https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
d

duongtt

02/17/2020, 5:06 AM
Hi, I'm building osquery extension in platform Windows 10 following this link: https://osquery.readthedocs.io/en/1.8.2/development/windows-provisioning/ and also https://github.com/trailofbits/osquery-extensions/blob/master/README.md - What I have done is + set my project at C driver, so my path to osquery is: 
C:\osquery\tmp\osquery
+ use version 3.3.2 for building my own extension + run command as Administrator + while running 
.\tools\make-win64-dev-env.bat
, edit 
provision.ps1
to ignore the corrupted download link of 
doxygen
, then install it by myself - My problem is: when I run 
.\tools\make-win64-binaries.bat
, I met this LINKER error whether I add my extension to folder 
external
or not
Copy code
Creating library C:/osquery/tmp/osquery/build/windows10/osquery/Release/osqueryd.lib and object C:/osquery/tmp/osquery/build/windows10/osquery/Release/osqueryd.explibeay32.lib(b_sock.obj) : error LNK2001: unresolved external symbol __imp_htonl [C:\osquery\tmp\osquery\build\windows10\osquery\daemon.vcxproj]
    osquery.lib(impl_thrift.obj) : error LNK2001: unresolved external symbol __imp_htonl [C:\osquery\tmp\osquery\build\windows10\osquery\daemon.vcxproj]
    osquery.lib(rocksdb_database.obj) : error LNK2001: unresolved external symbol __imp_htonl [C:\osquery\tmp\osquery\build\windows10\osquery\daemon.vcxproj]
    thriftmt.lib(TBufferTransports.obj) : error LNK2001: unresolved external symbol __imp_htonl [C:\osquery\tmp\osquery\build\windows10\osquery\daemon.vcxproj]
    libeay32.lib(bss_conn.obj) : error LNK2001: unresolved external symbol __imp_htonl [C:\osquery\tmp\osquery\build\windows10\osquery\daemon.vcxproj]
    osquery.lib(impl_thrift.obj) : error LNK2001: unresolved external symbol __imp_htons [C:\osquery\tmp\osquery\build\windows10\osquery\daemon.vcxproj]
    osquery.lib(rocksdb_database.obj) : error LNK2001: unresolved external symbol __imp_htons [C:\osquery\tmp\osquery\build\windows10\osquery\daemon.vcxproj]
    libeay32.lib(bss_conn.obj) : error LNK2001: unresolved external symbol __imp_htons [C:\osquery\tmp\osquery\build\windows10\osquery\daemon.vcxproj]

    ...
    C:\osquery\tmp\osquery\build\windows10\osquery\Release\osqueryd.exe : fatal error LNK1120: 110 unresolved externals [C:\osquery\tmp\osquery\build\windows10\osquery\daemon.vcxproj]
- I need suggestions for fixing these LINKER errors. Please help 😞
a

alessandrogario

02/17/2020, 11:04 AM
Have you tried using the build guide at https://osquery.readthedocs.io/en/latest/development/building/ ?
Seems like you are building an old version of osquery ? The extensions are being updated to build with osquery 4.x
👍 1
d

duongtt

02/17/2020, 11:09 AM
But my whole project in linux side is using osquery version 3.3.2, and it worked fine, So I'm trying to make thing work in windows
Also, when I tried the lastest version of osquery (the function 
ADD_OSQUERY_EXTENSION
makes the file CMakeLists.txt met error)
Seems like osquery version 3.3.2, the function 
ADD_OSQUERY_EXTENSION
works pretty well, but not in the lastest version
When I tried to run 
cmake -G "Visual Studio 16 2019" -A x64 -T v141 ..
, I met this error
Copy code
Unknown CMake command "ADD_OSQUERY_EXTENSION"
Would you mind giving any ideas of replacing this function with another function that works well in the lastest version of osquery?
p.s: 
ADD_OSQUERY_EXTENSION
is wrote in my CMakeLists.txt in my own extension. Thank you for helping me
@alessandrogario sorry to bothering you, but I have tried the lastest version of osquery (more specifically, I'm using 4.1.2-57-gda4bfd47)
So I had chosen the extension from https://github.com/trailofbits/osquery-extensions/blob/master/README.md to test how to build with osquery
But it seems like the lastest version cannot build the extension. What could I do to build the trailofbits extension with the lastest version of osquery? Thank you very much !
14 Views
Powered by