Nedim Šabić²
Nedim Šabić²
It seems like you haven't set up the C compiler correctly. Just in case, try to enable CGo. ``` $env:CGO_ENABLED="1" ```
Go can be sensitive about the C compiler. This may help: - https://github.com/golang/go/issues/57455 - https://github.com/anjannath/crc/commit/6733174441456ce55f0894b2af0a12c569c227a6
Indeed, filaments have a lot of potential. Sadly, they feel like a bit abandoned, but I'll invest some time to make them more useful
Hi @LordNoteworthy, I apologize for the delay :). A better approach would be using the [captures](https://www.fibratus.io/#/captures/capturing). The capture is essentially a binary file containing the full state of the system...
Hi @LordNoteworthy , What I really meant by system processes is that the capture file will contain the snapshot of all running processes including their extended metadata. This information is...
Hi again, @LordNoteworthy The stable Fibratus version utilizes the PE parser in the following code areas: - [image processor](https://github.com/rabbitstack/fibratus/blob/2268bda4098524d06f66f4936a5d6bffd3aa0da3/pkg/kstream/processors/image_windows.go#L113) for verifying the executable/DLL digital signature - [PE filter accessor](https://github.com/rabbitstack/fibratus/blob/2268bda4098524d06f66f4936a5d6bffd3aa0da3/pkg/filter/accessor_windows.go#L819). You...
Hey @LordNoteworthy, https://github.com/rabbitstack/fibratus/pull/352 should get rid of most of the error log messages that you spotted. In addition, #350 bumps saferwall/pe to the latest version. Separately, all capture-related issues have...
The rule engine dynamically enables/disables events. It does so by parsing the entire ruleset and extracting all event types referenced in the rules. If the event is not used by...
In my opinion, the first proposal makes more sense. Just a nit. Reverse the conditions such as: ``` if c.Yara.Enabled && ktype == ktypes.VirtualAlloc { c.Kstream.EnableMemKevents = true continue }...