Validating $INSTDIR before uninstall

From NSIS Wiki

Author: Afrow UK (talk, contrib)


The install directory ($INSTDIR) is saved in the registry after a successful install and then fetched again in the uninstaller. If not fetched from the registry manually (via a ReadRegStr) then it is set to $EXEDIR (the location of the uninstaller executable). This can be problematic, especially if a lazy NSIS script writer uses RMDir /r "$INSTDIR".

What if $INSTDIR is empty because the registry key is missing? "$INSTDIR" will become "" which means that everything from the system root could be deleted INCLUDING THE OPERATING SYSTEM. This would also happen if the user ran the uninstaller from C:\ and if that uninstaller did not set $INSTDIR to anything. Also, what if the user has installed to his desktop, or perhaps to My Documents. Need I say more?

So, what can we do about this? There is only so much validation that we can do on $INSTDIR, but some is better than none at all!

The Code

!macro BadPathsCheck
StrCpy $R0 $INSTDIR "" -2
StrCmp $R0 ":\" bad
StrCpy $R0 $INSTDIR "" -14
StrCmp $R0 "\Program Files" bad
StrCpy $R0 $INSTDIR "" -8
StrCmp $R0 "\Windows" bad
StrCpy $R0 $INSTDIR "" -6
StrCmp $R0 "\WinNT" bad
StrCpy $R0 $INSTDIR "" -9
StrCmp $R0 "\system32" bad
StrCpy $R0 $INSTDIR "" -8
StrCmp $R0 "\Desktop" bad
StrCpy $R0 $INSTDIR "" -23
StrCmp $R0 "\Documents and Settings" bad
StrCpy $R0 $INSTDIR "" -13
StrCmp $R0 "\My Documents" bad done
  MessageBox MB_OK|MB_ICONSTOP "Install path invalid!"
ReadRegStr $INSTDIR HKLM "Software\MyApp" ""
IfErrors +2
StrCmp $INSTDIR "" 0 +2
# Check that the uninstall isn't dangerous.
!insertmacro BadPathsCheck
# Does path end with "\MyApp"?
!define CHECK_PATH "\MyApp"
StrLen $R1 "${CHECK_PATH}"
StrCpy $R0 $INSTDIR "" -$R1
StrCmp $R0 "${CHECK_PATH}" +3
  MessageBox MB_YESNO|MB_ICONQUESTION "Unrecognised uninstall path. Continue anyway?" IDYES +2
IfFileExists "$INSTDIR\*.*" 0 +2
IfFileExists "$INSTDIR\MyApp.exe" +3
  MessageBox MB_OK|MB_ICONSTOP "Install path invalid!"


There are some bits to change here, such as the part that checks if the path ends with "\MyApp". Obviously, if it does not, then your user may be uninstalling from somewhere else and in which case it will prompt the user with a Yes/No message box.

You may or may not want to read $INSTDIR from the registry. If not then $INSTDIR will be set to $EXEDIR and in which case you can remove the first 3 lines of the script.

Another check at the end is for MyApp.exe. If that file does not exist then the uninstall path could possibly be bad.

You can also use !insertmacro BadPathsCheck in your installer directory page's leave function to check that the user is not installing to a bad folder.

Idiot Proofing Installers

  • Don't use RMDir /r $INSTDIR

Instead, delete each file previously installed individually and then remove each folder with RMDir without the recursive (/r) switch. If you are really lazy you can write an installer to loop through your files list to generate your Delete and RMDir instructions: Invoking NSIS run-time commands on compile-time.


Personal tools