fix: update dependencies howto to reflect changes

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

Author: fzipi

iis/dependencies/howto.txt

@@ -5,48 +5,127 @@ So the build process was refactored to make it easier for users to create their
 * build_msi.bat -> Creates the MSI self-installer for easy deploy / removal / distribution
 
 * build_dependencies.bat -> Sets (and downloads if needed) all required dependencies
-* build_modsecurity.bat -> Builds ModSecurity (requires all depenedencies being set)
+* build_modsecurity.bat -> Builds ModSecurity (requires all dependencies being set)
 
 * download_files.bat -> Downloads all required dependencies to the default Downloads folder
 ** This script is disabled by default. If you want to enable it, uncomment the "@call download_files.bat" line on build_dependencies.bat
 
-The dependencies folder also includes a set o batch scripts which sets each dependency
+The dependencies folder also includes a set of batch scripts which sets each dependency
 on its own. These scripts are called by the build_dependencies.bat script.
 
-Using the same versions of libraries as listed below is  recommended.
+Using the same versions of libraries as listed below is recommended.
 --------------------------------------
 Compilation Prerequisites:
 
-* Windows 7 x86_x64 (Should work on newer versions of Windows too)
-* Vistual Studio 2013 Express (Other versions should work, but you need to set the correct path for vcvars.bat scripts)
-* IIS enabled/installed
-* 7-Zip
+* Windows 10/11 or Windows Server 2016+ (64-bit recommended)
+* Visual Studio 2019 or 2022 with C++ development tools
+  - Desktop development with C++
+  - Windows 10/11 SDK
+  - MSVC v142 (VS2019) or v143 (VS2022) build tools
+  - C++ ATL for latest build tools
+* IIS 7.0 or later enabled/installed
+* 7-Zip (for dependency extraction)
+* WiX Toolset 3.x (for building MSI installer)
+
+--------------------------------------
+
+Runtime Prerequisites (for installer deployment):
+
+* Microsoft Visual C++ 2019 Redistributable (x64): https://aka.ms/vs/17/release/vc_redist.x64.exe
+* Microsoft Visual C++ 2019 Redistributable (x86): https://aka.ms/vs/17/release/vc_redist.x86.exe
+  - Both x64 and x86 are required on 64-bit systems for 32-bit application pool support
+  - The MSI installer will check for these prerequisites and provide download links if missing
+
+Note: The installer now uses redistributable packages instead of merge modules,
+following Microsoft's recommended deployment practices. This allows Windows Update
+to automatically patch security vulnerabilities in the Visual C++ runtime.
 
 --------------------------------------
 
 The latest versions of ModSecurity dependencies known to work well are the following:
 
-cmake-3.8.2-win32-x86
-pcre-8.40 (patch required and included on file "patch-pcre-8.40.vbs")
-zlib-1.2.11
-libxml2-2.9.4
-lua-5.3.4
-curl-7.54.1
-httpd-2.4.27 (bin-VC11)
+cmake-3.8.2-win32-x86 (or later)
+pcre2-10.x (PCRE2 is now the default, PCRE 8.x is deprecated)
+  - Note: PCRE2 provides better performance and is actively maintained
+zlib-1.2.11 (or later)
+libxml2-2.9.4 (or later)
+lua-5.3.4 (or later)
+curl-7.54.1 (or later)
+httpd-2.4.27 (bin-VC15 or later for VS2019/2022)
 yajl-2.1.0
-ssdeep-2.13
+ssdeep-2.13 (or later)
+
+--------------------------------------
+
+Build Instructions:
+
+1. Create working directory (e.g. c:\work) and clone/extract ModSecurity v2 from GitHub:
+   https://github.com/owasp-modsecurity/ModSecurity/archive/v2/master.zip
+
+2. Initialize git submodules (important for dependencies like libinjection):
+   git submodule update --init --recursive
+
+3. Make sure the prerequisites mentioned above are all set:
+   - Visual Studio 2019/2022 installed with C++ tools
+   - IIS enabled/installed
+   - 7-Zip available in PATH
+   - WiX Toolset installed (for MSI building)
+
+4. If you haven't downloaded the dependency files before, uncomment the
+   "@call download_files.bat" line in build_dependencies.bat to have them
+   downloaded automatically.
+
+5. Open a Visual Studio Developer Command Prompt (recommended) or regular
+   command prompt and navigate to the "iis" folder inside ModSecurity working
+   directory:
+   cd c:\work\ModSecurity\iis
+
+6. If you need to modify anything (e.g. paths, versions, etc.), carefully
+   edit the batch files. Key files to review:
+   - build_dependencies.bat (dependency paths/versions)
+   - build_modsecurity.bat (compiler settings)
+   - build_msi.bat (MSI configuration)
+
+7. Run the main build script:
+   build_release.bat
+
+8. When done, the binaries, lib and pdb files should appear under:
+   - c:\work\ModSecurity\iis\release\x86 (32-bit)
+   - c:\work\ModSecurity\iis\release\amd64 (64-bit)
+
+   * At this point, if you have a previous installation of ModSecurity and
+     would like to test, you can manually place:
+     - x86 files to "C:\Windows\SysWOW64\inetsrv"
+     - x64 files to "C:\Windows\System32\inetsrv"
+
+9. If all went well, you can build the MSI installer by running:
+   build_msi.bat
+
+   The MSI will be created in the release folder.
+
+--------------------------------------
+
+MSI Installer Features:
+
+* Automatically places files to the correct system folders
+* Configures the ModSecurity IIS native module for both 32-bit and 64-bit
+* Registers the module with IIS application configuration
+* Checks for required Visual C++ 2019 Redistributables
+* Provides clear error messages with download links if prerequisites are missing
+* Supports both x86 and x64 architectures
+* Allows selective installation of 32-bit and/or 64-bit modules
 
 --------------------------------------
 
-1. Create working directory (e.g. c:\work) and drop the latest clone from ModSecurity's 2.x Github (https://github.com/owasp-modsecurity/ModSecurity/archive/v2/master.zip)
-2. Make sure the prerequisites mentioned above are all set
-3. If you haven't download the dependency files before, uncomment the "@call download_files.bat" line on build_dependencies.bat to have them downloaded prior
-4. Open a command prompt (cmd.exe) and head to the "iis" folder inside ModSecurity tree working directory (e.g. cd c:\work\ModSecurity\iis)
-5. If you need to modify anything (e.g. paths, versions etc), carefully edit the batch files.
-6. Run build_release.bat
-7. When done, the binaries, lib and pdb files should appear under c:\work\ModSecurity\iis\release\x86 (32-bit) and c:\work\ModSecurity\iis\release\amd64 (64-bit)
-* At this point, if you had a previous installation of ModSecurity and would like to test you can place the x86 files to "C:\Windows\SysWOW64\inetsrv" and x64 files to "C:\Windows\System32\inetsrv" 
+Troubleshooting:
+
+* If the installer fails with missing DLL errors, ensure the VC++ 2019
+  Redistributables are installed (see Runtime Prerequisites above)
 
-8. If all went well, you can build the MSI installer by running the build_msi.bat script.
+* Use the included list_dependencies.bat script in the wix folder to check:
+  - VC++ 2019 Redistributable installation status
+  - ModSecurity DLL dependencies
+  - Missing libraries
 
-* The built installable package places the files to the correct folders, automatically configures the ModSecurity IIS native module and configures web.config to enable ModSecurity for all IIS sites.
+* For detailed troubleshooting, see:
+  https://github.com/owasp-modsecurity/ModSecurity/wiki/IIS-Troubleshooting

iis/wix/list_dependencies.bat

@@ -11,24 +11,71 @@ echo *
 echo *
 echo * The main function of this script is to list all ModSecurityIIS runtime
 echo * dependencies, including system dependencies, to check if there is a
-echo * missing library or a version mismatch. This can be very usefull in case
+echo * missing library or a version mismatch. This can be very useful in case
 echo * ModSecurityIIS refuses to register as IIS module or if IIS refuses to
 echo * start.
-echo * 
 echo *
 echo *
+echo *
+
+echo.
+echo Checking prerequisites...
+echo.
 
+REM Check for Visual C++ 2019 Redistributable (x64)
+reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v Installed 2>nul | find "0x1" >nul
+if %errorlevel% equ 0 (
+    echo [OK] Visual C++ 2019 Redistributable ^(x64^) is installed
+) else (
+    echo [MISSING] Visual C++ 2019 Redistributable ^(x64^) is NOT installed
+    echo          Download from: https://aka.ms/vs/17/release/vc_redist.x64.exe
+)
+
+REM Check for Visual C++ 2019 Redistributable (x86)
+reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x86" /v Installed 2>nul | find "0x1" >nul
+if %errorlevel% equ 0 (
+    echo [OK] Visual C++ 2019 Redistributable ^(x86^) is installed
+) else (
+    echo [MISSING] Visual C++ 2019 Redistributable ^(x86^) is NOT installed
+    echo          Download from: https://aka.ms/vs/17/release/vc_redist.x86.exe
+)
+
+echo.
 pause
 
 :LOOP_FILE
 SET /a log_file=%RANDOM%+100000
-SET log_file=%TEMP%\ModSecurityIIS-depedencies-%log_file:~-5%.TXT
+SET log_file=%TEMP%\ModSecurityIIS-dependencies-%log_file:~-5%.TXT
 IF EXIST %log_file% GOTO LOOP_FILE
 
 echo Saving logs at: %log_file%
+echo.
+
+REM Log prerequisite checks to file
+echo ================================================ >> %log_file%
+echo Visual C++ 2019 Redistributable Check >> %log_file%
+echo ================================================ >> %log_file%
+
+reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v Installed 2>nul | find "0x1" >nul
+if %errorlevel% equ 0 (
+    echo [OK] Visual C++ 2019 Redistributable (x64) is installed >> %log_file%
+) else (
+    echo [MISSING] Visual C++ 2019 Redistributable (x64) is NOT installed >> %log_file%
+    echo          Download from: https://aka.ms/vs/17/release/vc_redist.x64.exe >> %log_file%
+)
+
+reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x86" /v Installed 2>nul | find "0x1" >nul
+if %errorlevel% equ 0 (
+    echo [OK] Visual C++ 2019 Redistributable (x86) is installed >> %log_file%
+) else (
+    echo [MISSING] Visual C++ 2019 Redistributable (x86) is NOT installed >> %log_file%
+    echo          Download from: https://aka.ms/vs/17/release/vc_redist.x86.exe >> %log_file%
+)
+echo. >> %log_file%
 
-set POSSIBLE_PATHS_X86="C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\bin\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\dumpbin.exe"
-set POSSIBLE_PATHS_X64="C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\dumpbin.exe"
+REM Updated paths to include Visual Studio 2019 and 2022
+set POSSIBLE_PATHS_X86="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\bin\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\dumpbin.exe"
+set POSSIBLE_PATHS_X64="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\dumpbin.exe"
 
 for %%i in (%POSSIBLE_PATHS_X86%) do (
 	echo Checking for dumpbin x86... %%i
@@ -50,23 +97,72 @@ for %%i in (%POSSIBLE_PATHS_X64%) do (
 )
 :found_x64
 
+echo ================================================ >> %log_file%
+echo ModSecurity IIS Dependency Analysis >> %log_file%
+echo ================================================ >> %log_file%
+echo. >> %log_file%
+
+REM Check ModSecurity DLL locations
+echo Checking ModSecurity DLL locations... >> %log_file%
+if exist "%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll" (
+    echo [FOUND] %SystemRoot%\System32\inetsrv\ModSecurityIIS.dll >> %log_file%
+) else (
+    echo [MISSING] %SystemRoot%\System32\inetsrv\ModSecurityIIS.dll >> %log_file%
+)
+
+if exist "%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll" (
+    echo [FOUND] %SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll >> %log_file%
+) else (
+    echo [MISSING] %SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll >> %log_file%
+)
+echo. >> %log_file%
+
 if "%DUMPBIN_X86:~1,-1%" == "" (
 	echo Dumpbin x86 not found.
 	echo Dumpbin x86 not found. >> %log_file%
+	echo NOTE: Install Visual Studio 2019/2022 with C++ tools to use dumpbin. >> %log_file%
 ) else (
 	echo Using dumpbin x86: %DUMPBIN_X86%
-	echo Using dumpbin x86: %DUMPBIN_X86% >> %log_file% 
-	%DUMPBIN_X86% /imports /dependents  %* >> %log_file%
+	echo Using dumpbin x86: %DUMPBIN_X86% >> %log_file%
+	echo. >> %log_file%
+	if exist "%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll" (
+		echo ================================================ >> %log_file%
+		echo 32-bit ModSecurityIIS.dll dependencies: >> %log_file%
+		echo ================================================ >> %log_file%
+		%DUMPBIN_X86% /imports /dependents "%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll" >> %log_file% 2>&1
+	)
+	if not "%*" == "" (
+		echo. >> %log_file%
+		echo ================================================ >> %log_file%
+		echo Additional files specified: >> %log_file%
+		echo ================================================ >> %log_file%
+		%DUMPBIN_X86% /imports /dependents %* >> %log_file% 2>&1
 	)
 )
 
+echo. >> %log_file%
+
 if "%DUMPBIN_X64:~1,-1%" == "" (
 	echo Dumpbin x64 not found.
-	echo Dumpbin x64 not found. >> %log_file% 
+	echo Dumpbin x64 not found. >> %log_file%
+	echo NOTE: Install Visual Studio 2019/2022 with C++ tools to use dumpbin. >> %log_file%
 ) else (
 	echo Using dumpbin x64: %DUMPBIN_X64%
-	echo Using dumpbin x64: %DUMPBIN_X64% >> %log_file% 
-	%DUMPBIN_X64% /imports /dependents  %* >> %log_file%
+	echo Using dumpbin x64: %DUMPBIN_X64% >> %log_file%
+	echo. >> %log_file%
+	if exist "%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll" (
+		echo ================================================ >> %log_file%
+		echo 64-bit ModSecurityIIS.dll dependencies: >> %log_file%
+		echo ================================================ >> %log_file%
+		%DUMPBIN_X64% /imports /dependents "%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll" >> %log_file% 2>&1
+	)
+	if not "%*" == "" (
+		echo. >> %log_file%
+		echo ================================================ >> %log_file%
+		echo Additional files specified: >> %log_file%
+		echo ================================================ >> %log_file%
+		%DUMPBIN_X64% /imports /dependents %* >> %log_file% 2>&1
+	)
 )
 
 goto exit