This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Error while dissecting the packet with my dissector on existing wireshark

0

I've developed one wireshark dissector as a plugin .I've one pcap file for my protocol. It's working fine and correctly dissecting the packet with the compiled version of wireshark. I've got the .dll file for that protocol.

Now i downloaded the wireshark version (1.12.5) . And placed my protocolname.dll file to

C:\Program Files\Wireshark\plugins\1.12.5
Now when i run the wireshark with the captured file it shows the following error .

[Dissector bug, protocol FOO: proto.c:2983: failed assertion "hfinfo->type == FT_STRING || hfinfo->type == FT_STRINGZ || hfinfo->type == FT_STRINGZPAD"]
Expert Info (Error/Malformed): proto.c:2983: failed assertion "hfinfo->type == FT_STRING || hfinfo->type == FT_STRINGZ || hfinfo->type == FT_STRINGZPAD"

It's correctly dissecting with the compiled version of wireshark (where i was developing) but not in the Downloaded version .why ?

asked 10 Jun '15, 04:58

Sammee%20Sharma's gravatar image

Sammee Sharma
314610
accept rate: 100%

What version is your development copy of Wireshark that you used to compile the plugin?

(10 Jun '15, 05:04) grahamb ♦

@grahamb sir, it's 1.99.6[SVN Rev ] (i think it's automatically generated when u try to build the wireshark right?)

(10 Jun '15, 05:40) Sammee Sharma

One Answer:

2

Plugins are not binary compatible across versions. You must build your plugin for 1.2.x, ideally using the sources in the master-1.12 branch.

In addition for Windows, the plugin should also be compiled with the same version of MSVC as used for the target Wireshark to eliminate issues with different C runtime versions.

answered 10 Jun '15, 05:55

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

so i should download the source code from master 1.12 branch and build the wireshark with this source file ? can you tell me about the version of msvc used for 1.12 version ?

(10 Jun '15, 06:02) Sammee Sharma
1

If you use git as per the Developers Guide then it's as simple as git co master-1.12. This will change your working copy to the head of the 1.12 branch.

If using nmake for an in-tree build, you should "clean" up your working copy before checking out the older branch; nmake -f Makefile.nmake distclean to clear up any build artefacts from the development build.

(10 Jun '15, 06:56) grahamb ♦

I've downloaded as zip file from github with branch as : master-1.12 and then extracted it. would there be any problem ?

(10 Jun '15, 07:06) Sammee Sharma
1

None I can think of, apart from the fact that if you want to later build with a slightly newer version of master-1.12 you'll have to download the zip, unpack it, re-apply your changes on top of it, and then build.

Much easier using git, you can then keep your changes in their own branch and rebase them to bring in master-1.12 updates very simply.

(10 Jun '15, 07:21) grahamb ♦
1

And for reference, Wireshark 1.12.X releases are officially built with MSVC 2010.

(10 Jun '15, 07:50) Pascal Quantin

Yep, I forgot that bit, if you check the "About Wireshark" dialog, it will show which toolchain was used to build it.

(10 Jun '15, 08:15) grahamb ♦
showing 5 of 6 show 1 more comments