search

DFIR-ORC / dfir-orc

Forensics artefact collection tool for systems running Microsoft Windows
https://dfir-orc.github.io
GNU Lesser General Public License v2.1
383 stars 42 forks source link

Compilation error #2

Closed chauchse closed 5 years ago

chauchse commented 5 years ago

Dear,

Thanks for your DIFR tool. I try to compile it by following instructions. I have an error : `C:\tools\dfir-orc\build-x64>"C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe" -G "Visual Studio 16 2019" -A x64 -DORC_BUILD_VCPKG=ON .. -- Using vcpkg: C:/tools/dfir-orc/external/vcpkg/vcpkg.exe -- Install dependencies with: "C:/tools/dfir-orc/external/vcpkg\vcpkg.exe" --vcpkg-root "C:/tools/dfir-orc/external/vcpkg" install 7zip:x64-windows-static boost-algorithm:x64-windows-static boost-dynamic-bitset:x64-windows-static boost-format:x64-windows-static boost-logic:x64-windows-static boost-multi-index:x64-windows-static boost-scope-exit:x64-windows-static fmt:x64-windows-static tlsh:x64-windows-static yara:x64-windows-static cli11:x64-windows-static spdlog:x64-windows-static

The following packages are already installed: 7zip[core]:x64-windows-static boost-algorithm[core]:x64-windows-static boost-dynamic-bitset[core]:x64-windows-static boost-format[core]:x64-windows-static boost-logic[core]:x64-windows-static boost-multi-index[core]:x64-windows-static boost-scope-exit[core]:x64-windows-static cli11[core]:x64-windows-static fmt[core]:x64-windows-static spdlog[core]:x64-windows-static tlsh[core]:x64-windows-static yara[core]:x64-windows-static Starting package 1/12: 7zip:x64-windows-static Package 7zip:x64-windows-static is already installed Elapsed time for package 7zip:x64-windows-static: 50.3 us Starting package 2/12: fmt:x64-windows-static Package fmt:x64-windows-static is already installed Elapsed time for package fmt:x64-windows-static: 10.6 us Starting package 3/12: boost-algorithm:x64-windows-static Package boost-algorithm:x64-windows-static is already installed Elapsed time for package boost-algorithm:x64-windows-static: 10.5 us Starting package 4/12: boost-dynamic-bitset:x64-windows-static Package boost-dynamic-bitset:x64-windows-static is already installed Elapsed time for package boost-dynamic-bitset:x64-windows-static: 11 us Starting package 5/12: boost-scope-exit:x64-windows-static Package boost-scope-exit:x64-windows-static is already installed Elapsed time for package boost-scope-exit:x64-windows-static: 11.4 us Starting package 6/12: spdlog:x64-windows-static Package spdlog:x64-windows-static is already installed Elapsed time for package spdlog:x64-windows-static: 9.2 us Starting package 7/12: boost-format:x64-windows-static Package boost-format:x64-windows-static is already installed Elapsed time for package boost-format:x64-windows-static: 27.1 us Starting package 8/12: boost-logic:x64-windows-static Package boost-logic:x64-windows-static is already installed Elapsed time for package boost-logic:x64-windows-static: 10.6 us Starting package 9/12: boost-multi-index:x64-windows-static Package boost-multi-index:x64-windows-static is already installed Elapsed time for package boost-multi-index:x64-windows-static: 10.2 us Starting package 10/12: tlsh:x64-windows-static Package tlsh:x64-windows-static is already installed Elapsed time for package tlsh:x64-windows-static: 10.9 us Starting package 11/12: yara:x64-windows-static Package yara:x64-windows-static is already installed Elapsed time for package yara:x64-windows-static: 9.4 us Starting package 12/12: cli11:x64-windows-static Package cli11:x64-windows-static is already installed Elapsed time for package cli11:x64-windows-static: 9.7 us

Total elapsed time: 269.7 us

The package 7zip:x64-windows-static provides CMake targets:

find_package(7zip CONFIG REQUIRED)
target_link_libraries(main PRIVATE 7zip::7zip 7zip::extras)

The package fmt:x64-windows-static provides CMake targets:

find_package(fmt CONFIG REQUIRED)
target_link_libraries(main PRIVATE fmt::fmt fmt::fmt-header-only)

The package spdlog:x64-windows-static provides CMake targets:

find_package(spdlog CONFIG REQUIRED)
target_link_libraries(main PRIVATE spdlog::spdlog)

The package tlsh:x64-windows-static provides CMake targets:

find_package(tlsh CONFIG REQUIRED)
target_link_libraries(main PRIVATE tlsh::tlsh tlsh::winfunc)

The package cli11:x64-windows-static provides CMake targets:

find_package(CLI11 CONFIG REQUIRED)
target_link_libraries(main PRIVATE CLI11::CLI11)

-- The C compiler identification is MSVC 19.23.28105.4 -- The CXX compiler identification is MSVC 19.23.28105.4 -- The ASM_MASM compiler identification is MSVC -- Found assembler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.23.28105/bin/Hostx64/x64/ml64.exe -- Check for working C compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.23.28105/bin/Hostx64/x64/cl.exe -- Check for working C compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.23.28105/bin/Hostx64/x64/cl.exe -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Detecting C compile features -- Detecting C compile features - done -- Check for working CXX compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.23.28105/bin/Hostx64/x64/cl.exe -- Check for working CXX compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.23.28105/bin/Hostx64/x64/cl.exe -- works -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Detecting CXX compile features -- Detecting CXX compile features - done -- Found Boost: C:/tools/dfir-orc/external/vcpkg/installed/x64-windows-static/include (found version "1.70.0") CMake Error at C:/Program Files (x86)/Microsoft Visual Studio/2019/BuildTools/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/share/cmake-3.15/Modules/FindPackageHandleStandardArgs.cmake:137 (message): Could NOT find VisualStudio (missing: ATLS_LIB_DIR CPPUNITTEST_INCLUDE_DIR) Call Stack (most recent call first): C:/Program Files (x86)/Microsoft Visual Studio/2019/BuildTools/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/share/cmake-3.15/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE) cmake/FindVisualStudio.cmake:62 (find_package_handle_standard_args) external/vcpkg/scripts/buildsystems/vcpkg.cmake:256 (_find_package) src/OrcLib/CMakeLists.txt:17 (find_package)

-- Configuring incomplete, errors occurred! See also "C:/tools/dfir-orc/build-x64/CMakeFiles/CMakeOutput.log". See also "C:/tools/dfir-orc/build-x64/CMakeFiles/CMakeError.log".`

Here you can see content of CMakeError.log : `Checking whether the ASM_MASM compiler is GNU using "--version" did not match "(GNU assembler)|(GCC)|(Free Software Foundation)": Microsoft (R) Macro Assembler (x64) Version 14.23.28105.4 Copyright (C) Microsoft Corporation. All rights reserved.

MASM : warning A4018:invalid command-line option : --version MASM : fatal error A1017:missing source filename Checking whether the ASM_MASM compiler is Clang using "--version" did not match "(clang version)": Microsoft (R) Macro Assembler (x64) Version 14.23.28105.4 Copyright (C) Microsoft Corporation. All rights reserved.

MASM : warning A4018:invalid command-line option : --version MASM : fatal error A1017:missing source filename Checking whether the ASM_MASM compiler is AppleClang using "--version" did not match "(Apple LLVM version)": Microsoft (R) Macro Assembler (x64) Version 14.23.28105.4 Copyright (C) Microsoft Corporation. All rights reserved.

MASM : warning A4018:invalid command-line option : --version MASM : fatal error A1017:missing source filename Checking whether the ASM_MASM compiler is ARMClang using "--version" did not match "armclang": Microsoft (R) Macro Assembler (x64) Version 14.23.28105.4 Copyright (C) Microsoft Corporation. All rights reserved.

MASM : warning A4018:invalid command-line option : --version MASM : fatal error A1017:missing source filename Checking whether the ASM_MASM compiler is HP using "-V" did not match "HP C": Microsoft (R) Macro Assembler (x64) Version 14.23.28105.4 Copyright (C) Microsoft Corporation. All rights reserved.

MASM : warning A4018:invalid command-line option : -V MASM : fatal error A1017:missing source filename Checking whether the ASM_MASM compiler is Intel using "--version" did not match "(ICC)": Microsoft (R) Macro Assembler (x64) Version 14.23.28105.4 Copyright (C) Microsoft Corporation. All rights reserved.

MASM : warning A4018:invalid command-line option : --version MASM : fatal error A1017:missing source filename Checking whether the ASM_MASM compiler is SunPro using "-V" did not match "Sun C": Microsoft (R) Macro Assembler (x64) Version 14.23.28105.4 Copyright (C) Microsoft Corporation. All rights reserved.

MASM : warning A4018:invalid command-line option : -V MASM : fatal error A1017:missing source filename Checking whether the ASM_MASM compiler is XL using "-qversion" did not match "XL C": Microsoft (R) Macro Assembler (x64) Version 14.23.28105.4 Copyright (C) Microsoft Corporation. All rights reserved.

MASM : warning A4018:invalid command-line option : -qversion MASM : fatal error A1017:missing source filename `

Could you help me ?

Regards

fabienfl-orc commented 5 years ago

Hello Chauchse

I believe at least one component is missing in your visual studio installation. Have you tried to import the .vsconfig file into Visual Studio Installer ?

This should solve at least the issue for Could NOT find VisualStudio (missing: ATLS_LIB_DIR CPPUNITTEST_INCLUDE_DIR). Let me know if after doing that you are still having issue.

regards

fabienfl-orc commented 5 years ago

sorry got keyboard issue :)

chauchse commented 5 years ago

Hello Fabien,

Effectively, i had to import vsconfig to solve this problem.

But the next step is in error too : cmake --build . --config MinSizeRel -- -maxcpucount

en extract from error messages : C:\tools\dfir-orc\src\OrcLib\Buffer.h(669): error C2059: erreur de syntaxe : '(' (compilation du fichier source C:\tool s\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\build-x64\src\OrcLib\OrcLib.vcxproj] C:\tools\dfir-orc\src\OrcLib\Buffer.h(670): error C2334: jetons inattendus avant '{' ; corps apparent de la fonction ig noré (compilation du fichier source C:\tools\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\build-x 64\src\OrcLib\OrcLib.vcxproj] C:\tools\dfir-orc\src\OrcLib\Buffer.h(711): error C3646: 'AsAnsiString' : spécificateur de substitution inconnu (compil ation du fichier source C:\tools\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\build-x64\src\OrcLi b\OrcLib.vcxproj] C:\tools\dfir-orc\src\OrcLib\Buffer.h(711): error C2059: erreur de syntaxe : '(' (compilation du fichier source C:\tool s\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\build-x64\src\OrcLib\OrcLib.vcxproj] C:\tools\dfir-orc\src\OrcLib\Buffer.h(712): error C2334: jetons inattendus avant '{' ; corps apparent de la fonction ig noré (compilation du fichier source C:\tools\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\build-x 64\src\OrcLib\OrcLib.vcxproj] C:\tools\dfir-orc\src\OrcLib\Buffer.h(735): error C3646: 'AsUnicodeString' : spécificateur de substitution inconnu (com pilation du fichier source C:\tools\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\build-x64\src\Or cLib\OrcLib.vcxproj] C:\tools\dfir-orc\src\OrcLib\Buffer.h(735): error C2059: erreur de syntaxe : '(' (compilation du fichier source C:\tool s\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\build-x64\src\OrcLib\OrcLib.vcxproj] C:\tools\dfir-orc\src\OrcLib\Buffer.h(736): error C2334: jetons inattendus avant '{' ; corps apparent de la fonction ig noré (compilation du fichier source C:\tools\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\build-x 64\src\OrcLib\OrcLib.vcxproj] C:\tools\dfir-orc\src\OrcLib\Buffer.h(773): error C2061: erreur de syntaxe : identificateur 'allocator' (compilation du fichier source C:\tools\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\build-x64\src\OrcLib\OrcLib .vcxproj] C:\tools\dfir-orc\src\OrcLib\Buffer.h(774): error C2653: 'allocator_type' : n'est pas un nom de classe ni d'espace de n oms (compilation du fichier source C:\tools\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\build-x6 4\src\OrcLib\OrcLib.vcxproj] C:\tools\dfir-orc\src\OrcLib\Buffer.h(774): fatal error C1003: le nombre d'erreurs est supérieur à 100 ; arrêt de la co mpilation (compilation du fichier source C:\tools\dfir-orc\src\OrcLib\EmbeddedResource_Embed.cpp) [C:\tools\dfir-orc\bu ild-x64\src\OrcLib\OrcLib.vcxproj] Privilege.cpp C:\tools\dfir-orc\src\OrcLib\EmbeddedResource_Extract.cpp(36): error C2039: 'experimental' : n'est pas membre de 'std' [C:\tools\dfir-orc\build-x64\src\OrcLib\OrcLib.vcxproj] C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\VC\Tools\MSVC\14.23.28105\include\cstdarg(17): note: v oir la déclaration de 'std' C:\tools\dfir-orc\src\OrcLib\EmbeddedResource_Extract.cpp(36): error C3083: 'experimental' : le symbole situé à gauche de '::' doit être un type [C:\tools\dfir-orc\build-x64\src\OrcLib\OrcLib.vcxproj] Robustness.cpp SecurityDescriptor.cpp SystemDetails.cpp WMIUtil.cpp Unicode.cpp Unicode_XmlComment.cpp Unicode_XmlElement.cpp C:\tools\dfir-orc\src\OrcLib\SystemDetails.cpp(23): error C2039: 'experimental' : n'est pas membre de 'std' [C:\tools\d fir-orc\build-x64\src\OrcLib\OrcLib.vcxproj] C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\VC\Tools\MSVC\14.23.28105\include\filesystem(30): note : voir la déclaration de 'std' C:\tools\dfir-orc\src\OrcLib\SystemDetails.cpp(23): error C3083: 'experimental' : le symbole situé à gauche de '::' doi t être un type [C:\tools\dfir-orc\build-x64\src\OrcLib\OrcLib.vcxproj] Unicode_XmlPair.cpp Unicode_XmlString.cpp WideAnsi.cpp UnitTestHelper.cpp C:\tools\dfir-orc\src\OrcLib\UnitTestHelper.cpp(31): error C2039: 'experimental' : n'est pas membre de 'std' [C:\tools\ dfir-orc\build-x64\src\OrcLib\OrcLib.vcxproj] C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\VC\Tools\MSVC\14.23.28105\include\sstream(16): note: v oir la déclaration de 'std' C:\tools\dfir-orc\src\OrcLib\UnitTestHelper.cpp(31): error C3083: 'experimental' : le symbole situé à gauche de '::' do it être un type [C:\tools\dfir-orc\build-x64\src\OrcLib\OrcLib.vcxproj]

chauchse commented 5 years ago

Hi,

Effectively, VS is in version 16.3

Le mer. 25 sept. 2019 à 21:41, Jean Gautier notifications@github.com a écrit :

Hi 👋 The error message seems similar to the issues we've been chasing with VS2019 16.3. Can you please confirm your version of Visual Studio you have installed? We have a known issue with 16.3 (recently documented in the Readme). We have a fix that is being verified for regressions. If all goes well, we will be able to release it before EOW. Thank you for your understanding, Jean

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/DFIR-ORC/dfir-orc/issues/2?email_source=notifications&email_token=AEHNXNHKO3DMCAPHWWPO73DQLO5GZA5CNFSM4I2EJXH2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7TDHOQ#issuecomment-535180218, or mute the thread https://github.com/notifications/unsubscribe-auth/AEHNXNHZGOT6LISD2VZRCGTQLO5GZANCNFSM4I2EJXHQ .

chauchse commented 5 years ago

For information, the problem is present only on x64 version. x86 version has been compiled without problems

jgautier-anssi commented 5 years ago

We have pushed a commit today that should allow DFIR ORC to be compiled with VS 2019 16.3. Thank you for your interest in DFIR ORC and let us know if all issues are solved on your side.

jgautier-anssi commented 5 years ago

Hi chauchse,

Without any news from you, I will consider this issue is now resolved and will proceed with its closure.

Thank you very much for your feedback!

Jean

chauchse commented 5 years ago

Dear,

I tried again to compile x64 version with a new pull of sources. I still have errors :

`Microsoft Windows [version 10.0.18362.388] (c) 2019 Microsoft Corporation. Tous droits réservés.

C:\tools\dfir-orc3>git clone https://github.com/DFIR-ORC/dfir-orc.git Cloning into 'dfir-orc'... remote: Enumerating objects: 6052, done. remote: Counting objects: 100% (6052/6052), done. remote: Compressing objects: 100% (5408/5408), done. remote: Total 6052 (delta 623), reused 6023 (delta 607), pack-reused 0 Receiving objects: 100% (6052/6052), 18.01 MiB | 457.00 KiB/s, done. Resolving deltas: 100% (623/623), done. Checking connectivity... done. Checking out files: 100% (4761/4761), done.

C:\tools\dfir-orc3>cd dfir-orc

C:\tools\dfir-orc3\dfir-orc>cd external/vcpkg

C:\tools\dfir-orc3\dfir-orc\external\vcpkg>bootstrap-vcpkg.bat **& : Impossible de charger le fichier C:\tools\dfir-orc3\dfir-orc\external\vcpkg\scripts\bootstrap.ps1. Le fichier C:\tools\dfir-orc3\dfir-orc\external\vcpkg\scripts\bootstrap.ps1 n’est pas signé numériquement. Vous ne pouvez pas exécuter ce script sur le système actuel. Pour plus d’informations sur l’exécution de scripts et la définition de stratégies d’exécution, voir la rubrique about_Execution_Policies à l’adresse https://go.microsoft.com/fwlink/?LinkID=135170. Au caractère Ligne:1 : 6

C:\tools\dfir-orc3\dfir-orc\external\vcpkg>vcpkg --vcpkg-root . install fmt:x64-windows-static ...

C:\tools\dfir-orc3\dfir-orc\external\vcpkg>bootstrap-vcpkg.bat

Building vcpkg.exe ...

pch.cpp archives.cpp checks.cpp chrono.cpp cofffilereader.cpp downloads.cpp enums.cpp files.cpp hash.cpp machinetype.cpp strings.cpp stringview.cpp system.cpp system.print.cpp binaryparagraph.cpp build.cpp commands.autocomplete.cpp commands.buildexternal.cpp commands.cache.cpp commands.ci.cpp commands.contact.cpp commands.cpp commands.create.cpp commands.dependinfo.cpp commands.edit.cpp commands.env.cpp commands.exportifw.cpp commands.import.cpp commands.integrate.cpp commands.list.cpp commands.owns.cpp commands.portsdiff.cpp commands.search.cpp commands.upgrade.cpp commands.version.cpp commands.xvsinstances.cpp dependencies.cpp export.cpp globalstate.cpp help.cpp input.cpp install.cpp logicexpression.cpp metrics.cpp packagespec.cpp packagespecparseresult.cpp paragraphparseresult.cpp paragraphs.cpp parse.cpp postbuildlint.buildtype.cpp postbuildlint.cpp remove.cpp sourceparagraph.cpp statusparagraph.cpp statusparagraphs.cpp tools.cpp triplet.cpp update.cpp userconfig.cpp vcpkgcmdarguments.cpp vcpkglib.cpp vcpkgpaths.cpp versiont.cpp visualstudio.cpp vcpkglib.vcxproj -> C:\tools\dfir-orc3\dfir-orc\external\vcpkg\toolsrc\msbuild.x86.release\vcpkglib.l ib vcpkg.cpp GÚnÚration de code en cours Previous IPDB not found, fall back to full compilation. All 14598 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. Fin de la gÚnÚration du code vcpkg.vcxproj -> C:\tools\dfir-orc3\dfir-orc\external\vcpkg\toolsrc\msbuild.x86.release\vcpkg.exe vcpkgmetricsuploader.cpp GÚnÚration de code en cours Previous IPDB not found, fall back to full compilation. All 5084 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. Fin de la gÚnÚration du code vcpkgmetricsuploader.vcxproj -> C:\tools\dfir-orc3\dfir-orc\external\vcpkg\toolsrc\msbuild.x86.releas e\vcpkgmetricsuploader.exe

Building vcpkg.exe... done.

