7

如果我想查看所有使用 c# 挂载的卷,那么我将不得不查询真正的 crypt 驱动程序,因为没有可以发送到 TrueCrypt.exe 的命令来返回该信息。

因此,如果我想查看所有已安装的卷以及它们安装在哪个驱动器中,我将调用TrueCryptHelper.GetMountedVolumes();

这是代码:

public static class TrueCryptHelper
{
    public static Dictionary<char, string> GetMountedVolumes()
    {
        uint size = (uint)Marshal.SizeOf(typeof(MOUNT_LIST_STRUCT));
        IntPtr buffer = Marshal.AllocHGlobal((int)size);
        uint bytesReturned;
        IntPtr _hdev = CreateFile("\\\\.\\TrueCrypt", FileAccess.ReadWrite, FileShare.ReadWrite, IntPtr.Zero, FileMode.Open, 0, IntPtr.Zero);
        bool bResult = DeviceIoControl(_hdev, TC_GET_MOUNTED_VOLUMES, buffer, size, buffer, size, out bytesReturned, IntPtr.Zero);
        MOUNT_LIST_STRUCT mount = new MOUNT_LIST_STRUCT();
        Marshal.PtrToStructure(buffer, mount);
        Marshal.FreeHGlobal(buffer);

        Dictionary<char, string> items = new Dictionary<char, string>();

        for (int i = 0; i < 26; i++)
        {
            string filePath = mount.wszVolume[i].ToString().Replace(@"\??\", "");
            if (filePath.Length > 2)
            {
                items[(char)('A' + i)] = filePath;
            }
            //Console.WriteLine("{0}: => {1}", (char)('A' + i), mount.wszVolume[i]);
        }

        return items;
    }

    private static readonly uint TC_GET_DRIVER_VERSION                      = (uint)CTL_CODE(0x00000022, 0x800 + (01), 0, 0);
    private static readonly uint TC_GET_BOOT_LOADER_VERSION                 = (uint)CTL_CODE(0x00000022, 0x800 + (02), 0, 0);
    private static readonly uint TC_MOUNT_VOLUME                            = (uint)CTL_CODE(0x00000022, 0x800 + (03), 0, 0);
    private static readonly uint TC_DISMOUNT_VOLUME                         = (uint)CTL_CODE(0x00000022, 0x800 + (04), 0, 0);
    private static readonly uint TC_DISMOUNT_ALL_VOLUMES                    = (uint)CTL_CODE(0x00000022, 0x800 + (05), 0, 0);
    private static readonly uint TC_GET_MOUNTED_VOLUMES                     = (uint)CTL_CODE(0x00000022, 0x800 + (06), 0, 0);
    private static readonly uint TC_GET_VOLUME_PROPERTIES                   = (uint)CTL_CODE(0x00000022, 0x800 + (07), 0, 0);
    private static readonly uint TC_GET_DEVICE_REFCOUNT                     = (uint)CTL_CODE(0x00000022, 0x800 + (08), 0, 0);
    private static readonly uint TC_WAS_REFERENCED_DEVICE_DELETED           = (uint)CTL_CODE(0x00000022, 0x800 + (09), 0, 0);
    private static readonly uint TC_IS_ANY_VOLUME_MOUNTED                   = (uint)CTL_CODE(0x00000022, 0x800 + (10), 0, 0);
    private static readonly uint TC_GET_PASSWORD_CACHE_STATUS               = (uint)CTL_CODE(0x00000022, 0x800 + (11), 0, 0);
    private static readonly uint TC_WIPE_PASSWORD_CACHE                     = (uint)CTL_CODE(0x00000022, 0x800 + (12), 0, 0);
    private static readonly uint TC_OPEN_TEST                               = (uint)CTL_CODE(0x00000022, 0x800 + (13), 0, 0);
    private static readonly uint TC_GET_DRIVE_PARTITION_INFO                = (uint)CTL_CODE(0x00000022, 0x800 + (14), 0, 0);
    private static readonly uint TC_GET_DRIVE_GEOMETRY                      = (uint)CTL_CODE(0x00000022, 0x800 + (15), 0, 0);
    private static readonly uint TC_PROBE_REAL_DRIVE_SIZE                   = (uint)CTL_CODE(0x00000022, 0x800 + (16), 0, 0);
    private static readonly uint TC_GET_RESOLVED_SYMLINK                    = (uint)CTL_CODE(0x00000022, 0x800 + (17), 0, 0);
    private static readonly uint TC_GET_BOOT_ENCRYPTION_STATUS              = (uint)CTL_CODE(0x00000022, 0x800 + (18), 0, 0);
    private static readonly uint TC_BOOT_ENCRYPTION_SETUP                   = (uint)CTL_CODE(0x00000022, 0x800 + (19), 0, 0);
    private static readonly uint TC_ABORT_BOOT_ENCRYPTION_SETUP             = (uint)CTL_CODE(0x00000022, 0x800 + (20), 0, 0);
    private static readonly uint TC_GET_BOOT_ENCRYPTION_SETUP_RESULT        = (uint)CTL_CODE(0x00000022, 0x800 + (21), 0, 0);
    private static readonly uint TC_GET_BOOT_DRIVE_VOLUME_PROPERTIES        = (uint)CTL_CODE(0x00000022, 0x800 + (22), 0, 0);
    private static readonly uint TC_REOPEN_BOOT_VOLUME_HEADER               = (uint)CTL_CODE(0x00000022, 0x800 + (23), 0, 0);
    private static readonly uint TC_GET_BOOT_ENCRYPTION_ALGORITHM_NAME      = (uint)CTL_CODE(0x00000022, 0x800 + (24), 0, 0);
    private static readonly uint TC_GET_PORTABLE_MODE_STATUS                = (uint)CTL_CODE(0x00000022, 0x800 + (25), 0, 0);
    private static readonly uint TC_SET_PORTABLE_MODE_STATUS                = (uint)CTL_CODE(0x00000022, 0x800 + (26), 0, 0);
    private static readonly uint TC_IS_HIDDEN_SYSTEM_RUNNING                = (uint)CTL_CODE(0x00000022, 0x800 + (27), 0, 0);
    private static readonly uint TC_GET_SYSTEM_DRIVE_CONFIG                 = (uint)CTL_CODE(0x00000022, 0x800 + (28), 0, 0);
    private static readonly uint TC_DISK_IS_WRITABLE                        = (uint)CTL_CODE(0x00000022, 0x800 + (29), 0, 0);
    private static readonly uint TC_START_DECOY_SYSTEM_WIPE                 = (uint)CTL_CODE(0x00000022, 0x800 + (30), 0, 0);
    private static readonly uint TC_ABORT_DECOY_SYSTEM_WIPE                 = (uint)CTL_CODE(0x00000022, 0x800 + (31), 0, 0);
    private static readonly uint TC_GET_DECOY_SYSTEM_WIPE_STATUS            = (uint)CTL_CODE(0x00000022, 0x800 + (32), 0, 0);
    private static readonly uint TC_GET_DECOY_SYSTEM_WIPE_RESULT            = (uint)CTL_CODE(0x00000022, 0x800 + (33), 0, 0);
    private static readonly uint TC_WRITE_BOOT_DRIVE_SECTOR                 = (uint)CTL_CODE(0x00000022, 0x800 + (34), 0, 0);
    private static readonly uint TC_IS_SYSTEM_FAVORITE_VOLUME_DIRTY         = (uint)CTL_CODE(0x00000022, 0x800 + (35), 0, 0);
    private static readonly uint TC_SET_SYSTEM_FAVORITE_VOLUME_DIRTY        = (uint)CTL_CODE(0x00000022, 0x800 + (36), 0, 0);

    [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi, Pack = 1)]
    private class MOUNT_LIST_STRUCT
    {
        public readonly UInt32 ulMountedDrives; /* Bitfield of all mounted drive letters */
        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
        public readonly MOUNT_LIST_STRUCT_VOLUME_NAME[] wszVolume;  /* Volume names of mounted volumes */
        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
        public readonly UInt64[] diskLength;
        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
        public readonly int[] ea;
        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
        public readonly int[] volumeType;   /* Volume type (e.g. PROP_VOL_TYPE_OUTER, PROP_VOL_TYPE_OUTER_VOL_WRITE_PREVENTED, etc.) */
    }

    [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi, Pack = 1)]
    private struct MOUNT_LIST_STRUCT_VOLUME_NAME
    {
        [MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.I2, SizeConst = 260)]
        public readonly char[] wszVolume;   /* Volume names of mounted volumes */

        public override string ToString()
        {
            return (new String(wszVolume)).TrimEnd('\0');
        }
    }

    private static int CTL_CODE(int DeviceType, int Function, int Method, int Access)
    {
        return (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2)
          | (Method));
    }

    /// <summary>
    /// Sends a control code directly to a specified device driver, causing the corresponding device to perform the corresponding operation.
    /// http://msdn.microsoft.com/en-us/library/windows/desktop/aa363216(v=vs.85).aspx
    /// </summary>        
    [DllImport("kernel32.dll", ExactSpelling = true, SetLastError = true, CharSet = CharSet.Auto)]
    static extern bool DeviceIoControl(IntPtr hDevice, uint dwIoControlCode,
        IntPtr lpInBuffer, uint nInBufferSize,
        IntPtr lpOutBuffer, uint nOutBufferSize,
        out uint lpBytesReturned, IntPtr lpOverlapped);

    [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    private static extern IntPtr CreateFile(
         [MarshalAs(UnmanagedType.LPTStr)] string filename,
         [MarshalAs(UnmanagedType.U4)] FileAccess access,
         [MarshalAs(UnmanagedType.U4)] FileShare share,
         IntPtr securityAttributes, // optional SECURITY_ATTRIBUTES struct or IntPtr.Zero
         [MarshalAs(UnmanagedType.U4)] FileMode creationDisposition,
         [MarshalAs(UnmanagedType.U4)] FileAttributes flagsAndAttributes,
         IntPtr templateFile);
}

注意我正在使用TC_GET_MOUNTED_VOLUMES标志。例如,如果我想挂载一个卷并使用TC_MOUNT_VOLUME我将如何指定密码?在哪里可以找到有关如何使用 TrueCrypt 驱动程序的更多信息?所以我发现这篇不错的文章:http ://stoned-vienna.com/html/index.php?page=abusing-the-truecrypt-driver

4

2 回答 2

4

其实它有点高级,不容易,你需要通过C++代码,理解它并用C#重新编写它。我可以帮助您安装代码,但对于其他功能,您需要了解 Truecrypt UI 如何与内核驱动程序通信并用 C# 重新编写它。

关于安装...

1)下载最新的Truecrypt for windows源代码。

2) 找到 TrueCryptSource\Common\Dlgcode.c 转到第 5963 行,您将看到 MountVolume 函数:

// Use only cached passwords if password = NULL
//
// Returns:
// -1 = user aborted mount / error
// 0  = mount failed
// 1  = mount OK
// 2  = mount OK in shared mode
//
// Note that some code calling this relies on the content of the mountOptions struct
// to remain unmodified (don't remove the 'const' without proper revision).

int MountVolume (HWND hwndDlg,
                 int driveNo,
                 char *volumePath,
                 Password *password,
                 BOOL cachePassword,
                 BOOL sharedAccess,
                 const MountOptions* const mountOptions,
                 BOOL quiet,
                 BOOL bReportWrongPassword)

好的,正如你所看到的,这个函数接收了几个参数并将它们发送给内核驱动程序,但是它在将它们传递给内核之前改变了一些变量,例如当你输入volumepath,如果它确实有“\?\”在里面,函数在将字符串传递给驱动程序之前将其删除。

对于驱动器路径,它使用VolumeGuidPathToDevicePath获取该驱动器的完整设备路径(意味着将 G:H:I: 转换为完整设备路径,例如 \Device\Harddisk%d\Partition%d)

然后是mount struct,你需要用C#重构它:

MOUNT_STRUCT mount;



typedef struct
{
    int nReturnCode;                    /* Return code back from driver */
    BOOL FilesystemDirty;
    BOOL VolumeMountedReadOnlyAfterAccessDenied;
    BOOL VolumeMountedReadOnlyAfterDeviceWriteProtected;

    wchar_t wszVolume[TC_MAX_PATH];     /* Volume to be mounted */
    Password VolumePassword;            /* User password */
    BOOL bCache;                        /* Cache passwords in driver */
    int nDosDriveNo;                    /* Drive number to mount */
    uint32 BytesPerSector;
    BOOL bMountReadOnly;                /* Mount volume in read-only mode */
    BOOL bMountRemovable;               /* Mount volume as removable media */
    BOOL bExclusiveAccess;              /* Open host file/device in exclusive access mode */
    BOOL bMountManager;                 /* Announce volume to mount manager */
    BOOL bPreserveTimestamp;            /* Preserve file container timestamp */
    BOOL bPartitionInInactiveSysEncScope;       /* If TRUE, we are to attempt to mount a partition located on an encrypted system drive without pre-boot authentication. */
    int nPartitionInInactiveSysEncScopeDriveNo; /* If bPartitionInInactiveSysEncScope is TRUE, this contains the drive number of the system drive on which the partition is located. */
    BOOL SystemFavorite;
    // Hidden volume protection
    BOOL bProtectHiddenVolume;          /* TRUE if the user wants the hidden volume within this volume to be protected against being overwritten (damaged) */
    Password ProtectedHidVolPassword;   /* Password to the hidden volume to be protected against overwriting */
    BOOL UseBackupHeader;
    BOOL RecoveryMode;
} MOUNT_STRUCT;

您需要用 C# 重新编写它,然后初始化此结构的新实例,然后设置挂载卷所需的所有参数(密码、密钥文件等)

MOUNT_STRUCT最后使用您创建的实例调用驱动程序:

bResult = DeviceIoControl (hDriver, TC_IOCTL_MOUNT_VOLUME, &mount,
        sizeof (mount), &mount, sizeof (mount), &dwResult, NULL);

就是这样,同样TrueCrypt,不要忘记在将密码发送到内核后从内存中擦除密码,为此,TrueCrypt有一个名为 的函数burn,也可以在 C# 中重新编写它,或者简单地销毁保存密码的变量音量太敏感了。

除了我上面所说的之外,truecrypt 确实有命令行界面,您可以从命令提示符挂载卷。您不能使用命令提示符查看已安装驱动器的列表,因此您需要一个简单的 C# 代码来列出已安装的卷,但您可以使用命令提示符进行安装:

truecrypt /v myvolume.tc /lx /a /p MyPassword /e /b
于 2014-01-31T18:29:44.893 回答
0

为清楚起见进行编辑:

TrueCrypt 托管驱动程序是在现有 TrueCrypt.sys 驱动程序之上使用托管 .NET 概念对部分 TrueCrypt 源代码的重写。

要使用:

Public Sub Main()
    ' Instantiate the TrueCrypt Driver API
    Dim Driver As New TC_Driver("C:\truecrypt.sys") ' Or wherever the compiled TrueCrypt driver exists on your system

End Sub

这调用了内部代码:

Public Class TC_Driver
    Implements IDisposable

    Const CURRENT_VER As Integer = &H71A

    Private pDriver32bitLocation As String
    Private pDriver64bitLocation As String
    Private pIsPortableMode As Boolean = False

    Private Property ManagedDriver As ManagedDriver
    Private DriverSetupMutex As Mutex

    Public Sub New(ByVal DriverLocation64bit As String)
        'Checks for 64-bit OS. Currently x64 is the only supported platform
        If Not Environment.Is64BitProcess = Environment.Is64BitOperatingSystem Then
           Throw New PlatformNotSupportedException("TrueCryptAPI needs a 64 bit process to run correctly")
        End If

        ' Set the driver location as specified by DriverLocation64bit
        pDriver64bitLocation = Path.GetFullPath(DriverLocation64bit)

        Dim DriverStatus As TC_ERROR
        Dim DriverLoadAttempts As Integer = 0

        'Load the driver as a service using internal code
        ManagedDriver = New ManagedDriver

        'Attempt to Start the driver, fail with error after 3 attempts
        Do
          DriverStatus = StartDriver()
          DriverLoadAttempts += 1
        Loop While DriverStatus = TC_ERROR.FILES_OPEN_LOCK AndAlso DriverLoadAttempts < 3

