krabsetw icon indicating copy to clipboard operation
krabsetw copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Compilation error with Windows Kit 8.1 (EventNameOffset)

Open pierricgimmig opened this issue 3 years ago • 3 comments

The EventNameOffset property of TRACE_EVENT_INFO was added in "Windows 10 Fall Creators Update (2017)" as this comment suggests. Should Windows 10 be a requirement for krabsetw, or should the use of EventNameOffset be "ifdefed" out for earlier versions of the Windows SDK?

pierricgimmig avatar Sep 28 '21 15:09 pierricgimmig

Hi @pierricgimmig, yes - the Windows 10 SDK is a requirement for compiling against the krabsetw headers today. Is this a blocker for your application? Would love to learn more so we can consider alternate approaches. Thanks!

swannman avatar Oct 08 '21 15:10 swannman

Hi @swannman , thanks for the info. It is not a blocker for us, no. It came up when compiling on a machine that used the Windows 8.1 SDK, but it was easily fixed by switching to the Windows 10 version, which was already installed.

In krabsetw's README however, we can see:

krabsetw and Microsoft.O365.Security.Native.ETW are only supported on Windows 7 or Windows 2008R2 machines and above.

Maybe this should be updated? Or would a compiled application still work on Windows 7?

pierricgimmig avatar Oct 14 '21 00:10 pierricgimmig

Thanks for the clarification! The compiled binary will work on Windows 7/2008 R2 and above.

swannman avatar Oct 14 '21 15:10 swannman