heinrich5991
commented
2 years ago From Discord:
[3:30 PM]saibotu: it fails to import wmem_alloc because it was moved from libwireshark to libwsutil in 3.6 [3:32 PM]heinrich5991: oh, thanks! [3:32 PM]heinrich5991: how did you find that out? [3:36 PM]saibotu: just ran wireshark in x64dbg with exception breakpoints [3:38 PM]heinrich5991: thanks 🙂 the "just" is something I wouldn't even have thought of [3:41 PM]heinrich5991: this was already a great help. if you have some more time, what is an exception breakpoint? does it refer to C++ exceptions? or SEH? and you saw the error message/symbol name in the breakpoint? [4:31 PM]saibotu: Not really that familiar with exception handling on windows, but I think this is SEH. When this is set to break on first chance, it breaks before the exception is passed to the application.
[4:31 PM]saibotu: When it breaks you get First chance exception on 00007FFF7832FCAD (C0000139, STATUS_ENTRYPOINT_NOT_FOUND)! and r12 points to wmem_alloc [4:32 PM]heinrich5991: to the string wmem_alloc? [4:32 PM]saibotu: yeah [4:32 PM]heinrich5991: nice, thanks for the explanation 🙂 I might be able to reproduce it next time
Apparently one can't actually load the built binary into Wireshark.
From Discord: