From c95824a65dbcbe4211c8330df25c44a01bc95953 Mon Sep 17 00:00:00 2001 From: dohertj2 Date: Mon, 4 May 2026 06:31:48 -0400 Subject: [PATCH] Initial commit: managed .NET 10 AVEVA Historian SDK + reverse-engineering toolkit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Full read-only SDK (src/AVEVA.Historian.Client) implementing the CLAUDE.md required surface against AVEVA Historian's binary WCF protocol — no native AVEVA runtime dependency. All operations live-verified against a local Historian: - ProbeAsync, ReadRawAsync, ReadAggregateAsync, ReadAtTimeAsync, ReadEventsAsync - BrowseTagNamesAsync, GetTagMetadataAsync (17 native data-type codes mapped) - GetConnectionStatusAsync, GetStoreForwardStatusAsync, GetSystemParameterAsync - 108/108 unit + integration tests pass Includes the reverse-engineering toolkit (tools/AVEVA.Historian.ReverseEngineering) used to decode the protocol: WCF probes, IL inspection via dnlib, and IL-rewrite instrumentation (instrument-wcf-{write,read}message etc.) plus the .NET Framework trace harness (tools/AVEVA.Historian.NativeTraceHarness) for parity testing. Sanitized handoff evidence under docs/reverse-engineering/. Native AVEVA binaries (current/, aveva-install-x64/, aveva-install-x86/) are gitignored — fetch separately from the AVEVA installer. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitignore | 31 + AGENTS.md | 214 + CLAUDE.md | 101 + Histsdk.slnx | 15 + .../aahclient-exports-latest.json | 105 + .../reverse-engineering/capture-manifest.json | 191 + docs/reverse-engineering/capture-workflow.md | 147 + .../cclientbase-open-correlation-latest.json | 32 + ...tcommon-startquery-correlation-latest.json | 35 + ...erverclient-handle-correlation-latest.json | 23 + .../data-query-request-ctor-il-latest.txt | 636 ++ .../debian-relay-history-latest.pid | 1 + ...nclient-getnexteventrow-target-latest.json | 561 ++ ...torianclient-getnextrow-target-latest.json | 561 ++ ...anclient-startdataquery-target-latest.json | 55 + .../dnlib-historyquery-movenext-latest.json | 67 + .../dnlib-historyquery-startquery-latest.json | 361 + ...query-startdataquery-il-window-latest.json | 1085 +++ ...ib-query-startdataquery-target-latest.json | 265 + ...uery-starteventquery-il-window-latest.json | 1251 +++ ...ry-starteventquery-save-window-latest.json | 459 ++ .../dnlib-sbytestream-getdata-latest.json | 94 + .../dnlib-sbytestream-getlength-latest.json | 75 + .../dnlib-write-copy-probe-latest.txt | 362 + ...bin-aahclientmanaged-dependents-latest.txt | 46 + ...hclientmanaged-imports-filtered-latest.txt | 10 + ...umpbin-aahclientmanaged-imports-latest.txt | 584 ++ ...in-aahclientmanaged-ws2-imports-latest.txt | 81 + .../frida-aahclientmanaged-hook-pass.md | 281 + .../getnexteventrow-memory-latest.json | 81 + ...trow-dataqueryresultrow-memory-latest.json | 29 + ...getnextrow-interpolated-memory-latest.json | 30 + ...row-timeweightedaverage-memory-latest.json | 45 + docs/reverse-engineering/handoff.md | 1099 +++ .../ildasm-classlist-filtered-latest.txt | 91 + ...sm-historyquery-movenext-excerpt-latest.il | 108 + ...-historyquery-startquery-excerpt-latest.il | 627 ++ .../implementation-status.md | 1460 ++++ .../instrument-getnexteventrow-latest.json | 9 + .../instrument-getnextrow-latest.json | 13 + .../instrument-startdataquery-latest.json | 17 + .../instrument-starteventquery-latest.json | 10 + .../instrument-starttagquery-latest.json | 13 + .../instrument-wcf-readquery-latest.json | 18 + .../like-tag-browse-response-latest.json | 51 + ...-modules-aahclientmanaged-read-latest.json | 48 + .../managed-wrapper-findings.md | 823 ++ .../method-inventory-eventquery-latest.txt | 267 + .../method-inventory-scrtmemfile-latest.txt | 416 + .../native-event-addtag-frida-child.err | 0 .../native-event-addtag-frida-child.json | 1 + .../native-event-remote-capture-latest.json | 1 + ...native-event-vs-capture-server-latest.json | 1 + .../native-event-wcf-capture-harness.json | 1 + .../native-event-wcf-capture-server.err | 0 docs/reverse-engineering/native-exports.md | 110 + .../native-open-capture-server.md | 50 + .../native-trace-harness-cyclic-latest.json | 1 + .../native-trace-harness-event-latest.json | 1 + .../native-trace-harness-full-latest.json | 1 + ...-trace-harness-integrated-read-latest.json | 1 + ...ive-trace-harness-interpolated-latest.json | 1 + ...ative-trace-harness-tag-direct-latest.json | 1 + ...ce-harness-tag-direct-wildcard-latest.json | 1 + .../native-trace-harness-tag-latest.json | 1 + ...ve-trace-harness-tag-odata-alt-latest.json | 1 + ...e-trace-harness-tag-odata-name-latest.json | 1 + ...race-harness-tag-odata-tagname-latest.json | 1 + ...ative-trace-harness-tag-prefix-latest.json | 1 + ...ive-trace-harness-tag-wildcard-latest.json | 1 + ...ce-harness-timeweightedaverage-latest.json | 1 + ...arness-via-debian-relay-direct-latest.json | 1 + ...trace-harness-via-debian-relay-latest.json | 1 + ...ian-relay-rewrite-event-direct-latest.json | 1 + ...via-debian-relay-rewrite-event-latest.json | 1 + ...rness-via-debian-relay-rewrite-latest.json | 1 + .../openconnection3-correlation-latest.json | 870 +++ ...n-debian-relay-history-latest.harness.json | 1 + ...n-debian-relay-history-latest.summary.json | 13 + .../pktmon-debian-relay-history-latest.txt | Bin 0 -> 137054 bytes .../query-handle-correlation-latest.json | 38 + ...-pointers-before-history-start-latest.json | 1 + ...ime-method-pointers-getnextrow-latest.json | 1 + ...method-pointers-startdataquery-latest.json | 1 + ...ethod-pointers-starteventquery-latest.json | 1 + ...ime-method-pointers-startquery-latest.json | 1 + ...ry-interpolated-request-buffer-latest.json | 27 + .../startdataquery-request-buffer-latest.json | 22 + ...weightedaverage-request-buffer-latest.json | 27 + ...starteventquery-request-buffer-latest.json | 19 + .../starttagquery-request-buffer-latest.json | 61 + .../tagquery-gettaginfo-response-latest.json | 144 + .../wcf-add-event-tag-latest.json | 44 + .../wcf-capture-event-request-latest.err | 0 .../wcf-capture-native-event-latest.err.txt | 0 .../wcf-capture-remote-event-latest.err | 0 .../wcf-cert-probe-localhost-latest.json | 34 + .../wcf-cert-probe-remote-latest.json | 34 + ...robe-remote-localhost-identity-latest.json | 34 + .../wcf-contract-evidence.md | 163 + .../reverse-engineering/wcf-open-localhost.md | 32 + .../wcf-open2-localhost.md | 142 + .../wcf-open2-remote-latest.json | 312 + .../wcf-probe-localhost.json | 226 + .../wcf-probe-remote-latest.json | 226 + .../wcf-register-event-tag-latest.json | 354 + ...wcf-start-event-query-attempts-latest.json | 230 + .../wcf-start-query-remote-latest.json | 530 ++ .../wcf-status-localhost.md | 34 + .../wcf-tag-info-remote-latest.json | 133 + fixtures/protocol/2020/.gitkeep | 1 + fixtures/protocol/README.md | 7 + instructions.md | 254 + .../Attach-AahClientManagedFridaCapture.ps1 | 63 + ...tiveTraceHarnessAahClientExportCapture.ps1 | 80 + ...ativeTraceHarnessRuntimePointerCapture.ps1 | 256 + ...ativeTraceHarnessSystemBoundaryCapture.ps1 | 81 + ...ttach-NativeTraceHarnessWinsockCapture.ps1 | 84 + .../Attach-SystemBoundaryViaDebianRelay.ps1 | 176 + ...pture-AahClientAccessPointValClContext.ps1 | 91 + scripts/Find-GalaxyHistorizedTags.ps1 | 91 + .../Prompt-HistorianCredentialsAndOpen2.ps1 | 50 + scripts/Run-AahClientManagedFridaCapture.ps1 | 54 + scripts/Run-DebianHistorianRelayCapture.ps1 | 224 + scripts/Run-PktmonDebianRelayCapture.ps1 | 89 + scripts/Start-WcfOpen2CaptureServer.ps1 | 23 + scripts/Test-AahClientManagedOpen.ps1 | 255 + .../Test-AahClientManagedReadIntegrated.ps1 | 279 + scripts/decode-event-capture.py | 81 + scripts/decode-readmessage-capture.py | 71 + scripts/frida/aahclient-exports.js | 215 + .../aahclientaccesspoint-valcl-context.js | 231 + scripts/frida/aahclientmanaged-open-query.js | 318 + .../frida/aahclientmanaged-system-boundary.js | 863 +++ scripts/frida/aahclientmanaged-winsock.js | 506 ++ .../AVEVA.Historian.Client.csproj | 24 + src/AVEVA.Historian.Client/HistorianClient.cs | 137 + .../HistorianClientOptions.cs | 30 + .../HistorianTransport.cs | 8 + .../Models/AggregationType.cs | 15 + .../Models/HistorianAggregateSample.cs | 12 + .../Models/HistorianBlock.cs | 7 + .../Models/HistorianConnectionKind.cs | 10 + .../Models/HistorianConnectionStatus.cs | 11 + .../Models/HistorianDataType.cs | 37 + .../Models/HistorianDataValue.cs | 9 + .../Models/HistorianEvent.cs | 11 + .../Models/HistorianSample.cs | 11 + .../Models/HistorianStoreForwardStatus.cs | 10 + .../Models/HistorianTagMetadata.cs | 10 + .../Models/InterpolationType.cs | 9 + .../Models/QualityRule.cs | 9 + .../Models/RetrievalMode.cs | 20 + .../Models/TimestampRule.cs | 8 + .../Models/ValueSelector.cs | 13 + .../Protocol/FrameFormatException.cs | 9 + .../Protocol/Historian2020ProtocolDialect.cs | 163 + .../Protocol/HistorianBinaryPrimitives.cs | 50 + .../Protocol/HistorianConnection.cs | 75 + .../Protocol/HistorianFrame.cs | 6 + .../Protocol/HistorianFrameReader.cs | 45 + .../Protocol/HistorianFrameWriter.cs | 27 + .../Protocol/HistorianMessageType.cs | 6 + .../Protocol/HistorianProtocolFacts.cs | 9 + .../ProtocolEvidenceMissingException.cs | 12 + .../ProtocolNotImplementedException.cs | 9 + .../Transport/IHistorianTransport.cs | 10 + .../Transport/IHistorianTransportFactory.cs | 6 + .../Transport/TcpHistorianTransport.cs | 55 + .../Wcf/Contracts/IHistoryServiceContract.cs | 79 + .../Wcf/Contracts/IHistoryServiceContract2.cs | 140 + .../Contracts/IRetrievalServiceContract.cs | 57 + .../Contracts/IRetrievalServiceContract2.cs | 41 + .../Contracts/IRetrievalServiceContract3.cs | 45 + .../Contracts/IRetrievalServiceContract4.cs | 51 + .../Wcf/Contracts/IStatusServiceContract.cs | 37 + .../Wcf/Contracts/IStatusServiceContract2.cs | 39 + .../Wcf/Contracts/IStorageServiceContract.cs | 129 + .../Contracts/ITransactionServiceContract.cs | 28 + .../Wcf/HistorianAddTagsProtocol.cs | 94 + .../Wcf/HistorianDataQueryProtocol.cs | 365 + .../Wcf/HistorianEventQueryProtocol.cs | 157 + .../Wcf/HistorianEventRowProtocol.cs | 255 + .../Wcf/HistorianOpen2Protocol.cs | 275 + .../Wcf/HistorianSspiClient.cs | 346 + .../Wcf/HistorianStatusProtocol.cs | 33 + .../Wcf/HistorianTagQueryProtocol.cs | 198 + .../Wcf/HistorianWcfAuthChainHelper.cs | 201 + .../Wcf/HistorianWcfAuthenticationProtocol.cs | 63 + .../Wcf/HistorianWcfBindingFactory.cs | 167 + .../Wcf/HistorianWcfEventOrchestrator.cs | 448 ++ .../Wcf/HistorianWcfProbe.cs | 115 + .../Wcf/HistorianWcfReadOrchestrator.cs | 459 ++ .../Wcf/HistorianWcfServiceNames.cs | 20 + .../Wcf/HistorianWcfStatusClient.cs | 118 + .../Wcf/HistorianWcfTagClient.cs | 399 + .../Wcf/MdasMessageEncoder.cs | 51 + .../Wcf/MdasMessageEncoderFactory.cs | 19 + .../Wcf/MdasMessageEncodingBindingElement.cs | 55 + .../AVEVA.Historian.Client.Tests.csproj | 25 + .../BinaryPrimitiveTests.cs | 38 + .../EnumCompatibilityTests.cs | 33 + .../EventChainDiagnosticTests.cs | 63 + .../FrameTests.cs | 28 + .../HistorianClientIntegrationTests.cs | 303 + .../HistorianEventRowProtocolTests.cs | 230 + .../HistorianSspiClientTests.cs | 43 + .../ProtocolGuardrailTests.cs | 16 + .../TagMetadataDescriptorProbeTests.cs | 91 + .../WcfAuthenticationProtocolTests.cs | 97 + .../WcfBindingFactoryTests.cs | 39 + .../WcfDataQueryProtocolTests.cs | 156 + .../WcfDataQueryResultBufferTests.cs | 109 + .../WcfEventQueryProtocolTests.cs | 46 + .../WcfEvidenceTests.cs | 105 + .../WcfOpen2ProtocolTests.cs | 283 + .../WcfStatusProtocolTests.cs | 45 + .../WcfTagQueryProtocolTests.cs | 168 + .../AVEVA.Historian.NativeTraceHarness.csproj | 20 + .../App.config | 34 + .../Program.cs | 968 +++ .../AVEVA.Historian.NetFxWcfProbe.csproj | 15 + .../AVEVA.Historian.NetFxWcfProbe/Program.cs | 880 +++ .../AVEVA.Historian.ReverseEngineering.csproj | 19 + .../Program.cs | 6878 +++++++++++++++++ ...VA.Historian.ReverseInstrumentation.csproj | 12 + .../CaptureLogger.cs | 501 ++ .../ReverseInstrumentation.snk | Bin 0 -> 596 bytes .../AVEVA.Historian.WcfCaptureServer.csproj | 15 + .../Program.cs | 674 ++ 230 files changed, 38666 insertions(+) create mode 100644 .gitignore create mode 100644 AGENTS.md create mode 100644 CLAUDE.md create mode 100644 Histsdk.slnx create mode 100644 docs/reverse-engineering/aahclient-exports-latest.json create mode 100644 docs/reverse-engineering/capture-manifest.json create mode 100644 docs/reverse-engineering/capture-workflow.md create mode 100644 docs/reverse-engineering/cclientbase-open-correlation-latest.json create mode 100644 docs/reverse-engineering/cclientcommon-startquery-correlation-latest.json create mode 100644 docs/reverse-engineering/cserverclient-handle-correlation-latest.json create mode 100644 docs/reverse-engineering/data-query-request-ctor-il-latest.txt create mode 100644 docs/reverse-engineering/debian-relay-history-latest.pid create mode 100644 docs/reverse-engineering/dnlib-historianclient-getnexteventrow-target-latest.json create mode 100644 docs/reverse-engineering/dnlib-historianclient-getnextrow-target-latest.json create mode 100644 docs/reverse-engineering/dnlib-historianclient-startdataquery-target-latest.json create mode 100644 docs/reverse-engineering/dnlib-historyquery-movenext-latest.json create mode 100644 docs/reverse-engineering/dnlib-historyquery-startquery-latest.json create mode 100644 docs/reverse-engineering/dnlib-query-startdataquery-il-window-latest.json create mode 100644 docs/reverse-engineering/dnlib-query-startdataquery-target-latest.json create mode 100644 docs/reverse-engineering/dnlib-query-starteventquery-il-window-latest.json create mode 100644 docs/reverse-engineering/dnlib-query-starteventquery-save-window-latest.json create mode 100644 docs/reverse-engineering/dnlib-sbytestream-getdata-latest.json create mode 100644 docs/reverse-engineering/dnlib-sbytestream-getlength-latest.json create mode 100644 docs/reverse-engineering/dnlib-write-copy-probe-latest.txt create mode 100644 docs/reverse-engineering/dumpbin-aahclientmanaged-dependents-latest.txt create mode 100644 docs/reverse-engineering/dumpbin-aahclientmanaged-imports-filtered-latest.txt create mode 100644 docs/reverse-engineering/dumpbin-aahclientmanaged-imports-latest.txt create mode 100644 docs/reverse-engineering/dumpbin-aahclientmanaged-ws2-imports-latest.txt create mode 100644 docs/reverse-engineering/frida-aahclientmanaged-hook-pass.md create mode 100644 docs/reverse-engineering/getnexteventrow-memory-latest.json create mode 100644 docs/reverse-engineering/getnextrow-dataqueryresultrow-memory-latest.json create mode 100644 docs/reverse-engineering/getnextrow-interpolated-memory-latest.json create mode 100644 docs/reverse-engineering/getnextrow-timeweightedaverage-memory-latest.json create mode 100644 docs/reverse-engineering/handoff.md create mode 100644 docs/reverse-engineering/ildasm-classlist-filtered-latest.txt create mode 100644 docs/reverse-engineering/ildasm-historyquery-movenext-excerpt-latest.il create mode 100644 docs/reverse-engineering/ildasm-historyquery-startquery-excerpt-latest.il create mode 100644 docs/reverse-engineering/implementation-status.md create mode 100644 docs/reverse-engineering/instrument-getnexteventrow-latest.json create mode 100644 docs/reverse-engineering/instrument-getnextrow-latest.json create mode 100644 docs/reverse-engineering/instrument-startdataquery-latest.json create mode 100644 docs/reverse-engineering/instrument-starteventquery-latest.json create mode 100644 docs/reverse-engineering/instrument-starttagquery-latest.json create mode 100644 docs/reverse-engineering/instrument-wcf-readquery-latest.json create mode 100644 docs/reverse-engineering/like-tag-browse-response-latest.json create mode 100644 docs/reverse-engineering/loaded-modules-aahclientmanaged-read-latest.json create mode 100644 docs/reverse-engineering/managed-wrapper-findings.md create mode 100644 docs/reverse-engineering/method-inventory-eventquery-latest.txt create mode 100644 docs/reverse-engineering/method-inventory-scrtmemfile-latest.txt create mode 100644 docs/reverse-engineering/native-event-addtag-frida-child.err create mode 100644 docs/reverse-engineering/native-event-addtag-frida-child.json create mode 100644 docs/reverse-engineering/native-event-remote-capture-latest.json create mode 100644 docs/reverse-engineering/native-event-vs-capture-server-latest.json create mode 100644 docs/reverse-engineering/native-event-wcf-capture-harness.json create mode 100644 docs/reverse-engineering/native-event-wcf-capture-server.err create mode 100644 docs/reverse-engineering/native-exports.md create mode 100644 docs/reverse-engineering/native-open-capture-server.md create mode 100644 docs/reverse-engineering/native-trace-harness-cyclic-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-event-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-full-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-integrated-read-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-interpolated-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-tag-direct-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-tag-direct-wildcard-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-tag-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-tag-odata-alt-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-tag-odata-name-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-tag-odata-tagname-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-tag-prefix-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-tag-wildcard-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-timeweightedaverage-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-via-debian-relay-direct-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-via-debian-relay-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-via-debian-relay-rewrite-event-direct-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-via-debian-relay-rewrite-event-latest.json create mode 100644 docs/reverse-engineering/native-trace-harness-via-debian-relay-rewrite-latest.json create mode 100644 docs/reverse-engineering/openconnection3-correlation-latest.json create mode 100644 docs/reverse-engineering/pktmon-debian-relay-history-latest.harness.json create mode 100644 docs/reverse-engineering/pktmon-debian-relay-history-latest.summary.json create mode 100644 docs/reverse-engineering/pktmon-debian-relay-history-latest.txt create mode 100644 docs/reverse-engineering/query-handle-correlation-latest.json create mode 100644 docs/reverse-engineering/runtime-method-pointers-before-history-start-latest.json create mode 100644 docs/reverse-engineering/runtime-method-pointers-getnextrow-latest.json create mode 100644 docs/reverse-engineering/runtime-method-pointers-startdataquery-latest.json create mode 100644 docs/reverse-engineering/runtime-method-pointers-starteventquery-latest.json create mode 100644 docs/reverse-engineering/runtime-method-pointers-startquery-latest.json create mode 100644 docs/reverse-engineering/startdataquery-interpolated-request-buffer-latest.json create mode 100644 docs/reverse-engineering/startdataquery-request-buffer-latest.json create mode 100644 docs/reverse-engineering/startdataquery-timeweightedaverage-request-buffer-latest.json create mode 100644 docs/reverse-engineering/starteventquery-request-buffer-latest.json create mode 100644 docs/reverse-engineering/starttagquery-request-buffer-latest.json create mode 100644 docs/reverse-engineering/tagquery-gettaginfo-response-latest.json create mode 100644 docs/reverse-engineering/wcf-add-event-tag-latest.json create mode 100644 docs/reverse-engineering/wcf-capture-event-request-latest.err create mode 100644 docs/reverse-engineering/wcf-capture-native-event-latest.err.txt create mode 100644 docs/reverse-engineering/wcf-capture-remote-event-latest.err create mode 100644 docs/reverse-engineering/wcf-cert-probe-localhost-latest.json create mode 100644 docs/reverse-engineering/wcf-cert-probe-remote-latest.json create mode 100644 docs/reverse-engineering/wcf-cert-probe-remote-localhost-identity-latest.json create mode 100644 docs/reverse-engineering/wcf-contract-evidence.md create mode 100644 docs/reverse-engineering/wcf-open-localhost.md create mode 100644 docs/reverse-engineering/wcf-open2-localhost.md create mode 100644 docs/reverse-engineering/wcf-open2-remote-latest.json create mode 100644 docs/reverse-engineering/wcf-probe-localhost.json create mode 100644 docs/reverse-engineering/wcf-probe-remote-latest.json create mode 100644 docs/reverse-engineering/wcf-register-event-tag-latest.json create mode 100644 docs/reverse-engineering/wcf-start-event-query-attempts-latest.json create mode 100644 docs/reverse-engineering/wcf-start-query-remote-latest.json create mode 100644 docs/reverse-engineering/wcf-status-localhost.md create mode 100644 docs/reverse-engineering/wcf-tag-info-remote-latest.json create mode 100644 fixtures/protocol/2020/.gitkeep create mode 100644 fixtures/protocol/README.md create mode 100644 instructions.md create mode 100644 scripts/Attach-AahClientManagedFridaCapture.ps1 create mode 100644 scripts/Attach-NativeTraceHarnessAahClientExportCapture.ps1 create mode 100644 scripts/Attach-NativeTraceHarnessRuntimePointerCapture.ps1 create mode 100644 scripts/Attach-NativeTraceHarnessSystemBoundaryCapture.ps1 create mode 100644 scripts/Attach-NativeTraceHarnessWinsockCapture.ps1 create mode 100644 scripts/Attach-SystemBoundaryViaDebianRelay.ps1 create mode 100644 scripts/Capture-AahClientAccessPointValClContext.ps1 create mode 100644 scripts/Find-GalaxyHistorizedTags.ps1 create mode 100644 scripts/Prompt-HistorianCredentialsAndOpen2.ps1 create mode 100644 scripts/Run-AahClientManagedFridaCapture.ps1 create mode 100644 scripts/Run-DebianHistorianRelayCapture.ps1 create mode 100644 scripts/Run-PktmonDebianRelayCapture.ps1 create mode 100644 scripts/Start-WcfOpen2CaptureServer.ps1 create mode 100644 scripts/Test-AahClientManagedOpen.ps1 create mode 100644 scripts/Test-AahClientManagedReadIntegrated.ps1 create mode 100644 scripts/decode-event-capture.py create mode 100644 scripts/decode-readmessage-capture.py create mode 100644 scripts/frida/aahclient-exports.js create mode 100644 scripts/frida/aahclientaccesspoint-valcl-context.js create mode 100644 scripts/frida/aahclientmanaged-open-query.js create mode 100644 scripts/frida/aahclientmanaged-system-boundary.js create mode 100644 scripts/frida/aahclientmanaged-winsock.js create mode 100644 src/AVEVA.Historian.Client/AVEVA.Historian.Client.csproj create mode 100644 src/AVEVA.Historian.Client/HistorianClient.cs create mode 100644 src/AVEVA.Historian.Client/HistorianClientOptions.cs create mode 100644 src/AVEVA.Historian.Client/HistorianTransport.cs create mode 100644 src/AVEVA.Historian.Client/Models/AggregationType.cs create mode 100644 src/AVEVA.Historian.Client/Models/HistorianAggregateSample.cs create mode 100644 src/AVEVA.Historian.Client/Models/HistorianBlock.cs create mode 100644 src/AVEVA.Historian.Client/Models/HistorianConnectionKind.cs create mode 100644 src/AVEVA.Historian.Client/Models/HistorianConnectionStatus.cs create mode 100644 src/AVEVA.Historian.Client/Models/HistorianDataType.cs create mode 100644 src/AVEVA.Historian.Client/Models/HistorianDataValue.cs create mode 100644 src/AVEVA.Historian.Client/Models/HistorianEvent.cs create mode 100644 src/AVEVA.Historian.Client/Models/HistorianSample.cs create mode 100644 src/AVEVA.Historian.Client/Models/HistorianStoreForwardStatus.cs create mode 100644 src/AVEVA.Historian.Client/Models/HistorianTagMetadata.cs create mode 100644 src/AVEVA.Historian.Client/Models/InterpolationType.cs create mode 100644 src/AVEVA.Historian.Client/Models/QualityRule.cs create mode 100644 src/AVEVA.Historian.Client/Models/RetrievalMode.cs create mode 100644 src/AVEVA.Historian.Client/Models/TimestampRule.cs create mode 100644 src/AVEVA.Historian.Client/Models/ValueSelector.cs create mode 100644 src/AVEVA.Historian.Client/Protocol/FrameFormatException.cs create mode 100644 src/AVEVA.Historian.Client/Protocol/Historian2020ProtocolDialect.cs create mode 100644 src/AVEVA.Historian.Client/Protocol/HistorianBinaryPrimitives.cs create mode 100644 src/AVEVA.Historian.Client/Protocol/HistorianConnection.cs create mode 100644 src/AVEVA.Historian.Client/Protocol/HistorianFrame.cs create mode 100644 src/AVEVA.Historian.Client/Protocol/HistorianFrameReader.cs create mode 100644 src/AVEVA.Historian.Client/Protocol/HistorianFrameWriter.cs create mode 100644 src/AVEVA.Historian.Client/Protocol/HistorianMessageType.cs create mode 100644 src/AVEVA.Historian.Client/Protocol/HistorianProtocolFacts.cs create mode 100644 src/AVEVA.Historian.Client/ProtocolEvidenceMissingException.cs create mode 100644 src/AVEVA.Historian.Client/ProtocolNotImplementedException.cs create mode 100644 src/AVEVA.Historian.Client/Transport/IHistorianTransport.cs create mode 100644 src/AVEVA.Historian.Client/Transport/IHistorianTransportFactory.cs create mode 100644 src/AVEVA.Historian.Client/Transport/TcpHistorianTransport.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/Contracts/IHistoryServiceContract.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/Contracts/IHistoryServiceContract2.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/Contracts/IRetrievalServiceContract.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/Contracts/IRetrievalServiceContract2.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/Contracts/IRetrievalServiceContract3.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/Contracts/IRetrievalServiceContract4.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/Contracts/IStatusServiceContract.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/Contracts/IStatusServiceContract2.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/Contracts/IStorageServiceContract.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/Contracts/ITransactionServiceContract.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianAddTagsProtocol.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianDataQueryProtocol.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianEventQueryProtocol.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianEventRowProtocol.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianOpen2Protocol.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianSspiClient.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianStatusProtocol.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianTagQueryProtocol.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianWcfAuthChainHelper.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianWcfAuthenticationProtocol.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianWcfBindingFactory.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianWcfEventOrchestrator.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianWcfProbe.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianWcfReadOrchestrator.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianWcfServiceNames.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianWcfStatusClient.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/HistorianWcfTagClient.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/MdasMessageEncoder.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/MdasMessageEncoderFactory.cs create mode 100644 src/AVEVA.Historian.Client/Wcf/MdasMessageEncodingBindingElement.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/AVEVA.Historian.Client.Tests.csproj create mode 100644 tests/AVEVA.Historian.Client.Tests/BinaryPrimitiveTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/EnumCompatibilityTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/EventChainDiagnosticTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/FrameTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/HistorianClientIntegrationTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/HistorianEventRowProtocolTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/HistorianSspiClientTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/ProtocolGuardrailTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/TagMetadataDescriptorProbeTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/WcfAuthenticationProtocolTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/WcfBindingFactoryTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/WcfDataQueryProtocolTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/WcfDataQueryResultBufferTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/WcfEventQueryProtocolTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/WcfEvidenceTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/WcfOpen2ProtocolTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/WcfStatusProtocolTests.cs create mode 100644 tests/AVEVA.Historian.Client.Tests/WcfTagQueryProtocolTests.cs create mode 100644 tools/AVEVA.Historian.NativeTraceHarness/AVEVA.Historian.NativeTraceHarness.csproj create mode 100644 tools/AVEVA.Historian.NativeTraceHarness/App.config create mode 100644 tools/AVEVA.Historian.NativeTraceHarness/Program.cs create mode 100644 tools/AVEVA.Historian.NetFxWcfProbe/AVEVA.Historian.NetFxWcfProbe.csproj create mode 100644 tools/AVEVA.Historian.NetFxWcfProbe/Program.cs create mode 100644 tools/AVEVA.Historian.ReverseEngineering/AVEVA.Historian.ReverseEngineering.csproj create mode 100644 tools/AVEVA.Historian.ReverseEngineering/Program.cs create mode 100644 tools/AVEVA.Historian.ReverseInstrumentation/AVEVA.Historian.ReverseInstrumentation.csproj create mode 100644 tools/AVEVA.Historian.ReverseInstrumentation/CaptureLogger.cs create mode 100644 tools/AVEVA.Historian.ReverseInstrumentation/ReverseInstrumentation.snk create mode 100644 tools/AVEVA.Historian.WcfCaptureServer/AVEVA.Historian.WcfCaptureServer.csproj create mode 100644 tools/AVEVA.Historian.WcfCaptureServer/Program.cs diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..463f374 --- /dev/null +++ b/.gitignore @@ -0,0 +1,31 @@ +bin/ +obj/ +.vs/ +.vscode/ +TestResults/ +artifacts/ +*.user +*.suo + +# AVEVA native binaries — referenced by reverse-engineering harnesses for analysis only. +# Per CLAUDE.md: "Never modify, delete, or redistribute". Each developer fetches their own +# copy from the AVEVA installer; do not commit the binaries themselves. +current/ +aveva-install-x64/ +aveva-install-x86/ + +# Editor / runtime droppings +.claude/ +*.svclog +.idea/ +*.swp +Thumbs.db + +# Capture droppings outside artifacts/ (safety net) +*.ndjson +*.pcap +*.pcapng + +# Test droppings +*.coverage +coverage.cobertura.xml diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..5965f96 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,214 @@ +# AGENTS.md + +## Mission + +Build a fully managed .NET 10 replacement for AVEVA Historian's +`aahClientManaged` / `aahClient.dll` stack by reverse-engineering the native +binary Historian protocol. + +The target is an in-process managed SDK that can replace the current .NET +Framework/native sidecar used by `OtOpcUa.Driver.Historian.Wonderware`. + +## Chosen Approach + +Use the reverse-engineering path from `instructions.md`: + +1. Decompile `current\aahClientManaged.dll` to understand the managed wrapper + surface, connection flow, query types, data models, error handling, and + native calls. +2. Inspect `current\aahClient.dll` and the matching AVEVA install DLLs to map + the native ABI and identify transport/framing responsibilities. +3. Capture traffic from real Historian sessions and derive the on-the-wire + protocol for the required read-only operations. +4. Implement the protocol in a pure managed .NET 10 client. + +Do not pursue the REST API implementation unless explicitly asked. Do not build +a P/Invoke shim as the primary solution; it is useful only as an analysis aid. + +## Repository Layout + +This workspace is an SDK investigation folder, not a full application repo. + +- `instructions.md` - source planning document and decision record. +- `current\` - the seven DLLs the existing sidecar links against today. +- `aveva-install-x64\` - full 64-bit AVEVA Historian client-side DLL set. +- `aveva-install-x86\` - full 32-bit AVEVA Historian client-side DLL set. + +Use `current\` first because it represents the deployed sidecar dependency set. +Use `aveva-install-*` to compare architecture-specific behavior and locate +adjacent client APIs. + +## Required SDK Surface + +Keep the managed SDK narrowly scoped to the operations used in production: + +- `ReadRawAsync(tag, startUtc, endUtc, maxValues)` +- `ReadAggregateAsync(tag, startUtc, endUtc, mode, interval)` +- `ReadAtTimeAsync(tag, timestampsUtc)` +- `ReadEventsAsync(startUtc, endUtc)` +- `ProbeAsync()` + +The existing alarm-event write path is dormant. Do not implement write-back +unless a new requirement is supplied. + +## Reverse-Engineering Workflow + +### 1. Managed Wrapper Analysis + +Use dnSpy or ILSpy on `current\aahClientManaged.dll`. + +Document: + +- Public types and methods used for connections and queries. +- P/Invoke or native interop entry points. +- Constructor arguments, enum values, flags, and default values. +- Query argument structures for raw, aggregate, at-time, and event reads. +- Returned sample/event models, quality fields, timestamp handling, and error + propagation. + +Prefer producing small Markdown notes under a future `docs\reverse-engineering\` +folder rather than relying on memory. + +### 2. Native ABI Mapping + +Inspect `current\aahClient.dll` and compare with: + +- `aveva-install-x64\aahClient.dll` +- `aveva-install-x86\aahClient.dll` +- `aahClientCommon.dll` +- `aahDataSetClient.dll` +- `aahClientConfig.dll` + +Useful tools: + +- `dumpbin /exports` +- Dependencies or Process Monitor +- API Monitor +- Detours or equivalent call hooks + +Document function names, calling conventions, pointer ownership, HRESULT/error +patterns, string encodings, and architecture differences. + +### 3. Wire Capture + +Capture real Historian sessions with Wireshark while running the existing +Wonderware sidecar/client against a development Historian. + +Capture each scenario independently: + +- Connection open/close and health probe. +- Raw history query. +- Aggregate query for each required retrieval mode. +- At-time/interpolated query. +- Event query. +- Error cases: bad tag, empty range, invalid credentials, server offline. + +For every capture, record: + +- Historian version and architecture. +- Client DLL version and file hash. +- Server host/port. +- Query parameters. +- Expected logical result set. +- Packet capture filename. + +Do not commit sensitive packet captures, credentials, server names, or customer +tag names. Sanitize before adding any fixtures or notes. + +### 4. Protocol Model + +Derive and document: + +- Session handshake. +- Authentication exchange, if present. +- Message framing and length prefixes. +- Message type identifiers. +- Request/response correlation. +- Endianness. +- Timestamp encoding. +- String encoding. +- Numeric value encoding. +- Quality/status encoding. +- Error frame format. +- Event payload format. + +Add version notes whenever behavior differs between the installed 2020 DLLs and +newer Historian versions. + +### 5. Managed Implementation Shape + +When implementation starts, use this project shape unless the real repo dictates +otherwise: + +```text +src/AVEVA.Historian.Client/ + AVEVA.Historian.Client.csproj + HistorianClient.cs + HistorianClientOptions.cs + Models/ + HistorianSample.cs + HistorianAggregateSample.cs + HistorianEvent.cs + RetrievalMode.cs + Protocol/ + HistorianConnection.cs + HistorianFrame.cs + HistorianMessageType.cs + HistorianProtocolReader.cs + HistorianProtocolWriter.cs + Transport/ + TcpHistorianTransport.cs + ClusterEndpointPicker.cs + Internal/ + BackoffPolicy.cs +``` + +Keep protocol parsing isolated from transport I/O so captured frames can be +tested without a live Historian. + +## Testing Expectations + +Start with deterministic tests around protocol encoding/decoding: + +- Golden byte fixtures for each message kind. +- Round-trip tests for request builders. +- Parser tests for captured and sanitized response frames. +- Timestamp, quality, and string encoding edge cases. +- Error frame parsing. + +Add live integration tests only behind explicit configuration, such as: + +- `HISTORIAN_HOST` +- `HISTORIAN_PORT` +- `HISTORIAN_USER` +- `HISTORIAN_PASSWORD` +- `HISTORIAN_TEST_TAG` + +Integration tests must skip cleanly when these values are not configured. + +## Constraints + +- Keep the final SDK pure managed .NET 10. +- Avoid adding native runtime dependencies to the production SDK. +- Avoid broad API design. Implement only the operations listed above. +- Treat AVEVA protocol details as version-sensitive; document assumptions. +- Do not redistribute AVEVA binaries. +- Do not commit credentials, proprietary captures, or customer data. +- Do not delete or overwrite DLLs in `current\` or `aveva-install-*`. + +## Definition of Done + +For the reverse-engineering phase: + +- Managed wrapper public surface and native entry points are documented. +- Required query flows have sanitized captures or byte-level notes. +- Message framing, request fields, response fields, and error frames are + described well enough to implement parser tests. + +For the SDK phase: + +- The managed client implements the required read-only surface. +- Unit tests cover protocol parse/build behavior. +- Integration tests can validate against a configured live Historian. +- The SDK can replace the existing sidecar call sites without requiring + `aahClientManaged.dll` or `aahClient.dll` at runtime. diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..5c21ccb --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,101 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Mission + +Build a fully managed .NET 10 replacement for AVEVA Historian's `aahClientManaged` / `aahClient.dll` stack by reverse-engineering the proprietary binary protocol. The production SDK under `src/AVEVA.Historian.Client/` must remain pure managed .NET 10 — no P/Invoke, no native AVEVA runtime dependency, no REST. Tools under `tools/` and scripts under `scripts/` are reverse-engineering aids only. + +Read `AGENTS.md` (standing constraints), `instructions.md` (decision record), and `docs/reverse-engineering/handoff.md` (current evidence + active blocker) before starting non-trivial work. The handoff doc is the entry point — it tracks the live blocker, next pickup steps, and the canonical list of primary reference docs. + +## Required SDK Surface + +Read-only operations only. Do not implement write-back unless explicitly requested: + +- `ProbeAsync`, `ReadRawAsync`, `ReadAggregateAsync`, `ReadAtTimeAsync`, `ReadEventsAsync` +- `BrowseTagNamesAsync`, `GetTagMetadataAsync` +- Status helpers: `GetConnectionStatusAsync`, `GetStoreForwardStatusAsync`, `GetSystemParameterAsync` + +Methods without protocol evidence currently throw `ProtocolEvidenceMissingException` from `Historian2020ProtocolDialect`. Do not stub fake behavior — leave them throwing until evidence supports an implementation. + +## Build & Test + +```powershell +dotnet build .\Histsdk.slnx --no-restore +dotnet test .\Histsdk.slnx --no-build --logger "console;verbosity=minimal" +``` + +Run a single test: + +```powershell +dotnet test .\Histsdk.slnx --no-build --filter "FullyQualifiedName~WcfDataQueryProtocolTests" +``` + +Live integration tests in `tests/AVEVA.Historian.Client.Tests/HistorianClientIntegrationTests.cs` are gated and skip cleanly without these env vars: + +```powershell +$env:HISTORIAN_HOST, $env:HISTORIAN_PORT (32568), $env:HISTORIAN_USER, $env:HISTORIAN_PASSWORD, +$env:HISTORIAN_TEST_TAG, $env:HISTORIAN_TAG_FILTER +``` + +Never write real credentials, hostnames, user names, or customer tag names into docs, scripts, captures, or commit messages. + +## Reverse-Engineering CLI + +`tools/AVEVA.Historian.ReverseEngineering` is the .NET 10 CLI for static inspection, WCF probes, and IL-rewrite instrumentation. Common entry points: + +```powershell +dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- wcf-probe $env:HISTORIAN_HOST 32568 +dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- wcf-cert-probe $env:HISTORIAN_HOST 32568 localhost +dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- wcf-like-tag-browse $env:HISTORIAN_HOST 32568 $env:HISTORIAN_TAG_FILTER +dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- wcf-start-query $env:HISTORIAN_HOST 32568 $env:HISTORIAN_TEST_TAG --max-attempts 1 --timeout-seconds 3 +dotnet run --project tools\AVEVA.Historian.NativeTraceHarness -- --scenario history --tag $env:HISTORIAN_TEST_TAG --lookback-minutes 1440 +``` + +The `wcf-start-query` matrix is expensive — always pass `--max-attempts` / `--timeout-seconds` for negative probes. See `docs/reverse-engineering/capture-workflow.md` for the full repeatable capture sequence (manifest, mark, exports, Frida winsock attach, etc.). + +## Code Architecture + +### Production SDK (`src/AVEVA.Historian.Client/`) + +Three layered subsystems, intentionally decoupled so protocol parsing can be unit-tested without a live server: + +- **`HistorianClient` + `HistorianClientOptions`** — public façade. Validates inputs, delegates reads to `Historian2020ProtocolDialect`, delegates probe/tag-metadata/browse to the WCF layer. +- **`Wcf/`** — managed WCF/MDAS layer. The Historian uses Net.TCP on port `32568` with a custom `application/x-mdas` content type wrapping a binary SOAP 1.2 / WS-Addressing 1.0 envelope. `MdasMessageEncoder` + `MdasMessageEncodingBindingElement` implement that wrapper. `HistorianWcfBindingFactory` produces three flavors: plain MDAS, MDAS+Windows transport (used for `/Hist-Integrated`), and MDAS+certificate (used for `/HistCert`). Service paths live in `HistorianWcfServiceNames`. WCF data contracts (`Wcf/Contracts/`) are reproduced from server-side static analysis and are versioned per native interface (e.g., `IRetrievalServiceContract2..4`). +- **`Protocol/`** — binary frame layer (`HistorianFrameReader`/`Writer`, `HistorianBinaryPrimitives`, `HistorianMessageType`). `Historian2020ProtocolDialect` is the version-anchored bridge between `HistorianClient` and the frame layer; methods without sufficient evidence throw `ProtocolEvidenceMissingException` rather than guessing wire bytes. +- **`Transport/`** — pluggable `IHistorianTransport` (default: TCP). Tests inject a fake transport. +- **`Models/`** — public DTOs and enums (`HistorianSample`, `RetrievalMode`, etc.). `HistorianDataValue` represents the discriminated value type. + +`InternalsVisibleTo` exposes internals to the test assembly and the reverse-engineering tool. + +### The Active Protocol Blocker + +The native wrapper does **not** use the simple `Open2` session handle for query reads. The successful native flow is `CClientContext.AuthenticateClient` → two `ValidateClientCredential` SSPI rounds → `CHistoryConnectionWCF.OpenConnection3` → `CClientCommon.StartQuery` → `/Retr.StartQuery2`. `OpenConnection3` mints the transient `/Retr` client handle the server accepts. Managed `Open2` alone reaches server logic but `Retr.StartQuery2` returns false with empty buffers. + +`DataQueryRequest` and `EventQueryRequest` byte serialization is already byte-matched against native captures. The remaining gap is reproducing the auth/session state that lets the server accept a client-generated context GUID before `OpenConnection3`. See handoff.md "Active Blocker" and `docs/reverse-engineering/openconnection3-correlation-latest.json`. + +### Tools Layer + +- `tools/AVEVA.Historian.NativeTraceHarness/` — **.NET Framework** (not .NET 10) harness that loads `current/aahClientManaged.dll` and records sanitized reflection snapshots around `OpenConnection`, `StartQuery`, `MoveNext`. Exists specifically to parity-test against the native wrapper. +- `tools/AVEVA.Historian.NetFxWcfProbe/` — .NET Framework WCF probe to rule out .NET 10-only WCF behavior differences. +- `tools/AVEVA.Historian.ReverseInstrumentation/` — assembly injected into IL-rewritten copies of `aahClientManaged.dll` for sanitized logging. Rewrites land in `docs/reverse-engineering/dnlib-write-copy/`, never in `current/`. +- `tools/AVEVA.Historian.WcfCaptureServer/` — fake server for endpoint experiments. +- `scripts/` — PowerShell + Frida runners for native attach captures (winsock, system boundary, runtime pointers, ValCl SSPI context). + +### Evidence & Artifacts + +- `docs/reverse-engineering/` — sanitized Markdown summaries + small JSON evidence. Always commit-safe. +- `artifacts/reverse-engineering/` — raw / identity-bearing runtime output. Never committed; never copy contents into `docs/` without sanitizing. +- `fixtures/protocol/` — sanitized golden byte fixtures, named to match `manifest` scenarios. +- `current/` and `aveva-install-{x64,x86}/` — AVEVA binaries. **Never modify, delete, or redistribute.** Use `current/` first because it matches the deployed sidecar. + +## Testing Conventions + +Unit tests are golden-byte and round-trip oriented — `WcfDataQueryProtocolTests`, `WcfEventQueryProtocolTests`, `WcfTagQueryProtocolTests`, `WcfOpen2ProtocolTests`, `FrameTests`, `BinaryPrimitiveTests`. `ProtocolGuardrailTests` enforces that unimplemented methods throw `ProtocolEvidenceMissingException` rather than returning empty results. When adding a new protocol code path, add a golden-byte fixture before/alongside the implementation. + +## Safety + +- Never commit credentials, hostnames, user names, customer tag names, or raw packet captures. Use placeholders in docs. +- Run a sanitization scan after touching auth/capture docs (the rg pattern is in handoff.md "Next Pickup Steps"). +- Production code under `src/` must remain pure managed .NET 10 with no native AVEVA reference. Reverse-engineering harnesses under `tools/` may reference native binaries. +- This workspace is not a Git working tree in the current checkout — track changes via file timestamps or external backup. diff --git a/Histsdk.slnx b/Histsdk.slnx new file mode 100644 index 0000000..a48ff3c --- /dev/null +++ b/Histsdk.slnx @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/reverse-engineering/aahclient-exports-latest.json b/docs/reverse-engineering/aahclient-exports-latest.json new file mode 100644 index 0000000..9d856ad --- /dev/null +++ b/docs/reverse-engineering/aahclient-exports-latest.json @@ -0,0 +1,105 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClient.dll", + "Sha256": "77a778988e2d8f2d0e88113f8c8b0788a0ef34fa5134938a353976778144dc83", + "Exports": [ + "?mdas_AddHistorianValue2@@YAHKPEAUHISTORIAN_VALUE2@@PEAUHISTORIAN_ERROR@@@Z", + "?mdas_AddNonStreamedValue2@@YAHKKPEAUHISTORIAN_VALUE2@@PEAUHISTORIAN_ERROR@@@Z", + "?mdas_GetNextEventDataQueryResult@@YAHKKPEAVEventQueryResultRow@@PEAUHISTORIAN_ERROR@@@Z", + "?mdas_GetRuntimeParameter@@YAHKAEBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@AEAV?