Microsoft (R) COFF/PE Dumper Version 9.00.21022.08
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file c:\program files\wireshark\wireshark.exe
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
8664 machine (x64)
6 number of sections
502BCA0F time date stamp Wed Aug 15 11:10:55 2012
0 file pointer to symbol table
0 number of symbols
F0 size of optional header
22 characteristics
Executable
Application can handle large (>2GB) addresses
OPTIONAL HEADER VALUES
20B magic # (PE32+)
10.00 linker version
196600 size of code
188600 size of initialized data
0 size of uninitialized data
195120 entry point (0000000140195120)
1000 base of code
140000000 image base (0000000140000000 to 0000000140322FFF)
1000 section alignment
200 file alignment
5.02 operating system version
0.00 image version
5.02 subsystem version
0 Win32 version
323000 size of image
400 size of headers
30BE6E checksum
2 subsystem (Windows GUI)
8140 DLL characteristics
Dynamic base
NX compatible
Terminal Server Aware
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
And from my local build based on 1.8.2:
Microsoft (R) COFF/PE Dumper Version 9.00.21022.08
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file c:\program files\wireshark\wireshark.exe
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
8664 machine (x64)
6 number of sections
50A2870D time date stamp Tue Nov 13 11:44:45 2012
0 file pointer to symbol table
0 number of symbols
F0 size of optional header
22 characteristics
Executable
Application can handle large (>2GB) addresses
OPTIONAL HEADER VALUES
20B magic # (PE32+)
10.00 linker version
199800 size of code
18A000 size of initialized data
0 size of uninitialized data
198260 entry point (0000000140198260)
1000 base of code
140000000 image base (0000000140000000 to 0000000140326FFF)
1000 section alignment
200 file alignment
6.01 operating system version
0.00 image version
6.01 subsystem version
0 Win32 version
327000 size of image
400 size of headers
0 checksum
2 subsystem (Windows GUI)
8140 DLL characteristics
Dynamic base
NX compatible
Terminal Server Aware
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
The differences appear to be "operating system version" (5.02 for official, 6.01 for local) and "subsystem version" (same values). I would imagine that would at least contribute to the problem.
But I'm not sure how to correct it.
On 14 November 2012 20:14, David Ameiss
<netshark@xxxxxxxxxxxxx> wrote:
Building the 32-bit version of Wireshark in the same environment (Windows 7, VS2010EE), the resulting Wireshark.exe runs correctly on Vista.
So now I'm starting to think either (a) VS2010EE 64-bit executables can only be run on Windows 7 [at least if built on Windows 7], or (b) my setup for building 64-bit on Windows 7 isn't quite correct. And since the 64-bit Wireshark runs just fine on Windows 7, I'm leaning toward (a) above.
My understanding is that the Wireshark build machine for 64-bit is using VS2010, not VS2010EE. Is that correct?
The missing IESHIMS.DLL isn't an issue, I think it's some sort of compatibility dll that I've noticed depends always reports as missing.
What does the output of "dumpbin /headers path\to\your\wireshark\exectuable" look like for the version that doesn't work. The interesting bit is the first part of the output, the section headers bits aren't much use in this case.
What I would like to see is the pe header windows target.