This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

ask about lua scripting

0

Hi guys, i have been working in a lua dissector for a private protocol

the protocol in the dump has a section with the return of the window's API GetSystemTimeAsFileTime in the form

6a 0e 2e c2 0c e2 ce 01

this is the value of the structure FILETIME

in the serve is decoded with

import datetime datetime.datetime.fromtimestamp((0xc22e0e6a + (0x01cee20c << 32)) / 10000000.0 - 11644473600)

the hex number 0xc2220e6a is the representation of "6a 0e 2e c2" and 0x01cee20c is "0c e2 ce 01"

i tried to decoded with a lua script:

timelow = buffer(0,4):le_uint() timehihg = buffer(4,4):le_uint()

the numbers are correct (i saw it with message())

but i have problems with bit.lshift(timehigh,32)

when i did message(bit.lshift(timehigh, 32)) i got -1037169046

i think that the problem has two reasons: timehigh isn't a unsigned value or timehigh is a 32 bits integer without the possility to extend to 64 bits

i wanna get:

"%d" % (0xc22e0e6a << 32) 13992136940716032000

is there any way?

p.s.: i also tried to get the complete number of 64 bits with le_uint64() but doesn't work

thanks for advance

Regards

asked 25 Nov '13, 09:25

Javier%20Aguinaga's gravatar image

Javier Aguinaga
11224
accept rate: 0%

edited 25 Nov '13, 09:27


2 Answers:

0

sounds like a problem with 64 bit values in Lua.

See my answer for a similar problem

http://ask.wireshark.org/questions/24594/displaying-gaps-or-drops-in-private-udp-sequence-numbers

and the resulting bug report

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9162

Regards
Kurt

answered 27 Nov '13, 13:03

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

Just to bring this answer up-to-date, Wireshark now has fairly extensive 64-bit support starting in release 1.11.3. Also, the poster asked about the bit.lshift() operation returning a negative number: we use Mike Pall's bitop library, which always returns a signed int32 result. See here.

answered 07 Mar '14, 16:40

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%