WIN32
=====

This section describes how to build and run Suricata on Windows. Currently
Windows XP and above are supported and only in the IDS pcap mode. You will need to download and install 7zip (www.7-zip.org) to extract these files.

1. Setup MinGW environment from http://mingw.org

Do not use the automatic installer as it is deprecated. Manually unpack
the following packages to c:\mingw (use newer versions if you like):

    * binutils
          o binutils-2.20–1-mingw32-bin.tar.gz
    * mingw-runtime (dev and dll):
          o mingwrt-3.17-mingw32-dll.tar.gz
          o mingwrt-3.17-mingw32-dev.tar.gz
    * w32api
          o w32api-3.14-mingw32-dev.tar.gz
    * required runtime libraries for GCC (gmp, libiconv, MPFR and pthreads):
          o gmp-4.2.4-mingw32-dll.tar.gz
          o libiconv-1.13.1–1-mingw32-dll-2.tar.lzma
          o mpfr-2.4.1-mingw32-dll.tar.gz
          o pthreads-w32–2.8.0-mingw32-dll.tar.gz
    * gcc-core (bin and dll):
          o gcc-core-4.4.0-mingw32-bin.tar.gz
          o gcc-core-4.4.0-mingw32-dll.tar.gz
    * make
          o make-3.81–20090914-mingw32-bin.tar.gz
    * zlib
          o libz-1.2.3-1-mingw32-dll-1.tar.gz
	  o libz-1.2.3-1-mingw32-dev.tar.gz

2. Install MSYS

    http://sourceforge.net/projects/mingw/files/

    MSYS-1.0.11.exe (MSYS Base System)
    msysDTK-1.0.1.exe (MSYS Suplementary Tools)
    autoconf-2.63–1-msys-1.0.11-bin.tar.lzma
    automake-1.11–1-msys-1.0.11-bin.tar.lzma
    libtool-2.2.7a-1-msys-1.0.11-bin.tar.lzma

    MSYS will ask questions during the installation:
    Accept Post Install: [y]
    MinGW Installed? :   [y]
    path to MinGW:       [c:/MinGW]

3. Get git

    Download portable GIT from this URL:
    http://code.google.com/p/msysgit/

    - unpack to /msys/1.0
    - don't forget to edit your ~/.gitconfig to at least give youreself a name :-)

4. Get libpcre

    http://www.pcre.org/

    ./configure --enable-utf8 --disable-cpp --prefix=/mingw
    make
    make install

5. Get libyaml

    http://pyyaml.org/wiki/LibYAML

    It does not support mingw compilation. However it works in static mode:

    ./configure --prefix=/mingw CFLAGS="-DYAML_DECLARE_STATIC"
    make
    make install

6. Get libpcap

    Guide can be found here:
    - Download Devlopers pack http://www.winpcap.org/devel.htm
    - Download and install a coresponding installer package http://www.winpcap.org/install/default.htm (to have the driver in the system)
    - Copy includes to c:/mingw/include and libs (.a) to c:/mingw/lib
    - Rename libwpcap to libpcap

8. Get and compile Suricata

    git clone git://phalanx.openinfosecfoundation.org/oisf.git
    cd oisf

    Because of some weird autools port bug we do the following:
    dos2unix.exe libhtp/configure.ac
    dos2unix.exe libhtp/htp.pc.in
    dos2unix.exe libhtp/Makefile.am

    ./autogen.sh
    ./configure CFLAGS="-DYAML_DECLARE_STATIC"
    make

If everything goes well, you'll end up with suricata.exe in src/.lib. To test it
you will need libpcre-0.dll ,libz-1.dll, and pthreadGC2.dll which you already have somewhere
under c:/mingw or c:/msys. To try it out:

    - copy the executable and the DLLs to a dedicated directory
    - get there classification.config and suricata.yaml
    - edit suricata.yaml (at least set the directories correctly)
    - determine your eth device UUID in the registry:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
    - now cross your fingers and do:
        suricata.exe -c suricata.yaml -i \DEVICE\NPF_{your device uuid}