4.5. Microsoft compiler toolchain (Windows native)

To compile Wireshark on Windows using the Microsoft C/C++ compiler, you’ll need:

  1. C compiler (cl.exe)
  2. Assembler (ml.exe for 32-bit targets and ml64.exe for 64-bit targets)
  3. Linker (link.exe)
  4. Resource Compiler (rc.exe)
  5. C runtime headers and libraries (e.g. stdio.h, msvcrt.lib)
  6. Windows platform headers and libraries (e.g. windows.h, WSock32.lib)
  7. HTML help headers and libraries (htmlhelp.h, htmlhelp.lib)

4.5.1. Official Toolchain Packages And Alternatives

The official Wireshark 2.4.x releases are compiled using Microsoft Visual C++ 2015. The Wireshark 2.2.x and 2.0.x releases are compiled using Microsoft Visual C++ 2013. The Wireshark 1.12.x and 1.10.x releases were compiled using Microsoft Visual C++ 2010 SP1. The 1.8 releases were compiled using Microsoft Visual C++ 2010 SP1 as well. The 1.6, 1.4, and 1.2 releases were compiled using Microsoft Visual C++ 2008 SP1. Other past releases, including the 1.0 branch, were compiled using Microsoft Visual C++ 6.0.

Using the release compilers is recommended for Wireshark development work.

The older "Express Edition" compilers such as Visual C++ 2010 Express Edition SP1 can be used but any PortableApps packages you create with them will require the installation of a separate Visual C++ Redistributable package on any machine on which the PortableApps package is to be used. See Section 4.5.4, “C-Runtime "Redistributable" Files” below for more details.

However, you might already have a different Microsoft C++ compiler installed. It should be possible to use any of the following with the considerations listed:

Visual C++ 2013 Community Edition

IDE + Debugger?
Purchase required?
Free Download
SDK required for 64-bit builds?

CMake Generator: Visual Studio 12

Visual C++ 2010 Express Edition

IDE + Debugger?
Purchase required?
Free Download
SDK required for 64-bit builds?

CMake Generator: Visual Studio 10

Installers created using express editions require a C++ redistributable vcredist_x86.exe (3MB free download) is required to build Wireshark-win32-2.5.0.exe, and vcredist_x64.exe is required to build Wireshark-win64-2.5.0.exe. The version of vcredist_x86.exe or vcredist_x64.exe must match the version for your compiler including any service packs installed for the compiler.]

Visual Studio 2010

IDE + Debugger?
Purchase required?
SDK required for 64-bit builds?

CMake Generator: Visual Studio 10

Building a 64-bit installer requires a a C++ redistributable (vcredist_x86.exe).footnoteref[vcredist]

You can use Chocolatey to install Visual Studio, e.g:

PS:\> choco install VisualStudioCommunity2013

4.5.2. cl.exe (C Compiler)

The following table gives an overview of the possible Microsoft toolchain variants and their specific C compiler versions ordered by release date.

Compiler Package




Visual Studio 2015




Visual Studio 2013




Visual Studio 2012




Visual Studio 2010




After correct installation of the toolchain, typing at the Visual Studio Command line prompt (cmd.exe):

> cl

should result in something like:

Microsoft (R) C/$$C++$$ Optimizing Compiler Version 18.00.31101 for x86
Copyright (C) Microsoft Corporation.  All rights reserved.

usage: cl [ option... ] filename... [ /link linkoption...

However, the version string may vary.

Documentation on the compiler can be found at Microsoft MSDN

4.5.3. link.exe (Linker)

After correct installation, typing at the Visual Studio Command line prompt (cmd.exe):

> link

should result in something like:

Microsoft (R) Incremental Linker Version 12.00.31101.0
Copyright (C) Microsoft Corporation.  All rights reserved.

 usage: LINK [options] [files] [@commandfile]

However, the version string may vary.

Documentation on the linker can be found at Microsoft MSDN

4.5.4. C-Runtime "Redistributable" Files

Please note: The following is not legal advice - ask your preferred lawyer instead. It’s the authors view and this view might be wrong.

Depending on the Microsoft compiler version you use, some binary files coming from Microsoft might be required to be installed on Windows machine to run Wireshark. On a developer machine, the compiler setup installs these files so they are available - but they might not be available on a user machine!

This is especially true for the C runtime DLL (msvcr*.dll), which contains the implementation of ANSI and alike functions, e.g.: fopen(), malloc(). The DLL is named like: msvcr’version'.dll, an abbreviation for "MicroSoft Visual C Runtime". For Wireshark to work, this DLL must be available on the users machine.

Starting with MSVC7, it is necessary to ship the C runtime DLL (msvcr’version'.dll) together with the application installer somehow, as that DLL is possibly not available on the target system.

[Note]Make sure you’re allowed to distribute this file

The files to redistribute must be mentioned in the redist.txt file of the compiler package. Otherwise it can’t be legally redistributed by third parties like us.

The following MSDN link is recommended for the interested reader:

In all cases where vcredist_x86.exe or vcredist_x64.exe is downloaded it should be downloaded to the directory into which the support libraries for Wireshark have been downloaded and installed. This directory is specified by the WIRESHARK_BASE_DIR or WIRESHARK_LIB_DIR environment variables. It need not, and should not, be run after being downloaded. msvcr120.dll / vcredist_x86.exe / vcredist_x64.exe - Version 12.0 (2013)

There are three redistribution methods that MSDN mentions for MSVC 2013 (see: "Choosing a Deployment Method"):

  1. Using Visual C++ Redistributable Package. The Microsoft libraries are installed by copying vcredist_x64.exe or vcredist_x86.exe to the target machine and executing it on that machine (MSDN recommends this for applications built with Visual Studio 2013)
  2. Using Visual C++ Redistributable Merge Modules. (Loadable modules for building msi installers. Not suitable for Wireshark’s NSIS based installer)
  3. Install a particular Visual C++ assembly as a private assembly for the application. The Microsoft libraries are installed by copying the folder content of Microsoft.VC120.CRT to the target directory (e.g. C:\Program Files\Wireshark)

To save installer size, and to make a portable version of Wireshark (which must be completely self-contained, on a medium such as a flash drive, and not require that an installer be run to install anything on the target machine) possible, when building 32-bit Wireshark with MSVC2013, method 3 (copying the content of Microsoft.VC120.CRT) is used (this produces the smallest package).

4.5.5. Windows (Platform) SDK

The Windows Platform SDK (PSDK) or Windows SDK is a free (as in beer) download and contains platform specific headers and libraries (e.g. windows.h, WSock32.lib, etc.). As new Windows features evolve in time, updated SDK’s become available that include new and updated APIs.

When you purchase a commercial Visual Studio or use the Community Edition, it will include an SDK. The free Express (as in beer) downloadable C compiler versions (VC++ 2012 Express, VC++ 2012 Express, etc.) do not contain an SDK — you’ll need to download a PSDK in order to have the required C header files and libraries.

Older versions of the SDK should also work. However, the command to set the environment settings will be different, try search for SetEnv.* in the SDK directory.

4.5.6. HTML Help

HTML Help is used to create the User’s and Developer’s Guide in .chm format and to show the User’s Guide as the Wireshark "Online Help".

Both features are currently optional, and might be removed in future versions. HTML Help Compiler (hhc.exe)

This compiler is used to generate a .chm file from a bunch of HTML files — in our case to generate the User’s and Developer’s Guide in .chm format.

The compiler is only available as the free (as in beer) "HTML Help Workshop" download. If you want to compile the guides yourself, you need to download and install this. If you don’t install it into the default directory, you may also have a look at the HHC_DIR setting in the file docbook/Makefile. HTML Help Build Files (htmlhelp.c / htmlhelp.lib)

The files htmlhelp.c and htmlhelp.lib are required to be able to open .chm files from Wireshark and show the online help. Both files are part of the SDK (standalone (P)SDK or MSVC since 2002).

4.5.7. Debugger

Using a good debugger can save you a lot of development time.

The debugger you use must match the C compiler Wireshark was compiled with, otherwise the debugger will simply fail or you will only see a lot of garbage. Visual Studio integrated debugger

You can use the integrated debugger of Visual Studio if your toolchain includes it. Open the solution in your build directory and build and debug as normal with a Visual Studio solution.

To set the correct paths for Visual Studio when running Wireshark under the debugger, add the build output directory to the path before opening Visual Studio from the same command prompt, e.g.

C:\Development\wsbuild32>set PATH="%PATH%;C:\Development\wsbuild32\run\RelwithDebInfo"

for PowerShell use

PS C:\Development\wsbuild32>$env:PATH += ";$(Convert-Path run\RelWithDebInfo)"
PS C:\Development\wsbuild32>wireshark.sln

When Visual Studio has finished loading the solution, set the executable to be run in the debugger, e.g. Executables\Wireshark, by right clicking it in the Solution Explorer window and selecting "Set as StartUp Project". Also set the Solution Configuration (usually RelWithDebInfo) from the droplist on the toolbar.


Currently Visual Studio regards a command line build as incomplete, so will report that some items need to be built when starting the debugger. These can either be rebuilt or ignored as you wish.

The normal build is an optimised release version so debugging can be a bit difficult as variables are optimised out into registers and the execution order of statements can jump around.

If you require a non-optimised version, then build using a debug configuration. Debugging Tools for Windows

You can also use the Microsoft Debugging Tools for Windows toolkit, which is a standalone GUI debugger. Although it’s not that comfortable compared to debugging with the Visual Studio integrated debugger it can be helpful if you have to debug on a machine where an integrated debugger is not available.

You can get it free of charge from Microsoft in several ways, see the Debugging tools for Windows page.

You can also use Chocolatey to install WinDbg:

PS:\> choco install windbg

To debug Wireshark using WinDbg, open the built copy of Wireshark using the File → Open Executable… menu, i.e. C:\Development\wsbuild32\run\RelWithDebInfo\Wireshark.exe. To set a breakpoint open the required source file using the File → Open Source File… menu and then click on the required line and press F9. To run the program, press F5.

If you require a non-optimised version, then build using a debug configuration, e.g. msbuild /m /p:Configuration=Debug Wireshark.sln. The build products will be found in C:\Development\wsbuild32\run\Debug\.