Thread: [sleuthkit-users] Sleuthkit & Autopsy on AMD64
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users
|
From: Paul S. <pa...@vn...> - 2004-04-02 03:31:00
|
Hello, Just got a brand new shiny amd64 system and I'm trying to compile sleuthkit. I also realize that this may not have been done before, but I'm hoping it has :-) Anyhow, I'm not positive, but I don't think I've had to compile anything on this system yet so I could simply be missing some libraries, but it doesn't look like that to me. I'm running Mandrake 9.2 for AMD64 (10 is still beta for AMD64) "uname -a" gives the following output: Linux Pluto 2.4.22-24mdk #1 Tue Nov 4 15:08:30 CET 2003 x86_64 unknown unknown GNU/Linux I downloaded (and verified) sleuthkit-1.68, and when I run install, I get the following output: cd src/fstools; make "CC=gcc" MAKELEVEL= gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"1.68\" -I../misc -O -Wall -g -c -o fs_buf.o fs_buf.c gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"1.68\" -I../misc -O -Wall -g -c -o fs_inode.o fs_inode.c gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"1.68\" -I../misc -O -Wall -g -c -o fs_io.o fs_io.c gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"1.68\" -I../misc -O -Wall -g -c -o fs_open.o fs_open.c gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"1.68\" -I../misc -O -Wall -g -c -o fs_dent.o fs_dent.c gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"1.68\" -I../misc -O -Wall -g -c -o fs_types.o fs_types.c gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"1.68\" -I../misc -O -Wall -g -c -o fs_data.o fs_data.c gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"1.68\" -I../misc -O -Wall -g -c -o mylseek.o mylseek.c mylseek.c: In function `_llseek': mylseek.c:34: error: `__NR__llseek' undeclared (first use in this function) mylseek.c:34: error: (Each undeclared identifier is reported only once mylseek.c:34: error: for each function it appears in.) make: *** [mylseek.o] Error 1 make: *** [defs] Error 2 make: *** [no-perl] Error 2 There was some other stuff above this that looked like it worked OK, so I'm only including what I think is pertinent. Any help appreciated, Paul |
|
From: Brian C. <ca...@sl...> - 2004-04-02 14:39:41
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 1, 2004, at 10:30 PM, Paul Stillwell wrote: > Hello, > > Just got a brand new shiny amd64 system and I'm trying to compile > sleuthkit. > I also realize that this may not have been done before, but I'm hoping > it has > :-) Anyhow, I'm not positive, but I don't think I've had to compile > anything > on this system yet so I could simply be missing some libraries, but it > doesn't look like that to me. This is a known issue. I just added a sourceforge bug for it (#928278), which I should have done a few weeks ago. The lseek error is fairly easy to fix, but some of the casting warnings / errors are going to be more tricky. I'm not sure if I really want to tackle it until I start with v2 of TSK which will get rid of some of the platform dependent size issues. I also don't have a 64-bit machine, so that makes it hard. I think sourceforge has one in their compiler farm though. brian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFAbXsgOK1gLsdFTIsRAtOZAJ9+1/JdPCSXM9OT3tct6vi/WgyNpQCeK+QK Sbu42AyRFuLc+rw6vqD68SU= =0jpN -----END PGP SIGNATURE----- |
|
From: Paul S. <pa...@vn...> - 2004-04-09 14:56:11
|
=2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just as a follow up ...=20 I compiled TSK 1.68 (static) on a suse 9.0 32 bit system and transferred t= he=20 binaries over to the Mandrake 9.2 AMD64 system, and then ran make for Autop= sy=20 2.0 on the AMD64 system pointing to the transferred files. It all seems to= =20 work so far without issues. The logic behind this? AMD64 systems are=20 supposed to be 32bit binary compatible... so are the O/S's that run on=20 them... so far, it seems to hold true :-)=20 If anyone knows of any issues I may introduce by doing this, please let me= =20 know. Thanks, Paul On April 1, 2004 10:30 pm, Paul Stillwell wrote: > Hello, > > Just got a brand new shiny amd64 system and I'm trying to compile > sleuthkit. I also realize that this may not have been done before, but I'm > hoping it has > > :-) Anyhow, I'm not positive, but I don't think I've had to compile > : anything > > on this system yet so I could simply be missing some libraries, but it > doesn't look like that to me. > > I'm running Mandrake 9.2 for AMD64 (10 is still beta for AMD64) > > "uname -a" gives the following output: > Linux Pluto 2.4.22-24mdk #1 Tue Nov 4 15:08:30 CET 2003 x86_64 unknown > unknown GNU/Linux > > I downloaded (and verified) sleuthkit-1.68, and when I run install, I get > the following output: > > cd src/fstools; make "CC=3Dgcc" MAKELEVEL=3D > gcc -DLINUX2 -D_FILE_OFFSET_BITS=3D64 -D_LARGEFILE64_SOURCE -DVER=3D\"1.6= 8\" > -I../misc -O -Wall -g -c -o fs_buf.o fs_buf.c > gcc -DLINUX2 -D_FILE_OFFSET_BITS=3D64 -D_LARGEFILE64_SOURCE -DVER=3D\"1.6= 8\" > -I../misc -O -Wall -g -c -o fs_inode.o fs_inode.c > gcc -DLINUX2 -D_FILE_OFFSET_BITS=3D64 -D_LARGEFILE64_SOURCE -DVER=3D\"1.6= 8\" > -I../misc -O -Wall -g -c -o fs_io.o fs_io.c > gcc -DLINUX2 -D_FILE_OFFSET_BITS=3D64 -D_LARGEFILE64_SOURCE -DVER=3D\"1.6= 8\" > -I../misc -O -Wall -g -c -o fs_open.o fs_open.c > gcc -DLINUX2 -D_FILE_OFFSET_BITS=3D64 -D_LARGEFILE64_SOURCE -DVER=3D\"1.6= 8\" > -I../misc -O -Wall -g -c -o fs_dent.o fs_dent.c > gcc -DLINUX2 -D_FILE_OFFSET_BITS=3D64 -D_LARGEFILE64_SOURCE -DVER=3D\"1.6= 8\" > -I../misc -O -Wall -g -c -o fs_types.o fs_types.c > gcc -DLINUX2 -D_FILE_OFFSET_BITS=3D64 -D_LARGEFILE64_SOURCE -DVER=3D\"1.6= 8\" > -I../misc -O -Wall -g -c -o fs_data.o fs_data.c > gcc -DLINUX2 -D_FILE_OFFSET_BITS=3D64 -D_LARGEFILE64_SOURCE -DVER=3D\"1.6= 8\" > -I../misc -O -Wall -g -c -o mylseek.o mylseek.c > mylseek.c: In function `_llseek': > mylseek.c:34: error: `__NR__llseek' undeclared (first use in this functio= n) > mylseek.c:34: error: (Each undeclared identifier is reported only once > mylseek.c:34: error: for each function it appears in.) > make: *** [mylseek.o] Error 1 > make: *** [defs] Error 2 > make: *** [no-perl] Error 2 > > > There was some other stuff above this that looked like it worked OK, so I= 'm > only including what I think is pertinent. > > Any help appreciated, > > Paul > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=3D1470&alloc_id=3D3638&op=3Dcli= ck > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAdrljbu2E+kpEvNgRAgD4AKCcSAn55t5Gsdfvd4q30Di0vvyL9gCffS+8 Y4Axwba+Qh9XI3uhMyY09dE=3D =3DXli5 =2D----END PGP SIGNATURE----- |
|
From: <hl...@kr...> - 2004-04-09 17:51:13
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/4-2004, at 16.55, Paul Stillwell wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Just as a follow up ... > > I compiled TSK 1.68 (static) on a suse 9.0 32 bit system and=20 > transferred the > binaries over to the Mandrake 9.2 AMD64 system, and then ran make for=20= > Autopsy > 2.0 on the AMD64 system pointing to the transferred files. It all=20 > seems to > work so far without issues. The logic behind this? AMD64 systems are > supposed to be 32bit binary compatible... so are the O/S's that run on > them... so far, it seems to hold true :-) > > If anyone knows of any issues I may introduce by doing this, please=20 > let me > know. > Even though it is nice to have this confirmed you should IMHO think more about what you DO than just guessing and throwing out wild speculations, questions and spreading what could be FUD about=20 autopsy - - people might just remember "sleuthkit & AMD64 =3D problems" the Internet is a bitch that way ;-) Please read this the right way and dont take the criticism to hard ... I recently bought an Athlon64 system to run OpenBSD, knowing that OpenBSD can run both as amd64 or the GENERIC i386 binaries - - this works as expected, this IS one of the main reasons to buy this, so leave out the "supposed to be" it IS compatible If I decide to experiment with software on amd64 I would RATHER assume that the operating system is doing "strange stuff" than thinking that I have discovered problems with the software at hand. Especially "good stuff" like Autopsy and TASK which REALLY rocks and works great on multiple platforms. I for one would EXPECT small problems and quirks compiling software on amd64 as this is a rather new platform. So I would NOT start using this for production before I had confirmed that I knew how to fix small compile problems. On a sidenote I am willing to donate $100 or a bit more for Brian to get amd64 platform to test on Brian: can you get a price on a CPU and motherboard for you to play=20 with? Best regards Henrik PS I haven't actually tried autopsy and sleuthkit on my amd64 yet, but expect them to behave on my OpenBSD ;-) - -- Henrik Lund Kramsh=F8j, cand.scient, CISSP e-mail: hl...@se..., tlf: 2026 6000 www.security6.net - IPv6, sikkerhed, netv=E6rk og UNIX -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFAduKLIaZGm9HvuqYRAvXCAJ9aEqEHlH0CIM5BqWHxpkzA07FM6ACfZNn+ scXJjk+OEXTqzq4/6Sux5qY=3D =3DIH3M -----END PGP SIGNATURE----- |
|
From: Brian C. <ca...@sl...> - 2004-04-10 18:36:21
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > On a sidenote I am willing to donate $100 or a bit more for Brian to > get amd64 platform to test on > Brian: can you get a price on a CPU and motherboard for you to play > with? Thank you for the offer, but the wonderful resources at source forge include an AMD64 system with SuSe in the compile farm: http://sourceforge.net/docman/display_doc.php? docid=762&group_id=1#platforms There are a couple of other things I need to change in the code for v2 with variable sizes before I can focus on doing the 64-bit changes correctly. brian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFAeD6cOK1gLsdFTIsRAmhAAJ0ZxS3i32fLkNY4eAEO0KA4RQiqmwCfY0eR X4kJXZ0NGwlAS4AY7NrRevw= =wdtO -----END PGP SIGNATURE----- |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X