        If DriverStatus <> TC_ERROR.SUCCESS Then
          Me.Dispose()
          Throw New ArgumentException("Driver not loaded. Error:" & DriverStatus)
        End If
    End Sub
'....
End Class

上面的代码实例化了作为服务运行的 TrueCrypt 驱动程序,并提供了一个对象,通过调用代码(例如 Mount 和 DisMount)运行 TrueCrypt 方法。

使用(续):

Public Sub Main()
    ' Instantiate the TrueCrypt Driver API
    Dim Driver As New TC_Driver("C:\truecrypt.sys") ' Or wherever the compiled TrueCrypt driver exists on your system

    Dim MyOptions As New MOUNT_OPTIONS With {.Removable = True}
    Driver.MountContainer("C:\MyTrueCryptContainer","S","SuperSecurePassword",MyOptions)

End Sub

MOUNT_OPTIONS 结构:

    Public Structure MOUNT_OPTIONS
        Dim [ReadOnly] As Boolean
        Dim Removable As Boolean
        Dim ProtectHiddenVolume As Boolean
        Dim PreserveTimestamp As Boolean
        Dim PartitionInInactiveSysEncScope As Boolean
        Dim ProtectedHidVolPassword As Password
        Dim UseBackupHeader As Boolean
        Dim RecoveryMode As Boolean
    End Structure

MountContainer 方法:

Public Function MountContainer(ByVal FileName As String, ByVal DriveLetter As Char, ByVal Password As Password, ByVal Options As MOUNT_OPTIONS) As TC_ERROR
    Dim status As Boolean = False
    Dim mounted As TC_ERROR
    Dim tmp As String = ""

    'Apply the keyfile to the password
    If Not Password.ApplyKeyFile(tmp) Then Return False

    'Attempt to mount the volume using translated TrueCrypt methods
    mounted = MountVolume(Asc(DriveLetter) - Asc("A"), FileName, tmp, False, False, Options, False)

    tmp = ""
    Options.ProtectedHidVolPassword = Nothing

    Return mounted
End Function

这是 TrueCrypt 用于卷挂载的 C/C++ 的(相当文字和繁琐的)翻译:

Partial Public Class TC_Driver

Friend Function MountVolume(ByVal driveNo As Integer, ByVal volumePath As String, ByVal password As String, ByVal cachePassword As Boolean, ByVal sharedAccess As Boolean, ByRef MountOption As MOUNT_OPTIONS, ByVal quiet As Boolean) As TC_ERROR
    Dim mount As MOUNT_STRUCT
    Dim dwResult As UInteger
    Dim bResult As Boolean, bDevice As Boolean
    Dim favoriteMountOnArrivalRetryCount As Integer = 0

    If IsMountedVolume(volumePath) Then Return TC_ERROR.VOL_ALREADY_MOUNTED
    If Not VolumePathExists(volumePath) Then Return TC_ERROR.FILES_OPEN

    mount = New MOUNT_STRUCT
    mount.VolumePassword = New PASSWORD_STUCT
    mount.ProtectedHidVolPassword = New PASSWORD_STUCT

    mount.bExclusiveAccess = Not sharedAccess
    mount.SystemFavorite = False
    mount.UseBackupHeader = MountOption.UseBackupHeader
    mount.RecoveryMode = MountOption.RecoveryMode

retry:
    mount.nDosDriveNo = driveNo
    mount.bCache = cachePassword

    mount.bPartitionInInactiveSysEncScope = False

    If StringLen(password) > 0 Then
        mount.VolumePassword = New PASSWORD_STUCT

        mount.VolumePassword.Text = password.PadRight(MAX_PASSWORD + 1, Chr(0))
        mount.VolumePassword.Length = StringLen(password)
        mount.VolumePassword.Pad = "".PadRight(3, Chr(0))
    Else
        mount.VolumePassword = New PASSWORD_STUCT

        mount.VolumePassword.Text = "".PadRight(MAX_PASSWORD + 1, Chr(0))
        mount.VolumePassword.Length = 0
        mount.VolumePassword.Pad = "".PadRight(3, Chr(0))
    End If

