Wireshark · Wireshark-dev: Re: [Wireshark-dev] Building Wireshark on Windows

[Graham Bloice <graham.bloice@xxxxxxxxxxxxx>]

On 15 November 2012 15:31, David Ameiss <netshark@xxxxxxxxxxxxx> wrote:

Interesting. From the official 1.8.2 64-bit release:

==========

Microsoft (R) COFF/PE Dumper Version 9.00.21022.08

Copyright (C) Microsoft Corporation.  All rights reserved.

Dump of file c:\program files\wireshark\wireshark.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES

            8664 machine (x64)

               6 number of sections

        502BCA0F time date stamp Wed Aug 15 11:10:55 2012

               0 file pointer to symbol table

               0 number of symbols

              F0 size of optional header

              22 characteristics

                   Executable

                   Application can handle large (>2GB) addresses

OPTIONAL HEADER VALUES

             20B magic # (PE32+)

           10.00 linker version

          196600 size of code

          188600 size of initialized data

               0 size of uninitialized data

          195120 entry point (0000000140195120)

            1000 base of code

       140000000 image base (0000000140000000 to 0000000140322FFF)

            1000 section alignment

             200 file alignment

            5.02 operating system version

            0.00 image version

            5.02 subsystem version

               0 Win32 version

          323000 size of image

             400 size of headers

          30BE6E checksum

               2 subsystem (Windows GUI)

            8140 DLL characteristics

                   Dynamic base

                   NX compatible

                   Terminal Server Aware

          100000 size of stack reserve

            1000 size of stack commit

          100000 size of heap reserve

            1000 size of heap commit

               0 loader flags

              10 number of directories

==========

And from my local build based on 1.8.2:

==========

Microsoft (R) COFF/PE Dumper Version 9.00.21022.08

Copyright (C) Microsoft Corporation.  All rights reserved.

Dump of file c:\program files\wireshark\wireshark.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES

            8664 machine (x64)

               6 number of sections

        50A2870D time date stamp Tue Nov 13 11:44:45 2012

               0 file pointer to symbol table

               0 number of symbols

              F0 size of optional header

              22 characteristics

                   Executable

                   Application can handle large (>2GB) addresses

OPTIONAL HEADER VALUES

             20B magic # (PE32+)

           10.00 linker version

          199800 size of code

          18A000 size of initialized data

               0 size of uninitialized data

          198260 entry point (0000000140198260)

            1000 base of code

       140000000 image base (0000000140000000 to 0000000140326FFF)

            1000 section alignment

             200 file alignment

            6.01 operating system version

            0.00 image version

            6.01 subsystem version

               0 Win32 version

          327000 size of image

             400 size of headers

               0 checksum

               2 subsystem (Windows GUI)

            8140 DLL characteristics

                   Dynamic base

                   NX compatible

                   Terminal Server Aware

          100000 size of stack reserve

            1000 size of stack commit

          100000 size of heap reserve

            1000 size of heap commit

               0 loader flags

              10 number of directories

==========

The differences appear to be "operating system version" (5.02 for official, 6.01 for local) and "subsystem version" (same values). I would imagine that would at least contribute to the problem.

But I'm not sure how to correct it.

The target system is specified in a linker flag /SUBSYSTEM