WinPCap - Packet data containing strings?
I am writing a program that uses winpcap to sniff packets. More specifically, packets from the game "Warcraft III." I have figured out the formatting of the game's chat messages as a test. It looks something like this:
Testing in-game, I found that this structure works fine for everything except for the strings which give odd behavior.
typedef struct wc3_chat
//DWORD id; <-- these are handled in wc3_header.
DWORD ip; // defunct
DWORD account_number; // defunct
DWORD reg_auth; //defunct
Heres some bits from where I'm trying to use the structure:
*Edit* The problem is that chat->text doesn't display correctly. Instead of displaying the message, it displays the username minus the first 4 letters. It would appear that chat->text is pointing 4 bytes after wherever chat->username is pointing to instead of pointing after the NULL. See below for more information and a sample packet capture from Wireshark.
const u_char *data = (sniffer.pkt_data + 14 + ip_len + tcp_len + 4); //4 bytes for wc3_header struct
wc3_chat *chat = (wc3_chat*)data;
if (chat->event_id == 0x05)
printf("%s: %s\n", &chat->username, &chat->text);
Can anyone help me figure out what I'm doing wrong here?