I've upgraded to Vista and noticed a change in this function.
I have a Service (mtguard.exe) which starts a program (mtdirwatch.exe).

As part of the uninstall, I stop the service (mtguard), and terminate
the application (mtdirwatch).

"Detect Active Application" now returns 603 (process not running) for
mtdirwatch.exe.

When I last tested this worked (which was in XP and an earlier version
of setupbuilder).

mtdirwatch.exe shows as active in the task manager list.

It shows as active using "pv.exe mtdirwatch.exe"
(PrcView v 3.6.2.1 command line utility by Igor Nys)

It shows as active using "pslist mtdirwatch"
(pslist v1.28 - Sysinternals PsList)

But it is not detected by setupbuilder.

Regards,
Alan

Alan,

There was no code modification in this function for more than two years. It
simply makes use of the PSAPI.DLL functionality to check if a process is
running. We are using this function in all Consulting projects and in our
own SetupBuilder installation. It works fine on all Vista editions here. I
checked our records and we did not receive any similar report.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.5
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

Friedrich,

Let me try that again.
I believe Vista is now stricter and does not allow the function to work
as it did.

e.g. I'm running Vista Business, and if I bring up SysInternals Process
Explorer, then I can see that:
winlogon.exe is running under user NT AUTHORITY\SYSTEM

But the "Detect active application" will not detect that winlogon.exe is
running.

I'm not so concerned about windows services, but I install a service
(mtguard) which launches other processes (mtdirwatch.exe).
Process Explorer shows that mtdirwatch.exe is active and running under user.

To restate:
- "Check Service" will show me if a service is running
- "Detect Active Application" will find any applications running under
normal user
- "Detect Active Application" will NOT find an application which was
started by a service (user NT AUTHORITY\SYSTEM)


I think this is not a program bug but rather a change of behaviour
inside Vista OS.

What do you think?

Alan

Alan,

I also tried detecting winlogon.exe, spoolsv.exe, lsass.exe.
All return 1 on my XP machine, 603 on Vista Ultimate.

I think what we're seeing here is an example of Vista's "service
isolation"... which is intended to harden services against possible attacks.

If you turn on the Session column in procexp, you'll see that on an XP box
both you and system services are all running in Session 0.

On Vista, however, services run in session 0 while the logged-on user runs
in session 1. (Or in a higher session number, if you switch users rather
than logging off.) In the attached Vista screen shot, Jane (still logged
on) is in Session 1, Betty (the current user) is in Session 2. (Microsoft
actually uses a version of Terminal Services to make this happen.)

On the attached XP screen shot, however, Jane and services are both in
session 0.

Jane Fleming

Is Betty your twin sister?

Jeff Slarve

Well... the resemblance IS striking...
and she's my avatar on a number of online fora.

Jane Fleming

Jane,

> I think what we're seeing here is an example of Vista's "service
> isolation"... which is intended to harden services against possible
> attacks.

Yes, I agree. Very interesting, thank you!!

Friedrich

Alan,

> I think this is not a program bug but rather a change of behaviour inside
> Vista OS.
>
> What do you think?

Aha, I see what you mean now. Yes, I think it's causes by the new Vista
security mechanism.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.5
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner