nsProcess plugin

[Whizz]

Quote:

Originally posted by CharlesB2
The best way to handle the problem is to recompile the DLL by removing the function that kills a process, since I believe it is the one that is used by trojans. I have done it myself, if you're interested I can put it on the wiki...

Cheers

That sounds good, but actually I do need the kill a process function. So taking it out would be a bit of a pain.

Do you have the full source (or anyone else out there) for a Micro$oft compiler and can provide a link?

I presume its coded in C/++. I might try to obfuscate it and re-compile to see if that gets it through.

[CharlesB2]

Quote:

Originally posted by Whizz
That sounds good, but actually I do need the kill a process function. So taking it out would be a bit of a pain.

Do you have the full source (or anyone else out there) for a Micro$oft compiler and can provide a link?

I presume its coded in C/++. I might try to obfuscate it and re-compile to see if that gets it through.

The source is in the archive, on the wiki page: http://nsis.sourceforge.net/NsProcess_plugin

Cheers

[JamesKiller]

when I am using this plugins, i have a problem which can not kill the old vesion of my application.
for example: i have version 1 : myservice
i make a new build, then install it, it can't kill verison 1 process?
I think it would a bug ???
Any thoughts?

[goldy1064]

Well, if version 1 is a service, as the name you gave implies, you would need to ensure that it won't auto-recover when killed.

[Whizz]

Quote:

Originally posted by JamesKiller
when I am using this plugins, i have a problem which can not kill the old vesion of my application.
for example: i have version 1 : myservice
i make a new build, then install it, it can't kill verison 1 process?
I think it would a bug ???
Any thoughts?

Services are not really like a normal program process. They are controlled by the 'Services Controller' (SC) which deals with both services and devices.

You should 'stop' your service officially, advise the SC to remove it from the database, update it, reload into the database and then 'start' it again.

If it is a protected service, then you have to advise the SC to make the changes at next boot up. Which is really quite difficult in the newer OS's of XP/Vista. And probably you shouldn't be touching anyway.

NSProcess is probably not the plugin for you when dealing with services.

[M-Force]

Hi,

is it still an issue that nsProcess is trigger AV packages as a trojan virus?
If so do you have a list of such AV packages?
I would like to check my installer for such problem.

[Whizz]

I have not seen the problem since I re-compiled the source code myself, using my own compiler. Rather than using the distributed version from the download location. This is the distro version I use now.

When I was experimenting, I found that the following AV systems did trigger a false detection:

Panda
Macafee/NAI
BitDefender
F-Secure
Symantec/Norton

I did not have access to any other AV engines to test further. Actually 1 detection was too many!!!

Once I recompiled and the issue went away, then I did not test any further. Nor have I tried downloading to see if there was a newer version by the author.

I guess the original was being compiled with an non-fully patched version of MS:C++. I did no changes, just compiled and used the resultant file.

[99999999]

Is there source code available for the nsProcess plugn?

[Whizz]

As stated by CharlesB2 earlier in the thread. It is in the Archive on the Wiki page.

Did you read the whole of this thread?? I guess not.

[afisk]

Do you have a link to your re-compiled DLL by any chance, Whizz? Maybe you could add it to the wiki? I don't do much Windows programming and don't have everything set up to compile my own. You can also reach me at "a" at my domain --- littleshoot.org. Would be a huge help. I'd even paypal you $10 -- seriously.

-Adam Fisk

[arantius]

I've patched this plugin to add a CloseProcess method, a nicer alternative to KillProcess.

I offer no guarantees as to its quality, as C++ is not my primary skill. However, the updated nsProcess.c file is attached for anyone who might find it useful.

[Ivan Andreevich]

Any plans to make a version that could be used to kill processes by PID?

[skuallpa]

Hello,

the plugin works well for normal build of nsis under x64. However, it failed to find processes for nsis unicode build

Do you have a solution for this?

Thanks in advance

[roderickm]

Hello,

FYI, the FindProcess function works on Windows 7 - even when the process was started by a different user. Thanks!

[Afrow UK]

It won't work on x64 Windows (unless it uses WMI).

Stu

[brainsucker]

It actually works for me on Win7 x64, but I have UAC prompts disabled, mb this is the reason.

Please find NSIS UNICODE/ANSI version attached, I'm too lazy to rebuild installer so you'll have to rename nsProcessW.dll to nsProcess.dll manually.

It also contains new function _CloseProcess, which tries to close all windows first, waits for 3 seconds for process to exit (so it can save all data), and then terminates it.

[mrjohn]

Hi,for me this plugin doesn't work,I'm on W10x64 ,NSIS v3.02.1
Example code always returns value 6 for any process tested

There is other alternative to find a running process?

thanks!

[r2du-soft]

Quote:

Originally Posted by mrjohn

Hi,for me this plugin doesn't work,I'm on W10x64 ,NSIS v3.02.1
Example code always returns value 6 for any process tested

There is other alternative to find a running process?

thanks!

hi my friend
also i have windows 10 x64
i tested,everything is right,Perhaps you are faced with this problem: in windows 10 Calc.exe process name is Calculator.exe you must edit example scrip!
if plugin not found process name return 603 and if find process return 0 !
this is nsProcess plugin return values:

HTML Code:

// Return codes are as follows:
//   0   = Success
//   601 = No permission to terminate process
//   602 = Not all processes terminated successfully
//   603 = Process was not currently running
//   604 = Unable to identify system type
//   605 = Unsupported OS
//   606 = Unable to load NTDLL.DLL
//   607 = Unable to get procedure address from NTDLL.DLL
//   608 = NtQuerySystemInformation failed
//   609 = Unable to load KERNEL32.DLL
//   610 = Unable to get procedure address from KERNEL32.DLL
//   611 = CreateToolhelp32Snapshot failed

if you have problem with nsProcess plugin,try this:

HTML Code:

	FindProcDLL::FindProc "Calculator.exe"
	MessageBox MB_OK "$R0"

if not found process return 0
and if found process return 1

[mrjohn]

I've solved for my case using a simple trick:trying to open main exe file for append and catch error in case if it is running

[mrjohn]

@r2du-soft: I've done test again, nsProcess 1.6 gives me always value 6 for any process tested,and your second solution gives always 0,dll downloaded from there

[tnteverett]

The ZIP file has only one DLL and unzipping does not put it in the right directory. Not knowing where it goes, this is what I have done.

Installation file: 20140806212030!NsProcess.zip
Instructions:
Copy to the base installation directory of NSIS, typically "C:\Program Files (x86)\NSIS"
Using WinZip, right click and select "Extract to Here"
This action puts files in the wrong place. You will need to move the following files.
Move "C:\Program Files (x86)\NSIS\Plugin\nsProcess.dll"
to
"C:\Program Files (x86)\NSIS\Plugins\x86-ansi\nsProcess.dll"
and
"C:\Program Files (x86)\NSIS\Plugins\x86-unicode\nsProcess.dll"

I assume the right place is ansi but did not want to test it further, just wanted it to work.

Note that the NsProcess.zip downloads but will not open.
Same problem with nsProcess_1_6.7z

When will ZIP release be fixed to include both and in the right directories?
C:\Program Files (x86)\NSIS\Plugins\x86-unicode
C:\Program Files (x86)\NSIS\Plugins\x86-ansi

[Fildor]

Hi there,

I currently have a problem with nsProcess Plugin on my Windows 10 x64 development machine.

Please have a look into this Stackoverflow Question:
https://stackoverflow.com/questions/...ss-not-running

Regards, Stephan

[Fildor]

^^ Solved. It was a stupid mistake. Sorry for bothering. The Plugin works exceptionally fine!

Thanks to all.

[ann0see]

I just downloaded the zip file from this link: https://nsis.sourceforge.io/mediawik.../NsProcess.zip but unfortunately Windows 10 powershell and Windows Explorer tell me that the file is corrupt. 7Zip can extract it, but I can't use it with my powershell script.

Does anybody know how to fix the .zip file or are there any other .zip (not 7zip) mirrors?

[ann0see]

According to pjones here: https://github.com/corrados/jamulus/...ment-761690094

It seems as if the file is in fact a 7zip file. Unfortunately we need a .zip file since windows doesn't natively support 7zip. I'll upload the zip file here (and then let the script download it from here; That's of course not optimal). Is it allowed to host the dll on our own page?

[ann0see]

This is now the "real" zip file.

[ann0see]

It would be great if this plugin would use an official (FOSS) license so that we don't need to download the .zip file from a forum post. See: https://github.com/corrados/jamulus/issues/859

We would really appreciate an answer here.

[Anders]

Quote:

Originally Posted by ann0see

It would be great if this plugin would use an official (FOSS) license so that we don't need to download the .zip file from a forum post

The nsProcess plug-in also exists on the NSIS wiki and all files on this wiki are ZLib licensed unless otherwise noted.

[ann0see]

> The nsProcess plug-in also exists on the NSIS wiki and all files on this wiki are ZLib licensed unless otherwise noted.


Great to hear thanks for your reply! So we will probably host it ourselves or include it in the repo.