I am working on a Wireshark plugin that must decode a large packet that is created by writing a struct into the packet. If I am able to know the variable names and offset of the original structure, I would then be able to decode the data without regard to the original compiler. The struct is large (> 650 bytes) and contains compound elements and typedefs.
The construction of the struct changes based on the version of software generating the data. I have access to the raw header files and the compiler used in creating the software, thus I can create a framework to extract the detail I need for use in Wireshark.
I have been successful in hand coding the decode for a few of the variables and offsets needed but the size and complexity of the structure require more automation than I can do by hand.
Any suggestion on how to do this would be most welcome.