUE, Windows To Go and WinPE calls to their own source 2022-07-25 13:18:14 +01:00
Pete Batard
d9a7a03834
[vhd] improve mounting/unmounting of WIM
* Also fix wininet not having been removed from DelayLoadDLLs except x64.
2022-07-07 11:20:30 +01:00
Pete Batard
c76327f96e
[ui] list drives by increasing order of size
* Also silence MSVC and MinGW obnoxious warnings about bidirectional Unicode characters.
2022-05-25 13:22:47 +01:00
Pete Batard
4cdbad283a
[loc] update Polish translation
* Closes #1916
* Also removes wininet.dll from MSVC vcxproj.
2022-05-02 11:21:16 +01:00
Pete Batard
d029551929
[core] drop direct hooking into dwmapi DLL and use delay-loading instead
* Now that we can delay-load DLLs for both MinGW and MSVC, we can also remove
  the direct DLL hook that was added into dwmapi.dll due to side loading and
  revert to using a direct API call instead.
* This reverts part of e1d864f755.
* Also attempt to silence that damn Coverity warning.
2022-04-12 13:55:33 +01:00
Pete Batard
3194a4dac4
[net] drop direct hooking into wininet DLL and use delay-loading instead
* Now that we can delay-load DLLs for both MinGW and MSVC, we can remove the
  cumbersome direct DLL hooks into wininet.dll (which is vulnerable to side
  loading when not delay-loaded) and revert to using direct API calls instead.
* This reverts part of e1d864f755.
* Also attempt to silence a Coverity warning.
2022-04-12 13:35:41 +01:00
Pete Batard
e7b66e7e4c
[mingw] use delay loading for DLLs that are subject to side loading
* This reverts much of commits f6ac559f4d and 1947266837
  so that we call the Windows APIs directly again, while ensuring that, by the time we load the DLLs,
  sideloading mitigation has already been applied by the application.
* This is a continuation of #1877, and should help prevent re-introducing side-loading issues when we
  link against new libraries, as well as allow us to drop some of the manual DLL hooking we've been
  doing to prevent it, to clean up the code.
* Note that this is a bit more complex than what the stackoverflow post suggests, because we need to
  create delayloaded libs for both 32-bit and 64-bit, which use a different calling convention and
  therefore need to use different .def files. So there's a lot of gymkhana involved, with Makefiles
  and whatnot, to get us there.
* Also simplify the use of CM_Get_DevNode_Registry_PropertyA() in dev.c since recent versions of
  MinGW now have support for it.
* Also fix 2 small issues in net.c (potential overflow) and format.c (memory leak).
2022-04-12 11:09:59 +01:00
Pete Batard
3528ca773d
[iso] add support for distros using a NONSTANDARD GRUB 2.0 prefix directory
* Looking at you, openSUSE Live and GeckoLinux!
2022-04-07 01:58:22 +01:00
Pete Batard
1947266837
[pki] don't link with wintrust.lib
* WinTrust.lib is responsible for the MSASN1.dll sideloading issue described in #1877,
  so, since we only use it for WinVerifyTrustEx(), hook into that function manually.
* Closes #1877 for the MinGW side.
* Note that we will probably try to use the method suggested by @assarbad and documented at
  https://stackoverflow.com/questions/1851267/mingw-gcc-delay-loaded-dll-equivalent/70416894#70416894
  to try to put an end to the problem of DLL side loading.
2022-03-03 17:41:43 +00:00
Pete Batard
cef651c52c
[msvc] actually apply DLL delay loading to the Release builds
* ef2ff7179d was supposed to apply delay loading to our DLLs, for all MSVC builds,
  thereby preventing sideloading attacks, but the patch actually only set the DelayLoadDLLs
  property for Debug builds and not Release builds, with the result that side loading could
  still be triggered for the Release executables, as demonstrated in #1877.
* This patch therefore properly sets the DelayLoadDLLs for all builds, which should take care
  of the side loading vulnerability at least for MSVC executables.
* A subsequent patch will still be needed for MinGW, since there is no equivalent to DelayLoadDLLs.
* This addresses part of #1877.
2022-02-25 18:05:49 +00:00
Austin Wise
ef2ff7179d
[msvc] add provision to prevent DLL search order hijacking through delay loading
* Hypothetically if the user's current directory contains a malicious DLL that DLL
  could be loaded instead of the one in System32.
* Whereas the previous patch should have taken care of the one DLL referenced by
  Rufus that may be vulnerable to this attack (version.dll), we nonetheless add
  delay loading for all the libraries we reference as a precautionary measure.
* One can confirm that this works by using dumpbin.exe /IMPORTS to make sure
  a specific DLL is delay loaded. Then putting a breakpoint in the delay load
  hook should also confirm that the hook is used.
* Closes #1838
2022-01-05 18:33:59 +00:00
Pete Batard
f6ac559f4d
[iso] don't link with version.lib to prevent DLL sideloading issues
* This is part of #1838, where we need to sort the version.dll sideloading problem for MinGW.
* A subsequent patch will be applied to MSVC, to more generally delay the loading of DLLs.
* Also fix a typo with an assert expression.
2022-01-05 16:49:06 +00:00
Pete Batard
f5072e45de
[misc] update solution to VS2022
* Also fix a possible mishandling of compounded strings in safe string macros
2021-11-16 17:50:20 +00:00
Pete Batard
a10b8e8c54
[iso] add Windows ISO version report
* Use sources/compatresources.dll, when available, to try to detect the Windows ISO version and build.
* Also report what facility we use for formatting.
2021-10-08 19:24:07 +01:00
Pete Batard
83ea7103e3
[ci] set VS2019 to produce ALPHA or BETA off release 2021-09-28 20:00:59 +01:00
Pete Batard
436584fcc0
[appstore] revert AppStore version detection to rufus.app presence check
* This basically reverts the changes from 9dfa31db03.
2021-08-01 21:50:11 +01:00
longpanda
49eefa2e03
[cmp] add support for Ventoy Sparse Image (.vtsi) 2021-06-22 19:08:33 +01:00
Pete Batard
8f0d248a56
[misc] add regexp engine
* From https://github.com/kokke/tiny-regex-c
2021-04-22 22:43:20 +01:00
Pete Batard
2e1833e91e
[misc] improve CoInitialize calls
* Balance with CoUninitialize and add COINIT_DISABLE_OLE1DDE
* Also add /BREPRO linker flag for reproducible VS2019 release builds
2021-04-09 12:36:30 +01:00
Pete Batard
9dfa31db03
[appstore] improve AppStore version detection
* Also fix ESP prompt no longer appearing
2021-03-31 13:21:52 +01:00
Pete Batard
d4db16a9ca
[checksum] improve performance by switching to async I/O
Yes!!! We are finally *much* faster than 7-zip for SHA-256, even though
we are also computing MD5 and SHA-1 in parallel. Here are some averaged
comparative results, against the 5.71 GB Win10_20H2_EnglishInternational_x64.iso
(SHA-256 = 08535b6dd0a4311f562e301c3c344b4aefd2e69a82168426b9971d6f8cab35e1):
* Windows' PowerShell Get-FileHash: 48s
* 7-zip's SHA-256                 : 31s
* Rufus (64-bit release version)  : 23s
2021-02-03 11:49:57 +00:00
Pete Batard
3056d54cc1
[ext2fs] update ext2fs to latest
* Also drop nt_io_manager() as a function call and just use a direct ref to the manager.
2021-01-09 16:15:01 +00:00
Pete Batard
ee34bf495a
[misc] enable VS2019 String Pooling for Debug builds
* Also enable incremental linking and debug libraries for Debug builds
2020-06-02 11:50:23 +01:00
Pete Batard
3d1ec358b5
[core] improve protective MBR for GPT media
* Use the upgraded msg.bin MBR along with its more comprehensive message.
* Also fixes and issue in GetResource().
2020-02-19 19:51:32 +00:00
Pete Batard
45acbeba2c
[misc] extend previous patch to all confs and archs
* 9d8790bdda was only for x64/Release
2020-02-15 14:54:41 +00:00