Nedim Šabić²
Nedim Šabić²
Hey @Swar2424, I did a bit of triaging to narrow down the root cause. The problem occurs when a certain event type parameter is decoded. I'm suspecting the parameter is...
@Swar2424 I really appreciate the repro and the offending capture file. My wild guess is that the registry binary value size is producing an overflow by exceeding the maximum parameter...
Thanks for the bug report. Could you try to run the filament by including an additional flag? ``` fibratus run --forward -f myFilament ```
Sadly, I don't have any strong evidence to explain the difference in the volume between the filament and the capture events. > What does --forward do ? Forward basically instructs...
Hi @cyohg , As the documentation clearly states, the `remove` transformer operates on event parameters. It can't mutate other event attributes. I'm curious about your use case. The top-level `tid`...
Oh, I understand now. As I already explained previously, currently it is not possible to mutate JSON fields other than event parameters. Implementing such a feature would require controlling the...
> And why is it impossible to add a feature which controls the construction of the Json payload ? I didn't mean it is impossible to deliver such a feature....
Sorry for the delay. I've been deeply reflecting on the ROI that the following functionality could have, and I think the gains in terms of storage reduction are negligible. The...
@cyohg Please refer to [Building from source](https://www.fibratus.io/#/setup/installation?id=building-from-source). The key is to set up the MinGW compiler toolchain. You can, of course, ignore `libyara` and `python` build options if not intended...
It looks like the `cap` build flag is not set correctly. If you're running the build from the PowerShell-based terminal, you must use a different command to set the environment...