diff --git a/trunk/README b/trunk/README index 8547db7..bd4a427 100644 --- a/trunk/README +++ b/trunk/README @@ -1,185 +1,214 @@ -FRED README FILE +FRED README FILE REVISION 1 Table of contents 0.0 Author and license stuff 1.0 What is fred? - A short description 2.0 Installation instructions 2.1 Prerequisits 2.1.1 Linux - 2.1.2 OSX + 2.1.2 Mac OSX 2.1.3 Windows - 2.2 Install from a package - 2.2.1 Linux - 2.2.2 OSX - 2.2.3 Windows - 3.0 Building the source - 3.1 Shared vs static - 3.2 Linux - 3.2.1 Prerequisites - 3.2.2 Compiling - 3.2.3 Packaging - 3.3 OSX - 3.3.1 Prerequisites - 3.3.2 Compiling - 3.3.3 Packaging - 3.4 Windows - 3.5 Crosscompiling for Windows - 3.5.1 Prerequisites - 3.5.1.1 Compiler - 3.5.1.2 Qt - 3.5.2 Compiling - 3.5.3 Packaging + 2.2 Installing a prebuild binary package + 2.3 Installing from source + 2.3.1 Shared vs static libhivex + 2.3.2 Linux + 2.3.2.1 Prerequisites + 2.3.2.2 Compiling + 2.3.2.3 Packaging + 2.3.3 Mac OSX + 2.3.3.1 Prerequisites + 2.3.3.2 Compiling + 2.3.3.3 Packaging + 2.3.4 Windows + 2.3.5 Crosscompiling for Windows + 2.3.5.1 Prerequisites + 2.3.5.1.1 Compiler + 2.3.5.1.2 Qt + 2.3.5.2 Compiling + 2.3.5.3 Packaging 0.0 Author and license stuff fred Copyright (c) 2011-2013 by Gillen Daniel This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . 1.0 What is fred? - A short description - TODO + Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor. + This project was born out of the need for a reasonably good registry hive + viewer for Linux to conduct forensic analysis. Therefore it includes some + functions not found in normal "free" registry editors like a hex viewer with + data interpreter and a reporting function that can easily be extended with + custom ECMAScript report templates. 2.0 Installation instructions 2.1 Prerequisits + If you are not going to use my prebuild packages, in addition to the + prerequisits below you probably will also need Richard W.M. Jones's libhivex + available from https://github.com/libguestfs/hivex. + 2.1.1 Linux - Some sort of Linux with a recent kernel (2.6.x or above) and Qt v4.x. + Any Linux with Qt v4.x libraries. - 2.1.2 OSX - OSX v10.5 or above and Qt v4.x. + 2.1.2 Mac OSX + OSX v10.5 or above with Qt v4.x libraries. 2.1.3 Windows - Windows XP or newer. + Windows XP or newer with Qt v4.x libraries. + + 2.2 Installing a prebuild binary package + Chances are I provide prebuild binary packages for your OS (generally + Debian/Ubuntu, Mac OSX and Windows). If so, you can simply download them + from https://www.pinguin.lu. + + ForDebian/Ubuntu, add my repository and execute the following command: + + $ sudo apt-get install fred fred-reports + + For Mac OSX and Windows, execute the installer and follow the on-screen + instructions. + + If I have no prebuild binary packages for your OS, you will have to compile + fred by yourself. In this case, read the instructions under "Installing from + source". + + 2.3 Installing from source + Start by getting the source code from https://www.pinguin.lu and unpacking + it to some temporary directory. Under Linux and Mac OSX, use: + + $ cd /some/temp/dir/ + $ tar xfvz fred-x.x.x.tar.gz + + Under Windows, use 7zip or alike to decompress the tar.gz file. + + 2.3.1 Shared vs static libhivex + When compiling fred from source, you have two possibilities how to include + libhivex. When using Linux, chances are your distribution has a package + for it available. In this case, you may install the binary and developper + version of it and go ahead to build fred. If your distribution has no + libhivex package available (Mac OSX and Windows definitely haven't), or + you want to use the latest version of it available that might fix some + bugs, make sure you use the "--static-hivex" command line option when + running my bootstrap.sh script. This will checkout, compile and statically + link the latest libhivex compatible with fred while building. - 2.2 Install from a package - 2.2.1 Linux - Chances are I provide prebuild binary packages for Debian and Ubuntu. In - this case, you only have to fire up your distribution's package manager - and install fred. See https://www.pinguin.lu for more information and - download links. If you added my repository, simpy execute the following - command: + 2.3.2 Linux + 2.3.2.1 Prerequisites + TODO - sudo apt-get install fred fred-reports - - 2.2.2 OSX - See https://www.pinguin.lu for more information and download links. + 2.3.2.2 Compiling + Compiling under Linux for Linux should be very