LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

DLL prototype issue for loading PCAP File

Solved!
Go to solution

Hi everyone,

 

Here is my project :

I want to sniff Zigbee traffic with Wireshark, wich save it as a .pcap file.
I want to read this file to get the desired data.

 

Where I am :

I succeed in sniffing zigbee and generating the file.

I installed Winpcap library and I used the wpcap.dll to open and get SOME information about the file, then close it.

Indeed, when using the function "pcap_next" I can get the wanted data (see joined picture).

 

Where I am having trouble :

Now that I validated that I can open and read data from my file, I want to get SPECIFIC data (frames).

I want to use the "pcap_next_ex" function to get packets data but I can't get any correct result.

 

The prototype of the "pcap_next" function is : 

const u_char* pcap_next(pcap_t *, struct pcap_pkthdr *)

 

The prototype of the "pcap_next_ex" function is : 

int pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **) 

 

I tried many prototypes for the second function but none of them worked out (I got 2 numbers as output, look like references...).

The 2 struct used in those functions are the same and the "pcap_next" function is working so I can admit that my clusters are ok.

But I am wondering about how to declare the dll call for the "pcap_next_ex".

My code is joined, I think without winpcap you can't launch it but at least if you could look at the dll call and tell me if my calling method is right.

The file desired file to read is joined to.

The pcap.h file is also joined for the ones who want to look at the description of the structures and the following link explain the functions I am trying to use : https://www.winpcap.org/docs/docs_40_2/html/group__wpcapfunc.html

 

Thank you very much for your help.
Obviously, if you have other method to complete the final task I'm listenning, but for now this is the best I got ^^'


See you soon I hope !

0 Kudos
Message 1 of 17
(2,654 Views)
Solution
Accepted by TenJigoku77

It might be easier to use the Wireshark CLI tools.  (I think it's called tshark.exe.)

Bill
CLD
(Mid-Level minion.)
My support system ensures that I don't look totally incompetent.
Proud to say that I've progressed beyond knowing just enough to be dangerous. I now know enough to know that I have no clue about anything at all.
Humble author of the CLAD Nugget.
0 Kudos
Message 2 of 17
(2,650 Views)

Well, the problem is that I can't really automate my tests with CLI tools.

I don't want the user to do all the work himself. I want the computer to do it ^^

0 Kudos
Message 3 of 17
(2,622 Views)

You do realize you can call it with system exec, right?  you can direct the output as needed.  It gets a little trickier if you need to "fire and forget" because you have to force close it using a kill command.

Bill
CLD
(Mid-Level minion.)
My support system ensures that I don't look totally incompetent.
Proud to say that I've progressed beyond knowing just enough to be dangerous. I now know enough to know that I have no clue about anything at all.
Humble author of the CLAD Nugget.
0 Kudos
Message 4 of 17
(2,616 Views)

Aah, I think I got what you mean...

You suggest I use command line with system exec, using tshark, to get the data I need, instead of using my dll trying to decrypt the exported file. Did I undertsand correctly ?

It's true that it could work, I will try and I will keep you posted.

 

I still think my 1st solution could work and I'm still curious about this dll prototype issue.

If anyone still have some ideas I'm listening.

 

Anyone, thanks bilko for your advice, I'll dig into it ! 

 

0 Kudos
Message 5 of 17
(2,605 Views)

@TenJigoku77 wrote:

Aah, I think I got what you mean...

You suggest I use command line with system exec, using tshark, to get the data I need, instead of using my dll trying to decrypt the exported file. Did I undertsand correctly ?

It's true that it could work, I will try and I will keep you posted.

 

I still think my 1st solution could work and I'm still curious about this dll prototype issue.

If anyone still have some ideas I'm listening.

 

Anyone, thanks bilko for your advice, I'll dig into it ! 

 


Precisely what I mean!  It may turn out that figuring out how to make the dll work is less painful, but at least maybe you have another option.  🙂

Bill
CLD
(Mid-Level minion.)
My support system ensures that I don't look totally incompetent.
Proud to say that I've progressed beyond knowing just enough to be dangerous. I now know enough to know that I have no clue about anything at all.
Humble author of the CLAD Nugget.
0 Kudos
Message 6 of 17
(2,583 Views)

This is simply a pointer to a pointer sized integer. Nothing else in LabVIEW can match the last two parameters.

