0

I built a dissector for my WireShark version (after doing all that steps of installing cygwin etc. for building WireShark). Now, my dissector works only on my build of WireShark (ver 1.9 ... ), and not on, lets say, the newest WireShark version 1.8.4 that I can download from www.wireshark.org.

I saw that it is possible to create an installer of my version, which I can spread, and then my dissector will also work for others...

But I wanted to ask if it possible some how, by changing the version some where, to make my dissector relevant for other/older versions of WireShark which are official releases.

Thanks ahead.

edit: I tried downloading 1.8 source, building it, then building my dissector... but the official 1.8 release doesn't recognize it:

"Couldn't load module C:\Program Files\Wireshark\plugins\1.8.3\mydissector.dll: `C:\Program Files\Wireshark\plugins\1.8.3\mydissector.dll': %1 is not a valid Win32 application."

hudac
  • 2,584
  • 6
  • 34
  • 57
  • Yes it is possible. Did you follow the instructions in http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html carefully when you set up your build environment? – SidR Dec 06 '12 at 18:39
  • I just recompiled one of my plugins and I'm having a problem as well. But the same plugin I built 3 months ago works fine with Wireshark 1.8.4. It looks like there were some significant changes in the trunk that haven't yet been incorporated in the released versions. Maybe you have to do an svn revert to an older version of trunk and recompile the code? – SidR Dec 06 '12 at 18:49
  • Yeah, I think I should get an 1.8 version and then recompile the dissector... I followed the instructions about how to build the environment.. – hudac Dec 07 '12 at 12:19
  • Hey, I tried it and it didn't work. I downloaded 1.8 source and built it, then built my dissector... but the official 1.8 release doesn't recognize it: "Couldn't load module C:\Program Files\Wireshark\plugins\1.8.3\mydissector.dll: `C:\Program Files\Wireshark\plugins\1.8.3\mydissector.dll': %1 is not a valid Win32 application." – hudac Dec 09 '12 at 08:19

1 Answers1

0

Hmm. The best I can say is get the SVN revision 45260 (on how to, see Stack Overflow question Checkout a specific revision from subversion from the command line) of the code, and compile your plugin again (check the SVN revision graph if you want to select a different version. You'll have the option to do this by right clicking the folder, and looking under the TortoiseSVN option). I just download the 1.8 source, and it seems too short (291 MB), and it's giving me the same problem, and I am not too certain if using it is the right thing.

Also make sure you're using Visual C++ 2010 to compile.

I notice you've asked the same question in ask.wireshark forum. A better solution may be provided there.

Community
  • 1
  • 1
SidR
  • 2,964
  • 1
  • 18
  • 32
  • Thanks, I will try it... I have VC2008, does it matter? – hudac Dec 09 '12 at 16:22
  • You're using VC2008? I think that might have been the problem in the first place. You need to use the same compiler as that was used to compile Wireshark or else your plugin won't work. Check oot Help->About Wireshark to find out which compiler was used to build the particular wirshark version. 1.6.x needs vc2008 while 1.8.x needs vc2010. – SidR Dec 09 '12 at 16:35
  • So do you think maybe I can compile my dissector with WireShark 1.6, and it will work on the 1.8 official? – hudac Dec 09 '12 at 17:37
  • Nope. That's not what I said. If you you compile it with VC2008, it should work in 1.6, but not in 1.8(although there are other issues that may prevent compatibility). Similarly, if you compile it with VC2010 it should work in 1.8, but I dunno if it will be backward compatible. – SidR Dec 09 '12 at 18:01
  • I tried compiling it with 1.6 and VS2010.. and 1.8 and VS2010 and none of it work... Do you have any idea? – hudac Dec 13 '12 at 16:09
  • I also tried compiling my dissector with the release itself "http://anonsvn.wireshark.org/wireshark/releases/wireshark-1.8.4/" and it still doesn't work on the official 1.8.4 release.... :\ – hudac Dec 13 '12 at 16:34
  • Same problem here (luckily I still have the old version of the code lying around, so I can use that). One last thing I would suggest is trying an svn revert, then adding your plugin and compiling. Or better yet, ask a new question in wireshark's site. I apologize for not being much help. – SidR Dec 13 '12 at 18:41
  • Thats fine thanks! you've been very helpful with the error declaration =] – hudac Dec 14 '12 at 20:18