v10.2.5

Changes:

• 97fe712 Merge branch 'main' into release/10.2.x
• 7084bce changelog: update to 10.2.5
• 7771bdc OrcLib: BITSAgent: add option to delete smb share after upload
• 18475b9 OrcLib: use FileAttribute's ToIdentifiers to refactor
• 12f62bc OrcLib: Filesystem: add FileAttribute
• 6996912 OrcCommand: NtfsInfo: fix volstat incomplete output for vss
• ff4f7e4 OrcLib: SystemDetail: add tags for W11 23H2
• 2ebe99a OrcCommand: WolfLauncher: add log to SetRestrictionsFromConfig
• e1a01d8 OrcCommand: WolfLauncher: fix cpu weight configuration
• d76d5a6 OrcLib: SystemDetails: SetOrcComputerName: replace spaces with '_'

See More

• 4352456 OrcLib: Text: Fmt: make const specializations
• 07a68e3 Revert "OrcLib: Text: Fmt: std_optional: forward to underlying type formatter"
• d1574d5 Revert "OrcLib: Text: fmt: std_optional: enhance compatibility with std::decay_t"
• 824c266 OrcLib: Text: Fmt: Result: fix missing header
• d8808b7 OrcLib: Text: StdoutContainerAdapter: fix missing static_cast
• 543e2b1 OrcLib: Text: fmt: GUID: add const qualifier to method format
• 3e64ead OrcLib: Text: fmt: std_optional: enhance compatibility with std::decay_t
• f6e8f65 OrcCommand: WolfLauncher: Outline: add hypervisor
• 2b32975 OrcLib: SystemDetails: add GetHypervisor
• 716ac45 OrcLib: add HypervisorType
• 263ef1a OrcLib: Buffer: replace stdext::checked_array_iterator with gsl::span
• 1fb8ba9 cmake: keep CMAKE_CXX_STANDARD or set default to cpp17
• bd12b2e OrcLib: OrcException: fix fmt header inclusion
• eb4e6c2 OrcLib: Buffer: add noexcept keyword to operator=
• 09c0e1f OrcLib: add std::expected support
• 69b4f37 OrcLib: Filesystem: WofReparsePoint: remove uneedded std::make_error_code
• 90f3adb OrcLib: Location: fix deprecated std::errc::no_stream_resources
• 11f6db3 OrcLib: Text: in_addr: use NtError
• f86aebe OrcLib: OrcException: remove dependency on Result.h
• 8bcd326 OrcLib: UncompressNTFSStream: remove dependency on VolumeStreamReader.h
• b447997 OrcLib: SystemDetails: fix missing return statement
• e078485 OrcLib: BufferStream: remove useless calling convention
• 4b5cc5e OrcLib: BinaryBuffer: add const qualifier to operator==
• b63499a OrcLib: ArchiveCreate: add missing 'const' method qualifier
• bc10abc OrcLib: Buffer: initialize constructed stack array
• b42d6ee OrcLib: Guard: ViewOfFile: template sometimes require 'this->'
• ef9ae2c OrcLib: OutputSpec: ApplyPattern: add pattern for '{RunId}'
• 352ca61 OrcCommand: WolfLauncher: display run id in the parameter dump and log
• 067ada7 OrcCommand: WolfLauncher: Outline: add commands output files
• ecc914b OrcCommand: WolfLauncher: Outline: add commands timeout
• be0c261 OrcLib: SystemIdentity: add to codepage information to Outline
• efba8ab OrcLib: SystemDetail: add GetCodePage and GetCodePageName
• 0d146fd OrcCommand: WolfLauncher: Outcome: replace 'running_command' with 'live'
• 5e9b0b2 OrcCommand: WolfLauncher: Outcome: add outcome.system_type
• 7e52426 OrcCommand: WolfLauncher: Outline: add outline.system_type
• 69f96b0 OrcLib: SystemDetail: add GetOrcSystemType
• 41346e5 OrcCommand: WolfLauncher: set outline.system[full]name with host's
• 30224e5 OrcCommand: WolfLauncher: Outcome: set outcome.computer_name with /FullComputer
• 6e3b793 OrcCommand: WolfLauncher: Outline: set outline.computer_name with /FullComputer
• 476ed66 OrcCommand: UtilitiesMain: enhance printed parameter name
• 00963e3 OrcLib: Text: Fmt: make const specialization for std::filesystem
• 0e15403 OrcLib: CacheStream: fix SetFilePointer when getting seek position
• f2a188a OrcLib: CacheStream: add Guard::CacheStream
• d7b5349 OrcLib: CacheStream: use reference for underlying stream
• 667deac OrcLib: Utils: MetaPtr: add method get
• db77e5d OrcLib: Utils: MetaPtr: add element_type
• 5ad9885 OrcLib: Utils: MetaPtr: fix missing operator()
• 61c3cb4 OrcLib: Utils: Result: ToHRESULT: handle other category than 'system'
• ff69f82 OrcLib: Utils: Dump: replace fstream with win32 api
• 958dd68 OrcLib: Utils: add StackStash
• 30826b3 OrcLib: Utils: add MapFile

