HI all!
So, I had the pleasure of trying to do an analyzer lately and many thanks to Jon Schipp for his online tutorials on how to write an analyzer using BinPac (https://www.youtube.com/watch?v=eZAgqSFd9-c) and Vlad Grigorescu’s Binpac Quickstart (https://github.com/grigorescu/binpac_quickstart) which took care of the boilerplate coding.
Unfortunately, with Zeek’s new name, binpac_quickstart no longer creates the right file extensions and won’t let you compile your plugin if you used binpac_quickstart with your plugin.
I made the necessary changes to binpac_quickstart so that it works under the new name Zeek. I did submit some commits on Vlad’s binpac_quickstart but they haven’t been accepted yet.
For those who seeks a solution, here is my repo of binpac_quickstart which is forked from Vlad, with all the changes that will allow you to use it under the new name.
https://github.com/g0nzu1/binpac_quickstart
I just though I would share with the community since I though working with Binpac and Zeek was a very powerful combo, although kind of hard to find info since Binpac (HILTI/Spicy) is still in development. I wouldn’t want to see the integration of HILTI/Spicy slow down because of simple stuff like this.
Cheers and happy coding!
G0nZu1