diff --git a/_sign.cmd b/_sign.cmd index 1da906b6545..40f24e2203d 100644 --- a/_sign.cmd +++ b/_sign.cmd @@ -1,2 +1,2 @@ @echo off -"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool" sign /v /sha1 fc4686753937a93fdcd48c2bb4375e239af92dcb /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 %* +"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool" sign /v /sha1 fc4686753937a93fdcd48c2bb4375e239af92dcb /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 %* diff --git a/res/appstore/packme.cmd b/res/appstore/packme.cmd index 193124aaaef..bf7a62eeede 100644 --- a/res/appstore/packme.cmd +++ b/res/appstore/packme.cmd @@ -98,7 +98,7 @@ if "%VERSION_OVERRIDE%"=="" ( echo Will create %VERSION% AppStore Bundle pause -"%WDK_PATH%\signtool" sign /v /sha1 %SIGNATURE_SHA1% /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 *.exe +"%WDK_PATH%\signtool" sign /v /sha1 %SIGNATURE_SHA1% /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 *.exe if ERRORLEVEL 1 goto out echo [Files]> bundle.map diff --git a/res/hogger/hogger.asm b/res/hogger/hogger.asm index dbab990c42d..836b8e920f8 100644 --- a/res/hogger/hogger.asm +++ b/res/hogger/hogger.asm @@ -1,6 +1,6 @@ ; Rufus: The Reliable USB Formatting Utility ; Commandline hogger, assembly version (NASM) - ; Copyright © 2014 Pete Batard + ; Copyright © 2014 Pete Batard ; ; This program is free software: you can redistribute it and/or modify ; it under the terms of the GNU General Public License as published by diff --git a/res/hogger/hogger.c b/res/hogger/hogger.c index a03b76eedc6..01164b3795c 100644 --- a/res/hogger/hogger.c +++ b/res/hogger/hogger.c @@ -1,7 +1,7 @@ /* * Rufus: The Reliable USB Formatting Utility * Commandline hogger, C version - * Copyright © 2014 Pete Batard + * Copyright © 2014 Pete Batard * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/src/hash.c b/src/hash.c index 1fd58c1ff0c..c5dd18f85bb 100644 --- a/src/hash.c +++ b/src/hash.c @@ -2090,7 +2090,7 @@ BOOL IsRevokedBySbat(uint8_t* buf, uint32_t len) return FALSE; // Look for a .sbat section - sbat = GetPeSection(buf, &sbat_len, ".sbat"); + sbat = GetPeSection(buf, ".sbat", &sbat_len); if (sbat == NULL || sbat < buf || sbat >= buf + len) return FALSE; @@ -2123,7 +2123,7 @@ BOOL IsRevokedBySbat(uint8_t* buf, uint32_t len) BOOL IsRevokedBySvn(uint8_t* buf, uint32_t len) { wchar_t* rsrc_name = NULL; - uint8_t *base; + uint8_t *root; uint32_t i, j, rsrc_rva, rsrc_len, *svn_ver; IMAGE_DOS_HEADER* dos_header = (IMAGE_DOS_HEADER*)buf; IMAGE_NT_HEADERS* pe_header; @@ -2150,8 +2150,8 @@ BOOL IsRevokedBySvn(uint8_t* buf, uint32_t len) img_data_dir = pe64_header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE]; } - base = RvaToPhysical(buf, img_data_dir.VirtualAddress); - rsrc_rva = FindResourceRva(FALSE, base, base, rsrc_name, &rsrc_len); + root = RvaToPhysical(buf, img_data_dir.VirtualAddress); + rsrc_rva = FindResourceRva(rsrc_name, root, root, &rsrc_len); safe_free(rsrc_name); if (rsrc_rva != 0) { if (rsrc_len == sizeof(uint32_t)) { @@ -2159,7 +2159,7 @@ BOOL IsRevokedBySvn(uint8_t* buf, uint32_t len) if (svn_ver != NULL && *svn_ver < sbat_entries[i].version) return TRUE; } else { - uprintf("WARNING: Unexpected Microsoft SVN version size"); + uprintf("WARNING: Unexpected Secure Version Number size"); } } } diff --git a/src/parser.c b/src/parser.c index 48905642dc0..2f000650464 100644 --- a/src/parser.c +++ b/src/parser.c @@ -1611,8 +1611,8 @@ sbat_entry_t* GetSbatEntries(char* sbatlevel) * PE parsing functions */ -// Return the address of a PE section from a PE buffer -uint8_t* GetPeSection(uint8_t* buf, uint32_t* sec_len, const char* name) +// Return the address and (optionally) the length of a PE section from a PE buffer +uint8_t* GetPeSection(uint8_t* buf, const char* name, uint32_t* len) { char section_name[IMAGE_SIZEOF_SHORT_NAME] = { 0 }; uint32_t i, nb_sections; @@ -1623,9 +1623,10 @@ uint8_t* GetPeSection(uint8_t* buf, uint32_t* sec_len, const char* name) static_strcpy(section_name, name); - pe_header = (IMAGE_NT_HEADERS*)&buf[dos_header->e_lfanew]; - if (pe_header == NULL) + if (buf == NULL || name == NULL) return NULL; + + pe_header = (IMAGE_NT_HEADERS*)&buf[dos_header->e_lfanew]; if (pe_header->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 || pe_header->FileHeader.Machine == IMAGE_FILE_MACHINE_ARM) { section_header = (IMAGE_SECTION_HEADER*)(&pe_header[1]); nb_sections = pe_header->FileHeader.NumberOfSections; @@ -1636,7 +1637,8 @@ uint8_t* GetPeSection(uint8_t* buf, uint32_t* sec_len, const char* name) } for (i = 0; i < nb_sections; i++) { if (memcmp(section_header[i].Name, section_name, sizeof(section_name)) == 0) { - *sec_len = section_header->SizeOfRawData; + if (len != NULL) + *len = section_header->SizeOfRawData; return &buf[section_header[i].PointerToRawData]; } } @@ -1652,10 +1654,10 @@ uint8_t* RvaToPhysical(uint8_t* buf, uint32_t rva) IMAGE_NT_HEADERS64* pe64_header; IMAGE_SECTION_HEADER* section_header; - pe_header = (IMAGE_NT_HEADERS*)&buf[dos_header->e_lfanew]; - if (pe_header == NULL) + if (buf == NULL) return NULL; + pe_header = (IMAGE_NT_HEADERS*)&buf[dos_header->e_lfanew]; if (pe_header->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 || pe_header->FileHeader.Machine == IMAGE_FILE_MACHINE_ARM) { section_header = (IMAGE_SECTION_HEADER*)(pe_header + 1); nb_sections = pe_header->FileHeader.NumberOfSections; @@ -1677,32 +1679,37 @@ uint8_t* RvaToPhysical(uint8_t* buf, uint32_t rva) // Using the MS APIs to poke the resources of the EFI bootloaders is simply TOO. DAMN. SLOW. // So, to QUICKLY access the resources we need, we reivent Microsoft's sub-optimal resource parser. -uint32_t FindResourceRva(BOOL found, uint8_t* base, uint8_t* cur, const wchar_t* name, uint32_t* len) +static BOOL FoundResourceRva = FALSE; +uint32_t FindResourceRva(const wchar_t* name, uint8_t* root, uint8_t* dir, uint32_t* len) { uint32_t rva; WORD i; - IMAGE_RESOURCE_DIRECTORY* dir = (IMAGE_RESOURCE_DIRECTORY*)cur; - IMAGE_RESOURCE_DIRECTORY_ENTRY* dir_entry = (IMAGE_RESOURCE_DIRECTORY_ENTRY*)&dir[1]; + IMAGE_RESOURCE_DIRECTORY* _dir = (IMAGE_RESOURCE_DIRECTORY*)dir; + IMAGE_RESOURCE_DIRECTORY_ENTRY* dir_entry = (IMAGE_RESOURCE_DIRECTORY_ENTRY*)&_dir[1]; IMAGE_RESOURCE_DIR_STRING_U* dir_string; IMAGE_RESOURCE_DATA_ENTRY* data_entry; - if (base == NULL || cur == NULL || name == NULL) + if (root == NULL || dir == NULL || name == NULL) return 0; - for (i = 0; i < dir->NumberOfNamedEntries + dir->NumberOfIdEntries; i++) { - if (!found && i < dir->NumberOfNamedEntries) { - dir_string = (IMAGE_RESOURCE_DIR_STRING_U*)(base + dir_entry[i].NameOffset); + // Initial invocation should always start at the root + if (root == dir) + FoundResourceRva = FALSE; + + for (i = 0; i < _dir->NumberOfNamedEntries + _dir->NumberOfIdEntries; i++) { + if (!FoundResourceRva && i < _dir->NumberOfNamedEntries) { + dir_string = (IMAGE_RESOURCE_DIR_STRING_U*)(root + dir_entry[i].NameOffset); if (dir_string->Length != wcslen(name) || memcmp(name, dir_string->NameString, wcslen(name)) != 0) continue; - found = TRUE; + FoundResourceRva = TRUE; } if (dir_entry[i].OffsetToData & IMAGE_RESOURCE_DATA_IS_DIRECTORY) { - rva = FindResourceRva(found, base, &base[dir_entry[i].OffsetToDirectory], name, len); + rva = FindResourceRva(name, root, &root[dir_entry[i].OffsetToDirectory], len); if (rva != 0) return rva; - } else if (found) { - data_entry = (IMAGE_RESOURCE_DATA_ENTRY*)(base + dir_entry[i].OffsetToData); + } else if (FoundResourceRva) { + data_entry = (IMAGE_RESOURCE_DATA_ENTRY*)(root + dir_entry[i].OffsetToData); if (len != NULL) *len = data_entry->Size; return data_entry->OffsetToData; diff --git a/src/rufus.c b/src/rufus.c index cdf10b8654f..dade331f510 100755 --- a/src/rufus.c +++ b/src/rufus.c @@ -1608,7 +1608,7 @@ static DWORD WINAPI BootCheckThread(LPVOID param) const char* msg; for (i = 0; i < ARRAYSIZE(img_report.efi_boot_path) && img_report.efi_boot_path[i][0] != 0; i++) { - static const char* revocation_type[] = { "UEFI DBX", "Windows SecuritySiPolicy", "Linux SBAT", "Windows SVN" }; + static const char* revocation_type[] = { "UEFI DBX", "Windows SSP", "Linux SBAT", "Windows SVN" }; len = ReadISOFileToBuffer(image_path, img_report.efi_boot_path[i], &buf); if (len == 0) { uprintf("Warning: Failed to extract '%s' to check for UEFI revocation", img_report.efi_boot_path[i]); diff --git a/src/rufus.h b/src/rufus.h index 0ff7f209848..389fb12bcf1 100644 --- a/src/rufus.h +++ b/src/rufus.h @@ -831,9 +831,9 @@ extern HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAcce DWORD dwFlagsAndAttributes, LONGLONG fileSize); extern uint32_t ResolveDllAddress(dll_resolver_t* resolver); extern sbat_entry_t* GetSbatEntries(char* sbatlevel); -extern uint8_t* GetPeSection(uint8_t* buf, uint32_t* sec_len, const char* name); +extern uint8_t* GetPeSection(uint8_t* buf, const char* name, uint32_t* len); extern uint8_t* RvaToPhysical(uint8_t* buf, uint32_t rva); -extern uint32_t FindResourceRva(BOOL found, uint8_t* base, uint8_t* cur, const wchar_t* name, uint32_t* len); +extern uint32_t FindResourceRva(const wchar_t* name, uint8_t* root, uint8_t* dir, uint32_t* len); #define GetTextWidth(hDlg, id) GetTextSize(GetDlgItem(hDlg, id), NULL).cx DWORD WINAPI HashThread(void* param); diff --git a/src/rufus.rc b/src/rufus.rc index ec45982a6d8..ffba8ce100a 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 4.6.2197" +CAPTION "Rufus 4.6.2198" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -397,8 +397,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 4,6,2197,0 - PRODUCTVERSION 4,6,2197,0 + FILEVERSION 4,6,2198,0 + PRODUCTVERSION 4,6,2198,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -416,13 +416,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "4.6.2197" + VALUE "FileVersion", "4.6.2198" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "� 2011-2024 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "OriginalFilename", "rufus-4.6.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "4.6.2197" + VALUE "ProductVersion", "4.6.2198" END END BLOCK "VarFileInfo" diff --git a/src/stdfn.c b/src/stdfn.c index 5265bf94d7d..ec4933a03ca 100644 --- a/src/stdfn.c +++ b/src/stdfn.c @@ -738,7 +738,7 @@ BOOL FileIO(enum file_io_type io_type, char* path, char** buffer, DWORD* size) /* * Get a resource from the RC. If needed that resource can be duplicated. * If duplicate is true and len is non-zero, the a zeroed buffer of 'len' - * size is allocated for the resource. Else the buffer is allocate for + * size is allocated for the resource. Else the buffer is allocated for * the resource size. */ uint8_t* GetResource(HMODULE module, char* name, char* type, const char* desc, DWORD* len, BOOL duplicate) diff --git a/src/wue.c b/src/wue.c index 9fadd53d9b2..197ed5a76ee 100644 --- a/src/wue.c +++ b/src/wue.c @@ -194,6 +194,12 @@ char* CreateUnattendXml(int arch, int flags) fprintf(fd, " %d\n", order++); fprintf(fd, " net user "%s" /logonpasswordchg:yes\n", unattend_username); fprintf(fd, " \n"); + // Some people report that using the `net user` command above might reset the password expiration to 90 days... + // To alleviate that, blanket set passwords on the target machine to never expire. + fprintf(fd, " \n"); + fprintf(fd, " %d\n", order++); + fprintf(fd, " net accounts /maxpwage:unlimited\n"); + fprintf(fd, " \n"); fprintf(fd, " \n"); } }