log4shell-tool icon indicating copy to clipboard operation
log4shell-tool copied to clipboard
verified publisher icon datto

Issue with C++

Open kschwartzrch opened this issue 4 years ago • 7 comments

No matter what I do I cannot get this to run. Thank you guys for releasing this tool to others but I've installed every C++ library (located here: https://docs.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170) but still get the same error.

Any one else getting this?

  • Not adjusting existing LOG4J_FORMAT_MSG_NO_LOOKUPS setting.
  • Scan scope: Home Drive
  • New YARA definitions downloaded.
  • Verified presence of yara32.exe. ! ERROR: YARA was unable to run on this device. The Visual C++ Redistributable is required in order to use YARA. Download it (both architectures) at: https://docs.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170

kschwartzrch avatar Dec 16 '21 22:12 kschwartzrch

Having the same issue. everyone says you need the C++ latest etc but i have done that several times and it's still same. So that answer has not helped. there has to be something else.

RossCamardo avatar Dec 16 '21 23:12 RossCamardo

Ok im fairly sure its just cus where you call the PS1 from... If you call it from the folder it lives in it runs fine. it you call it from somewhere else fails. That's the issue. needs to see the other files.

RossCamardo avatar Dec 17 '21 00:12 RossCamardo

Hi, the latest version shouldn't have such issues with the directory, but yes, it is best practice to call the script from the folder it resides in. To properly triage issues running YARA, try double-clicking on the binary outside of the script. It should give you a more descriptive error than what we can get from running it via command-line. Cheers – SL

Datto-StanLee avatar Dec 17 '21 12:12 Datto-StanLee

I am calling the PS1 directly from the folder as told and when i click the yara or run it manually with their test rule it works just fine... only your script says that C++ is needed.

kschwartzrch avatar Dec 17 '21 14:12 kschwartzrch

for the C++ stuff they didn't include. you gotta download those. Its mentioned in a separate issue here. I'm having an issue wrapping my head around calling it from the folder its in. I can do that on the system. But from an RMM i think commands just run where they run. There is probably some obvious logic I'm missing.

RossCamardo avatar Dec 17 '21 14:12 RossCamardo

Calling it from which folder? the folder that C++ runtimes are in? If so where is that? I have installed all of them from download link above.

kschwartzrch avatar Dec 17 '21 14:12 kschwartzrch

Currently check for YARA32.exe can run with VC++ runtime is failing.

yara32.exe - System Error

The code execution cannot proceed because VCRUNTIME140.dll was not found. Reinstalling the program may fix this problem.

OK

VC is downloaded and installed. vcruntime140.dll is found in the C:\windows\system32 folder.

https://aka.ms/vs/17/release/vc_redist.x64.exe - this is the specific link found on the page you have link to.

I have repaired, Uninstalled and re-installed and keep getting the same result.

yara64.exe. doesn't have the same problem.

Upon further investigation, it appears that installing both vc_redist platforms is required. Perhaps this could be made clearer.
Of course, if most machines are 64 bit it isn't necessary to test both?

DavidWForeman avatar Jan 11 '22 09:01 DavidWForeman