Wireshark mailing list archives

Re: How to properly finalize capture in a Wireshark extcap plugin?

From: Guy Harris <gharris () sonic net>
Date: Mon, 23 Nov 2020 14:57:49 -0800

On Nov 23, 2020, at 7:09 AM, Timmy Brolin <tib () hms se> wrote:

Reading up on it a bit, turns out there is no such thing as SIGTERM in Windows.


Correct.

There seems to exist several alternative ways of doing it in Windows.

Such as sending WM_QUIT or WM_CLOSE on the message queue,


This assumes that the program you're trying to tell to terminate *has* a message queue to which it pays attention.

Extcap programs are character-mode (console) programs, not windows programs; unless there's some hidden thread that's 
listening to a Windows message queue in those programs, they won't see that message.

or CTRL_BREAK_EVENT via SetConsoleCtrlHandler().


According to a comment in sig_pipe_kill() in capchild/capture_sync.c:

        /* Remark: This is not the preferred method of closing a process!
         * the clean way would be getting the process id of the child process,
         * then getting window handle hWnd of that process (using EnumChildWind$
         * and then do a SendMessage(hWnd, WM_CLOSE, 0, 0)
         *
         * Unfortunately, I don't know how to get the process id from the
         * handle.  OpenProcess will get an handle (not a window handle)
         * from the process ID; it will not get a window handle from the
         * process ID.  (How could it?  A process can have more than one
         * window.  For that matter, a process might have *no* windows,
         * as a process running dumpcap, the normal child process program,
         * probably does.)
         *
         * Hint: GenerateConsoleCtrlEvent() will only work if both processes are
         * running in the same console; that's not necessarily the case for
         * us, as we might not be running in a console.
         * And this also will require to have the process id.
         */

so that might not work either.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Dario Lombardo (Nov 23)
  - Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
    - Re: How to properly finalize capture in a Wireshark extcap plugin? Guy Harris (Nov 23)
    - Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 24)
    - Re: How to properly finalize capture in a Wireshark extcap plugin? Graham Bloice (Nov 24)
    - Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 24)