search

rabbitstack / fibratus

Adversary tradecraft detection, protection, and hunting
https://www.fibratus.io
Other
2.2k stars 189 forks source link

Nuitka compiler error #1

Closed fuuddanni closed 8 years ago

fuuddanni commented 8 years ago

When compiling with nuitka a get an error (What sould i do?): Thxs for reply:

E:\Python27\libs/libpython27.a(dmmes01026.o):(.idata$7+0x0): undefined reference to `_head_C__build27_cpython_PCBuild_libpython27_a'

E:\Python27\libs/libpython27.a(dmmes00712.o):(.idata$7+0x0): undefined reference to `_head_C__build27_cpython_PCBuild_libpython27_a'

E:\Python27\libs/libpython27.a(dmmes00245.o):(.idata$7+0x0): undefined reference to `_head_C__build27_cpython_PCBuild_libpython27_a'

E:\Python27\libs/libpython27.a(dmmes00236.o):(.idata$7+0x0): undefined reference to `_head_C__build27_cpython_PCBuild_libpython27_a'

E:\Python27\libs/libpython27.a(dmmes00648.o):(.idata$7+0x0): undefined reference to `_head_C__build27_cpython_PCBuild_libpython27_a'

E:\Python27\libs/libpython27.a(dmmes00343.o):(.idata$7+0x0): more undefined references to `_head_C__build27_cpython_PCBuild_libpython27_a' follow

collect2: ld returned 1 exit status

g++: unrecognized option '-static-libstdc++'

rabbitstack commented 8 years ago

Can you post the full nuitka command invocation? Please make sure you meet the following requirements:

fuuddanni commented 8 years ago

Thxs for your answer. I´m compiling as following: nuitka --recurse-all --standalone --output-dir=E:\Github\Fibratus\fibratus\compile --verbose cli.py > compilererror.txt

gcc --version: gcc (GCC) 4.4.7 20111023 (prerelease) [svn/rev.180339 - mingw-w64/oz] Copyright (C) 2010 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. (Think it is included in Home Page | Ligthweight cygwin)

But i don´t have Python3.4 installed on system. Can you recommend some best practice installing python3.4 parallel to 2.7?

2016-05-26 10:51 GMT+02:00 Nedim Šabić notifications@github.com:

Can you post the full nuitka command invocation? Please make sure you meet the following requirements:

  • C++ compiler (ships with Visual Studio)
  • Python 2.7 (required by nuitka)
  • Python 3.4 (required by fibratus)

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/rabbitstack/fibratus/issues/1#issuecomment-221814142

rabbitstack commented 8 years ago

I would try to compile using the Visual C++ compiler (comes with Visual Studio 2012+). I often use a separate MSI installer for every Python version, and that works for me. You can try with pyenv too. https://github.com/yyuu/pyenv

rabbitstack commented 8 years ago

Shipping Fibratus with portable installlers here.

fuuddanni commented 8 years ago

Thank you, but the portable installer also doesn´t work for me.

2016-05-28 20:54 GMT+02:00 Nedim Šabić notifications@github.com:

Shipping Fibratus with portable installlers here https://github.com/rabbitstack/fibratus/releases.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rabbitstack/fibratus/issues/1#issuecomment-222324097, or mute the thread https://github.com/notifications/unsubscribe/AGBRTTLn3kikU6L8d0jRge2_rXCWSGJ7ks5qGI9lgaJpZM4InTn_ .

rabbitstack commented 8 years ago

Can you provide more details about the error? Which version of Windows are you running?

fuuddanni commented 8 years ago

Yes for sure: <?xml version="1.0" encoding="UTF-16"?>

6.1 7601 Service Pack 1 (0x1): Windows 7 Ultimate Ultimate 7601.23418.amd64fre.win7sp1_ldr.160408-2045 1130 Multiprocessor Free X64 1031 4368 C:\Windows\explorer.exe C:\Windows\Explorer.EXE APPCRASH fibratus.exe 0.0.0.0 5749a806 python34.dll 3.4.3150.1013 54ecf0c8 c0000005 0000000000102854 6.1.7601.2.1.0.256.1 1031 8026 80262724487bae400e6e580a1315696c b35e b35e3c9419b4e92e7efe936b710916f2 76915B81-2FB5-4B66-939B-28151B66D162 MSI MS-7758 V2.13B3

AND: <?xml version="1.0" encoding="UTF-16"?>

Here are my specs: Betriebssystemname: Microsoft Windows 7 Ultimate Betriebssystemversion: 6.1.7601 Service Pack 1 Build 7601 Betriebssystemhersteller: Microsoft Corporation Betriebssystemkonfiguration: Eigenständige Arbeitsstation Betriebssystem-Buildtyp: Multiprocessor Free Systemhersteller: MSI Systemmodell: MS-7758 Systemtyp: x64-based PC Prozessor(en): 1 Prozessor(en) installiert. [01]: Intel64 Family 6 Model 58 Stepping 9 GenuineIntel ~2788 MHz BIOS-Version: American Megatrends Inc. V2.13B3, 11.06.2012 Gesamter physikalischer Speicher: 16.338 MB

C:\Users\Besitzer>set ALLUSERSPROFILE=C:\ProgramData AMDAPPSDKROOT=C:\Program Files (x86)\AMD APP\ ANDROID_NDK_PATH=C:\Users\Besitzer\Documents\Android\ndk\android-ndk-r10e APPDATA=C:\Users\Besitzer\AppData\Roaming BONJOUR_SDK_HOME=E:\Bonjour SDK\ CLASSPATH=E:\Java8\jdk\bin\tools.jar; CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=WATSON ComSpec=C:\Windows\system32\cmd.exe ConEmuANSI=ON ConEmuAnsiLog= ConEmuArgs= ConEmuBackHWND=0x000203A0 ConEmuBaseDir=E:\PentestBox\PentestBox\vendor\conemu-maximus5\ConEmu ConEmuBuild=140707 ConEmuConfig= ConEmuDir=E:\PentestBox\PentestBox\vendor\conemu-maximus5 ConEmuDrawHWND=0x00020364 ConEmuDrive=E: ConEmuHooks=Enabled ConEmuHWND=0x0006026C ConEmuPID=5304 ConEmuServerPID=7672 ConEmuWorkDir=C:\Users\Besitzer ConEmuWorkDrive=C: Corona SDK=E:\Corona SDK\Corona Simulator.exe Devmgr_show_nonpresent_devices=1 EDITOR=~/AppData/Roaming/GitPad/GitPad.exe FP_NO_HOST_CHECK=NO GOROOT=E:\Go\ GTK_BASEPATH=C:\Program Files (x86)\GtkSharp\2.12\ HAXEPATH=E:\HaxeToolkit\haxe\ HOMEDRIVE=C: HOMEPATH=\Users\Besitzer JAVA_HOME=E:\Java8\jdk\lib LOCALAPPDATA=C:\Users\Besitzer\AppData\Local LOGONSERVER=\WATSON MOZ_PLUGIN_PATH=E:\SumatraPDF\ NEKO_INSTPATH=E:\HaxeToolkit\neko NUMBER_OF_PROCESSORS=8 OS=Windows_NT Path=E:\PentestBox\PentestBox\vendor\conemu-maximus5\ConEmu;E:\PentestBox\PentestBox\vendor\conemu-maximus5;E:\Python27\;E:\Python27\Scripts;C:\ProgramData\Oracle\Java\javapath;E:\PythonPackages\Qt5\Lib\site-packages\PyQt5;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Nmap\;C:\Program Files (x86)\Java\jre7\bin\;C:\Windows\System32\;C:\Windows;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;E:\Schneider Electric\Vijeo-WebGate Control\;E:\Python2.7;E:\Synedra\ViewPersonal;E:\AMD\02022014\ATI.ACE\Core-Static;E:\Python2.7\Scripts\;E:\Calibre2\;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\;C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows;E:\Perl\perl\bin;E:\Perl\perl\site\bin;E:\Perl\c\bin;E:\Ruby193\DevKit;E:\xampp\php;E:\HaxeToolkit\haxe\;E:\HaxeToolkit\neko;E:\nodejs\;E:\Gow\bin;E:\Go\bin;C:\Python27\;C:\Python27\Lib;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Git\cmd;C:\Program Files (x86)\GtkSharp\2.12\bin;E:\010 Hex Editor;C:\WINDOWS\system32\WindowsPowerShell\v1.0;;E:\Github\Fibratus\Fibratus\Execute\bin;E:\Github\Fibratus\Fibratus\Execute\bin;E:\Fibratus\bin;E:\Ruby193\bin;C:\Program Files (x86)\Java\jre7\bin\java.exe;E:\Ruby193\DevKit;C:\Users\Besitzer\AppData\Roaming\npm;C:\Users\Besitzer\AppData\Local.meteor\;E:\Go;E:\Go\bin\;E:\Ncrack;E:\Ncrack PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.RB;.RBW PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=3a09 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PROMPT=$P$G PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SESSIONNAME=Console SSLKEYLOGFILE=E:\SSLKEYLOG\sslkeylog.log SYNEDRA_HOME=E:\Synedra\ synedra_ViewPersonal_HOME=E:\Synedra\ViewPersonal SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Besitzer\AppData\Local\Temp TMP=C:\Users\Besitzer\AppData\Local\Temp USERDOMAIN=Watson USERNAME=Besitzer USERPROFILE=C:\Users\Besitzer VBOX_MSI_INSTALL_PATH=E:\VitrualBox\ VS140COMNTOOLS=E:\Microsoft Visual Studio 14.0\Common7\Tools\ windir=C:\Windows windows_tracing_flags=3 windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log

I don´t know what is going wrong.

2016-05-29 7:42 GMT+02:00 Nedim Šabić notifications@github.com:

Can you provide more details about the error? Which version of Windows are you running?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rabbitstack/fibratus/issues/1#issuecomment-222344028, or mute the thread https://github.com/notifications/unsubscribe/AGBRTYBegJOjjOT6Dt8MwZji0xcxHzfxks5qGSdPgaJpZM4InTn_ .

rabbitstack commented 8 years ago

Did you try setting the PYTHONIOENCODING enviornment variable? Launch a console and issue: set PYTHONIOENCODING=UTF-8 and then fibratus.

fuuddanni commented 8 years ago

Have tried now set PYTHONIOENCODING=UTF-8 but doesn´t work.

2016-05-29 8:41 GMT+02:00 Nedim Šabić notifications@github.com:

Did you try setting the PYTHONIOENCODING enviornment variable? Launch a console and issue: set PYTHONIOENCODING=UTF-8 and then fibratus.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rabbitstack/fibratus/issues/1#issuecomment-222345565, or mute the thread https://github.com/notifications/unsubscribe/AGBRTUEFezhm2gNZrFfMXy4UNtAP7tKxks5qGTUQgaJpZM4InTn_ .

rabbitstack commented 8 years ago

Do you see any exception on the console or it just crashes?

fuuddanni commented 8 years ago

[image: Inline-Bild 1] i only see the crash without exception.

Eventlog shows following: Fehlerbucket 224637142, Typ 28 Ereignisname: APPCRASH Antwort: Nicht verfügbar CAB-Datei-ID: 0

Problemsignatur: P1: fibratus.exe P2: 0.0.0.0 P3: 5749a806 P4: python34.dll P5: 3.4.3150.1013 P6: 54ecf0c8 P7: c0000005 P8: 0000000000102854 P9: P10:

Angefügte Dateien: C:\Users\Besitzer\AppData\Local\Temp\WER9FAB.tmp.WERInternalMetadata.xml C:\Users\Besitzer\AppData\Local\Temp\WERB722.tmp.appcompat.txt C:\Users\Besitzer\AppData\Local\Temp\WERB732.tmp.mdmp

Diese Dateien befinden sich möglicherweise hier: C:\Users\Besitzer\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_fibratus.exe_bf45fc36bcf3053fe2024dbfae6aff9dc1_140befdc

Analysesymbol: Es wird erneut nach einer Lösung gesucht: 0 Berichts-ID: 7bbafbf2-2576-11e6-a9ca-005056c00008 Berichtstatus: 9

AND

Name der fehlerhaften Anwendung: fibratus.exe, Version: 0.0.0.0, Zeitstempel: 0x5749a806 Name des fehlerhaften Moduls: python34.dll, Version: 3.4.3150.1013, Zeitstempel: 0x54ecf0c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000102854 ID des fehlerhaften Prozesses: 0xbc4 Startzeit der fehlerhaften Anwendung: 0x01d1b9833d8b4ccd Pfad der fehlerhaften Anwendung: E:\Fibratus\Fibratus\bin\fibratus.exe Pfad des fehlerhaften Moduls: E:\Fibratus\Fibratus\bin\python34.dll Berichtskennung: 7bbafbf2-2576-11e6-a9ca-005056c00008

2016-05-29 10:24 GMT+02:00 Nedim Šabić notifications@github.com:

Do you see any exception on the console or it just crashes?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rabbitstack/fibratus/issues/1#issuecomment-222348816, or mute the thread https://github.com/notifications/unsubscribe/AGBRTU2k60pt5BYj_IJL5nMfRRYiw7foks5qGU1agaJpZM4InTn_ .

rabbitstack commented 8 years ago

Well, this is really weird. I'm not sure if installing fibratus to a non standard location could cause the crash. If im not wrong you installed it to E:\Fibratus\Fibratus, and it should be Program files\Rabbitstack\Fibratus.

fuuddanni commented 8 years ago

I´m getting the same error by reinstalling into default path of ssd c:\

[image: Inline-Bild 1]

2016-05-29 10:44 GMT+02:00 Nedim Šabić notifications@github.com:

Well, this is really weird. I'm not sure if installing fibratus to a non standard location could cause the crash. If im not wrong you installed it to E:\Fibratus\Fibratus, and it should be Program files\Rabbitstack\Fibratus.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rabbitstack/fibratus/issues/1#issuecomment-222349585, or mute the thread https://github.com/notifications/unsubscribe/AGBRTU-74ELQU_AcrWmHWCjghL5wqnRhks5qGVHzgaJpZM4InTn_ .

rabbitstack commented 8 years ago

I've just installed it on my laptop with Windows 7 virtual machine, and I wasn't able to reproduce the problem. It all works as expected.

fuuddanni commented 8 years ago

I just reinstalled python version 3.4 and then fibratus again. Program seems to be executed but nothing happens at the command line (i use conemu).

E:\Fibratus\bin>fibratus.exe -h Usage: fibratus run ([--filament=] | [--filters ...]) fibratus list-kevents fibratus list-filaments fibratus -h | --help fibratus --version

Options: -h --help Show this screen. --filament= Specify the filament to execute. --version Show version.

E:\Fibratus\bin>fibratus.exe run Starting fibratus...

2016-05-29 11:17 GMT+02:00 Nedim Šabić notifications@github.com:

I've just installed it on my laptop with Windows 7 virtual machine, and I wasn't able to reproduce the problem. It all works as expected.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rabbitstack/fibratus/issues/1#issuecomment-222350764, or mute the thread https://github.com/notifications/unsubscribe/AGBRTb6n9VVct9_c8g6Jz6tTdrrtNx59ks5qGVm4gaJpZM4InTn_ .

rabbitstack commented 8 years ago

I'm not 100% sure, but that could be because of fibratus trying to query the system handle of type named pipe. NtQueryObject function hangs indefinitely and it blocks the main thread. I'll look into this in the next release.