Ask Your Question
0

Plugin I built not loading with current Wireshark 4.0.3 install

asked 2023-02-28 18:54:18 +0000

jlshuman1961 gravatar image

updated 2023-03-01 23:48:37 +0000

Guy Harris gravatar image

I have written/developed 4 distinct plugins that I have been using since Wireshark 2.x. When Wireshark 3.x was released, I updated my plugins to work with that. Now that Wireshark 4.x is out, I am trying to update my plugins for that version.

I develop in Windows environment and I follow the instructions in the Developer's guide in the Windows section. I download all of the tools that are necessary and set up my Wireshark build environment and build Wireshark along with my four plugins. Then I install the latest cooresponding Wireshark version (in this case version 4.0.3) and then copy my plugin dlls and all of my supporting dlls to the Wireshark install location. This has been working for me for the last several years.

This time, when I finished building Wireshark and my four plugins, I am able to successfully run my data with the Wireshark version I built and with my new plugins. I have a test case I run through to make sure it all works correctly. And it does. Then I installed Wireshark 4.0.3 and copied all of my plugins and supporting dlls to the Wireshark 4.0.3 install location. At this point, when I run this version of Wireshark, I get an error stating that "Couldn't load plugin 'foo.dll':" followed by the location of my plugin dll, and finally, "The specified procedure could not be found." The other three plugins I wrote work as designed.

More background about the plugin that does not load: It is actually based on the SMTP dissector that comes with Wireshark. I start with the SMTP dissector code and modify it to work with my data. I changed the names of the important methods and variables to have new names and I register these methods to be used instead of the original SMTP dissector. Again, this has worked for all of the 2.x and 3.x versions of Wireshark and it works with the new Wireshark that I built with the lasest source from Wireshark.

Can someone tell me how to figure out which "specified procedure" is not being found and how I can fix this issue? Again, it works just fine with the Wireshark that I built. But we don't distribute our own Wireshark. We only distribute our plugin dlls and let our users install the latest version from Wireshark.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-03-01 08:34:58 +0000

Guy Harris gravatar image

I download all of the tools that are necessary and set up my Wireshark build environment and build Wireshark along with my four plugins.

This results in a plugin that should work with the version of Wireshark that you built.

Unless that version of Wireshark was built from the source code to a 4.0.x version of Wireshark, it is not guaranteed to result in a plugin that will work with a 4.0.x version of Wireshark, as we do not guarantee binary compatibility between major releases of Wireshark - including, for example, 4.0.x and a future 4.2.x; we only guarantee binary compatibility between dot-dot releases.

If you follow the instructions in section 2.2.10 "Install and Prepare Sources" of the Developer's Guide, you will be building a Wireshark from a snapshot of the current under-development next major release of Wireshark, which is not guaranteed to be binary compatible with 4.0.x, or even with that future major release.

So you'll need to get the 4.0.3 source code for Wireshark, and build your plugins in that directory hierarchy. The "Source Code" link in the "Download Wireshark" section of our shiny new main web page will provide the source to 4.0.3. It's in the form of an XZ-compressed tarball, so you might need WinZip to unpack it.

Can someone tell me how to figure out which "specified procedure" is not being found

If you build it with the 4.0.3 source code, it will probably either 1) result in a binary that doesn't call that procedure or 2) fail to build, with a linker error giving the name of the procedure. The error might be of the form

error LNK2019: unresolved external symbol __imp_procedure_name referenced in function my_dissector_xyzzy

which would mean that the procedure is named procedure_name and it's called from a function named my_dissector_xyzzy.

(I'm doing some tests to see what information error messages that Windows displays for this situation provide, and whether there's anything we can do to get more information, such as the name of the procedure. If not, that's ultimately on Microsoft, not us; the equivalent mechanism in UN*Xes has a call to get an error message string, which, at leas on macOS, is extremely technical, but does mention the name of the procedure.)

But we don't distribute our own Wireshark. We only distribute our plugin dlls and let our users install the latest version from Wireshark.

This means that users not running Windows won't be able to use your plugin. If you make the source code to your plugin available, that would allow users not running Windows to build it (again, using the source to the version of Wireshark that they're using) and use it.

(Note that the GNU Public License version 2, which is the license under which Wireshark is distributed, requires you to make source to your plugin available to ... (more)

edit flag offensive delete link more

Comments

Thank you for your response. You were correct. I was using the snapshot of the current under-development source and I needed to be using the 4.0.3 source. All of my plugins now work with Wireshark 4.0.3.

jlshuman1961 gravatar imagejlshuman1961 ( 2023-03-02 15:49:28 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2023-02-28 18:54:18 +0000

Seen: 1,030 times

Last updated: Mar 01 '23