I m not sure you re going to get a better set of answers tha

Question

I m not sure you re going to get a better set of answers than you did in While here or < C0FHNQ2N6|windows> would have been more appropriate it s still the same people

duongtt · Answer

Yeah I understand Thank you for giving opinions

seph · Answer

I m not sure how many folks are still on the version 3 branch A lot of focus is on v4

seph · Answer

Are there reasons you can share about wanting to stay in the 3 x line

duongtt · Answer

Thank you for replying me laughing Currently in linux side I had build my own extension with osquery version 3 3 2 successfully Now I need to make things done in windows So seems like in version 4 x it s hard to build extensions

seph · Answer

I thought the 4 1 line was pretty reasonable for extension building But I work mostly in go so it s a different extension ecosystem

duongtt · Answer

i e I have tried the lastest version of osquery and try to build the trailofbits extension but seems like it don t build in the right way

duongtt · Answer

Also I met some problems when using C++ for building extensions In the version 3 3 2 ` include lt osquery sdk h gt ` works well but in version 4 x the path changes to ` lt osquery sdk sdk h gt ` but I still don t get it right

duongtt · Answer

Thank you for your suggestion Btw if I try to build my extension again using Go where do I need to start

seph · Answer

Generally speaking I think you should write extensions in whatever language you re most comfortable in In all cases they will likely require some amount of work to get going the first time

seph · Answer

The go SDK is at is an example extension

duongtt · Answer

Woww those are really nice documents Thank you laughing

duongtt · Answer

And yes I had my own extension in C++ the problem only is building it with osquery

seph · Answer

I suspect that people will help you get it built on v4 Mostly I think people should use the languages they know and like ツ

duongtt · Answer

Wow yes I really appreciate that And it s glad to receive your quickly response Your suggestions help me alot

seph · Answer

I m happy I can help a little

Stefano Bonicatti · Answer

By the way our extensions in the master branch target 3 3 2 also last time we worked with the official osquery 3 3 2 it wasn t building properly We have made a fork for that osql and other reasons That been said I suggest too to use 4 x you can have a look to what s needed here <https github com trailofbits osquery extensions pull 51> or if you simply want to build our extensions for 4 x

Stefano Bonicatti · Answer

It s true though that docs on the Wiki have to be updated for the latest version

duongtt · Answer

Let me summarize your ideas If I want to build trailofbits extension with osquery version 4 x I will need to cherry picking all the commits in your link <https github com trailofbits osquery extensions pull 51> Am I right Sorry because I m still new with these awesome techniques

Stefano Bonicatti · Answer

You don t need to cherry pick you can just fetch the branch where that PR is which is local and which is named `extension porting 4 0 1` yay mismatched versions but it has been a WIP for a bit

duongtt · Answer

So kinda I will need to fetch that branch to build trailofbit extension with osquery version 4 x

duongtt · Answer

I will try your suggestions Thank you < Stefano Bonicatti>