search

n4r1b / ferrisetw

Basically a KrabsETW rip-off written in Rust
Other
63 stars 20 forks source link

Support indirect property length (and maybe more, from a fork) #130

Open yirkha opened 3 months ago

yirkha commented 3 months ago

Hi, let me first thank you for making this crate, it allowed me to do what I needed to do. And it has mostly "just worked", which is always a pleasure!

But I hit some limitations as well, for example with the variable length "Address" properties of some events from the Microsoft.Windows.Winsock.AFD provider, because their length is stored indirectly in another property. And this is just a TODO in the code so far...

Luckily for me, I found there was a fork of ferrisetw (jxy-s) that already had this feature implemented, together with some extra serialization support and whatnot. So I just changed my Cargo.toml to reference that repo/branch instead of the published crate and carried on. Great.

But now I'd like to go further with my project and referencing dependencies from random Git repos is not really feasible, so I have a basic question for you, @n4r1b: How much time do you have for this project, would you be willing to work on adding/integrating this feature, release a new version at some point etc.?

Of course, usually it would be rather the author of the fork going back to the upstream with a PR. So a similar question to @jxy-s here, would you be interested in making some PRs to get your improvements merged upstream maybe?

And I know everybody's time is limited, so I could help with rebasing/cleaning/testing/publishing PRs too. I'd just like to discuss first before stepping on anybody's toes 🙂

Thank you

jxy-s commented 3 months ago

Feel free to cherry-pick any commits upstream if they're useful. Looks like my fork has diverged a bit, so there could be some conflicts to resolve.

n4r1b commented 2 months ago

Hi @yirkha, as you can see from the time it took me to answer back unfortunately nowadays I don't have much time for this project, but I'll gladly help resolving conflicts and helping with PRs and testing. So if you want to do as @jxy-s suggested and cherry-pick the commits you need I can later take a look and help with solving problems in the PR :)

yirkha commented 2 months ago

Okay, thanks for your blessing, @jxy-s, and no worries at all, @n4r1b, I think we all know how it goes - guess why I haven't touched any of this further myself either in the meantime ;-) I'll revisit Johnny's changes one of these days, try to rebase, test and make some PR(s)