can NOT load wpcap.dll & packet.dll if put these dlls into same dirs as wireshark.exe

This issue was migrated from bug 5420 in our old bug tracker.

Original bug information:

Reporter: seachange
Status: RESOLVED FIXED
Product: Wireshark
Component: GTK+ UI
OS: Windows XP
Platform: x86
Version: 1.4.1

Attachments:

file-utils.c.patch: patch for file_util.c to enable load DLL libraries from same directory as wireshark exists

seachange said:

Build Information: Version 1.4.1

Copyright 1998-2010 Gerald Combs <gerald@‍wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Nov 17 2010), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, without WinPcap, GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.

currently wireshark can NOT load winpcap dynamic libraries from same dir as wireshark.exe exist,

wireshark capture can worked OK if winPcap DLLs is installed into c:\windows\system32.

If I put the wpcap.dll & packet.dll into same wireshark dirs,
it can NOT load these libraries.

----------------
in "wsutil/file_util.c":

function init_dll_load_paths()

      /* XXX - Duplicate code in filesystem.c:init_progfile_dir */
      if (GetModuleFileName(NULL, path_pfx, MAX_PATH) == 0 || GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
	    return FALSE;
      }

      if (!program_path) {
	    program_path = g_utf16_to_utf8(path_pfx, -1, NULL, NULL, NULL);
      }


### this "path_pfx" is the full path name with filename(wireshark.exe) included,



----------------
in "wsutil/file_util.c":
ws_load_library(gchar *library_name) {

full_path = g_module_build_path(program_path, library_name);

### here load library for wpcap.dll/packet.dll would failed,
if we put these dlls into same dirs as wireshark in.

This is important for me, since I can NOT install winPcap on some special machine, but I need wireshark working with pipe mode capture.

added oswindows uigtk version1.4 labels

Jaap Keuter said:

Does this come from the repair for "Wireshark vulnerable to DLL hijacking", bug #5133 (closed)?

seachange said:

(In reply to comment #1)  
> Does this come from the repair for "Wireshark vulnerable to DLL hijacking", bug  
> 5133?  

Before I register this new bug 5420, I already searched keywrod "wpcap.dll" from wireshark bug system, it's simular error report from 5133,
both are load DLL library issue on windows system,
but I'm NOT sure whether the fix for these two issue could be common.

I have patched "file_util.c"
 init_dll_load_paths() function,

with fix "program_path" to remove the program filename,
only include folder path,
then it's OK.


I haven't try whether the bug 5133 case.

Gerald Combs said:

I think Jaap was asking if the fix for bug #5133 (closed) (specifically revisions 33924 and 33958) caused the problem you're having. It looks like they did. Can you try r35010 or later and see if that fixes your problem?

seachange said:

Created attachment 5503 patch for file_util.c to enable load DLL libraries from same directory as wireshark exists

Would you pls help review, I added patch to fix the program_path to new one(removed file exe name)

seachange said:

(In reply to comment #3)  
> I think Jaap was asking if the fix for bug 5133 (specifically revisions 33924  
> and 33958) caused the problem you're having. It looks like they did. Can you  
> try r35010 or later and see if that fixes your problem?  

OK, I will try with r35010.

I also uploaded my patch to fix this issue,
after confirmed with r35010,
I will check whether it can been set to Duplicate with bug 5133 or not.

Thanks.

Stephen Fisher said:

No need to assign it to yourself

seachange said:

Thanks all, I found this is fixed by gerald on yesterday,
but may I confirm the date for next wireshark release including change on r35010?


Revision: 35010
Author: gerald
Date: 4:43:22 AM, Tuesday, November 23, 2010
Message:
Make sure we pass a directory path and not a file path to
SetCurrentDirectory.  Should fix bug 5420.
----
Modified : /trunk/wsutil/file_util.c

Gerald Combs said:

I scheduled r35010 for inclusion in 1.4.3. A release date hasn't been set yet.

justinxu said:

Now we can move two dll into Wireshark folder and let Wireshark still works.

But we have question, if we dont install WINPCAP, just copy two dll in Wireshark folder, Wireshark cannot do Capture, as no interface find. Does it possible to do capture without install WINPCAP?

Gerald Combs said:

(In reply to comment #9)  
> Now we can move two dll into Wireshark folder and let Wireshark still works.  
>  
> But we have question, if we dont install WINPCAP, just copy two dll in  
> Wireshark folder, Wireshark cannot do Capture, as no interface find. Does it  
> possible to do capture without install WINPCAP?  

I don't think it's possible to have a working WinPcap simply by copying its DLLs into the Wireshark program directory. You'd have to ask the WinPcap dev team for details.

(Marking as FIXED since the original issue is resolved.)

closed