Old 22nd April 2016, 14:23   #1
scottabogardus
Junior Member
 
Join Date: Apr 2016
Posts: 4
Security Setting prevent WinVer functions from working

I am trying to update my NSIS script for making an installer that we have been using for years. Recently, my company has implemented HIPS and this seems to have affected the installers attempt to check the Window's version on the computer.

The code I am using is:

; First off, make sure we're using a minimum of Windows XP SP2...
${If} ${AtMostWinXP}
${AndIf} ${AtMostServicePack} 1
MessageBox MB_OK "This installer requires a minimum of Windows XP Service Pack 2. Please upgrade and rerun the installer."
Abort
${EndIf}

I am running the installer on a Windows 7 computer, but this check fails and I get the message about needing to upgrade to XP SP2 and then it Aborts.

Through investigation with my IT, they gave me a script to disable the HIPS and the installer works just fine.

So, what I am trying to figure out is:
1. Where is "AtMostWinXP" looking to get the current Windows version on the computer. (Registry, if so where?) How does "AtMostWinXP" work?

2. What is a work around to allow me to check the windows version since our HIPS is preventing me from getting to that information...other than turn off HIPS during install. That is not something that we can do for each user that is trying to install the program.

-- Side note: I saw many scripts online that talk about getting the windows version from the registry: HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion. And then you can check yourself to determine what version is running. The examples showed "VersionNumber" as being a variable at this registry location, but our systems do not seem to have this "VersionNumber". Is it hidden somehow? Is it located somewhere else?

Thanks in advance for any help.
scottabogardus is offline   Reply With Quote
Old 22nd April 2016, 14:57   #2
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 4,818
WinVer.nsh calls the GetVersionEx function. This has been the documented way to check the Windows version for 20 years. (Microsoft has recently deprecated it in favor of VerifyVersionInfo but that is no reason for HIPS (whatever that is) to block it)

The way it calls this function is by using the System plugin which some ignorant tools might flag as suspicious.

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 22nd April 2016, 15:13   #3
scottabogardus
Junior Member
 
Join Date: Apr 2016
Posts: 4
Cool

Well, I am suspecting that where the HIPS requirements are being pushed from may indeed fall into that category. I can't explain it otherwise. Because as soon as you disable the HIPS stuff, the version checks work with no problem.

Thanks for the quick response. I guess we need to decide what we are going to do. It may just come down to assuming that everyone surely is running Windows XP SP 2 or higher that would be using our tools. Therefore, we remove the version checks altogether.
scottabogardus is offline   Reply With Quote
Old 22nd April 2016, 15:15   #4
scottabogardus
Junior Member
 
Join Date: Apr 2016
Posts: 4
Oh...HIPS is Host Intrusion Prevention System - . In essence it's a program that alerts the user to a malware program such as a virus that may be trying to run on the user's computer, or that an unauthorized user such as a hacker may have gained access to the user's computer.
scottabogardus is offline   Reply With Quote
Old 22nd April 2016, 16:04   #5
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 4,818
You could probably find a usable registry entry to check but I would rather check the version of system files with something like this:

PHP Code:
/*!macro _WinVerCustomMakeDllVer a b c d
IntOp $1 ${a} << 16
IntOp $2 ${b} & 0x0000ffff
IntOp $3 ${c} << 16
IntOp $4 ${d} & 0x0000ffff
IntOp $1 $1 | $2
IntOp $3 $3 | $4
IntFmt $1 "0x%.8x" $1
IntFmt $3 "0x%.8x" $3
DetailPrint "DEBUG: ${a}.${b}.${c}.${d} = $1 $3"
!macroend*/

!macro _WinVerCustom_AtLeastDllVer _a _b _t _f
!insertmacro _LOGICLIB_TEMP
Push 
$0
GetDLLVersion 
"$SysDir\KERNEL32.DLL" $0 $_LOGICLIB_TEMP
IntCmpU 
${_a} $"" ++3
IntCmpU 
${_b$_LOGICLIB_TEMP "" "" +2
StrCpy $_LOGICLIB_TEMP 
"+"
Pop $0
!insertmacro _== $_LOGICLIB_TEMP "+" `${_t}` `${_f}`
!
macroend
!define SysDllAtLeastWinXPSP2 `0x00050001 WinVerCustom_AtLeastDllVer 0x0a280884`
!
define SysDllAtLeastWin8SP0  `0x00060002 WinVerCustom_AtLeastDllVer 0`


!include 
LogicLib.nsh
Section
${If} ${SysDllAtLeastWinXPSP2}
    
DetailPrint "Ready Go"
${Else}
    
DetailPrint "Wait A Minute"
    
Quit
${EndIf}
SectionEnd 
(I just threw this together and did not test much)

It would not surprise me if this HIPS application has decided to block all executables in %Temp%...

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 22nd April 2016, 17:30   #6
scottabogardus
Junior Member
 
Join Date: Apr 2016
Posts: 4
Smile

Thanks!

You are spot on. I was talking to the IT guys and that is something that they mentioned...running things out of %TEMP%.
scottabogardus is offline   Reply With Quote
Old 22nd April 2016, 18:32   #7
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 4,818
This is a stupid restriction, malware could write all over %AppData% or %LocalAppdata% as well if they wanted to.

You can change the NSIS plugin directory in NSIS v3+ with this:
PHP Code:
Function .onInit
UnsafeStrCpy $pluginsdir 
"$localappdata\myappsetuptemp"
CreateDirectory $pluginsdir
FunctionEnd 

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Reply
Go Back   Winamp & SHOUTcast Forums > Developer Center > NSIS Discussion

Tags
nsis, version, winver

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump