[2024]windows编译ZEEK教程(附成品)

### 前置准备
先安装choco和vs2019,安装c++编译套件和python。这点不再重复
重点 ，用choco装这几个:

```cpp
choco install -y --no-progress sed
choco install -y --no-progress swig
choco install -y --no-progress winflexbison3
choco install -y --no-progress ninja
choco install -y --no-progress openssl --version=3.1.1
```
然后python安装conan,connan创建一个默认环境,不再叙述
(在编译过程中)我这边版本会报错,这玩意水土不服
Failing install on Windows using Visual Studio compiler，解决办法，升级版本

下载,放到随便一个目录
https://www.npcap.com/dist/npcap-sdk-1.13.zip

然后启动这个:
![](https://key08.com/usr/uploads/2024/09/3714430756.png)

然后运行
```cpp
cmake .. -DPCAP_ROOT_DIR:PATH=Z:\npcap-sdk-1.13 -DCMAKE_BUILD_TYPE=release -DENABLE_ZEEK_UNIT_TESTS=yes -DVCPKG_TARGET_TRIPLET="x64-windows-static" -G Ninja 
```
其中 DPCAP_ROOT_DIR 是你刚刚下的npcap-sdk路径
### 坑1
如果报错: CMAKE_CXX_COMPILER 什么的，用x64 native，而不是直接cmd

### 坑2
如果报错,这个是zeek他们自己写错了,windows上的pcap不叫libcap，他是packtet.lib
![](https://key08.com/usr/uploads/2024/09/2251497845.png)
```cpp

-- Found BISON: F:/source2/cstrike15_src/vscript/languages/gm/bin/bison.exe (Required is at least version "2.5")
-- Found PCAP: Z:/npcap-sdk-1.13/Lib/wpcap.lib
-- Performing Test PCAP_LINKS_SOLO
-- Performing Test PCAP_LINKS_SOLO - Failed
-- Performing Test PCAP_NEEDS_THREADS
-- Performing Test PCAP_NEEDS_THREADS - Failed
CMake Error at cmake/FindPCAP.cmake:70 (message):
Couldn't determine how to link against libpcap
Call Stack (most recent call first):
auxil/vcpkg/scripts/buildsystems/vcpkg.cmake:859 (_find_package)
CMakeLists.txt:780 (find_package)
```
首先命令行加一个
-DPCAP_LIBRARY=C:/path/to/pcap/lib/pcap.lib
然后vscode打开cmake目录
![](https://key08.com/usr/uploads/2024/09/4558411.png)
把这一段删了，因为他们团队的cmake写错了。
然后就是正常的编译了
```cpp
cmake.exe --build .
```
### 测试
随便找一个流量包:
```cpp
zeek.exe -C -r 2024-03-14-AsyncRAT-and-XWorm-infection-traffic.pcap
```
![](https://key08.com/usr/uploads/2024/09/4041699934.png)
### 成品
链接: https://pan.baidu.com/s/1JRJ6K2viUaPCwL97gE8bvQ?pwd=xs5t 提取码: xs5t 复制这段内容后打开百度网盘手机App，操作更方便哦

白帽Wiki

一只鸭子

白帽Wiki - 一个简单的wiki