 

And that means you have to start playing C compiler and manage the memory buffer for the struct and that array properly yourself. Using the DSNewPtr and friends functions!

 

Or you can make your life easier and write a wrapper DLL in C that has a more LabVIEW friendly API, similar to this library! If you don't know how to write this in C, you have pretty much not a single chance of trying to do this all in LabVIEW. And the resulting LabVIEW code would be pretty involved and cumbersome and hard to maintain in the long run, which is why most people faced with such a problem will go the wrapper DLL route.

 

pcap_next_ex() returns for both parameters pointers into internal data in the DLL so you can't pass in a LabVIEW structure at all as that would corrupt LabVIEW memory when the DLL then tries to overwrite the pointers. LabVIEW does NOT know pointer data types that you can pass to a DLL other than the pointer sized integer that you then have to interpret yourself by using MoveBlock and similar functions to copy the contents back into LabVIEW. Why are you even trying to use the pcap_next_ex() instead of pcap_next()? To avoid the need to have to interpret the returned data buffer pointer? Well congratulation then, you replaced that problem with one that gives you two of these problems!

Rolf Kalbermatter
My Blog
0 Kudos
Message 7 of 17
(2,565 Views)

Hi !

 

I though about wrapping the dll but if I have to do that, I rather work directly in C but that's not the goal.

About the function 'pcap_next_ex()' I use it because it's the only function that return the data buffer, where are the wanted data.

But it seems I can't get it directly in LabVIEW...which is sad ^^'

The function 'pcap_next()' only return the timing data, and the pointer of the packet, anyway I can't get the data from that so it doesn't solve my problem.

At least this is what I understood from the doc, functions prototype and tests that I did.

But maybe I misunderstood the functions and there is a easier way of getting the data.

If you have any clue let me know.

 

In the mean time I will dig into those tshark command line, maybe a solution will appear, I'll keep you posted.

Thanks everyone for your support, it's nice to get your opinions !

 

0 Kudos
Message 8 of 17
(2,553 Views)

You can interface that function but not easily! pcap_next() does return a pointer to the packet data, just as pcap_next_ex() does in its 3rd parameter. This is a data pointer and as I already told you LabVIEW has no data pointer data types itself so you will need to do some work of your own and you can not avoid that by using pcap_next_ex(), the issue remains the same, except that with pcap_next_ex() your 2nd parameter is suddenly a data pointer too in terms of what the Call Library Node can deal with and you simply doubled the problem by trying to use this function. The only advantage pcap_next_ex() has in comparison to cap_next() is that it returns a proper error code. With pcap_next() you can not detect errors that might occur during extraction of the packet frames. I assume that it will return a NULL pointer if there are no packets anymore to return.

 

Basically you need to configure the pcap_next() return value as pointer sized integer, then allocate in LabVIEW a byte array of caplen length, then using MoveBlock() calls (a LabVIEW manager function) you have to copy the data from the pointer into the LabVIEW array. Extra complication here is that a LabVIEW array is handle (pointer to pointer and you need to first use a MoveBlock() call to get the data pointer inside the that handle so you can copy the returned data into the array handle with a second MoveBlock(). Does that all sound complicated? Yes it is because you have to play a bit of C compiler here.

Rolf Kalbermatter
My Blog
0 Kudos
Message 9 of 17
(2,547 Views)

Hi guys !

 

I'm happy to announce you that the solution with tshark is working fine.
I didn't finalize my application but it is well on track.

So I launch tshark from "system exec.vi" and I execute severals command line to : 

1) Select the interface

2) Acquire frames during a specified amoung of time, or after n packets acquired

3) Store those data in a pcap file

4) Read the pcap file and extract data as a json or xml file

 

I even succeed in selecting the correct channel for my zigbee network by re-writting the correct file.

Idem for the zigbee network key.

 

Anyway thanks guys for your help, you changed my week ^^

Message 10 of 17
(2,523 Views)