diff --git a/trunk/README b/trunk/README index 266c48d..a4c1814 100644 --- a/trunk/README +++ b/trunk/README @@ -1,214 +1,226 @@ FRED README FILE REVISION 1 Table of contents 0.0 Author and license stuff 1.0 What is fred? - A short description 2.0 Installation instructions 2.1 Prerequisits 2.1.1 Linux 2.1.2 Mac OSX 2.1.3 Windows 2.2 Installing a prebuild binary package 2.3 Installing from source 2.3.1 Shared vs static libhivex 2.3.2 Linux 2.3.2.1 Prerequisites 2.3.2.2 Compiling 2.3.2.3 Packaging 2.3.3 Mac OSX 2.3.3.1 Prerequisites 2.3.3.2 Compiling 2.3.3.3 Packaging 2.3.4 Windows 2.3.5 Crosscompiling for Windows 2.3.5.1 Prerequisites 2.3.5.1.1 Compiler 2.3.5.1.2 Qt 2.3.5.2 Compiling 2.3.5.3 Packaging 0.0 Author and license stuff fred Copyright (c) 2011-2014 by Gillen Daniel This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . 1.0 What is fred? - A short description Forensic Registry EDitor (fred) is a cross-platform M$ registry hive editor. This project was born out of the need for a reasonably good registry hive viewer for Linux to conduct forensic analysis. Therefore it includes some functions not found in normal "free" registry editors like a hex viewer with data interpreter and a reporting function that can easily be extended with custom ECMAScript report templates. 2.0 Installation instructions 2.1 Prerequisits If you are not going to use my prebuild packages, in addition to the prerequisits below you probably will also need Richard W.M. Jones's libhivex available from https://github.com/libguestfs/hivex. 2.1.1 Linux Any Linux with Qt v4.x libraries. 2.1.2 Mac OSX OSX v10.5 or above with Qt v4.x libraries. 2.1.3 Windows Windows XP or newer with Qt v4.x libraries. 2.2 Installing a prebuild binary package Chances are I provide prebuild binary packages for your OS (generally Debian/Ubuntu, Mac OSX and Windows). If so, you can simply download them from https://www.pinguin.lu. ForDebian/Ubuntu, add my repository and execute the following command: $ sudo apt-get install fred fred-reports For Mac OSX and Windows, execute the installer and follow the on-screen instructions. If I have no prebuild binary packages for your OS, you will have to compile fred by yourself. In this case, read the instructions under "Installing from source". 2.3 Installing from source Start by getting the source code from https://www.pinguin.lu and unpacking it to some temporary directory. Under Linux and Mac OSX, use: $ cd /some/temp/dir/ $ tar xfvz fred-x.x.x.tar.gz Under Windows, use 7zip or alike to decompress the tar.gz file. 2.3.1 Shared vs static libhivex When compiling fred from source, you have two possibilities how to include libhivex. When using Linux, chances are your distribution has a package for it available. In this case, you may install the binary and developper version of it and go ahead to build fred. If your distribution has no libhivex package available (Mac OSX and Windows definitely haven't), or you want to use the latest version of it available that might fix some bugs, make sure you use the "--static-hivex" command line option when running my bootstrap.sh script. This will checkout, compile and statically link the latest libhivex compatible with fred while building. 2.3.2 Linux 2.3.2.1 Prerequisites TODO 2.3.2.2 Compiling Compiling under Linux for Linux should be very simple. Just execute the following commands: $ cd /path/to/fred/source/ $ ./autogen.sh --platform=linux Or, if you want to use the static libhivex: $ cd /path/to/fred/source/ $ ./autogen.sh --static-hivex --platform=linux 2.3.2.3 Packaging TODO 2.3.3 Mac OSX 2.3.3.1 Prerequisites In order to compile fred under Mac OSX, you need to install the following software: - XCode from Apple - Git from http://code.google.com/p/git-osx-installer/ - MacPorts from http://www.macports.org - Qt 4.8.x library from http://qt-project.org Aditionally, after installing MacPorts, install the following packages: $ sudo port install ocaml libxml2 pkgconfig autoconf gettext 2.3.3.2 Compiling Compilation should be straight forward executing the following command: $ cd /path/to/fred/source/ $ ./autogen.sh --static-hivex --platform=mac 2.3.3.3 Packaging TODO 2.3.4 Windows Until beta5, fred for Windows was build under Windows. But it was a pain in the bud to do so. Therefore I switched to crosscompiling under Linux which works very well. If you want to build fred under Windows, good luck and please, don't contact me if you have any problems! My only answer will be: Crosscompile under Linux! 2.3.5 Crosscompiling for Windows 2.3.5.1 Prerequisites The following instructions are for Debian / Ubuntu like distros. If you are using another distro, you will need to get the compiler and Qt on your own. 2.3.5.1.1 Compiler You need the mingw-w64 gcc and g++ compiler. When using Debian/Ubuntu install the following packages: $ sudo apt-get install mingw-w64 mingw-w64-tools g++-mingw-w64 \ - gcc-mingw-w64 mingw-ocaml + gcc-mingw-w64 mingw-ocaml autopoint 2.3.5.1.2 Qt After you have a compiler, you will need to crosscompile Qt as it is currently not available as package. Start by getting the source: $ cd /some/temp/dir/ - $ QTU="http://download.qt-project.org/official_releases/qt/4.8/4.8.4" + $ QTU="http://download.qt-project.org/archive/qt/4.8/4.8.4" $ QTP="qt-everywhere-opensource-src-4.8.4" $ wget $QTU/$QTP.tar.gz $ tar xfvz $QTP.tar.gz $ cd $QTP - Unfortunately, Qt won't build until you apply two small patches: + Unfortunately, Qt won't build until you apply three small patches: $ SRC="/path/to/fred/source/qt_patches" $ patch -p1 <"$SRC/mingw32-qt-4.8.0-no-webkit-tests.patch" $ patch -p1 <"$SRC/qt-4.8.4-fix-sse-suppport-build-regression.patch" + $ patch -p1 <"$SRC/qt-4.8.0-fix-include-windows-h.patch" Now configure, compile and install Qt (I compiled it on my dual Xeon - machine with 24 cores (using make -j24) which took about 5 minutes. It - might take a bit longer on your machine :-p): + machine with 40 cores (using make -j40) in 09:27 minutes. It might + take a bit longer on your machine :-p): $ sudo ./configure -prefix /opt/qt-4.8.4-mingw -opensource \ -no-qt3support -no-multimedia -no-audio-backend \ -no-phonon -no-phonon-backend -no-javascript-jit \ -nomake examples -nomake demos -nomake docs \ -xplatform win32-g++-4.6 \ -device-option CROSS_COMPILE=i686-w64-mingw32- $ sudo make $ sudo make install If you are asking you why the heck I used sudo to run configure, well, Qt likes