This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to include LuaExpat for parsing XML files in Lua Scripts?

0

Hi all,

i am writing a Wireshark listener in Lua which needs to process a XML file before registering the listener. For parsing the XML file I used LuaExpat (lxp) and tried the parsing functionality in the Lua interpreter 1 which runs fine. Unfortunately, when Wireshark tries to execute the script it fails:

tshark: Lua: Error during loading:
 [string "res.lua"]:2: module 'lxp' not found:
        no field package.preload['lxp']
        no file '.\lxp.lua'
        no file 'C:\Program Files\Wireshark\lua\lxp.lua'
        no file 'C:\Program Files\Wireshark\lua\lxp\init.lua'
        no file 'C:\Program Files\Wireshark\lxp.lua'
        no file 'C:\Program Files\Wireshark\lxp\init.lua'
        no file 'C:\Program Files (x86)\Lua\5.1\lua\lxp.luac'
        no file '.\lxp.dll'
        no file 'C:\Program Files\Wireshark\lxp.dll'
        no file 'C:\Program Files\Wireshark\loadall.dll'
        no file 'C:\Program Files\Wireshark\clibs\lxp.dll'
        no file 'C:\Program Files\Wireshark\clibs\loadall.dll'
        no file '.\lxp51.dll'
        no file 'C:\Program Files\Wireshark\lxp51.dll'
        no file 'C:\Program Files\Wireshark\clibs\lxp51.dll'

I am running Wireshark version 1.10 on Windows 7 64bit.

Any ideas? Thanks! Jonas

asked 16 Sep '13, 05:41

johannes24's gravatar image

johannes24
21226
accept rate: 100%

One Answer:

1

Get a copy of lxp.dll from the link below.

http://files.luaforge.net/releases/luaexpat/LuaExpat/LuaExpat1.1.0

Then copy lxp.dll to the directory C:\Program Files\Wireshark\, or any of the other directories where Wireshark tried to find it (see your output above).

UPDATE
Following the hint of @grahamb (see his comment below): The 'bittedness' of the LuaExpat DLL mentioned above is 32 (Bit). You cannot load that into a 64 Bit version of Wireshark.

These are your options:

  1. Install a 32 Bit version of Wireshark on your 64 Bit OS. Loading the 32 Bit version of lxp.dll will work in such a setup
  2. Get or compile a 64 Bit version of the DLL

Regards
Kurt

answered 16 Sep '13, 06:36

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 17 Sep '13, 03:23

Hi Kurt, thanks for your reply. I tried your suggestion but unfortunately Wireshak can't execute my script:

tshark: Lua: Error during loading: error loading module 'lxp' from file '.\lxp.dll': %1 ist keine zulΣssige Win32-Anwendung.

In case you don't understand German, it means: %1 is not a valid Win32 application.

Do you have any further ideas? Thanks!

(16 Sep '13, 07:01) johannes24

I also tried setting the environment variables LUA_PATH and LUA_CPATHS like my Lua interpreter shows their values:

print (package.path) ;.\?.lua;C:\Program Files (x86)\Lua\5.1\lua\?.lua;C:\Program Files (x86)\Lua\5.1\lua\?\init.lua;C:\Program Files (x86)\Lua\5.1\?.lua;C:\Program Files (x86)\Lua\5.1\?\init.lua;C:\Program Files (x86)\Lua\5.1\lua\?.luac print (package.cpath) .\?.dll;.\?51.dll;C:\Program Files (x86)\Lua\5.1\?.dll;C:\Program Files (x86)\Lua\5.1\?51.dll;C:\Program Files (x86)\Lua\5.1\clibs\?.dll;C:\Program Files (x86)\Lua\5.1\clibs\?51.dll;C:\Program Files (x86)\Lua\5.1\loadall.dll;C:\Program Files (x86)\Lua\5.1\clibs\loadall.dll

But this results in the same error like copying lxp.dll to the wireshark directory.

(16 Sep '13, 07:04) johannes24

Unfortunately, I don't have an answer yet. But maybe this is a 32/64bit problem?

The Lua interpreter I used is from 1. Thanks, Jo

(16 Sep '13, 07:21) johannes24

In case you don't understand German, it means: %1 is not a valid Win32 application.

Never mind, I was able to read it (I'm from Munich) ;-)

However, I don't know why it rejects the DLL. Can you please post a small lua script that makes use of the library? I will then try to run it on my system.

Unfortunately, I don't have an answer yet. But maybe this is a 32/64bit problem?

Could well be.

(16 Sep '13, 07:29) Kurt Knochner ♦

--sample.lua

do local lxp = require("lxp") -- crashes

local function init_listener() local tap = Listener.new(nil, "eth")

function tap.reset()
end    
function tap.packet(pinfo, tvb)
  print("packet rcvd")
end    
function tap.draw()
end

end

-- Initialize the listener init_listener() end -- do

Afterwards, I run the above Lua script using either tshark or wireshark:

tshark.exe -i 1 -q -Xlua_script:sample.lua

(16 Sep '13, 07:35) johannes24
1

it works on WinXP 32 Bit. It fails to load the DLL on Win7 64Bit.

If you load the DLL into Dependency Walker, you'll find that it's a 32 Bit DLL.

So, if you want to use that library in a 64 Bit OS (and/or Wireshark), you need a 64 Bit version of the DLL or create one yourself.

Maybe it helps to install a 32 Bit version of Wireshark on your 64 Bit OS. I have not tried that.

(16 Sep '13, 08:52) Kurt Knochner ♦
2

The bittedness of the DLL must match the bittedness of Wireshark. You can only run 32 bit apps on a 32 bit OS, you can user either on a 64 bit OS, but DLL's must match the program that's loading them.

32 bit Wireshark runs perfectly well on a 64 bit OS.

(16 Sep '13, 09:38) grahamb ♦

I did not know that this feature/characteristic was called bittedness. Do you know where that comes from?

(16 Sep '13, 10:11) Kurt Knochner ♦

I think I made it up :-) Or I might have come across it somewhere else, anyway that's the term we use in my day job.

(16 Sep '13, 15:20) grahamb ♦

Ok, thank you all for your help and suggestions. I just switched to the 32bit version of Wireshark and all works fine.

Thanks again for troubleshooting! Have a nice day! Jo

(17 Sep '13, 00:29) johannes24

@johannes24, if an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(17 Sep '13, 01:57) grahamb ♦
showing 5 of 11 show 6 more comments