Ask Your Question
0

Having issues with hex data and endianness

asked 2023-04-16 20:29:10 +0000

Rex555 gravatar image

I am taking hex bytes out of a buffer and trying to display them (it's a ID string in hex). I can get the data using

    USID = ProtoField.string("myproto.USID", "usidVersion")
function myproto_protocol.dissector(buffer, pinfo, tree)
    local subtree = tree:add(myproto_protocol, buffer(), "myproto Protocol Data")
    local headerSubtree = subtree:add(myproto_protocol, buffer(), "Header")
    headerSubtree:add_le(myproto_protocol.fields["USID"],         buffer:bytes(2,8):tohex())

However the displayed info is still not in little endian. I have tried using a bytes ProtoField as well with less success displaying the data. I am sure I am missing something simple but I have not messed with hex fields and Little Endian much

edit retag flag offensive close merge delete

Comments

What do you mean by an "ID string"?

Is it a character string?

Is it a fixed-length number, from 2 to 8 bytes, to display in hex?

Or is it a variable-length array of bytes?

Guy Harris gravatar imageGuy Harris ( 2023-04-16 21:23:00 +0000 )edit
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2023-04-16 22:11:24 +0000

Chuckc gravatar image

updated 2023-04-16 22:30:35 +0000

From the WSDG:

11.7.2.1. treeitem:add_le([protofield], [tvbrange], [value], [label])
If the ProtoField represents a numeric value (int, uint or float), then it’s treated as a Little Endian value.

You will need to build the string then add it to the tree.

            subtree:add(pf.payload, tvb:range(2,8):le_uint64():tohex())

headerSubtree:add(myproto_protocol.fields["USID"], buffer:range(2,8):le_uint64():tohex())
edit flag offensive delete link more

Comments

THANK YOU!! I had been trying various incantations but the :le_int64() was the missing piece!

Rex555 gravatar imageRex555 ( 2023-04-16 22:53:33 +0000 )edit

At this site we don't close answered questions, instead the most suitable answer is "accepted" by clicking the checkbox icon next to the answer.

grahamb gravatar imagegrahamb ( 2023-04-17 09:16:51 +0000 )edit

Gotcha, I did not see that icon (I did look for it) the only thing I was able to do was close as answered, will do better in future

Rex555 gravatar imageRex555 ( 2023-04-17 21:45:46 +0000 )edit

No worries, at least you attempted to acknowledge the help given by others, unfortunately that often isn't the case.

grahamb gravatar imagegrahamb ( 2023-04-18 09:45:43 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2023-04-16 20:29:10 +0000

Seen: 152 times

Last updated: Apr 16 '23

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2