Wireshark · Wireshark-dev: Re: [Wireshark-dev] About libwireshark (Stephen Fisher)

[shirely_geng <shirely_geng@xxxxxxx>]

Hi Stephen Fisher

 

I want to use the dll: libwireshark.dll to dissect packets under MFC UI framework

it will be a new UI different from wireshark. And now I can load the dll now,

I add below one line to project header file:

 #pragma comment(linker, "\"/manifestdependency:type='Win32' name='Microsoft.VC90.CRT' version='9.0.21022.8' processorArchitecture='X86' publicKeyToken='1fc8b3b9a1e18e3b' language='*'\"")
and then the vs will load the msvcr90.dll. Finally the project works.

在2009-10-14 16:13:25，wireshark-dev-request@xxxxxxxxxxxxx 写道：
>Send Wireshark-dev mailing list submissions to
>	wireshark-dev@xxxxxxxxxxxxx
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	https://wireshark.org/mailman/listinfo/wireshark-dev
>or, via email, send a message with subject or body 'help' to
>	wireshark-dev-request@xxxxxxxxxxxxx
>
>You can reach the person managing the list at
>	wireshark-dev-owner@xxxxxxxxxxxxx
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Wireshark-dev digest..."
>
>
>Today's Topics:
>
>   1. Re: mingw for plugin developement (wsgd)
>   2. buildbot failure in Wireshark (development) on
>      Ubuntu-7.10-x86-64 (buildbot-no-reply@xxxxxxxxxxxxx)
>   3. About libwireshark (shirely_geng)
>   4. Re: About libwireshark (Stephen Fisher)
>   5. Re: Wireshark memory handling (Erlend Hamberg)
>   6. buildbot failure in Wireshark (development) on
>      Windows-XP-Win64 (buildbot-no-reply@xxxxxxxxxxxxx)
>   7. buildbot failure in Wireshark (development) on	Windows-XP-x86
>      (buildbot-no-reply@xxxxxxxxxxxxx)
>   8. need data from a non-finalized tvb (Devlina)
>   9. Current trunk crashes on Windows? (RUOFF LARS)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Tue, 13 Oct 2009 20:35:31 +0200
>From: wsgd <wsgd@xxxxxxx>
>Subject: Re: [Wireshark-dev] mingw for plugin developement
>To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
>Message-ID: <4AD4C873.5060704@xxxxxxx>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Hello,
>
>You must include the dll manifest inside the dll :
>mt.exe -manifest <your_dll>.dll.manifest -outputresource:<your_dll>.dll;2
>
>If you do not have the manifest, comment the following line :
>DLL_LDFLAGS = /MANIFEST:no
>into config.nmake
>
>
>AND/OR
>
>
>To use your dll on another PC, it could be necessary to install a Visual 
>C++ 2008 vcredist_x86.exe.
>The version of vcredist_x86.exe MUST match the version for your compiler.
>E.g: 
>http://www.microsoft.com/downloads/details.aspx?familyid=a5c84275-3b97-4ab7-a40d-3802b2af5fc2&displaylang=en
>
>
>Olivier
>
>
>gmail a ?crit :
>> Hello,
>>
>> i am trying it, but still have the "Couldn't load module" message from ws.
>> Is there some particular setting for the project for the plugin dll ?
>>
>> many thanks
>> Angelo
>>
>> Balint Reczey ha scritto:
>>   
>>> Hi Angelo,
>>>
>>> Try Visual C++ 2008 Express Edition, it's free.
>>> http://www.wireshark.org/docs/wsdg_html_chunked/ChToolsMSChain.html
>>>
>>> Cheers,
>>> Balint
>>>
>>> gmail wrote:
>>>   
>>>     
>>>> Hello All,
>>>>
>>>> i ha ve developed a dissector, using gcc on windows (mingw). Wireshark 
>>>> says that cannot load the module, i read already the FAQs. So is there 
>>>> any chance to have this mingw dll loadable ? I will not install any M$ 
>>>> payment / cracked M$VC or similar in my PC, and also think that 
>>>> opensource development should keep away from payment stuff.
>>>>
>>>>
>>>>
>>>> It any suggestion, many thanks
>>>> Regards,
>>>> Angelo
>>>> ___________________________________________________________________________
>>>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>>>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>>>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>     
>>>>       
>>> ___________________________________________________________________________
>>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>   
>>>     
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>>
>>   
>
>
>
>------------------------------
>
>Message: 2
>Date: Tue, 13 Oct 2009 12:32:28 -0700
>From: buildbot-no-reply@xxxxxxxxxxxxx
>Subject: [Wireshark-dev] buildbot failure in Wireshark (development)
>	on	Ubuntu-7.10-x86-64
>To: wireshark-dev@xxxxxxxxxxxxx
>Message-ID: <20091013193229.93374200B@xxxxxxxxxxxxxxxxxxx>
>Content-Type: text/plain
>
>The Buildbot has detected a new failure of Ubuntu-7.10-x86-64 on Wireshark (development).
>Full details are available at:
> http://buildbot.wireshark.org/trunk/builders/Ubuntu-7.10-x86-64/builds/138
>
>Buildbot URL: http://buildbot.wireshark.org/trunk/
>
>Buildslave for this Build: ubuntu-7.10-x86
>
>Build Reason: 
>Build Source Stamp: 30553
>Blamelist: wmeier
>
>BUILD FAILED: failed failed slave lost
>
>sincerely,
> -The Buildbot
>
>
>
>------------------------------
>
>Message: 3
>Date: Wed, 14 Oct 2009 08:39:43 +0800 (CST)
>From: shirely_geng <shirely_geng@xxxxxxx>
>Subject: [Wireshark-dev] About libwireshark
>To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
>Message-ID:
>	<28387576.574501255480783699.JavaMail.coremail@xxxxxxxxxxxxxxxxxx>
>Content-Type: text/plain; charset="gbk"
>
>Hi all:
>This is my first mail in this mail list, I have study wireshark for about one 
>month, Here I meet one issue, neet you experts to help me to solve this.
> 
>I want to change the UI of wireshark, I want to use MFC as the UI framework, here are the steps I create a new project(under 2008 pro edition).
>1. Create one prject.
>2. Add the libwireshark.dll wiretap.dll and some other dlls into the project.
>now, I can successfully compile the the code, but when I run the project, i failed to load the dlls, seems ntdll.dll meet some issue.
> 
>Could you please help me to solve this?
> 
> 
> 
> Best Regards
> Fighter 
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20091014/65e8b254/attachment.htm 
>
>------------------------------
>
>Message: 4
>Date: Tue, 13 Oct 2009 19:28:38 -0600
>From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
>Subject: Re: [Wireshark-dev] About libwireshark
>To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
>Message-ID: <97C4B283-63B7-498B-9ABE-A66057C16D10@xxxxxxxxxxxxxxxxxx>
>Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
>
>
>On Oct 13, 2009, at 6:39 PM, shirely_geng wrote:
>
>> I want to change the UI of wireshark, I want to use MFC as the UI  
>> framework, here are the steps I create a new project(under 2008 pro  
>> edition).
>> 1. Create one prject.
>> 2. Add the libwireshark.dll wiretap.dll and some other dlls into the  
>> project.
>> now, I can successfully compile the the code, but when I run the  
>> project, i failed to load the dlls, seems ntdll.dll meet some issue.
>
>Are you trying to extend the Wireshark GUI (which is written with GTK 
>+) or create a new GUI that uses Wireshark's dissection capabilities?
>
>
>Steve
>
>
>
>------------------------------
>
>Message: 5
>Date: Tue, 13 Oct 2009 20:00:04 +0200
>From: Erlend Hamberg <hamberg@xxxxxxxxxxxx>
>Subject: Re: [Wireshark-dev] Wireshark memory handling
>To: Guy Harris <guy@xxxxxxxxxxxx>
>Cc: wireshark-dev@xxxxxxxxxxxxx, kpro1@xxxxxxxxxxx
>Message-ID: <200910132000.11202.hamberg@xxxxxxxxxxxx>
>Content-Type: text/plain; charset="utf-8"
>
>On Saturday 10. October 2009 03.48.29 Guy Harris wrote:
>> The data Wireshark currently keeps in its address space that could
>> grow in size as the capture file grows are:
>> 
>> 	the frame_data structure (epan/frame_data.h) - one structure instance
>> per packet;
>
>Ok, so ? if my understanding is correct ? for every packet that is read, an 
>frame_data structure is created, this is 80 bytes on a 32-bit machine and 128 
>bytes on a 64 bit machine according to gdb.
>
>> 	the text for some or all of the columns in all of the rows of the
>> packet list (all, in current releases of Wireshark; some, in the
>> development branch);
>
>Ok, not much to save here after the introduction of the new packet list, I 
>guess.
>
>> 	various per-packet private data attached to some frames by dissectors;
>> 
>> 	various per-dissector private data structures;
>
>Hard to avoid. :-)
>
>> 	the results of reassembly.
>
>See below.
>
>> The data from the frames in the capture file are not kept in
>> Wireshark's address space - they are read in as necessary, into a
>> small number of buffers (one for the main window, and one for each
>> packet window opened).  *HOWEVER*, if data from a frame is reassembled
>> into a higher-level multiple-frame packet, the result of the
>> reassembly is, as noted, kept in Wireshark's address space.
>
>So, when Wireshark reads the capture file, if it finds a single-frame packet, 
>it will only create a frame_data structure in memory and possibly data from 
>the dissector for that type of packet. But if the packet is made up of several 
>frames, the packet is reassembled and kept in memory? If so, do you think this 
>could be changed? Would it be worth it?
> 
>> People complain about it enough that, while in *most* cases it might
>> not be a problem, we frequently get mail from people who have to split
>> up capture files to read them - I'd call it enough of a problem that
>> we should work on it (ideally, by reducing the amount of address space
>> required by the aforementioned data items).
>
>Yes, absolutely.
>
>It would still be nice if would be possible for people to analyse more data 
>than will fit in virtual memory (in the case of Linux/Solaris, etc. where the 
>swap space is fixed). I see that there is an "abstraction" of memory 
>allocation in epan/emem.c (se_alloc* and friends), but g_malloc, and plain 
>malloc is used as well, it seems.
>If the functions in emem.c were used for all memory allocation/freeing, that 
>would mean that this could be done by intercepting requests for memory in 
>those functions.
>
>What is the status on the use of these functions? I got the impression from 
>README.malloc that these are recommended, but I mostly see allocations done 
>using g_malloc. Or is that just allocations that should outlive a capture 
>session?
>
>-- 
>Erlend Hamberg
>"Everything will be ok in the end. If its not ok, its not the end."
>GPG/PGP:  0xAD3BCF19
>45C3 E2E7 86CA ADB7 8DAD 51E7 3A1A F085 AD3B CF19
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: not available
>Type: application/pgp-signature
>Size: 197 bytes
>Desc: This is a digitally signed message part.
>Url : http://www.wireshark.org/lists/wireshark-dev/attachments/20091013/b0e6a643/attachment.pgp 
>
>------------------------------
>
>Message: 6
>Date: Tue, 13 Oct 2009 22:23:28 -0700
>From: buildbot-no-reply@xxxxxxxxxxxxx
>Subject: [Wireshark-dev] buildbot failure in Wireshark (development)
>	on	Windows-XP-Win64
>To: wireshark-dev@xxxxxxxxxxxxx
>Message-ID: <20091014052328.4B274D31B@xxxxxxxxxxxxxxxxxxx>
>Content-Type: text/plain
>
>The Buildbot has detected a new failure of Windows-XP-Win64 on Wireshark (development).
>Full details are available at:
> http://buildbot.wireshark.org/trunk/builders/Windows-XP-Win64/builds/378
>
>Buildbot URL: http://buildbot.wireshark.org/trunk/
>
>Buildslave for this Build: windows-xp-win64
>
>Build Reason: 
>Build Source Stamp: 30554
>Blamelist: martinm
>
>BUILD FAILED: failed failed slave lost
>
>sincerely,
> -The Buildbot
>
>
>
>------------------------------
>
>Message: 7
>Date: Tue, 13 Oct 2009 22:23:30 -0700
>From: buildbot-no-reply@xxxxxxxxxxxxx
>Subject: [Wireshark-dev] buildbot failure in Wireshark (development)
>	on	Windows-XP-x86
>To: wireshark-dev@xxxxxxxxxxxxx
>Message-ID: <20091014052330.6DC0AD31E@xxxxxxxxxxxxxxxxxxx>
>Content-Type: text/plain
>
>The Buildbot has detected a new failure of Windows-XP-x86 on Wireshark (development).
>Full details are available at:
> http://buildbot.wireshark.org/trunk/builders/Windows-XP-x86/builds/274
>
>Buildbot URL: http://buildbot.wireshark.org/trunk/
>
>Buildslave for this Build: windows-xp-x86
>
>Build Reason: 
>Build Source Stamp: 30554
>Blamelist: martinm
>
>BUILD FAILED: failed failed slave lost
>
>sincerely,
> -The Buildbot
>
>
>
>------------------------------
>
>Message: 8
>Date: Wed, 14 Oct 2009 09:58:05 +0530
>From: Devlina <devlinahello2@xxxxxxxxx>
>Subject: [Wireshark-dev] need data from a non-finalized tvb
>To: wireshark-dev@xxxxxxxxxxxxx
>Message-ID: <1a6b9f160910132128gec7906h2a1f321116f21c@xxxxxxxxxxxxxx>
>Content-Type: text/plain; charset="iso-8859-1"
>
>I have a tvb which is not finalized yet. i.e. there are still some data to
>be inserted into it later. But at this point i need to store this
>non-finalized tvb into another tvb. Is it possible to do that. I am trying
>the same but it seems it is not working. Please help !!
>
>-- 
>Thanks,
>Devlina
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: http://www.wireshark.org/lists/wireshark-dev/attachments/20091014/9ad351dc/attachment.htm 
>
>------------------------------
>
>Message: 9
>Date: Wed, 14 Oct 2009 10:12:53 +0200
>From: "RUOFF LARS" <Lars.Ruoff@xxxxxxxxxxxxxxxxx>
>Subject: [Wireshark-dev] Current trunk crashes on Windows?
>To: "Developer support list for Wireshark"
>	<wireshark-dev@xxxxxxxxxxxxx>
>Message-ID:
>	<E84C901545FD2B4BB4A6E07C2C544D8F0442410E@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>	
>Content-Type: text/plain;	charset="us-ascii"
>
>Hi,
>The current trunk (rev.30555) crashes on Windows when loading the Prefs
>file:
>
>Unhandled exception at 0x77c478ac in wireshark.exe: 0xC0000005: Access
>violation reading location 0x00000001.
>
>Call Stack:
> 	msvcrt.dll!77c478ac() 	
> 	[Frames below may be incorrect and/or missing, no symbols loaded
>for msvcrt.dll]	
> 	msvcrt.dll!77c2c2e3() 	
>>	wireshark.exe!font_init()  Line 407 + 0xe bytes	C
> 	wireshark.exe!main(int argc=0, char * * argv=0x02ef5eac)  Line
>2546	C
> 	wireshark.exe!WinMain(HINSTANCE__ * hInstance=0x00400000,
>HINSTANCE__ * hPrevInstance=0x00000000, char * lpszCmdLine=0x00151f28,
>int nCmdShow=1)  Line 2806 + 0x17 bytes	C
> 	wireshark.exe!__tmainCRTStartup()  Line 578 + 0x1d bytes
>C
> 	kernel32.dll!7c816fe7() 	
>
>Is it just me?
>Is it a known issue?
>1.3.0 runs fine when i compile from source.
>
>Lars
>
>For info:
>> wireshark.exe -v
>wireshark 1.3.1
>
>Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and
>contributors.
>This is free software; see the source for copying conditions. There is
>NO
>warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
>PURPOSE.
>
>Compiled with GTK+ 2.16.6, with GLib 2.20.5, with WinPcap (version
>unknown),
>with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI
>0.4.8,
>with c-ares 1.6.0, with Lua 5.1, without Python, with GnuTLS 2.8.1, with
>Gcrypt
>1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
>Sep 23
>2009), with AirPcap, with new_packet_list.
>
>Running on Windows XP Service Pack 2, build 2600, with WinPcap version
>4.0.2
>(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS
>2.8.1,
>Gcrypt 1.4.4, without AirPcap.
>
>Built using Microsoft Visual C++ 9.0 build 30729
>
>
>------------------------------
>
>_______________________________________________
>Wireshark-dev mailing list
>Wireshark-dev@xxxxxxxxxxxxx
>https://wireshark.org/mailman/listinfo/wireshark-dev
>
>
>End of Wireshark-dev Digest, Vol 41, Issue 24
>*********************************************

---

看陆川杨幂新片《琴棋书画》，品网易3D国韵网游《天下贰》