    If (Not MountOption.ReadOnly) And MountOption.ProtectHiddenVolume Then
        mount.ProtectedHidVolPassword = New PASSWORD_STUCT

        mount.ProtectedHidVolPassword.Pad = "".PadRight(3, Chr(0))

        MountOption.ProtectedHidVolPassword.ApplyKeyFile(mount.ProtectedHidVolPassword.Text)
        mount.ProtectedHidVolPassword.Length = StringLen(mount.ProtectedHidVolPassword.Text)

        mount.bProtectHiddenVolume = True
    Else
        mount.ProtectedHidVolPassword = New PASSWORD_STUCT
        mount.ProtectedHidVolPassword.Length = 0
        mount.ProtectedHidVolPassword.Text = "".PadRight(MAX_PASSWORD + 1, Chr(0))
        mount.ProtectedHidVolPassword.Pad = "".PadRight(3, Chr(0))

        mount.bProtectHiddenVolume = False
    End If

    mount.bMountReadOnly = MountOption.ReadOnly
    mount.bMountRemovable = MountOption.Removable
    mount.bPreserveTimestamp = MountOption.PreserveTimestamp

    mount.bMountManager = True

    If volumePath.Contains("\\?\") Then volumePath = volumePath.Substring(4)

    If volumePath.Contains("Volume{") And volumePath.LastIndexOf("}\") = volumePath.Length - 2 Then
        Dim resolvedPath As String = VolumeGuidPathToDevicePath(volumePath)

        If Not resolvedPath = "" Then volumePath = resolvedPath
    End If

    mount.wszVolume = volumePath.PadRight(TC_MAX_PATH, Chr(0))

    If Not bDevice Then
        'UNC
        If volumePath.StartsWith("\\") Then
            'Bla bla
        End If

        Dim bps As UInteger, flags As UInteger, d As UInteger
        If GetDiskFreeSpace(Path.GetPathRoot(volumePath), d, bps, d, d) Then
            mount.BytesPerSector = bps
        End If

        If (Not mount.bMountReadOnly) And GetVolumeInformation(Path.GetPathRoot(volumePath), Nothing, 0, Nothing, d, flags, Nothing, 0) Then
            mount.bMountReadOnly = Not (flags And FILE_READ_ONLY_VOLUME) = 0
        End If
    End If

    bResult = DeviceIoControlMount(ManagedDriver.hDriver, TC_IOCTL.MOUNT_VOLUME, mount, Marshal.SizeOf(mount), mount, Marshal.SizeOf(mount), dwResult, Nothing)

    mount.VolumePassword = Nothing
    mount.ProtectedHidVolPassword = Nothing

    If Not bResult Then
        If Marshal.GetLastWin32Error = SYSTEM_ERROR.SHARING_VIOLATION Then
            'TODO

            If Not mount.bExclusiveAccess Then
                Return TC_ERROR.FILES_OPEN_LOCK
            Else
                mount.bExclusiveAccess = False
                GoTo retry
            End If

            Return TC_ERROR.ACCESS_DENIED
        End If

        Return TC_ERROR.GENERIC
    End If

    If Not mount.nReturnCode = 0 Then Return mount.nReturnCode

    'Mount successful
    BroadcastDeviceChange(DBT_DEVICE.ARRIVAL, driveNo, 0)

    If Not mount.bExclusiveAccess Then Return TC_ERROR.OUTOFMEMORY

    Return mount.nReturnCode
End Function

TL;博士

这是一个在代码中解释的非常复杂的操作,如果您想了解它是如何工作的,请查看源代码,如果您只想使用它,请查看 NuGet。或者,如果您有具体问题,请直接提问。

原文: 我知道这很旧,但我在编写托管 TrueCrypt 安装程序时遇到了类似的问题。查看我的 GitHub 存储库:TrueCrypt 托管驱动程序(VB.NET)。它的灵感来自这个 C# 版本:truecryptapi dot codeplex dot com。我重写了很多 C# 代码以获得更受管理的接口,但它仍在进行中。我这里还有一个NuGet 包,你可以在你的项目中安装。

于 2015-06-02T16:19:07.240 回答