Wireshark mailing list archives
Re: Extract bytes from a tvbuff_t
From: rion () rubion com
Date: Sun, 26 May 2013 09:29:54 -0600
I found that this gives me the exact number of bytes I'm looking for: fwrite(tvb, tvb_length(tvb), 1, fp);Unfortunately, when I check the resulting file in a hex editor the bytes don't match up with what I see in the WireShark UI.
In the UI I see (Partial):16 03 01 00 39 02 00 00 35 03 01 51 a2 28 a1 19 75 ae ac 53 4f 36 a8 81 62 48
In the File I see (Partial):f0 a5 05 05 d0 6b fa 04 01 00 00 00 01 00 00 00 00 00 00 00 70 6e fa 04 d0 6b
I checked the end of the file to see if the bytes were 'backwards' and they are not. I'm not quite sure what to do now- am I missing something obvious?
Rion On 2013-05-25 21:58, Rion Carter wrote:
Thank you! I've been in C# for too many years. I'll try that when I get back to my desk. Rion Sent from my BlackBerry 10 smartphone. FROM: ronnie sahlberg SENT: Saturday, May 25, 2013 15:12 PM TO: Developer support list for Wireshark REPLY TO: Developer support list for Wireshark SUBJECT: Re: [Wireshark-dev] Extract bytes from a tvbuff_t fwrite(extracted, sizeof(extracted), 1, file) extracted is a pointer so sizeof(extracted) is the size of pointers on your platform. Often 4 on 32-bit platforms and 8 on 64-bit. You need something like this : fwrite(extracted, tvb_get_length(tvb, 0), 1, file) On Sat, May 25, 2013 at 1:42 PM, Rion Carter <rion () rubion com> wrote:Hi,I'm trying to extract raw bytes from a tvbuff_t and am not having much luck. As a simple test I have code which tries to extract the bytes and write it to a file. When I compile and run I get an output file with only 4 bytes init when I know there is more (extracting certificates). Here is what I've got. Any help is appreciated: guint8* extracted = (guint8*)ep_tvb_memdup(tvb, 0, -1); fwrite(extracted, size of extracted), 1, file);It's been awhile since I used c file io, and I'm pretty new to Wireshark dev. I may be missing obvious or going about this in the wrong fashion.Rion ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Extract bytes from a tvbuff_t Rion Carter (May 25)
- Re: Extract bytes from a tvbuff_t ronnie sahlberg (May 25)
- Re: Extract bytes from a tvbuff_t Rion Carter (May 25)
- HTML mails to text (was: Re: Extract bytes from a tvbuff_t) Jakub Zawadzki (May 25)
- Re: Extract bytes from a tvbuff_t rion (May 26)
- Re: Extract bytes from a tvbuff_t Jakub Zawadzki (May 26)
- Re: Extract bytes from a tvbuff_t rion (May 26)
- Re: Extract bytes from a tvbuff_t Rion Carter (May 25)
- Re: Extract bytes from a tvbuff_t ronnie sahlberg (May 25)