前言
断断续续的再看wireshark插件和wireshark解析器的代码。
今天做了实验, 如何在wireshark代码上新增一个wireshark插件。
有时做实验,该看的文档都看完了,感觉还不对,墨墨迹迹的不想动手,只能在心里琢磨,也不知道在琢磨什么…:(
等感觉对了,再做实验,心情很放松, 实验也做的很快。
因为插件代码少了,只能将插件加入wireshark插件体系, 但是解析具体应用层协议时(不管是啥应用层协议,都当作foo协议来解析),选择 Decode as foo, 会崩溃的,还需要按照 wireshark\doc\README.dissector 的指南,增加更多的代码。
解析器代码不全时,报错代码片如下.
handle->dissector 为 NULL, 调用解析器回调指针时报错。
说明解析器回调指针没注册引起的.
/* This function will return
* old style dissector :
* length of the payload or 1 of the payload is empty
* new dissector :
* >0 this protocol was successfully dissected and this was this protocol.
* 0 this packet did not match this protocol.
*
* The only time this function will return 0 is if it is a new style dissector
* and if the dissector rejected the packet.
*/
static int
call_dissector_through_handle(dissector_handle_t handle, tvbuff_t *tvb,
packet_info *pinfo, proto_tree *tree, void *data)
{
const char *saved_proto;
int len;
saved_proto = pinfo->current_proto;
if ((handle->protocol != NULL) && (!proto_is_pino(handle->protocol))) {
pinfo->current_proto =
proto_get_protocol_short_name(handle->protocol);
}
len = (*handle->dissector)(tvb, pinfo, tree, data);
pinfo->current_proto = saved_proto;
return len;
}
本实验的目的是增加一个合法的wireshark插件,只要能被wireshark载入,实验目的就达到了
先安装一个和源码配套的wireshark安装包(e.g. Wireshark-win64-2.4.2.msi),然后将新编译releasex64的插件丢进入C:\Program Files\Wireshark\plugins\2.4.2.0.
打开wireshark, 在显示过滤器里面输入foo, 如果显示的是绿色,说明新增的插件载入成功. 我这是成功的。开始编译的是debug-x64版本,丢进插件目录,载入失败, 报错信息是乱码。想起真机上并没有装QT(没有QT版的DebugDLL), 就再编译release-x64, 这次插件载入成功了。
实验
拷贝插件模板并修改
先将C:\Development\wireshark\plugins\gryphon作为模板(用C:\Development\wireshark\plugins\其他插件做模板也是可以的),将文件拷贝到C:\Development\wireshark\plugins\foo,再修改成foo版本,将不用的代码都删掉,只留初始化的代码(只保留最基本的代码,只要注册插件的代码在就行)。
C:\Development\wireshark\plugins\foo>tree /F
文件夹 PATH 列表
卷序列号为 82BE-4BEF
C:.
AUTHORS
ChangeLog
CMakeLists.txt
COPYING
Makefile.am
moduleinfo.h
packet-foo.c
packet-foo.h
plugin.c
plugin.rc.in修改配置文件
这一步,参考wireshark\doc\README.plugins,步骤还挺多的。实验成功后,用svn做了一个patch文件, 这比用文字描述要清楚专业的多。看了网上同学写的修改wireshark配置文件的文章,无论看中国同学还是外国同学写的都感到乱。
patch文件的好处是,只要修改前的顶层文件夹归档到了svn, svn提供了应用补丁的功能,指定补丁文件,指定补丁到的顶层文件夹, 直接打补丁就一步到位。
patch输出文件的含义可以参考svn patch 文件输出格式的含义
看懂了patch文件的格式,不用svn打补丁,自己手工打补丁也是很快的。
patch文件下载点:wireshark_foo_plugin_2018_0706_1607.patch
Index: CMakeLists.txt
===================================================================
--- CMakeLists.txt (revision 1)
+++ CMakeLists.txt (working copy)
@@ -1271,6 +1271,7 @@
set(PLUGIN_SRC_DIRS
plugins/docsis
plugins/ethercat
+ plugins/foo
plugins/gryphon
plugins/irda
plugins/m2m
Index: configure.ac
===================================================================
--- configure.ac (revision 1)
+++ configure.ac (working copy)
@@ -3012,6 +3012,7 @@
plugins/docsis/Makefile
plugins/easy_codec/Makefile
plugins/ethercat/Makefile
+ plugins/foo/Makefile
plugins/gryphon/Makefile
plugins/irda/Makefile
plugins/m2m/Makefile
Index: epan/Makefile.am
===================================================================
--- epan/Makefile.am (revision 1)
+++ epan/Makefile.am (working copy)
@@ -479,6 +479,8 @@
../plugins/ethercat/packet-ioraw.c \
../plugins/ethercat/packet-nv.c \
../plugins/ethercat/plugin.c \
+ ../plugins/foo/packet-foo.c \
+ ../plugins/foo/plugin.c \
../plugins/gryphon/packet-gryphon.c \
../plugins/gryphon/plugin.c \
../plugins/irda/packet-ircomm.c \
Index: Makefile.am
===================================================================
--- Makefile.am (revision 1)
+++ Makefile.am (working copy)
@@ -354,6 +354,7 @@
plugin_ldadd = $(_CUSTOM_plugin_ldadd_) \
-dlopen plugins/docsis/docsis.la \
-dlopen plugins/ethercat/ethercat.la \
+ -dlopen plugins/foo/foo.la \
-dlopen plugins/gryphon/gryphon.la \
-dlopen plugins/irda/irda.la \
-dlopen plugins/m2m/m2m.la \
Index: packaging/nsis/wireshark.nsi
===================================================================
--- packaging/nsis/wireshark.nsi (revision 1)
+++ packaging/nsis/wireshark.nsi (working copy)
@@ -1008,6 +1008,7 @@
SetOutPath '$INSTDIR\plugins\${VERSION}'
File "${STAGING_DIR}\plugins\docsis.dll"
File "${STAGING_DIR}\plugins\ethercat.dll"
+File "${STAGING_DIR}\plugins\foo.dll"
File "${STAGING_DIR}\plugins\gryphon.dll"
File "${STAGING_DIR}\plugins\irda.dll"
File "${STAGING_DIR}\plugins\m2m.dll"
Index: plugins/foo/AUTHORS
===================================================================
--- plugins/foo/AUTHORS (nonexistent)
+++ plugins/foo/AUTHORS (working copy)
@@ -0,0 +1,2 @@
+// @file AUTHORS
+// @note this file not allow empty
Index: plugins/foo/CMakeLists.txt
===================================================================
--- plugins/foo/CMakeLists.txt (nonexistent)
+++ plugins/foo/CMakeLists.txt (working copy)
@@ -0,0 +1,83 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <[email protected]>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+include(WiresharkPlugin)
+
+# Plugin name and version info (major minor micro extra)
+set_module_info(foo 1 0 1 1)
+
+set(DISSECTOR_SRC
+ packet-foo.c
+)
+
+set(PLUGIN_FILES
+ plugin.c
+ ${DISSECTOR_SRC}
+)
+
+set(CLEAN_FILES
+ ${PLUGIN_FILES}
+)
+
+set_source_files_properties(
+ ${CLEAN_FILES}
+ PROPERTIES
+ COMPILE_FLAGS "${WERROR_COMMON_FLAGS}"
+)
+
+include_directories(${CMAKE_CURRENT_SOURCE_DIR})
+
+register_dissector_files(plugin.c
+ plugin
+ ${DISSECTOR_SRC}
+)
+
+add_plugin_library(foo)
+
+install(TARGETS foo
+ LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}/${CPACK_PACKAGE_NAME}/plugins/${CPACK_PACKAGE_VERSION} NAMELINK_SKIP
+ RUNTIME DESTINATION ${CMAKE_INSTALL_LIBDIR}/${CPACK_PACKAGE_NAME}/plugins/${CPACK_PACKAGE_VERSION}
+ ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}/${CPACK_PACKAGE_NAME}/plugins/${CPACK_PACKAGE_VERSION}
+)
+
+file(GLOB DISSECTOR_HEADERS RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" "*.h")
+CHECKAPI(
+ NAME
+ foo
+ SWITCHES
+ -g abort -g termoutput -build
+ SOURCES
+ ${DISSECTOR_SRC}
+ ${DISSECTOR_HEADERS}
+)
+
+#
+# Editor modelines - http://www.wireshark.org/tools/modelines.html
+#
+# Local variables:
+# c-basic-offset: 8
+# tab-width: 8
+# indent-tabs-mode: t
+# End:
+#
+# vi: set shiftwidth=8 tabstop=8 noexpandtab:
+# :indentSize=8:tabSize=8:noTabs=false:
+#
Index: plugins/foo/COPYING
===================================================================
--- plugins/foo/COPYING (nonexistent)
+++ plugins/foo/COPYING (working copy)
@@ -0,0 +1,2 @@
+// @file COPYING
+// @note this file not allow empty
Index: plugins/foo/ChangeLog
===================================================================
--- plugins/foo/ChangeLog (nonexistent)
+++ plugins/foo/ChangeLog (working copy)
@@ -0,0 +1,2 @@
+// @file ChangeLog
+// @note this file not allow empty
Index: plugins/foo/Makefile.am
===================================================================
--- plugins/foo/Makefile.am (nonexistent)
+++ plugins/foo/Makefile.am (working copy)
@@ -0,0 +1,68 @@
+# Makefile.am
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <[email protected]>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+include $(top_srcdir)/Makefile.am.inc
+include ../Makefile.am.inc
+
+# the name of the plugin
+PLUGIN_NAME = foo
+
+# Non-generated sources to be scanned for registration routines
+NONGENERATED_REGISTER_C_FILES = \
+ packet-foo.c
+
+# Non-generated sources
+NONGENERATED_C_FILES = \
+ $(NONGENERATED_REGISTER_C_FILES)
+
+# Headers.
+CLEAN_HEADER_FILES = \
+ packet-foo.h
+
+HEADER_FILES = \
+ $(CLEAN_HEADER_FILES)
+
+plugin_LTLIBRARIES = foo.la
+
+foo_la_SOURCES = \
+ plugin.c \
+ moduleinfo.h \
+ $(SRC_FILES) \
+ $(HEADER_FILES)
+
+foo_la_CPPFLAGS = $(AM_CPPFLAGS) $(PLUGIN_CPPFLAGS)
+
+foo_la_CFLAGS = $(AM_CFLAGS) $(PLUGIN_CFLAGS)
+
+foo_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+
+CLEANFILES = \
+ foo \
+ *~
+
+DISTCLEANFILES = \
+ plugin.c
+
+MAINTAINERCLEANFILES = \
+ Makefile.in
+
+EXTRA_DIST = \
+ plugin.rc.in \
+ CMakeLists.txt
Index: plugins/foo/moduleinfo.h
===================================================================
--- plugins/foo/moduleinfo.h (nonexistent)
+++ plugins/foo/moduleinfo.h (working copy)
@@ -0,0 +1,40 @@
+/* moduleinfo.h
+ *
+ * Module info header for wireshark plugins.
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <[email protected]>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* Included *after* config.h, in order to re-define these macros */
+
+#ifdef PACKAGE
+#undef PACKAGE
+#endif
+
+/* Name of package */
+#define PACKAGE "foo"
+
+
+#ifdef VERSION
+#undef VERSION
+#endif
+
+/* Version number of package */
+#define VERSION "0.0.4"
+
Index: plugins/foo/packet-foo.c
===================================================================
--- plugins/foo/packet-foo.c (nonexistent)
+++ plugins/foo/packet-foo.c (working copy)
@@ -0,0 +1,41 @@
+// @file packet-foo.c
+// @ref http://www.dgtech.com/foo/sys/www/docs/html/
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/prefs.h>
+#include <epan/dissectors/packet-tcp.h>
+#include "packet-foo.h"
+
+void proto_register_foo(void);
+void proto_reg_handoff_foo(void);
+
+#define foo_TCP_PORT 7000 /* Not IANA registed */
+
+static dissector_t dissect_foo = NULL;
+static int proto_foo = -1;
+
+void proto_register_foo(void)
+{
+ // first entry proto_register_foo
+ // then entry proto_reg_handoff_foo
+
+ module_t *foo_module = NULL;
+
+ proto_foo = proto_register_protocol("foo Protocol", "foo", "foo");
+ foo_module = prefs_register_protocol(proto_foo, NULL);
+
+ // @note
+ // when Decode as ... => foo => ok
+ // will be crash on call_dissector_through_handle
+ // please see wireshark\doc\README.dissector, add more code
+}
+
+void proto_reg_handoff_foo(void)
+{
+ dissector_handle_t foo_handle = NULL;
+
+ foo_handle = create_dissector_handle(dissect_foo, proto_foo);
+ dissector_add_uint_with_preference("tcp.port", foo_TCP_PORT, foo_handle);
+}
Index: plugins/foo/packet-foo.h
===================================================================
--- plugins/foo/packet-foo.h (nonexistent)
+++ plugins/foo/packet-foo.h (working copy)
@@ -0,0 +1 @@
+// @file packet-foo.h
Index: plugins/foo/plugin.c
===================================================================
--- plugins/foo/plugin.c (nonexistent)
+++ plugins/foo/plugin.c (working copy)
@@ -0,0 +1,40 @@
+/*
+ * Do not modify this file. Changes will be overwritten.
+ *
+ * Generated automatically from ../../tools/make-dissector-reg.py.
+ */
+
+#include "config.h"
+
+#include <gmodule.h>
+
+#include "moduleinfo.h"
+
+/* plugins are DLLs */
+#define WS_BUILD_DLL
+#include "ws_symbol_export.h"
+
+#ifndef ENABLE_STATIC
+WS_DLL_PUBLIC_DEF void plugin_register (void);
+WS_DLL_PUBLIC_DEF const gchar version[] = VERSION;
+
+extern void proto_register_foo(void);
+
+/* Start the functions we need for the plugin stuff */
+
+WS_DLL_PUBLIC_DEF void
+plugin_register (void)
+{
+ proto_register_foo();
+}
+
+extern void proto_reg_handoff_foo(void);
+
+WS_DLL_PUBLIC_DEF void plugin_reg_handoff(void);
+
+WS_DLL_PUBLIC_DEF void
+plugin_reg_handoff(void)
+{
+ proto_reg_handoff_foo();
+}
+#endif
Index: plugins/foo/plugin.rc.in
===================================================================
--- plugins/foo/plugin.rc.in (nonexistent)
+++ plugins/foo/plugin.rc.in (working copy)
@@ -0,0 +1,34 @@
+#include "winver.h"
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION @RC_MODULE_VERSION@
+ PRODUCTVERSION @RC_VERSION@
+ FILEFLAGSMASK 0x0L
+#ifdef _DEBUG
+ FILEFLAGS VS_FF_DEBUG
+#else
+ FILEFLAGS 0
+#endif
+ FILEOS VOS_NT_WINDOWS32
+ FILETYPE VFT_DLL
+BEGIN
+ BLOCK "StringFileInfo"
+ BEGIN
+ BLOCK "040904b0"
+ BEGIN
+ VALUE "CompanyName", "The Wireshark developer community, http://www.wireshark.org/\0"
+ VALUE "FileDescription", "@PACKAGE@ dissector\0"
+ VALUE "FileVersion", "@MODULE_VERSION@\0"
+ VALUE "InternalName", "@PACKAGE@ @MODULE_VERSION@\0"
+ VALUE "LegalCopyright", "Copyright ?1998 Gerald Combs <[email protected]>, Gilbert Ramirez <[email protected]> and others\0"
+ VALUE "OriginalFilename", "@[email protected]\0"
+ VALUE "ProductName", "Wireshark\0"
+ VALUE "ProductVersion", "@VERSION@\0"
+ VALUE "Comments", "Built with @MSVC_VARIANT@\0"
+ END
+ END
+ BLOCK "VarFileInfo"
+ BEGIN
+ VALUE "Translation", 0x409, 1200
+ END
+END
Index: plugins/foo/AUTHORS
===================================================================
--- plugins/foo/AUTHORS (nonexistent)
+++ plugins/foo/AUTHORS (working copy)
@@ -0,0 +1,2 @@
+// @file AUTHORS
+// @note this file not allow empty
Index: plugins/foo/ChangeLog
===================================================================
--- plugins/foo/ChangeLog (nonexistent)
+++ plugins/foo/ChangeLog (working copy)
@@ -0,0 +1,2 @@
+// @file ChangeLog
+// @note this file not allow empty
Index: plugins/foo/CMakeLists.txt
===================================================================
--- plugins/foo/CMakeLists.txt (nonexistent)
+++ plugins/foo/CMakeLists.txt (working copy)
@@ -0,0 +1,83 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <[email protected]>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+include(WiresharkPlugin)
+
+# Plugin name and version info (major minor micro extra)
+set_module_info(foo 1 0 1 1)
+
+set(DISSECTOR_SRC
+ packet-foo.c
+)
+
+set(PLUGIN_FILES
+ plugin.c
+ ${DISSECTOR_SRC}
+)
+
+set(CLEAN_FILES
+ ${PLUGIN_FILES}
+)
+
+set_source_files_properties(
+ ${CLEAN_FILES}
+ PROPERTIES
+ COMPILE_FLAGS "${WERROR_COMMON_FLAGS}"
+)
+
+include_directories(${CMAKE_CURRENT_SOURCE_DIR})
+
+register_dissector_files(plugin.c
+ plugin
+ ${DISSECTOR_SRC}
+)
+
+add_plugin_library(foo)
+
+install(TARGETS foo
+ LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}/${CPACK_PACKAGE_NAME}/plugins/${CPACK_PACKAGE_VERSION} NAMELINK_SKIP
+ RUNTIME DESTINATION ${CMAKE_INSTALL_LIBDIR}/${CPACK_PACKAGE_NAME}/plugins/${CPACK_PACKAGE_VERSION}
+ ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}/${CPACK_PACKAGE_NAME}/plugins/${CPACK_PACKAGE_VERSION}
+)
+
+file(GLOB DISSECTOR_HEADERS RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" "*.h")
+CHECKAPI(
+ NAME
+ foo
+ SWITCHES
+ -g abort -g termoutput -build
+ SOURCES
+ ${DISSECTOR_SRC}
+ ${DISSECTOR_HEADERS}
+)
+
+#
+# Editor modelines - http://www.wireshark.org/tools/modelines.html
+#
+# Local variables:
+# c-basic-offset: 8
+# tab-width: 8
+# indent-tabs-mode: t
+# End:
+#
+# vi: set shiftwidth=8 tabstop=8 noexpandtab:
+# :indentSize=8:tabSize=8:noTabs=false:
+#
Index: plugins/foo/COPYING
===================================================================
--- plugins/foo/COPYING (nonexistent)
+++ plugins/foo/COPYING (working copy)
@@ -0,0 +1,2 @@
+// @file COPYING
+// @note this file not allow empty
Index: plugins/foo/Makefile.am
===================================================================
--- plugins/foo/Makefile.am (nonexistent)
+++ plugins/foo/Makefile.am (working copy)
@@ -0,0 +1,68 @@
+# Makefile.am
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <[email protected]>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+include $(top_srcdir)/Makefile.am.inc
+include ../Makefile.am.inc
+
+# the name of the plugin
+PLUGIN_NAME = foo
+
+# Non-generated sources to be scanned for registration routines
+NONGENERATED_REGISTER_C_FILES = \
+ packet-foo.c
+
+# Non-generated sources
+NONGENERATED_C_FILES = \
+ $(NONGENERATED_REGISTER_C_FILES)
+
+# Headers.
+CLEAN_HEADER_FILES = \
+ packet-foo.h
+
+HEADER_FILES = \
+ $(CLEAN_HEADER_FILES)
+
+plugin_LTLIBRARIES = foo.la
+
+foo_la_SOURCES = \
+ plugin.c \
+ moduleinfo.h \
+ $(SRC_FILES) \
+ $(HEADER_FILES)
+
+foo_la_CPPFLAGS = $(AM_CPPFLAGS) $(PLUGIN_CPPFLAGS)
+
+foo_la_CFLAGS = $(AM_CFLAGS) $(PLUGIN_CFLAGS)
+
+foo_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+
+CLEANFILES = \
+ foo \
+ *~
+
+DISTCLEANFILES = \
+ plugin.c
+
+MAINTAINERCLEANFILES = \
+ Makefile.in
+
+EXTRA_DIST = \
+ plugin.rc.in \
+ CMakeLists.txt
Index: plugins/foo/moduleinfo.h
===================================================================
--- plugins/foo/moduleinfo.h (nonexistent)
+++ plugins/foo/moduleinfo.h (working copy)
@@ -0,0 +1,40 @@
+/* moduleinfo.h
+ *
+ * Module info header for wireshark plugins.
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <[email protected]>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* Included *after* config.h, in order to re-define these macros */
+
+#ifdef PACKAGE
+#undef PACKAGE
+#endif
+
+/* Name of package */
+#define PACKAGE "foo"
+
+
+#ifdef VERSION
+#undef VERSION
+#endif
+
+/* Version number of package */
+#define VERSION "0.0.4"
+
Index: plugins/foo/packet-foo.c
===================================================================
--- plugins/foo/packet-foo.c (nonexistent)
+++ plugins/foo/packet-foo.c (working copy)
@@ -0,0 +1,41 @@
+// @file packet-foo.c
+// @ref http://www.dgtech.com/foo/sys/www/docs/html/
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/prefs.h>
+#include <epan/dissectors/packet-tcp.h>
+#include "packet-foo.h"
+
+void proto_register_foo(void);
+void proto_reg_handoff_foo(void);
+
+#define foo_TCP_PORT 7000 /* Not IANA registed */
+
+static dissector_t dissect_foo = NULL;
+static int proto_foo = -1;
+
+void proto_register_foo(void)
+{
+ // first entry proto_register_foo
+ // then entry proto_reg_handoff_foo
+
+ module_t *foo_module = NULL;
+
+ proto_foo = proto_register_protocol("foo Protocol", "foo", "foo");
+ foo_module = prefs_register_protocol(proto_foo, NULL);
+
+ // @note
+ // when Decode as ... => foo => ok
+ // will be crash on call_dissector_through_handle
+ // please see wireshark\doc\README.dissector, add more code
+}
+
+void proto_reg_handoff_foo(void)
+{
+ dissector_handle_t foo_handle = NULL;
+
+ foo_handle = create_dissector_handle(dissect_foo, proto_foo);
+ dissector_add_uint_with_preference("tcp.port", foo_TCP_PORT, foo_handle);
+}
Index: plugins/foo/packet-foo.h
===================================================================
--- plugins/foo/packet-foo.h (nonexistent)
+++ plugins/foo/packet-foo.h (working copy)
@@ -0,0 +1 @@
+// @file packet-foo.h
Index: plugins/foo/plugin.c
===================================================================
--- plugins/foo/plugin.c (nonexistent)
+++ plugins/foo/plugin.c (working copy)
@@ -0,0 +1,40 @@
+/*
+ * Do not modify this file. Changes will be overwritten.