simple. Just execute the + following commands: - 2.2.3 Windows - See https://www.pinguin.lu for more information and download links. + $ cd /path/to/fred/source/ + $ ./autogen.sh --platform=linux -3.0 Building the source - 3.1 Shared vs static - TODO + Or, if you want to use the static libhivex: - 3.2 Linux - 3.2.1 Prerequisites - TODO + $ cd /path/to/fred/source/ + $ ./autogen.sh --static-hivex --platform=linux - 3.2.2 Compiling - Compiling under Linux for Linux should be very simple. Just execute the - following commands: + 2.3.2.3 Packaging + TODO - $ cd /path/to/fred/source - $ ./autogen.sh --platform=linux + 2.3.3 Mac OSX + 2.3.3.1 Prerequisites + In order to compile fred under Mac OSX, you need to install the + following software: - 3.2.3 Packaging - TODO + - XCode from Apple + - Git from http://code.google.com/p/git-osx-installer/ + - MacPorts from http://www.macports.org + - Qt 4.8.x library from http://qt-project.org - 3.3 OSX - 3.3.1 Prerequisites - In order to compile fred under OSX, you need to install the following - software: + Aditionally, after installing MacPorts, install the following packages: - - XCode from Apple - - Git from http://code.google.com/p/git-osx-installer/ - - MacPorts from http://www.macports.org - - Qt 4.8.x library from http://qt-project.org + $ sudo port install ocaml libxml2 pkgconfig autoconf gettext - Aditionally, after installing MacPorts, install the following packages + 2.3.3.2 Compiling + Compilation should be straight forward executing the following command: - $ sudo port install ocaml libxml2 pkgconfig autoconf gettext + $ cd /path/to/fred/source/ + $ ./autogen.sh --static-hivex --platform=mac - 3.3.2 Compiling - Compilation should be straight forward executing the following command: + 2.3.3.3 Packaging + TODO - $ cd /path/to/fred/source - $ ./autogen.sh --platform=mac + 2.3.4 Windows + Until beta5, fred for Windows was build under Windows. But it was a pain + in the bud to do so. Therefore I switched to crosscompiling under Linux + which works very well. If you want to build fred under Windows, good luck + and please, don't contact me if you have any problems! My only answer will + be: - 3.3.3 Packaging - TODO + Crosscompile under Linux! - 3.4 Windows - Until beta5, fred for Windows was build under Windows. But it was a pain in - the bud to do so. Therefore I switched to crosscompiling under Linux which - works very well. If you want to build fred under Windows, good luck and - please, don't contact me if you have any problems! My only answer will be: - - Crosscompile under Linux! + 2.3.5 Crosscompiling for Windows + 2.3.5.1 Prerequisites + The following instructions are for Debian / Ubuntu like distros. If you + are using another distro, you will need to get the compiler and Qt on + your own. - 3.5 Crosscompiling for Windows - 3.5.1 Prerequisites - The following instructions are for Debian / Ubuntu like distros. If you - are using another distro, you will need to get the compiler and qt on your - own. + 2.3.5.1.1 Compiler + You need the mingw-w64 gcc and g++ compiler. When using Debian/Ubuntu + install the following packages: - 3.5.1.1 Compiler - You need the mingw-w64 gcc and g++ compiler. When using Debian/Ubuntu - install the following packages: + $ sudo apt-get install mingw-w64 mingw-w64-tools g++-mingw-w64 \ + gcc-mingw-w64 mingw-ocaml - $ sudo apt-get install mingw-w64 mingw-w64-tools g++-mingw-w64 \ - gcc-mingw-w64 mingw-ocaml + 2.3.5.1.2 Qt + After you have a compiler, you will need to crosscompile Qt as it is + currently not available as package. Start by getting the source: - 3.5.1.2 Qt - After you have a compiler, you will need to crosscompile Qt as it is - currently not available as package. Start by getting the source: + $ cd /some/temp/dir/ + $ QTU="http://download.qt-project.org/official_releases/qt/4.8/4.8.4" + $ QTP="qt-everywhere-opensource-src-4.8.4" + $ wget $QTU/$QTP.tar.gz + $ tar xfvz $QTP.tar.gz + $ cd $QTP - $ cd /some/temp/dir/ - $ wget http://download.qt-project.org/official_releases/qt/4.8/4.8.4/qt-everywhere-opensource-src-4.8.4.tar.gz - $ tar xfvz qt-everywhere-opensource-src-4.8.4.tar.gz - $ cd qt-everywhere-opensource-src-4.8.4 + Unfortunately, Qt won't build until you apply two small patches: - Unfortunately, Qt won't build until you apply two small patches: + $ SRC="/path/to/fred/source/qt_patches" + $ patch -p1 <"$SRC/mingw32-qt-4.8.0-no-webkit-tests.patch" + $ patch -p1 <"$SRC/qt-4.8.4-fix-sse-suppport-build-regression.patch" - $ patch -p1