1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2026-07-09 06:55:39 +00:00
Commit graph

72 commits

Author SHA1 Message Date
Pete Batard
a8901f5e58
[core] switch to jserv/cregex for the regexp parser
* We need group support for group matches and tiny-regex-c doesn't support them.
2025-06-27 15:29:08 +01:00
ozone10
170440e51c
[ui] add dark mode support
* Also fix erroneous use of EndDialog() instead of DestroyWindow() in rufus.c,
  which resulted in WM_DESTROY/WM_NCDESTROY messages not being generated.
* Closes #2713.
* Closes #2510.
* Closes #1453.
2025-06-17 14:41:31 +01:00
Pete Batard
fe9b137902
[wue] forward wrapper parameters to original setup.exe
* Also fix MinGW builds from outside of root directory
* Closes #2751
* Closes #2752
2025-06-09 17:30:18 +01:00
Pete Batard
4adfa4f37e
[misc] more MinGW DLL side loading "improvements"
- Side load SetupAPI.dll, as this is the DLL that was causing the CfgMgr32.dll local load.
  This reverts part of 622e60659c since we no longer have to hook into CfgMgr32.dll directly.
- Also set the redefinition of DECLSPEC_IMPORT, which we need for MinGW32 x86, in the global AM_CFLAGS
  of configure.ac, so that we no longer have to worry about forgetting to do it in a source and experience
  crashes on 32-bit as a result (See 965759f58a).
- Also delay-load crypt32.dll while we're at it.
- Also add provision for enabling /DEPENDENTLOADFLAG:0x800 on MinGW, by leaving a properly crafted entry
  in the .rdata section that can then be used with the loadcfg.py Python script.
- Sadly, per https://github.com/pbatard/rufus/issues/2701#issuecomment-2874788564 and subsequent comment,
  having DependentLoadFlags set to LOAD_LIBRARY_SEARCH_SYSTEM32 is still not enough to take care of side
  loading issues, as, ever since the introduction of wimlib support, we are seeing CRYPTBASE.DLL being
  side-loaded in MinGW, and, even with crypt32.dll being delay-loaded there is literally *nothing* we can
  do about it!
- The end result of all the above is that we will have no choice but ditch MinGW for release executables
  as it's just impossible to properly take care of side-loading vulnerabilities with MinGW (and Microsoft
  are REALLY not helping with this whole mess either, when they don't even use LOAD_LIBRARY_SEARCH_SYSTEM32
  for Windows' system DLLs).
- In preparation for this, we add UPX compression to the x86_64 and x86_32 MSVC executables.
- Finally, we also fix one last Coverity warning in xml.c and remove duplicates in .vcxproj for ARM64.
2025-05-13 20:31:35 +01:00
Pete Batard
2470c56c7e
[wue] switch to using wimlib for all WIM operations
* This should greatly improves performance when patching boot.wim for WUE or creating Windows To Go drives.
* This also allows us to discard all the bulky (and limited) native WIM API function calls.
* Also add some UTF-8 wrappers to wimlib and a GetTempDirNameU() function call.
* Also revert to the old ssize_t definition in unistd.h, since trying to be too smart throws static analysers off...
2025-05-05 00:58:07 +01:00
Pete Batard
9f7d623e2e
[vhd] add wimlib support
* This includes all the changes applied to wimlib for MSVC compilation support.
* The vast majority of these changes were original, but a very small set came
  was lifted from https://github.com/ebiggers/wimlib/pull/6 (which we discovered
  after we went through this whole exercise on our own...)
2025-05-02 17:25:37 +01:00
Pete Batard
e60dd7edb8
[wue] add ezxml support for WIM index parsing
* ezxml was partially altered with some changes from PRs found at https://github.com/lxfontes/ezxml.
* Also apply some small improvements to msapi_utf8.h.
2025-05-02 16:51:30 +01:00
Pete Batard
fdde687d46
[uefi] embed and allow the download of official signed DBX binaries
* With Microsoft having finally relinquished the terms of use of DBX binaries (where their
  previous legalese pretty much made it illegal for anyone who wasn't an OS manufacturer to
  download DBX for use in applications) we can now formally embed, as well as download the
  DBXs when they are updated.
* This is accomplished by querying the https://github.com/microsoft/secureboot_objects
  GitHub repo (which is now the official repository for the UEFI Forum's revocation files)
  through api.github.com and checking the timestamps of the last commit on the relevant files.
  If a more recent DBX is found than the one embedded (or a previously downloaded one), Rufus
  will now prompt the user to download it, as part of its regular update check (if enabled).
* Note that, since there have been no official revocations for them yet, IA64, RISCV64 and
  LoongArch64 are currently placeholders.
* Also note that we currently don't use this mechanism for Microsoft's SVN revocations, as
  we already have a more efficient check for it through SBAT.
