Archive: KillProc plug-in is not working in x64 bit machines
KillProc plug-in is not working in x64 bit machines
KillProc plug-in is not working in x64 bit machines
I have written following code:
StrCpy $0 "Draw.exe"
KillProc::FindProcesses
${If} $0 > 0
StrCpy $0 "Draw.exe"
KillProc::KillProcesses
${Endif}
this code is working fine on 32 bit machine,
anyone can please suggest what to do for for killing process in x64 bit machine.
Is the process a 32-bit process or a 64-bit one? What is $1 set to after calling KillProcesses?
Stu
it is 64 bit process
process name is same but it is not able to find that process using
KillProc::FindProcesses
What is the value of $1 after the KillProcesses call?
Does the plug-in kill 32-bit processes OK?
Stu
the value of $1 after the KillProcesses call is 0
this plug in kill 32-bit machines processes sucessfully.
This is a problem with the EnumProcessModules API and 32-bit processes. It cannot enumerate modules of a 64-bit process when the caller is a 32-bit process, therefore it fails to find your process name. If you must kill your application (i.e. you cannot safely close it with WM_CLOSE for example) then you will need to write a 64-bit executable to do it that you execute with NSIS. Don't bother trying any other plug-ins either because the EnumProcessModules limitation is not plug-in specific.
Stu
I confirm the need for a 64 bit process killing ability. Anything planned about that?
Have you tried to use WMI? You should be able to query the processes (by name) and when you have the one you want to kill, call the Terminate method on the WMI process object.
Yes WMI seems to be the recommended approach to implement it, but I was more expecting a support from NSIS (or a NSIS plugin).
That said, I also found the EnumProcessModulesEx is your friend for listing both 32 and 64 bits processes, but with static linking issues however (not located in the same library since Win7).
As I've already said, EnumProcessModulesEx is no good when the calling process is 32-bit. It will return the same results as EnumProcessModules (MSDN states this too). The only way is to use WMI (or write a 64-bit app to do it).
Stu
I had the same problem and updated the code to use WMI as was suggested.
http://chironexsoftware.com/blog/?p=34
the documentation of this plugin is really poor
KillProcWMI , is an NSIS plugin based on the original KillProc plugin. KillProcWMI uses WMI to acheive the same results, which avoids problems with 32bit processes not being able to kill 64 bit processes.i have tried all options to get it working - failed
All Code is freely provided, no guarantees or warranties about its quality, use at your own risk.
Jared Allen.
ChironexSoftware.com
Did you use the DLL he provided? http://www.chironexsoftware.com/down...illProcWMI.zip
Stu
ofc - thats why i wonder it does not work.
the major problem is that i can not compile the file!
What do you mean it does not work? What do you mean you cannot compile the file? Please elaborate.
Stu
compiling
KillProc::FindProcesses
not compiling
KillProcWMI::FindProcesses
> Invalid command: KillProcWMI::FindProcesses
if i rename KillProcWMI.dll to KillProc.dll
and use the regular Killproc syntax
> Invalid command: KillProc::FindProcesses
bleh
so what is the correct syntax?
both dll are in \plugins
There is only one function KillProcWMI::KillProc (if in doubt look at the source code, or look at the output from makensis which lists all plug-in functions).
Stu
omg how stupid ist that?
ofc i can force terminating a thread but more polite is the option for user to end it manually
so i try to find the process at first but there is no plugin for x64 which can do that.
sorry, wont work here
StrCpy $0 "filename.exe"
KillProcWMI::KillProc
any new hints for 64bit?
I was successful using:
KillProcWMI::KillProc "ProcessName.exe"
In that way I guess it works more like the older KillProc Plug-in rather than the new one. However, I was able to terminate a 64-bit process on Windows Server 2008 R2 using it.
i will try next days, actually i still need WMIC to determine task and to kill it.