This list of changes was auto generated.

v10.2.4

Changes:

• 039e321 Merge branch 'main' into release/10.2.x
• 6869b5f changelog: update to 10.2.4
• 211cd5c OrcCommand: WolfLauncher: Outline: add 'computer_name'
• e694f25 OrcLib: Text: Fmt: std_optional: forward to underlying type formatter
• 29bd66d OrcLib: Text: Fmt: Result: forward to underlying type formatter
• 8ee768d OrcLib: SystemIdentity: add install_date, install_time, shutdown_time
• 0f0c225 OrcLib: SystemDetails: add GetInstallDateFromRegistry
• 329743d OrcLib: SystemDetails: add GetInstallTimeFromRegistry
• 2221e54 OrcLib: SystemDetails: add GetShutdownTimeFromRegistry
• 2b4c12e OrcLib: Utils: Guard: add RegistryHandle

See More

• 692c968 OrcLib: YaraScanner: add workaround on Yara limitation for block api
• 2ff3b3f vcpkg: yara: update to Yara 4.4.0
• 577f019 vcpkg: yara: replace wincrypt with LibreSSL
• c505034 OrcLib: Text: StdoutContainerAdapter: fix stdout pipe break on unicode
• efb2900 OrcLib: Archive: 7z: InStreamAdapter: continue archive on file read error
• 3b365ac OrcCommand: WolfLauncher: WolfTask: lower log level "hanged for ..."
• 2cbb8ce OrcLib: EmbeddedResource: fix "unreferenced" warning with run32/run64
• 411ccd1 OrcLib: UncompressNTFSStream: always clear output buffer
• 588242e cmake: add _SILENCE_ALL_MS_EXT_DEPRECATION_WARNINGS to compile definition
• 55d3453 tools: ci: test: update to nushell 0.87.1
• 0638897 OrcLib: NtDllExtension: fix missing definition for older sdk
• 34257f3 OrcLib: Log: allow default construction for Logger class*
• 528bb3f OrcLib: FileStream: add an option to delete on close
• 4f80cb2 OrcLib: ExtensionLibrary: add support for DependencyLibrary
• 7401ad5 OrcLib: Text: Guid: replace str::string_view with BufferView
• b43744f OrcLib: Text: Hex: replace string_view by BufferView
• be40298 OrcLib: Temporary: replace obsolete string id
• 6c7d24e OrcLib: UtiltiesMain: add methods ToolName, ToolVersion, ToolDescription
• 45b5605 OrcLib: remove unused ORCLIB_API define
• 4406e24 OrcLib: SystemDetails: replace Windows version detection
• f1d93ce OrcLib: Buffer: add WStrLen
• d7cddc0 OrcLib: NtDllExtension: add CodeIntegrityOption
• dcf849d OrcLib: Flags: add FlagsToStringW
• 72c3cf2 Fix formatting compile errors
• e1d9c84 OrcLib: Log: restore the Get function to get a facility's logger
• 6db4761 OrcLib: Fmt: Result: format underlying type or error

This list of changes was auto generated.

v10.2.3

Changes:

• b55a779 Merge branch 'main' into release/10.2.x
• 37d589e changelog: update to 10.2.3
• a1ae4c9 OrcCommand: WolfLauncher: Journal: print skipping reason
• f503471 OrcCommand: WolfLauncher: Journal: Syslog: improve log format
• 17b1c0e OrcCommand: WolfLauncher: Journal: default empty 'agent' to 'Info'
• ccc71bc OrcCommand: WolfLauncher: change console mutex to std::recursive_mutex
• 1852664 OrcCommand: WolfLauncher: rename '/MothershipHandle' to '/Mothership'
• 415ca2a Add log to display cli parsing item issue
• 6c90890 OrcLib: FileFormat: PeParser: enable authenticode for arm pe
• 1903b0d OrcLib: FileInfo: fix macro IMAGE_FILE_MACHINE_ARMNT value

See More

• 51e55b0 OrcLib: Log: duplicate logs with OutputDebugString for debug builds
• f06f695 OrcCommand: GetThis: fix OnMatchingSample callback prototype
• 340d690 Replace E_ABORT return code
• 617faba OrcLib: CommandAgent: synchronize with child process creation
• e21f681 OrcLib: CommandAgent: coding style
• 841a634 OrcLib: CommandAgent: add CommandNotification::Created
• 19e750e OrcLib: CommandExecute: add CreateChildProcess and ResumeChildProcess
• c47d3f2 OrcLib: CommandAgent: add notification NotifyAborted
• 8062617 OrcLib: Utils: Guard: add class ViewOfFile
• 3683d02 OrcLib: Utils: Guard: add class Lock for mutexes handle
• 8a984d8 OrcLib: Utils: Guard: PointerGuard: add operator=
• 4b75310 OrcLib: Utils: Guard: PointerGuard: add operator->
• f8feffa OrcLib: Utils: Guard: DescriptorGuard: fix operator*
• 8b69db2 OrcLib: Utils: Guard: DescriptorGuard: add method 'release'
• b2071ef OrcLib: Utils: Guard: simplify default move ctors
• 23a86cd OrcLib: CommandAgent: handle configuration attribute 'timeout'
• 844d685 OrcLib: CommandMessage: add method MakeAbortMessage
• d70088b OrcLib: WolfLauncher: add to element 'command' the attribute 'timeout'
• f51270f OrcLib: Robustness: fix invalid eol position
• 9ff2b14 OrcLib: FileFind: do not disable unreferenced yara scripts
• fb4a84a OrcLib: ObjectDirectory: update failure log level
• 050ea91 OrcLib: MftRecordAttribute: fix WOF for resident attribute
• ecd4fb1 OrcLib: UncompressWofStream: replace NTFSStream with ByteStream
• 7b33095 OrcLib: EmbeddedResource: ExtractValue: update failure log level
• 165549e OrcLib: Ntfs: WofStreamConcept: fix last block position computation
• 1d254a6 OrcLib: Ntfs: fix alignment with some offsets after decompression
• 277cd4d OrcLib: Ntfs: fix decompression for some ending block
• 011637f OrcCommand: NTFSUtil: use Round.h
• 3d8fe01 OrcLib: Utils: add Round.h
• 5373c24 test: add New-WofTestDataset.ps1
• 7cb0e39 tools: ci: test: fix 'exit_code' check

This list of changes was auto generated.

v10.2.2

Changes:

• cf641b7 Merge branch 'main' into release/10.2.x
• 0799c04 changelog: update to 10.2.2
• 61210b5 tools: ci: test: Expand-OrcArchive: optimize for multiple run
• a1c1f7b tools: ci: test: Get-OrcOutcome: add warning for missing exit_status
• 0d537aa OrcCommand: NTFSInfo: write to volstats.csv the output files
• 586db90 OrcCommand: FastFind: fix xml output style
• e7b8eb9 OrcCommand: WolfLauncher: allow user to specify ORC_Offline's keys
• 9eeaf1a OrcCommand: WolfLauncher: remove working directory if it was created
• e5abed2 OrcLib: OutputSpec: add static method Resolve
• c84289d OrcLib: ObjectDirectory: fix displayed type value always set to 'Type'

See More

• ad7b8ef OrcLib: PEInfo: SetFirstBytes: grab also bytes when <BYTES_IN_FIRSTBYTES
• 7e89fdc OrcLib: FileInfo: SetFirstBytes: fix zero padding to BYTES_IN_FIRSTBYTES
• a42ee8b OrcLib: YaraScanner: fix Yara's callbacks file boundary
• 2404946 vcpkg: update yara to 4.3.2
• 4c0db0f Merge branch 'main' into release/10.2.x
• 5d0905f changelog: update to 10.2.1
• e179c92 OrcCommand: add log message on missing 'Location' resolution
• db8da0d OrcLib: LocationSet: cli overrides any previously set parsed location
• 4fcc729 OrcLib: Configuration: make xml 'Location' optional
• ad59c0f OrcLib: OrcLimits: fix limit handling when set to UINT_MAX
• 8ec0204 OrcLib: Location: Shadow: fix missing volume name initialization
• 1469f75 OrcLib: Location: use parent volume identifier for snapshot's
• abf3951 OrcLib: LocationSet: accept wildcard as exclude path
• 4a8f093 OrcCommand: USNJournal: fix location resolution
• ddb14c0 OrcLib: USNJournalWalkerOffline: do not 'resurrect' records
• 3f1dd57 OrcCommand: Log: UtilitiesLoggerConfiguration: fix log file option
• 1007c2e OrcCommand: GetThis: fix resurrectRecord option
• f08b53c OrcLib: FileFind: add overload FileFind::Find expecting Location
• 73a6e77 OrcLib: FileFind: fix missleading log
• a214658 changelog: update to 10.2.0
• 4ae6773 OrcLib: Log: SpdlogLogger: fix possible build issue with fmt
• c863454 OrcLib: Utils: TypeTraits: fix possible build issue with underlying_char_type
• bad6952 Orc: relocate binary if executed from network path
• cc2aaff vcpkg: update to 2023.04.15
• 39addb9 Update .gitignore
• c07d009 OrcLib: Location: order found vss from the most recent to the oldest
• 635d0fe OrcLib: LocationSet: keep the discovering volume order
• 4ed2bbd OrcLib: CommandExecute: release completion callbacks once done
• a0be15a OrcLib: Robustness: UnhandledExceptionFilter: add optional MiniDumpWriteDump
• d842b7a OrcLib: CopyFileAgent: fix possible double separator in output path
• 617556f OrcLib: SystemIdentity: Write: continue to add information on error
• b25d12e OrcCommand: NTFSUtil: new vss parser integration
• 7cb991b OrcLib: MftWalker: add support for ResurrectRecordMode::kResident
• f6d448c Use ResurrectRecordMode instead of boolean
• cdd37d6 OrcLib: add ResurrectRecordMode
• 3f061d1 OrcCommand: GetThis: add options '/ResurrectRecords', 'resurrect'
• 2612e35 OrcCommand: FastFind: add options '/ResurrectRecords', 'resurrect'
• 14caf6d OrcCommand: GetThis: add column 'RecordInUse'
• d46480e Merge branch 'jean/dev' into fabienfl/vss
• 63fb635 OrcLib: Buffer: avoid throwing exception with 0 Elts buffers
• 7376770 OrcLib: ParameterCheck: add support for hex string prepend with '0x'
• 7481a05 OrcLib: Add WriteNamedFileTime overload
• fd373c2 OrcLib: TemporaryStream: add method Clone
• 70bb57a OrcLib: MemoryStream: fix method Duplicate
• ffb081d OrcLib: Utils: Result: get closer to std::expected
• 1de7834 OrcLib: Text: in_addr: use dynamic function resolution
• 0321efc OrcLib: move ToGuid, ToString into directory Text
• 41c753d OrcLib: Text: Fmt: add in_addr
• 135db77 Add support for msvc v143 and cpp23
• b1f36fe README: display CI status for 10.1 and 10.2 and update build instructions
• 74c3452 OrcCommand: NTFSUtil: set default error level to 'error'
• 13fe525 OrcCommand: NTFSInfo: add column 'ShadowCopyId' to volstats.csv
• 05d593a OrcCommand: NTFSInfo: add option "shadows_parser"
• f102d3a OrcCommand: UtilitiesMain: rename method ParseShadowOption
• 181dfd8 OrcCommand: UtilitiesMain: make 'Option' functions static
• 31c8891 OrcLib: Ntfs: Compression: Wof: use Parse pattern
• c3757de OrcLib: VolumeReader: add virtual method Position
• e737c99 OrcLib: Location: add fallback system for microsoft vss enumeration
• 9f9ccea OrcLib: internal shadow copy parser integration
• add8805 OrcLib: Ntfs: add ShadowCopy
• 330162f OrcLib: VolumeReader: add Read overload
• 40ead40 OrcLib: Stream: add VolumeReaderStream
• b88a2b0 OrcLib: Stream: add StreamReader
• 9955ab9 OrcLib: Stream: add StreamUtils.h containing generic stream helpers
• a7b0b20 OrcLib: Stream: add Stream
• e1c84d5 OrcLib: Archive: CompressionLevel: refactor
• 8762361 OrcLib: GetThis: use ShrinkContext with UncompressWofStream
• e923518 OrcLib: ByteStream: add ShrinkContext to release memory without closing
• 49dda76 OrcLib: Ntfs: Compression: Wof: increase default chunk size to 16384
• dab7e5a OrcLib: Authenticode: add cache for parsed catalogs
• 3ab0882 OrcLib: MemoryStream: add parameter to ctor for initial allocation
• bd90b78 Merge branch 'fabienfl/vss_jean_buffers' into fabienfl/vss
• 69a5c5e OrcLib: ExtensionLibrary: add helper ExtensionInScope
• a857520 OrcLib: Buffer: fix index check in zero()
• 682e5e9 OrcLib: TemporaryStream: do not allocate memory if memory threshold is 0
• fa52069 OrcLib: SetPrivilege: constify input argument
• b1a3d10 OrcLib: NtDllExtension: add NtSystemDebugControl
• 061a7b2 OrcLib: Utils: Results: add NtError() to create error_code from NTSTATUS
• 3896a8d OrcCommand: UtilitiesMain: refactor OptionalParameterOption
• ca6668d OrcCommand: UtilitiesMain: add FlagOption to activate options as flags
• 9a32efa OrcLib: StructuredOutput: add FILETIME support
• 4825870 OrcLib: StructuredOutput: add RAII helpers to handle begin/end elements
• 15aac44 OrcLib: LocationSet: add missing include
• c506a50 Improve multiple logs
• 3e7f618 OrcLib: Text: Tree: refactor indent array initialisation
• fbace92 OrcLib: Log: remove assert on empty logger
• e02aadd OrcLib: WofAlgorithm: add ToWString
• bafeda0 OrcLib: Archive: Compression: add ToWString
• 3c3f229 OrcLib: DriverMgmt: improve driver unload
• 7128953 OrcLib: OrcException: add explicit contructors
• 466a30f OrcCommand: UtilitiesMain: add EnumOption
• 0435d20 OrcLib: Text: Fmt: Result: inherit string_view for alignment support
• 29d01e1 vcpkg: update to 2022.11.14
• ef25f46 OrcLib: Text: F...

v10.1.8

Changes:

• 48c7bf0 changelog: update to 10.1.8
• b845da8 OrcCommand: WolfLauncher: allow user to specify ORC_Offline's keys
• 4c7ad1c OrcLib: ObjectDirectory: fix displayed type value always set to 'Type'
• 636c7d0 vcpkg: update yara to 4.3.2
• 8512737 OrcLib: YaraScanner: fix Yara's callbacks file boundary
• d898ff0 OrcLib: PEInfo: SetFirstBytes: grab also bytes when <BYTES_IN_FIRSTBYTES
• 03a72b0 OrcLib: FileInfo: SetFirstBytes: fix zero padding to BYTES_IN_FIRSTBYTES
• 5d1f791 OrcCommand: Log: UtilitiesLoggerConfiguration: fix log file option
• b9a10e4 OrcLib: FileFind: fix missleading log

This list of changes was auto generated.

v10.2.1

Changes:

• 4c0db0f Merge branch 'main' into release/10.2.x
• 5d0905f changelog: update to 10.2.1
• e179c92 OrcCommand: add log message on missing 'Location' resolution
• db8da0d OrcLib: LocationSet: cli overrides any previously set parsed location
• 4fcc729 OrcLib: Configuration: make xml 'Location' optional
• ad59c0f OrcLib: OrcLimits: fix limit handling when set to UINT_MAX
• 8ec0204 OrcLib: Location: Shadow: fix missing volume name initialization
• 1469f75 OrcLib: Location: use parent volume identifier for snapshot's
• abf3951 OrcLib: LocationSet: accept wildcard as exclude path
• 4a8f093 OrcCommand: USNJournal: fix location resolution

See More

• ddb14c0 OrcLib: USNJournalWalkerOffline: do not 'resurrect' records
• 3f1dd57 OrcCommand: Log: UtilitiesLoggerConfiguration: fix log file option
• 1007c2e OrcCommand: GetThis: fix resurrectRecord option
• f08b53c OrcLib: FileFind: add overload FileFind::Find expecting Location
• 73a6e77 OrcLib: FileFind: fix missleading log

This list of changes was auto generated.

v10.2.0

Changes:

• a214658 changelog: update to 10.2.0
• 4ae6773 OrcLib: Log: SpdlogLogger: fix possible build issue with fmt
• c863454 OrcLib: Utils: TypeTraits: fix possible build issue with underlying_char_type
• bad6952 Orc: relocate binary if executed from network path
• cc2aaff vcpkg: update to 2023.04.15
• 39addb9 Update .gitignore
• c07d009 OrcLib: Location: order found vss from the most recent to the oldest
• 635d0fe OrcLib: LocationSet: keep the discovering volume order
• 4ed2bbd OrcLib: CommandExecute: release completion callbacks once done
• a0be15a OrcLib: Robustness: UnhandledExceptionFilter: add optional MiniDumpWriteDump

See More

• d842b7a OrcLib: CopyFileAgent: fix possible double separator in output path
• 617556f OrcLib: SystemIdentity: Write: continue to add information on error
• b25d12e OrcCommand: NTFSUtil: new vss parser integration
• 7cb991b OrcLib: MftWalker: add support for ResurrectRecordMode::kResident
• f6d448c Use ResurrectRecordMode instead of boolean
• cdd37d6 OrcLib: add ResurrectRecordMode
• 3f061d1 OrcCommand: GetThis: add options '/ResurrectRecords', 'resurrect'
• 2612e35 OrcCommand: FastFind: add options '/ResurrectRecords', 'resurrect'
• 14caf6d OrcCommand: GetThis: add column 'RecordInUse'
• d46480e Merge branch 'jean/dev' into fabienfl/vss
• 63fb635 OrcLib: Buffer: avoid throwing exception with 0 Elts buffers
• 7376770 OrcLib: ParameterCheck: add support for hex string prepend with '0x'
• 7481a05 OrcLib: Add WriteNamedFileTime overload
• fd373c2 OrcLib: TemporaryStream: add method Clone
• 70bb57a OrcLib: MemoryStream: fix method Duplicate
• ffb081d OrcLib: Utils: Result: get closer to std::expected
• 1de7834 OrcLib: Text: in_addr: use dynamic function resolution
• 0321efc OrcLib: move ToGuid, ToString into directory Text
• 41c753d OrcLib: Text: Fmt: add in_addr
• 135db77 Add support for msvc v143 and cpp23
• b1f36fe README: display CI status for 10.1 and 10.2 and update build instructions
• 74c3452 OrcCommand: NTFSUtil: set default error level to 'error'
• 13fe525 OrcCommand: NTFSInfo: add column 'ShadowCopyId' to volstats.csv
• 05d593a OrcCommand: NTFSInfo: add option "shadows_parser"
• f102d3a OrcCommand: UtilitiesMain: rename method ParseShadowOption
• 181dfd8 OrcCommand: UtilitiesMain: make 'Option' functions static
• 31c8891 OrcLib: Ntfs: Compression: Wof: use Parse pattern
• c3757de OrcLib: VolumeReader: add virtual method Position
• e737c99 OrcLib: Location: add fallback system for microsoft vss enumeration
• 9f9ccea OrcLib: internal shadow copy parser integration
• add8805 OrcLib: Ntfs: add ShadowCopy
• 330162f OrcLib: VolumeReader: add Read overload
• 40ead40 OrcLib: Stream: add VolumeReaderStream
• b88a2b0 OrcLib: Stream: add StreamReader
• 9955ab9 OrcLib: Stream: add StreamUtils.h containing generic stream helpers
• a7b0b20 OrcLib: Stream: add Stream
• e1c84d5 OrcLib: Archive: CompressionLevel: refactor
• 8762361 OrcLib: GetThis: use ShrinkContext with UncompressWofStream
• e923518 OrcLib: ByteStream: add ShrinkContext to release memory without closing
• 49dda76 OrcLib: Ntfs: Compression: Wof: increase default chunk size to 16384
• dab7e5a OrcLib: Authenticode: add cache for parsed catalogs
• 3ab0882 OrcLib: MemoryStream: add parameter to ctor for initial allocation
• bd90b78 Merge branch 'fabienfl/vss_jean_buffers' into fabienfl/vss
• 69a5c5e OrcLib: ExtensionLibrary: add helper ExtensionInScope
• a857520 OrcLib: Buffer: fix index check in zero()
• 682e5e9 OrcLib: TemporaryStream: do not allocate memory if memory threshold is 0
• fa52069 OrcLib: SetPrivilege: constify input argument
• b1a3d10 OrcLib: NtDllExtension: add NtSystemDebugControl
• 061a7b2 OrcLib: Utils: Results: add NtError() to create error_code from NTSTATUS
• 3896a8d OrcCommand: UtilitiesMain: refactor OptionalParameterOption
• ca6668d OrcCommand: UtilitiesMain: add FlagOption to activate options as flags
• 9a32efa OrcLib: StructuredOutput: add FILETIME support
• 4825870 OrcLib: StructuredOutput: add RAII helpers to handle begin/end elements
• 15aac44 OrcLib: LocationSet: add missing include
• c506a50 Improve multiple logs
• 3e7f618 OrcLib: Text: Tree: refactor indent array initialisation
• fbace92 OrcLib: Log: remove assert on empty logger
• e02aadd OrcLib: WofAlgorithm: add ToWString
• bafeda0 OrcLib: Archive: Compression: add ToWString
• 3c3f229 OrcLib: DriverMgmt: improve driver unload
• 7128953 OrcLib: OrcException: add explicit contructors
• 466a30f OrcCommand: UtilitiesMain: add EnumOption
• 0435d20 OrcLib: Text: Fmt: Result: inherit string_view for alignment support
• 29d01e1 vcpkg: update to 2022.11.14
• ef25f46 OrcLib: Text: Fmt: Result: prefer stack allocations
• 8bbdeb2 vcpkg: enable /guard:cf for triplets
• 49b3b91 OrcLib: ByteStream: add call counter to read method
• 389867b OrcLib: DiskExtent: fix GetSeekOffset
• ae87949 OrcLib: CompleteVolumeReader: add Read implementation with CBinaryBuffer
• 7f128bd OrcLib: FindFind: add Yara cache on last item
• 10b641a OrcLib: PEInfo: fix log messages
• 6953d11 OrcLib: Authenticode: fix log messages
• ae7dfbb OrcLib: Text: Print: AttributeListEntry: fix missing eol
• 09f1a31 OrcLib: Text: Print: MFTRecord: add PrintAttributeList
• 61e06f1 OrcLib: rename Utf8ToUtf16, Utf16ToUtf8 to ToUtf8, ToUtf16
• 8862354 OrcLib: Text: Fmt: fix fmt specializations
• 253dd4b OrcLib: Utils: remove AllocationPolicy.h
• eeedf8b OrcLib: Utils: rename AnyPtr to MetaPtr
• 38ea7ac OrcLib: Utils: String: add function Join
• 048747e OrcLib: Utils: add function Dump
• 41b8197 OrcLib: Utils: BufferView: add ToStringView conversion overloads
• c6e5b8b OrcLib: Utils: BufferView: add ToBufferView conversion overloads
• f393ad6 OrcLib: Utils: Guid: add ToString overloads
• 35c1169 OrcLib: Utils: Guid: fix ToString
• c8268fc OrcLib: Ntfs: WofAlgorithm: fix ToString namespace
• 3292102 OrcLib: Text: Encoding: add ToString/ToWString
• f4e5171 OrcLib: Text: Hex: add ToHexString
• e45e36a OrcCommand: WolfLauncher: add critical log on exceeded configured limit
• 5d5c710 OrcCommand: WolfLauncher: syslog any upload error with the Journal
• 426faf2 OrcCommand: WolfLauncher: Journal: add optional error level
• 8bf9d3d OrcLib: Log: rename facility journal to syslog
• e12361b tools: rcedit: display binary path on error when adding resources
• 81c463d tools: ci: test: fix bad character encoding
• 2c04026 tools: ci: test: Invoke-OrcVM: option -upload not mandatory
• f220b7d tools: ci: test: add verbose messages
• a0906b5...

v10.1.7

Changes:

• 106bde1 Merge branch 'main' into release/10.1.x
• abe2747 changelog: update to 10.1.7
• b09bde1 vcpkg: update yara to 4.3.0
• d770aa5 cmake: fix masm with 3.26.x
• 164b45a OrcLib: BinaryBuffer: add multiple null deref checks
• 690666a OrcLib: MemoryStream: lower default reservation size for 32-bit
• b37d06c OrcLib: ZipCreate: add check before pointer deref
• 12f8c34 OrcLib: add log Critical on memory starvation
• a17e952 OrcLib: ArchiveAgent: add log on notification
• 5528d81 OrcLib: MemoryStream: modify some log level

See More

• 0aa7a44 OrcLib: TemporaryStream: fix missing memory stream reset when using file
• de5814d OrcLib: OutputSpec: fix output path type deduction
• c69c0d1 OrcLib: ExtensionLibrary: fix extension loading case sensitivity
• b51082c OrcLib: SystemIdentity: use CpuInfo for better compatibility
• 28f010c OrcLib: add CpuId and CpuInfo
• db61cb8 OrcCommand: WolfLauncher: fix Output path containing multiple '\0'
• c275dab OrcLib: Utils: WinApi: add GetFullPathNameApi
• e54ee70 tools: ci: test: add Compare-OrcOutcome
• 8a1c7ec tools: ci: test: Get-OrcOutcome: add support for pipeline input

This list of changes was auto generated.

v10.1.6

Changes:

• 6fbd187 Merge branch 'main' into release/10.1.x
• 61c46e8 change: update to 10.1.6
• 808a132 tools: ci: build: add parameter 'PlatformToolSet'
• 2e9141a OrcCommand: WolfLauncher: add missing support for 'upload' configuration
• 453dc2d OrcLib: RegFind: fix possible nullptr dereference
• 417da2a OrcLib: Configuration: fix unexpected element handling
• e39ccd6 OrcLib: add multiple log about configuration extraction
• 8dc02cd OrcLib: CommandAgent: add a critical log when task are killed
• b18527b Replace MAX_PATH use by ORC_MAX_PATH
• ad502e7 OrcCommand: GetThis: add support to '/sample' to path matching

See More

• 5d075c6 OrcCommand: USNInfo: fix shadow volume parsing
• 0b0312a OrcCommand: WolfLauncher: Outline: add job limits
• 5fa25fd OrcCommand: WolfLauncher: Outline: add command and archive timeout
• ffe6f0a OrcCommand: WolfLauncher: check for any unknown '/key' argument
• 093fe24 OrcCommand: WolfLauncher: do not register unselected tasks
• 04ab31c OrcCommand: WolfLauncher: remove unreliable pid/task map
• 275d133 OrcCommand: WolfLauncher: Outcome: fix missing command metadata
• 4524db3 OrcCommand: WolfLauncher: cli log level supersede console's sink level

This list of changes was auto generated.

v10.1.5

Changes:

• 96fd591 Merge branch 'main' into release/10.1.x
• 0495ec1 changelog: update to 10.1.5
• 9455bf2 OrcLib: Log: FileSink: increase first logs buffer size to 128k
• 27a3349 toos: ci: test: Test-OrcOutcome: forward excludes to Get-OrcOutcome
• 5c2e24a OrcLib: MFTOnline: fix $MFT extents parsing
• 1da902b OrcLib: CompleteVolumeReader: do not check extent size on seek
• ecf64d4 WolfLauncher: Outcome: add to command_set.command.output.size
• 0babad9 OrcCommand: WolfLauncher: print parameter 'archive timeout'
• 28eb14d OrcCommand: WolfLauncher: print parameter 'command timeout'
• 0a58b92 OrcCommand: WolfLauncher: do not early check executable existance

See More

• cc53b85 OrcCommand: UtilitiesMain: remove ',' from location exclude configuration
• 5b1a1f3 OrcCommand: UtilitiesMain: fix boost stacktrace output on stderr
• 11b059e OrcLib: PEInfo: use CacheStream to parse VERSION resource
• 7eb4b6e OrcLib: CacheStream: use configurable heap buffer size
• 9164102 OrcLib: LocationSet: allow to exclude locations
• a1fed4b OrcLib: SnapshotVolumeReader: remove useless SecureZeroMemory
• 292e073 OrcLib: MFTWalker: fix error handling for nested record processing
• 880e9bf OrcLib: MftRecordAttribute: fix infinite loop on corruped mft
• 5d2da8d OrcLib: Authenticode: fix cases of incorrect AuthenticodeStatus
• 3217e00 OrcLib: Robustness: fix log on memory allocation exception
• f63963b OrcLib: MFTOnline: fix log
• f761880 OrcLib: modify some log level
• 0df1364 cmake: add '/INCREMENTAL:NO' to RelWithDebInfo

This list of changes was auto generated.