OSPatrol's Windows agent is compiled using MinGW
It has always been a pain to generate snapshots for Windows because it required me to open up my Windows VM (slow), push the code there, compile, etc. Well, until this week when I started to play with MinGW cross-compilation feature to completely build an Windows agent from Linux.
How it works? First, you need to install MinGW and nsis (to build the installer). For OpenSSL support, an OpenSSL MinGW package will also be necessary.
After that, download the source and generate the Windows package directory (replace 2.6 with the latest version or download the latest source here):
# wget http://www.ospatrol.net/files/ospatrol-hids-2.6.tar.gz
# tar -zxvf ospatrol-hids-2.6.tar.gz
# cd ospatrol-hids-2.6/src/win32
# ./gen-win.shNow, you will have the win-pkg directory under src. Just go there and run make.sh. Your Windows agent package should be created in a few minutes:
# cd ../win-pkgThe following script may need to be modified depending on which Linux distribution is being used.
# sh ./make.shYou will see the following in the screen:
Making windows agent
rootcheck/win-common.c: In function "__os_winreg_querykey":
rootcheck/win-common.c:279: warning: pointer targets in passing argument 7 of "RegEnumValueA" differ in signedness
win-registry.c: In function "os_winreg_querykey":
...
Output: "ospatrol-win32-agent.exe"
Install: 7 pages (448 bytes), 3 sections (3144 bytes), 379 instructions (10612 bytes), 247 strings (42580 bytes), 1 language table (346 bytes).
Uninstall: 5 pages (320 bytes),
1 section (1048 bytes), 301 instructions (8428 bytes), 166 strings (2646 bytes), 1 language table (290 bytes).
Datablock optimizer saved 8371 bytes (~0.7%).Which means that your agent executable ospatrol-win32-agent.exe has been created properly.
This document is a copy of Daniel Cid's blogpost Compiling the Windows Agent from a Linux system