Last active
August 7, 2025 22:15
-
-
Save rbmm/4c0a51842251904deba3907e4ace6856 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void ght(PCWSTR lpMachineName) | |
| { | |
| HKEY hKey, hk; | |
| if (NOERROR == RegConnectRegistry(lpMachineName, HKEY_USERS, &hKey)) | |
| { | |
| ULONG i = 0; | |
| WCHAR name[SECURITY_MAX_SID_STRING_CHARACTERS + 32]; | |
| ULONG cch; | |
| LONG status; | |
| while (ERROR_NO_MORE_ITEMS != (status = RegEnumKeyExW(hKey, i++, name, &(cch = SECURITY_MAX_SID_STRING_CHARACTERS), 0, 0, 0, 0))) | |
| { | |
| if (NOERROR == status) | |
| { | |
| PSID Sid; | |
| if (ConvertStringSidToSidW(name, &Sid)) | |
| { | |
| LocalFree(Sid); | |
| wcscpy(name + cch, L"\\Volatile Environment"); | |
| switch (RegOpenKeyExW(hKey, name, REG_OPTION_VOLATILE, KEY_READ, &hk)) | |
| { | |
| case NOERROR: | |
| RegCloseKey(hk); | |
| case ERROR_ACCESS_DENIED: | |
| name[cch] = 0; | |
| DbgPrint("%ws\n", name); | |
| break; | |
| } | |
| } | |
| } | |
| } | |
| RegCloseKey(hKey); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment