EnumUsersReg: Difference between revisions

From NSIS Wiki
Jump to navigationJump to search
m (category)
(enumerate logged on users too)
Line 1: Line 1:
This script will enumerate all local users and load their registry hives (HKCU) one by one. You can use it to delete settings of logged off users.
This script will enumerate all local users and load their registry hives (HKCU) one by one. You can use it to delete settings of logged off users.
Note that registry hives of logged on users will not be loaded as [http://msdn.microsoft.com/library/en-us/sysinfo/base/regloadkey.asp RegLoadKey] doesn't seem to be able to load hives twice.
==Usage Example==
==Usage Example==
<highlight-nsis>!include "EnumUsersReg.nsh"
<highlight-nsis>!include "EnumUsersReg.nsh"
Line 16: Line 14:
Function CallbackFunction
Function CallbackFunction


ReadRegStr $0 HKU "temp.key\Software\Microsoft\Internet Explorer" "Download Directory"
Pop $0
 
ReadRegStr $0 HKU "$0\Software\Microsoft\Internet Explorer" "Download Directory"
DetailPrint $0
DetailPrint $0


Line 51: Line 51:
   System::Call "kernel32::CloseHandle(i R1)"
   System::Call "kernel32::CloseHandle(i R1)"
${EndIf}
${EndIf}
!macroend
!macro _EnumUsersReg_InvokeCallback CALLBACK SUBKEY
Push $0
Push $1
Push $R0
Push $R1
Push $R2
Push "${SUBKEY}"
Call "${CALLBACK}"
Pop $R2
Pop $R1
Pop $R0
Pop $1
Pop $0


!macroend
!macroend
Line 60: Line 80:


${If} $R2 == 0
${If} $R2 == 0
   Push $0
   !insertmacro _EnumUsersReg_InvokeCallback "${CALLBACK}" "${SUBKEY}"
  Push $1
  Push $R0
  Push $R1
  Push $R2
 
  Call "${CALLBACK}"
 
  Pop $R2
  Pop $R1
  Pop $R0
  Pop $1
  Pop $0
 
   System::Call "advapi32::RegUnLoadKey(i ${HKEY_USERS}, t '${SUBKEY}')"
   System::Call "advapi32::RegUnLoadKey(i ${HKEY_USERS}, t '${SUBKEY}')"
${EndIf}
${EndIf}
Line 100: Line 107:
Push $R1
Push $R1
Push $R2
Push $R2
# enumerate logged on users
StrCpy $R0 0
${Do}
  EnumRegKey $R1 HKU "" $R0
  ${If} $R1 != ""
    !insertmacro _EnumUsersReg_InvokeCallback $0 $R1
    IntOp $R0 $R0 + 1
  ${EndIf}
${LoopUntil} $R1 == ""
# enumerate logged off users


System::Call "kernel32::GetVersion() i .R0"
System::Call "kernel32::GetVersion() i .R0"
IntOp $R0 $R0 & 0x80000000
IntOp $R0 $R0 & 0x80000000
MessageBox MB_OK $R0


${If} $R0 == 0
${If} $R0 == 0

Revision as of 13:55, 18 June 2005

This script will enumerate all local users and load their registry hives (HKCU) one by one. You can use it to delete settings of logged off users.

Usage Example

!include "EnumUsersReg.nsh"
 
Name EnumUsersReg
OutFile EnumUsersReg.exe
 
ShowInstDetails show
 
Section
${EnumUsersReg} CallbackFunction temp.key
SectionEnd
 
Function CallbackFunction
 
Pop $0
 
ReadRegStr $0 HKU "$0\Software\Microsoft\Internet Explorer" "Download Directory"
DetailPrint $0
 
FunctionEnd

EnumUsersReg.nsh

!include "LogicLib.nsh"
 
!define TOKEN_QUERY             0x0008
!define TOKEN_ADJUST_PRIVILEGES 0x0020
 
!define SE_RESTORE_NAME         SeRestorePrivilege
 
!define SE_PRIVILEGE_ENABLED    0x00000002
 
!define HKEY_USERS              0x80000003
 
!macro _EnumUsersReg_AdjustTokens
 
StrCpy $R1 0
 
System::Call "kernel32::GetCurrentProcess() i .R0"
System::Call "advapi32::OpenProcessToken(i R0, i ${TOKEN_QUERY}|${TOKEN_ADJUST_PRIVILEGES}, \
                                         *i R1R1) i .R0"
 
${If} $R0 != 0
  System::Call "advapi32::LookupPrivilegeValue(t n, t '${SE_RESTORE_NAME}', *l .R2) i .R0"
 
  ${If} $R0 != 0
    System::Call "*(i 1, l R2, i ${SE_PRIVILEGE_ENABLED}) i .R0"
    System::Call "advapi32::AdjustTokenPrivileges(i R1, i 0, i R0, i 0, i 0, i 0)"
    System::Free $R0
  ${EndIf}
 
  System::Call "kernel32::CloseHandle(i R1)"
${EndIf}
 
!macroend
 
!macro _EnumUsersReg_InvokeCallback CALLBACK SUBKEY
 
Push $0
Push $1
Push $R0
Push $R1
Push $R2
 
Push "${SUBKEY}"
 
Call "${CALLBACK}"
 
Pop $R2
Pop $R1
Pop $R0
Pop $1
Pop $0
 
!macroend
 
!macro _EnumUsersReg_Load FILE CALLBACK SUBKEY
 
GetFullPathName /SHORT $R2 ${FILE}
System::Call "advapi32::RegLoadKey(i ${HKEY_USERS}, t '${SUBKEY}', t '${FILE}') i .R2"
 
${If} $R2 == 0
  !insertmacro _EnumUsersReg_InvokeCallback "${CALLBACK}" "${SUBKEY}"
  System::Call "advapi32::RegUnLoadKey(i ${HKEY_USERS}, t '${SUBKEY}')"
${EndIf}
 
!macroend
 
!macro EnumUsersReg CALLBACK SUBKEY
 
Push $0
Push $1
 
GetFunctionAddress $0 "${CALLBACK}"
StrCpy $1 "${SUBKEY}"
Call _EnumUsersReg
 
Pop $1
Pop $0
 
!macroend
 
!define EnumUsersReg "!insertmacro EnumUsersReg"
 
Function _EnumUsersReg
 
Push $R0
Push $R1
Push $R2
 
# enumerate logged on users
 
StrCpy $R0 0
${Do}
  EnumRegKey $R1 HKU "" $R0
  ${If} $R1 != ""
    !insertmacro _EnumUsersReg_InvokeCallback $0 $R1
 
    IntOp $R0 $R0 + 1
  ${EndIf}
${LoopUntil} $R1 == ""
 
# enumerate logged off users
 
System::Call "kernel32::GetVersion() i .R0"
IntOp $R0 $R0 & 0x80000000
 
MessageBox MB_OK $R0
 
${If} $R0 == 0
  # nt
  !insertmacro _EnumUsersReg_AdjustTokens
 
  StrCpy $R0 0
  ${Do}
    EnumRegKey $R1 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" $R0
    ${If} $R1 != ""
      ReadRegStr $R1 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$R1" \
                 ProfileImagePath
      ExpandEnvStrings $R1 $R1
 
      !insertmacro _EnumUsersReg_Load "$R1\NTUSER.DAT" $0 $1
 
      IntOp $R0 $R0 + 1
    ${EndIf}
  ${LoopUntil} $R1 == ""
${Else}
  # 9x
  ClearErrors
  FindFirst $R1 $R2 "$WINDIR\Profiles\*.*"
  ${Unless} ${Errors}
    ${Do}
      ${If} $R2 != "."
      ${AndIf} $R2 != ".."
        ${If} ${FileExists} "$WINDIR\Profiles\$R2\USER.DAT"
          !insertmacro _EnumUsersReg_Load "$WINDIR\Profiles\$R2\USER.DAT" $0 $1
        ${EndIf}
      ${EndIf}
      ClearErrors
      FindNext $R1 $R2
    ${LoopUntil} ${Errors}
    FindClose $R1
  ${EndUnless}
${Endif}
 
Pop $R2
Pop $R1
Pop $R0
 
FunctionEnd