{"id":104,"date":"2009-06-12T21:35:00","date_gmt":"2009-06-12T21:35:00","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=104"},"modified":"2020-07-02T21:36:39","modified_gmt":"2020-07-02T21:36:39","slug":"compiling-the-windows-agent-from-a-linux-system","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2009\/06\/compiling-the-windows-agent-from-a-linux-system\/","title":{"rendered":"Compiling the Windows Agent from a Linux system"},"content":{"rendered":"\n<p>It has always been a pain to generate snapshots for Windows because it required me to open up my Windows VM (slow), push the code there, compile, etc. Well, until this week when I started to play with&nbsp;<a href=\"http:\/\/www.mingw.org\/\">MinGW<\/a>&nbsp;cross-compilation feature to completely build an Windows agent from Linux.<\/p>\n\n\n\n<p>How it works? First, you need to install MinGW and makensis (to build the installer). On Ubuntu, it is just:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>#&nbsp;<strong>apt-get install mingw32 mingw32-binutils mingw32-runtime<\/strong><br>#&nbsp;<strong>apt-get install nsis<\/strong><\/p><\/blockquote>\n\n\n\n<p>After that, download the latest snapshot:&nbsp;<a href=\"http:\/\/ossec.net\/files\/snapshots\/\">http:\/\/ossec.net\/files\/snapshots\/<\/a>&nbsp;and generate the Windows package directory (where XX is the latest date):<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>#&nbsp;<strong>wget http:\/\/www.ossec.net\/files\/snapshots\/ossec-hids-xx.tar.gz<\/strong><br>#&nbsp;<strong>tar -zxvf ossec-hids-xx.tar.gz<\/strong><br>#&nbsp;<strong>cd ossec-hids-xx\/src\/win32<\/strong><br>#&nbsp;<strong>.\/gen-win.sh<\/strong><\/p><\/blockquote>\n\n\n\n<p>Now, you will have the win-pkg directory under src. Just go there and run make.sh. Your Windows agent package should be created in a few minutes:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>#&nbsp;<strong>cd ..\/win-pkg<\/strong><br>#&nbsp;<strong>sh .\/make.sh<\/strong><\/p><\/blockquote>\n\n\n\n<p>You will see the following in the screen:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>Making windows agent<br>rootcheck\/win-common.c: In function \u2018__os_winreg_querykey\u2019:<br>rootcheck\/win-common.c:279: warning: pointer targets in passing argument 7 of \u2018RegEnumValueA\u2019 differ in signedness<br>win-registry.c: In function \u2018os_winreg_querykey\u2019:<br>\u2026<\/p><p>Output: \u201cossec-win32-agent.exe\u201d<br>Install: 7 pages (448 bytes), 3 sections (3144 bytes), 379 instructions (10612 bytes), 247 strings (42580 bytes), 1 language table (346 bytes).<br>Uninstall: 5 pages (320 bytes),<br>1 section (1048 bytes), 301 instructions (8428 bytes), 166 strings (2646 bytes), 1 language table (290 bytes).<br>Datablock optimizer saved 8371 bytes (~0.7%).<\/p><\/blockquote>\n\n\n\n<p>Which means that your agent executable&nbsp;<strong>ossec-win32-agent.exe<\/strong>&nbsp;has been created properly.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It has always been a pain to generate snapshots for Windows because it required me to open up my Windows VM (slow), push the code there, compile, etc. Well, until this week when I started to play with&nbsp;MinGW&nbsp;cross-compilation feature to completely build an Windows agent from Linux. How it works? First, you need to install [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/104"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=104"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/104\/revisions"}],"predecessor-version":[{"id":105,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/104\/revisions\/105"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}