Issues building to Win x64 and errors in README.Win32.md about tcpdump HOT 20 CLOSED

May have spoken too soon. I changed "-DPacket_ROOT=..." to "-DPCAP_ROOT=..." and seems to be getting further. Perhaps just your instructions need updated.

from tcpdump.

OK, seems that the cmake command I shared

cmake "-DPacket_ROOT=E:\npcap_sdk" -G "Visual Studio 17 2022" E:\tcpdump-4.99.4

And a follow-up msbuild command as per the docs of

msbuild /m /nologo /p:Configuration=Release tcpdump.sln

Works with a few warnings output:

     E:\tcpdump-4.99.4\addrtoname.c(156,10): warning C4996: 'gethostbyaddr': Use getnameinfo() or GetNameInfoW() in
   stead or define _WINSOCK_DEPRECATED_NO_WARNINGS to disable deprecated API warnings [E:\tcpdump_build\netdissect.
   vcxproj]
     E:\tcpdump-4.99.4\print-arista.c(146,36): warning C4244: 'function': conversion from 'uint64_t' to 'uint32_t',
    possible loss of data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump-4.99.4\print-resp.c(327,5): warning C4244: '-=': conversion from '__int64' to 'int', possible loss
   of data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump-4.99.4\print-resp.c(374,5): warning C4244: '-=': conversion from '__int64' to 'u_int', possible los
   s of data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump-4.99.4\print-snmp.c(759,12): warning C4267: '-=': conversion from 'size_t' to 'uint32_t', possible
   loss of data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump-4.99.4\print-snmp.c(1833,19): warning C4244: '=': conversion from '__int64' to 'u_int', possible lo
   ss of data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump-4.99.4\print-zeromq.c(121,76): warning C4244: 'function': conversion from 'uint64_t' to 'u_int', po
   ssible loss of data [E:\tcpdump_build\netdissect.vcxproj]

But runs on the server it was built on - Server 2016 I believe - but not on WinPE x64, which can only run x64 executables.

I think I built a 32-bit instead of a 64-bit.

I tried -G "Visual Studio 17 2022 Win64" at first, but it doesn't work with that generator. My assumption is VS 2022 is 64-bit only. I suppose I can try to get VS 15 2019 on here and use "Visual Studio 15 2019 Win64"?

from tcpdump.

I discovered that while -G "Visual Studio 17 2022 Win64" doesn't work, -G "Visual Studio 17 2022" -A x64 does.

However I get all the same converting 64-bit thing to 32-bit thing warnings, and tcpdump.exe does not run on x64 WinPE.

Not sure what to try next. Thanks for any help.

from tcpdump.

At least some of the warnings have been addressed in the master branch and the fixes will be available in libpcap 1.11.0 when it comes out, so it is fine to disregard them for now. Please see this document and update whether it helped.

from tcpdump.

@infrastation ,

I'm only using the downloaded tcpdump tarball, not libpcap, since that's not in the instructions and instead using npcap SDK?

That said the created tcpdump.exe from msbuild at Release\tcpdump.exe does not run on x64 WinPE. I'm not sure if the generated exe is 64-bit tcpdump or not. x64 WinPE does not run 32-bit executables at all, not sure if that is my issue.

The generated tcpdump.exe does seem to work on the build machine I'm using, which can run 32-bit and 64-bit programs.

from tcpdump.

I have tried to add /p:Platform=x64 to the msbuild command, but that did not help.

from tcpdump.

My Windows expertise extends only as far as remembering where the README is.

from tcpdump.

@infrastation Gotcha. Thanks for trying. Mine is not great either, but legacy environment on WinPE x64 until I replace it with Linux. Was glad to see those instructions existed, but sadly not working.

from tcpdump.

I updated the issue title / description to more closely match what's now being discussed.

from tcpdump.

I updated the issue title / description to more closely match what's now being discussed.

There's more than one issue:

1. Packet_ROOT vs. PCAP_ROOT, which is probably a copy-and-pasteo from libpcap's README.Win32.md;
2. Win64 vs. -A x64.

Both need to be fixed (in both the main and 1.10 branches).

from tcpdump.

This should be fixed, in the main branch, in 2e689a6. Check whether the instructions at https://github.com/the-tcpdump-group/tcpdump/blob/master/doc/README.Win32.md are now correct.

from tcpdump.

Also backported to the 1.10 branch in 8ee8453.

from tcpdump.

@guyharris thanks for taking a look. The documentation looks better now but unless I just can't use Visual Studio 2022, using those new options as I did still won't produce a working 64-bit exe I don't think, since it doesn't run on WinPE 64-bit. Unless you also changed some code since the current release tarball that makes it work. I can just pull main and use that instead of the release tarball and report back. Can we reopen the issue?

from tcpdump.

Okay, ran the commands on Server 2016 build server, using the latest commit on master (b820ca).

Instead of 7 warnings, there are 11. The original 7 still there, plus more. Additionally, after msbuild, copying Release\tcpdump.exe to a WinPE x64 host and tcpdump.exe does not run.

I can try Visual Studio 2019? Visual Studio 2017 and earlier are no longer available from Microsoft.

The warnings list using this method:

   "E:\tcpdump_build\tcpdump.sln" (default target) (1) ->
   "E:\tcpdump_build\netdissect.vcxproj.metaproj" (default target) (2) ->
   "E:\tcpdump_build\netdissect.vcxproj" (default target) (5) ->
   (ClCompile target) ->
     E:\tcpdump_git\addrtoname.c(153,10): warning C4996: 'gethostbyaddr': Use getnameinfo() or GetNameInfoW() inste
   ad or define _WINSOCK_DEPRECATED_NO_WARNINGS to disable deprecated API warnings [E:\tcpdump_build\netdissect.vcx
   proj]
     E:\tcpdump_git\print-bootp.c(1009,18): warning C4244: '=': conversion from 'uint16_t' to 'uint8_t', possible l
   oss of data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump_git\print-resp.c(328,5): warning C4244: '-=': conversion from '__int64' to 'int', possible loss of
   data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump_git\print-resp.c(375,5): warning C4244: '-=': conversion from '__int64' to 'u_int', possible loss o
   f data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump_git\print-snmp.c(741,12): warning C4267: '-=': conversion from 'size_t' to 'uint32_t', possible los
   s of data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump_git\print-snmp.c(1809,19): warning C4244: '=': conversion from '__int64' to 'u_int', possible loss
   of data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump_git\print-tcp.c(638,69): warning C4244: 'function': conversion from 'uint16_t' to 'u_char', possibl
   e loss of data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump_git\print-zeromq.c(123,76): warning C4244: 'function': conversion from 'uint64_t' to 'u_int', possi
   ble loss of data [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump_git\util-print.c(253,18): warning C4133: 'function': incompatible types - from 'const long *' to 'c
   onst time_t *const ' [E:\tcpdump_build\netdissect.vcxproj]
     E:\tcpdump_git\util-print.c(255,15): warning C4133: 'function': incompatible types - from 'const long *' to 'c
   onst time_t *const ' [E:\tcpdump_build\netdissect.vcxproj]


   "E:\tcpdump_build\tcpdump.sln" (default target) (1) ->
   "E:\tcpdump_build\tcpdump.vcxproj.metaproj" (default target) (3) ->
   "E:\tcpdump_build\tcpdump.vcxproj" (default target) (6) ->
     E:\tcpdump_git\tcpdump.c(1572,2): warning C4013: 'tzset' undefined; assuming extern returning int [E:\tcpdump_
   build\tcpdump.vcxproj]

from tcpdump.

Additionally, after msbuild, copying Release\tcpdump.exe to a WinPE x64 host and tcpdump.exe does not run.

What if you try to run it on an Ordinary Boring Non-Windows-Preinstallation-Environment-Just-Regular-Windows x64 host?

from tcpdump.

Oh, and the WinPE machine does have Npcap installed, right?

from tcpdump.

@guyharris it runs on the build server, which is just such a host. Those hosts can run 32-bit programs. WinPE x64 can only run 64-bit programs. WinPE doesn't have npcap installed because I can't install programs on the WinPE image, I have to have "portable" executables. I thought with using the SDK in building the executable, clients would only need the executable, not also need npcap installed. Am I wrong in that assumption?

from tcpdump.

Those hosts can run 32-bit programs.

Do you have evidence to indicate that tcpdump.exe is a 32-bit program? (No, "it won't run on the WinPE machine" isn't sufficient evidence; read on.)

WinPE doesn't have npcap installed because I can't install programs on the WinPE image, I have to have "portable" executables.

That's probably why it won't run.

I thought with using the SDK in building the executable, clients would only need the executable, not also need npcap installed. Am I wrong in that assumption?

Definitely wrong.

Npcap consists of three components:

1. A kernel-mode driver (NDIS filter driver) that implements the packet capturing.
2. A DLL that provides APIs that perform I/O operations on the devices provided by the NDIS filter driver.
3. A version of libpcap, built from libpcap source, that calls that DLL to perform capture operations.

If you can statically link with the latter two components (i.e., if there were real .libs, rather than import library .libs, with which you could link) , then you would have an executable that would, at least, not give "sorry, can't find that DLL" errors if you try to run it on a system without the DLLs.

Of course, the static version of library 2 would fail in any attempt to open the devices, so the resulting tcpdump would give errors if you tried to capture any traffic; it'd be able to read pcap and pcapng files as well as any other version of tcpdump, but that's it.

So if your intent is to capture traffic, you're going to need either Npcap on the machine or a version of libpcap for Windows that uses a mechanism that's built into Windows and that's part of WinPE. I don't think anybody's written the latter.

from tcpdump.

@guyharris I think you are right, copying the executable to other 64-bit systems without npcap don't work either. Sadly I don't think I can get npcap to install inside a WinPE image that's only booted temporarily in a PxE environment. I think I'd have to purchase OEM licensing to even be able to run their installer silently. :/ Thanks for the help though.

from tcpdump.

Closing issue

from tcpdump.