search

Sysinternals / SysmonForLinux

MIT License
1.72k stars 182 forks source link

Compilation fails in Ubuntu 21.10 Impish on a Raspberry Pi 4 #44

Closed vicosurge closed 2 years ago

vicosurge commented 2 years ago

The following is happening in Ubuntu 21.10 Impish on a Raspberry Pi 4, I have completed the previous steps and everything works find for the previous library that must be compiled, it is with Sysmon that this breaks with the following message:

[  1%] Extracting sysmonmsg.mc.utf16
[  2%] Extracting sysmonmsgop.man.utf16
[  3%] Converting sysmonmsgop.man.utf16 to UTF8
[  4%] Extracting sysmonmsgop.c from sysmonmsgop.man
[  5%] Extracting sysmonevents.h.utf16
Warning skip check of User due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of User due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of User due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of User due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of CommandLine due to misalignment
Warning skip check of CurrentDirectory due to misalignment
Warning skip check of User due to misalignment
Warning skip check of LogonGuid due to misalignment
Warning skip check of LogonId due to misalignment
Warning skip check of TerminalSessionId due to misalignment
Warning skip check of IntegrityLevel due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of ParentProcessGuid due to misalignment
Warning skip check of ParentProcessId due to misalignment
Warning skip check of ParentImage due to misalignment
Warning skip check of ParentCommandLine due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Signed due to misalignment
Warning skip check of Signature due to misalignment
Warning skip check of SignatureStatus due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of CommandLine due to misalignment
Warning skip check of CurrentDirectory due to misalignment
Warning skip check of User due to misalignment
Warning skip check of LogonGuid due to misalignment
Warning skip check of LogonId due to misalignment
Warning skip check of TerminalSessionId due to misalignment
Warning skip check of IntegrityLevel due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of ParentProcessGuid due to misalignment
Warning skip check of ParentProcessId due to misalignment
Warning skip check of ParentImage due to misalignment
Warning skip check of ParentCommandLine due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Signed due to misalignment
Warning skip check of Signature due to misalignment
Warning skip check of SignatureStatus due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of FileVersion due to misalignment
Warning skip check of Description due to misalignment
Warning skip check of Product due to misalignment
Warning skip check of Company due to misalignment
Warning skip check of CommandLine due to misalignment
Warning skip check of CurrentDirectory due to misalignment
Warning skip check of User due to misalignment
Warning skip check of LogonGuid due to misalignment
Warning skip check of LogonId due to misalignment
Warning skip check of TerminalSessionId due to misalignment
Warning skip check of IntegrityLevel due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of ParentProcessGuid due to misalignment
Warning skip check of ParentProcessId due to misalignment
Warning skip check of ParentImage due to misalignment
Warning skip check of ParentCommandLine due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of CreationUtcTime due to misalignment
Warning skip check of PreviousCreationUtcTime due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of User due to misalignment
Warning skip check of Protocol due to misalignment
Warning skip check of Initiated due to misalignment
Warning skip check of SourceIsIpv6 due to misalignment
Warning skip check of SourceIp due to misalignment
Warning skip check of SourceHostname due to misalignment
Warning skip check of SourcePort due to misalignment
Warning skip check of SourcePortName due to misalignment
Warning skip check of DestinationIsIpv6 due to misalignment
Warning skip check of DestinationIp due to misalignment
Warning skip check of DestinationHostname due to misalignment
Warning skip check of DestinationPort due to misalignment
Warning skip check of DestinationPortName due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ImageLoaded due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Signed due to misalignment
Warning skip check of Signature due to misalignment
Warning skip check of SignatureStatus due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of ImageLoaded due to misalignment
Warning skip check of FileVersion due to misalignment
Warning skip check of Description due to misalignment
Warning skip check of Product due to misalignment
Warning skip check of Company due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Signed due to misalignment
Warning skip check of Signature due to misalignment
Warning skip check of SignatureStatus due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of SourceProcessGuid due to misalignment
Warning skip check of SourceProcessId due to misalignment
Warning skip check of SourceImage due to misalignment
Warning skip check of TargetProcessGuid due to misalignment
Warning skip check of TargetProcessId due to misalignment
Warning skip check of TargetImage due to misalignment
Warning skip check of NewThreadId due to misalignment
Warning skip check of StartAddress due to misalignment
Warning skip check of StartModule due to misalignment
Warning skip check of StartFunction due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of Device due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of SourceProcessGUID due to misalignment
Warning skip check of SourceProcessId due to misalignment
Warning skip check of SourceThreadId due to misalignment
Warning skip check of SourceImage due to misalignment
Warning skip check of TargetProcessGUID due to misalignment
Warning skip check of TargetProcessId due to misalignment
Warning skip check of TargetImage due to misalignment
Warning skip check of GrantedAccess due to misalignment
Warning skip check of CallTrace due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of CreationUtcTime due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetObject due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetObject due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetObject due to misalignment
Warning skip check of NewName due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of CreationUtcTime due to misalignment
Warning skip check of Hash due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of Operation due to misalignment
Warning skip check of User due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of Operation due to misalignment
Warning skip check of User due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of Operation due to misalignment
Warning skip check of User due to misalignment
Warning skip check of Consumer due to misalignment
Warning skip check of Filter due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of Session due to misalignment
Warning skip check of ClientInfo due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Archived due to misalignment
[  6%] Converting sysmonevents.h.utf16 to UTF8
[  7%] Converting sysmonmsg.mc.utf16 to UTF8
[  8%] Extracting sysmonmsg.h from sysmonmsg.mc
[  9%] Extracting sysmonmsgop.h from sysmonmsgop.man
Scanning dependencies of target sysmonLogView
[ 10%] Building CXX object CMakeFiles/sysmonLogView.dir/sysmonLogView/sysmonLogView.cpp.o
[ 11%] Building C object CMakeFiles/sysmonLogView.dir/sysmonLogView/sysmonGetEventName.c.o
[ 12%] Building C object CMakeFiles/sysmonLogView.dir/sysmonmsgop.c.o
[ 13%] Linking CXX executable sysmonLogView
[ 13%] Built target sysmonLogView
[ 13%] Built target sysmonEBPFkern5.3-5.5
[ 15%] Building C object CMakeFiles/checkEBPFsizes.dir/checkEBPFsizes/checkEBPFsizes.c.o
[ 16%] Linking C executable checkEBPFsizes
[ 16%] Built target checkEBPFsizes
[ 17%] Building C object CMakeFiles/mysleep.dir/test/mysleep.c.o
[ 18%] Linking C executable mysleep
[ 18%] Built target mysleep
[ 19%] Packing manifest.xml into manifest.xml.o
[ 20%] Building EBPF object sysmonEBPFkern4.15.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern4.15.c:36:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_tp.c:35:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 21%] Packing sysmonEBPFkern4.15.o into sysmonEBPFkern4.15.o.o
[ 22%] Building EBPF object sysmonEBPFkern4.16.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern4.16.c:36:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_tp.c:35:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 23%] Packing sysmonEBPFkern4.16.o into sysmonEBPFkern4.16.o.o
[ 24%] Building EBPF object sysmonEBPFkern4.17-5.1.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern4.17-5.1.c:36:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_rawtp.c:31:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 25%] Packing sysmonEBPFkern4.17-5.1.o into sysmonEBPFkern4.17-5.1.o.o
[ 26%] Building EBPF object sysmonEBPFkern5.2.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern5.2.c:35:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_rawtp.c:31:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 27%] Packing sysmonEBPFkern5.2.o into sysmonEBPFkern5.2.o.o
[ 29%] Building EBPF object sysmonEBPFkern5.3-5.5.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern5.3-5.5.c:33:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_rawtp.c:31:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 30%] Packing sysmonEBPFkern5.3-5.5.o into sysmonEBPFkern5.3-5.5.o.o
[ 31%] Building EBPF object sysmonEBPFkern5.6-.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern5.6-.c:33:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_rawtp.c:31:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 32%] Packing sysmonEBPFkern5.6-.o into sysmonEBPFkern5.6-.o.o
[ 33%] Packing sysmonLogView into sysmonLogView.o
[ 34%] Copying sysmon.d
[ 35%] Packing sysmon.d into sysmon.d.o
[ 36%] Copying sysmon.service
[ 37%] Packing sysmon.service into sysmon.service.o
[ 38%] Checking sysmonEBPFkern4.15.o

eBPF Program Sizes: (max 4096)

[ 39%] Checking sysmonEBPFkern4.16.o

eBPF Program Sizes: (max 4096)

[ 40%] Checking sysmonEBPFkern4.17-5.1.o

eBPF Program Sizes: (max 4096)

[ 41%] Checking sysmonEBPFkern5.2.o

eBPF Program Sizes: (max 32768)

[ 43%] Checking sysmonEBPFkern5.3-5.5.o

eBPF Program Sizes: (max 32768)

[ 44%] Checking sysmonEBPFkern5.6-.o

eBPF Program Sizes: (max 32768)

Scanning dependencies of target sysmon
[ 45%] Building C object CMakeFiles/sysmon.dir/sysmonforlinux.c.o
/root/SysmonForLinux/sysmonforlinux.c:100:6: error: ‘__NR_creat’ undeclared here (not in a function)
  100 |     {__NR_creat, "sysmon/FileCreate/exit"},
      |      ^~~~~~~~~~
/root/SysmonForLinux/sysmonforlinux.c:101:6: error: ‘__NR_open’ undeclared here (not in a function)
  101 |     {__NR_open, "sysmon/FileOpen/exit"},
      |      ^~~~~~~~~
/root/SysmonForLinux/sysmonforlinux.c:103:6: error: ‘__NR_unlink’ undeclared here (not in a function)
  103 |     {__NR_unlink, "sysmon/FileDelete/exit"},
      |      ^~~~~~~~~~~
make[2]: *** [CMakeFiles/sysmon.dir/build.make:520: CMakeFiles/sysmon.dir/sysmonforlinux.c.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:252: CMakeFiles/sysmon.dir/all] Error 2
make: *** [Makefile:103: all] Error 2
kesheldr commented 2 years ago

Sysmon is only supported on x64 currently.