Page MenuHomePhabricator
Files F5158453

README
No OneTemporary
Actions

Size
8 KB
Referenced Files
None
Subscribers
None

README
View Options

FRED README FILE REVISION 1
Table of contents
0.0 Author and license stuff
1.0 What is fred? - A short description
2.0 Installation instructions
2.1 Prerequisits
2.1.1 Linux
2.1.2 Mac OSX
2.1.3 Windows
2.2 Installing a prebuild binary package
2.3 Installing from source
2.3.1 Shared vs static libhivex
2.3.2 Linux
2.3.2.1 Prerequisites
2.3.2.2 Compiling
2.3.2.3 Packaging
2.3.3 Mac OSX
2.3.3.1 Prerequisites
2.3.3.2 Compiling
2.3.3.3 Packaging
2.3.4 Windows
2.3.5 Crosscompiling for Windows
2.3.5.1 Prerequisites
2.3.5.1.1 Compiler
2.3.5.1.2 Qt
2.3.5.2 Compiling
2.3.5.3 Packaging
0.0 Author and license stuff
fred Copyright (c) 2011-2020 by Gillen Daniel <gillen.dan@pinguin.lu>
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program. If not, see <http://www.gnu.org/licenses/>.
1.0 What is fred? - A short description
Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor.
This project was born out of the need for a reasonably good registry hive
viewer for Linux to conduct forensic analysis. Therefore it includes some
functions not found in normal "free" registry editors like a hex viewer with
data interpreter and a reporting function that can easily be extended with
custom ECMAScript report templates.
2.0 Installation instructions
2.1 Prerequisits
If you are not going to use my prebuild packages, in addition to the
prerequisits below you probably will also need Richard W.M. Jones's libhivex
available from https://github.com/libguestfs/hivex.
2.1.1 Linux
Any Linux with Qt v4.x libraries.
2.1.2 Mac OSX
OSX v10.5 or above with Qt v4.x libraries.
2.1.3 Windows
Windows XP or newer with Qt v4.x libraries.
2.2 Installing a prebuild binary package
Chances are I provide prebuild binary packages for your OS (generally
Debian/Ubuntu, Mac OSX and Windows). If so, you can simply download them
from https://www.pinguin.lu.
ForDebian/Ubuntu, add my repository and execute the following command:
$ sudo apt-get install fred fred-reports
For Mac OSX and Windows, execute the installer and follow the on-screen
instructions.
If I have no prebuild binary packages for your OS, you will have to compile
fred by yourself. In this case, read the instructions under "Installing from
source".
2.3 Installing from source
Start by getting the source code from https://www.pinguin.lu and unpacking
it to some temporary directory. Under Linux and Mac OSX, use:
$ cd /some/temp/dir/
$ tar xfvz fred-x.x.x.tar.gz
Under Windows, use 7zip or alike to decompress the tar.gz file.
2.3.1 Shared vs static libhivex
When compiling fred from source, you have two possibilities how to include
libhivex. When using Linux, chances are your distribution has a package
for it available. In this case, you may install the binary and developper
version of it and go ahead to build fred. If your distribution has no
libhivex package available (Mac OSX and Windows definitely haven't), or
you want to use the latest version of it available that might fix some
bugs, make sure you use the "--static-hivex" command line option when
running my bootstrap.sh script. This will checkout, compile and statically
link the latest libhivex compatible with fred while building.
2.3.2 Linux
2.3.2.1 Prerequisites
TODO
2.3.2.2 Compiling
Compiling under Linux for Linux should be very simple. Just execute the
following commands:
$ cd /path/to/fred/source/
$ ./autogen.sh --platform=linux
Or, if you want to use the static libhivex:
$ cd /path/to/fred/source/
$ ./autogen.sh --static-hivex --platform=linux
2.3.2.3 Packaging
TODO
2.3.3 Mac OSX
2.3.3.1 Prerequisites
In order to compile fred under Mac OSX, you need to install the
following software:
- XCode from Apple
- Git from http://code.google.com/p/git-osx-installer/
- MacPorts from http://www.macports.org
- Qt 4.8.x library from http://qt-project.org
Aditionally, after installing MacPorts, install the following packages:
$ sudo port install ocaml libxml2 pkgconfig autoconf gettext
2.3.3.2 Compiling
Compilation should be straight forward executing the following command:
$ cd /path/to/fred/source/
$ ./autogen.sh --static-hivex --platform=mac
2.3.3.3 Packaging
TODO
2.3.4 Windows
Until beta5, fred for Windows was build under Windows. But it was a pain
in the bud to do so. Therefore I switched to crosscompiling under Linux
which works very well. If you want to build fred under Windows, good luck
and please, don't contact me if you have any problems! My only answer will
be:
Crosscompile under Linux!
2.3.5 Crosscompiling for Windows
2.3.5.1 Prerequisites
The following instructions are for Debian / Ubuntu like distros. If you
are using another distro, you will need to get the compiler and Qt on
your own.
2.3.5.1.1 Compiler
You need the mingw-w64 gcc and g++ compiler. When using Debian/Ubuntu
install the following packages:
$ sudo apt-get install mingw-w64 mingw-w64-tools g++-mingw-w64 \
gcc-mingw-w64 mingw-ocaml autopoint
2.3.5.1.2 Qt
After you have a compiler, you will need to crosscompile Qt as it is
currently not available as package. Start by getting the source:
$ cd /some/temp/dir/
$ QTU="http://download.qt-project.org/archive/qt/4.8/4.8.4"
$ QTP="qt-everywhere-opensource-src-4.8.4"
$ wget $QTU/$QTP.tar.gz
$ tar xfvz $QTP.tar.gz
$ cd $QTP
Unfortunately, Qt won't build until you apply three small patches:
$ SRC="/path/to/fred/source/qt_patches"
$ patch -p1 <"$SRC/mingw32-qt-4.8.0-no-webkit-tests.patch"
$ patch -p1 <"$SRC/qt-4.8.4-fix-sse-suppport-build-regression.patch"
$ patch -p1 <"$SRC/qt-4.8.0-fix-include-windows-h.patch"
Now configure, compile and install Qt (I compiled it on my dual Xeon
machine with 40 cores (using make -j40) in 09:27 minutes. It might
take a bit longer on your machine :-p):
$ sudo ./configure -prefix /opt/qt-4.8.4-mingw -opensource \
-no-qt3support -no-multimedia -no-audio-backend \
-no-phonon -no-phonon-backend -no-javascript-jit \
-nomake examples -nomake demos -nomake docs \
-xplatform win32-g++-4.6 \
-device-option CROSS_COMPILE=i686-w64-mingw32-
$ sudo make
$ sudo make install
If you are asking you why the heck I used sudo to run configure, well,
Qt likes to copy some files to the prefix dir in that step which will
fail if you aren't root.
2.3.5.3 LIBXML2
$ wget ftp://xmlsoft.org/libxml2/libxml2-2.9.1.tar.gz
$ tar xfvz libxml2-2.9.1.tar.gz
$ cd libxml2-2.9.1/
$ ./configure --prefix /opt/libxml2-2.9.1-mingw --host i686-w64-mingw32 --without-python
$ make
$ sudo make install
TODO
2.3.5.3 Compiling
If all the above worked, you are ready to crosscompile fred:
$ cd /path/to/fred/source/
$ cd hivex/gnulib; patch -p1 <../../hivex_patches/gnulib.patch; cd -
$ ./autogen.sh --static-hivex --platform=win32
The build process of hivex will probably complain and might even fail
with an error but normally the lib gets build before that without errors,
so just ignore it.
2.3.5.4 Packaging
TODO

File Metadata

Mime Type
text/plain
Expires
Thu, Jun 26, 6:22 AM (9 h, 9 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1278220
Default Alt Text
README (8 KB)

Event Timeline