tips to reverse-engineers:
_don't_ initialise the data to all zeros!
if it's a sparse data structure, you won't be able to tell what the lengths of fields are!
if you can guarantee the same sparse data input [where you don't know what the data structure sizes are] onto a randomly-filled area of memory, then changes in the memory area where it's copied to will tell you where the data structures start and end.
remember: if you initialise all memory to zeros, you won't be able to tell the difference between the input data containing zeros and the blank memory!
don't initialise to zero: non-zero means "information". thinking about it.... if you can, initialise to 0xdeadbeef or 0xfefefefe or 0xefefefef or 0x012345678. create a file. change the initialisation background. create another [identical] file. COMPARE THE TWO. [see article on how to reverse engineer and still be legal]