Wireshark-dev: Re: [Wireshark-dev] Extract bytes from a tvbuff_t

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: rion@xxxxxxxxxx
Date: Sun, 26 May 2013 09:29:54 -0600
I found that this gives me the exact number of bytes I'm looking for:

fwrite(tvb, tvb_length(tvb), 1, fp);
Unfortunately, when I check the resulting file in a hex editor the bytes don't match up with what I see in the WireShark UI. 

In the UI I see (Partial):
16 03 01 00 39 02 00 00 35 03 01 51 a2 28 a1 19 75 ae ac 53 4f 36 a8 81 62 48 

In the File I see (Partial):
f0 a5 05 05 d0 6b fa 04 01 00 00 00 01 00 00 00 00 00 00 00 70 6e fa 04 d0 6b
I checked the end of the file to see if the bytes were 'backwards' and they are not. I'm not quite sure what to do now- am I missing something obvious? 

Rion

On 2013-05-25 21:58, Rion Carter wrote:

Thank you! I've been in C# for too many years. I'll try that when I
get back to my desk.

Rion

Sent from my BlackBerry 10 smartphone.

FROM: ronnie sahlberg
SENT: Saturday, May 25, 2013 15:12 PM
TO: Developer support list for Wireshark
REPLY TO: Developer support list for Wireshark
SUBJECT: Re: [Wireshark-dev] Extract bytes from a tvbuff_t

fwrite(extracted, sizeof(extracted), 1, file)

extracted is a pointer so sizeof(extracted) is the size of pointers on
your platform. Often 4 on 32-bit platforms and 8 on 64-bit.

You need something like this :
fwrite(extracted, tvb_get_length(tvb, 0), 1, file)

On Sat, May 25, 2013 at 1:42 PM, Rion Carter <rion@xxxxxxxxxx> wrote:

Hi,
I'm trying to extract raw bytes from a tvbuff_t and am not having much luck. As a simple test I have code which tries to extract the bytes and write it to a file. When I compile and run I get an output file with only 4 bytes in 
it when I know there is more (extracting certificates).

Here is what I've got. Any help is appreciated:

guint8* extracted = (guint8*)ep_tvb_memdup(tvb, 0, -1);
fwrite(extracted, size of extracted), 1, file);
It's been awhile since I used c file io, and I'm pretty new to Wireshark dev. I may be missing obvious or going about this in the wrong fashion. 

Rion

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe