Mike Cohen

Ah looks like they only added getrandom in glibc 2.25: https://lwn.net/Articles/711013/ I found out this symbol is used from util-linux probably in the implementation of uuids. When I run the...

The real solution is to build on a very old system. I will rebuild and redistribute.

Presumably you will use the C API? In that case it is really simple and it is described in the header https://github.com/Velocidex/c-aff4/blob/master/aff4/libaff4-c.h But to keep it simple this API only...

Where did the image come from? is it a winpmem one?

Seems like an omission in the standard? We have been using Zlib forever and the code to do deflate was completely broken and possibly not ever tested (it was raising...

Does it really matter? On my 24 core server zlib is maxing out the CPU anyway and imaging is generally IO bound on any compression scheme (given enough threads).  IMHO...

I did hear there were some issues loading the driver on Windows insider edition - Maybe Microsoft tightened down driver loading this the new version? Is there any clue in...

Ah interesting - it looks like it is unable to import a function it needs. Possibly one of the acquisition methods is no longer possible since the function it needs...

Hmm yeah good point. The reason is calls getprocaddress in the first place is to try to be somewhat sneaky to try and prevent kernel mode rootkits from identifying that...

@ilay122 Thanks - https://docs.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt-rtlpctofileheader indicates that this function is a userspace function so wont work in a kernel module. I dont think it is worth obfuscating anyway - I will...