windows: osquery Python extensions do not appear to work on Windows
Closed this issue · 6 comments
I haven't had too much time to triage this, but it seems that just running the generic python extension in Windows fails. osqueryi is creating the pipe correctly, as it shows up in sysinternals, however upon running python .\my_ext.py --socket \\.\pipe\shell.em, the code immediate returns. I haven't been able to trigger higher levels of verbosity, but again I haven't spent a large amount of time triaging this.
I'll look into it.
Nope
I tore into this tonight, and found that I would be able to get python extensions working on Windows, however we do not have a python implementation of this Thrift library. Basically, as osquery on Windows leverages named pipes for communication with extensions, we require that python find some method to communicate via Windows named pipes. This is possible using the win32pipe module in the Python win32 API bindings, however we still need to wrap this pipe communication in a TBufferedTransport in order to speak thrift to the daemon.
I'm going to spend some time gauging how do-able it'd be to generate the TPipe class in python from the C++ example provided, as well as the TSocket python class already written in python, but I'm not sure how long that'll take.
Nice digging, @PoppySeedPlehzr!