Skip to content

v10.1.0-rc4

Pre-release
Pre-release
Compare
Choose a tag to compare
@jgautier-anssi jgautier-anssi released this 11 Feb 17:45
v10.1.0-rc4
a786e97
This commit was signed with the committer’s verified signature.
fabienfl-orc fabienfl
GPG key ID: A21889B6CE3B7602
Learn about vigilant mode.

Changes:

  • a786e97 Merge branch 'main' into release/10.1.x
  • 3acf35e OrcCommand: GetThis: fix log level
  • 3f440be OrcCommand: UtilitiesLogger: set backtrace size at 64 lines
  • 431384b changelog: update for 10.1.0-rc4
  • 241711d cmake: add option ORC_SWAPRUN_NET for stability from network execution
  • 5828703 OrcLib: ConfigFileReader: fix exit on unknown configuration element
  • eaba9c3 OrcLib: Text: Format: catch exception 'fmt::v7::format_error'
  • 67ca494 OrcLib: EmbeddedResource: fix ExtractToBuffer resource lookup
  • 8df375f OrcCommand: WolfLauncher: read configuration element 'Console'
  • a94fea8 OrcCommand: WolfLauncher: add ConsoleConfiguration
See More
  • 584ac91 OrcCommand: WolfLauncher: Console: enable console redirection
  • cae27a3 OrcCommand: WolfLauncher: Console: add source files for redirection
  • 621c084 OrcCommand: UtilitiesMain: use 'info' level for manual log backtrace
  • a0878de OrcCommand: UtilitiesLogger: prefer using references
  • 2d7b623 OrcCommand: UtilitiesLogger: ConsoleSink: use dist_sink before stderr_sink
  • afe76df OrcCommand: UtilitiesLoggerConfiguration: use Option.h
  • fe9c669 OrcLib: Configuration: add Option
  • 64daa0e OrcCommand: Console: fix namespace and add comment
  • 17f02b7 OrcLib: Console: move into OrcCommand/
  • b54220c OrcCommand: remove ConfigFile_ImportData
  • 7cd38b4 OrcCommand: Mothership: move into src/Orc/
  • 31773e1 OrcCommand: USNInfo: move into Command/USNInfo/ directory
  • 7972468 OrcCommand: ToolEmbed: move into Command/ToolEmbed/ directory
  • 22e14a7 OrcCommand: RegInfo: move into Command/RegInfo/ directory
  • 6480f32 OrcCommand: ObjInfo: move into Command/ObjInfo/ directory
  • cd1b700 OrcCommand: NTFSUtil: move into Command/NTFSUtil/ directory
  • 5073338 OrcCommand: GetSectors: move into Command/GetSectors/ directory
  • cadcfd3 OrcCommand: FatInfo: move into Command/FatInfo/ directory
  • 26b430a OrcCommand: FastFind: move into Command/FastFind/ directory
  • c768bef OrcCommand: DD: move into Command/DD/ directory
  • 4bce826 OrcCommand: GetThis: move into Command/GetThis/ directory
  • dd06bc3 OrcCommand: GetSamples: move into Command/GetSamples/ directory
  • 2e6853b OrcCommand: NTFSInfo: fix resource path for NTFSInfoSqlSchema.xml
  • 3204f9d OrcCommand: NTFSInfo: move into Command/NTFSInfo/ directory
  • 803e128 OrcCommand: Configuration: fix moved path
  • 39d1019 OrcCommand: DD: add partial support for 'log' option
  • 2e8d034 OrcCommand: USNInfo: add support for 'log' option
  • 8347059 OrcCommand: ToolEmbed: add support for 'log' option
  • 9fff7fe OrcCommand: RegInfo: add support for 'log' option
  • 5b8e7e7 OrcCommand: ObjInfo: add partial support for 'log' option
  • 3d88459 OrcCommand: GetSectors: add partial support for 'log' option
  • 9e3c181 OrcCommand: FatInfo: add support for 'log' option
  • 9d43a50 OrcCommand: FastFind: add support for 'log' option
  • fc89ff1 OrcCommand: GetSamples: forward log options to 'GetThis'
  • 1c9bcdc OrcCommand: GetSamples: add support for 'log' option
  • d926c91 OrcCommand: NtfsUtil: add support for 'log' option
  • e050309 OrcCommand: GetThis: add support for 'log' option
  • b92174a OrcCommand: NtfsInfo: add support for 'log' option
  • e47d8eb OrcCommand: WolfLauncher: add support for 'log' option
  • 4390270 OrcLib: move config related files into Configuration/
  • 407e9c7 OrcLib: ConfigItem: add std::wstring_view overloads
  • eb22f65 Docs: Design: Log: rename spdlog_backtrace to Backtrace
  • ce6b0f3 OrcLib: Log: add function 'DefaultFacility'
  • f87e6e8 OrcLib: Log: Facility: add alias to Facility
  • 15705cf OrcLib: Log: add to sink custom backtrace trigger level support
  • a87bd4d OrcCommand: UtilitiesMain: print log file value with common parameters
  • 11c0bbe OrcCommand: UtilitiesMain: use UtilitiesLoggerConfiguration for early log level
  • 7759094 OrcCommand: Log: add UtilitiesLoggerConfiguration
  • 36b951d OrcLib: OutputSpec: add conversion functions for Text::Encoding
  • 1803a40 OrcLib: Text: add enum class Encoding
  • 15ea817 OrcLib: Log: FileSink: change default memory buffer to 16384
  • 5270dfe OrcLib: Log: FileSink: Open: add parameter FileDisposition
  • 8e9bf4a OrcLib: OutputSpec: add conversion functions for FileDisposition
  • f925e31 OrcLib: add enum class FileDisposition
  • a324640 OrcCommand: UtilitiesMain: move Configure into source file
  • 46aaa4e OrcCommand: UtilitiesLogger: use enum class Level
  • 6b90c5d OrcLib: Log: add enum class Level
  • ffbdea7 OrcCommand: UtilitiesLogger: move into 'log' directory
  • ac546d4 Remove dead code
  • 1f50051 OrcCommand: WolfLauncher: Journal: rename namespace
  • 4bd1dd7 OrcCommand: move Output/Console/Journal.h into Command/WolfLauncher
  • 541d3da OrcLib: Text: Console: rename namespace
  • 364b0f1 Move Output/Console/* to Text/
  • 319eb3b Fix build with new Iconv path
  • c413ed2 OrcLib: move Utils/Iconv to Text/Iconv
  • 3eb9fc5 Fix build with new Text path
  • c081dc8 Move Output/Text to Text
  • 518f4b4 OrcLib: ByteStream: add Clone() method to select Streams
  • c52b401 OrcLib: DriverMgmt: add OpenDevicePath
  • 5e6b3a2 OrcLib: DriverMgmt: add GetDriver
  • c12489c OrcLib: DriverMgmt: add DisableStart
  • 08e5c26 OrcLib: DriverMgmt: rename GetDriver to AddDriver
  • e979442 OrcLib: DriverMgmt: add enum class DriverStatus instead of ServiceStatus
  • 965ca2f Replace std::filesystem throwing functions with std::error_code match
  • 3c625eb OrcLib: FuzzyHash: add preprocessor ORC_BUILD_TLSH
  • 2018813 OrcLib: remove ImportAgent
  • f2b1d91 OrcCommand: remove ExtractData
  • 9a61c94 OrcCommand: WolfLauncher: remove 'AddProcessStatistics'
  • 3d2edeb OrcCommand: WolfLauncher: remove 'AddJobStatistics'
  • cb77b5e OrcCommand: WolfLauncher: generate and upload outcome
  • 50eb24c OrcCommand: WolfLauncher: add Outcome
  • 7a7eae1 OrcLib: ArchiveNotification: remove m_commandSet
  • 97948ab OrcCommand: WolfLauncher: WolfTask: print cpu/memory starvations in journal
  • 26f9a0b OrcCommand: WolfLauncher: WolfTask: store IoCounters
  • 589de7f OrcCommand: WolfLauncher: WolfTask: store process times
  • 606880f OrcCommand: WolfLauncher: WolfTask: store process command line
  • 45d077e OrcCommand: WolfLauncher: coding style
