Enumerate User Privileges: Difference between revisions

From NSIS Wiki
Jump to navigationJump to search
No edit summary
 
(One intermediate revision by the same user not shown)
Line 38: Line 38:
stop:
stop:


System::Free $0
System::Free $R1
System::Call 'advapi32::LsaFreeMemory(i R2) i .R8'
System::Call 'advapi32::LsaFreeMemory(i R2) i .R8'
System::Call 'advapi32::LsaClose(i R0) i .R8'
System::Call 'advapi32::LsaClose(i R0) i .R8'
</highlight-nsis>
</highlight-nsis>


== Notes ==
== Notes ==
Line 64: Line 65:


[[Category:Code Examples]]
[[Category:Code Examples]]
[[User:CancerFace|CancerFace]] 03:31, 3 February 2007 (PST)

Latest revision as of 11:31, 3 February 2007

Author: CancerFace (talk, contrib)


NSIS forum thread started by user RobGrant


Description

The following code will enumerate the rights that a given user has. For a list of rights check this MSDN page. The code demonstrates how the rights can be passed to an NSIS variable ($4). The LsaEnumerateAccountRights return code registered on $R8 can be translated into a Windows Error Code using LsaNtStatusToWinError. If the user has no extra rights the error code registered on $R9 is equal to 2.


Code

!define POLICY_LOOKUP_NAMES 0x00000800
!define strLSA_OBJECT_ATTRIBUTES '(i,i,w,i,i,i)i'
!define strLSA_UNICODE_STRING '(&i2,&i2,w)i'
 
System::Call '*${strLSA_OBJECT_ATTRIBUTES}(24,n,n,0,n,n).r0'
System::Call 'advapi32::LsaOpenPolicy(w n, i r0, i ${POLICY_LOOKUP_NAMES}, *i .R0) i.R8'
StrCpy $2 "$UserName" # define this somewhere
StrCpy $3 ${NSIS_MAX_STRLEN}
System::Call '*(&w${NSIS_MAX_STRLEN})i.R1'
System::Call 'Advapi32::LookupAccountNameW(w n, w r2, i R1, *i r3, w .R8, *i r3, *i .r4) i .R8'
 
# Enumerate the rights
; R2 is the pointer to an array of LSA_UNICODE_STRING structures
; R3 is a variable that receives the number of privileges in the R2 array
System::Call 'advapi32::LsaEnumerateAccountRights(i R0, i R1, *i .R2, *i .R3)i.R8'
System::Call 'advapi32::LsaNtStatusToWinError(i R8) i.R9'
 
# Get the rights out to $4
StrCpy $9 0
loop:
 StrCmp $9 $R3 stop
 System::Call '*$R2${strLSA_UNICODE_STRING}(.r2,.r3,.r4)'
 DetailPrint 'Got Privilege $4'
 IntOp $R2 $R2 + 8
 IntOp $9 $9 + 1
 Goto loop
stop:
 
System::Free $0
System::Free $R1
System::Call 'advapi32::LsaFreeMemory(i R2) i .R8'
System::Call 'advapi32::LsaClose(i R0) i .R8'

Notes

  • If the LsaOpenPolicy call is succesful then $R8 = 0
  • If the LookupAccountName call is succesful then $R8 <> 0
  • If the LsaEnumerateAccountRights call is succesful then $R8 = 0
  • If the user has no rights then the LsaNtStatusToWinError call returns $R9 = 2


Resources and Links

  • NSIS forum thread started by user RobGrant
  • List of possible rights returned by the LsaEnumerateAccountRights API call


API Functions used:

CancerFace 03:31, 3 February 2007 (PST)