Hi pascal, I saw I do have errors due to sdu length. But it was showing packet malformed. I set many break points an d found every tree produced the error access violation. In the debug I could see.
I had errors on my code in one function and I have disabled it and seen. So that's the reason wanted to ask any other possible way to solve this. Example : Move all my functions inside my dissect function. So I can put everything under if (tree) . I do not know it is right or it Will work. I thought of asking suggestions. I saw there was a question same issue last time some one posted but there was no answer so I thought some one may had this problem earlier and help me. Thanks pascal. Raj On 27 Feb 2015 22:25, "Pascal Quantin" <[email protected]> wrote: > > Le 27 févr. 2015 14:38, "Raj sekar" <[email protected]> a écrit : > > > > Hi > > > > I am developing custom dissector and i was having issues on reassembly > > > > with help from PASCAL i have found my reassembly is not working because > of if(tree) and if i remove if(tree) i can able to open my pcap file only > in debug mode (Edit -> preference -> console window = always debugging). > and i can able to see my reassembly successful. but not in normal mode. > > > > i ran MSVC debugger and found the error in trees > > > > in dissect function under if(tree) > > > > iam calling functions 8+ different functions. in debuggger i could see > all my sub trees and other trees returning error > > > > ALL trees getting CXX0030 ERROR Mnt tree 0x00000000 null pointer. First > child ???? Last child ???? Next ???? Parent ???? Fino ???? Data ???? > > > > All the trees have this same error. > > > > my code is some thing like this > > > > dissect function { if (tree){ call function1(passed tree); call > function2(passed tree); } } function1 (){ used tree created subtree > function3 (passed subtree) } function2(){ used tree created subtree > function4 (passed subtree) } function 4(){ reassembly code here.. } > > > > I have used wireshark build 1.11.3 and also i hae tried 1.12.3 both are > getting same issue . > > > > Some one please suggest what i can do with this ? any suggestions to > overcome from this. > > As you seem to deliberately ignore what I already wrote you, I will quote > myself again: > "If you read the documentation found in the doc folder of Wireshark source > code, you will see that this is normal to have tree == NULL on first pass > and this is gracefully handled by proto_tree_add_XXX functions with recent > versions of Wireshark (I do not know whether this was the case with older > versions of Ethereal as they are obsolete since years). > On subsequent passes, tree will be not NULL. Please refer to the > documentation for further understanding." > You told me that your code is triggering malformed packets and starts > access violation, but despite my numerous requests asking you to do step by > step debugging to identify the root cause, it seems like you have not done > it (no I do not believe a NULL tree is an issue unless you try to do > something very bad with it). > If someone feels courageous enough to provide support, feel free :) On my > side I give up here. > > > > I have posted the question here > > > > > https://ask.wireshark.org/questions/40125/wireshark-crash-after-removing-of-iftree > > > > Please help. > > > > Thanks > > > > Best Regards > > Raj > > > > > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <[email protected]> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > mailto:[email protected] > ?subject=unsubscribe > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