  • c6c5f59 OrcCommand: WolfLauncher: fix build with new paths
  • eb3a83f OrcCommand: WolfLauncher: move sources to dedicated directory
  • 116aab0 OrcCommand: WolfLauncher: Outline: add mothership sha256
  • 9835a89 OrcCommand: WolfLauncher: Outline: rename 'dfir_orc_id' to 'version'
  • 234b8f0 OrcCommand: WolfLauncher: Outline: move version to root node
  • aa7d7ec Update log messages
  • d9b1e2c OrcCommand: Journal: fix namespace
  • 70d1fc2 OrcCommand: Console: Journal: fix ISO8601 timestamp
  • e9ac8c4 OrcCommand: WolfLauncher: Outline: use ISO8601 timestamp
  • 423958e OrcLib: SystemDetails: add GetTimeStampISO8601
  • 36cfc2a OrcLib: SystemDetails: store timestamp as SYSTEMTIME
  • b20e8e7 Revert "OrcLib: Log: Sink: add wostream_sink"
  • 8d7c714 OrcLib: Log: Sink: add wostream_sink
  • 8ca11b5 OrcLib: Log: FileSink: add method 'OutputPath' to return absolute file path
  • e0f52a1 OrcLib: Log: add function and method Flush
  • 92a756f OrcLib: Log: always close file on destruction
  • aaba92b OrcLib: move WinApiHelper to Utils/WinApi
  • 988fe17 OrcLib: WinApi: add GetModuleFileNameExApi
  • 8bfa2ff OrcLib: WinApi: add GetModuleFileNameApi
  • 2053818 OrcLib: Text: Fmt: add specialization for Result
  • b4e00ee OrcLib: Text: Print: fix optional handling
  • f9b13f4 OrcLib: Utils: add Time.cpp, Time.h
  • dfd7eab OrcLib: Utils: Result: add alias Success
  • 847a254 OrcLib: Utils: Result: add ToOptional(Result&)
  • 0825d42 OrcLib: Utils: Guard: FileHandle: add bool overload and method IsValid
  • 837194d OrcLib: Utils: Guard: FileHandle: add 'HANDLE operator*()'
  • 1dbf892 OrcLib: Utils: Guard: rename ScopeGuard to Scope
  • 22f666a OrcLib: StructuredOutput: IWriter: add alias 'Ptr'
  • c35ce29 OrcLib: SystemDetails: add missing filesystem include
  • 23433d2 OrcLib: JSONOutputWriter: improve empty string handling
  • 5d00ebd OrcLib: JSONOutputWriter: add method 'Close()'
  • 72a761e OrcLib: WinApiHelper: fix missing return on error path
  • 7b3c214 OrcLib: fix collisions with some Microsoft macros
  • 23cc256 OrcLib: fix build with ssdeep enabled
  • 442e164 cmake: remove boost-format as uneeded dependency
  • 0a02f5d vcpkg: update for xp compatibility _WIN32_WINNT=0x0501
  • b40aee3 cmake: vcpkg: add to preprocessor WINVER, _WIN32_WINNT, NTDDI_VERSION
  • 88981a5 cmake: Orc: add preprocessor WINVER, _WIN32_WINNT, NTDDI_VERSION
  • db26485 cmake: Orc: add preprocessor _SILENCE_ALL_CXX17_DEPRECATION_WARNINGS
  • 44e9125 cmake: add a warning message about Visual Studio required language (vcpkg)
  • 64f0d5d cmake: add windows version requirement for ApacheOrc
  • ec9ab95 OrcCommand: UtilitiesMain: add InputDirOption()
  • 713ad88 Revert "OrcCommand: UtilitiesMain: remove OutputFileOption and OutputDirOption"
  • f019d6f Merge branch 'main' into release/10.1.x
  • 932588c changelog: update for 10.1.0-rc3
  • 4e1bf22 OrcLib: Console: do not output '\0'
  • 138251d OrcLib: Archive: Appender: fix compression level missuse
  • d30d2db OrcLib: update some log messages
  • 245004f OrcCommand: WolfLauncher: print "Ended" line with stats in the journal
  • 3637886 OrcCommand: WolfLauncher: add empty line between commands output
  • e9b26cb OrcLib: Utils: EnumFlags: fix operator& and operator~
  • ab33fc3 Revert "OrcLib: Utils: EnumFlags: fix operator&"
  • 8ccc6b7 OrcLib: Utils: EnumFlags: fix operator&
  • 782eb29 OrcCommand: GetSectors: fix missing lvalue causing getBootDiskName failure
  • 81413c8 OrcLib: SystemIdentity: fix incorrect error check leading to missing info
  • 916f079 OrcCommand: WolfExecution: fix possible nullptr deref on error path
  • 1b963b4 OrcLib: Log: FileSink: use base_sink mutex for synchronisation
  • accab5e OrcLib: Log: Sink: remove ByteStreamSink
  • a42fa49 OrcCommand: WolfLauncher: capture console output as log
  • 22b82f9 OrcLib: Log: add SpdlogLogger and SpdlogSink wrappers
  • 98fd85f OrcLib: Log: move sink implementations into Sink directory
  • c7207da OrcCommand: UtilitiesLogger: add support for SPDLOG_LEVEL env variable
  • 03a0a4c OrcLib: Console: also duplicate emtpy lines into the logs
  • ff0330c OrcLib: Log: Logger: DumpBackTrace: set temporarly logger level to trace
  • 31d3457 OrcLib: Log: FileSink: simplify set_pattern_ with set_formatter_ wrapper
  • 9853404 Log: remove useless messages
  • a644ae2 OrcLib: Console: set console output redirection to info log level
  • b30f648 OrcLib: Log: Logger: fix missing default log level for file facility
  • ac8ea90 OrcLib: Log: Logger: remove useless m_loggers array entry
  • 3333a1f OrcLib: Text: Print: rename kStringEmpty to kEmpty
  • 5a17893 OrcCommand: Text: Fmt: add WolfPriority
  • e43c3e4 OrcLib: Text: Print: replace Print overloads with specialization
  • 93550d4 Merge branch 'main' into release/10.1.x
  • 03e45c4 changelog: update for 10.1.0-rc2
  • 8d6802f OrcLib: MFTRecordFileInfo: fix null pointer dereference
  • 2eedb25 OrcCommand: WolfTask: lower 'Hanged' logs to 'Error' level
  • 6f148c9 OrcLib: Logger: fix typo on ORC_BUILD_BOOST_STACKTRACE
  • 1c23b12 OrcLib: Fmt: ByteQuantity: fix array bound check
  • 19845be fix warning LNK4221
  • e8e0a30 OrcCommand: Journal: fix output column size
  • facb7c9 OrcCommand: WolfLauncher: print file size when added to upload queue
  • 873a38f OrcCommand: WolfExecution: print archive file size once completed
  • 132f49f OrcCommand: WolfExecution: print real file size when added for compression
  • 7a8a671 Merge branch 'jean/log' into main
  • 06eeafb vcpkg: update for spdlog
  • 2fc5d4d OrcLib: Log: use perfect forwarding for wrappers
  • 0c9cbcd OrcLib: CommandMessage: fix 'StdOutErr' configuration option
  • 9d52a64 tools: ci: build: add parameters missing description
  • 92cb8fc OrcLib: Print: Filter: fix PrintValue output
  • 1b9f564 OrcLib: fix calling convention mismatch on x86 caused by macro
  • fb5b061 OrcCommand: UtilitiesMain: add critical log on all error execution path
  • 00060bb OrcLib: ZipCreate: fix CComPtr use
  • 1664dd5 OrcCommand: fix custom formatter shadowed by ostream
  • 9e45bdf OrcLib: FileInfo: remove trailing '' from ParentName
  • 0d73e1f OrcCommand: GetSamples: autorunsc: use UTC time output
  • 7232a64 OrcCommand: fix partially ignored /Computer, /FullComputer, /SystemType
  • c3e893d OrcCommand: UtilitiesMain: remove OutputFileOption and OutputDirOption
  • ae99bf1 OrcLib: Fmt: error_code: display as unsigned errors from system category
  • 502cfa3 OrcCommand: WolfLauncher: add missing usage options
  • dbb45b8 OrcCommand: add missing usage option 'Compression'
  • b0b6903 README: update azure badge
  • fa337c6 changelog: update with 10.1.0-rc1
  • b40d5a3 ci: azure: add additional artifact repository
  • 6f127fa ci: azure: use binary caching with Azure Artifacts
  • 5476a27 OrcParquetLib: fix build for vcpkg 2020.11-1
  • 12e27c6 OrcLib: fix build for fmt 7.1.2
  • a08a8f8 cmake: fix Arrow for vcpkg 2020.11-1
  • 14a2e13 tools: rcedit: fix CompressionType parsing for vcpkg 2020.11-1
  • 8d09edd vcpkg: update to 2020.11-1
  • 764b9d7 tools: ci: build: update documentation
  • d28b564 tools: ci: build: add switch -SSDeep
  • a4850da tools: ci: build: check -Clean for error
  • 4b4b4cf tools: ci: build: display cmake version
  • 97707e1 tools: ci: build: stop on any error
  • dea730a tools: ci: build: stop changing working directory for cmake execution
  • ad6ef3b tools: ci: build: enforce some parameter case sensitivity
  • 4455fb5 tools: ci: build: fix path quoting
  • f47d928 tools: ci: build: move Find-CMake out of a loop
  • 7e42da4 tools: ci: build: add option to specify vcpkg root directory
  • 4d9173c tools: rcedit: use inherited CMAKE_MSVC_RUNTIME_LIBRARY
  • 1092275 cmake: update install layout
  • fe15397 OrcLib: fix calling convention mismatch on x86 caused by macro
  • 353430b cmake: fix C4995 triggered by fmt 7.0.0
  • 74ffa5e cmake: clang: disable warning C4995 for compatibility
  • e22343a OrcLib: BITSAgent: set expected failure log to debug
  • 95721fb log: add strong typing to HRESULT in log messages
  • 3ba448b cmake: add option ORC_BUILD_BOOST_STACKTRACE
  • 2f53123 Revert "cmake: add option ORC_BUILD_BACKTRACE to disable boost::stacktrace"
  • 16850e4 Merge branch 'fabienfl/getthis' into fabienfl/spdlog
  • 068ae22 OrcCommand: GetThis: use Archive7z
  • b2628c6 OrcLib: Archive: add Archive7z
  • 868ca46 OrcCommand: GetThis: disable FileFinder match storage
  • f506d7d OrcCommand: GetThis: add WriteSample completion callback
  • 42b1fa0 OrcCommand: GetThis: add CreateSample
  • ce5166d OrcCommand: GetThis: add CreateUniqueSampleName
  • e46a65c OrcCommand: GetThis: refactor CreateSampleFileName
  • 0101dcd OrcCommand: GetThis: ConfigureSampleStream refactor
  • adeae8f OrcCommand: GetThis: move RegFlushKey to anonymous namespace
  • 0c81463 OrcCommand: GetThis: refactor FindMatchingSamples & AddSamplesForMatch
  • c936dcf OrcCommand: GetThis: FindMatchingSamples: coding style
  • f55203c OrcCommand: GetThis: refactor CollectMatchingSamples
  • b85db17 OrcCommand: GetThis: replace 'enum ContentType' with 'enum class'
  • f3cf6af OrcLib: CsvFileWriter: call WriteNothing if Write* argument is empty
  • 6fbf7ac OrcCommand: GetThis: refactor AddSampleRefToCSV
  • e31ae8b OrcCommand: GetThis: refactor CreateOutputDirLogFileAndCSV
  • 109f178 Merge branch 'jean/structured' into fabienfl/spdlog
  • a37bb23 OrcCommand: GetThis: refactor CreateArchiveLogFileAndCsv
  • 3f5d388 OrcLib: SystemDetails: generalize Service Packs in SystemDetails
  • c70f89a OrcLib: rename class Archive to OrcArchive for new namespace Archive
  • 1862e0f OrcLib: Temporary: improve temporary folder deletion
  • 7a78990 OrcLib: JobObject: improve log messages
  • e94897e OrcLib: Enable multi-files extension dlls
  • 3993a13 OrcLib: EmbeddedResource: modify EmbedType to an enum class

This list of changes was auto generated.

Assets 10