Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F4324439
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Size
22 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/trunk/README b/trunk/README
index 266c48d..a4c1814 100644
--- a/trunk/README
+++ b/trunk/README
@@ -1,214 +1,226 @@
FRED README FILE REVISION 1
Table of contents
0.0 Author and license stuff
1.0 What is fred? - A short description
2.0 Installation instructions
2.1 Prerequisits
2.1.1 Linux
2.1.2 Mac OSX
2.1.3 Windows
2.2 Installing a prebuild binary package
2.3 Installing from source
2.3.1 Shared vs static libhivex
2.3.2 Linux
2.3.2.1 Prerequisites
2.3.2.2 Compiling
2.3.2.3 Packaging
2.3.3 Mac OSX
2.3.3.1 Prerequisites
2.3.3.2 Compiling
2.3.3.3 Packaging
2.3.4 Windows
2.3.5 Crosscompiling for Windows
2.3.5.1 Prerequisites
2.3.5.1.1 Compiler
2.3.5.1.2 Qt
2.3.5.2 Compiling
2.3.5.3 Packaging
0.0 Author and license stuff
fred Copyright (c) 2011-2014 by Gillen Daniel <gillen.dan@pinguin.lu>
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program. If not, see <http://www.gnu.org/licenses/>.
1.0 What is fred? - A short description
Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor.
This project was born out of the need for a reasonably good registry hive
viewer for Linux to conduct forensic analysis. Therefore it includes some
functions not found in normal "free" registry editors like a hex viewer with
data interpreter and a reporting function that can easily be extended with
custom ECMAScript report templates.
2.0 Installation instructions
2.1 Prerequisits
If you are not going to use my prebuild packages, in addition to the
prerequisits below you probably will also need Richard W.M. Jones's libhivex
available from https://github.com/libguestfs/hivex.
2.1.1 Linux
Any Linux with Qt v4.x libraries.
2.1.2 Mac OSX
OSX v10.5 or above with Qt v4.x libraries.
2.1.3 Windows
Windows XP or newer with Qt v4.x libraries.
2.2 Installing a prebuild binary package
Chances are I provide prebuild binary packages for your OS (generally
Debian/Ubuntu, Mac OSX and Windows). If so, you can simply download them
from https://www.pinguin.lu.
ForDebian/Ubuntu, add my repository and execute the following command:
$ sudo apt-get install fred fred-reports
For Mac OSX and Windows, execute the installer and follow the on-screen
instructions.
If I have no prebuild binary packages for your OS, you will have to compile
fred by yourself. In this case, read the instructions under "Installing from
source".
2.3 Installing from source
Start by getting the source code from https://www.pinguin.lu and unpacking
it to some temporary directory. Under Linux and Mac OSX, use:
$ cd /some/temp/dir/
$ tar xfvz fred-x.x.x.tar.gz
Under Windows, use 7zip or alike to decompress the tar.gz file.
2.3.1 Shared vs static libhivex
When compiling fred from source, you have two possibilities how to include
libhivex. When using Linux, chances are your distribution has a package
for it available. In this case, you may install the binary and developper
version of it and go ahead to build fred. If your distribution has no
libhivex package available (Mac OSX and Windows definitely haven't), or
you want to use the latest version of it available that might fix some
bugs, make sure you use the "--static-hivex" command line option when
running my bootstrap.sh script. This will checkout, compile and statically
link the latest libhivex compatible with fred while building.
2.3.2 Linux
2.3.2.1 Prerequisites
TODO
2.3.2.2 Compiling
Compiling under Linux for Linux should be very simple. Just execute the
following commands:
$ cd /path/to/fred/source/
$ ./autogen.sh --platform=linux
Or, if you want to use the static libhivex:
$ cd /path/to/fred/source/
$ ./autogen.sh --static-hivex --platform=linux
2.3.2.3 Packaging
TODO
2.3.3 Mac OSX
2.3.3.1 Prerequisites
In order to compile fred under Mac OSX, you need to install the
following software:
- XCode from Apple
- Git from http://code.google.com/p/git-osx-installer/
- MacPorts from http://www.macports.org
- Qt 4.8.x library from http://qt-project.org
Aditionally, after installing MacPorts, install the following packages:
$ sudo port install ocaml libxml2 pkgconfig autoconf gettext
2.3.3.2 Compiling
Compilation should be straight forward executing the following command:
$ cd /path/to/fred/source/
$ ./autogen.sh --static-hivex --platform=mac
2.3.3.3 Packaging
TODO
2.3.4 Windows
Until beta5, fred for Windows was build under Windows. But it was a pain
in the bud to do so. Therefore I switched to crosscompiling under Linux
which works very well. If you want to build fred under Windows, good luck
and please, don't contact me if you have any problems! My only answer will
be:
Crosscompile under Linux!
2.3.5 Crosscompiling for Windows
2.3.5.1 Prerequisites
The following instructions are for Debian / Ubuntu like distros. If you
are using another distro, you will need to get the compiler and Qt on
your own.
2.3.5.1.1 Compiler
You need the mingw-w64 gcc and g++ compiler. When using Debian/Ubuntu
install the following packages:
$ sudo apt-get install mingw-w64 mingw-w64-tools g++-mingw-w64 \
- gcc-mingw-w64 mingw-ocaml
+ gcc-mingw-w64 mingw-ocaml autopoint
2.3.5.1.2 Qt
After you have a compiler, you will need to crosscompile Qt as it is
currently not available as package. Start by getting the source:
$ cd /some/temp/dir/
- $ QTU="http://download.qt-project.org/official_releases/qt/4.8/4.8.4"
+ $ QTU="http://download.qt-project.org/archive/qt/4.8/4.8.4"
$ QTP="qt-everywhere-opensource-src-4.8.4"
$ wget $QTU/$QTP.tar.gz
$ tar xfvz $QTP.tar.gz
$ cd $QTP
- Unfortunately, Qt won't build until you apply two small patches:
+ Unfortunately, Qt won't build until you apply three small patches:
$ SRC="/path/to/fred/source/qt_patches"
$ patch -p1 <"$SRC/mingw32-qt-4.8.0-no-webkit-tests.patch"
$ patch -p1 <"$SRC/qt-4.8.4-fix-sse-suppport-build-regression.patch"
+ $ patch -p1 <"$SRC/qt-4.8.0-fix-include-windows-h.patch"
Now configure, compile and install Qt (I compiled it on my dual Xeon
- machine with 24 cores (using make -j24) which took about 5 minutes. It
- might take a bit longer on your machine :-p):
+ machine with 40 cores (using make -j40) in 09:27 minutes. It might
+ take a bit longer on your machine :-p):
$ sudo ./configure -prefix /opt/qt-4.8.4-mingw -opensource \
-no-qt3support -no-multimedia -no-audio-backend \
-no-phonon -no-phonon-backend -no-javascript-jit \
-nomake examples -nomake demos -nomake docs \
-xplatform win32-g++-4.6 \
-device-option CROSS_COMPILE=i686-w64-mingw32-
$ sudo make
$ sudo make install
If you are asking you why the heck I used sudo to run configure, well,
Qt likes to copy some files to the prefix dir in that step which will
fail if you aren't root.
+ 2.3.5.3 LIBXML2
+ $ wget ftp://xmlsoft.org/libxml2/libxml2-2.9.1.tar.gz
+ $ tar xfvz libxml2-2.9.1.tar.gz
+ $ cd libxml2-2.9.1/
+ $ ./configure --prefix /opt/libxml2-2.9.1-mingw --host i686-w64-mingw32 --without-python
+ $ make
+ $ sudo make install
+
+ TODO
+
2.3.5.3 Compiling
If all the above worked, you are ready to crosscompile fred:
$ cd /path/to/fred/source/
+ $ cd hivex/gnulib; patch -p1 <../../hivex_patches/gnulib.patch; cd -
$ ./autogen.sh --static-hivex --platform=win32
The build process of hivex will probably complain and might even fail
with an error but normally the lib gets build before that without errors,
so just ignore it.
2.3.5.4 Packaging
TODO
diff --git a/trunk/autogen.sh b/trunk/autogen.sh
index 509ce66..fa94c08 100755
--- a/trunk/autogen.sh
+++ b/trunk/autogen.sh
@@ -1,328 +1,328 @@
#!/bin/bash
# -----------------------------------------------------------------------------
# Default command line options.
# -----------------------------------------------------------------------------
DEFOPT_CREATE_PACKAGE=0
DEFOPT_JOBS=1
DEFOPT_ONLY_BOOTSTRAP=0
DEFOPT_PLATFORM="linux"
DEFOPT_STATIC_HIVEX=0
DEFOPT_LINUX_QMAKE=`which qmake`
DEFOPT_WIN32_COMPILER_SUFFIX="i686-w64-mingw32"
DEFOPT_WIN32_QMAKE="/opt/qt-4.8.4-mingw/bin/qmake"
#DEFOPT_WIN32_DLL_PATH="/usr/i686-w64-mingw32/bin"
DEFOPT_WIN32_QTDLL_PATH="/opt/qt-4.8.4-mingw/bin"
# -----------------------------------------------------------------------------
# ------------------ DO NOT CHANGE ANYTHING BELOW THIS LINE -------------------
# -----------------------------------------------------------------------------
-WIN32_DLLS="libgcc_s_sjlj-1.dll libstdc++-6.dll libiconv-2.dll"
+WIN32_DLLS="libgcc_s_sjlj-1.dll libstdc++-6.dll libiconv-2.dll libwinpthread-1.dll"
WIN32_QTDLLS="QtCore4.dll QtGui4.dll QtScript4.dll QtWebKit4.dll QtNetwork4.dll QtWebKit4.dll"
# Try to make somehow sure we are running in bash and not some other shell
if [ -z "$BASH_VERSION" ]; then
echo "ERROR: This script must be run in a bash shell! Try using \"bash $0\""
exit 1
fi
# -----------------------------------------------------------------------------
# Function declarations
# -----------------------------------------------------------------------------
# Print usage and exit
PrintUsage() {
echo
echo "Usage:"
echo " $0 [options]"
echo
echo "Options:"
echo " --create-package[=0..1] (Def.: $DEFOPT_CREATE_PACKAGE) : Package fred after building (Only supported on Debian/Ubuntu and Win32)."
echo " --help: Print this help message."
echo " --jobs=<number> (Def.: $DEFOPT_JOBS) : Specify how many make jobs should be run simultaneously."
echo " --linux-qmake=<qmakebin> (Def.: $DEFOPT_LINUX_QMAKE) : Specify the linux qmake binary to use."
echo " --only-bootstrap[=0..1] (Def.: $DEFOPT_ONLY_BOOTSTRAP) : Only bootstrap, but do not compile fred."
echo " --platform=<platform> (Def.: $DEFOPT_PLATFORM) : Specify the platform fred should be build for. Available platforms are 'linux' and 'win32'."
echo " --static-hivex[=0..1] (Def.: $DEFOPT_STATIC_HIVEX): Build and link in-tree hivex statically."
echo " --win32-compiler-suffix=<suffix> (Def.: $DEFOPT_WIN32_COMPILER_SUFFIX) : Specify the win32 crosscompiler suffix to use."
# echo " --win32-dll-path=<path> (Def.: $DEFOPT_WIN32_DLL_PATH) : Specify path to mingw dll's"
echo " --win32-qmake=<qmakebin> (Def.: $DEFOPT_WIN32_QMAKE) : Specify the win32 qmake binary to use."
echo " --win32-qtdll-path=<path> (Def.: $DEFOPT_WIN32_QTDLL_PATH) : Specify path to Qt dll's"
echo
exit 1
}
# Extract argument value
get_arg_val() {
local TMP=`echo "$1" | cut -d= -f2`
if [ "$1" = "$TMP" ]; then
# No arg specified for option, assume 1
echo 1
else
if [[ -z "$TMP" || $(echo -n "$TMP" | sed 's/[0-9]//g' | wc -c) -ne 0 ]]; then
echo "ERROR: Non-integer arg for option '$1' specified!" 1>&2
exit 1
fi
echo $TMP
fi
}
# -----------------------------------------------------------------------------
# Parse command line args
# -----------------------------------------------------------------------------
# Load defaults
OPT_CREATE_PACKAGE=$DEFOPT_CREATE_PACKAGE
OPT_JOBS=$DEFOPT_JOBS
OPT_ONLY_BOOTSTRAP=$DEFOPT_ONLY_BOOTSTRAP
OPT_PLATFORM="$DEFOPT_PLATFORM"
OPT_STATIC_HIVEX=$DEFOPT_STATIC_HIVEX
OPT_LINUX_QMAKE="$DEFOPT_LINUX_QMAKE"
OPT_WIN32_COMPILER_SUFFIX="$DEFOPT_WIN32_COMPILER_SUFFIX"
OPT_WIN32_QMAKE="$DEFOPT_WIN32_QMAKE"
#OPT_WIN32_DLL_PATH="$DEFOPT_WIN32_DLL_PATH"
OPT_WIN32_QTDLL_PATH="$DEFOPT_WIN32_QTDLL_PATH"
# Parse specified options
shopt extglob &>/dev/null
EXTGLOB=$?
shopt -s extglob &>/dev/null
while :; do
case "$1" in
--create-package?(=[01]))
OPT_CREATE_PACKAGE=$(get_arg_val "$1") || PrintUsage
shift
;;
--help)
PrintUsage
;;
--jobs=*)
OPT_JOBS=$(get_arg_val "$1") || PrintUsage
shift
;;
--linux-qmake=*)
TMP=`echo "$1" | cut -d= -f2`
if [[ -z "$TMP" || "$1" = "$TMP" ]]; then
echo "ERROR: No option arg for '$1' specified!"
PrintUsage
fi
if [ ! -x "$TMP" ]; then
echo "ERROR: The specified linux qmake binary '$TMP' does not exist or is not executable!"
exit 1
fi
OPT_LINUX_QMAKE="$TMP"
shift
;;
--only-bootstrap?(=[01]))
OPT_ONLY_BOOTSTRAP=$(get_arg_val "$1") || PrintUsage
shift
;;
--platform=*)
TMP=`echo "$1" | cut -d= -f2`
if [[ -z "$TMP" || "$1" = "$TMP" ]]; then
echo "ERROR: No option arg for '$1' specified!"
PrintUsage
fi
TMP=`echo "$TMP" | tr "[A-Z]" "[a-z]"`
if [[ "$TMP" != "linux" && "$TMP" != "win32" ]]; then
echo "ERROR: Unsupported platform '$TMP' specified!"
PrintUsage
fi
OPT_PLATFORM="$TMP"
shift
;;
--static-hivex?(=[01]))
OPT_STATIC_HIVEX=$(get_arg_val "$1") || PrintUsage
shift
;;
--win32-compiler-suffix=*)
TMP=`echo "$1" | cut -d= -f2`
if [[ -z "$TMP" || "$1" = "$TMP" ]]; then
echo "ERROR: No option arg for '$1' specified!"
PrintUsage
fi
if [[ ! -x "$(which \"${TMP}-gcc\")" || ! -x "$(which \"${TMP}-g++\")" ]]; then
echo "ERROR: Couldn't find '${TMP}-gcc' or '${TMP}-g++'!"
echo "ERROR: The specified win32 compiler suffix does not seem to be correct!"
exit 1
fi
OPT_WIN32_COMPILER_SUFFIX="$TMP"
shift
;;
--win32-qmake=*)
TMP=`echo "$1" | cut -d= -f2`
if [[ -z "$TMP" || "$1" = "$TMP" ]]; then
echo "ERROR: No option arg for '$1' specified!"
PrintUsage
fi
if [ ! -x "$TMP" ]; then
echo "ERROR: The specified win32 qmake binary '$TMP' does not exist or is not executable!"
exit 1
fi
OPT_WIN32_QMAKE="$TMP"
shift
;;
--win32-qtdll-path=*)
TMP=`echo "$1" | cut -d= -f2`
if [[ -z "$TMP" || "$1" = "$TMP" ]]; then
echo "ERROR: No option arg for '$1' specified!"
PrintUsage
fi
if [ ! -d "$TMP" ]; then
echo "ERROR: The specified Qt dll path '$TMP' does not exist or is not a directory!"
exit 1
fi
OPT_WIN32_QTDLL_PATH="$TMP"
shift
;;
--*)
echo "ERROR: Unknown option / Wrong option arg '$1' specified!" 1>&2
PrintUsage
;;
*)
break
;;
esac
done
if [ $EXTGLOB -ne 0 ]; then
shopt -u extglob &>/dev/null
fi
# -----------------------------------------------------------------------------
# Check command line args
# -----------------------------------------------------------------------------
if [ "$OPT_PLATFORM" = "linux" ]; then
if [ ! -x "$OPT_LINUX_QMAKE" ]; then
echo "ERROR: Couldn't find qmake! Consider specifying it with --linux-qmake."
exit 1
fi
fi
if [ "$OPT_PLATFORM" = "win32" ]; then
if [ ! -x "$OPT_WIN32_QMAKE" ]; then
echo "ERROR: Couldn't find qmake! Consider specifying it with --win32-qmake."
exit 1
fi
fi
# -----------------------------------------------------------------------------
# Build
# -----------------------------------------------------------------------------
# Get script directory and cd to it
SCRIPT_DIR=`dirname "$0"`
(
cd "$SCRIPT_DIR"
# When requested to build static, init, bootstrap, configure and make hivex
if [ $OPT_STATIC_HIVEX -eq 1 ]; then
echo "-----------------------------------------------------------------------------"
echo "Bootstrapping fred"
echo "-----------------------------------------------------------------------------"
(
cd ..
git submodule init
git submodule update
)
echo "-----------------------------------------------------------------------------"
echo "Bootstrapping hivex"
echo "-----------------------------------------------------------------------------"
(
cd hivex
if [ "$OPT_PLATFORM" = "linux" ]; then
./autogen.sh --disable-ocaml --disable-perl --disable-python --disable-ruby --disable-shared || exit 1
fi
if [ "$OPT_PLATFORM" = "win32" ]; then
- ./autogen.sh --host=$OPT_WIN32_COMPILER_SUFFIX --disable-ocaml --disable-perl --disable-python --disable-ruby --disable-shared || exit 1
+ PKG_CONFIG_PATH=/usr/i686-w64-mingw32/lib/pkgconfig ./autogen.sh --host=$OPT_WIN32_COMPILER_SUFFIX --disable-ocaml --disable-perl --disable-python --disable-ruby --disable-shared || exit 1
fi
)
[ $? -ne 0 ] && exit 1
echo "-----------------------------------------------------------------------------"
echo "Building hivex"
echo "-----------------------------------------------------------------------------"
(
cd hivex
make clean &>/dev/null
- make -j$OPT_JOBS || exit 1
+ make CFLAGS="-O2 -mno-ms-bitfields" -j$OPT_JOBS || exit 1
)
[ $? -ne 0 ] && [ "$OPT_PLATFORM" != "win32" ] && exit 1
fi
# Exit if we had only to bootstrap
[ $OPT_ONLY_BOOTSTRAP -eq 1 ] && exit 0
# Building is done while packaging on Linux
if [[ ! ( "$OPT_PLATFORM" = "linux" && $OPT_CREATE_PACKAGE -eq 1 ) ]]; then
echo "-----------------------------------------------------------------------------"
echo "Building fred"
echo "-----------------------------------------------------------------------------"
make distclean &>/dev/null
if [ "$OPT_PLATFORM" = "linux" ]; then
if [ $OPT_STATIC_HIVEX -eq 0 ]; then
$OPT_LINUX_QMAKE -qt=qt4 || exit 1
else
$OPT_LINUX_QMAKE -qt=qt4 HIVEX_STATIC=1 || exit 1
fi
make clean &>/dev/null
make -j$OPT_JOBS release || exit 1
fi
if [ "$OPT_PLATFORM" = "win32" ]; then
if [ $OPT_STATIC_HIVEX -eq 0 ]; then
$OPT_WIN32_QMAKE || exit 1
else
$OPT_WIN32_QMAKE HIVEX_STATIC=1 || exit 1
fi
make clean &>/dev/null
make -j$OPT_JOBS release || exit 1
fi
fi
# Exit if we don't need to package fred
[ $OPT_CREATE_PACKAGE -eq 0 ] && exit 0
echo "-----------------------------------------------------------------------------"
echo "Packaging fred"
echo "-----------------------------------------------------------------------------"
if [ "$OPT_PLATFORM" = "linux" ]; then
if [ ! -x "$(which dpkg-buildpackage)" ]; then
echo "ERROR: Couldn't find dpkg-buildpackage!"
exit 1
fi
dpkg-buildpackage -rfakeroot -b || exit 1
fi
if [ "$OPT_PLATFORM" = "win32" ]; then
# Delete old package directory if it exists and (re)create it
rm -rf fred-win32 &>/dev/null
mkdir fred-win32
# Copy fred.exe
cp -v release/fred.exe fred-win32/
# Find and copy mingw dll's
for F in $WIN32_DLLS; do
find /usr -name "$F" -path "*/$OPT_WIN32_COMPILER_SUFFIX/*" -exec cp -v "{}" fred-win32/ \; || exit 1
done
# Copy Qt dll's
for F in $WIN32_QTDLLS; do
cp -v "$OPT_WIN32_QTDLL_PATH/$F" fred-win32/ || exit 1
done
# Copy report templates
cp -rv report_templates fred-win32/ || exit 1
fi
)
if [ $? -eq 0 ]; then
echo "-----------------------------------------------------------------------------"
echo "All done."
echo "-----------------------------------------------------------------------------"
else
echo "-----------------------------------------------------------------------------"
echo "An error occured while building! See output above for details."
echo "-----------------------------------------------------------------------------"
fi
diff --git a/trunk/hivex_patches/gnulib.patch b/trunk/hivex_patches/gnulib.patch
new file mode 100644
index 0000000..caa4464
--- /dev/null
+++ b/trunk/hivex_patches/gnulib.patch
@@ -0,0 +1,29 @@
+--- a/lib/msvc-inval.c
++++ b/lib/msvc-inval.c
+@@ -28,7 +28,7 @@
+
+ # if MSVC_INVALID_PARAMETER_HANDLING == DEFAULT_HANDLING
+
+-static void cdecl
++static void __cdecl
+ gl_msvc_invalid_parameter_handler (const wchar_t *expression,
+ const wchar_t *function,
+ const wchar_t *file,
+@@ -45,7 +45,7 @@ gl_msvc_invalid_parameter_handler (const wchar_t *expression,
+
+ # if defined _MSC_VER
+
+-static void cdecl
++static void __cdecl
+ gl_msvc_invalid_parameter_handler (const wchar_t *expression,
+ const wchar_t *function,
+ const wchar_t *file,
+@@ -94,7 +94,7 @@ gl_msvc_inval_current (void)
+ }
+ }
+
+-static void cdecl
++static void __cdecl
+ gl_msvc_invalid_parameter_handler (const wchar_t *expression,
+ const wchar_t *function,
+ const wchar_t *file,
diff --git a/trunk/qt_patches/qt-4.8.4-fix-sse-suppport-build-regression.patch b/trunk/qt_patches/qt-4.8.4-fix-sse-suppport-build-regression.patch
new file mode 100644
index 0000000..b23212e
--- /dev/null
+++ b/trunk/qt_patches/qt-4.8.4-fix-sse-suppport-build-regression.patch
@@ -0,0 +1,11 @@
+--- a/src/gui/gui.pro
++++ b/src/gui/gui.pro
+@@ -80,7 +80,7 @@
+ DEFINES += QT_NO_DIRECTWRITE
+ }
+
+-contains(QMAKE_MAC_XARCH, no) {
++mac:contains(QMAKE_MAC_XARCH, no) {
+ DEFINES += QT_NO_MAC_XARCH
+ } else {
+ win32-g++*|!win32:!win32-icc*:!macx-icc* {
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Mon, Dec 23, 11:00 AM (11 h, 38 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1176802
Default Alt Text
(22 KB)
Attached To
Mode
rFRED fred
Attached
Detach File
Event Timeline
Log In to Comment