Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Loading a DLL into custom dissector

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 15 Feb 2009 15:37:55 -0800

On Feb 13, 2009, at 7:01 AM, <gogrady@xxxxxxxxx> <gogrady@xxxxxxxxx> wrote:

I have created my own custom dissector, it will take raw data and send it to a sort of "proxy" dll that will send the raw data elsewhere to be decoded and then sent back. However i'm having a bit of trouble doing this since i'm new to it all. So i had a few questions.

1) In what order are the functions in the dissector called?

The proto_reg_XXX routine is called first, when Wireshark/TShark/ whatever starts up.

During startup, after all the dissectors' proto_reg_XXX routines are called, the proto_reg_handoff_XXX() routines are called.

During dissection, the dissection routines you've registered are called.

If one of the functions is called at the start of the dissection then could i load my DLL there for later use in the dissect_foo() function?

What do you mean by "at the start of the dissection"? There aren't any routines called in the dissection process before any dissectors are called, if that's what you mean.

You could load your DLL in the proto_reg_XXX routine.

2) I'm loading the dll implicitly,

"Implicitly" in what sense? Are you calling a routine to load it, or are you just linking it?