From a97b41be5516a5f8989bfb2eb4bdf0cec84e169d Mon Sep 17 00:00:00 2001
From: stubbfel <dev@stubbfel>
Date: Sun, 14 Jan 2018 01:27:50 +0100
Subject: [PATCH] add example bin file creator, strart to write the readme
 file. fix a missing offest calculation.

---
 README.md                          | 40 ++++++++++++++++++++++++++++++
 example/CMakeLists.txt             |  6 +++++
 example/b2ws_example_blob_writer.c | 36 +++++++++++++++++++++++++++
 example/b2ws_example_proto_t.h     | 27 ++++++++++++++++++++
 src/b2ws-plugin/b2ws_snippet.lua   | 13 ++++++----
 5 files changed, 117 insertions(+), 5 deletions(-)
 create mode 100644 example/CMakeLists.txt
 create mode 100644 example/b2ws_example_blob_writer.c
 create mode 100644 example/b2ws_example_proto_t.h

diff --git a/README.md b/README.md
index c177d3d..3eb96d9 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,41 @@
 # blob2wireshark
+
+Is a plugin for wireshark, which helps to analyse binaries arrays or blob by dissectors
+
+plugin functions:
+
+* convert bin files into pcap file
+* provides lua dissectors templates
+* creates lua dissectors snippets depends of pseudo-c-struct-definition
+
+## How to
+
+### Install
+
+1. Copy [b2ws-plugin folder](b2ws-plugin) to a [wireshark plugin folder](https://www.wireshark.org/docs/wsug_html_chunked/ChPluginFolders.html)
+
+### Convert binary file to pcap files
+
+Create example a binary file with:
+
+```sh
+mkdir example_build
+cd example_build
+cmake ../example
+make
+./b2ws_example_blob_writer
+ls *.bin
+```
+1. Open Wireshark
+2. Open ImportBlob windows by click on "Tools-> bw2s -> ImportBlob"
+3. Click on "Change Settings", enter the path of the binary file.
+    * you could also change  the fake src, dst and type field.
+4. Click on "ImportBlob". Now the create a pcap file (in the same folder as the binary file) and open this file
+
+
+### Create lua dissector file
+
+1. Open Wireshark
+2. Open ImportBlob windows by click on "Tools-> bw2s -> ImportBlob"
+3. Click on "Create Dissector"
+4. Enter a name for the dissector and press ok. Now the plugin create a "default" lua dissector file in the b2ws-plugin folder.  This file can und should be edit by you, e.g. add/change ProtoField or add protocol layes (see [wiki.wireshark LuaAPI/](https://wiki.wireshark.org/LuaAPI/)).
diff --git a/example/CMakeLists.txt b/example/CMakeLists.txt
new file mode 100644
index 0000000..b3df094
--- /dev/null
+++ b/example/CMakeLists.txt
@@ -0,0 +1,6 @@
+cmake_minimum_required(VERSION 2.4.2)
+
+project (b2ws_example_project)
+
+file(GLOB_RECURSE b2ws_example_project_src_files "*.h" "*.c")
+add_executable(b2ws_example_blob_writer ${b2ws_example_project_src_files} )
diff --git a/example/b2ws_example_blob_writer.c b/example/b2ws_example_blob_writer.c
new file mode 100644
index 0000000..038105e
--- /dev/null
+++ b/example/b2ws_example_blob_writer.c
@@ -0,0 +1,36 @@
+#include <stdlib.h>
+#include<stdio.h>
+#include "b2ws_example_proto_t.h"
+
+int main(void) {
+
+    uint8_t ip_count = 8;
+    uint16_t second_layer_size =  sizeof(b2ws_second_layer_s) + ip_count * sizeof(uint32_t);
+    size_t blob_size =sizeof (b2ws_first_layer_s) + second_layer_size;
+
+    ptr_b2ws_first_layer_s first_layer = (ptr_b2ws_first_layer_s) malloc(blob_size);
+    first_layer->id = 4711;
+    first_layer->size = second_layer_size;
+    first_layer->other_four_header_options[0] = 16;
+    first_layer->other_four_header_options[1] = 24;
+    first_layer->other_four_header_options[2] = 32;
+    first_layer->other_four_header_options[3] = 36;
+
+    ptr_b2ws_second_layer_s second_layer = (ptr_b2ws_second_layer_s) &first_layer->second_layer[0];
+    second_layer->enabled = 1;
+    second_layer->bigger_flag = 4;
+    second_layer->ip_count = ip_count;
+    second_layer->ip_addresses[0] = 1;
+    second_layer->ip_addresses[1] = (uint32_t)-1;
+    second_layer->ip_addresses[2] = 255;
+    second_layer->ip_addresses[3] = 1255;
+    second_layer->ip_addresses[4] = 255255;
+    second_layer->ip_addresses[5] = 1255255;
+    second_layer->ip_addresses[6] = 255255255;
+    second_layer->ip_addresses[7] = 1255255255;
+
+    FILE * example_bin_file = fopen("b2ws_example.bin","wb");
+    fwrite(first_layer, blob_size ,1,example_bin_file);
+    fclose(example_bin_file);
+    free(first_layer);
+}
diff --git a/example/b2ws_example_proto_t.h b/example/b2ws_example_proto_t.h
new file mode 100644
index 0000000..c8055f6
--- /dev/null
+++ b/example/b2ws_example_proto_t.h
@@ -0,0 +1,27 @@
+#ifndef B2WS_EXAMPLE_PROTO_T_H
+#define B2WS_EXAMPLE_PROTO_T_H
+
+#include <stdint.h>
+
+#pragma pack (push, 1)
+
+typedef struct b2ws_first_layer_sTag
+{
+    int32_t id;
+    uint16_t size;
+    uint8_t other_four_header_options[4];
+    uint8_t second_layer[];
+} b2ws_first_layer_s,  *ptr_b2ws_first_layer_s;
+
+typedef struct b2ws_second_layer_sTag
+{
+    uint8_t enabled:1;
+    uint8_t other_flag:1;
+    uint8_t bigger_flag:6;
+    uint8_t ip_count;
+    uint32_t ip_addresses[];
+} b2ws_second_layer_s,  *ptr_b2ws_second_layer_s;
+
+#pragma pack (pop)
+
+#endif
diff --git a/src/b2ws-plugin/b2ws_snippet.lua b/src/b2ws-plugin/b2ws_snippet.lua
index f9790e4..c4a71e7 100644
--- a/src/b2ws-plugin/b2ws_snippet.lua
+++ b/src/b2ws-plugin/b2ws_snippet.lua
@@ -116,7 +116,7 @@ function b2ws_create_dissector_call_snippet(struct_object, field_object, templat
 	return result_template:gsub("{struct_size}", struct_object.size)
 end
 
-function b2ws_create_dissector_fields_definition_snippet(struct_object, field_object, template_string)
+function b2ws_create_dissector_fields_definition_snippet(struct_object, field_object, template_string, next_index)
 	local result_template = template_string:gsub("{struct_name}", struct_object.name)
 	local array_number = field_object.array_number
 	if array_number== nil then
@@ -140,7 +140,10 @@ function b2ws_create_dissector_fields_definition_snippet(struct_object, field_ob
 		if array_number == nil or tonumber(array_number) ~= nil then
 			if field_object.bit_mask ~= nil then
 				byte_size = tonumber(string.match(field_object.type, "(%d+)")) / 8
-			    result_template = result_template:gsub("\ncurrent_offset = current_offset %+ {field_end}", "")
+				if next_index > 0 and struct_object.fields[next_index].bit_mask ~= nil then
+			    	result_template = result_template:gsub("\ncurrent_offset = current_offset %+ {field_end}", "")
+				end
+
 				result_template = result_template:gsub("local current_offset = {field_end}", "local current_offset = 0")
 			end
 
@@ -200,14 +203,14 @@ function b2ws_create_dissector_fields_snippet(struct_object, template_string)
 	if field_list_len > 1 then
 		field_object = field_list[1]
 		field_declarations_string = field_declarations_string .. b2ws_create_dissector_fields_declaration_snippet(struct_object, field_object, field_declaration_template) .. "\n"
-		field_definitions_string = field_definitions_string  .. b2ws_create_dissector_fields_definition_snippet(struct_object, field_object, tmp_field_definition_template) .. "\n"
+		field_definitions_string = field_definitions_string  .. b2ws_create_dissector_fields_definition_snippet(struct_object, field_object, tmp_field_definition_template, 2) .. "\n"
 		tmp_field_definition_template = field_definition_template
 		if field_list_len > 2 then
 			for key_index = 2, field_list_len - 1
 			do
 				field_object = field_list[key_index]
 				field_declarations_string = field_declarations_string .. b2ws_create_dissector_fields_declaration_snippet(struct_object, field_object, field_declaration_template) .. "\n"
-				field_definitions_string = field_definitions_string  .. b2ws_create_dissector_fields_definition_snippet(struct_object, field_object, tmp_field_definition_template) .. "\n"
+				field_definitions_string = field_definitions_string  .. b2ws_create_dissector_fields_definition_snippet(struct_object, field_object, tmp_field_definition_template, key_index + 1) .. "\n"
 			end
 		end
 	end
@@ -219,7 +222,7 @@ function b2ws_create_dissector_fields_snippet(struct_object, template_string)
 		field_definitions_string = field_definitions_string .. b2ws_create_dissector_call_snippet(struct_object, field_object, next_proto_dissector_call)
 	else
 		field_declarations_string = field_declarations_string .. b2ws_create_dissector_fields_declaration_snippet(struct_object, field_object, field_declaration_template).. "\n"
-		field_definitions_string = field_definitions_string  .. b2ws_create_dissector_fields_definition_snippet(struct_object, field_object, last_field_definition_template)
+		field_definitions_string = field_definitions_string  .. b2ws_create_dissector_fields_definition_snippet(struct_object, field_object, last_field_definition_template, 0)
 	end
 
 	local result_template_string = template_string:gsub("{field_declarations}", field_declarations_string)