[cmd] fix hogger invocation for PowerShell

* Closes #2556.
* Also update issue template, dependabot frequency and signing cert references.
* Also harmonize segment addressing code in mbr.S.

.github/dependabot.yml

@@ -3,4 +3,4 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"

.github/issue_template.md

@@ -23,6 +23,7 @@ YOU HAVE BEEN WARNED.
 
 Checklist
 ---------
+- [ ] I have been made aware that if my problem can be summarized as _"I've created or tried to create a media using Rufus, and ..."_, and I am not including a log, **this issue will be summarily closed**.
 - [ ] I looked at https://github.com/pbatard/rufus/wiki/FAQ to see if my question has already been answered.
 - [ ] I performed a search in the issue tracker for similar issues using keywords relevant to my problem, such as the error message I got from the log.
 - [ ] I clicked the 'Log' button (🗒️) or pressed <kbd>Ctrl</kbd>-<kbd>L</kbd> in Rufus, or used [DebugView](https://learn.microsoft.com/en-us/sysinternals/downloads/debugview), and copy/pasted the log into the section that says `<FULL LOG>` below.

_sign.cmd

@@ -1,2 +1,2 @@
 @echo off
-"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool" sign /v /sha1 3dbc3a2a0e9ce8803b422cfdbc60acd33164965d /fd SHA256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td SHA256 %*
+"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool" sign /v /sha1 fc4686753937a93fdcd48c2bb4375e239af92dcb /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 %*

res/appstore/packme.cmd

@@ -27,7 +27,7 @@ del /q *.map >NUL 2>&1
 
 set WDK_PATH=C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64
 set ZIP_PATH=C:\Program Files\7-Zip
-set SIGNATURE_SHA1=3dbc3a2a0e9ce8803b422cfdbc60acd33164965d
+set SIGNATURE_SHA1=fc4686753937a93fdcd48c2bb4375e239af92dcb
 set MANIFEST=AppxManifest.xml
 set ARCHS=x86 x64 arm arm64
 set DEFAULT_SCALE=200
@@ -98,7 +98,7 @@ if "%VERSION_OVERRIDE%"=="" (
 echo Will create %VERSION% AppStore Bundle
 pause
 
-"%WDK_PATH%\signtool" sign /v /sha1 %SIGNATURE_SHA1% /fd SHA256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td SHA256 *.exe
+"%WDK_PATH%\signtool" sign /v /sha1 %SIGNATURE_SHA1% /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 *.exe
 if ERRORLEVEL 1 goto out
 
 echo [Files]> bundle.map

res/mbr/mbr.S

@@ -67,9 +67,9 @@ mbr:
 	push es
 	mov  ds, ax		# Original MBR is in segment 0
 	mov  bx, 0x0413		# McAfee thinks we are a virus if we use 413 directly...
-	mov  ax,[bx]
+	mov  ax,ds:[bx]
 	dec  ax			# Remove 1KB from the RAM for our copy
-	mov  [bx],ax
+	mov  ds:[bx],ax
 	shl  ax, 6		# Convert to segment address
 	sub  ax, MBR_ADDR>>4	# For convenience of disassembly, so that irrespective
 	mov  es, ax		# of the segment, our base address remains MBR_ADDR

src/rufus.c

@@ -65,7 +65,7 @@ enum bootcheck_return {
 	BOOTCHECK_GENERAL_ERROR = -3,
 };
 
-static const char* cmdline_hogger = "rufus.com";
+static const char* cmdline_hogger = ".\\rufus.com";
 static const char* ep_reg = "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer";
 static const char* vs_reg = "Software\\Microsoft\\VisualStudio";
 static const char* arch_name[ARCH_MAX] = {
@@ -3125,13 +3125,13 @@ static HANDLE SetHogger(void)
 	int i;
 
 	hog_data = GetResource(hMainInstance, MAKEINTRESOURCEA(IDR_XT_HOGGER),
-		_RT_RCDATA, cmdline_hogger, &hog_size, FALSE);
+		_RT_RCDATA, &cmdline_hogger[2], &hog_size, FALSE);
 	if (hog_data != NULL) {
 		// Create our synchronisation mutex
 		hogmutex = CreateMutexA(NULL, TRUE, "Global/Rufus_CmdLine");
 
 		// Extract the hogger resource
-		hFile = CreateFileA(cmdline_hogger, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ,
+		hFile = CreateFileA(&cmdline_hogger[2], GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ,
 			NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
 		if (hFile != INVALID_HANDLE_VALUE) {
 			// coverity[check_return]
@@ -3140,7 +3140,7 @@ static HANDLE SetHogger(void)
 		safe_closehandle(hFile);
 
 		// Now launch the file from the commandline, by simulating keypresses
-		input = (INPUT*)calloc(strlen(cmdline_hogger)+1, sizeof(INPUT));
+		input = (INPUT*)calloc(strlen(cmdline_hogger) + 1, sizeof(INPUT));
 		if (input != NULL) {
 			for (i = 0; i < (int)strlen(cmdline_hogger); i++) {
 				input[i].type = INPUT_KEYBOARD;
@@ -4083,7 +4083,7 @@ out:
 		ReleaseMutex(hogmutex);
 		safe_closehandle(hogmutex);
 		// Unconditional delete with retry, just in case...
-		for (i = 0; (!DeleteFileA(cmdline_hogger)) && (i <= 10); i++)
+		for (i = 0; (!DeleteFileA(&cmdline_hogger[2])) && (i <= 10); i++)
 			Sleep(200);
 	}
 	// Kill the update check thread if running

src/rufus.rc

@@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 4.6.2193"
+CAPTION "Rufus 4.6.2194"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
     LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@@ -397,8 +397,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 4,6,2193,0
- PRODUCTVERSION 4,6,2193,0
+ FILEVERSION 4,6,2194,0
+ PRODUCTVERSION 4,6,2194,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -416,13 +416,13 @@ BEGIN
             VALUE "Comments", "https://rufus.ie"
             VALUE "CompanyName", "Akeo Consulting"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "4.6.2193"
+            VALUE "FileVersion", "4.6.2194"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
             VALUE "OriginalFilename", "rufus-4.6.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "4.6.2193"
+            VALUE "ProductVersion", "4.6.2194"
         END
     END
     BLOCK "VarFileInfo"