Re: Idea for process image dissection

[Guy Harris <guy () alum mit edu>]

On Oct 13, 2013, at 1:17 AM, Roland Knall <rknall () gmail com> wrote:

> For such a dissection, we need to tell a dissector, how to dissect a
> specific payload.
>
> I would like to implement a new field type (FT_PIMAGE) and allow the
> user using a dialog, to specify a filter and a mapping to dissect the
> field.

Would the payload consist either of one big FT_PIMAGE field or a sequence of nothing but FT_PIMAGE fields?

If so, then...

> For instance one definition might be:

...another definition might be

        http://wsgd.free.fr

if the goal is to avoid requiring C/C++ code to be written to dissect the payload.

Adding a UI to allow construction of wsgd descriptions would be useful here.

> The definition for each field mapping must be also session specific,
> as it will definitely change between dissections.

Multiple registered wsgd descriptions, and a session-specific selection of a description, should handle that.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe