Wireshark-dev: Re: [Wireshark-dev] Idea for process image dissection
From: Roland Knall <rknall@xxxxxxxxx>
Date: Tue, 15 Oct 2013 18:25:46 +0200
Hi


I actually did not know about wsgd.free.fr. For what I want to
achieve, this would be completely sufficient. But It would need a UI,
because the definition of the wsgd and fdesc files would be too much
for the nomal user.

I will work on that instead, and see where I can go from there.

Just one question though, why is this plugin not part of wireshark?


kind regards,
Roland

On Mon, Oct 14, 2013 at 8:40 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Oct 13, 2013, at 1:17 AM, Roland Knall <rknall@xxxxxxxxx> wrote:
>
>> For such a dissection, we need to tell a dissector, how to dissect a
>> specific payload.
>>
>> I would like to implement a new field type (FT_PIMAGE) and allow the
>> user using a dialog, to specify a filter and a mapping to dissect the
>> field.
>
> Would the payload consist either of one big FT_PIMAGE field or a sequence of nothing but FT_PIMAGE fields?
>
> If so, then...
>
>> For instance one definition might be:
>
> ...another definition might be
>
>         http://wsgd.free.fr
>
> if the goal is to avoid requiring C/C++ code to be written to dissect the payload.
>
> Adding a UI to allow construction of wsgd descriptions would be useful here.
>
>> The definition for each field mapping must be also session specific,
>> as it will definitely change between dissections.
>
> Multiple registered wsgd descriptions, and a session-specific selection of a description, should handle that.
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe