Ask Your Question
0

Windows wireshark custom plugin loading error

asked 2024-07-16 00:33:19 +0000

Tlin gravatar image

updated 2024-07-18 00:12:00 +0000

I developed a custom wireshark dissector plugin on linux debian on wireshark 4.2.5 (also working on 4.2.6) which is working completely fine. However, when I try to use the source code from this plugin and do a custom build on Windows 11 wireshark 4.3.0 (following the documentation instructions to build from VS Code), I get the following error:

Couldn't load plugin 'wibotic.dll': 'C:
\Development\wsbuild64\run\RelWithDebInfo\plugins\4.3\epan\wibotic.dll':
The specified module could not be found.

The file exists at the above file path, so I'm not sure why it can't load it. For reference, I changed the top-level CMakeLists.txt and custom_plugins.txt files in accordance with the README.plugins. I also changed plugins.wxi, adding my custom plugin after the comments. Any help would be greatly appreciated!

Info about the build and runtime environment:

Version 4.3.0-Wibotic (v4.3.0rc1-234-g40da1d487563).

Copyright 1998-2024 Gerald Combs <[email protected]> and contributors.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.40, build 33811), with GLib 2.78.4, with Qt 6.6.3, with libpcap, with zlib 1.3.1, with zlib-ng 2.1.5, with PCRE2, with Lua 5.4.6 (with UfW patches), with GnuTLS 3.8.4 and PKCS #11 support, with Gcrypt 1.10.2-unknown, with Kerberos (MIT), with MaxMind, with nghttp2 1.61.0, with nghttp3 1.0.0, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.11.7, with libsmi 0.5.0, with QtMultimedia, with automatic updates using WinSparkle 0.8.0, with AirPcap, with Minizip, with binary plugins.

Running on 64-bit Windows 11 (23H2), build 22631, with Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz (with SSE4.2), with 7608 MB of physical memory, with GLib 2.78.4, with Qt 6.6.3, with Npcap version 1.79, based on libpcap version 1.10.4, with PCRE2 10.43 2024-02-16, with c-ares 1.27.0, with GnuTLS 3.8.4, with Gcrypt 1.10.2-unknown, with nghttp2 1.61.0, with nghttp3 1.0.0, with brotli 1.0.9, with LZ4 1.9.3, with Zstandard 1.5.2, without AirPcap, with light display mode, without HiDPI, with QPA plugin "windows", with LC_TYPE=English_United States.utf8, binary plugins supported.

Check the man page and www.wireshark.org for more information.
/* packet-wibotic.c
 *
 * Routines for WiBotic protocol packet dissection
 * By Tong Lin <[email protected]>
 *
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs ...
(more)
edit retag flag offensive close merge delete

Comments

This used to occur if folks mixed up x64 and x86 builds in the same build directory. As we don't build x86 now this should be less likely.

I would delete the \Development\wsbuild64 directory and create a new one and run the cmake .. msbuild steps again.

You also mention VS Code build docs, what are they? The Wireshark Developers Guide uses command line builds and note the warning in that doc about deviating from that process.

grahamb gravatar imagegrahamb ( 2024-07-16 08:42:33 +0000 )edit

7623: Couldn't load module..The specified module could not be found
The question was closed, not answered but the discussion may help.

(link to doc/README.plugins)

a custom build on Windows 11


19651: Out-of-tree wiretap plugin include errors
Are you doing a full build of Wireshark or just building the plugin?

Chuckc gravatar imageChuckc ( 2024-07-16 12:45:51 +0000 )edit

16315: Wireshark problem with TI dissectors

From README.plugins:

Plugins need exactly four visible symbols: plugin_version, plugin_want_major, plugin_want_minor and plugin_register.

Was the source updated when moving from the 4.2.x systems to 4.3.0 system?

a custom wireshark dissector plugin on linux debian on wireshark 4.2.5 (also working on 4.2.6)
a custom build on Windows 11 wireshark 4.3.0

Chuckc gravatar imageChuckc ( 2024-07-16 12:52:37 +0000 )edit

@grahamb I am building using the command line following the instructions found here: https://www.wireshark.org/docs/wsdg_h... I believe this means that I'm using the correct compiler (MSVC 19.40.33811.0). I am also building for x64

@Chuckc I am doing a full build of wireshark with the hope of being able to create a Wireshark Installer. Rebuilding gives the same error.

The source was not updated when moving from systems. I tried to update it according to plugins.example, but that just gave me errors saying that plugin_version, plugin_want_major, etc were already defined. Also, there is something in the CMakeLists.txt in my plugin folder that says:

# Plugin name and version info (major minor micro extra)
set module info (wibotic 0 0 4 0)

This is the same as the gryphon plugin, which does not have any errors. Is there anywhere else I need to ...(more)

Tlin gravatar imageTlin ( 2024-07-16 17:43:22 +0000 )edit

set module info() sets the plugin version.
plugin_want_major and plugin_want_minor are the Wireshark version required to run and should be set by the build process.
Can you update the question with output of wireshark -v or Help->About Wireshark:Wireshark.
That will include info about the build environment and the runtime environment.

Chuckc gravatar imageChuckc ( 2024-07-16 18:41:10 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-07-18 02:54:38 +0000

Chuckc gravatar image
#include <python.h>

I think this isn't a Wireshark issue but rather how the Python libraries are going to be linked in or path to a python .dll if needed at run time. Rather than trying to get the full dissector code to compile/link/run, try adding pieces to the working packet-foo.c until it breaks. Getting the code in proto_reg_handoff_wibotic(void) (renamed to proto_reg_handoff_foo(void)) working would be a big step forward.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-07-16 00:33:19 +0000

Seen: 523 times

Last updated: Jul 18