Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] 0.8.16 crashing on Win2k

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Gilbert Ramirez" <gram@xxxxxxxxxx>
Date: Wed, 28 Mar 2001 21:11:38 -0600
Would it be better to supply executables with embedded debug information,
thus requiring the distribution of two types of executables (debug and
non-debug),
or to provide the *.pdb files as a separate download so that those that
need to debug or provide stack back-traces with symbols can have the symbols
readily available?

I ask since I'm not familiar with normal Windows practices. I would think
a separate PDB download would be nicer, but will Dr. Watson use it,
as in this case, to show symbols?

--gilbert

----- Original Message -----
From: "Gilbert Ramirez" <gilramir@xxxxxxxxx>
To: "Visser, Martin (SNO)" <Martin.Visser@xxxxxxxxxx>
Cc: <ethereal-dev@xxxxxxxxxxxx>
Sent: Friday, March 23, 2001 12:29 PM
Subject: Re: [Ethereal-dev] 0.8.16 crashing on Win2k


> "Visser, Martin (SNO)" wrote:
> >
> > Hi,
> >
> > The Ethereal 0.8.16 Win32 binary seems to be a bit unstable. I am
getting
> > exceptions some times. It seems to be when I capture with real-time
display,
> > but also I have had it when Ethereal loads the capture after stopping.
(I
> > loaded the new WinPcap but it has the same symptoms).
> >
> > Anyway,  here's what DrWatson thinks of it ->
> >
>
> >
> > function: <nosymbols>
> >         0052feab d1e0             shl     eax,1
> >         0052fead a3e8226200       mov     [006222e8],eax
>
> Unfortunately the win32 binary doesn't have any symbols in it, so
> the this info doesn't help very much. (Why do I do things like that!)
>
> I can build a debug version of the win32 binary this weekend.
> However, if you want to debug this problem sooner, and if you can
> capture on a network that has no sensitive information:
>
> 1. Capture some packets, w/o analyzing them:
>
> tethreal.exe -o output.cap -c 1000  (or whatever count you want)
>
> 2. Load the file in Ethereal:
>
> ethereal.exe -r output.cap
>
> 3. Repeat 1 & 2 until you get a file that crashes Ethereal. Send us the
> file.
>
> or, to lessen the chance of capturing sensitive information.
>
> 4. Run tethereal -V on the file to find the last packet that was
> analyzed
> before the crash.
>
> 5. Use editcap to extract this packet *after* this packet (or a small
> group
> of packets on either side of the last packet, just to make sure).
>
> 6. Test Ethereal on this new, smaller file.
>
> 7. If it crashes ethereal, try to view the contents of this file with
> 'strings'
> or any hexdump-type program. If it contains no private information, send
> it to us.
>
> --gilbert
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube