Archive: nsProcess plugin
nsProcess plugin
Features:
- Find/kill a process by name
- Kill all processes with specified name (not only one)
- The process name is case-insensitive
- Win95/98/ME/NT/2000/XP support
- Small plugin size (4,5 Kb)
Source function FIND_PROC_BY_NAME based upon the Ravi Kochhar code
Thanks iceman_k (FindProcDLL plugin) and
DITMan (KillProcDLL plugin) for direct me
"nsProcess" plugin v1.0
You just keep churning out the plugins. Good one.
you just rock, man.
this will revolutionize my installers :D
maybe i should collect all the good plugins into a package on day, so everyone may download and setup them easily ...
Thanks :)
Good to see "Win95/98/ME" support, thanks man!
you just rock, man.Another good idea would be making function standards and to include those in a global header for easier and pratical use.
this will revolutionize my installers
maybe i should collect all the good plugins into a package on day, so everyone may download and setup them easily ...
... and include this header file together with the plugins into the package ...
Fixed: removed CRT dependency (Windows 95 by default does not have msvcrt.dll)
"nsProcess" plugin v1.1
Changed: Now plugin used header "nsProcess.nsh" for custom user variables and
better compile errors check.
Update from previous versions:
- Insert line in script:
!include "nsProcess.nsh"
- Replace:
nsProcess::FindProcess -> ${nsProcess::FindProcess} ...
- Replace:
.r0 -> $0, .r1 -> $1 ... .R0 -> $R0, .R1 -> $R1 ...
"nsProcess" plugin v1.2
About the code
What is the benefit of using PSAPI for WinNT/2000/XP? Shouldn't the Win95/98/ME method work just as fine in this case?
Edit: Never mind. It's the Toolhelp32.dll what Windows NT does not have.
Hmm in Win95/98/ME method the hSnapShot HANDLE leaves open if the process was found and bTerminate is FALSE.
Hmm in Win95/98/ME method the hSnapShot HANDLE leaves open if the process was found and bTerminate is FALSE.You are right, fixed.
Fixed: removed memory leak.
"nsProcess" plugin v1.3
hmm I do not understand, can this plugin kill current open notepad ???
Is this able to find notepad that is currently running and kill it immediately ???
Originally posted by rxs2k5Yes and yes.
hmm I do not understand, can this plugin kill current open notepad ???
Is this able to find notepad that is currently running and kill it immediately ???
How do I create the following thing
1. remove the loop
2. find the processes to find notepad , wordpad means in mutiple form and single finding
3. kill all the following process after finding it existence
Section /o "Kill process" KillProcess
loop:
${nsProcess::FindProcess} "NoTePad.exe" $R0
StrCmp $R0 0 0 +2
MessageBox MB_OKCANCEL|MB_ICONEXCLAMATION 'Close "notepad" before continue' IDOK loop IDCANCEL end
${nsProcess::KillProcess} "NoTePad.exe" $R0
MessageBox MB_OK "nsProcess::KillProcess$\n$\n\
Errorlevel: [$R0]"
Exec "notepad.exe"
Exec "notepad.exe"
Exec "notepad.exe"
BringToFront
MessageBox MB_OK "Press OK and 3 notepad's windows will be closed"
${nsProcess::KillProcess} "NoTePad.exe" $R0
MessageBox MB_OK "nsProcess::KillProcess$\n$\n\
Errorlevel: [$R0]"
end:
${nsProcess::Unload}
SectionEnd
error code 603
I'd downloaded this plugin and had tested it. Test install script always returns Error level 603. If I run script single or with calc.exe
Help me please! What does this error mean? Where I can find error code list?
Thank you.
I have Windows XP prof x64.
Help me please! What does this error mean? Where I can find error code list?In the Readme.txt :) Unfortunatelly I can't test it on WinXP x64.
I've found that EnumProcessModules fails when is called for 64 bit applications (calc.exe is 64-bit application) on 64 bit OS with error
299
ERROR_PARTIAL_COPY
Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
I will try to find solution for this problem.
Hello Instructor.
It's me again.
Have you tried CreateToolhelp32Snapshot, Process32First, Process32Next functions on NT platforms? It works fine at my comp (I'm administrator). This functions are located in kernel32.dll as MSDN says - no psapi is required and should work on Win95/98, WinNT, Win2000 and Windows XP.
Why OpenProcess and EnumProcessModules are used for NT like OS now (Windows 2000, XP, 2003)? Only for Windows NT 4.0 support?
@oleksa
Could you try this. I removed the PSAPI and OS check and now it's using only the "Win95/98" method.
Hello {_trueparuex^}
Yes - that sample code (based on CreateToolhelp32Snapshot, Process32First, Process32Next functions) works fine on my comp. To save Windows NT 4.0 compatibility I suggest rewrite OS check from
if (osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)
if (osvi.dwPlatformId == VER_PLATFORM_WIN32_NT && osvi.dwMajorVersion <= 4)
Good. I have my own NSIS unrelated stuff based on the same code... But there is one major disadvantage in CreateToolhelp32Snapshot method. It doesn't work with file names longer than 15 characters. So trying to kill process with name like this "ThisIsPrettyLongName.exe" won't work. One solution would be simply to limit the file names to 15 characters, but that could cause kill of unintentional processes.
So let's see what Instructor gets up to with. :)
oleksa can you test it on the x64
Fixed: WinNT 4.0 by default doesn't have PSAPI.DLL. Code for WinNT/2000/XP has
been rewritten (using NTDLL.DLL). Note: on WinNT 4.0 process name limited
to 15 characters.
Changed: error codes.
"nsProcess" plugin v1.4
Instructor works fine, thank you.
looks for calc.exe (603 if process hasn't been started and 0 if process has been started)
checks does notepad.exe running and closes all three notepads succesfully.
Thank you.
But there is one major disadvantage in CreateToolhelp32Snapshot method. It doesn't work with file names longer than 15 characters. So trying to kill process with name like this "ThisIsPrettyLongName.exe" won't work.2 {_trueparuex^}
PROCESS NAME: AcroRd32.exe
PROCESS NAME: devenv.exe
PROCESS NAME: mspdbsrv.exe
PROCESS NAME: ThisIsPrettyLongName.exe
Originally posted by oleksaI wasn't aware of this before, but that 15 characters name limitation is only in win2k or older. :)
2 {_trueparuex^}
How could wou know that CreateToolhelp32Snapshot method won't work?
I have test it and all works fine:
PROCESS NAME: AcroRd32.exe
PROCESS NAME: devenv.exe
PROCESS NAME: mspdbsrv.exe
PROCESS NAME: ThisIsPrettyLongName.exe
I could post test code (from MSDN) here or send you e-mail as you wish.
Good bye.
Instructor,
There is a spyware app with a DLL that has the same name as this plug-in:
http://www3.ca.com/securityadvisor/p...x?id=453097507
This is too bad...I don't know of a way around having your plug-in associated with adware other than renaming it.
Those of you who are already using it may want to rename it to avoid having your installer raise anti-virus/spy flags when running.
Fixed: removed memory leak in WinNT/2000/XP method.
"nsProcess" plugin v1.5
Originally posted by InstructorHey,
Fixed: removed memory leak in WinNT/2000/XP method.
"nsProcess" plugin v1.5
problem trying to kill a service process. i can find the process but when i try to kill it i get return code 601 (no permission to kill process). i am running the installer as an administrator and can kill the process manually.
please help.
Killing service like that is really not very smart. Rather try to stop it with some of these methods.
http://nsis.sourceforge.net/How_do_I...heck_a_service
thanks but i already have service control implemented in the installer. the problem is when the service is unresponsive and cannot be shut down any other way. i think we can all agree that it is bad to have the installer hang indefinitely.
i found a solution by modifying the nsProcess source code and using code provided here:
http://www.alexfedotov.com/articles/killproc.asp?pane=0
Hi jpodtbc, I'm having the exact same problem as you.
Could you be so kind to post your solution here?
Thanks a lot
I ended up changing it myself. Here is the source code and dll if someone wants to use it.
thanks man...i was about to put up my modified source but you beat me to it.
No problem, I was facing a really tight deadline so I had to go for it. :)
Trojan AV Trigger
Originally posted by CharlesB2This is still happening, even with 1.5 of nsProcess. It is being detected as HackTool.ProcKill.A by several AV packages.
Hey,
Since recent update of McAfee VirusScan, the use of a previous nsProcess version was detected as a Trojan (generic prockill.a)!! The last version (1.5) does not cause the problem. Thanks a lot!
Cheers
Archive: nsProcess plugin
Re: Trojan AV Trigger
Originally posted by WhizzThe best way to handle the problem is to recompile the DLL by removing the function that kills a process, since I believe it is the one that is used by trojans. I have done it myself, if you're interested I can put it on the wiki...
This is still happening, even with 1.5 of nsProcess. It is being detected as HackTool.ProcKill.A by several AV packages.
Is there any chance of a major change with this DLL to prevent this detection? The DLL itself is really useful, but it looks like someone has used it for less than honest purposes :down: .
Re: Re: Trojan AV Trigger
Originally posted by CharlesB2That sounds good, but actually I do need the kill a process function. So taking it out would be a bit of a pain.
The best way to handle the problem is to recompile the DLL by removing the function that kills a process, since I believe it is the one that is used by trojans. I have done it myself, if you're interested I can put it on the wiki...
Cheers
Re: Re: Re: Trojan AV Trigger
Originally posted by WhizzThe source is in the archive, on the wiki page: http://nsis.sourceforge.net/NsProcess_plugin
That sounds good, but actually I do need the kill a process function. So taking it out would be a bit of a pain.
Do you have the full source (or anyone else out there) for a Micro$oft compiler and can provide a link?
I presume its coded in C/++. I might try to obfuscate it and re-compile to see if that gets it through.
when I am using this plugins, i have a problem which can not kill the old vesion of my application.
for example: i have version 1 : myservice
i make a new build, then install it, it can't kill verison 1 process?
I think it would a bug ???
Any thoughts?
Well, if version 1 is a service, as the name you gave implies, you would need to ensure that it won't auto-recover when killed.
Originally posted by JamesKillerServices are not really like a normal program process. They are controlled by the 'Services Controller' (SC) which deals with both services and devices.
when I am using this plugins, i have a problem which can not kill the old vesion of my application.
for example: i have version 1 : myservice
i make a new build, then install it, it can't kill verison 1 process?
I think it would a bug ???
Any thoughts?
What AV packages are triggered by nsProcess?
Hi,
is it still an issue that nsProcess is trigger AV packages as a trojan virus?
If so do you have a list of such AV packages?
I would like to check my installer for such problem.
I have not seen the problem since I re-compiled the source code myself, using my own compiler. Rather than using the distributed version from the download location. This is the distro version I use now.
When I was experimenting, I found that the following AV systems did trigger a false detection:
Panda
Macafee/NAI
BitDefender
F-Secure
Symantec/Norton
I did not have access to any other AV engines to test further. Actually 1 detection was too many!!! :eek:
Once I recompiled and the issue went away, then I did not test any further. Nor have I tried downloading to see if there was a newer version by the author.
I guess the original was being compiled with an non-fully patched version of MS:C++. I did no changes, just compiled and used the resultant file.
Is there source code available for the nsProcess plugn?
As stated by CharlesB2 earlier in the thread. It is in the Archive on the Wiki page.
Did you read the whole of this thread?? I guess not.:rolleyes:
Do you have a link to your re-compiled DLL by any chance, Whizz? Maybe you could add it to the wiki? I don't do much Windows programming and don't have everything set up to compile my own. You can also reach me at "a" at my domain --- littleshoot.org. Would be a huge help. I'd even paypal you $10 -- seriously.
-Adam Fisk
I've patched this plugin to add a CloseProcess method, a nicer alternative to KillProcess.
I offer no guarantees as to its quality, as C++ is not my primary skill. However, the updated nsProcess.c file is attached for anyone who might find it useful.
Any plans to make a version that could be used to kill processes by PID?
Hello,
the plugin works well for normal build of nsis under x64. However, it failed to find processes for nsis unicode build
Do you have a solution for this?
Thanks in advance
Windows 7
Hello,
FYI, the FindProcess function works on Windows 7 - even when the process was started by a different user. Thanks! ;)
It won't work on x64 Windows (unless it uses WMI).
Stu
nsProcess 1.6 with NSIS UNICODE support
It actually works for me on Win7 x64, but I have UAC prompts disabled, mb this is the reason.
Please find NSIS UNICODE/ANSI version attached, I'm too lazy to rebuild installer so you'll have to rename nsProcessW.dll to nsProcess.dll manually.
It also contains new function _CloseProcess, which tries to close all windows first, waits for 3 seconds for process to exit (so it can save all data), and then terminates it.