to copy some files to the prefix dir in that step which will fail if you aren't root. + 2.3.5.3 LIBXML2 + $ wget ftp://xmlsoft.org/libxml2/libxml2-2.9.1.tar.gz + $ tar xfvz libxml2-2.9.1.tar.gz + $ cd libxml2-2.9.1/ + $ ./configure --prefix /opt/libxml2-2.9.1-mingw --host i686-w64-mingw32 --without-python + $ make + $ sudo make install + + TODO + 2.3.5.3 Compiling If all the above worked, you are ready to crosscompile fred: $ cd /path/to/fred/source/ + $ cd hivex/gnulib; patch -p1 <../../hivex_patches/gnulib.patch; cd - $ ./autogen.sh --static-hivex --platform=win32 The build process of hivex will probably complain and might even fail with an error but normally the lib gets build before that without errors, so just ignore it. 2.3.5.4 Packaging TODO diff --git a/trunk/autogen.sh b/trunk/autogen.sh index 509ce66..fa94c08 100755 --- a/trunk/autogen.sh +++ b/trunk/autogen.sh @@ -1,328 +1,328 @@ #!/bin/bash # ----------------------------------------------------------------------------- # Default command line options. # ----------------------------------------------------------------------------- DEFOPT_CREATE_PACKAGE=0 DEFOPT_JOBS=1 DEFOPT_ONLY_BOOTSTRAP=0 DEFOPT_PLATFORM="linux" DEFOPT_STATIC_HIVEX=0 DEFOPT_LINUX_QMAKE=`which qmake` DEFOPT_WIN32_COMPILER_SUFFIX="i686-w64-mingw32" DEFOPT_WIN32_QMAKE="/opt/qt-4.8.4-mingw/bin/qmake" #DEFOPT_WIN32_DLL_PATH="/usr/i686-w64-mingw32/bin" DEFOPT_WIN32_QTDLL_PATH="/opt/qt-4.8.4-mingw/bin" # ----------------------------------------------------------------------------- # ------------------ DO NOT CHANGE ANYTHING BELOW THIS LINE ------------------- # ----------------------------------------------------------------------------- -WIN32_DLLS="libgcc_s_sjlj-1.dll libstdc++-6.dll libiconv-2.dll" +WIN32_DLLS="libgcc_s_sjlj-1.dll libstdc++-6.dll libiconv-2.dll libwinpthread-1.dll" WIN32_QTDLLS="QtCore4.dll QtGui4.dll QtScript4.dll QtWebKit4.dll QtNetwork4.dll QtWebKit4.dll" # Try to make somehow sure we are running in bash and not some other shell if [ -z "$BASH_VERSION" ]; then echo "ERROR: This script must be run in a bash shell! Try using \"bash $0\"" exit 1 fi # ----------------------------------------------------------------------------- # Function declarations # ----------------------------------------------------------------------------- # Print usage and exit PrintUsage() { echo echo "Usage:" echo " $0 [options]" echo echo "Options:" echo " --create-package[=0..1] (Def.: $DEFOPT_CREATE_PACKAGE) : Package fred after building (Only supported on Debian/Ubuntu and Win32)." echo " --help: Print this help message." echo " --jobs= (Def.: $DEFOPT_JOBS) : Specify how many make jobs should be run simultaneously." echo " --linux-qmake= (Def.: $DEFOPT_LINUX_QMAKE) : Specify the linux qmake binary to use." echo " --only-bootstrap[=0..1] (Def.: $DEFOPT_ONLY_BOOTSTRAP) : Only bootstrap, but do not compile fred." echo " --platform= (Def.: $DEFOPT_PLATFORM) : Specify the platform fred should be build for. Available platforms are 'linux' and 'win32'." echo " --static-hivex[=0..1] (Def.: $DEFOPT_STATIC_HIVEX): Build and link in-tree hivex statically." echo " --win32-compiler-suffix= (Def.: $DEFOPT_WIN32_COMPILER_SUFFIX) : Specify the win32 