Wireshark · Wireshark-users: Re: [Wireshark-users] Reading a zero-terminated string in Lua dissector

Wireshark-users: Re: [Wireshark-users] Reading a zero-terminated string in Lua dissector

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Fri, 01 Jun 2012 17:47:27 -0400

Carsten Fuchs wrote:

However, I was wondering how I best read zero-terminated strings?

Of course it is possible to loop over i until
    buffer(offset+i, 1):uint8() == 0
then
    i = i + 1    -- Read the zero as well.
        subtree:add(CafuProto.fields.MyString, buffer(offset, i));
    offset = offset + i

But I was wondering if there is a more direct and/or more elegant way?
Btw., what is the difference between ProtoField.string andProtoField.stringz as mentioned athttp://www.wireshark.org/docs/wsug_html_chunked/lua_module_Proto.html#lua_class_ProtoField?


To use 'string' fields you'll need to determine the string length first.

'stringz' fields are strings that you're sure are NULL-terminated and soyou should be able to use a length of -1 (which means "continue to theNULL terminator") but I'm not sure how that can be done in the Lua API(maybe you can just past -1 to the length in buffer()?).

Follow-Ups:
- Re: [Wireshark-users] Reading a zero-terminated string in Lua dissector
  - From: Carsten Fuchs

Next by Date: [Wireshark-users] summing tcp.time_delta
Next by thread: Re: [Wireshark-users] Reading a zero-terminated string in Lua dissector
Index(es):
- Date
- Thread