Ask Your Question

Wireshark unable to load customized plugin

asked 2019-11-06 05:35:22 +0000

Dorababu gravatar image

updated 2019-11-11 07:54:44 +0000

Steps followed:

Downloaded Wireshark(3.0.5) source, created build environment and build successfully without my custom dissector plugin.

Implemented custom plugin according to developer guide.

Build Wireshark with custom plugin, created xxx.dll for plugin then created installer using NSIS.

Custom Wireshark installer created and installed on system.

After installation while loading plugins, an error occurs "Couldn't load plugin 'xxx.dll :C:\Program Files (x86)\Wireshark\plugins\3.0\epan\xxx.dll':Specified module could not be found.

I verified the location where global plugins reside path "C:\Program Files (x86)\Wireshark\plugins\3.0\epan\xxx.dll" is there.

I'm unable to find root cause for the issue. If anybody has an idea, please share.

  1. Build on Windows 7 professional
  2. 32 bit installer
  3. Installed on windows 10, 7

Ran tests on installer found below info:

-- End stdout for command ('D:\\wsbuild32\\run\\RelWithDebInfo\\tshark.exe', '-G', 'decodes') --

-- Begin stderr for command ('D:\\wsbuild32\\run\\RelWithDebInfo\\tshark.exe', '-G', 'decodes') --

tshark: Couldn't load plugin 'xyz.dll': '\wsbuild32\run\RelWithDebInfo\plugins\3.0\epan\xyz.dll': The specified module could not be found.

-- End stderr for command ('\\wsbuild32\\run\\RelWithDebInfo\\tshark.exe', '-G', 'decodes') --

<end of output>
Test time =  44.46 sec
edit retag flag offensive close merge delete


The test output you show seems to be running from the build, not the installer. Has your dissector ever worked on the build system?

grahamb gravatar imagegrahamb ( 2019-11-06 12:08:09 +0000 )edit

Yes, its at build time test will open wireshark then it will load all plugins. same thing will happen if install same installer on target system.

After installation, if I open wireshark every time same issue happening , could not able to figure out what is the root cause for this issue.

I used snacc compiler to generate c++ code from asn1 schema then created messages dll ,lib by using generated c++ asn1 code, included at linking time to plugin module then perfectly generated plugin dll (xyz.dll) along wireshark source with VS2017.

Dorababu gravatar imageDorababu ( 2019-11-07 06:18:18 +0000 )edit

Please let me know if there is any tools to find exact root cause.

Dorababu gravatar imageDorababu ( 2019-11-07 06:24:40 +0000 )edit

Just to confirm, your dissector plugin also depends on another dll? If so, is that dll included in the Wireshark install you're creating so that it's subsequently copied to the target machine?

grahamb gravatar imagegrahamb ( 2019-11-07 10:32:29 +0000 )edit

Yes, its depends on other dll. included to wireshark as well

Dorababu gravatar imageDorababu ( 2019-11-07 14:00:04 +0000 )edit

3 stages

  1. project: snacc cppasn1/casn1.libs and dlls created.
  2. project 2: asn1 source(/c++) generated with snacc compiler(uisng cpp/casn1 libs/dlls) from schemas.
  3. Messages project built with generated asn1 source(c/c++) created messages dll.
  4. Added messages lib/dll to xyz plugin-->xyz.dll with wireshark source,created installer.

then installed on target system.

Dorababu gravatar imageDorababu ( 2019-11-07 14:08:12 +0000 )edit

So xyz.dll is on the target system, installed by the Wireshark installer. are the other dll's you mention also installed on the target system. i.e. asn1.dll and messages.dll?

You must ensure that all dependent dll's required by your plugin are also installed on the target system, note that the compilation of other code may also add dependencies on other compiler libraries which may not be present on the target system. You can check the dependencies by using a tool such as dependency walker.

grahamb gravatar imagegrahamb ( 2019-11-07 15:07:02 +0000 )edit

Conformed that all dependency dlls are linked to target dll.

Cross checked:

1)Copied all the dependency dlls to "D:\wsbuild32\run\RelWithDebInfo then modified Wireshark.nsi script accordingly.

2)Created installer, installed on target system and successfully loads all the dependency dll while opening wireshark.

3)While loading my plugin, its throwing an error "Duplicate protocol filter_name "xyz"! This might be caused by an inappropriate plugin or a development error."

4)I understand that dependency data already present in my plug in dll, if I'm wrong please suggest.

Dorababu gravatar imageDorababu ( 2019-11-11 06:53:37 +0000 )edit

Hi Grahamb,

When I ran dependency walker on xyz.dll(my plugin)

Errors while finding location for following  dll/libs:

issue: my-plugin looking in this path "D:\wsbuild32\run\RelWithDebInfo\plugins\3.0\epan" but actually all the dependency dll/libs present at "D:\wsbuild32\run\RelWithDebInfo" mean 2 dirs before from plugin path.

Dorababu gravatar imageDorababu ( 2019-11-11 07:52:29 +0000 )edit

Your responses are a little confusing, can you confirm that running from the build directory, e.g. run\RelWithDebInfo\Wireshark.exe works without any errors?

grahamb gravatar imagegrahamb ( 2019-11-11 11:18:55 +0000 )edit

I ran wirehark.exe from build directory i got below error. Microsoft Visual studio C++ Runtime Library:Assertion failed! Program:... File:.\threads.c Line:335 Expression: destrctor_set[Keynum}==0

Dorababu gravatar imageDorababu ( 2019-11-11 12:55:45 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2019-12-26 06:06:10 +0000

Dorababu gravatar image

Added all dependency projects under wireshark project then its works for me.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2019-11-06 05:35:22 +0000

Seen: 890 times

Last updated: Dec 26 '19