C:\tools\dfir-orc3\dfir-orc\external\vcpkg> C:\tools\dfir-orc3\dfir-orc\external\vcpkg> C:\tools\dfir-orc3\dfir-orc\external\vcpkg>vcpkg --vcpkg-root . install fmt:x64-windows-static ... Failed at [C:\tools\dfir-orc3\dfir-orc\external\vcpkg\toolsrc\src\vcpkg\packagespec.cpp(82)] with message: Contains invalid characters. Only alphanumeric lowercase ASCII characters and dashes are allowed

C:\tools\dfir-orc3\dfir-orc\external\vcpkg>cd ..

C:\tools\dfir-orc3\dfir-orc\external>cd ..

C:\tools\dfir-orc3\dfir-orc>mkdir build-x86 build-x64

C:\tools\dfir-orc3\dfir-orc>cd ../build-x64 Le chemin d’accès spécifié est introuvable.

C:\tools\dfir-orc3\dfir-orc>"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe" -G "Visual Studio 16 2019" -A x64 -T v141_xp -DORC_BUILD_VCPKG=ON .. CMake Error: The source directory "C:/tools/dfir-orc3" does not appear to contain CMakeLists.txt. Specify --help for usage, or press the help button on the CMake GUI.

C:\tools\dfir-orc3\dfir-orc>cd build-x64

C:\tools\dfir-orc3\dfir-orc\build-x64>"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe" -G "Visual Studio 16 2019" -A x64 -T v141_xp -DORC_BUILD_VCPKG=ON .. -- Using vcpkg: C:/tools/dfir-orc3/dfir-orc/external/vcpkg/vcpkg.exe -- Install dependencies with: "C:/tools/dfir-orc3/dfir-orc/external/vcpkg\vcpkg.exe" --vcpkg-root "C:/tools/dfir-orc3/dfir-orc/external/vcpkg" install 7zip:x64-windows-static boost-algorithm:x64-windows-static boost-dynamic-bitset:x64-windows-static boost-format:x64-windows-static boost-logic:x64-windows-static boost-multi-index:x64-windows-static boost-scope-exit:x64-windows-static fmt:x64-windows-static tlsh:x64-windows-static yara:x64-windows-static cli11:x64-windows-static spdlog:x64-windows-static

The following packages will be built and installed: 7zip[core]:x64-windows-static boost-algorithm[core]:x64-windows-static

Total elapsed time: 7.097 h

The package 7zip:x64-windows-static provides CMake targets:

find_package(7zip CONFIG REQUIRED)
target_link_libraries(main PRIVATE 7zip::7zip 7zip::extras)

The package fmt:x64-windows-static provides CMake targets:

find_package(fmt CONFIG REQUIRED)
target_link_libraries(main PRIVATE fmt::fmt fmt::fmt-header-only)

The package tlsh:x64-windows-static provides CMake targets:

find_package(tlsh CONFIG REQUIRED)
target_link_libraries(main PRIVATE tlsh::tlsh tlsh::winfunc)

The package cli11:x64-windows-static provides CMake targets:

find_package(CLI11 CONFIG REQUIRED)
target_link_libraries(main PRIVATE CLI11::CLI11)

The package spdlog:x64-windows-static provides CMake targets:

find_package(spdlog CONFIG REQUIRED)
target_link_libraries(main PRIVATE spdlog::spdlog)

-- The C compiler identification is MSVC 19.16.27031.1 -- The CXX compiler identification is MSVC 19.16.27031.1 -- The ASM_MASM compiler identification is MSVC -- Found assembler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.16.27023/bin/HostX64/x64/ml64.exe -- Check for working C compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.16.27023/bin/HostX64/x64/cl.exe -- Check for working C compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.16.27023/bin/HostX64/x64/cl.exe -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Detecting C compile features -- Detecting C compile features - done -- Check for working CXX compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.16.27023/bin/HostX64/x64/cl.exe -- Check for working CXX compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.16.27023/bin/HostX64/x64/cl.exe -- works -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Detecting CXX compile features -- Detecting CXX compile features - done -- Found Boost: C:/tools/dfir-orc3/dfir-orc/external/vcpkg/installed/x64-windows-static/include (found version "1.70.0") -- Found VisualStudio: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community -- Found OpenSSL: C:/tools/dfir-orc3/dfir-orc/external/vcpkg/installed/x64-windows-static/debug/lib/libeay32.lib (found version "1.0.2s") -- Configuring done -- Generating done -- Build files have been written to: C:/tools/dfir-orc3/dfir-orc/build-x64

C:\tools\dfir-orc3\dfir-orc\build-x64>dir Le volume dans le lecteur C s’appelle Windows Le numéro de série du volume est 94AC-BBA5

Répertoire de C:\tools\dfir-orc3\dfir-orc\build-x64

09/10/2019 03:27

. 09/10/2019 03:27 .. 09/10/2019 03:27 78 662 ALL_BUILD.vcxproj 09/10/2019 03:27 282 ALL_BUILD.vcxproj.filters 09/10/2019 03:27 21 326 CMakeCache.txt 09/10/2019 03:27 CMakeFiles 09/10/2019 03:27 1 772 cmake_install.cmake 09/10/2019 03:27 9 065 Orc.sln 09/10/2019 03:27 src 09/10/2019 03:27 tests 09/10/2019 03:27 tools 09/10/2019 03:27 94 880 ZERO_CHECK.vcxproj 09/10/2019 03:27 529 ZERO_CHECK.vcxproj.filters 7 fichier(s) 206 516 octets 6 Rép(s) 15 706 353 664 octets libres

C:\tools\dfir-orc3\dfir-orc\build-x64>"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe" --build . --config MinSizeRel -- -maxcpucount Microsoft (R) Build Engine version 16.3.0+0f4c62fea pour .NET Framework Copyright (C) Microsoft Corporation. Tous droits réservés.

C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v150\Platfo rms\x64\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: La prise en charge du ciblage de Windows XP est dépréciée et sera absente des futures versions de Visual Studio. Po ur plus d'informations, consultez https://go.microsoft.com/fwlink/?linkid=2023588. [C:\tools\d fir-orc3\dfir-orc\build-x64\ZERO_CHECK.vcxproj] Checking Build System C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v150\Platfo rms\x64\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: La prise en charge du ciblage de Windows XP est dépréciée et sera absente des futures versions de Visual Studio. Po ur plus d'informations, consultez https://go.microsoft.com/fwlink/?linkid=2023588. [C:\tools\d fir-orc3\dfir-orc\build-x64\src\OrcLib\OrcLib.vcxproj] C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v150\Platfo rms\x64\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: La prise en charge du ciblage de Windows XP est dépréciée et sera absente des futures versions de Visual Studio. Po ur plus d'informations, consultez https://go.microsoft.com/fwlink/?linkid=2023588. [C:\tools\d fir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] Building Custom Rule C:/tools/dfir-orc3/dfir-orc/src/OrcLib/CMakeLists.txt Building Custom Rule C:/tools/dfir-orc3/dfir-orc/tools/rcedit/CMakeLists.txt stdafx.cpp main.cpp CommandAgent.cpp CommandAgentResources.cpp CommandExecute.cpp CommandMessage.cpp CommandNotification.cpp DbgHelpLibrary.cpp DebugAgent.cpp validators.cpp ProcessRedirect.cpp ConfigFile.cpp ConfigFile_Common.cpp cmd_list.cpp ConfigFileReader.cpp ConfigFileWriter.cpp ConfigItem.cpp Partition.cpp PartitionTable.cpp FileInfo.cpp PEInfo.cpp FatFileEntry.cpp FatFileInfo.cpp FatFileInfo_ColumnDef.cpp FatWalker.cpp FileFind.cpp resources.cpp NTFSCompression.cpp MFTRecordFileInfo.cpp NtfsFileInfo.cpp NtfsFileInfo_ColumnDef.cpp cmd_extract.cpp USNRecordFileInfo.cpp MFTOffline.cpp MFTOnline.cpp MFTUtils.cpp MFTWalker.cpp AttributeList.cpp MFTRecord.cpp MftRecordAttribute.cpp USNJournalWalker.cpp USNJournalWalkerBase.cpp USNJournalWalkerOffline.cpp Location.cpp LocationSet.cpp cmd_set.cpp CompleteVolumeReader.cpp DiskExtent.cpp EnumDisk.cpp ImageReader.cpp InterfaceReader.cpp MountedVolumeReader.cpp OfflineMFTReader.cpp PhysicalDiskReader.cpp SnapshotVolumeReader.cpp SystemStorageReader.cpp VHDVolumeReader.cpp archive_update_callback.cpp VolumeReader.cpp VolumeShadowCopies.cpp VssAPIExtension.cpp XmlLiteExtension.cpp COMExtension.cpp CompressAPIExtension.cpp EvtLibrary.cpp ExtensionLibrary.cpp Kernel32Extension.cpp NtDllExtension.cpp YaraStaticExtension.cpp YaraScanner.cpp OutputWriter.cpp Archive.cpp ArchiveAgent.cpp ArchiveCreate.cpp ArchiveExtract.cpp compress_7z.cpp ArchiveMessage.cpp ArchiveNotification.cpp CabCreate.cpp CabExtract.cpp ArchiveExtractCallback.cpp ArchiveOpenCallback.cpp ArchiveUpdateCallback.cpp GUIDs.cpp PropVariant.cpp ZipCreate.cpp ZipExtract.cpp ZipLibrary.cpp in_mem_stream.cpp ByteStream.cpp CryptoHashStream.cpp out_mem_stream.cpp FuzzyHashStream.cpp HashStream.cpp PasswordEncryptedStream.cpp XORStream.cpp FatStream.cpp iconv.cpp NTFSStream.cpp UncompressNTFSStream.cpp DecodeMessageStream.cpp EncodeMessageStream.cpp MessageStream.cpp FileMappingStream.cpp FileStream.cpp PipeStream.cpp ResourceStream.cpp AccumulatingStream.cpp ChainingStream.cpp DevNullStream.cpp JournalingStream.cpp MemoryStream.cpp MultiMemoryStream.cpp StringsStream.cpp init_guid.cpp TeeStream.cpp TemporaryStream.cpp Génération de code en cours... DiskChunkStream.cpp InByteStreamWrapper.cpp ISequentialStreamWrapper.cpp IStreamWrapper.cpp OutByteStreamWrapper.cpp BufferAgent.cpp ConcurrentStream.cpp HashTransform.cpp StreamAgent.cpp StreamMessage.cpp BITSDownloadTask.cpp DownloadTask.cpp FileCopyDownloadTask.cpp ImportAgent.cpp ImportDefinition.cpp ImportItem.cpp ImportMessage.cpp ImportNotification.cpp SqlImportAgent.cpp RobustStructuredWriter.cpp StructuredOutputWriter.cpp XmlOutputWriter.cpp BoundTableRecord.cpp TableOutputExtension.cpp TableOutputWriter.cpp CsvCruncher.cpp CsvFileReader.cpp CsvFileWriter.cpp CsvStream.cpp CsvToSql.cpp BITSAgent.cpp CopyFileAgent.cpp UploadAgent.cpp UploadMessage.cpp UploadNotification.cpp FileDirectory.cpp ObjectDirectory.cpp HiveQuery.cpp RegFind.cpp RegFindConfig.cpp RegistryWalker.cpp Authenticode.cpp 7zip.lib(7zUpdate.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C :\tools\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] 7zip.lib(FileDir.cpp.obj) : error LNK2001: symbole externe non rÚsolu __GSHandlerCheck_EH4 [C: \tools\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] fmt.lib(format.cc.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C:\to ols\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] 7zip.lib(Bcj2Coder.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [ C:\tools\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] 7zip.lib(7zIn.cpp.obj) : error LNK2001: symbole externe non rÚsolu __GSHandlerCheck_EH4 [C:\to ols\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] 7zip.lib(7zHandlerOut.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH 4 [C:\tools\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] 7zip.lib(7zOut.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C:\t ools\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] 7zip.lib(FileFind.cpp.obj) : error LNK2001: symbole externe non rÚsolu __GSHandlerCheck_EH4 [C :\tools\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] 7zip.lib(FileName.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C :\tools\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] 7zip.lib(ArchiveExports.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_ EH4 [C:\tools\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] 7zip.lib(7zHandler.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [ C:\tools\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] C:\tools\dfir-orc3\dfir-orc\build-x64\MinSizeRel\rcedit.exe : fatal error LNK1120: 1 externes non rÚsolus [C:\tools\dfir-orc3\dfir-orc\build-x64\tools\rcedit\rcedit.vcxproj] AutoRuns.cpp libpehash-peutils.cpp MSIExtension.cpp PSAPIExtension.cpp RunningCode.cpp RunningProcesses.cpp TaskTracker.cpp WinTrustExtension.cpp LogFileWriter.cpp OrcException.cpp BinaryBuffer.cpp OutputSpec.cpp ParameterCheck.cpp Temporary.cpp EmbeddedResource_Embed.cpp EmbeddedResource_Extract.cpp CryptoUtilities.cpp DriverMgmt.cpp JobObject.cpp Privilege.cpp Robustness.cpp SecurityDescriptor.cpp SystemDetails.cpp WMIUtil.cpp Unicode.cpp Unicode_XmlComment.cpp Unicode_XmlElement.cpp Unicode_XmlPair.cpp Unicode_XmlString.cpp WideAnsi.cpp UnitTestHelper.cpp OrcLib.vcxproj -> C:\tools\dfir-orc3\dfir-orc\build-x64\src\OrcLib\MinSizeRel\OrcLib.lib C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v150\Platfo rms\x64\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: La prise en charge du ciblage de Windows XP est dépréciée et sera absente des futures versions de Visual Studio. Po ur plus d'informations, consultez https://go.microsoft.com/fwlink/?linkid=2023588. [C:\tools\d fir-orc3\dfir-orc\build-x64\src\OrcCommand\OrcCommand.vcxproj] Building Custom Rule C:/tools/dfir-orc3/dfir-orc/src/OrcCommand/CMakeLists.txt stdafx.cpp FileInfoCommon.cpp UtilitiesMain.cpp UtilitiesMain_Config.cpp ConfigFile_DD.cpp DD_Config.cpp DD_Output.cpp DD_Run.cpp ConfigFile_EmptyTool.cpp EmptyTool_Config.cpp EmptyTool_Output.cpp EmptyTool_Run.cpp ConfigFile_FastFind.cpp FastFind_Config.cpp FastFind_Output.cpp FastFind_Run.cpp ConfigFile_FatInfo.cpp FatInfo_Config.cpp FatInfo_Output.cpp FatInfo_Run.cpp ConfigFile_GetComObjects.cpp GetComObjects_Config.cpp GetComObjects_Output.cpp GetComObjects_Run.cpp ConfigFile_GetSamples.cpp GetSamples_Config.cpp GetSamples_Output.cpp GetSamples_Run.cpp GetSectors_Config.cpp GetSectors_Output.cpp GetSectors_Run.cpp ConfigFile_GetThis.cpp GetThis_Config.cpp GetThis_Output.cpp GetThis_Run.cpp ConfigFile_ImportData.cpp ImportData_Config.cpp ImportData_Output.cpp ImportData_Run.cpp Mothership_Config.cpp Mothership_Output.cpp Mothership_Run.cpp ConfigFile_NTFSInfo.cpp NTFSInfo_Config.cpp NTFSInfo_Output.cpp NTFSInfo_Run.cpp NTFSUtil_Config.cpp NTFSUtil_Output.cpp NTFSUtil_Run.cpp ObjInfo_Config.cpp ObjInfo_Output.cpp ObjInfo_Run.cpp ConfigFile_RegInfo.cpp RegInfo_Config.cpp RegInfo_Output.cpp RegInfo_Run.cpp ConfigFile_ToolEmbed.cpp ToolEmbed_Config.cpp ToolEmbed_Output.cpp ToolEmbed_Run.cpp ConfigFile_USNInfo.cpp USNInfo_Config.cpp USNInfo_Output.cpp USNInfo_Run.cpp ConfigFile_OrcConfig.cpp ConfigFile_WOLFLauncher.cpp WolfExecution.cpp WolfExecution_Config.cpp WolfExecution_Execute.cpp WolfLauncher_Config.cpp WolfLauncher_Output.cpp WolfLauncher_Run.cpp WolfTask.cpp OrcCommand.vcxproj -> C:\tools\dfir-orc3\dfir-orc\build-x64\src\OrcCommand\MinSizeRel\OrcCom mand.lib C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v150\Platfo rms\x64\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: La prise en charge du ciblage de Windows XP est dépréciée et sera absente des futures versions de Visual Studio. Po ur plus