Wireshark mailing list archives
Re: Decompress Data
From: Marcel Haas <inf462 () Fh-Worms DE>
Date: Fri, 07 Oct 2011 13:38:33 +0200
On Fri, 7 Oct 2011 13:21:15 +0200, fab12 () freesurf fr wrote:
I have a example from my plugin if it may help: unsigned char Ip_Buffer[2000]; /* Get the buffer bytes to decompress */ tvb_memcpy(tvb, Ip_Buffer, (*bitoffset)/8,lgpdubit/8); /* * Decompress it: * Decompressed buffer is output in Op_Buffer, * size of the decompressed buffer (in bit in this case) in SizeInBits */ */ rc = decompress(Ip_Buffer, lgpdubit - ((8-bitnb) % 8), &(Op_Buffer), &O_SizeInBits); /* Now re-setup the tvb buffer to have the new data */ next_tvb = tvb_new_real_data(Op_Buffer, O_SizeInBits/8, O_SizeInBits/8); tvb_set_child_real_data_tvbuff(tvb, next_tvb); add_new_data_source(pInfoG, next_tvb, "Decompressed Data"); /* From here dissect next_tvb from offset 0 */
Where u get the decompress function and what type does rc have .. ?
On Fri, 7 Oct 2011 13:51:13 +0400, Max Dmitrichenko <dmitrmax () gmail com> wrote:2011/10/7 Marcel Haas <inf462 () fh-worms de>:And i have the next problem. Damn wireshark kick my ass :) I have some packets witch are compress witz zlib. I want to uncompress them. I read the dev-guid about transformed data but i dont have a clue. I were testing some stuff but with no good result. Can someone help me with that ?It is simple. 1) You have to know the size of decompressed data, e.g. in buffer_size variable. 2) Alloc the buffer of needed size for it using e.g. se_alloc, e.g. you have pointer to alloced buffer called buffer_ptr. 3) Decompress you data into that buffer. 4) call child_tvb = tvb_new_child_real_data(current_tvb, buffer_ptr, buffer_size, buffer_size); 5) call add_new_data_source(pinfo, child_tvb, "Decompressed Data"); 6*) Optionally you can dissect child_tvb as any usual TVB. In the GUI you'll get the decompressed data into another tab called "Decompressed Data" or any other name you provide in step 5. -- Max ___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribehmm i dont get it at all .. my code looks like this : guint8 *buff; tvbuff_t *compress_tvb; int captured_size;captured_size=tvb_length_remaining(tvb, offset2); //I think that what umean by 1 buff= g_malloc(captured_size); // step 2 ? compress_tvb=tvb_new_real_data(buff,captured_size,captured_size);// step 4 ?tvb_set_free_cb(compress_tvb,g_free); // step4 ?tvb_set_child_real_data_tvbuff(tvb,compress_tvb); // step4 ?add_new_data_source(pinfo,compress_tvb,"Decompressed TVB"); //step 5___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data Max Dmitrichenko (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data fab12 (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data Max Dmitrichenko (Oct 07)
- Re: Decompress Data Stephen Fisher (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 10)
- Re: Decompress Data Marcel Haas (Oct 10)