Skip to content

v10.1.0-rc9

Pre-release
Pre-release
Compare
Choose a tag to compare
@jgautier-anssi jgautier-anssi released this 11 Jan 14:40
v10.1.0-rc9
8e89bf5
This commit was signed with the committer’s verified signature.
fabienfl-orc fabienfl
GPG key ID: A21889B6CE3B7602
Verified
Learn about vigilant mode.

Changes:

  • 8e89bf5 Merge branch 'main' into release/10.1.x
  • edfa39c changelog: update to 10.1.0-rc9
  • ef27a1d OrcCommand: GetThis: fix possible missing sample having multiple matches
  • a1727a3 OrcLib: Registry: Read: change log level
  • 4fcf51b OrcLib: LocationSet: AddLocations: continue on a location failure
  • 89fc875 OrcLib: LocationSet: ExpandStringsLocation: fix match expression
  • 481ab1e OrcCommand: GetThis: fix possible temporary file conflict
  • 856d0a3 OrcCommand: GetThis: move 'statistics.json' into output archive/directory
  • 7984e0c OrcCommand: GetThis: fix missing GetThis.csv when using directory output
  • 163c2d2 OrcCommand: WolfLauncher: fix archives output path with '/out'
See More
  • ee6737c OrcLib: Archive: ToCompressionLevel: return default level for empty string
  • ea37a5e OrcLib: Archive: Appender: close temporary stream on Close
  • 6e4825e OrcLib: Archive: fix empty file handling for compatibility
  • e2550c3 OrcCommand: WolfLauncher: fix missing console redirection file upload
  • 8458bd9 OrcLib: Utils: StdStream: StandardOutput: add method Flush
  • 806d757 OrcLib: Utils: StdStream: rename EnableFileTee to EnableTeeRedirection
  • 8c02aac OrcLib: Utils: StdStream: LazyFileStream: catch Close exceptions
  • ec65efa OrcLib: Utils: StdStream: LazyFileStream: add method Flush
  • 697e4ad OrcLib: Text: Print: use function overload instead of templates
  • 5f7ae14 OrcLib: Text: make Tree an alias to BasicTree
  • a1346ed Log: update level and prefer utf8 messages
  • df22a50 OrcCommand: Console: add method Flush
  • 0b2dd71 OrcCommand: NTFSInfo: volstats.csv: add MountPoint column
  • 91bd040 OrcCommand: NTFSInfo: I30Info: add DataSize
  • f8b0bb6 OrcLib: coding style
  • 9b0dec2 OrcLib: CommandAgent: expand environment variables for ''
  • f5a6f16 OrcLib: FileInfo: handle legacy OWNER[ID|SID] as empty columns
  • f8ef4d1 OrcLib: FileInfo: do not log expected write column failures for directories
  • 906eada OrcLib: remove TLSH
  • b720905 OrcLib: Utils: Guard: add ServiceHandle
  • 84e7475 OrcApacheOrcLib: fix missing header include
  • 53b0178 tools: rcedit: fix [[nodiscard]] warning
  • faa28a4 vcpkg: update to 2021.12.01
  • e6a35e4 OrcLib: Log: fix utf-16 log strings support
  • d283229 OrcCommand: NTFSInfo: add security descriptor binary dump
  • 247a51c OrcCommand: add cmake options to individually unable/disable sub commands
  • df2cceb OrcLib: ExtensionLibrary: fix 'desiredname' for extension library
  • f125058 OrcLib: Text: move out std::error_code definition from forward header
  • be16b3a OrcLib: Log: fix support for fmt::join
  • eee61d6 Merge branch 'main' into release/10.1.x
  • 623f5be cmake: add CMakePresets.json
  • f1258fe OrcLib: Log: flush on error log level
  • 94c9083 OrcParquet: ParquetWriter: improve utf-8 support
  • 9f59050 azure: fix for 'The remote provider was unable to process the request'
  • 593fda6 Remove ORCLIB_API
  • 49055c7 OrcLib: Buffer: add check for empty format string
  • 8630575 OrcCommand: Log: enable backtrace on Critical logs
  • ed056bf changelog: update 10.1.0-rc8
  • 37dbcc4 OrcLib: 7z: fix empty file handling for compatibility
  • f2c0728 OrcLib: Utils: StdStream: add override xsputn for performance
  • b59d24d OrcLib: Utils: StdStream: add StandardOutput
  • dbb3987 OrcLib: Ntfs: update logs
  • 47b698a OrcLib: Ntfs: Wof: fix WofStreamConcept decompression
  • 219b503 OrcLib: Ntfs: Wof: move algorithm check to a better place
  • d899e75 OrcLib: MftRecordAttribute: always use base record instead of host record
  • d1ab5bb OrcLib: FileFind: do not match raw WofCompressedData if not specified
  • 156a8b9 OrcCommand: Console: optimize console output with WriteConsole
  • e4ba846 OrcCommand: GetThis: remove tlsh from usage
  • c0162fa OrcCommand: WolfLauncher: Console: flush LazyFileStream on dtor
  • 42b766b OrcCommand: WolfLauncher: fix console file output path
  • 4c69a0d OrcCommand: WolfLauncher: fix missing upload for pre-existing archive
  • 7ad6408 OrcCommand: FastFind: fix missing output file when directory is specified
  • 013872b OrcLib: ArchiveAgent: fix archive support for output directory
  • 7688d74 OrcLib: RegFind: fix false positive on key/value match
  • 8869047 OrcLib: CommandAgent: allow extracted resources to be executed
  • fb89071 OrcCommand: UtilitiesMain: add log flush exit handler
  • 7a1e694 OrcLib: FileFind: write attribute name (ADS) for data elements
  • 6c3ff52 tools: ci: build: add toolchain support for vs2022
  • 729979d OrcCommand: UtilitiesLoggerConfiguration: fix syslog port parsing
  • 4ae85be Merge branch 'fabienfl/yara_stream'
  • 53b2bf8 OrcLib: FileFind: use specific matching yara rule(s) as description
  • a525a37 OrcLib: FileFind: display file name on MatchYara errors
  • fefc317 OrcLib: FileFind: add function IsExcludedDataAttribute
  • 8b38b57 OrcLib: YaraScanner: use new memory block Yara API
  • ffb9165 vcpkg: update for yara 4.1.3
  • 22eefb6 Merge branch 'fabienfl/22_configuration_profiling'
  • 2a82419 OrcCommand: FastFind: FileFind: write rules statistics
  • 1925922 OrcCommand: FastFind: FileFind: print rules statistics
  • ec78af1 OrcCommand: GetThis: FileFind: write rules statistics
  • 4f3abd2 OrcCommand: GetThis: FileFind: print rules statistics
  • 5ca5b3f OrcLib: Utils: String: add function StartsWith
  • 6fd534c OrcLib: FileFind: add ntfs_find rule profiling
  • 3622f0a OrcLib: FileFind: store xml rule in SearchTerm
  • c57e09e OrcLib: Configuration: add method ConfigItem::ToXml
  • 833c7cd OrcLib: Text: Tree: add comments
  • 09ea825 OrcLib: ByteStream: add Read/Write wrapper for statistics
  • 7a422dd OrcLib: MftRecordAttribute: fix stream caching
  • cb06187 OrcLib: Log: Logger: disable Trace logs
  • eb5ffbf OrcCommand: GetThis: add missing 'const'
  • 0407b9c Merge branch 'fabienfl/10_location_exclude'
  • b72c9f1 OrcCommand: Usage: update '/exclude'
  • 01b7896 OrcCommand: USNInfo: add support for location option 'exclude'
  • d1d599e OrcCommand: GetThis: add support for location option 'exclude'
  • bf216c3 OrcCommand: FastFind: add support for location option 'exclude'
  • 9578352 OrcCommand: NTFSInfo: add support for location option 'exclude'
  • ac398fb OrcCommand: UtilitiesMain: add parser for option 'excludes'
  • 3c3b4e9 OrcLib: Configuration: add option "exclude"
  • 6329ecf OrcLib: LocationSet: add support for location exclusion based on path
  • a5111b2 Merge branch 'fabienfl/11_shadows'
  • 0801ce6 OrcCommand: Usage: update '/shadows'
  • a316301 OrcCommand: USNInfo: add support for filters to shadows option
  • 8410dad OrcCommand: GetThis: add support for filters to shadows option
  • 26f2da7 OrcCommand: FastFind: add support for filters to shadows option
  • c05a489 OrcCommand: NTFSInfo: add support for filters to shadows option
  • a985037 OrcCommand: UtilitiesMain: add method ShadowsOption
  • 79d2c56 OrcCommand: UtilitiesMain: add method BooleanExactOption
  • 3cf3240 OrcLib: LocationSet: accept shadow copy filters (newest, mid, oldest)
  • fa9db54 Merge branch 'main' into release/10.1.x
  • ac24b48 changelog: update 10.1.0-rc7
  • c710a25 OrcLib: EmbeddedResource: add more logs
  • 2503322 OrcLib: ExtensionLibrary: fix TryLoad when desired name was not available
  • 21902ca OrcCommand: WolfLauncher: Outcome: fix element 'timestamp'
  • 8d983b1 OrcCommand: WolfLauncher: Outline: rename and ISO "time" element to "start"
  • 7ce7c96 OrcCommand: WolfLauncher: Journal: use syslog's timestamp
  • f6df2e8 OrcCommand: Log: UtilitiesLogger: set default console log level to critical
  • 1c3104f OrcLib: Log: SpdlogLogger: refactor DumpBacktrace
  • 3a3959c OrcLib: Log: Logger: use array for log count instead of variable for each levels
  • 69fd4f9 OrcLib: Log: format log message once for all default facilities
  • d4e7ce7 OrcLib: Log: SpdlogLogger: add low level Log() which map spdlog's one
  • 5933ec7 OrcLib: Log: add configurable BacktraceLevel
  • d6a2876 OrcLib: Log: move up backtrace handling from SpdlogSink to SpdlogLogger
  • 3f1329f OrcLib: Log: default log to multiple loggers instead of sinks
  • 1e0930c OrcLib: Privilege: fix GetMyCurrentSID unhandled error
  • 7eb7a6d OrcCommand: Outcome: add "start" element
  • 4c5e8ca Fix missing XPSP2 API use GetLogicalProcessorInformation
  • a263899 boost-multi-index without serialization
  • 264d6ec OrcLib: Ntfs: add support for $DATA:WofCompressedData
  • df8285e OrcLib: Archive: handle zip output using 7z library
  • f6f5c38 OrcLib: RegFind: fix description for 'data_contains_hex' match
  • 3b24b25 OrcLib: RegFind: fix format string issue for key with braces
  • c85eb7d OrcCommand: GetThis: fix success treaten as failure
  • b75c60f OrcLib: Print: AttributeListEntry: fix invalid format string
  • fb98bd3 OrcCommand: WolfLauncher: add missing cli help for '/outline'
  • 5a82a69 OrcCommand: FastFind: use fqdn as 'computer' output element
  • 5eef130 tools: ci: build.ps1 cleanup
  • 6cbd1c3 OrcCommand: UtilitiesLoggerConfiguration: fix "error ok" interpretation
  • c61a8bd Rename MaxBytesTotal* to MaxTotalBytes*
  • 0bd51b4 OrcLib: Configuration: add support for uri in upload section
  • 5d5e698 OrcLib: Utils: add Uri
  • 697b259 OrcLib: OutputSpec: expand environment variable for upload path
  • 7628b04 vcpkg: use 2021.05.12
  • c542f2f OrcLib: FileInfo: add missing PE machine type strings
  • 7b2059c OrcCommand: GetThis: update unique sample filename
  • d4562d2 OrcLib: GetThis: keep 10.0 naming for ContentType
  • f71740f OrcLib: Location: keep 10.0 naming for DiskInterface
  • 99b449c OrcCommand: GetThis: create sample filename using longest known filename
  • 16e7b62 OrcCommand: UtilitiesMain: handle only critical errors for exit code
  • 821ca87 OrcLib: update some logs
  • 0e3561d OrcCommand: WolfLauncher: Outcome: add element 'end'
  • 9fe7c46 OrcCommand: WolfLauncher: Outcome: fix possible race condition
  • 1ba62c3 OrcCommand: WolfLauncher: Outline: add "outline" root node
  • 21d532c OrcLib: CommandAgent: embed configuration specified with '/config'
  • 6bd88e5 OrcCommand: WolfLauncher: Outcome: replace sha256 with sha1
  • d3f2d62 OrcCommand: WolfLauncher: make Hash local function generic
  • 8b170a6 OrcCommand: WolfLauncher: add option '/nolimits[:,...]'
  • 3cc993b OrcCommand: WolfLauncher: ignore outcome if no output was configured
  • 35e3be7 Remove VERSION.txt
  • a6dba95 cmake: remove option ORC_BUILD_TLSH
  • 993884d CI: fix README.md CI badges
  • f94a429 OrcLib: YaraScanner: fix log using invalid cast
  • 10d461b OrcLib: Print: Filter: fix custom extension handling
  • 1dc7a8e OrcLib: Print: fix OutputSpec::Upload
  • b8bb86b OrcLib: Utils: EnumFlags: fix missing include
  • b845bc0 OrcLib: PeParser: use CacheStream
  • 8894378 OrcLib: add CacheStream
  • d3cee79 OrcLib: replace libpehash-pe with PeParser
  • f9a6b87 OrcLib: Authenticode: use PeParser which refactors 'ntfsinfo' algorithm
  • 56dcd4c OrcLib: add PeParser
  • f962ad5 OrcLib: add ByteStreamHelpers.h
  • 5e10bad OrcLib: Authenticode: ensure hash is not empty while checking
  • 63f45b5 OrcLib: Utils: add BufferSpan
  • 46b6501 OrcLib: Utils: add BufferView
  • 906ee07 OrcLib: Modify NTFSCompression log levels
  • 3c13dcb OrcLib: Log: SpdlogLogger: fix trace performance
  • c9f4379 OrcLib: set process stack size to 4MB
  • bfeb071 OrcCommand: UtilitiesLogger: fix compilation warnings
  • 2a703e0 cmake: add ms-gsl dependency
  • 0031952 Revert "CI: fix README for CI badge on release/main"
  • 5893881 Merge branch 'main' into release/10.1.x
  • 9205030 changelog: update for 10.1.0-rc6
  • 1690271 OrcLib: Utils: Guard: add move operators to FileHandle and Handle
  • a8d7614 OrcLib: Utils: Guard: add Module
  • 233fee3 OrcLib: Utils: Guard: fix DescriptorGuard missing operator=
  • be4f1ab OrcLib: Fmt: rename error_code/filesystem to std_error_code/std_filesystem
  • ec3bd10 OrcLib: Print: Ntfs: enhance some printed value
  • 89e226b OrcLib: Print: Ntfs: MFTRecord: check standard information before display
  • 524ddd2 OrcLib: Print: Ntfs: MFTRecord: fix extents print
  • dfed4a4 OrcLib: ParameterCheck: GetIntegerFromHexaString: do not require 18 chars
  • 543500e OrcLib: FileFind: fix missing GetStreams() error check
  • 0814116 OrcLib: FileFind: remove useless GetStreams call
  • e84176f OrcLib: ByteStream: fix last read chunk size
  • 4616b7b CI: fix README for CI badge on release/main
  • 47afd17 OrcCommand: FastFind: fix xml configuration parsing
  • dc186ed GetSamples: enable autorunsc for all users
  • b43854c OrcLib: Log: Syslog: avoid propagation of winsock(2).h via UdpSocket.h
  • 98ca818 OrcLib: Yara: update to 4.0.2
  • 2a6cdee OrcLib: Configuration: fix log message
  • f157294 FastFind: fix nullptr dereference when "/out" is not specified
  • 44a17d1 Merge branch 'fabienfl/syslog' into main
  • 7b26f1d changelog: update for 10.1.0-rc5
  • b9dc5ec OrcLib: LocationSet: ExpandOrcStringsLocation: test empty input string
  • 5a26e35 OrcLib: PartitionFlags: fix ToString for 'None' value
  • f29a27c OrcCommand: RegInfo: fix check on output type
  • 3643514 OrcLib: Utils: EnumFlags: add assert on HasFlag against flag == 0
  • 1c384fd OrcCommand: UtilitiesLoggerconfiguration: set syslog default level to info
  • 91073eb OrcCommand: UtilitiesLoggerConfiguration: apply backtrace option earlier
  • 80876ce OrcLib: Robustness: add assert on unexpected exception for debug attach
  • e2a798d OrcLib: Print: Ntfs: fix missing property print
  • e1440ba OrcLib: MftRecordAttribute: BitmapAttribute: add alias block_type
  • ed5e955 OrcLib: Text: add function ToHex
  • c7177ad OrcLib: Text: Print: Ntfs: MftRecord: fix print of $FILE_NAMES
  • ae16755 OrcLib: Text: Print: Ntfs: MftRecord: fix print of file attributes
  • 6f5d202 OrcLib: Text: Print: Ntfs: fix newline print issue (NTFSUtil)
  • b8cc3a7 Add log, fix coding style, remove dead code
  • a6183a5 OrcCommand: WolfLauncher: print elapsed time in journal
  • 0a83070 OrcCommand: WolfLauncher: print version in journal
  • bd8d445 OrcCommand: Journal: print message in journal facility
  • 2a28d6a OrcCommand: UtilitiesLoggerConfiguration: add syslog option parsing
  • 3349f2c OrcCommand: UtilitiesLogger: enable SyslogSink
  • bbcc737 OrcLib: Log: add SyslogSink
  • b8f32ac OrcLib: Log: Sink: fix include paths
  • b652aa3 OrcLib: Log: remove directory Sink/
  • 989d42a OrcCommand: Usage: add new option 'log' usage
  • fef812d OrcCommand: Usage: PrintParameters: add support for multiline descriptions
  • 87fd0df OrcCommand: UtilitiesLoggerConfiguration: fix console backtrace handling
  • 7f84114 OrcCommand: GetThis: fix output directory option
  • bf37604 OrcLib: Buffer: refactor and rename BufferView into BufferSpan
  • dc653fe OrcLib: Utils: Result: add function ValueOr
  • 7307145 OrcLib: Utils: Result: add ToOptional(Result&&)
  • c082d17 OrcLib: Utils: Guard: refactor Handle and FileHandle
  • 4280f9b OrcLib: Utils: Time: add ToAnsiStringIso8601
  • db28c24 OrcLib: Utils: WinApi: add wrappers for GetComputerNameApi[Ex]
  • 614e5a8 OrcLib: Utils: WinApi: handle any exception
  • 133c1f6 OrcLib: SystemDetails: modify system tag text format
  • ab5f92c OrcLib: Archive: fix incorrect use of size_t with uint64_t
  • 3eadd77 OrcLib: DiskExtent: improve logging
  • 36cc992 OrcLib: improve ExtensionLibrary and COM library unloading
  • 6b67f17 OrcLib: Log: check logger pointer before flushing
  • 0cf07fa OrcLib: WideAnsi: fix conversion of 1 character strings
  • 3ad30f8 OrcLib: fix build with vs 16.9 using ValueOr
  • b636396 OrcLib: fix missing headers
  • ce15909 OrcLib: OrcException: fix build with missing E_BOUNDS using SDK 7.1A
  • 46a7a32 OrcLib: OrcException: fix build issue with attribute Severity attribute
  • a964d77 vcpkg: yara: remove jansson dependency pulled from cuckoo module
  • 2e8c7e3 vcpkg: yara: remove openssl/libressl dependency
  • a786e97 Merge branch 'main' into release/10.1.x
  • 3acf35e OrcCommand: GetThis: fix log level
  • 3f440be OrcCommand: UtilitiesLogger: set backtrace size at 64 lines
  • 431384b changelog: update for 10.1.0-rc4
  • 241711d cmake: add option ORC_SWAPRUN_NET for stability from network execution

This list of changes was auto generated.

Assets 10
Loading