wireshark entry point not found

asked 2023-01-26 16:03:50 +0000

austen.conway@helvar.com gravatar image

updated 2023-01-28 00:17:20 +0000

Chuckc gravatar image

On starting wireshark I get the following error while initializing external capture plugins:

etwdump.exe - Entry point not found
The procedure entry point init_progfile_dir could not be located in the dynamic link library C: ....|Wireshark\extcap\etwdump.exe

This is a fresh install on Windows 10 machine

image description

edit retag flag offensive close merge delete

Comments

Can you add the output of wireshark -v or Help->About Wireshark:Wireshark.

Chuckc gravatar imageChuckc ( 2023-01-26 18:47:18 +0000 )edit

Hi, Output added as requested. If you have any ides to help get this working that would be great.

Wireshark 4.0.3 (v4.0.3-0-gc552f74cdc23).

Copyright 1998-2023 Gerald Combs <[email protected]> and contributors.
Licensed under the terms of the GNU General Public License (version 2 or later).
This is free software; see the file named COPYING in the distribution. There is
NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.32, build 31332),
with GLib 2.72.3, with PCRE2, with zlib 1.2.12, with Qt 5.15.2, with libpcap,
with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.10.1, with
Kerberos (MIT), with MaxMind, with nghttp2 1.46.0, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.14, with libsmi ...
(more)
austen.conway@helvar.com gravatar image[email protected] ( 2023-01-27 17:51:29 +0000 )edit

The call to init_progfile_dir was removed in wsutil: Add configuration namespaces.
Did you copy any files from a different system? 

C:\Program Files\Wireshark\extcap>certutil -hashfile etwdump.exe md5
MD5 hash of etwdump.exe:
eee20e149beb95febf4b3e168843cbcb
CertUtil: -hashfile command completed successfully.

C:\Program Files\Wireshark\extcap>dir etwdump.exe
 Volume in drive C has no label.
 Volume Serial Number is CA50-96E4

 Directory of C:\Program Files\Wireshark\extcap

01/18/2023  02:24 PM           348,128 etwdump.exe
               1 File(s)        348,128 bytes
               0 Dir(s)  17,762,504,704 bytes free
Chuckc gravatar imageChuckc ( 2023-01-27 23:56:13 +0000 )edit

Thanks for your help. The etwdump.exe file I have installed generates a different hash to one shown above. I previously had an earlier version of wireshark and maybe the uninstall didn't remove the existing file. However, there was no warning given during install that I saw indicating a failure to write etwdump.exe. I will uninstall again and make sure the extcap folder is empty before attempting a new clean install.

austen.conway@helvar.com gravatar image[email protected] ( 2023-01-31 12:39:56 +0000 )edit

8678: NSIS: uninstall etwdump; extcap binaries not in program directory

Chuckc gravatar imageChuckc ( 2023-01-31 14:28:45 +0000 )edit
see more comments