mirror of
https://github.com/pbatard/rufus.git
synced 2025-06-02 23:59:53 -04:00
[wue] add setup wrapper to add bypasses for in-place upgrades of Windows 11 24H2
* Per https://forums.mydigitallife.net/threads/win-11-boot-and-upgrade-fix-kit-v5-0-released.83724/ Windows 11 24H2 requires new registry bypasses to be applied to perform in-place upgrade on non officially supported platforms, and those need to be enacted before running setup.exe. * In order to streamline this, and because those registry bypasses require elevation, we rename setup.exe to setup.dll and add our own setup.exe wrapper to set the registry and then call the original setup.exe (through setup.dll). * See https://github.com/pbatard/rufus/issues/2568 * Also fix some MinGW build warnings. * Also fix the annoyance of TortoiseGit/Notepad++ altering the copyright symbol of rufus.rc.
This commit is contained in:
Pete Batard
parent
98a42a235f
commit
c800448c62
12 changed files with 96 additions and 32 deletions
|
|
@ -1,4 +1,4 @@
|
|||
Rufus: The Reliable USB Formatting Utility - Windows 11 setup.exe wrapper
|
||||
Rufus: The Reliable USB Formatting Utility - Windows 11 Setup wrapper
|
||||
|
||||
# Description
|
||||
|
||||
|
|
@ -18,12 +18,26 @@ Our solution then is to have Rufus rename the original 'setup.exe' to 'setup.dll
|
|||
insert a small 'setup.exe' that'll perform elevation, add the registry key, and
|
||||
launch the original setup, which is exactly what this project does.
|
||||
|
||||
Now, obviously, the fact that we "inject" a setup executable may leave people
|
||||
uncomfortable about the possibility that we might use this as a malware vector,
|
||||
which is also why we make sure that the one we sign and embed in Rufus does get
|
||||
built using GitHub Actions and can be validated to not have been tampered through
|
||||
SHA-256 validation (Since we produce SHA-256 hashes during the build process per:
|
||||
Oh and it should be noted that, the issues you might see with Setup not restarting
|
||||
in the foreground after it updates, or not being able to launch at all for a while
|
||||
if you happen to cancel before starting the installation, have *NOTHING* to do with
|
||||
using this setup wrapper, but come from Microsoft themselves. You can validate that
|
||||
these issues exist even when running setup.exe without the wrapper...
|
||||
|
||||
# Security considerations
|
||||
|
||||
Obviously, the fact that we "inject" a setup executable may leave people uncomfortable
|
||||
about the possibility that we might use this as a malware vector, which is also why we
|
||||
make sure that the one we sign and embed in Rufus does get built using GitHub Actions
|
||||
and can be validated to not have been tampered through SHA-256 validation (Since we
|
||||
produce SHA-256 hashes during the build process per:
|
||||
https://github.com/pbatard/rufus/blob/master/.github/workflows/setup.yml).
|
||||
|
||||
Also note that, since these are the only platforms Windows 11 supports, we only
|
||||
build for x64 and ARM64.
|
||||
Per the https://github.com/pbatard/rufus/actions/runs/11195726475 GitHub Actions
|
||||
workflow run, the SHA-256 for the executables (before signature was applied) were:
|
||||
* 4e99f49b456781c92d2010a626706557df69334c6fc71ac129625f41fa311dd8 *./setup_x64.exe
|
||||
* a0d7dea2228415eb5afe34419a31eeda90f9b51338f47bc8a5ef591054277f4b *./setup_arm64.exe
|
||||
|
||||
You will also find the VirusTotal reports for the current signed executable at:
|
||||
* https://www.virustotal.com/gui/file/a74dbfc0e2a5b2e3fd4ad3f9fdaea0060c5d29a16151b9a570a9bd653db966a7/detection
|
||||
* https://www.virustotal.com/gui/file/629fdda27e200ec98703a7606ca4e2d0e44c578341779e4d5c447d45fc860c69/detection
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ static BOOL RegWriteKey(HKEY hKeyRoot, CHAR* lpKeyParent, CHAR* lpKeyName, DWORD
|
|||
|
||||
if (RegCreateKeyExA(hKeyRoot, lpKeyParent, 0, NULL, 0, KEY_SET_VALUE | KEY_QUERY_VALUE, NULL, &hKey, &dwDisp) != ERROR_SUCCESS)
|
||||
return FALSE;
|
||||
|
||||
|
||||
r = (RegSetValueExA(hKey, lpKeyName, 0, dwType, lpData, dwDataSize) == ERROR_SUCCESS);
|
||||
RegCloseKey(hKey);
|
||||
|
||||
|
|
@ -104,7 +104,8 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
|
|||
if (dwAttrib == INVALID_FILE_ATTRIBUTES || dwAttrib & FILE_ATTRIBUTE_DIRECTORY)
|
||||
MessageBoxA(NULL, "ERROR: 'setup.dll' was not found", "Windows setup error", MB_OK | MB_ICONWARNING);
|
||||
|
||||
// Apply the registry bypasses to enable Windows 11 24H2 in-place upgrade
|
||||
// Apply the registry bypasses to enable Windows 11 24H2 in-place upgrade. Credits to:
|
||||
// https://forums.mydigitallife.net/threads/win-11-boot-and-upgrade-fix-kit-v5-0-released.83724/
|
||||
RegDeleteNode(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\CompatMarkers");
|
||||
RegDeleteNode(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Shared");
|
||||
RegDeleteNode(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators");
|
||||
|
|
|
|||
BIN
res/setup/setup_arm64.exe
Normal file
BIN
res/setup/setup_arm64.exe
Normal file
Binary file not shown.
BIN
res/setup/setup_x64.exe
Normal file
BIN
res/setup/setup_x64.exe
Normal file
Binary file not shown.
Loading…
Add table
Add a link
Reference in a new issue