d'informations, consultez https://go.microsoft.com/fwlink/?linkid=2023588. [C:\tools\d fir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v150\Platfo rms\x64\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: La prise en charge du ciblage de Windows XP est dépréciée et sera absente des futures versions de Visual Studio. Po ur plus d'informations, consultez https://go.microsoft.com/fwlink/?linkid=2023588. [C:\tools\d fir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] Building Custom Rule C:/tools/dfir-orc3/dfir-orc/src/Orc/CMakeLists.txt Building Custom Rule C:/tools/dfir-orc3/dfir-orc/src/FastFind/CMakeLists.txt stdafx.cpp stdafx.cpp Orc.cpp FastFind.cpp 7zip.lib(FileFind.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C :\tools\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] 7zip.lib(FileName.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C :\tools\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] 7zip.lib(7zHandlerOut.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH 4 [C:\tools\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] 7zip.lib(7zOut.cpp.obj) : error LNK2001: symbole externe non rÚsolu __GSHandlerCheck_EH4 [C:\t ools\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] 7zip.lib(7zUpdate.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C :\tools\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] 7zip.lib(FileDir.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C: \tools\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] 7zip.lib(ArchiveExports.cpp.obj) : error LNK2001: symbole externe non rÚsolu _GSHandlerCheck EH4 [C:\tools\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] 7zip.lib(7zHandler.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [ C:\tools\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] 7zip.lib(Bcj2Coder.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [ C:\tools\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] 7zip.lib(7zIn.cpp.obj) : error LNK2001: symbole externe non rÚsolu __GSHandlerCheck_EH4 [C:\to ols\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] C:\tools\dfir-orc3\dfir-orc\build-x64\MinSizeRel\FastFind.exe : fatal error LNK1120: 1 externe s non rÚsolus [C:\tools\dfir-orc3\dfir-orc\build-x64\src\FastFind\FastFind.vcxproj] 7zip.lib(FileFind.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C :\tools\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] 7zip.lib(FileName.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C :\tools\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] 7zip.lib(7zHandlerOut.cpp.obj) : error LNK2001: symbole externe non rÚsolu __GSHandlerCheck_EH 4 [C:\tools\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] 7zip.lib(7zOut.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C:\t ools\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] 7zip.lib(7zUpdate.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C :\tools\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] 7zip.lib(FileDir.cpp.obj) : error LNK2001: symbole externe non rÚsolu __GSHandlerCheck_EH4 [C: \tools\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] 7zip.lib(ArchiveExports.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_ EH4 [C:\tools\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] 7zip.lib(7zHandler.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [ C:\tools\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] 7zip.lib(Bcj2Coder.cpp.obj) : error LNK2001: symbole externe non rÚsolu __GSHandlerCheck_EH4 [ C:\tools\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] 7zip.lib(7zIn.cpp.obj) : error LNK2001: symbole externe non rÚsolu GSHandlerCheck_EH4 [C:\to ols\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj] C:\tools\dfir-orc3\dfir-orc\build-x64\MinSizeRel\DFIR-Orc_x64.exe : fatal error LNK1120: 1 ext ernes non rÚsolus [C:\tools\dfir-orc3\dfir-orc\build-x64\src\Orc\Orc.vcxproj]

`

fabienfl-orc commented 5 years ago

Hello,

As you are calling cmake with an absolute path, I understand you are not using a prompt with visual studio environment loaded.

Could you try from a prompt like Developer Command Prompt for VS 2019 (look winthin your start menu) ? You will also need to do this from a clean directory as vcpkg deps needs to be rebuilt.

Explanation I managed to reproduce your issue from cmd.exe. There was an issue with the SDK automatically chosen by vcpkg to build dependencies. The libraries were built on Windows SDK 10 but DFIR-Orc is restricted to Windows SDK 7.1 because of -T v141_xp option.