No announcement yet.

nsProcess plugin

  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    What AV packages are triggered by nsProcess?


    is it still an issue that nsProcess is trigger AV packages as a trojan virus?
    If so do you have a list of such AV packages?
    I would like to check my installer for such problem.


    • #47
      I have not seen the problem since I re-compiled the source code myself, using my own compiler. Rather than using the distributed version from the download location. This is the distro version I use now.

      When I was experimenting, I found that the following AV systems did trigger a false detection:


      I did not have access to any other AV engines to test further. Actually 1 detection was too many!!!

      Once I recompiled and the issue went away, then I did not test any further. Nor have I tried downloading to see if there was a newer version by the author.

      I guess the original was being compiled with an non-fully patched version of MS:C++. I did no changes, just compiled and used the resultant file.


      • #48
        Is there source code available for the nsProcess plugn?


        • #49
          As stated by CharlesB2 earlier in the thread. It is in the Archive on the Wiki page.

          Did you read the whole of this thread?? I guess not.


          • #50
            Do you have a link to your re-compiled DLL by any chance, Whizz? Maybe you could add it to the wiki? I don't do much Windows programming and don't have everything set up to compile my own. You can also reach me at "a" at my domain --- Would be a huge help. I'd even paypal you $10 -- seriously.

            -Adam Fisk


            • #51
              I've patched this plugin to add a CloseProcess method, a nicer alternative to KillProcess.

              I offer no guarantees as to its quality, as C++ is not my primary skill. However, the updated nsProcess.c file is attached for anyone who might find it useful.
              Attached Files


              • #52
                Any plans to make a version that could be used to kill processes by PID?


                • #53

                  the plugin works well for normal build of nsis under x64. However, it failed to find processes for nsis unicode build

                  Do you have a solution for this?

                  Thanks in advance
                  Website :


                  • #54
                    Windows 7


                    FYI, the FindProcess function works on Windows 7 - even when the process was started by a different user. Thanks!


                    • #55
                      It won't work on x64 Windows (unless it uses WMI).



                      • #56
                        nsProcess 1.6 with NSIS UNICODE support

                        It actually works for me on Win7 x64, but I have UAC prompts disabled, mb this is the reason.

                        Please find NSIS UNICODE/ANSI version attached, I'm too lazy to rebuild installer so you'll have to rename nsProcessW.dll to nsProcess.dll manually.

                        It also contains new function _CloseProcess, which tries to close all windows first, waits for 3 seconds for process to exit (so it can save all data), and then terminates it.
                        Attached Files


                        • #57
                          Hi,for me this plugin doesn't work,I'm on W10x64 ,NSIS v3.02.1
                          Example code always returns value 6 for any process tested

                          There is other alternative to find a running process?



                          • #58
                            Originally Posted by mrjohn View Post
                            Hi,for me this plugin doesn't work,I'm on W10x64 ,NSIS v3.02.1
                            Example code always returns value 6 for any process tested

                            There is other alternative to find a running process?

                            hi my friend
                            also i have windows 10 x64
                            i tested,everything is right,Perhaps you are faced with this problem: in windows 10 Calc.exe process name is Calculator.exe you must edit example scrip!
                            if plugin not found process name return 603 and if find process return 0 !
                            this is nsProcess plugin return values:
                            HTML Code:
                            // Return codes are as follows:
                            //   0   = Success
                            //   601 = No permission to terminate process
                            //   602 = Not all processes terminated successfully
                            //   603 = Process was not currently running
                            //   604 = Unable to identify system type
                            //   605 = Unsupported OS
                            //   606 = Unable to load NTDLL.DLL
                            //   607 = Unable to get procedure address from NTDLL.DLL
                            //   608 = NtQuerySystemInformation failed
                            //   609 = Unable to load KERNEL32.DLL
                            //   610 = Unable to get procedure address from KERNEL32.DLL
                            //   611 = CreateToolhelp32Snapshot failed
                            if you have problem with nsProcess plugin,try this:

                            HTML Code:
                            	FindProcDLL::FindProc "Calculator.exe"
                            	MessageBox MB_OK "$R0"
                            if not found process return 0
                            and if found process return 1


                            • #59
                              I've solved for my case using a simple trick:trying to open main exe file for append and catch error in case if it is running


                              • #60
                                @r2du-soft: I've done test again, nsProcess 1.6 gives me always value 6 for any process tested,and your second solution gives always 0,dll downloaded from there