Wireshark-dev: Re: [Wireshark-dev] Decompress Data
From: Marcel Haas <inf462@xxxxxxxxxxx>
Date: Fri, 07 Oct 2011 13:38:33 +0200
On Fri, 7 Oct 2011 13:21:15 +0200, fab12@xxxxxxxxxxx wrote:
I have a example from my plugin if it may help:
unsigned char Ip_Buffer[2000];
/* Get the buffer bytes to decompress */
tvb_memcpy(tvb, Ip_Buffer, (*bitoffset)/8,lgpdubit/8);
/*
* Decompress it:
* Decompressed buffer is output in Op_Buffer,
* size of the decompressed buffer (in bit in this case) in
SizeInBits */
*/
rc = decompress(Ip_Buffer, lgpdubit - ((8-bitnb) % 8), &(Op_Buffer),
&O_SizeInBits);
/* Now re-setup the tvb buffer to have the new data */
next_tvb = tvb_new_real_data(Op_Buffer, O_SizeInBits/8,
O_SizeInBits/8);
tvb_set_child_real_data_tvbuff(tvb, next_tvb);
add_new_data_source(pInfoG, next_tvb, "Decompressed Data");
/* From here dissect next_tvb from offset 0 */
Where u get the decompress function and what type does rc have .. ?
On Fri, 7 Oct 2011 13:51:13 +0400, Max Dmitrichenko <dmitrmax@xxxxxxxxx> wrote:2011/10/7 Marcel Haas <inf462@xxxxxxxxxxx>:And i have the next problem. Damn wireshark kick my ass :) I have some packets witch are compress witz zlib. I want to uncompress them. I read the dev-guid about transformed data but i dont have a clue. I were testing some stuff but with no good result. Can someone help me with that ?It is simple. 1) You have to know the size of decompressed data, e.g. in buffer_size variable. 2) Alloc the buffer of needed size for it using e.g. se_alloc, e.g. you have pointer to alloced buffer called buffer_ptr. 3) Decompress you data into that buffer. 4) call child_tvb = tvb_new_child_real_data(current_tvb, buffer_ptr, buffer_size, buffer_size); 5) call add_new_data_source(pinfo, child_tvb, "Decompressed Data"); 6*) Optionally you can dissect child_tvb as any usual TVB. In the GUI you'll get the decompressed data into another tab called "Decompressed Data" or any other name you provide in step 5. -- Max ___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribehmm i dont get it at all .. my code looks like this : guint8 *buff; tvbuff_t *compress_tvb; int captured_size;captured_size=tvb_length_remaining(tvb, offset2); //I think that what umean by 1 buff= g_malloc(captured_size); // step 2 ? compress_tvb=tvb_new_real_data(buff,captured_size,captured_size);// step 4 ?tvb_set_free_cb(compress_tvb,g_free); // step4 ?tvb_set_child_real_data_tvbuff(tvb,compress_tvb); // step4 ?add_new_data_source(pinfo,compress_tvb,"Decompressed TVB"); //step 5___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-dev] Decompress Data
- From: Marcel Haas
- Re: [Wireshark-dev] Decompress Data
- From: Max Dmitrichenko
- Re: [Wireshark-dev] Decompress Data
- From: Marcel Haas
- Re: [Wireshark-dev] Decompress Data
- From: fab12
- [Wireshark-dev] Decompress Data
- Prev by Date: Re: [Wireshark-dev] Decompress Data
- Next by Date: Re: [Wireshark-dev] Send info to plugin
- Previous by thread: Re: [Wireshark-dev] Decompress Data
- Next by thread: Re: [Wireshark-dev] Decompress Data
- Index(es):