+ *
+ * Generated automatically from ../../tools/make-dissector-reg.py.
+ */
+
+#include "config.h"
+
+#include <gmodule.h>
+
+#include "moduleinfo.h"
+
+/* plugins are DLLs */
+#define WS_BUILD_DLL
+#include "ws_symbol_export.h"
+
+#ifndef ENABLE_STATIC
+WS_DLL_PUBLIC_DEF void plugin_register (void);
+WS_DLL_PUBLIC_DEF const gchar version[] = VERSION;
+
+extern void proto_register_foo(void);
+
+/* Start the functions we need for the plugin stuff */
+
+WS_DLL_PUBLIC_DEF void
+plugin_register (void)
+{
+ proto_register_foo();
+}
+
+extern void proto_reg_handoff_foo(void);
+
+WS_DLL_PUBLIC_DEF void plugin_reg_handoff(void);
+
+WS_DLL_PUBLIC_DEF void
+plugin_reg_handoff(void)
+{
+ proto_reg_handoff_foo();
+}
+#endif
Index: plugins/foo/plugin.rc.in
===================================================================
--- plugins/foo/plugin.rc.in (nonexistent)
+++ plugins/foo/plugin.rc.in (working copy)
@@ -0,0 +1,34 @@
+#include "winver.h"
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION @RC_MODULE_VERSION@
+ PRODUCTVERSION @RC_VERSION@
+ FILEFLAGSMASK 0x0L
+#ifdef _DEBUG
+ FILEFLAGS VS_FF_DEBUG
+#else
+ FILEFLAGS 0
+#endif
+ FILEOS VOS_NT_WINDOWS32
+ FILETYPE VFT_DLL
+BEGIN
+ BLOCK "StringFileInfo"
+ BEGIN
+ BLOCK "040904b0"
+ BEGIN
+ VALUE "CompanyName", "The Wireshark developer community, http://www.wireshark.org/\0"
+ VALUE "FileDescription", "@PACKAGE@ dissector\0"
+ VALUE "FileVersion", "@MODULE_VERSION@\0"
+ VALUE "InternalName", "@PACKAGE@ @MODULE_VERSION@\0"
+ VALUE "LegalCopyright", "Copyright ?1998 Gerald Combs <[email protected]>, Gilbert Ramirez <[email protected]> and others\0"
+ VALUE "OriginalFilename", "@[email protected]\0"
+ VALUE "ProductName", "Wireshark\0"
+ VALUE "ProductVersion", "@VERSION@\0"
+ VALUE "Comments", "Built with @MSVC_VARIANT@\0"
+ END
+ END
+ BLOCK "VarFileInfo"
+ BEGIN
+ VALUE "Translation", 0x409, 1200
+ END
+END
Index: plugins/Makefile.am
===================================================================
--- plugins/Makefile.am (revision 1)
+++ plugins/Makefile.am (working copy)
@@ -25,6 +25,7 @@
docsis \
easy_codec \
ethercat \
+ foo \
gryphon \
irda \
m2m \
编译wireshark全部工程
将C:\Development\wsbuild32目录的内容删掉,重新编译。
wireshark 2.4.2
open vs2015 cmd line
cd c:\Development
call env.bat
cd wsbuild32
cmake -DENABLE_CHM_GUIDES=on -G "Visual Studio 14 2015 Win64" ..\wireshark@echo off
rem @file env.bat
rem Let CMake determine the library download directory name under
rem WIRESHARK_BASE_DIR or set it explicitly by using WIRESHARK_LIB_DIR.
rem Set *one* of these.
set WIRESHARK_BASE_DIR=C:\Development
rem set WIRESHARK_LIB_DIR=c:\wireshark-win64-libs
rem Set the Qt installation directory
rem set QT5_BASE_DIR=C:\Qt\5.9.1\msvc2015_64
set QT5_BASE_DIR=C:\Qt\Qt5.9.3\5.9.3\msvc2015_64
rem Append a custom string to the package version. Optional.
set WIRESHARK_VERSION_EXTRA=-LsBuild
rem Chocolatey installs Cygwin in an odd location
rem set WIRESHARK_CYGWIN_INSTALL_PATH=C:\ProgramData\chocolatey\lib\Cygwin\tools\cygwin
set WIRESHARK_CYGWIN_INSTALL_PATH=C:\cygwin64打开C:\Development\wsbuild32\Wireshark.sln, 先运行ALL_BUILD工程,会将C:\Development\wsbuild32\run下的依赖dll都build或拷贝过来,否则wireshark编译完了,也会因为缺少运行时dll, 而不能运行。
然后再编译Wireshark工程和foo插件工程,都编译过了,就可以在foo工程中下断点,跑起wireshark工程,随便抓个包,将tcp协议之上的应用层协议的包,用右击 => Decode as … => 选择应用层协议的端口(不能是tcp, 必须是具体的协议) + foo协议 => 确定,就可以调试foo插件代码了。
因为代码加少了,Decode as foo时,会崩溃(看到崩溃处的解析器指针为空), 正好可以继续看wireshark\doc\README.dissector,做后续的实验, 包分析,UI展现。
如果一个实验,就那么顺利的就做完,没有一点绕的地方,那就没意思了:)
插件工程的位置
最开始看wireshark工程时,子工程挺多的,一时都找不到插件工程的位置.
加入的最初的插件代码
// @file packet-foo.c
// @ref http://www.dgtech.com/foo/sys/www/docs/html/
#include "config.h"
#include <epan/packet.h>
#include <epan/prefs.h>
#include <epan/dissectors/packet-tcp.h>
#include "packet-foo.h"
void proto_register_foo(void);
void proto_reg_handoff_foo(void);
#define foo_TCP_PORT 7000 /* Not IANA registed */
static dissector_t dissect_foo = NULL;
static int proto_foo = -1;
void proto_register_foo(void)
{
// first entry proto_register_foo
// then entry proto_reg_handoff_foo
module_t *foo_module = NULL;
proto_foo = proto_register_protocol("foo Protocol", "foo", "foo");
foo_module = prefs_register_protocol(proto_foo, NULL);
// @note
// when Decode as ... => foo => ok
// will be crash on call_dissector_through_handle
// please see wireshark\doc\README.dissector, add more code
}
void proto_reg_handoff_foo(void)
{
dissector_handle_t foo_handle = NULL;
foo_handle = create_dissector_handle(dissect_foo, proto_foo);
dissector_add_uint_with_preference("tcp.port", foo_TCP_PORT, foo_handle);
}
/*
* Do not modify this file. Changes will be overwritten.
*
* Generated automatically from C:\Development\wireshark\tools\make-dissector-reg.py.
*/
#include "config.h"
#include <gmodule.h>
#include "moduleinfo.h"
/* plugins are DLLs */
#define WS_BUILD_DLL
#include "ws_symbol_export.h"
#ifndef ENABLE_STATIC
WS_DLL_PUBLIC_DEF void plugin_register (void);
WS_DLL_PUBLIC_DEF const gchar version[] = VERSION;
extern void proto_register_foo(void);
/* Start the functions we need for the plugin stuff */
WS_DLL_PUBLIC_DEF void
plugin_register (void)
{
proto_register_foo();
}
extern void proto_reg_handoff_foo(void);
WS_DLL_PUBLIC_DEF void plugin_reg_handoff(void);
WS_DLL_PUBLIC_DEF void
plugin_reg_handoff(void)
{
proto_reg_handoff_foo();
}
#endif