Hi,
Anders is right, neither highlighted 0x06 nor 0x05 gives you the string length.
Leaves you with FT_STRINGZ to display the string in the protocol tree.
Thanks,
Jaap
Anders Broman wrote:
Hi,
From the picture below it looks like you are reading the length from offset
0x43 the bytes would then be; starting with the high lighted 0x06 which
is high lighted by
By proto_add_item with length 1.
06 05 44 72 61 6d 61 65 6e 67 00
Loc_name length would then be 0x0605 as you are reading two octets with
tvb_get_ntohs()
Then you are adding the “string” 0x05 44 .. as offset is just moved one
byte with a length of
0x0605 with proto_add_item probably causing a “malformed packets” as you
are trying to read
outside of the tvb.
Best regards
Anders
------------------------------------------------------------------------
*Från:* wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] *För *Rach, Darshan
*Skickat:* den 4 december 2009 04:58
*Till:* wireshark-dev@xxxxxxxxxxxxx
*Ämne:* [Wireshark-dev] How to extract a string
Hi,
How to extract a string from packet (of Hex values)?
I know the string length.
I tried doing the following. But I am still not able to find it.
guint16 loc_name_length =0;
/*Location Name Length*/
proto_tree_add_item(oqtp_tree, hf_loc_name_length, tvb,
packet_field_offset, 1, FALSE);
loc_name_length = tvb_get_ntohs(tvb, packet_field_offset);
packet_field_offset += 1;
/*Location Name*/
proto_tree_add_item(oqtp_tree, hf_loc_name, tvb,
packet_field_offset,loc_name_length ,FALSE);
packet_field_offset = packet_field_offset + loc_name_length + 1;
Any help on this would be appreciated.
Regards,
Darshan