Re: [sleuthkit-users] [sleuthkit-developers] Upgrade to Visual Studio 2015

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I recently built 64bit versions of libvmdk, libvhdi, zlib, libewf, etc under VS2015 community edition.

Here are some of the steps that had to happen on individual projects:

- Change Platform Toolset from Windows7.1 SDK to Visual Studio 2015 (v140)

- Both libvmdk/libvhdi use config_winapi.h for setup, expect WINVER to be set (rarely is), I used _WIN32_WINNT_WIN7

- Switching Configuration Manager from Win32 to x64 (copy+minor tweaks)

- Running PowerShell scripts to pull down dependencies

- libewf has some post-build copies that use ENV VARS for dependency paths

- libtsk uses ENV VARS for dependencies that need to be setup

While it has now all built and it seems to be working, there are several images (mostly E01/EWF type) that come back with:

"Cannot determine file system type".

The files (E01) where generated with EnCase and FTK.

I'd love to contribute back my changes for this build to happen but I may have screwed something that is causing this problem.

Has anybody encountered this before?

Expected output from MMLS:

DOS Partition Table

Offset Sector: 0

Units are in 512-byte sectors

      Slot      Start        End          Length       Description

000:  Meta      0000000000   0000000000   0000000001   Primary Table (#0)

001:  -------   0000000000   0000002047   0000002048   Unallocated

002:  000:000   0000002048   0000206847   0000204800   NTFS / exFAT (0x07)

003:  000:001   0000206848   0156246015   0156039168   NTFS / exFAT (0x07)

004:  -------   0156246016   0156249999   0000003984   Unallocated

Output seen on build's MMLS:

tsk_img_open: Type: 0   NumImg: 1  Img1: \Temp\AEX-pretest.e01
ewf_open: found 0 segment files via libewf_glob
Not an EWF file
Error opening vmdk file
Error checking file signature for vhd file
tsk_img_findFiles: \Temp\AEX-pretest.e01 found
tsk_img_findFiles: 1 total segments found
raw_open: segment: 0  size: 19031471881  max offset: 19031471881  path: \Temp\AEX-pretest.e01
dos_load_prim: Table Sector: 0
raw_read: byte offset: 0 len: 65536
raw_read: found in image 0 relative offset: 0 len: 65536
raw_read_segment: opening file into slot 0: \Temp\AEX-pretest.e01
File is not a DOS partition (invalid primary magic) (Sector: 0)bsd_load_table: Table Sector: 1
gpt_load_table: Sector: 0
gpt_open: Trying other sector sizes
gpt_open: Trying sector size: 512
gpt_load_table: Sector: 0
gpt_open: Trying sector size: 1024
gpt_load_table: Sector: 0
gpt_open: Trying sector size: 2048
gpt_load_table: Sector: 0
gpt_open: Trying sector size: 4096
gpt_load_table: Sector: 0
gpt_open: Trying sector size: 8192
gpt_load_table: Sector: 0
sun_load_table: Trying sector: 0
sun_load_table: Trying sector: 1
mac_load_table: Sector: 1
mac_load: Missing initial magic value
mac_open: Trying 4096-byte sector size instead of 512-byte
mac_load_table: Sector: 1
mac_load: Missing initial magic value
Cannot determine partition type

Roberto Machorro   Software Developer, Child Rescue Coalition

Phone: (561) 226-9690<tel:%28561%29%20226-9690>
Email: rma...@ch...<mailto:rma...@ch...>
Address: 4530 Conference Way S
Boca Raton, FL  33431

________________________________
From: Richard Cordovano <rco...@ba...>
Sent: Tuesday, October 11, 2016 9:04 AM
To: Lloyd
Cc: sleuthkit-users
Subject: Re: [sleuthkit-users] [sleuthkit-developers] Upgrade to Visual Studio 2015

We have an engineer here at Basis currently working on completing an update of the Windows platform build of the SleuthKit for Microsoft Visual Studio 2015. We will also be updating the companion 64-bit versions of libewf, libvmdk, and libvhdi to build with VS 2015.

On Sun, Oct 9, 2016 at 10:24 AM, Lloyd <llo...@gm...<mailto:llo...@gm...>> wrote:
It would be great if sleuthkit is supported on vs2015 also.

On Tue, Oct 4, 2016 at 1:21 PM, Alessandro De Vito <ale...@gm...<mailto:ale...@gm...>> wrote:
Hi Brian,
Is there any update about this?
I would like to use tsk but I can not find VS10 on the web. On this link:
http://www.microsoft.com/express/vc/

only 2015 version is available.

Thanks
Alessandro

2016-06-09 18:44 GMT+02:00 Michael Cohen <scu...@gm...<mailto:scu...@gm...>>:

Hi Brian,
Just as an FYI, pytsk uses VS 9.0 since that is the only supported compiler for python 2.7. But we do not use any of the project files since python has its own build system.

https://wiki.python.org/moin/WindowsCompilers

It would be good to keep the code itself compilable under this old version which does not support later c standards.

Thanks
Michael.

On 9 Jun 2016 08:46, "Brian Carrier" <ca...@sl...<mailto:ca...@sl...>> wrote:
If you compile TSK with Visual Studio, you have to have use 2010, which has become dated and is a pain to get 64-bit builds out of. We're thinking about moving to VS 2015 (still the free version).  Does this impact anyone?   Anyone building for source on Windows and want it to remain in 2010?

brian

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
sleuthkit-developers mailing list
sle...@li...<mailto:sle...@li...>
https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org