ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online

Wireshark-dev: [Wireshark-dev] Generating DCE/RPC dissectors in Windows

From: Michael Mann <mmann78@xxxxxxxxxxxx>
Date: Tue, 23 Feb 2016 09:00:39 -0500
I made another attempt at trying to get DCE/RPC dissectors to generate in Windows, but still having no luck.  I'll try to explain my steps/process to see if anyone has any better suggestions of things to try next.
The main piece needed to generate DCE/RPC dissectors is installing the Pidl perl module (and I haven't done anything with perl outside of simple scripts).  This was where I stumbled before and this time I got farther, but it would be great if the installation could somehow be worked into Wireshark "setup".
All of these steps were attempted in a Windows Command Prompt, not a (Cygwin) bash shell.
I started by following the instructions (Cahn's Axiom) in tools/pidl/README which say to start by running Makefile.PL to generate the makefile.  I did, makefile was generated.
The next step was to run "make install", which failed miserably.  The reason it failed was that the makefile generated set up macros to think I had perl installed at /usr/lib/perl5/5.8.8, which is obviously foreign to a Windows system.  I manually edited the makefile to point to where I did have perl (/cygdrive/c/progra~1/Git/lib/perl5/5.8.8), and then the installation was successful.  Should this be mentioned as a necessary step in the README?  Does this mean I should really be trying to use Cygwin more "natively"?
Should such "manual modification" be required?  The generated makefile says that it should not be modified directly and all changes should go through Makefile.PL, but I didn't see how Makefile.PL ever got the perl path. If Wireshark "setup" can find the perl path, I think it could work in the installation of the Pidl module.
With the modified makefile, I successfully installed Pidl (I think... output seems to imply I was successful), now to go build a dissector.  I did this with Alexis's patch applied (, but I don't think it matters (the directories will just be slightly different)
First I tried:
C:\wireshark\pidl\dssetup>perl C:\wireshark\tools\pidl\pidl --includedir . --ws-parser -- dssetup.idl
and got the error:
Can't locate Parse/ in @INC (@INC contains: /c/wireshark/pidl/dssetup/lib
 /usr/lib/perl5/5.8.8/msys /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/m
sys /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl .) at C:\wireshark\t
ools\pidl\pidl line 410.
BEGIN failed--compilation aborted at C:\wireshark\tools\pidl\pidl line 410.
I googled @INC (because this is how much I know about perl) and thought
C:\wireshark\pidl\dssetup>perl -I C:\wireshark\tools\pidl\lib C:\wireshark\tools\pidl\pidl --includedir . --ws-parser -- dssetup.idl
would work, but I got this error:
Compiling dssetup.idl
sh: cpp: command not found
Failed to parse dssetup.idl at C:\wireshark\tools\pidl\pidl line 608.
More googling suggests that $ENV{CPP} (within Pidl) is expected to be my "C++ compiler".  I've tried passing it cl.exe (hardcoded) from MSVC, and it seems to choke on the output.  Googling also says msbuild doesn't support the necessary compiler options.  Not sure if I need another compiler? (Pidl seems to think "cpp" is a standard compiler).  Is this where Cygwin might need to be more involved (and I need to install more components)?
That's where I'm currently stuck.
And while the -I seemed to help, I'm still not sure where it got the idea of the "default" include directories of /usr/lib/*.  I thought if those could be more solidified, perhaps the perl script could go farther.