Unable to build trailofbits on windows 10 with Visual Studio 16 2019

[chouchouzzj]

Well , base on https://github.com/trailofbits/osquery-extensions/blob/master/README.md

# Follow https://osquery.readthedocs.io/en/latest/development/building/

# and stop before the configure step

d:
git clone --recurse-submodules https://github.com/trailofbits/osquery-extensions.git

cd d:\osquery
New-Item -ItemType SymbolicLink -Name external\extension_trailofbits -Target d:\osquery-extensions

cd d:\build
# Resume following the osquery build guide
cmake ../osquery/ -G "Visual Studio 16 2019" -A x64
cmake --build . --config Release --target package

And here are the errors:
Libtsk.lib (db_sqlite. Obj) : Error LNK2038: "RuntimeLibrary" mismatch detected:Value "MT_StaticRelease" mismatch value "MD_DynamicRelease" (in osquery_extension_group_main.obj) [D:\build\External\extension_trailofbits\ trailofbits_osquery_extensions.vcxProj]
Libcpmt.lib (xstol. Obj) : Error LNK2038: "RuntimeLibrary" mismatch detected:Value "MT_StaticRelease" mismatch value "MD_DynamicRelease" (in osquery_extension_group_main.obj) [D:\build\External\extension_trailofbits\ trailofbits_osquery_extensions.vcxProj]

Well I set the properties of project trailofbits_osquery_extensions by VS2019 [ "Visual Studio 16 2019" ]
Project -> properties -> configuration -> general -> configuration type :
change it from application (.exe) to Static libraries (.lib)
and , It works!

218>trailofbits_osquery_extensions.vcxproj -> D:\build\external\extension_trailofbits\Debug\trailofbits_osquery_extensions.ext.exe

But, It's too early to laugh.....
I installed osquery-4.5.1.msi into path c:\osquery
and copied trailofbits_osquery_extensions.ext.exe to c:\osquery
but, while I am running this:
.\osqueryi.exe --allow_unsafe --disable_extensions=false --extension .\trailofbits_osquery_extensions.ext.exe

here is the return:

c:\osquery>.\osqueryi.exe --allow_unsafe --disable_extensions=false --extension .\trailofbits_osquery_extensions.ext.exe
Using a �[1mvirtual database�[0m. Need help, type '.help'
osquery> E1219 15:45:59.234822 19408 watcher.cpp:653] Cannot create extension process: .\trailofbits_osquery_extensions.ext.exe
c:\osquery>

Anyway ,thanks for reading..
but, anyone can tell me how to build and run it correctly??????
help me.... T_T

[mike-myers-tob]

Hi @chouchouzzj ! There was a change upstream that recently started to link the C runtime library dynamically instead of statically on Windows. It has been fixed, so I will test now if we can build our extensions against the latest osquery upstream Master branch.

[mike-myers-tob]

Yep! That was it. Check out the latest core osquery and try again, or pull the latest changes into your branch. It should work.

PS C:\Projects\osquery\build> .\osquery\RelWithDebInfo\osqueryi.exe --allow_unsafe --disable_extensions=false --extension .\external\extension_trailofbits\RelWithDebInfo\trailofbits_osquery_extensions.ext.exe
Using a �[1mvirtual database�[0m. Need help, type '.help'
osquery> SELECT * FROM HostBlacklist;
+---------+---------------------------+--------------+----------------+-----------+
| address | domain                    | sinkhole     | firewall_block | dns_block |
+---------+---------------------------+--------------+----------------+-----------+
|         | bitbucket.corp.ncrypt.com | 10.130.21.63 |                | UNMANAGED |
+---------+---------------------------+--------------+----------------+-----------+
osquery> .version
osquery 4.6.0-13-g6e9f8720
using SQLite 3.34.0