tehmas
commented
7 years ago I'll look into it.
Closed muffins closed 6 years ago
tehmas
commented
7 years ago I'll look into it.
muffins
commented
7 years ago @tehmas did you have any luck with this?
tehmas
commented
7 years ago Nope
muffins
commented
7 years ago I tore into this tonight, and found that I would be able to get python extensions working on Windows, however we do not have a python implementation of this Thrift library. Basically, as osquery on Windows leverages named pipes for communication with extensions, we require that python find some method to communicate via Windows named pipes. This is possible using the win32pipe module in the Python win32 API bindings, however we still need to wrap this pipe communication in a TBufferedTransport in order to speak thrift to the daemon.
I'm going to spend some time gauging how do-able it'd be to generate the TPipe class in python from the C++ example provided, as well as the TSocket python class already written in python, but I'm not sure how long that'll take.
marpaia
commented
7 years ago Nice digging, @poppyseedplehzr!
muffins
commented
6 years ago This was resolved with #48
I haven't had too much time to triage this, but it seems that just running the generic python extension in Windows fails. osqueryi is creating the pipe correctly, as it shows up in sysinternals, however upon running
python .\my_ext.py --socket \\.\pipe\shell.em, the code immediate returns. I haven't been able to trigger higher levels of verbosity, but again I haven't spent a large amount of time triaging this.