Compiling the Windows Agent from a Linux system

It has always been a pain to generate snapshots for Windows because it required me to open up my Windows VM (slow), push the code there, compile, etc. Well, until this week when I started to play with MinGW cross-compilation feature to completely build an Windows agent from Linux.

How it works? First, you need to install MinGW and makensis (to build the installer). On Ubuntu, it is just:

apt-get install mingw32 mingw32-binutils mingw32-runtime
apt-get install nsis

After that, download the latest snapshot: and generate the Windows package directory (where XX is the latest date):

tar -zxvf ossec-hids-xx.tar.gz
cd ossec-hids-xx/src/win32

Now, you will have the win-pkg directory under src. Just go there and run Your Windows agent package should be created in a few minutes:

cd ../win-pkg
sh ./

You will see the following in the screen:

Making windows agent
rootcheck/win-common.c: In function ‘__os_winreg_querykey’:
rootcheck/win-common.c:279: warning: pointer targets in passing argument 7 of ‘RegEnumValueA’ differ in signedness
win-registry.c: In function ‘os_winreg_querykey’:

Output: “ossec-win32-agent.exe”
Install: 7 pages (448 bytes), 3 sections (3144 bytes), 379 instructions (10612 bytes), 247 strings (42580 bytes), 1 language table (346 bytes).
Uninstall: 5 pages (320 bytes),
1 section (1048 bytes), 301 instructions (8428 bytes), 166 strings (2646 bytes), 1 language table (290 bytes).
Datablock optimizer saved 8371 bytes (~0.7%).

Which means that your agent executable ossec-win32-agent.exe has been created properly.

Leave a Reply

Your email address will not be published. Required fields are marked *