Wireshark · Wireshark-dev: Re: [Wireshark-dev] FILETIME

Wireshark-dev: Re: [Wireshark-dev] FILETIME

From: Gerhard Gappmeier <gerhard.gappmeier@xxxxxxxxxxx>

Date: Thu, 08 Feb 2007 14:36:52 +0100

sounds good,
but I don't know to use that in my plugin.

I get unresolved external error for that function.
It tried to link dissectors.lib from <epan/dissectors> but this causes even more linker errors.

Guy Harris schrieb:

Gerhard Gappmeier wrote:

is there a simple way to handle windows FILETIME?

Use the routine dissect_nt_64bit_time(), declared in 
<epan/dissectors/packet-windows-common.h>

What is FT_ABSOLUTE_TIME and FT_RELATIVE_TIME for?

FT_ABSOLUTE_TIME is for time values that represent a date and time, such 
as a FILETIME; FT_RELATIVE_TIME is for time values that represent an 
amount of time since some unspecified point (e.g., "5 minutes from now").

Declare an FT_ABSOLUTE_TIME field and pass its hf_ value as the last 
argument to dissect_nt_64bit_time().
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Follow-Ups:
- Re: [Wireshark-dev] FILETIME
  - From: Guy Harris

References:
- [Wireshark-dev] FILETIME
  - From: Gerhard Gappmeier
- Re: [Wireshark-dev] FILETIME
  - From: Guy Harris

Prev by Date: [Wireshark-dev] [PATCH] RTP with MP2T payload bug fix
Next by Date: [Wireshark-dev] wireshark build error
Previous by thread: Re: [Wireshark-dev] FILETIME
Next by thread: Re: [Wireshark-dev] FILETIME
Index(es):
- Date
- Thread