本文详细介绍了在Windows环境下编译Wireshark protobuf插件的步骤,包括环境配置、源码下载、配置修改、编译过程及解决编译问题。通过此指南,读者能够学会如何为Wireshark添加protobuf协议解析支持。
需要进行抓包分析,由于不支持自定义协议,因此需要做wireshark的protobuf插件开发。
wireshark 插件开发有两种,
一种是用lua开发,挂在wireshark上。
另一种是通过c插件编译出dll文件,将dll文件挂在wireshark上。
软件版本:
vs2008
python 2.7
protobuf 2.6.1
wireshark 1.8.6
主要参考帖子:
其中前两个是最主要的 ,第三个是前期环境配置的主要问题。
1、环境搭建。
1.1 安装vs2008(不需要拷贝vsc**.*等环境配置文件,用vs2008 commond promot运行nmake命令相当于配好了环境)
1.2 安装最新版本的cgwin,并配置:
- Archive/unzip (not needed if using CMake)
- Devel/bison (or install Win flex-bison - see Chocolatey below)
- Devel/flex (or install Win flex-bison - see Chocolatey below)
- Devel/git (recommended - see discussion about using Git below)
- Interpreters/perl
- Utils/patch (only if needed) (may be Devel/patch instead)
- Web/wget (not needed if using CMake)
- Text/asciidoc
- Text/docbook-xml45
1.3 下载wireshark源码。
http://www.Wireshark.org/download/src/all-versions/
我用的版本是wireshark 1.8.6
1.4 编译config.nmake文件
(1)WIRESHARK_LIBS: 设置编译wireshark所需要的库所在的目录。默认即可(因此不需要Wireshark 插件开发整体解决方案中的第5部.)
(2)PROGRAM_FILES:设置本机程序安装目录,默认即可。
(3)MSVC_VARIANT我使用的是VS2008,所以在这里把值为MSVC2008的那一行前面的#去掉,其余MSVC_VARIANT项保持不变。
(4)CYGWIN_PATH将其设置为Cygwin的bin目录,例如C:\Cygwin\bin.
(5)PYTHON及其后的PATH将其修改为本机python.exe和其安装目录的位置,例如:C:\Python27\Python.exe
(6)MSVCR_DLL如果VS不是安装在C盘,请在这里相应的地方用绝对路径表示,而不要去修改前面的PROGRAM_FILES。如果是在c盘,
则不能使用绝对路径。若是安装在c盘,此项不需要修改。
(7)MAKENSIS 如果你没有安装NSIS安装程序制作工具,用#注释掉此行
(8)HHC_DIR如果没有安装HTMLHelpWorkshop(chm帮助文件制作工具),注释掉此行
(9)注释掉HHC_EXE
1.5
在vs2008中cmd中cd到wireshark 源码的目录。
执行nmake -f makefile.nmake verify_tools,检查工具。全部成功如下图。
执行nmake -f makefile.nmake setup
执行nmake -f makefile.nmake distclean
执行nmake -f makefile.nmake all。
protobuf插件开发主要就是前两个链接。
1. 首先要先搭建好wireshark编译环境,参见前面参考。
2. 下载protobuf-wireshark代码,下载protobuf-wireshark-runtime-0.1.tar.gz文件点击打开链接
3. 解压protobuf-wireshark-runtime-0.1.tar.gz文件后,修改 wireshark.conf配置文件。设置wireshark的源代码和安装目录,本人配置如下
wireshark_src_dir : /cygdrive/h/wireshark-1.8.6
wireshark_install_dir : /cygdrive/c/Program Files/Wireshark
wireshark_version : 1.8.6
4. 启动cygwin终端,并切换到protobuf-wireshark-runtion-0.1的目录下面,本人地址为;/cygdrive/h/a/protobuf-wireshark-runtime-0.1
5. 执行$ ./make_wireshark_plugin.py wireshark.conf
注意:编译是通不过的,因为该工程是针对linux的,而我们要的是windows的版本。
执行后,在wireshark\plusins目录下会创建protobuf目录,并且生成了moduleinfo.h、Makefile.am、packet-protobuf.c三个文件
同时在protobuf-wireshark-runtime-0.1源代码目录下也会生成2个c++文件wireshark-glue-protobuf.h和wireshark-glue-protobuf.cc,把这2个文件拷贝到plugins\protobuf目录下面。
6. 切换到plugins\protobuf目录,并从其他插件目录拷贝 Makefile.common、moduleinfo.nmake、Makefile.nmake、plugin.rc.in 4个文件,对5和6中的文件做修改。
wireshark的所有源代码都是基于c语言的,但是protobuf插件多了c++文件。
修改6中的三个文件内容。
makefile.common 文件内容:
# Makefile.common for protobuf plugin
# Contains the stuff from Makefile.am and Makefile.nmake that is
# a) common to both files and
# b) portable between both files
#
# $Id: Makefile.common 27491 2009-02-21 16:33:48Z jake $
#
# Wireshark - Network traffic analyzer
# By Gerald Combs <gerald@wireshark.org>
# Copyright 1998 Gerald Combs
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# the name of the plugin
PLUGIN_NAME = protobuf
# the dissector sources (without any helpers)
DISSECTOR_SRC = \
packet-protobuf.c
DISSECTOR_SRCC = \
wireshark-glue-protobuf.cc
# corresponding headers
DISSECTOR_INCLUDES = \
wireshark-glue-protobuf.h\
moduleinfo.h\
# Dissector helpers. They're included in the source files in this
# directory, but they're not dissectors themselves, i.e. they're not
# used to generate "plugin.c".
DISSECTOR_SUPPORT_SRC =
moduleinfo.nmake文件内容:
#
# $Id: moduleinfo.nmake 20157 2006-12-19 22:23:22Z jake $
#
# The name
PACKAGE=protobuf
# The version
MODULE_VERSION_MAJOR=0
MODULE_VERSION_MINOR=0
MODULE_VERSION_MICRO=1
MODULE_VERSION_EXTRA=0
#
# The RC_VERSION should be comma-separated, not dot-separated,
# as per Graham Bloice's message in
#
# http://www.ethereal.com/lists/ethereal-dev/200303/msg00283.html
#
# "The RC_VERSION variable in config.nmake should be comma separated.
# This allows the resources to be built correctly and the version
# number to be correctly displayed in the explorer properties dialog
# for the executables, and XP's tooltip, rather than 0.0.0.0."
#
MODULE_VERSION=$(MODULE_VERSION_MAJOR).$(MODULE_VERSION_MINOR).$(MODULE_VERSION_MICRO).$(MODULE_VERSION_EXTRA)
RC_MODULE_VERSION=$(MODULE_VERSION_MAJOR),$(MODULE_VERSION_MINOR),$(MODULE_VERSION_MICRO),$(MODULE_VERSION_EXTRA) Makefile.nmake文件内容:
# Makefile.nmake
# nmake file for Wireshark plugin
#
# $Id: Makefile.nmake 42971 2012-06-01 14:08:12Z wmeier $
#
PROTOBUF_DIR=F:\protobuf-2.6.1\src
PROTOBUF_LIB=F:\protobuf-2.6.1\vsprojects\Release\libprotobuf.lib
include ..\..\config.nmake
include moduleinfo.nmake
PLUGIN_NAME=protobuf
DISSECTOR_SRC=packet-protobuf.c
DISSECTOR_SRCC=wireshark-glue-protobuf.cc
DISSECTOR_SUPPORT_SRC=
DISSECTOR_INCLUDES=wireshark-glue-protobuf.h moduleinfo.h
CFLAGS=$(WARNINGS_ARE_ERRORS) $(STANDARD_CFLAGS) /I../.. $(GLIB_CFLAGS) /I$(PROTOBUF_DIR)
.c.obj::
$(CC) $(CFLAGS) -Fd.\ -c $<
.cc.obj::
$(CC) $(CFLAGS) -Fd.\ -c $<
LDFLAGS = $(PLUGIN_LDFLAGS)
!IFDEF ENABLE_LIBWIRESHARK
LINK_PLUGIN_WITH=..\..\epan\libwireshark.lib ..\..\wsutil\libwsutil.lib $(PROTOBUF_LIB)
CFLAGS=/D_NEED_VAR_IMPORT_ $(CFLAGS)
DISSECTOR_OBJECTS = $(DISSECTOR_SRC:.c=.obj)
DISSECTOR_OBJECTSS = $(DISSECTOR_SRCC:.cc=.obj)
DISSECTOR_SUPPORT_OBJECTS = $(DISSECTOR_SUPPORT_SRC:.c=.obj)
OBJECTS = $(DISSECTOR_OBJECTS) $(DISSECTOR_SUPPORT_OBJECTS) $(DISSECTOR_OBJECTSS)
RESOURCE=$(PLUGIN_NAME).res
all: $(PLUGIN_NAME).dll
$(PLUGIN_NAME).rc : moduleinfo.nmake
sed -e s/@PLUGIN_NAME@/$(PLUGIN_NAME)/ -e s/@RC_MODULE_VERSION@/$(RC_MODULE_VERSION)/ -e s/@RC_VERSION@/$(RC_VERSION)/ -e s/@MODULE_VERSION@/$(MODULE_VERSION)/ -e s/@PACKAGE@/$(PACKAGE)/ -e s/@VERSION@/$(VERSION)/ -e s/@MSVC_VARIANT@/$(MSVC_VARIANT)/ < plugin.rc.in > $@
$(PLUGIN_NAME).dll $(PLUGIN_NAME).exp $(PLUGIN_NAME).lib : $(OBJECTS) $(LINK_PLUGIN_WITH) $(RESOURCE)
link -dll /out:$(PLUGIN_NAME).dll $(LDFLAGS) $(OBJECTS) $(LINK_PLUGIN_WITH) $(GLIB_LIBS) $(RESOURCE)
#
# Build plugin.c, which contains the plugin version[] string, a
# function plugin_register() that calls the register routines for all
# protocols, and a function plugin_reg_handoff() that calls the handoff
# registration routines for all protocols.
#
# We do this by scanning sources. If that turns out to be too slow,
# maybe we could just require every .o file to have an register routine
# of a given name (packet-aarp.o -> proto_register_aarp, etc.).
#
# Formatting conventions: The name of the proto_register_* routines an
# proto_reg_handoff_* routines must start in column zero, or must be
# preceded only by "void " starting in column zero, and must not be
# inside #if.
#
# DISSECTOR_SRC is assumed to have all the files that need to be scanned.
#
# For some unknown reason, having a big "for" loop in the Makefile
# to scan all the files doesn't work with some "make"s; they seem to
# pass only the first few names in the list to the shell, for some
# reason.
#
# Therefore, we have a script to generate the plugin.c file.
# The shell script runs slowly, as multiple greps and seds are run
# for each input file; this is especially slow on Windows. Therefore,
# if Python is present (as indicated by PYTHON being defined), we run
# a faster Python script to do that work instead.
#
# The first argument is the directory in which the source files live.
# The second argument is "plugin
最低0.47元/天 解锁文章
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
