[wue] set password not to expire when creating a local account

* Looks like using the 'net user USERNAME /logonpasswordchg:yes" might have the side effect
  of setting the main user account to expire after a few months. So to alleviate that, we'll
  just set the system policy to use passwords that never expire.
* Also clean up the PE parsing code and fix 2 Coverity warnings.
* Also fix typos, misprints and ditch the UNRELIABLE timestamp.acs.microsoft.com server.

_sign.cmd

@@ -1,2 +1,2 @@
 @echo off
-"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool" sign /v /sha1 fc4686753937a93fdcd48c2bb4375e239af92dcb /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 %*
+"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool" sign /v /sha1 fc4686753937a93fdcd48c2bb4375e239af92dcb /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 %*

res/appstore/packme.cmd

@@ -98,7 +98,7 @@ if "%VERSION_OVERRIDE%"=="" (
 echo Will create %VERSION% AppStore Bundle
 pause
 
-"%WDK_PATH%\signtool" sign /v /sha1 %SIGNATURE_SHA1% /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 *.exe
+"%WDK_PATH%\signtool" sign /v /sha1 %SIGNATURE_SHA1% /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 *.exe
 if ERRORLEVEL 1 goto out
 
 echo [Files]> bundle.map

res/hogger/hogger.asm

@@ -1,6 +1,6 @@
  ; Rufus: The Reliable USB Formatting Utility
  ; Commandline hogger, assembly version (NASM)
- ; Copyright © 2014 Pete Batard <pete@akeo.ie>
+ ; Copyright © 2014 Pete Batard <pete@akeo.ie>
  ;
  ; This program is free software: you can redistribute it and/or modify
  ; it under the terms of the GNU General Public License as published by

res/hogger/hogger.c

@@ -1,7 +1,7 @@
 /*
  * Rufus: The Reliable USB Formatting Utility
  * Commandline hogger, C version
- * Copyright © 2014 Pete Batard <pete@akeo.ie>
+ * Copyright © 2014 Pete Batard <pete@akeo.ie>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

src/hash.c

@@ -2090,7 +2090,7 @@ BOOL IsRevokedBySbat(uint8_t* buf, uint32_t len)
 		return FALSE;
 
 	// Look for a .sbat section
-	sbat = GetPeSection(buf, &sbat_len, ".sbat");
+	sbat = GetPeSection(buf, ".sbat", &sbat_len);
 	if (sbat == NULL || sbat < buf || sbat >= buf + len)
 		return FALSE;
 
@@ -2123,7 +2123,7 @@ BOOL IsRevokedBySbat(uint8_t* buf, uint32_t len)
 BOOL IsRevokedBySvn(uint8_t* buf, uint32_t len)
 {
 	wchar_t* rsrc_name = NULL;
-	uint8_t *base;
+	uint8_t *root;
 	uint32_t i, j, rsrc_rva, rsrc_len, *svn_ver;
 	IMAGE_DOS_HEADER* dos_header = (IMAGE_DOS_HEADER*)buf;
 	IMAGE_NT_HEADERS* pe_header;
@@ -2150,8 +2150,8 @@ BOOL IsRevokedBySvn(uint8_t* buf, uint32_t len)
 			img_data_dir = pe64_header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE];
 		}
 
-		base = RvaToPhysical(buf, img_data_dir.VirtualAddress);
-		rsrc_rva = FindResourceRva(FALSE, base, base, rsrc_name, &rsrc_len);
+		root = RvaToPhysical(buf, img_data_dir.VirtualAddress);
+		rsrc_rva = FindResourceRva(rsrc_name, root, root, &rsrc_len);
 		safe_free(rsrc_name);
 		if (rsrc_rva != 0) {
 			if (rsrc_len == sizeof(uint32_t)) {
@@ -2159,7 +2159,7 @@ BOOL IsRevokedBySvn(uint8_t* buf, uint32_t len)
 				if (svn_ver != NULL && *svn_ver < sbat_entries[i].version)
 					return TRUE;
 			} else {
-				uprintf("WARNING: Unexpected Microsoft SVN version size");
+				uprintf("WARNING: Unexpected Secure Version Number size");
 			}
 		}
 	}

src/parser.c

@@ -1611,8 +1611,8 @@ sbat_entry_t* GetSbatEntries(char* sbatlevel)
  * PE parsing functions
  */
 
-// Return the address of a PE section from a PE buffer
-uint8_t* GetPeSection(uint8_t* buf, uint32_t* sec_len, const char* name)
+// Return the address and (optionally) the length of a PE section from a PE buffer
+uint8_t* GetPeSection(uint8_t* buf, const char* name, uint32_t* len)
 {
 	char section_name[IMAGE_SIZEOF_SHORT_NAME] = { 0 };
 	uint32_t i, nb_sections;
@@ -1623,9 +1623,10 @@ uint8_t* GetPeSection(uint8_t* buf, uint32_t* sec_len, const char* name)
 
 	static_strcpy(section_name, name);
 