crosscompiler suffix to use." # echo " --win32-dll-path= (Def.: $DEFOPT_WIN32_DLL_PATH) : Specify path to mingw dll's" echo " --win32-qmake= (Def.: $DEFOPT_WIN32_QMAKE) : Specify the win32 qmake binary to use." echo " --win32-qtdll-path= (Def.: $DEFOPT_WIN32_QTDLL_PATH) : Specify path to Qt dll's" echo exit 1 } # Extract argument value get_arg_val() { local TMP=`echo "$1" | cut -d= -f2` if [ "$1" = "$TMP" ]; then # No arg specified for option, assume 1 echo 1 else if [[ -z "$TMP" || $(echo -n "$TMP" | sed 's/[0-9]//g' | wc -c) -ne 0 ]]; then echo "ERROR: Non-integer arg for option '$1' specified!" 1>&2 exit 1 fi echo $TMP fi } # ----------------------------------------------------------------------------- # Parse command line args # ----------------------------------------------------------------------------- # Load defaults OPT_CREATE_PACKAGE=$DEFOPT_CREATE_PACKAGE OPT_JOBS=$DEFOPT_JOBS OPT_ONLY_BOOTSTRAP=$DEFOPT_ONLY_BOOTSTRAP OPT_PLATFORM="$DEFOPT_PLATFORM" OPT_STATIC_HIVEX=$DEFOPT_STATIC_HIVEX OPT_LINUX_QMAKE="$DEFOPT_LINUX_QMAKE" OPT_WIN32_COMPILER_SUFFIX="$DEFOPT_WIN32_COMPILER_SUFFIX" OPT_WIN32_QMAKE="$DEFOPT_WIN32_QMAKE" #OPT_WIN32_DLL_PATH="$DEFOPT_WIN32_DLL_PATH" OPT_WIN32_QTDLL_PATH="$DEFOPT_WIN32_QTDLL_PATH" # Parse specified options shopt extglob &>/dev/null EXTGLOB=$? shopt -s extglob &>/dev/null while :; do case "$1" in --create-package?(=[01])) OPT_CREATE_PACKAGE=$(get_arg_val "$1") || PrintUsage shift ;; --help) PrintUsage ;; --jobs=*) OPT_JOBS=$(get_arg_val "$1") || PrintUsage shift ;; --linux-qmake=*) TMP=`echo "$1" | cut -d= -f2` if [[ -z "$TMP" || "$1" = "$TMP" ]]; then echo "ERROR: No option arg for '$1' specified!" PrintUsage fi if [ ! -x "$TMP" ]; then echo "ERROR: The specified linux qmake binary '$TMP' does not exist or is not executable!" exit 1 fi OPT_LINUX_QMAKE="$TMP" shift ;; --only-bootstrap?(=[01])) OPT_ONLY_BOOTSTRAP=$(get_arg_val "$1") || PrintUsage shift ;; --platform=*) TMP=`echo "$1" | cut -d= -f2` if [[ -z "$TMP" || "$1" = "$TMP" ]]; then echo "ERROR: No option arg for '$1' specified!" PrintUsage fi TMP=`echo "$TMP" | tr "[A-Z]" "[a-z]"` if [[ "$TMP" != "linux" && "$TMP" != "win32" ]]; then echo "ERROR: Unsupported platform '$TMP' specified!" PrintUsage fi OPT_PLATFORM="$TMP" shift ;; --static-hivex?(=[01])) OPT_STATIC_HIVEX=$(get_arg_val "$1") || PrintUsage shift ;; --win32-compiler-suffix=*) TMP=`echo "$1" | cut -d= -f2` if [[ -z "$TMP" || "$1" = "$TMP" ]]; then echo "ERROR: No option arg for '$1' specified!" PrintUsage fi if [[ ! -x "$(which \"${TMP}-gcc\")" || ! -x "$(which \"${TMP}-g++\")" ]]; then echo "ERROR: Couldn't find '${TMP}-gcc' or '${TMP}-g++'!" echo "ERROR: The specified win32 compiler suffix does not seem to be correct!" exit 1 fi OPT_WIN32_COMPILER_SUFFIX="$TMP" shift ;; --win32-qmake=*) TMP=`echo "$1" | cut -d= -f2` if [[ -z "$TMP" || "$1" = "$TMP" ]]; then echo "ERROR: No option arg for '$1' specified!" PrintUsage fi if [ ! -x "$TMP" ]; then echo "ERROR: The specified win32 qmake binary '$TMP' does not exist or is not executable!" exit 1 fi OPT_WIN32_QMAKE="$TMP" shift ;; --win32-qtdll-path=*) TMP=`echo "$1" | cut -d= -f2` if [[ -z "$TMP" || "$1" = "$TMP" ]]; then echo "ERROR: No option arg for '$1' specified!" PrintUsage fi if [ ! -d "$TMP" ]; then echo "ERROR: The specified Qt dll path '$TMP' does not exist or is not a directory!" exit 1 fi OPT_WIN32_QTDLL_PATH="$TMP" shift ;; --*) echo "ERROR: Unknown option / Wrong option arg '$1' specified!" 1>&2 PrintUsage ;; *) break ;; esac done if [ $EXTGLOB -ne 0 ]; then shopt -u extglob &>/dev/null fi # ----------------------------------------------------------------------------- # Check command line args # ----------------------------------------------------------------------------- if [ "$OPT_PLATFORM" = "linux" ]; then if [ ! -x "$OPT_LINUX_QMAKE" ]; then echo "ERROR: Couldn't find qmake! Consider specifying it with --linux-qmake." exit 1 fi fi if [ "$OPT_PLATFORM" = "win32" ]; then if [ ! -x "$OPT_WIN32_QMAKE" ]; then echo "ERROR: Couldn't find qmake! Consider specifying it with --win32-qmake." exit 1 fi fi # ----------------------------------------------------------------------------- # Build # ----------------------------------------------------------------------------- # Get script directory and cd to it SCRIPT_DIR=`dirname "$0"` ( cd "$SCRIPT_DIR" # When requested to build static, init, bootstrap, configure and make hivex if [ $OPT_STATIC_HIVEX -eq 1 ]; then echo "-----------------------------------------------------------------------------" echo "Bootstrapping fred" echo "-----------------------------------------------------------------------------" ( cd .. git submodule init git submodule update ) echo "-----------------------------------------------------------------------------" echo "Bootstrapping hivex" echo "-----------------------------------------------------------------------------" ( cd hivex if [ "$OPT_PLATFORM" = "linux" ]; then ./autogen.sh --disable-ocaml --disable-perl --disable-python --disable-ruby --disable-shared || exit 1 fi if [ "$OPT_PLATFORM" = "win32" ]; then - ./autogen.sh --host=$OPT_WIN32_COMPILER_SUFFIX --disable-ocaml --disable-perl --disable-python --disable-ruby --disable-shared || exit 1 + PKG_CONFIG_PATH=/usr/i686-w64-mingw32/lib/pkgconfig ./autogen.sh --host=$OPT_WIN32_COMPILER_SUFFIX --disable-ocaml --disable-perl --disable-python --disable-ruby --disable-shared || exit 1 fi ) [ $? -ne 0 ] && exit 1 echo "-----------------------------------------------------------------------------" echo "Building hivex" echo "-----------------------------------------------------------------------------" ( cd hivex make clean &>/dev/null - make -j$OPT_JOBS || exit 1 + make CFLAGS="-O2 -mno-ms-bitfields" -j$OPT_JOBS || exit 1 ) [ $? -ne 0 ] && [ "$OPT_PLATFORM" != "win32" ] && exit 1 fi # Exit if we had only to bootstrap [ $OPT_ONLY_BOOTSTRAP -eq 1 ] && exit 0 # Building is done while packaging on Linux if [[ ! ( "$OPT_PLATFORM" = "linux" && $OPT_CREATE_PACKAGE -eq 1 ) ]]; then echo "-----------------------------------------------------------------------------" echo "Building fred" echo "-----------------------------------------------------------------------------" make distclean &>/dev/null if [ "$OPT_PLATFORM" = "linux" ]; then if [ $OPT_STATIC_HIVEX -eq 0 ]; then $OPT_LINUX_QMAKE -qt=qt4 || exit 1 else $OPT_LINUX_QMAKE -qt=qt4 HIVEX_STATIC=1 || exit 1 fi make clean &>/dev/null make -j$OPT_JOBS release || exit 1 fi if [ "$OPT_PLATFORM" = "win32" ]; then if [ $OPT_STATIC_HIVEX -eq 0 ]; then $OPT_WIN32_QMAKE || exit 1 else $OPT_WIN32_QMAKE HIVEX_STATIC=1 || exit 1 fi make clean &>/dev/null make -j$OPT_JOBS release || exit 1 fi fi # Exit if we don't need to package fred [ $OPT_CREATE_PACKAGE -eq 0 ] && exit 0 echo "-----------------------------------------------------------------------------" echo "Packaging fred" echo "-----------------------------------------------------------------------------" if [ "$OPT_PLATFORM" = "linux" ]; then if [ ! -x "$(which dpkg-buildpackage)" ]; then echo "ERROR: Couldn't find dpkg-buildpackage!" exit 1 fi dpkg-buildpackage -rfakeroot -b || exit 1 fi if [ "$OPT_PLATFORM" = "win32" ]; then # Delete old package directory if it exists and (re)create it rm -rf fred-win32 &>/dev/null mkdir fred-win32 # Copy fred.exe cp -v release/fred.exe fred-win32/ # Find and copy mingw dll's for F in $WIN32_DLLS; do find /usr -name "$F" -path "*/$OPT_WIN32_COMPILER_SUFFIX/*" -exec cp -v "{}" fred-win32/ \; || exit 1 done # Copy Qt dll's for F in $WIN32_QTDLLS; do cp -v "$OPT_WIN32_QTDLL_PATH/$F" fred-win32/ || exit 1 done # Copy report templates cp -rv report_templates fred-win32/ || exit 1 fi ) if [ $? -eq 0 ]; then echo "-----------------------------------------------------------------------------" echo "All done." echo "-----------------------------------------------------------------------------" else echo "-----------------------------------------------------------------------------" echo "An error occured while building! See output above for details." echo "-----------------------------------------------------------------------------" fi diff --git a/trunk/hivex_patches/gnulib.patch b/trunk/hivex_patches/gnulib.patch new file mode 100644 index 0000000..caa4464 --- /dev/null +++ b/trunk/hivex_patches/gnulib.patch @@ -0,0 +1,29 @@ +--- a/lib/msvc-inval.c ++++ b/lib/msvc-inval.c +@@ -28,7 +28,7 @@ + + # if MSVC_INVALID_PARAMETER_HANDLING == DEFAULT_HANDLING + +-static void cdecl ++static void __cdecl + gl_msvc_invalid_parameter_handler (const wchar_t *expression, + const wchar_t *function, + const wchar_t *file, +@@ -45,7 +45,7 @@ gl_msvc_invalid_parameter_handler (const wchar_t *expression, + + # if defined _MSC_VER + +-static void cdecl ++static void __cdecl + gl_msvc_invalid_parameter_handler (const wchar_t *expression, + const wchar_t *function, + const wchar_t *file, +@@ -94,7 +94,7 @@ gl_msvc_inval_current (void) + } + } + +-static void cdecl ++static void __cdecl + gl_msvc_invalid_parameter_handler (const wchar_t *expression, + const wchar_t *function, + const wchar_t *file, diff --git a/trunk/qt_patches/qt-4.8.4-fix-sse-suppport-build-regression.patch b/trunk/qt_patches/qt-4.8.4-fix-sse-suppport-build-regression.patch new file mode 100644 index 0000000..b23212e --- /dev/null +++ b/trunk/qt_patches/qt-4.8.4-fix-sse-suppport-build-regression.patch @@ -0,0 +1,11 @@ +--- a/src/gui/gui.pro ++++ b/src/gui/gui.pro +@@ -80,7 +80,7 @@ + DEFINES += QT_NO_DIRECTWRITE + } + +-contains(QMAKE_MAC_XARCH, no) { ++mac:contains(QMAKE_MAC_XARCH, no) { + DEFINES += QT_NO_MAC_XARCH + } else { + win32-g++*|!win32:!win32-icc*:!macx-icc* {