* Also fix the handling of the RISCV64 MD5Sum UEFI bootloader, whose offset was incorrect.
2025-03-27 16:11:45 +00:00
Pete Batard
622e60659c
[dev] fix a side-loading vulnerability with cfgmgr32.dll
* Current Rufus and earlier versions (when compiled with MinGW) suffer from a side-loading vulnerability
  due to cfgmgr32.dll being attempted to be loaded from the same directory as the executable. This may
  result in someone being able to execute elevated malicious code if they already have gained user-level
  access to the platform and were able to drop an arbitrary cfgmgr32.dll in the same directory as rufus.
* While we were able to address similar vulnerabilities using delay-loading, this method does not appear
  to work for MinGW with this specific DLL, so we remove all the implicit CM_ function calls, that result
  in automated DLL loading that cannot be mitigated, to replace them with direct DLL hooks, which are
  not subject to Windows' default (vulnerable) DLL lookup behaviour. We still add the def for the delay
  loading in case we manage to find how to delay load cfgmgr32 with MinGW in the future...
* Fixes CVE-2025-26624 (https://github.com/pbatard/rufus/security/advisories/GHSA-p8p5-r296-g2jv).
* This vulnerability was discovered by @EmperialX working with @Shauryae1337 and reported by @EmperialX.
2025-02-19 11:58:10 +00:00
Pete Batard
79f1209ab9
[misc] arch/cpu refactoring
* Move the cpu.c/cpu.h in more logical places and remove these sources files.
* Add detection for LoongArch64 EFI bootloaders.
* Pass the detected CPU arch when invoking Fido.
* Also fix some Bled Coverity warnings.
2024-12-02 19:04:51 +00:00
Mohmed abdel-fattah
9b3c11122b
[misc] reinstate delay-loading of wininet and virtdisk DLLs
* Per #2272 and #1877, MinGW has issues when delay loading libraries, but
  it is possible to apply a workaround to alleviate them, by redefining
  DECLSPEC_IMPORT before including the corresponding headers.
* This is a bit more tricky to accomplish for virtdisk, as MinGW's windows.h
  header does include virtdisk.h on its own (rather than expect a formal
  include as MSVC does), so we have to prevent the virtdisk.h inclusion
  first, by defining a macro, and then apply our workaround.
* Per https://sourceforge.net/p/mingw-w64/mailman/mingw-w64-public/thread/ea87573f-65ea-44a2-b4bb-ca96c0a136ab%40akeo.ie/#msg58793876
  we are hoping that this should be a temporary workaround and that the root
  cause of the issue will be fixed in binutils.
* Closes #2513.
2024-07-13 17:43:40 +01:00
Pete Batard
64e85ed09a
[uefi] don't revoke Windows 11 or post Windows 10 20H1 boot media yet
* As opposed to what we originally asserted, Microsoft did enact a blanket revocation
  in SkuSiPolicy.p7b for all post 1703 up to 2305 Windows UEFI bootloaders.
* As a result, unconditionally copying SkuSiPolicy.p7b will result in media as recent
  as Windows 11 22H2 (v1) being flagged as revoked, which we don't want to enforce as
  long as Microsoft themselves haven't entered the enforcing phase of their Black
  Lotus mitigation (currently planned for early 2024).
* Because of this, while we add some revocation detection for post 1703 bootloaders,
  we set it to only go as far as 20H1 for now, which means that all post 20H1 Windows
  10 media and all Windows 11 media will not yet be flagged by Rufus as revoked and
  will still boot in a Secure Boot environment due to lack of an SkuSiPolicy.p7b.
* Ultimately, per #2244 we may look for a BOOTMGRSECURITYVERSIONNUMBER resource to
  blanket revoke all post 1703 - pre 2305 Windows UEFI bootloaders.
* Also remove the now unused comdlg32 library from the linker.
2023-07-15 23:20:59 +02:00
Pete Batard
f9370e002e
[iso] fix a crash when parsing Windows ISOs with MinGW x86_32
* MinGW32's delay loading functionality is not yet up to par with MSVC's and especially, for
  some libraries (wininet, virtdisk) attempting to delay load them simply crashes the runtime.
* This results in the MinGW32 version of the app crashing when selecting a Windows ISO, as we
  will then try to mount the ISO using virtdisk to poke the build version. Note that this crash
  does not happen with the MinGW64 version or with MSVC.
* Closes #2272.
* Also fix a Coverity warning in SaveImageThread() and improve the VHD saving code.
2023-07-02 13:15:51 +01:00
Pete Batard
090bfb9770
[misc] rename checksum.c to hash.c 2023-06-11 16:18:26 +01:00
Pete Batard
0df68b6af9
[misc] further Windows 7 specifics removals
* Also remove some unused code in stdlg.c
* Note that virtdisk appears to be a vulnerable library, so we go
  through delay loading yet again...
