Wireshark-dev: Re: [Wireshark-dev] Novice: Where do I place my own C dissector in Visual Studio
From: John Dill <[email protected]>
Date: Thu, 21 Sep 2017 15:36:51 +0000
>Message: 1
>Date: Wed, 20 Sep 2017 15:42:30 +0000
>From: [email protected]
>To: "[email protected]" <[email protected]>
>Subject: [Wireshark-dev] Novice: Where do I place my own C dissector
>        in Visual Studio 2015? Is it easy?
>Message-ID:
>        <[email protected]xxx>
>Content-Type: text/plain; charset="utf-8"
>
>By following the instructions in the Wireshark Developer's Guide Under Section 2.2. Win32/64: Step-by-Step Guide, I have been
>able to create and run Wireshark in Visual Studio 2015. I can load a capture file.
>
>Question: If I want to create my own dissector dot c file where do I put the dissector file? Is it as simple as putting my new file in
>a specific folder and rebuilding the solution? What are the steps to do this? Do I have to create other files to accompany my dot
>c file.
>
>I have attached images showing what I see when I open Visual Studio 2015.

I couldn't see the images from the mailing list, but there's a couple options.  The option I recommend to start with is to do your work in a plugins folder.

Copy one of the simple plugins folders like gryphon and rename the folder to your dissector name.  Go through each of the files and replace gryphon with the name of your dissector.  You should have a list of files like the following:

AUTHORS
CMakeLists.txt
COPYING
Makefile.am
moduleinfo.h
NEWS
packet-xxx.h
packet-xxx.c
plugin.c
plugin.rc.in
README

Then go through the Wireshark tree and change the following files.  I found this list by doing a recursive grep in the Wireshark source tree for gryphon and added lines for my plugins.  Just search for all instances of 'gryphon' and add corresponding lines to each of these files.

CMakeLists.txt
Makefile.am
configure.ac
epan/Makefile.am
packaging/nsis/wireshark.nsi (if you want to create a wireshark install package on Windows, I have good success with NSIS)
plugins/Makefile.am

Once you get your plugin working, you can copy your dissector to the epan/dissectors folder and submit a patch if you want your dissector to be integrated into the main Wireshark repo.  In my case, there's FOUO in the work that I've done, so I keep it as a plugin.

>Reference:
>Wireshark Developer's Guide Section 2.2 Win32/64: Step-by-Step >Guide<https://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html>
>
>Christopher Lusardi
>Engility Corporation
>43880 Commerce Avenue
>Hollywood, MD 20636
>301-373-9340 Ext.290

I'm actually work at Pax River, so it's nice to have a fellow sharker in the area.

Best regards,
John Dill