This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Migration of a plugin dissector to 64-bit

0

My task is to create a dissector for my own protocol, implemented as a plugin, compiled to 64-bit architecture. I've been struggling with some errors, and I need some help to complete my work:

1) To successfully build my dissector, do I have to compile the whole Wireshark, or can I just compile my plugin as a dll, and add it to the plugins directory of the downloaded version of WS?

2)I don't know how makefiles work, and I'm using a Windows7-64bit machine for this project. Can I compile my plugin with Visual Studio, as a standard project, or do I have to deal with these makefiles?

3)If I can use only Visual Studio, is it possible to use the 2013 vesion, or WS doesn't support it yet, and I have to use a previous version?

4)once the project is succesfully built to target a 32-bit platform the only thing that I have to do is to change the "Project properties" in order to target a 64-bit platform? Or is there anything else that should be done to produce a 64-bit dissector?

5)I tried to build my plugin with VS2013, and I have this kind of error: "error LNK2001: unresolved external symbol __ imp _ find _dissector". Is this related to the fact that I am building only the plugin without the whole WS project? Or maybe is that problem about the migration 32->64? Or maybe something else?

Thanks a lot in advance for the help.

asked 29 Jul '14, 05:23

francesco_bigotto's gravatar image

francesco_bi...
21459
accept rate: 0%

One Answer:

1

Arguably none of your questions have much to do with bit width, more to do with building Wireshark. Please read the Developers Guide, read it again, and then follow it exactly.

  1. Your dissector will need to link with the wireshark library (libwireshark.lib) so you'll have to build all of Wireshark (or at least libwireshark).
  2. Currently on Windows, Wireshark is built using windows nmake and the makefiles in the sources. The Developers Guide has step-by-step details for building Wireshark.
  3. The current Wireshark releases use VS2010, but I've been compiling with VS2013 for some time (the makefiles are able to use VS2013) and Wireshark is likely to move to this soon for the next set of releases (post 1.12).
  4. The platform is set via options provided to the nmake builds. As the builds are "in-tree" changing platform means a "nmake clean" using the old platform settings to remove all the x86 objects, followed by a build with the new platform (or use a separate source tree to have both builds available at the same time).
  5. See answer #1. Probably. Unlikely. Possibly.

answered 29 Jul '14, 05:44

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 29 Jul '14, 06:09