2023-04-28 17:46:05 +01:00
Jeffrey Walton
36f4716afd
[checksum] enable x86 acceleration if the CPU supports it
* Newer Intel and AMD CPUs have SSE extensions for SHA-1 and SHA-256 acceleration.
* Add new cpu.c/cpu.h sources to detect the extensions, and use them in checksum.c
  if available.
* Acceleration code is taken from https://github.com/noloader/SHA-Intrinsics.
2022-12-08 11:15:48 +00:00
Pete Batard
8814944c35
[wue] improve Windows version reporting from ISO/.wim
* Pick the version and build number directly from the install[.wim|.esd] XML index.
  This forces us to mount the ISO during scan, but it's the only way to get an accurate Build number...
* Also drop linking to version.dll (along with the whole version.dll delay-loading shenanigans).
2022-10-04 11:58:30 +01:00
Pete Batard
a19828c9d1
[wue] move WUE, Windows To Go and WinPE calls to their own source 2022-07-25 13:18:14 +01:00
Pete Batard
a3c75e480e
[core] revert to direct-hooking into wininet.dll
* This reverts 3194a4dac4 on account that MinGW's delay loading of
  wininet.dll causes the application to prematurely close.
* Yet another episode of the never ending #1877 saga...
2022-04-27 10:41:19 +01:00
Pete Batard
d029551929
[core] drop direct hooking into dwmapi DLL and use delay-loading instead
* Now that we can delay-load DLLs for both MinGW and MSVC, we can also remove
  the direct DLL hook that was added into dwmapi.dll due to side loading and
  revert to using a direct API call instead.
* This reverts part of e1d864f755.
* Also attempt to silence that damn Coverity warning.
2022-04-12 13:55:33 +01:00
Pete Batard
3194a4dac4
[net] drop direct hooking into wininet DLL and use delay-loading instead
* Now that we can delay-load DLLs for both MinGW and MSVC, we can remove the
  cumbersome direct DLL hooks into wininet.dll (which is vulnerable to side
  loading when not delay-loaded) and revert to using direct API calls instead.
* This reverts part of e1d864f755.
* Also attempt to silence a Coverity warning.
2022-04-12 13:35:41 +01:00
Pete Batard
e7b66e7e4c
[mingw] use delay loading for DLLs that are subject to side loading
* This reverts much of commits f6ac559f4d and 1947266837
  so that we call the Windows APIs directly again, while ensuring that, by the time we load the DLLs,
  sideloading mitigation has already been applied by the application.
* This is a continuation of #1877, and should help prevent re-introducing side-loading issues when we
  link against new libraries, as well as allow us to drop some of the manual DLL hooking we've been
  doing to prevent it, to clean up the code.
* Note that this is a bit more complex than what the stackoverflow post suggests, because we need to
  create delayloaded libs for both 32-bit and 64-bit, which use a different calling convention and
  therefore need to use different .def files. So there's a lot of gymkhana involved, with Makefiles
  and whatnot, to get us there.
* Also simplify the use of CM_Get_DevNode_Registry_PropertyA() in dev.c since recent versions of
  MinGW now have support for it.
* Also fix 2 small issues in net.c (potential overflow) and format.c (memory leak).
2022-04-12 11:09:59 +01:00
Pete Batard
1947266837
[pki] don't link with wintrust.lib
* WinTrust.lib is responsible for the MSASN1.dll sideloading issue described in #1877,
  so, since we only use it for WinVerifyTrustEx(), hook into that function manually.
* Closes #1877 for the MinGW side.
* Note that we will probably try to use the method suggested by @assarbad and documented at
  https://stackoverflow.com/questions/1851267/mingw-gcc-delay-loaded-dll-equivalent/70416894#70416894
  to try to put an end to the problem of DLL side loading.
2022-03-03 17:41:43 +00:00
Pete Batard
f6ac559f4d
[iso] don't link with version.lib to prevent DLL sideloading issues
* This is part of #1838, where we need to sort the version.dll sideloading problem for MinGW.
* A subsequent patch will be applied to MSVC, to more generally delay the loading of DLLs.
* Also fix a typo with an assert expression.
2022-01-05 16:49:06 +00:00
Pete Batard
a10b8e8c54
[iso] add Windows ISO version report
* Use sources/compatresources.dll, when available, to try to detect the Windows ISO version and build.
* Also report what facility we use for formatting.
2021-10-08 19:24:07 +01:00
Pete Batard
8f0d248a56
[misc] add regexp engine
* From https://github.com/kokke/tiny-regex-c
2021-04-22 22:43:20 +01:00
Pete Batard
5803d7ad8a
[loc] update French translation
* Also fix MinGW warning
2021-03-31 16:38:09 +01:00
Pete Batard
9aea069f84
[misc] update autotools support files 2021-03-25 23:57:34 +00:00
Pete Batard
35af4cbacb
[misc] move Large FAT32 and ext formatting to their own source
* Also add randomization to test images
2020-02-10 13:04:50 +00:00
David Stumph
3c9acb0d3c
[misc] use $(srcdir) in Makefiles
* Picked from #1449
2020-02-10 12:08:04 +00:00
Pete Batard
9610e3a63b
[misc] refactor some global variables' names so we can reinstate -Wshadow
* Also remove no longer used _coverity.cmd and update .gitignore
2019-04-13 15:29:27 +01:00
Pete Batard
cec443ef61
[ext2fs] update to latest e2fsprogs
* e2fsprogs commit [cecc2bc78b39ddcd34a819a4d7e7cd30897958cb]
* Also add LGPLv2 license text
2019-04-13 14:52:29 +01:00
Pete Batard
cda716c1ff
[ext2fs] initial ext2fs support 2019-04-12 21:32:40 +01:00
Pete Batard
0fa19d7019 [internal] reorganize localization resources 2018-07-16 16:38:40 +01:00
Pete Batard
05f8400451 [misc] reorganize UI function calls into their own source
* Also fix ARM/ARM64 broken compilation due to missing __popcnt()
2018-07-06 05:46:36 +01:00
Pete Batard
e1d864f755 [misc] work around Microsoft's broken SetDllDirectory()
* *THIS* is what you need to do to replace Microsoft's broken SetDllDirectory("")
  implementation and mitigate DLL sideloading from local directories.
* Also fix some comment typos
2018-06-05 13:02:28 +01:00
Pete Batard
13e7b0226d [ui] improve log window positioning
* Now seriously what the $%^& is wrong with Microsoft?!?
2018-05-09 15:55:30 +01:00
Pete Batard
903ac993f2 [misc] remove no longer needed XP workarounds 2017-11-13 14:30:25 +00:00
Pete Batard
0c76dbf075 [process] restrict search to handles that have R or W access
* Also fix loop overflow
2017-04-30 21:59:18 +01:00
Pete Batard
d5f6ddb653 [core] list potentially blocking processes on disk access error
* Using functionality from Process Hacker:
  https://github.com/processhacker2/processhacker2/
* Part of the #773 enhancement
* Also fix minor MinGW and WDK warnings
2017-04-27 23:06:42 +01:00
Pete Batard
43d9ac046b [core] don't list non-USB removable devices by default
* Unless specifically requested with Ctrl-Alt-H
* Closes #727
* Also rename usb.c to dev.c, since we may be listing more than USB devices
2016-04-26 14:57:07 +02:00
Pete Batard
2c90a06668 use IFileDialog when running on Vista or later
* When compiled with MinGW, this was always disabled due to forcing XP as
  the lowest common denominator and using #ifdefs
* This should also help with OFN_NOCHANGEDIR seemingly being ignored
* Sadly, this change also adds ~20KB to our *compressed* size... :(
2016-03-24 12:55:54 +00:00
Pete Batard
db0880e534 [syslinux] update Syslinux to better align with its official source
* This means disabling some warnings and removing explicit casts, but so be it...
* Also fix the minfatsize check for Large FAT32
2016-02-23 20:52:06 +00:00
Pete Batard
cd911ad738 [pki] add signature check on update downloads - part 1
* This is part of enhancement #158
2015-10-12 22:03:41 +01:00
Pete Batard
c95910e268 [misc] add MD5 and SHA-1 computation for current image
* Uses the Alt-M cheat mode for now
* Closes #475
2015-06-29 23:43:49 +01:00
Pete Batard
cf7e52e051 [misc] pocketful of enhancement and fixes - part 4
* Fix disappearance of "Start" button when selecting an ISO with
  no target (reported by Sopor)
* Add commented sample ini file
* Add AC_PROG_AR macro in configure.ac
* Update ChangeLog for BETA
2015-02-10 22:45:48 +00:00
Pete Batard
7599715ae6 [cmp] add decompression support
* Adds .Z, .gz, .lzma, .xz and .bz2 decompression support for DD images
  using the Bled library (https://github.com/pbatard/bled).
* Closes #269
2014-12-29 20:34:41 +00:00
Pete Batard
e72d6546d1 [misc] update MinGW build chain for msys2
* Use autoconf and automake 1.14
* reinstate parallel build flags
* Also fix MinGW warnings and errors
2014-12-15 18:42:21 +00:00
Pete Batard
4c8b022042 [internal] enable ALPHA/BETA from configure
* Pass --enable-alpha or --enable-beta to configure/_release.sh
2014-11-28 00:22:57 +00:00
Pete Batard
2396ef8c28 [misc] improve silent automake rules 2014-11-12 23:45:49 +00:00