-	pe_header = (IMAGE_NT_HEADERS*)&buf[dos_header->e_lfanew];
-	if (pe_header == NULL)
+	if (buf == NULL || name == NULL)
 		return NULL;
+
+	pe_header = (IMAGE_NT_HEADERS*)&buf[dos_header->e_lfanew];
 	if (pe_header->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 || pe_header->FileHeader.Machine == IMAGE_FILE_MACHINE_ARM) {
 		section_header = (IMAGE_SECTION_HEADER*)(&pe_header[1]);
 		nb_sections = pe_header->FileHeader.NumberOfSections;
@@ -1636,7 +1637,8 @@ uint8_t* GetPeSection(uint8_t* buf, uint32_t* sec_len, const char* name)
 	}
 	for (i = 0; i < nb_sections; i++) {
 		if (memcmp(section_header[i].Name, section_name, sizeof(section_name)) == 0) {
-			*sec_len = section_header->SizeOfRawData;
+			if (len != NULL)
+				*len = section_header->SizeOfRawData;
 			return &buf[section_header[i].PointerToRawData];
 		}
 	}
@@ -1652,10 +1654,10 @@ uint8_t* RvaToPhysical(uint8_t* buf, uint32_t rva)
 	IMAGE_NT_HEADERS64* pe64_header;
 	IMAGE_SECTION_HEADER* section_header;
 
-	pe_header = (IMAGE_NT_HEADERS*)&buf[dos_header->e_lfanew];
-	if (pe_header == NULL)
+	if (buf == NULL)
 		return NULL;
 
+	pe_header = (IMAGE_NT_HEADERS*)&buf[dos_header->e_lfanew];
 	if (pe_header->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 || pe_header->FileHeader.Machine == IMAGE_FILE_MACHINE_ARM) {
 		section_header = (IMAGE_SECTION_HEADER*)(pe_header + 1);
 		nb_sections = pe_header->FileHeader.NumberOfSections;
@@ -1677,32 +1679,37 @@ uint8_t* RvaToPhysical(uint8_t* buf, uint32_t rva)
 
 // Using the MS APIs to poke the resources of the EFI bootloaders is simply TOO. DAMN. SLOW.
 // So, to QUICKLY access the resources we need, we reivent Microsoft's sub-optimal resource parser.
-uint32_t FindResourceRva(BOOL found, uint8_t* base, uint8_t* cur, const wchar_t* name, uint32_t* len)
+static BOOL FoundResourceRva = FALSE;
+uint32_t FindResourceRva(const wchar_t* name, uint8_t* root, uint8_t* dir, uint32_t* len)
 {
 	uint32_t rva;
 	WORD i;
-	IMAGE_RESOURCE_DIRECTORY* dir = (IMAGE_RESOURCE_DIRECTORY*)cur;
-	IMAGE_RESOURCE_DIRECTORY_ENTRY* dir_entry = (IMAGE_RESOURCE_DIRECTORY_ENTRY*)&dir[1];
+	IMAGE_RESOURCE_DIRECTORY* _dir = (IMAGE_RESOURCE_DIRECTORY*)dir;
+	IMAGE_RESOURCE_DIRECTORY_ENTRY* dir_entry = (IMAGE_RESOURCE_DIRECTORY_ENTRY*)&_dir[1];
 	IMAGE_RESOURCE_DIR_STRING_U* dir_string;
 	IMAGE_RESOURCE_DATA_ENTRY* data_entry;
 
-	if (base == NULL || cur == NULL || name == NULL)
+	if (root == NULL || dir == NULL || name == NULL)
 		return 0;
 
-	for (i = 0; i < dir->NumberOfNamedEntries + dir->NumberOfIdEntries; i++) {
-		if (!found && i < dir->NumberOfNamedEntries) {
-			dir_string = (IMAGE_RESOURCE_DIR_STRING_U*)(base + dir_entry[i].NameOffset);
+	// Initial invocation should always start at the root
+	if (root == dir)
+		FoundResourceRva = FALSE;
+
+	for (i = 0; i < _dir->NumberOfNamedEntries + _dir->NumberOfIdEntries; i++) {
+		if (!FoundResourceRva && i < _dir->NumberOfNamedEntries) {
+			dir_string = (IMAGE_RESOURCE_DIR_STRING_U*)(root + dir_entry[i].NameOffset);
 			if (dir_string->Length != wcslen(name) ||
 				memcmp(name, dir_string->NameString, wcslen(name)) != 0)
 				continue;
-			found = TRUE;
+			FoundResourceRva = TRUE;
 		}
 		if (dir_entry[i].OffsetToData & IMAGE_RESOURCE_DATA_IS_DIRECTORY) {
-			rva = FindResourceRva(found, base, &base[dir_entry[i].OffsetToDirectory], name, len);
+			rva = FindResourceRva(name, root, &root[dir_entry[i].OffsetToDirectory], len);
 			if (rva != 0)
 				return rva;
-		} else if (found) {
-			data_entry = (IMAGE_RESOURCE_DATA_ENTRY*)(base + dir_entry[i].OffsetToData);
+		} else if (FoundResourceRva) {
+			data_entry = (IMAGE_RESOURCE_DATA_ENTRY*)(root + dir_entry[i].OffsetToData);
 			if (len != NULL)
 				*len = data_entry->Size;
 			return data_entry->OffsetToData;

src/rufus.c

@@ -1608,7 +1608,7 @@ static DWORD WINAPI BootCheckThread(LPVOID param)
 			const char* msg;
 
 			for (i = 0; i < ARRAYSIZE(img_report.efi_boot_path) && img_report.efi_boot_path[i][0] != 0; i++) {
-				static const char* revocation_type[] = { "UEFI DBX", "Windows SecuritySiPolicy", "Linux SBAT", "Windows SVN" };
+				static const char* revocation_type[] = { "UEFI DBX", "Windows SSP", "Linux SBAT", "Windows SVN" };
 				len = ReadISOFileToBuffer(image_path, img_report.efi_boot_path[i], &buf);
 				if (len == 0) {
 					uprintf("Warning: Failed to extract '%s' to check for UEFI revocation", img_report.efi_boot_path[i]);

src/rufus.h

@@ -831,9 +831,9 @@ extern HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAcce
 	DWORD dwFlagsAndAttributes, LONGLONG fileSize);
 extern uint32_t ResolveDllAddress(dll_resolver_t* resolver);
 extern sbat_entry_t* GetSbatEntries(char* sbatlevel);
-extern uint8_t* GetPeSection(uint8_t* buf, uint32_t* sec_len, const char* name);
+extern uint8_t* GetPeSection(uint8_t* buf, const char* name, uint32_t* len);
 extern uint8_t* RvaToPhysical(uint8_t* buf, uint32_t rva);
-extern uint32_t FindResourceRva(BOOL found, uint8_t* base, uint8_t* cur, const wchar_t* name, uint32_t* len);
+extern uint32_t FindResourceRva(const wchar_t* name, uint8_t* root, uint8_t* dir, uint32_t* len);
 #define GetTextWidth(hDlg, id) GetTextSize(GetDlgItem(hDlg, id), NULL).cx
 
 DWORD WINAPI HashThread(void* param);

src/rufus.rc

@@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 4.6.2197"
+CAPTION "Rufus 4.6.2198"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
     LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@@ -397,8 +397,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 4,6,2197,0
- PRODUCTVERSION 4,6,2197,0
+ FILEVERSION 4,6,2198,0
+ PRODUCTVERSION 4,6,2198,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -416,13 +416,13 @@ BEGIN
             VALUE "Comments", "https://rufus.ie"
             VALUE "CompanyName", "Akeo Consulting"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "4.6.2197"
+            VALUE "FileVersion", "4.6.2198"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
             VALUE "OriginalFilename", "rufus-4.6.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "4.6.2197"
+            VALUE "ProductVersion", "4.6.2198"
         END
     END
     BLOCK "VarFileInfo"

src/stdfn.c

@@ -738,7 +738,7 @@ out:
 /*
  * Get a resource from the RC. If needed that resource can be duplicated.
  * If duplicate is true and len is non-zero, the a zeroed buffer of 'len'
- * size is allocated for the resource. Else the buffer is allocate for
+ * size is allocated for the resource. Else the buffer is allocated for
  * the resource size.
  */
 uint8_t* GetResource(HMODULE module, char* name, char* type, const char* desc, DWORD* len, BOOL duplicate)

src/wue.c

@@ -194,6 +194,12 @@ char* CreateUnattendXml(int arch, int flags)
 					fprintf(fd, "          <Order>%d</Order>\n", order++);
 					fprintf(fd, "          <CommandLine>net user &quot;%s&quot; /logonpasswordchg:yes</CommandLine>\n", unattend_username);
 					fprintf(fd, "        </SynchronousCommand>\n");
+					// Some people report that using the `net user` command above might reset the password expiration to 90 days...
+					// To alleviate that, blanket set passwords on the target machine to never expire.
+					fprintf(fd, "        <SynchronousCommand wcm:action=\"add\">\n");
+					fprintf(fd, "          <Order>%d</Order>\n", order++);
+					fprintf(fd, "          <CommandLine>net accounts /maxpwage:unlimited</CommandLine>\n");
+					fprintf(fd, "        </SynchronousCommand>\n");
 					fprintf(fd, "      </FirstLogonCommands>\n");
 				}
 			}