Wireshark mailing list archives
Re: Decompress Data
From: Marcel Haas <inf462 () Fh-Worms DE>
Date: Fri, 07 Oct 2011 12:29:58 +0200
On Fri, 7 Oct 2011 13:51:13 +0400, Max Dmitrichenko <dmitrmax () gmail com> wrote:
2011/10/7 Marcel Haas <inf462 () fh-worms de>:And i have the next problem. Damn wireshark kick my ass :) I have some packets witch are compress witz zlib. I want to uncompress them. I read the dev-guid about transformed data but i dont have a clue. I were testing some stuff but with no good result. Can someone help me with that ?It is simple. 1) You have to know the size of decompressed data, e.g. in buffer_size variable. 2) Alloc the buffer of needed size for it using e.g. se_alloc, e.g. you have pointer to alloced buffer called buffer_ptr. 3) Decompress you data into that buffer. 4) call child_tvb = tvb_new_child_real_data(current_tvb, buffer_ptr, buffer_size, buffer_size); 5) call add_new_data_source(pinfo, child_tvb, "Decompressed Data"); 6*) Optionally you can dissect child_tvb as any usual TVB. In the GUI you'll get the decompressed data into another tab called "Decompressed Data" or any other name you provide in step 5. -- Max ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request () wireshark org?subject=unsubscribe
hmm i dont get it at all .. my code looks like this : guint8 *buff; tvbuff_t *compress_tvb; int captured_size;captured_size=tvb_length_remaining(tvb, offset2); //I think that what u mean by 1
buff= g_malloc(captured_size); // step 2 ?compress_tvb=tvb_new_real_data(buff,captured_size,captured_size);// step 4 ? tvb_set_free_cb(compress_tvb,g_free); // step 4 ? tvb_set_child_real_data_tvbuff(tvb,compress_tvb); // step 4 ?
add_new_data_source(pinfo,compress_tvb,"Decompressed TVB"); //step 5 ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data Max Dmitrichenko (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data fab12 (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 07)
- Re: Decompress Data Max Dmitrichenko (Oct 07)
- Re: Decompress Data Stephen Fisher (Oct 07)
- Re: Decompress Data Marcel Haas (Oct 10)
- Re: Decompress Data Marcel Haas (Oct 10)