$vector@VCRetVariant@@V?$allocator@VCRetVariant@@@std@@@2@PEAUHISTORIAN_ERROR@@@Z", + "?mdas_StartEventDataRetrievalQuery@@YAHK_K0IIGGAEAVEventQueryFilters@@PEB_WPEAKPEAUHISTORIAN_ERROR@@@Z", + "mdas_AddHistorianTag", + "mdas_AddHistorianTags", + "mdas_AddHistorianValue", + "mdas_AddNonStreamValues", + "mdas_AddNonStreamValuesBegin", + "mdas_AddNonStreamValuesEnd", + "mdas_AddNonStreamedValue", + "mdas_AddNonStreamedValue3", + "mdas_AddNonStreamedValueAsync", + "mdas_AddNonStreamedValuesBegin", + "mdas_AddNonStreamedValuesEnd", + "mdas_AddRevisionValue", + "mdas_AddRevisionValuesBegin", + "mdas_AddRevisionValuesEnd", + "mdas_AddStreamValue", + "mdas_AddStreamValue2", + "mdas_AddTagExtendedProperties", + "mdas_AddTagExtendedPropertyGroups", + "mdas_AddTags", + "mdas_AddTags2", + "mdas_CanUpdateAreaHierarchy", + "mdas_CloseConnection", + "mdas_ConfigureAutoStartProcess", + "mdas_ConfigureParameter", + "mdas_DeleteTag", + "mdas_DeleteTagExtendedPropertiesByName", + "mdas_EndQuery", + "mdas_ExchangeInfoWithProcess", + "mdas_GetErrorCount", + "mdas_GetErrorText", + "mdas_GetHistorianTagsByKey", + "mdas_GetJobStatus", + "mdas_GetLicenseFeatureInfo", + "mdas_GetLikeTagnames", + "mdas_GetLocalizedText", + "mdas_GetNextBlockQueryResult", + "mdas_GetNextDataQueryResult", + "mdas_GetSFParameter", + "mdas_GetStorageStatus", + "mdas_GetSystemParameter", + "mdas_GetSystemTimeZoneName", + "mdas_GetTagDeploymentStatus", + "mdas_GetTagExtendedPropertyByName", + "mdas_GetTagExtendedPropertyGroupStatusByName", + "mdas_GetTagInfoByName", + "mdas_GetTagInfoFromName", + "mdas_GetTagInfosByName", + "mdas_GetTagStatusByName", + "mdas_GetTagTypeFromName", + "mdas_GetTagidsByTagnameAndSource", + "mdas_GetTimeZoneInfo", + "mdas_GetTimeZoneNames", + "mdas_Initialize", + "mdas_IsAllForwarded", + "mdas_IsDBCaseSensitive", + "mdas_IsManualTag", + "mdas_IsOriginalAllowed", + "mdas_IsTagnameValid", + "mdas_IsTagsSynchronized", + "mdas_LogError", + "mdas_OpenConnection", + "mdas_OpenConnection2", + "mdas_OpenConnectionOffline", + "mdas_OpenConnectionOffline2", + "mdas_OpenConnectionOffline4", + "mdas_PingPipe", + "mdas_PingServer", + "mdas_ReleaseBuffer", + "mdas_ReleaseErrorDetail", + "mdas_RenameSourceTags", + "mdas_RenameTags", + "mdas_SendNonStreamedValues", + "mdas_SetBufferMemory", + "mdas_SetConnectState", + "mdas_SetConnectionParameter", + "mdas_SetParameter", + "mdas_SetRedundantSFMode", + "mdas_SetSFParameter", + "mdas_SetServerConnectionInfo", + "mdas_SetServerConnectionInfo2", + "mdas_SetServerConnectionInfo4", + "mdas_SetStoreForwardMode", + "mdas_SetTraceAccount", + "mdas_SetTraceFlags", + "mdas_StartBlockRetrievalQuery", + "mdas_StartDataRetrievalQuery", + "mdas_StartLikeTagNameSearch", + "mdas_StartProcess", + "mdas_StopProcess", + "mdas_UnInitialize", + "mdas_UnregisterTag", + "mdas_UpdateAreaHierarchy", + "mdas_UpdateConnection", + "mdas_UpdateObjectHierarchy" + ] +} diff --git a/docs/reverse-engineering/capture-manifest.json b/docs/reverse-engineering/capture-manifest.json new file mode 100644 index 0000000..7c9807d --- /dev/null +++ b/docs/reverse-engineering/capture-manifest.json @@ -0,0 +1,191 @@ +{ + "GeneratedUtc": "2026-04-30T19:06:31.829829+00:00", + "Binaries": [ + { + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClient.dll", + "Sha256": "77a778988e2d8f2d0e88113f8c8b0788a0ef34fa5134938a353976778144dc83", + "Exports": [ + "?mdas_AddHistorianValue2@@YAHKPEAUHISTORIAN_VALUE2@@PEAUHISTORIAN_ERROR@@@Z", + "?mdas_AddNonStreamedValue2@@YAHKKPEAUHISTORIAN_VALUE2@@PEAUHISTORIAN_ERROR@@@Z", + "?mdas_GetNextEventDataQueryResult@@YAHKKPEAVEventQueryResultRow@@PEAUHISTORIAN_ERROR@@@Z", + "?mdas_GetRuntimeParameter@@YAHKAEBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@AEAV?$vector@VCRetVariant@@V?$allocator@VCRetVariant@@@std@@@2@PEAUHISTORIAN_ERROR@@@Z", + "?mdas_StartEventDataRetrievalQuery@@YAHK_K0IIGGAEAVEventQueryFilters@@PEB_WPEAKPEAUHISTORIAN_ERROR@@@Z", + "mdas_AddHistorianTag", + "mdas_AddHistorianTags", + "mdas_AddHistorianValue", + "mdas_AddNonStreamValues", + "mdas_AddNonStreamValuesBegin", + "mdas_AddNonStreamValuesEnd", + "mdas_AddNonStreamedValue", + "mdas_AddNonStreamedValue3", + "mdas_AddNonStreamedValueAsync", + "mdas_AddNonStreamedValuesBegin", + "mdas_AddNonStreamedValuesEnd", + "mdas_AddRevisionValue", + "mdas_AddRevisionValuesBegin", + "mdas_AddRevisionValuesEnd", + "mdas_AddStreamValue", + "mdas_AddStreamValue2", + "mdas_AddTagExtendedProperties", + "mdas_AddTagExtendedPropertyGroups", + "mdas_AddTags", + "mdas_AddTags2", + "mdas_CanUpdateAreaHierarchy", + "mdas_CloseConnection", + "mdas_ConfigureAutoStartProcess", + "mdas_ConfigureParameter", + "mdas_DeleteTag", + "mdas_DeleteTagExtendedPropertiesByName", + "mdas_EndQuery", + "mdas_ExchangeInfoWithProcess", + "mdas_GetErrorCount", + "mdas_GetErrorText", + "mdas_GetHistorianTagsByKey", + "mdas_GetJobStatus", + "mdas_GetLicenseFeatureInfo", + "mdas_GetLikeTagnames", + "mdas_GetLocalizedText", + "mdas_GetNextBlockQueryResult", + "mdas_GetNextDataQueryResult", + "mdas_GetSFParameter", + "mdas_GetStorageStatus", + "mdas_GetSystemParameter", + "mdas_GetSystemTimeZoneName", + "mdas_GetTagDeploymentStatus", + "mdas_GetTagExtendedPropertyByName", + "mdas_GetTagExtendedPropertyGroupStatusByName", + "mdas_GetTagInfoByName", + "mdas_GetTagInfoFromName", + "mdas_GetTagInfosByName", + "mdas_GetTagStatusByName", + "mdas_GetTagTypeFromName", + "mdas_GetTagidsByTagnameAndSource", + "mdas_GetTimeZoneInfo", + "mdas_GetTimeZoneNames", + "mdas_Initialize", + "mdas_IsAllForwarded", + "mdas_IsDBCaseSensitive", + "mdas_IsManualTag", + "mdas_IsOriginalAllowed", + "mdas_IsTagnameValid", + "mdas_IsTagsSynchronized", + "mdas_LogError", + "mdas_OpenConnection", + "mdas_OpenConnection2", + "mdas_OpenConnectionOffline", + "mdas_OpenConnectionOffline2", + "mdas_OpenConnectionOffline4", + "mdas_PingPipe", + "mdas_PingServer", + "mdas_ReleaseBuffer", + "mdas_ReleaseErrorDetail", + "mdas_RenameSourceTags", + "mdas_RenameTags", + "mdas_SendNonStreamedValues", + "mdas_SetBufferMemory", + "mdas_SetConnectState", + "mdas_SetConnectionParameter", + "mdas_SetParameter", + "mdas_SetRedundantSFMode", + "mdas_SetSFParameter", + "mdas_SetServerConnectionInfo", + "mdas_SetServerConnectionInfo2", + "mdas_SetServerConnectionInfo4", + "mdas_SetStoreForwardMode", + "mdas_SetTraceAccount", + "mdas_SetTraceFlags", + "mdas_StartBlockRetrievalQuery", + "mdas_StartDataRetrievalQuery", + "mdas_StartLikeTagNameSearch", + "mdas_StartProcess", + "mdas_StopProcess", + "mdas_UnInitialize", + "mdas_UnregisterTag", + "mdas_UpdateAreaHierarchy", + "mdas_UpdateConnection", + "mdas_UpdateObjectHierarchy" + ] + }, + { + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientCommon.dll", + "Sha256": "c9e6bf37fd98131519a7460f0c7359242f4b89c3d75a3d3c4899d7564d249834", + "Exports": [ + "?CreateClientCommon@@YAPEAVIClientCommon@@PEA_W@Z", + "?DeleteClientCommon@@YAXPEAVIClientCommon@@@Z" + ] + }, + { + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Sha256": "0e58222c7c0b3ce82075ac5c5bc4c21546e92d8727b23be16188304b312eedba", + "Exports": [] + } + ], + "Scenarios": [ + { + "Name": "connect-process", + "NativeOperation": "mdas_OpenConnection2", + "ManagedApi": "ProbeAsync/GetConnectionStatusAsync", + "EvidenceFile": "fixtures/protocol/2020/connect-process.bin" + }, + { + "Name": "history-raw", + "NativeOperation": "mdas_StartDataRetrievalQuery \u002B mdas_GetNextDataQueryResult", + "ManagedApi": "ReadRawAsync", + "EvidenceFile": "fixtures/protocol/2020/history-raw.bin" + }, + { + "Name": "history-aggregate", + "NativeOperation": "mdas_StartDataRetrievalQuery \u002B mdas_GetNextDataQueryResult", + "ManagedApi": "ReadAggregateAsync", + "EvidenceFile": "fixtures/protocol/2020/history-aggregate.bin" + }, + { + "Name": "history-at-time", + "NativeOperation": "mdas_StartDataRetrievalQuery \u002B mdas_GetNextDataQueryResult", + "ManagedApi": "ReadAtTimeAsync", + "EvidenceFile": "fixtures/protocol/2020/history-at-time.bin" + }, + { + "Name": "history-block", + "NativeOperation": "mdas_StartBlockRetrievalQuery \u002B mdas_GetNextBlockQueryResult", + "ManagedApi": "ReadBlocksAsync", + "EvidenceFile": "fixtures/protocol/2020/history-block.bin" + }, + { + "Name": "event-query", + "NativeOperation": "mdas_StartEventDataRetrievalQuery \u002B mdas_GetNextEventDataQueryResult", + "ManagedApi": "ReadEventsAsync", + "EvidenceFile": "fixtures/protocol/2020/event-query.bin" + }, + { + "Name": "tag-browse", + "NativeOperation": "mdas_StartLikeTagNameSearch \u002B mdas_GetLikeTagnames", + "ManagedApi": "BrowseTagNamesAsync", + "EvidenceFile": "fixtures/protocol/2020/tag-browse.bin" + }, + { + "Name": "tag-metadata", + "NativeOperation": "mdas_GetTagInfoByName", + "ManagedApi": "GetTagMetadataAsync", + "EvidenceFile": "fixtures/protocol/2020/tag-metadata.bin" + }, + { + "Name": "status", + "NativeOperation": "mdas_GetStorageStatus/mdas_GetSystemParameter", + "ManagedApi": "GetConnectionStatusAsync/GetStoreForwardStatusAsync", + "EvidenceFile": "fixtures/protocol/2020/status.bin" + }, + { + "Name": "write-streamed-value", + "NativeOperation": "mdas_AddStreamValue", + "ManagedApi": "WriteStreamedValueAsync", + "EvidenceFile": "fixtures/protocol/2020/write-streamed-value.bin" + }, + { + "Name": "write-event", + "NativeOperation": "mdas_AddStreamValue for HistorianEvent", + "ManagedApi": "WriteEventAsync", + "EvidenceFile": "fixtures/protocol/2020/write-event.bin" + } + ] +} \ No newline at end of file diff --git a/docs/reverse-engineering/capture-workflow.md b/docs/reverse-engineering/capture-workflow.md new file mode 100644 index 0000000..f74b4dd --- /dev/null +++ b/docs/reverse-engineering/capture-workflow.md @@ -0,0 +1,147 @@ +# Capture Workflow + +Use the reverse-engineering CLI to keep captures repeatable: + +```powershell +dotnet run --project tools\AVEVA.Historian.ReverseEngineering -- manifest +dotnet run --project tools\AVEVA.Historian.ReverseEngineering -- exports current\aahClient.dll +dotnet run --project tools\AVEVA.Historian.ReverseEngineering -- mark history-raw +dotnet run --project tools\AVEVA.Historian.ReverseEngineering -- wcf-probe 10.100.0.48 32568 +dotnet run --project tools\AVEVA.Historian.ReverseEngineering -- wcf-tag-info 10.100.0.48 32568 OtOpcUaParityTest_001.Counter +``` + +To probe the certificate-secured history endpoint with fully managed WCF/MDAS: + +```powershell +dotnet run --project tools\AVEVA.Historian.ReverseEngineering -- wcf-cert-probe localhost 32568 +dotnet run --project tools\AVEVA.Historian.ReverseEngineering -- wcf-cert-probe 10.100.0.48 32568 localhost +``` + +The optional final argument supplies the expected endpoint DNS identity. On the +current development Historian, the remote endpoint presents certificate identity +`localhost`, so the explicit identity is required when connecting by IP address. + +Windows built-in packet capture may miss local Historian traffic. For local +native-wrapper probes, use the Frida harness: + +```powershell +powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\Attach-NativeTraceHarnessWinsockCapture.ps1 -Scenario history -ServerName localhost -RetrievalMode Full -TagName OtOpcUaParityTest_001.Counter -LookbackMinutes 1440 -MaxRows 1 +``` + +The Frida harness attaches before `OpenConnection` and hooks: + +- Winsock `connect`, `WSAConnect`, `send`, `recv`, `WSASend`, and `WSARecv` +- `CreateFileW`, `ReadFile`, `WriteFile`, and `CloseHandle` +- `NtCreateFile`, `NtReadFile`, and `NtWriteFile` + +For native trace harness captures that must hook before `aahClientManaged.dll` +loads, pass a preload pause: + +```powershell +powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\Attach-NativeTraceHarnessWinsockCapture.ps1 -Scenario event -PreLoadSleepSeconds 8 -AttachDelaySeconds 0 -OutputPath .\docs\reverse-engineering\winsock-event-preload-localhost-latest.ndjson +``` + +The latest preload local event pass still produced no Winsock or tracked pipe +payloads even though native event open and `StartQuery` succeeded. + +Artifacts should be treated as diagnostic metadata. The script records byte +counts and short hex prefixes only; do not add raw credential/session buffers +to the repo. + +Current local result: `localhost`, `127.0.0.1`, and the machine LAN IP all +complete native reads without observed client-process socket or pipe payloads. +That suggests local native reads are not exercising the remote transport path. + +To force the native client onto a remote TCP path through the Debian test box: + +```powershell +powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\Run-DebianHistorianRelayCapture.ps1 -SshUser dohertj2 -SshHost 10.100.0.35 -TargetHost 10.100.0.48 -OutputPath .\docs\reverse-engineering\debian-relay-history-latest.ndjson -HarnessOutputPath .\docs\reverse-engineering\native-trace-harness-via-debian-relay-latest.json +``` + +This starts a temporary Python TCP relay on `10.100.0.35:32568` forwarding to +`10.100.0.48:32568`, runs the native harness against `10.100.0.35`, pulls back +the relay log, and cleans up the remote process. The relay logs connection +events, byte counts, and 16-byte hex prefixes only. + +Current relay result: the native client reaches the remote Net.TCP/WCF preamble +and authentication exchange, but the relayed session is rejected before +`OpenConnection` becomes connected. This gives transport evidence but not query +request/response buffers yet. Matching ArchestrA logs identify the relayed +target as `Server(10.100.0.35)` and show `Transport with Certificate` security, +so the relay is not transparent at the certificate/identity layer. + +For event mode, the rewritten relay shows the same security boundary but a +clear endpoint sequence: + +```powershell +powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\Run-DebianHistorianRelayCapture.ps1 -SshUser dohertj2 -SshHost 10.100.0.35 -TargetHost 10.100.0.48 -RewriteEndpointHost -Scenario event -OutputPath .\docs\reverse-engineering\debian-relay-rewrite-event-latest.ndjson -HarnessOutputPath .\docs\reverse-engineering\native-trace-harness-via-debian-relay-rewrite-event-latest.json +``` + +Observed event relay sequence: + +- `/HistCert` preamble with `application/ssl-tls` +- TLS-style records +- repeated `/Hist-Integrated` preambles with `application/negotiate` +- NTLMSSP type 1/2/3 messages +- 13-byte server rejection/reset before connected state + +Adding `--direct-connection` for event mode does not bypass the relay; event +direct emits the same endpoint sequence and still fails before connected state. + +To test whether native connection flags change that security choice, add extra +harness arguments: + +```powershell +powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\Run-DebianHistorianRelayCapture.ps1 -SshUser dohertj2 -SshHost 10.100.0.35 -TargetHost 10.100.0.48 -OutputPath .\docs\reverse-engineering\debian-relay-history-direct-latest.ndjson -HarnessOutputPath .\docs\reverse-engineering\native-trace-harness-via-debian-relay-direct-latest.json -HarnessExtraArgs @("--direct-connection") +``` + +Observed result: once the reverse harness forces the private +`directConnection` backing field, the native read succeeds and the relay records +only its own startup line. This is useful for native parity snapshots, but it +bypasses the remote transport evidence needed for the managed driver. + +To collect Windows packet metadata for the relay path without storing raw +payload bytes: + +```powershell +powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\Run-PktmonDebianRelayCapture.ps1 -Scenario history -SshUser dohertj2 -SshHost 10.100.0.35 -TargetHost 10.100.0.48 -TagName OtOpcUaParityTest_001.Counter -LookbackMinutes 1440 -MaxRows 1 -OutputPrefix .\docs\reverse-engineering\pktmon-debian-relay-history-latest +``` + +This script: + +- adds a pktmon TCP filter for `10.100.0.35:32568` +- starts pktmon with flags `0x00e`, intentionally omitting raw packet bytes +- runs the Debian relay harness scenario +- converts the ETL to text/stat metadata +- deletes the ETL file before writing the summary + +Current pktmon result: the metadata capture records TCP flows between +`10.100.0.48` and `10.100.0.35:32568` with no payload bytes retained. This is +useful for timing, directions, ports, and reset behavior, but still not enough +to reconstruct query buffers. + +To correlate relay TCP ownership on Windows while running Frida system-boundary +hooks: + +```powershell +powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\Attach-SystemBoundaryViaDebianRelay.ps1 -Scenario history -SshUser dohertj2 -SshHost 10.100.0.35 -TargetHost 10.100.0.48 -TagName OtOpcUaParityTest_001.Counter -LookbackMinutes 1440 -MaxRows 1 -OutputPath .\docs\reverse-engineering\system-boundary-via-debian-relay-history-latest.ndjson +``` + +Current system-boundary relay result: the Windows TCP owner monitor attributes +the established relay connection to `AVEVA.Historian.NativeTraceHarness`, but +Frida hooks on exported Winsock calls, `WSAIoctl`, `mswsock`, file APIs, and +`NtDeviceIoControlFile` still record no transport callbacks. Treat this as +negative evidence for further export-level Frida work. + +For each scenario: + +1. Start Wireshark and API Monitor. +2. Emit a `mark ` line and note the timestamp. +3. Run the same operation through the native SDK/client. +4. Save raw captures outside the repo. +5. Add only sanitized binary frames or decoded notes under `fixtures/protocol`. + +The production SDK must not reference this harness or any AVEVA native binary. + +After a capture is sanitized, add parser tests before enabling the corresponding +operation in `Historian2020ProtocolDialect`. diff --git a/docs/reverse-engineering/cclientbase-open-correlation-latest.json b/docs/reverse-engineering/cclientbase-open-correlation-latest.json new file mode 100644 index 0000000..4de3a0c --- /dev/null +++ b/docs/reverse-engineering/cclientbase-open-correlation-latest.json @@ -0,0 +1,32 @@ +{ + "Scenario": "Local integrated full-history read", + "RawArtifact": "artifacts/reverse-engineering/instrumented-cclientbase-open-correlation", + "InstrumentedTokens": { + "HistorianClient.OpenConnection": "0x060055D8", + "aahClientCommon.CClientBase.OpenConnection": "0x0600388D", + "Query.StartDataQuery": "0x0600574B", + "aahClientCommon.CClientCommon.StartQuery": "0x06002E86", + "CRetrievalConnectionWCF.StartQuery2": "0x06004A0D" + }, + "Observed": { + "OpenConnectionSuccess": 1, + "LegacyClientHandle": 2, + "CClientBaseInitialHandle": 0, + "CClientBasePrimaryOpenRecords": 0, + "CClientBaseSecondaryOpenSuccess": 1, + "CClientBaseHandleAfterSecondaryOpen": "", + "StartDataQueryClientHandleCandidate": 2, + "CClientCommonClientHandleForConnection": "", + "WcfStartQuery2ClientHandle": "", + "WcfStartQuery2Success": 1, + "WcfStartQuery2ServerQueryHandle": "", + "CClientCommonQueryHandleAfterCall": "", + "ManagedGetNextRowQueryHandle": 1 + }, + "Hashes": { + "WcfStartQuery2ResponseSha256": "4c062b5ce8181308f0f46bfd8c6088acb52e6ade94401651b7d3ccc8952edfb5", + "WcfGetNextResultSha256": "d90f74b9d83eb615a0c16d3241e5884e65abfb31d28cce110dbf37b35a17def5", + "ManagedGetNextRowMemorySha256": "316893e5f783819793b8a2f68c0c4b1d70bbbf5a3201b054d4b43ffbe6bed15c" + }, + "Conclusion": "CClientBase.OpenConnection starts with the vtable offset 24 handle equal to zero. The primary-open instrumentation did not fire on this local integrated path. The secondary open branch succeeds and the vtable offset 24 handle after that branch exactly matches the later CClientCommon.StartQuery client handle and WCF StartQuery2 client handle. The next reverse-engineering target is the secondary open vtable call at CClientBase.OpenConnection IL offset 0x06D4 and its request/response contract." +} diff --git a/docs/reverse-engineering/cclientcommon-startquery-correlation-latest.json b/docs/reverse-engineering/cclientcommon-startquery-correlation-latest.json new file mode 100644 index 0000000..84a3ca4 --- /dev/null +++ b/docs/reverse-engineering/cclientcommon-startquery-correlation-latest.json @@ -0,0 +1,35 @@ +{ + "Scenario": "Local integrated full-history read", + "RawArtifact": "artifacts/reverse-engineering/instrumented-cclientcommon-startquery-correlation", + "InstrumentedTokens": { + "HistorianClient.OpenConnection": "0x060055D8", + "Query.StartDataQuery": "0x0600574B", + "aahClientCommon.CClientCommon.StartQuery": "0x06002E86", + "CRetrievalConnectionWCF.StartQuery2": "0x06004A0D", + "CRetrievalConnectionWCF.GetNextQueryResultBuffer2": "0x06004A0E", + "HistorianClient.GetNextRow": "0x0600588D" + }, + "Observed": { + "OpenConnectionSuccess": 1, + "LegacyClientHandle": 2, + "StartDataQueryClientHandleCandidate": 2, + "CClientCommonQueryHandleBeforeCall": 0, + "CClientCommonClientHandleForConnection": "", + "WcfStartQuery2ClientHandle": "", + "WcfStartQuery2Success": 1, + "WcfStartQuery2QueryRequestType": 1, + "WcfStartQuery2RequestSize": 251, + "WcfStartQuery2ResponseSize": 31, + "WcfStartQuery2ResponseSha256": "4c062b5ce8181308f0f46bfd8c6088acb52e6ade94401651b7d3ccc8952edfb5", + "WcfStartQuery2ServerQueryHandle": "", + "CClientCommonCallSuccess": 1, + "CClientCommonQueryHandleAfterCall": "", + "WcfGetNextClientHandle": "", + "WcfGetNextQueryHandle": "", + "WcfGetNextResultSize": 570, + "WcfGetNextResultSha256": "1bb1e1f55b226ed2e10f0a251d1a65be0daf6ecf7bff05ab9bd11e5870c5e615", + "ManagedGetNextRowQueryHandle": 1, + "ManagedGetNextRowMemorySha256": "96f4f04f56531d749f17e103f620f45a23d51f63dfcaba49b02a8e12a317efa4" + }, + "Conclusion": "The successful read path does not use CRetrieval/CSrvRetrieval/CRetrievalConsoleClient for the WCF retrieval handle. aahClientCommon.CClientCommon.StartQuery obtains the accepted /Retr client handle from a CClient vtable call at IL offset 0x01A3, then passes it into the WCF StartQuery2 vtable call at IL offset 0x01BC. The server query handle written by WCF StartQuery2 is copied back through the same queryHandle pointer." +} diff --git a/docs/reverse-engineering/cserverclient-handle-correlation-latest.json b/docs/reverse-engineering/cserverclient-handle-correlation-latest.json new file mode 100644 index 0000000..8214c33 --- /dev/null +++ b/docs/reverse-engineering/cserverclient-handle-correlation-latest.json @@ -0,0 +1,23 @@ +{ + "GeneratedUtc": "2026-05-02T23:00:03Z", + "Scenario": "native integrated history read", + "Sanitized": true, + "InstrumentedMethods": { + "CServerClient.GetHandle": "0x060017F9", + "HistorianClient.OpenConnection": "0x060055D8", + "Query.StartDataQuery": "0x0600574B", + "CRetrievalConnectionWCF.StartQuery2": "0x06004A0D", + "CRetrievalConnectionWCF.GetNextQueryResultBuffer2": "0x06004A0E", + "HistorianClient.GetNextRow": "0x0600588D" + }, + "ObservedValues": { + "CServerClientGetHandleRecords": 0, + "HistorianClientOpenConnectionHandle": 2, + "StartDataQueryClientHandleCandidate": 2, + "WcfStartQuery2ClientHandle": "", + "WcfStartQuery2ServerQueryHandle": "", + "WcfStartQuery2Success": 1, + "WcfGetNextQueryResultBuffer2Success": 1 + }, + "Conclusion": "CServerClient.GetHandle is not called on this successful local history read path. The transient WCF retrieval client handle is therefore not obtained through this accessor; the next target should be direct field access or the virtual/calli path through CRetrieval.StartQuery2 and CSrvRetrievalConnection.StartQuery." +} diff --git a/docs/reverse-engineering/data-query-request-ctor-il-latest.txt b/docs/reverse-engineering/data-query-request-ctor-il-latest.txt new file mode 100644 index 0000000..6b6ae65 --- /dev/null +++ b/docs/reverse-engineering/data-query-request-ctor-il-latest.txt @@ -0,0 +1,636 @@ +IL_0000: ldarg.0 +IL_0001: ldarg.s 23 +IL_0003: call 0x060004C7 CMetadataNamespace.{ctor} +IL_0008: pop +IL_0009: ldarg.0 +IL_000A: ldc.i4 208 +IL_000F: conv.i8 +IL_0010: add +IL_0011: stloc.s 22 +IL_0013: ldloc.s 22 +IL_0015: call 0x06000041 QueryColumnSelector.{ctor} +IL_001A: pop +IL_001B: ldarg.0 +IL_001C: ldc.i4 232 +IL_0021: conv.i8 +IL_0022: add +IL_0023: stloc.s 21 +IL_0025: ldloc.s 21 +IL_0027: stloc.s 20 +IL_0029: ldloc.s 20 +IL_002B: ldc.i4.0 +IL_002C: conv.i8 +IL_002D: stind.i8 +IL_002E: ldloc.s 20 +IL_0030: ldc.i4.8 +IL_0031: conv.i8 +IL_0032: add +IL_0033: ldc.i4.0 +IL_0034: conv.i8 +IL_0035: stind.i8 +IL_0036: ldarg.0 +IL_0037: ldc.i4 264 +IL_003C: conv.i8 +IL_003D: add +IL_003E: stloc.s 19 +IL_0040: ldloc.s 19 +IL_0042: stloc.s 12 +IL_0044: ldloc.s 12 +IL_0046: call 0x060000C9 std._String_val >.{ctor} +IL_004B: pop +IL_004C: ldloc.s 12 +IL_004E: call 0x06000074 std.basic_string,std::allocator >._Tidy_init +IL_0053: leave.s IL_0063 +IL_0055: ldftn 0x06000064 std._Compressed_pair,std::_String_val >,1>.{dtor} +IL_005B: ldloc.s 12 +IL_005D: call 0x06005C0F ___CxxCallUnwindDtor +IL_0062: endfinally +IL_0063: nop +IL_0064: ldarg.0 +IL_0065: ldc.i4 300 +IL_006A: conv.i8 +IL_006B: add +IL_006C: stloc.s 6 +IL_006E: ldloc.s 6 +IL_0070: call 0x06000325 CQTIFlags.{ctor} +IL_0075: pop +IL_0076: ldarg.0 +IL_0077: ldc.i4 312 +IL_007C: conv.i8 +IL_007D: add +IL_007E: stloc.s 18 +IL_0080: ldloc.s 18 +IL_0082: stloc.s 11 +IL_0084: ldloc.s 11 +IL_0086: call 0x060000C9 std._String_val >.{ctor} +IL_008B: pop +IL_008C: ldloc.s 11 +IL_008E: call 0x06000074 std.basic_string,std::allocator >._Tidy_init +IL_0093: leave.s IL_00A3 +IL_0095: ldftn 0x06000064 std._Compressed_pair,std::_String_val >,1>.{dtor} +IL_009B: ldloc.s 11 +IL_009D: call 0x06005C0F ___CxxCallUnwindDtor +IL_00A2: endfinally +IL_00A3: nop +IL_00A4: ldarg.0 +IL_00A5: ldc.i4 344 +IL_00AA: conv.i8 +IL_00AB: add +IL_00AC: stloc.s 17 +IL_00AE: ldloc.s 17 +IL_00B0: stloc.s 10 +IL_00B2: ldloc.s 10 +IL_00B4: call 0x060000C9 std._String_val >.{ctor} +IL_00B9: pop +IL_00BA: ldloc.s 10 +IL_00BC: call 0x06000074 std.basic_string,std::allocator >._Tidy_init +IL_00C1: leave.s IL_00D1 +IL_00C3: ldftn 0x06000064 std._Compressed_pair,std::_String_val >,1>.{dtor} +IL_00C9: ldloc.s 10 +IL_00CB: call 0x06005C0F ___CxxCallUnwindDtor +IL_00D0: endfinally +IL_00D1: nop +IL_00D2: ldarg.0 +IL_00D3: ldc.i4 376 +IL_00D8: conv.i8 +IL_00D9: add +IL_00DA: stloc.s 9 +IL_00DC: ldloc.s 9 +IL_00DE: call 0x06000622 std.basic_string,std::allocator >.{ctor} +IL_00E3: pop +IL_00E4: ldloc.s 9 +IL_00E6: ldc.i4.s 32 +IL_00E8: conv.i8 +IL_00E9: add +IL_00EA: ldc.i4.0 +IL_00EB: stind.i4 +IL_00EC: leave.s IL_00FC +IL_00EE: ldftn 0x0600005D std.basic_string,std::allocator >.{dtor} +IL_00F4: ldloc.s 9 +IL_00F6: call 0x06005C0F ___CxxCallUnwindDtor +IL_00FB: endfinally +IL_00FC: nop +IL_00FD: ldarg.0 +IL_00FE: ldc.i4 416 +IL_0103: conv.i8 +IL_0104: add +IL_0105: stloc.s 16 +IL_0107: ldloc.s 16 +IL_0109: call 0x06002BA5 CStateCalcSelector.{ctor} +IL_010E: pop +IL_010F: ldarg.0 +IL_0110: ldc.i4 456 +IL_0115: conv.i8 +IL_0116: add +IL_0117: stloc.s 15 +IL_0119: ldloc.s 15 +IL_011B: stloc.2 +IL_011C: ldloc.2 +IL_011D: ldc.i4.0 +IL_011E: conv.i8 +IL_011F: stind.i8 +IL_0120: ldloc.2 +IL_0121: ldc.i4.8 +IL_0122: conv.i8 +IL_0123: add +IL_0124: ldc.i4.0 +IL_0125: conv.i8 +IL_0126: stind.i8 +IL_0127: ldloc.2 +IL_0128: ldc.i4.s 16 +IL_012A: conv.i8 +IL_012B: add +IL_012C: ldc.i4.0 +IL_012D: conv.i8 +IL_012E: stind.i8 +IL_012F: ldarg.0 +IL_0130: ldc.i4 480 +IL_0135: conv.i8 +IL_0136: add +IL_0137: stloc.s 14 +IL_0139: ldloc.s 14 +IL_013B: stloc.2 +IL_013C: ldloc.2 +IL_013D: ldc.i4.0 +IL_013E: conv.i8 +IL_013F: stind.i8 +IL_0140: ldloc.2 +IL_0141: ldc.i4.8 +IL_0142: conv.i8 +IL_0143: add +IL_0144: ldc.i4.0 +IL_0145: conv.i8 +IL_0146: stind.i8 +IL_0147: ldloc.2 +IL_0148: ldc.i4.s 16 +IL_014A: conv.i8 +IL_014B: add +IL_014C: ldc.i4.0 +IL_014D: conv.i8 +IL_014E: stind.i8 +IL_014F: ldarg.0 +IL_0150: ldc.i4 504 +IL_0155: conv.i8 +IL_0156: add +IL_0157: ldarg.s 31 +IL_0159: stind.i4 +IL_015A: ldarg.0 +IL_015B: ldc.i4 508 +IL_0160: conv.i8 +IL_0161: add +IL_0162: ldarg.s 24 +IL_0164: stind.i4 +IL_0165: ldarg.0 +IL_0166: ldc.i4 512 +IL_016B: conv.i8 +IL_016C: add +IL_016D: ldarg.s 25 +IL_016F: stind.i4 +IL_0170: ldarg.0 +IL_0171: ldc.i4 516 +IL_0176: conv.i8 +IL_0177: add +IL_0178: ldarg.s 22 +IL_017A: stind.i2 +IL_017B: ldarg.0 +IL_017C: ldc.i4 520 +IL_0181: conv.i8 +IL_0182: add +IL_0183: stloc.s 8 +IL_0185: ldloc.s 8 +IL_0187: ldarg.s 27 +IL_0189: call 0x0600005F std.basic_string,std::allocator >.{ctor} +IL_018E: pop +IL_018F: ldloc.s 8 +IL_0191: ldc.i4.s 32 +IL_0193: conv.i8 +IL_0194: add +IL_0195: ldarg.s 27 +IL_0197: ldc.i4.s 32 +IL_0199: conv.i8 +IL_019A: add +IL_019B: call 0x06000568 std.vector >.{ctor} +IL_01A0: pop +IL_01A1: leave.s IL_01B1 +IL_01A3: ldftn 0x0600005D std.basic_string,std::allocator >.{dtor} +IL_01A9: ldloc.s 8 +IL_01AB: call 0x06005C0F ___CxxCallUnwindDtor +IL_01B0: endfinally +IL_01B1: nop +IL_01B2: ldarg.0 +IL_01B3: ldc.i4 576 +IL_01B8: conv.i8 +IL_01B9: add +IL_01BA: stloc.s 7 +IL_01BC: ldloc.s 7 +IL_01BE: ldarg.s 26 +IL_01C0: call 0x0600005F std.basic_string,std::allocator >.{ctor} +IL_01C5: pop +IL_01C6: ldloc.s 7 +IL_01C8: ldc.i4.s 32 +IL_01CA: conv.i8 +IL_01CB: add +IL_01CC: ldarg.s 26 +IL_01CE: ldc.i4.s 32 +IL_01D0: conv.i8 +IL_01D1: add +IL_01D2: call 0x06000568 std.vector >.{ctor} +IL_01D7: pop +IL_01D8: leave.s IL_01E8 +IL_01DA: ldftn 0x0600005D std.basic_string,std::allocator >.{dtor} +IL_01E0: ldloc.s 7 +IL_01E2: call 0x06005C0F ___CxxCallUnwindDtor +IL_01E7: endfinally +IL_01E8: nop +IL_01E9: ldarg.0 +IL_01EA: ldc.i4 632 +IL_01EF: conv.i8 +IL_01F0: add +IL_01F1: ldarg.s 30 +IL_01F3: stind.i2 +IL_01F4: ldarg.0 +IL_01F5: ldc.i4 636 +IL_01FA: conv.i8 +IL_01FB: add +IL_01FC: ldarg.s 28 +IL_01FE: stind.i4 +IL_01FF: ldarg.0 +IL_0200: ldc.i4 640 +IL_0205: conv.i8 +IL_0206: add +IL_0207: ldarg.s 29 +IL_0209: call 0x06002C1C AutoSummaryParameters.{ctor} +IL_020E: pop +IL_020F: ldloc.s 22 +IL_0211: ldarg.1 +IL_0212: call 0x06000043 QueryColumnSelector.= +IL_0217: pop +IL_0218: ldarg.0 +IL_0219: ldc.i4 216 +IL_021E: conv.i8 +IL_021F: add +IL_0220: ldarg.2 +IL_0221: stind.i4 +IL_0222: ldarg.0 +IL_0223: ldc.i4 220 +IL_0228: conv.i8 +IL_0229: add +IL_022A: ldarg.3 +IL_022B: stind.i4 +IL_022C: ldarg.0 +IL_022D: ldc.i4 224 +IL_0232: conv.i8 +IL_0233: add +IL_0234: ldarg.s 4 +IL_0236: stind.i4 +IL_0237: ldloc.s 21 +IL_0239: ldarg.s 5 +IL_023B: stind.i8 +IL_023C: ldarg.0 +IL_023D: ldc.i4 240 +IL_0242: conv.i8 +IL_0243: add +IL_0244: ldarg.s 6 +IL_0246: stind.i8 +IL_0247: ldarg.0 +IL_0248: ldc.i4 248 +IL_024D: conv.i8 +IL_024E: add +IL_024F: ldarg.s 7 +IL_0251: stind.i8 +IL_0252: ldarg.0 +IL_0253: ldc.i4 256 +IL_0258: conv.i8 +IL_0259: add +IL_025A: ldarg.s 8 +IL_025C: stind.r4 +IL_025D: ldarg.0 +IL_025E: ldc.i4 260 +IL_0263: conv.i8 +IL_0264: add +IL_0265: ldarg.s 9 +IL_0267: stind.i4 +IL_0268: ldarg.s 10 +IL_026A: stloc.s 5 +IL_026C: ldarg.s 10 +IL_026E: unaligned. 1 +IL_0271: ldind.i2 +IL_0272: brfalse.s IL_0283 +IL_0274: ldloc.s 5 +IL_0276: ldc.i4.2 +IL_0277: conv.i8 +IL_0278: add +IL_0279: stloc.s 5 +IL_027B: ldloc.s 5 +IL_027D: unaligned. 1 +IL_0280: ldind.i2 +IL_0281: brtrue.s IL_0274 +IL_0283: ldloc.s 5 +IL_0285: ldarg.s 10 +IL_0287: sub +IL_0288: ldc.i4.1 +IL_0289: shr +IL_028A: stloc.s 25 +IL_028C: ldloc.s 19 +IL_028E: ldarg.s 10 +IL_0290: ldloc.s 25 +IL_0292: call 0x0600005B std.basic_string,std::allocator >.assign +IL_0297: pop +IL_0298: ldarg.s 11 +IL_029A: ldc.i4.1 +IL_029B: beq.s IL_02CB +IL_029D: ldarg.s 11 +IL_029F: ldc.i4.4 +IL_02A0: beq.s IL_02BF +IL_02A2: ldarg.s 11 +IL_02A4: ldc.i4.5 +IL_02A5: beq.s IL_02B3 +IL_02A7: ldarg.0 +IL_02A8: ldc.i4 228 +IL_02AD: conv.i8 +IL_02AE: add +IL_02AF: ldc.i4.0 +IL_02B0: stind.i4 +IL_02B1: br.s IL_02D5 +IL_02B3: ldarg.0 +IL_02B4: ldc.i4 228 +IL_02B9: conv.i8 +IL_02BA: add +IL_02BB: ldc.i4.5 +IL_02BC: stind.i4 +IL_02BD: br.s IL_02D5 +IL_02BF: ldarg.0 +IL_02C0: ldc.i4 228 +IL_02C5: conv.i8 +IL_02C6: add +IL_02C7: ldc.i4.4 +IL_02C8: stind.i4 +IL_02C9: br.s IL_02D5 +IL_02CB: ldarg.0 +IL_02CC: ldc.i4 228 +IL_02D1: conv.i8 +IL_02D2: add +IL_02D3: ldc.i4.1 +IL_02D4: stind.i4 +IL_02D5: ldarg.0 +IL_02D6: ldc.i4 296 +IL_02DB: conv.i8 +IL_02DC: add +IL_02DD: ldarg.s 12 +IL_02DF: stind.i4 +IL_02E0: ldloc.s 6 +IL_02E2: stloc.1 +IL_02E3: ldloc.1 +IL_02E4: ldarg.s 15 +IL_02E6: ldc.i4.s 12 +IL_02E8: shl +IL_02E9: ldloc.1 +IL_02EA: ldind.u2 +IL_02EB: xor +IL_02EC: ldc.i4 4095 +IL_02F1: and +IL_02F2: ldarg.s 15 +IL_02F4: ldc.i4.s 12 +IL_02F6: shl +IL_02F7: xor +IL_02F8: stind.i2 +IL_02F9: ldloc.s 6 +IL_02FB: stloc.1 +IL_02FC: ldloc.1 +IL_02FD: ldarg.s 14 +IL_02FF: ldc.i4.8 +IL_0300: shl +IL_0301: ldloc.1 +IL_0302: ldind.u2 +IL_0303: xor +IL_0304: ldc.i4 3840 +IL_0309: and +IL_030A: ldloc.1 +IL_030B: ldind.u2 +IL_030C: xor +IL_030D: stind.i2 +IL_030E: ldarg.s 13 +IL_0310: ldc.i4 254 +IL_0315: beq.s IL_031B +IL_0317: ldarg.s 13 +IL_0319: br.s IL_0320 +IL_031B: ldc.i4 255 +IL_0320: stloc.s 26 +IL_0322: ldloc.s 6 +IL_0324: stloc.1 +IL_0325: ldloc.1 +IL_0326: dup +IL_0327: ldind.u2 +IL_0328: ldloca.s 26 +IL_032A: ldind.i4 +IL_032B: xor +IL_032C: ldc.i4 255 +IL_0331: and +IL_0332: ldloc.1 +IL_0333: ldind.u2 +IL_0334: xor +IL_0335: stind.i2 +IL_0336: ldarg.s 16 +IL_0338: stloc.3 +IL_0339: ldarg.s 16 +IL_033B: unaligned. 1 +IL_033E: ldind.i2 +IL_033F: brfalse.s IL_034D +IL_0341: ldloc.3 +IL_0342: ldc.i4.2 +IL_0343: conv.i8 +IL_0344: add +IL_0345: stloc.3 +IL_0346: ldloc.3 +IL_0347: unaligned. 1 +IL_034A: ldind.i2 +IL_034B: brtrue.s IL_0341 +IL_034D: ldloc.3 +IL_034E: ldarg.s 16 +IL_0350: sub +IL_0351: ldc.i4.1 +IL_0352: shr +IL_0353: stloc.s 24 +IL_0355: ldloc.s 18 +IL_0357: ldarg.s 16 +IL_0359: ldloc.s 24 +IL_035B: call 0x0600005B std.basic_string,std::allocator >.assign +IL_0360: pop +IL_0361: ldarg.s 17 +IL_0363: brfalse.s IL_038B +IL_0365: ldarg.s 17 +IL_0367: stloc.0 +IL_0368: ldarg.s 17 +IL_036A: unaligned. 1 +IL_036D: ldind.i2 +IL_036E: brfalse.s IL_037C +IL_0370: ldloc.0 +IL_0371: ldc.i4.2 +IL_0372: conv.i8 +IL_0373: add +IL_0374: stloc.0 +IL_0375: ldloc.0 +IL_0376: unaligned. 1 +IL_0379: ldind.i2 +IL_037A: brtrue.s IL_0370 +IL_037C: ldloc.0 +IL_037D: ldarg.s 17 +IL_037F: sub +IL_0380: ldc.i4.1 +IL_0381: shr +IL_0382: ldc.i4.0 +IL_0383: conv.i8 +IL_0384: ble.un.s IL_038B +IL_0386: ldarg.s 17 +IL_0388: stloc.0 +IL_0389: br.s IL_0391 +IL_038B: ldsflda 0x04007BC9 ??_C@_1BC@PKKBNPFC@?$AAN?$AAo?$AAF?$AAi?$AAl?$AAt?$AAe?$AAr@ +IL_0390: stloc.0 +IL_0391: ldloc.0 +IL_0392: stloc.s 4 +IL_0394: ldloc.0 +IL_0395: unaligned. 1 +IL_0398: ldind.i2 +IL_0399: brfalse.s IL_03AA +IL_039B: ldloc.s 4 +IL_039D: ldc.i4.2 +IL_039E: conv.i8 +IL_039F: add +IL_03A0: stloc.s 4 +IL_03A2: ldloc.s 4 +IL_03A4: unaligned. 1 +IL_03A7: ldind.i2 +IL_03A8: brtrue.s IL_039B +IL_03AA: ldloc.s 4 +IL_03AC: ldloc.0 +IL_03AD: sub +IL_03AE: ldc.i4.1 +IL_03AF: shr +IL_03B0: stloc.s 23 +IL_03B2: ldloc.s 17 +IL_03B4: ldloc.0 +IL_03B5: ldloc.s 23 +IL_03B7: call 0x0600005B std.basic_string,std::allocator >.assign +IL_03BC: pop +IL_03BD: ldarg.0 +IL_03BE: ldc.i4 408 +IL_03C3: conv.i8 +IL_03C4: add +IL_03C5: ldarg.s 18 +IL_03C7: stind.i4 +IL_03C8: ldloc.s 16 +IL_03CA: ldarg.s 19 +IL_03CC: stind.i4 +IL_03CD: ldloc.s 15 +IL_03CF: stloc.s 13 +IL_03D1: ldloc.s 13 +IL_03D3: ldarg.s 20 +IL_03D5: beq.s IL_03E7 +IL_03D7: ldloc.s 13 +IL_03D9: ldarg.s 20 +IL_03DB: ldind.i8 +IL_03DC: ldarg.s 20 +IL_03DE: ldc.i4.8 +IL_03DF: conv.i8 +IL_03E0: add +IL_03E1: ldind.i8 +IL_03E2: call 0x0600273E std.vector,std::allocator >,std::allocator,std::allocator > > >.assign,class std::allocator > *,0> +IL_03E7: ldloc.s 14 +IL_03E9: ldarg.s 21 +IL_03EB: call 0x0600268F std.vector,std::allocator >,std::allocator,std::allocator > > >.= +IL_03F0: pop +IL_03F1: leave.s IL_0407 +IL_03F3: ldftn 0x06002C1A AutoSummaryParameters.{dtor} +IL_03F9: ldarg.0 +IL_03FA: ldc.i4 640 +IL_03FF: conv.i8 +IL_0400: add +IL_0401: call 0x06005C0F ___CxxCallUnwindDtor +IL_0406: endfinally +IL_0407: leave.s IL_041D +IL_0409: ldftn 0x06000443 SRedundantEndpoint.{dtor} +IL_040F: ldarg.0 +IL_0410: ldc.i4 576 +IL_0415: conv.i8 +IL_0416: add +IL_0417: call 0x06005C0F ___CxxCallUnwindDtor +IL_041C: endfinally +IL_041D: leave.s IL_0433 +IL_041F: ldftn 0x06000443 SRedundantEndpoint.{dtor} +IL_0425: ldarg.0 +IL_0426: ldc.i4 520 +IL_042B: conv.i8 +IL_042C: add +IL_042D: call 0x06005C0F ___CxxCallUnwindDtor +IL_0432: endfinally +IL_0433: leave.s IL_0449 +IL_0435: ldftn 0x0600105E std.vector,std::allocator >,std::allocator,std::allocator > > >.{dtor} +IL_043B: ldarg.0 +IL_043C: ldc.i4 480 +IL_0441: conv.i8 +IL_0442: add +IL_0443: call 0x06005C0F ___CxxCallUnwindDtor +IL_0448: endfinally +IL_0449: leave.s IL_045F +IL_044B: ldftn 0x0600105E std.vector,std::allocator >,std::allocator,std::allocator > > >.{dtor} +IL_0451: ldarg.0 +IL_0452: ldc.i4 456 +IL_0457: conv.i8 +IL_0458: add +IL_0459: call 0x06005C0F ___CxxCallUnwindDtor +IL_045E: endfinally +IL_045F: leave.s IL_0475 +IL_0461: ldftn 0x06002BAF CStateCalcSelector.{dtor} +IL_0467: ldarg.0 +IL_0468: ldc.i4 416 +IL_046D: conv.i8 +IL_046E: add +IL_046F: call 0x06005C0F ___CxxCallUnwindDtor +IL_0474: endfinally +IL_0475: leave.s IL_048B +IL_0477: ldftn 0x060004D6 CValueSelector.{dtor} +IL_047D: ldarg.0 +IL_047E: ldc.i4 376 +IL_0483: conv.i8 +IL_0484: add +IL_0485: call 0x06005C0F ___CxxCallUnwindDtor +IL_048A: endfinally +IL_048B: leave.s IL_04A1 +IL_048D: ldftn 0x0600005D std.basic_string,std::allocator >.{dtor} +IL_0493: ldarg.0 +IL_0494: ldc.i4 344 +IL_0499: conv.i8 +IL_049A: add +IL_049B: call 0x06005C0F ___CxxCallUnwindDtor +IL_04A0: endfinally +IL_04A1: leave.s IL_04B7 +IL_04A3: ldftn 0x0600005D std.basic_string,std::allocator >.{dtor} +IL_04A9: ldarg.0 +IL_04AA: ldc.i4 312 +IL_04AF: conv.i8 +IL_04B0: add +IL_04B1: call 0x06005C0F ___CxxCallUnwindDtor +IL_04B6: endfinally +IL_04B7: leave.s IL_04CD +IL_04B9: ldftn 0x0600005D std.basic_string,std::allocator >.{dtor} +IL_04BF: ldarg.0 +IL_04C0: ldc.i4 264 +IL_04C5: conv.i8 +IL_04C6: add +IL_04C7: call 0x06005C0F ___CxxCallUnwindDtor +IL_04CC: endfinally +IL_04CD: leave.s IL_04E3 +IL_04CF: ldftn 0x06000044 QueryColumnSelector.{dtor} +IL_04D5: ldarg.0 +IL_04D6: ldc.i4 208 +IL_04DB: conv.i8 +IL_04DC: add +IL_04DD: call 0x06005C0F ___CxxCallUnwindDtor +IL_04E2: endfinally +IL_04E3: leave.s IL_04F2 +IL_04E5: ldftn 0x06002598 CMetadataNamespace.{dtor} +IL_04EB: ldarg.0 +IL_04EC: call 0x06005C0F ___CxxCallUnwindDtor +IL_04F1: endfinally +IL_04F2: ldarg.0 +IL_04F3: ret diff --git a/docs/reverse-engineering/debian-relay-history-latest.pid b/docs/reverse-engineering/debian-relay-history-latest.pid new file mode 100644 index 0000000..81ab676 --- /dev/null +++ b/docs/reverse-engineering/debian-relay-history-latest.pid @@ -0,0 +1 @@ +721220 diff --git a/docs/reverse-engineering/dnlib-historianclient-getnexteventrow-target-latest.json b/docs/reverse-engineering/dnlib-historianclient-getnexteventrow-target-latest.json new file mode 100644 index 0000000..cec81a6 --- /dev/null +++ b/docs/reverse-engineering/dnlib-historianclient-getnexteventrow-target-latest.json @@ -0,0 +1,561 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "0x06005965", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "\u003CModule\u003E", + "Name": { + "String": "HistorianClient.GetNextRow\u003Cclass EventQueryResultRow\u003E", + "Data": "SGlzdG9yaWFuQ2xpZW50LkdldE5leHRSb3c8Y2xhc3MgRXZlbnRRdWVyeVJlc3VsdFJvdz4=", + "Length": 53, + "DataLength": 53 + }, + "Token": "0x06005965", + "Rva": "0x00430E10", + "IsStatic": true, + "IsPublic": false, + "HasBody": true, + "InstructionCount": 81, + "Locals": [ + { + "Index": 0, + "Type": "System.Boolean" + }, + { + "Index": 1, + "Type": "SError/value" + }, + { + "Index": 2, + "Type": "std.shared_ptr\u003CQuery\u003E" + }, + { + "Index": 3, + "Type": "System.UInt32" + } + ], + "Calls": [ + { + "Offset": "0x0006", + "OpCode": "call", + "Operand": "std.shared_ptr\u003CQuery\u003E* modreq(System.Runtime.CompilerServices.IsUdtReturn) modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::HistorianClient.GetQuery(HistorianClient* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.shared_ptr\u003CQuery\u003E*,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong))", + "Token": "0x060055C5" + }, + { + "Offset": "0x0033", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.ClearErrorDetail(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000165" + }, + { + "Offset": "0x0056", + "OpCode": "call", + "Operand": "System.Boolean modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.GetNextQueryResultRow\u003Cclass EventQueryResultRow\u003E(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),EventQueryResultRow*,SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x0600597A" + }, + { + "Offset": "0x0066", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0078", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Ref_count_base._Decref(std._Ref_count_base* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000137" + } + ], + "Instructions": [ + { + "Offset": "0x0000", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0001", + "OpCode": "stloc.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0002", + "OpCode": "ldarg.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0003", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x0005", + "OpCode": "ldarg.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0006", + "OpCode": "call", + "Operand": "std.shared_ptr\u003CQuery\u003E* modreq(System.Runtime.CompilerServices.IsUdtReturn) modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::HistorianClient.GetQuery(HistorianClient* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.shared_ptr\u003CQuery\u003E*,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong))", + "Token": "0x060055C5" + }, + { + "Offset": "0x000B", + "OpCode": "pop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x000C", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x000E", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x000F", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0010", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0011", + "OpCode": "bne.un.s", + "Operand": "IL_0016: ldc.i4.1", + "Token": null + }, + { + "Offset": "0x0013", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0014", + "OpCode": "br.s", + "Operand": "IL_0017: conv.u1", + "Token": null + }, + { + "Offset": "0x0016", + "OpCode": "ldc.i4.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0017", + "OpCode": "conv.u1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0018", + "OpCode": "brtrue.s", + "Operand": "IL_0051: ldloca.s V_2", + "Token": null + }, + { + "Offset": "0x001A", + "OpCode": "ldarg.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x001B", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x001C", + "OpCode": "bne.un.s", + "Operand": "IL_0022: ldc.i4.s 51", + "Token": null + }, + { + "Offset": "0x001E", + "OpCode": "ldc.i4.s", + "Operand": "30", + "Token": null + }, + { + "Offset": "0x0020", + "OpCode": "br.s", + "Operand": "IL_0024: stloc.1", + "Token": null + }, + { + "Offset": "0x0022", + "OpCode": "ldc.i4.s", + "Operand": "51", + "Token": null + }, + { + "Offset": "0x0024", + "OpCode": "stloc.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0025", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0026", + "OpCode": "ldc.i4.s", + "Operand": "12", + "Token": null + }, + { + "Offset": "0x0028", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0029", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002A", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002B", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002C", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002D", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002E", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002F", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0030", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0031", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0032", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0033", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.ClearErrorDetail(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000165" + }, + { + "Offset": "0x0038", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0039", + "OpCode": "ldc.i4.s", + "Operand": "12", + "Token": null + }, + { + "Offset": "0x003B", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x003C", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x003D", + "OpCode": "ldc.i4.4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x003E", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x003F", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0040", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0041", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0042", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0043", + "OpCode": "ldloca.s", + "Operand": "V_1", + "Token": null + }, + { + "Offset": "0x0045", + "OpCode": "ldind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0046", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0047", + "OpCode": "ldloca.s", + "Operand": "V_1", + "Token": null + }, + { + "Offset": "0x0049", + "OpCode": "ldind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x004A", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x004B", + "OpCode": "ceq", + "Operand": null, + "Token": null + }, + { + "Offset": "0x004D", + "OpCode": "conv.u1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x004E", + "OpCode": "stloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x004F", + "OpCode": "leave.s", + "Operand": "IL_006C: ldloca.s V_2", + "Token": null + }, + { + "Offset": "0x0051", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x0053", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0054", + "OpCode": "ldarg.2", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0055", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0056", + "OpCode": "call", + "Operand": "System.Boolean modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.GetNextQueryResultRow\u003Cclass EventQueryResultRow\u003E(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),EventQueryResultRow*,SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x0600597A" + }, + { + "Offset": "0x005B", + "OpCode": "stloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x005C", + "OpCode": "leave.s", + "Operand": "IL_006C: ldloca.s V_2", + "Token": null + }, + { + "Offset": "0x005E", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.shared_ptr\u003CQuery\u003E.{dtor}(std.shared_ptr\u003CQuery\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600562A" + }, + { + "Offset": "0x0064", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x0066", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x006B", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x006C", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x006E", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x006F", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0070", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0071", + "OpCode": "brfalse.s", + "Operand": "IL_007D: ldloc.0", + "Token": null + }, + { + "Offset": "0x0073", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x0075", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0076", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0077", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0078", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Ref_count_base._Decref(std._Ref_count_base* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000137" + }, + { + "Offset": "0x007D", + "OpCode": "ldloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x007E", + "OpCode": "ret", + "Operand": null, + "Token": null + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-historianclient-getnextrow-target-latest.json b/docs/reverse-engineering/dnlib-historianclient-getnextrow-target-latest.json new file mode 100644 index 0000000..2ab35b4 --- /dev/null +++ b/docs/reverse-engineering/dnlib-historianclient-getnextrow-target-latest.json @@ -0,0 +1,561 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "0x0600588D", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "\u003CModule\u003E", + "Name": { + "String": "HistorianClient.GetNextRow\u003Cclass DataQueryResultRow\u003E", + "Data": "SGlzdG9yaWFuQ2xpZW50LkdldE5leHRSb3c8Y2xhc3MgRGF0YVF1ZXJ5UmVzdWx0Um93Pg==", + "Length": 52, + "DataLength": 52 + }, + "Token": "0x0600588D", + "Rva": "0x0042F818", + "IsStatic": true, + "IsPublic": false, + "HasBody": true, + "InstructionCount": 81, + "Locals": [ + { + "Index": 0, + "Type": "System.Boolean" + }, + { + "Index": 1, + "Type": "SError/value" + }, + { + "Index": 2, + "Type": "std.shared_ptr\u003CQuery\u003E" + }, + { + "Index": 3, + "Type": "System.UInt32" + } + ], + "Calls": [ + { + "Offset": "0x0006", + "OpCode": "call", + "Operand": "std.shared_ptr\u003CQuery\u003E* modreq(System.Runtime.CompilerServices.IsUdtReturn) modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::HistorianClient.GetQuery(HistorianClient* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.shared_ptr\u003CQuery\u003E*,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong))", + "Token": "0x060055C5" + }, + { + "Offset": "0x0033", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.ClearErrorDetail(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000165" + }, + { + "Offset": "0x0056", + "OpCode": "call", + "Operand": "System.Boolean modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.GetNextQueryResultRow\u003Cclass DataQueryResultRow\u003E(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),DataQueryResultRow*,SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060058AF" + }, + { + "Offset": "0x0066", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0078", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Ref_count_base._Decref(std._Ref_count_base* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000137" + } + ], + "Instructions": [ + { + "Offset": "0x0000", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0001", + "OpCode": "stloc.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0002", + "OpCode": "ldarg.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0003", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x0005", + "OpCode": "ldarg.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0006", + "OpCode": "call", + "Operand": "std.shared_ptr\u003CQuery\u003E* modreq(System.Runtime.CompilerServices.IsUdtReturn) modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::HistorianClient.GetQuery(HistorianClient* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.shared_ptr\u003CQuery\u003E*,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong))", + "Token": "0x060055C5" + }, + { + "Offset": "0x000B", + "OpCode": "pop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x000C", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x000E", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x000F", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0010", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0011", + "OpCode": "bne.un.s", + "Operand": "IL_0016: ldc.i4.1", + "Token": null + }, + { + "Offset": "0x0013", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0014", + "OpCode": "br.s", + "Operand": "IL_0017: conv.u1", + "Token": null + }, + { + "Offset": "0x0016", + "OpCode": "ldc.i4.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0017", + "OpCode": "conv.u1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0018", + "OpCode": "brtrue.s", + "Operand": "IL_0051: ldloca.s V_2", + "Token": null + }, + { + "Offset": "0x001A", + "OpCode": "ldarg.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x001B", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x001C", + "OpCode": "bne.un.s", + "Operand": "IL_0022: ldc.i4.s 51", + "Token": null + }, + { + "Offset": "0x001E", + "OpCode": "ldc.i4.s", + "Operand": "30", + "Token": null + }, + { + "Offset": "0x0020", + "OpCode": "br.s", + "Operand": "IL_0024: stloc.1", + "Token": null + }, + { + "Offset": "0x0022", + "OpCode": "ldc.i4.s", + "Operand": "51", + "Token": null + }, + { + "Offset": "0x0024", + "OpCode": "stloc.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0025", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0026", + "OpCode": "ldc.i4.s", + "Operand": "12", + "Token": null + }, + { + "Offset": "0x0028", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0029", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002A", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002B", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002C", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002D", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002E", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x002F", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0030", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0031", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0032", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0033", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.ClearErrorDetail(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000165" + }, + { + "Offset": "0x0038", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0039", + "OpCode": "ldc.i4.s", + "Operand": "12", + "Token": null + }, + { + "Offset": "0x003B", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x003C", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x003D", + "OpCode": "ldc.i4.4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x003E", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x003F", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0040", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0041", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0042", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0043", + "OpCode": "ldloca.s", + "Operand": "V_1", + "Token": null + }, + { + "Offset": "0x0045", + "OpCode": "ldind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0046", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0047", + "OpCode": "ldloca.s", + "Operand": "V_1", + "Token": null + }, + { + "Offset": "0x0049", + "OpCode": "ldind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x004A", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x004B", + "OpCode": "ceq", + "Operand": null, + "Token": null + }, + { + "Offset": "0x004D", + "OpCode": "conv.u1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x004E", + "OpCode": "stloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x004F", + "OpCode": "leave.s", + "Operand": "IL_006C: ldloca.s V_2", + "Token": null + }, + { + "Offset": "0x0051", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x0053", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0054", + "OpCode": "ldarg.2", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0055", + "OpCode": "ldarg.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0056", + "OpCode": "call", + "Operand": "System.Boolean modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.GetNextQueryResultRow\u003Cclass DataQueryResultRow\u003E(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),DataQueryResultRow*,SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060058AF" + }, + { + "Offset": "0x005B", + "OpCode": "stloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x005C", + "OpCode": "leave.s", + "Operand": "IL_006C: ldloca.s V_2", + "Token": null + }, + { + "Offset": "0x005E", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.shared_ptr\u003CQuery\u003E.{dtor}(std.shared_ptr\u003CQuery\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600562A" + }, + { + "Offset": "0x0064", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x0066", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x006B", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x006C", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x006E", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x006F", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0070", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0071", + "OpCode": "brfalse.s", + "Operand": "IL_007D: ldloc.0", + "Token": null + }, + { + "Offset": "0x0073", + "OpCode": "ldloca.s", + "Operand": "V_2", + "Token": null + }, + { + "Offset": "0x0075", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0076", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0077", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0078", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Ref_count_base._Decref(std._Ref_count_base* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000137" + }, + { + "Offset": "0x007D", + "OpCode": "ldloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x007E", + "OpCode": "ret", + "Operand": null, + "Token": null + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-historianclient-startdataquery-target-latest.json b/docs/reverse-engineering/dnlib-historianclient-startdataquery-target-latest.json new file mode 100644 index 0000000..943018c --- /dev/null +++ b/docs/reverse-engineering/dnlib-historianclient-startdataquery-target-latest.json @@ -0,0 +1,55 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "0x060055E4", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "\u003CModule\u003E", + "Name": { + "String": "HistorianClient.StartDataQuery", + "Data": "SGlzdG9yaWFuQ2xpZW50LlN0YXJ0RGF0YVF1ZXJ5", + "Length": 30, + "DataLength": 30 + }, + "Token": "0x060055E4", + "Rva": "0x004160C4", + "IsStatic": true, + "IsPublic": false, + "HasBody": true, + "InstructionCount": 80, + "Calls": [ + { + "Offset": "0x0007", + "OpCode": "call", + "Operand": "std.shared_ptr\u003CQuery\u003E* modreq(System.Runtime.CompilerServices.IsUdtReturn) modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::HistorianClient.StartQuery(HistorianClient* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.shared_ptr\u003CQuery\u003E*,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)*)", + "Token": "0x060055C4" + }, + { + "Offset": "0x005C", + "OpCode": "call", + "Operand": "System.Boolean modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.StartDataQuery(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),INSQL_QUERYTYPE,INSQL_QUERYFORMAT,HISTORIAN_SUMMARYTYPE,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**,System.UInt64,System.UInt64,System.Double,System.Single,System.UInt32,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,E_VERSIONTYPE,E_INTERPOLATIONTYPE,E_TIMESTAMPRULE,E_QUALITYRULE,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.Char*,System.UInt16,System.Char*,System.UInt16,EValueSelector,E_AGGREGATIONTYPE,System.UInt32,System.Byte modopt(System.Runtime.CompilerServices.IsConst)*,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt16,CMetadataNamespace modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SRedundantEndpoint modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SRedundantEndpoint modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x0600574B" + }, + { + "Offset": "0x006A", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.EndQuery(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600574D" + }, + { + "Offset": "0x007F", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0091", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Ref_count_base._Decref(std._Ref_count_base* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000137" + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-historyquery-movenext-latest.json b/docs/reverse-engineering/dnlib-historyquery-movenext-latest.json new file mode 100644 index 0000000..6d7c4f3 --- /dev/null +++ b/docs/reverse-engineering/dnlib-historyquery-movenext-latest.json @@ -0,0 +1,67 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "ArchestrA.HistoryQuery.MoveNext", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "ArchestrA.HistoryQuery", + "Name": { + "String": "MoveNext", + "Data": "TW92ZU5leHQ=", + "Length": 8, + "DataLength": 8 + }, + "Token": "0x060062A2", + "Rva": "0x004405D4", + "IsStatic": false, + "IsPublic": true, + "HasBody": true, + "InstructionCount": 67, + "Calls": [ + { + "Offset": "0x0004", + "OpCode": "call", + "Operand": "HistorianClient* ArchestrA.BaseQuery::GetClient(ArchestrA.HistorianAccessError\u0026)", + "Token": "0x060061B5" + }, + { + "Offset": "0x0029", + "OpCode": "call", + "Operand": "System.Void ArchestrA.HistoryQueryResult::CleanResult()", + "Token": "0x06006262" + }, + { + "Offset": "0x004D", + "OpCode": "call", + "Operand": "DataQueryResultRow* ArchestrA.HistoryQueryResult::get_UnmanagedQueryResult()", + "Token": "0x06006263" + }, + { + "Offset": "0x0054", + "OpCode": "call", + "Operand": "System.Boolean modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::HistorianClient.GetNextRow\u003Cclass DataQueryResultRow\u003E(HistorianClient* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),DataQueryResultRow*,SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x0600588D" + }, + { + "Offset": "0x006E", + "OpCode": "call", + "Operand": "System.Void ArchestrA.HistoryQueryResult::InitializeBasicProperties()", + "Token": "0x06006260" + }, + { + "Offset": "0x007F", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0087", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.ClearErrorDetail(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000165" + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-historyquery-startquery-latest.json b/docs/reverse-engineering/dnlib-historyquery-startquery-latest.json new file mode 100644 index 0000000..761bf1e --- /dev/null +++ b/docs/reverse-engineering/dnlib-historyquery-startquery-latest.json @@ -0,0 +1,361 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "ArchestrA.HistoryQuery.StartQuery", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "ArchestrA.HistoryQuery", + "Name": { + "String": "StartQuery", + "Data": "U3RhcnRRdWVyeQ==", + "Length": 10, + "DataLength": 10 + }, + "Token": "0x060062A1", + "Rva": "0x0044012C", + "IsStatic": false, + "IsPublic": true, + "HasBody": true, + "InstructionCount": 426, + "Calls": [ + { + "Offset": "0x0002", + "OpCode": "call", + "Operand": "HistorianClient* ArchestrA.BaseQuery::GetClient(ArchestrA.HistorianAccessError\u0026)", + "Token": "0x060061B5" + }, + { + "Offset": "0x000F", + "OpCode": "call", + "Operand": "System.Boolean ArchestrA.HistoryQuery::EndQuery(ArchestrA.HistorianAccessError\u0026)", + "Token": "0x060062A3" + }, + { + "Offset": "0x0054", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Boolean* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x00B1", + "OpCode": "callvirt", + "Operand": "System.Boolean ArchestrA.HistoryQueryArgs::ProcessQueryArgs(ArchestrA.HistorianAccessError\u0026)", + "Token": "0x06006246" + }, + { + "Offset": "0x00C7", + "OpCode": "call", + "Operand": "System.String ArchestrA.HistoryQueryArgs::get_Option()", + "Token": "0x06006251" + }, + { + "Offset": "0x00D1", + "OpCode": "call", + "Operand": "System.Int32 \u003CModule\u003E::ArchestrA.ConvertHelper.ManagedToUnmanagedString(System.String,System.UInt64,System.Char*)", + "Token": "0x06005823" + }, + { + "Offset": "0x00F3", + "OpCode": "call", + "Operand": "System.String ArchestrA.HistoryQueryArgs::get_Filter()", + "Token": "0x06006257" + }, + { + "Offset": "0x00FD", + "OpCode": "call", + "Operand": "System.Int32 \u003CModule\u003E::ArchestrA.ConvertHelper.ManagedToUnmanagedString(System.String,System.UInt64,System.Char*)", + "Token": "0x06005823" + }, + { + "Offset": "0x0116", + "OpCode": "call", + "Operand": "System.Collections.Specialized.StringCollection ArchestrA.BaseQueryArgs::get_TagNames()", + "Token": "0x060061B7" + }, + { + "Offset": "0x011B", + "OpCode": "callvirt", + "Operand": "System.Int32 System.Collections.Specialized.StringCollection::get_Count()", + "Token": "0x0A00041C" + }, + { + "Offset": "0x013B", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003Cwchar_t *,std::allocator\u003Cwchar_t *\u003E \u003E.reserve(std.vector\u003Cwchar_t *,std::allocator\u003Cwchar_t *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.UInt64 modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005856" + }, + { + "Offset": "0x014A", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0152", + "OpCode": "call", + "Operand": "System.Collections.Specialized.StringCollection ArchestrA.BaseQueryArgs::get_TagNames()", + "Token": "0x060061B7" + }, + { + "Offset": "0x015A", + "OpCode": "call", + "Operand": "System.Boolean \u003CModule\u003E::ArchestrA.ConvertHelper.ManagedToUnmanagedStrings(System.Collections.Specialized.StringCollection,stx.tsarray* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),ArchestrA.HistorianAccessError\u0026)", + "Token": "0x06005825" + }, + { + "Offset": "0x016A", + "OpCode": "call", + "Operand": "QueryColumnSelector* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::QueryColumnSelector.{ctor}(QueryColumnSelector* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000041" + }, + { + "Offset": "0x0174", + "OpCode": "call", + "Operand": "System.Void ArchestrA.HistoryQuery::SelectQueryColumns(ArchestrA.HistoryQueryArgs,QueryColumnSelector* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x0600629C" + }, + { + "Offset": "0x017B", + "OpCode": "call", + "Operand": "SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{ctor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011DE" + }, + { + "Offset": "0x0193", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x01A8", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.SaveEx(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Void modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt64)", + "Token": "0x06000801" + }, + { + "Offset": "0x01B4", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.SaveEx(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Void modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt64)", + "Token": "0x06000801" + }, + { + "Offset": "0x01C4", + "OpCode": "calli", + "Operand": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x0210", + "OpCode": "call", + "Operand": "System.DateTime ArchestrA.BaseQueryArgs::get_EndDateTime()", + "Token": "0x060061BB" + }, + { + "Offset": "0x0219", + "OpCode": "call", + "Operand": "System.DateTime System.DateTime::ToUniversalTime()", + "Token": "0x0A00040D" + }, + { + "Offset": "0x0221", + "OpCode": "call", + "Operand": "System.DateTime ArchestrA.BaseQueryArgs::get_StartDateTime()", + "Token": "0x060061B9" + }, + { + "Offset": "0x022A", + "OpCode": "call", + "Operand": "System.DateTime System.DateTime::ToUniversalTime()", + "Token": "0x0A00040D" + }, + { + "Offset": "0x023D", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr)", + "Token": null + }, + { + "Offset": "0x0250", + "OpCode": "call", + "Operand": "ArchestrA.HistorianRetrievalMode ArchestrA.BaseQueryArgs::get_RetrievalMode()", + "Token": "0x060061BD" + }, + { + "Offset": "0x0258", + "OpCode": "call", + "Operand": "System.Collections.Specialized.StringCollection ArchestrA.BaseQueryArgs::get_TagNames()", + "Token": "0x060061B7" + }, + { + "Offset": "0x025D", + "OpCode": "callvirt", + "Operand": "System.Int32 System.Collections.Specialized.StringCollection::get_Count()", + "Token": "0x0A00041C" + }, + { + "Offset": "0x0264", + "OpCode": "call", + "Operand": "System.Char modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::stx.tsarray.get(stx.tsarray modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060057EA" + }, + { + "Offset": "0x026E", + "OpCode": "call", + "Operand": "System.Int64 System.DateTime::ToFileTime()", + "Token": "0x0A00040C" + }, + { + "Offset": "0x0275", + "OpCode": "call", + "Operand": "System.Int64 System.DateTime::ToFileTime()", + "Token": "0x0A00040C" + }, + { + "Offset": "0x027B", + "OpCode": "call", + "Operand": "System.UInt64 ArchestrA.BaseQueryArgs::get_Resolution()", + "Token": "0x060061BF" + }, + { + "Offset": "0x0283", + "OpCode": "call", + "Operand": "System.Single ArchestrA.HistoryQueryArgs::get_ValueDeadband()", + "Token": "0x06006247" + }, + { + "Offset": "0x0289", + "OpCode": "call", + "Operand": "System.UInt32 ArchestrA.HistoryQueryArgs::get_TimeDeadband()", + "Token": "0x06006249" + }, + { + "Offset": "0x0294", + "OpCode": "call", + "Operand": "ArchestrA.HistorianVersionType ArchestrA.BaseQueryArgs::get_DataVersion()", + "Token": "0x060061C1" + }, + { + "Offset": "0x029A", + "OpCode": "call", + "Operand": "ArchestrA.HistorianInterpolationType ArchestrA.HistoryQueryArgs::get_InterpolationType()", + "Token": "0x0600624B" + }, + { + "Offset": "0x02A0", + "OpCode": "call", + "Operand": "ArchestrA.HistorianTimestampRule ArchestrA.HistoryQueryArgs::get_TimeStampRule()", + "Token": "0x0600624D" + }, + { + "Offset": "0x02A6", + "OpCode": "call", + "Operand": "ArchestrA.HistorianQualityRule ArchestrA.HistoryQueryArgs::get_QualityRule()", + "Token": "0x0600624F" + }, + { + "Offset": "0x02B6", + "OpCode": "call", + "Operand": "ArchestrA.HistorianValueSelector ArchestrA.HistoryQueryArgs::get_ValueSelector()", + "Token": "0x06006253" + }, + { + "Offset": "0x02BC", + "OpCode": "call", + "Operand": "ArchestrA.HistorianAggregationType ArchestrA.HistoryQueryArgs::get_AggregationType()", + "Token": "0x06006255" + }, + { + "Offset": "0x02C9", + "OpCode": "call", + "Operand": "System.UInt16 ArchestrA.HistoryQueryArgs::get_MaxStates()", + "Token": "0x06006259" + }, + { + "Offset": "0x02D2", + "OpCode": "call", + "Operand": "System.Boolean modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::HistorianClient.StartDataQuery(HistorianClient* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),INSQL_QUERYTYPE,INSQL_QUERYFORMAT,HISTORIAN_SUMMARYTYPE,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**,System.UInt64,System.UInt64,System.Double,System.Single,System.UInt32,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,E_VERSIONTYPE,E_INTERPOLATIONTYPE,E_TIMESTAMPRULE,E_QUALITYRULE,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.Char*,System.UInt16,System.Char*,System.UInt16,EValueSelector,E_AGGREGATIONTYPE,System.UInt32,System.Byte modopt(System.Runtime.CompilerServices.IsConst)*,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt16,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)*,SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060055E4" + }, + { + "Offset": "0x031A", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0322", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.ClearErrorDetail(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000165" + }, + { + "Offset": "0x0331", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0341", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x0350", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0368", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0370", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::QueryColumnSelector.{dtor}(QueryColumnSelector* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000044" + }, + { + "Offset": "0x037F", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0388", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::stx.clear_array_ptr_vector\u003Cwchar_t\u003E(std.vector\u003Cwchar_t *,std::allocator\u003Cwchar_t *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x06005886" + }, + { + "Offset": "0x0397", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x039F", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003Cwchar_t *,std::allocator\u003Cwchar_t *\u003E \u003E._Tidy(std.vector\u003Cwchar_t *,std::allocator\u003Cwchar_t *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005872" + }, + { + "Offset": "0x03AE", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x03B6", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.ClearErrorDetail(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000165" + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-query-startdataquery-il-window-latest.json b/docs/reverse-engineering/dnlib-query-startdataquery-il-window-latest.json new file mode 100644 index 0000000..4153193 --- /dev/null +++ b/docs/reverse-engineering/dnlib-query-startdataquery-il-window-latest.json @@ -0,0 +1,1085 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "0x0600574B", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "\u003CModule\u003E", + "Name": { + "String": "Query.StartDataQuery", + "Data": "UXVlcnkuU3RhcnREYXRhUXVlcnk=", + "Length": 20, + "DataLength": 20 + }, + "Token": "0x0600574B", + "Rva": "0x0041CACC", + "IsStatic": true, + "IsPublic": false, + "HasBody": true, + "InstructionCount": 481, + "Locals": [ + { + "Index": 0, + "Type": "System.Int64" + }, + { + "Index": 1, + "Type": "Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst)" + }, + { + "Index": 2, + "Type": "System.Char modopt(System.Runtime.CompilerServices.IsConst)*" + }, + { + "Index": 3, + "Type": "Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst)" + }, + { + "Index": 4, + "Type": "System.Boolean" + }, + { + "Index": 5, + "Type": "System.Int64" + }, + { + "Index": 6, + "Type": "System.Int32" + }, + { + "Index": 7, + "Type": "System.Int64" + }, + { + "Index": 8, + "Type": "System.Int64" + }, + { + "Index": 9, + "Type": "System.UInt32" + }, + { + "Index": 10, + "Type": "System.UInt32" + }, + { + "Index": 11, + "Type": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))" + }, + { + "Index": 12, + "Type": "AutoSummaryParameters* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst)" + }, + { + "Index": 13, + "Type": "HistorianNode*" + }, + { + "Index": 14, + "Type": "HistorianNode*" + }, + { + "Index": 15, + "Type": "System.Byte" + }, + { + "Index": 16, + "Type": "DataQueryResponse" + }, + { + "Index": 17, + "Type": "SByteStream\u003CSCrtMemFile\u003E" + }, + { + "Index": 18, + "Type": "SCrtMemFile" + }, + { + "Index": 19, + "Type": "DataQueryRequest" + }, + { + "Index": 20, + "Type": "AutoSummaryParameters" + }, + { + "Index": 21, + "Type": "SByteStream\u003CSCrtMemFile\u003E" + }, + { + "Index": 22, + "Type": "SCrtMemFile" + }, + { + "Index": 23, + "Type": "std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E" + }, + { + "Index": 24, + "Type": "std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E" + }, + { + "Index": 25, + "Type": "System.UInt16" + }, + { + "Index": 26, + "Type": "SReadBufferMemFile" + } + ], + "Calls": [ + { + "Offset": "0x0018", + "OpCode": "call", + "Operand": "SMemFile\u003CSNullAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSNullAllocator\u003E.{ctor}(SMemFile\u003CSNullAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Void modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt64,SMemFile\u003CSNullAllocator\u003E/EDisableAlloc)", + "Token": "0x06000803" + }, + { + "Offset": "0x0030", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x003D", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSNullAllocator\u003E.LoadEx(SMemFile\u003CSNullAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Void*,System.UInt64)", + "Token": "0x0600080C" + }, + { + "Offset": "0x004D", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSNullAllocator\u003E.LoadEx(SMemFile\u003CSNullAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Void*,System.UInt64)", + "Token": "0x0600080C" + }, + { + "Offset": "0x005C", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0064", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSNullAllocator\u003E.{dtor}(SMemFile\u003CSNullAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000805" + }, + { + "Offset": "0x0072", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::QueryColumnSelector.SelectAllQueryColumns(QueryColumnSelector* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000048" + }, + { + "Offset": "0x00CF", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.SetTagNameListWithDataSourceId(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**)", + "Token": "0x0600570B" + }, + { + "Offset": "0x00F0", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.SetTagNameListWithDataSourceId(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**)", + "Token": "0x0600570B" + }, + { + "Offset": "0x00FE", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.SetTagNameList(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**)", + "Token": "0x0600570A" + }, + { + "Offset": "0x010A", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.SetTagNameList(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**)", + "Token": "0x0600570A" + }, + { + "Offset": "0x0111", + "OpCode": "call", + "Operand": "SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{ctor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011DE" + }, + { + "Offset": "0x0129", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x013E", + "OpCode": "call", + "Operand": "AutoSummaryParameters* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::AutoSummaryParameters.{ctor}(AutoSummaryParameters* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06002C18" + }, + { + "Offset": "0x018B", + "OpCode": "call", + "Operand": "DataQueryRequest* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryRequest.{ctor}(DataQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),QueryColumnSelector modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),INSQL_QUERYTYPE,INSQL_QUERYFORMAT,HISTORIAN_SUMMARYTYPE,System.UInt64,System.UInt64,System.UInt64,System.Single,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)*,E_VERSIONTYPE,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),E_INTERPOLATIONTYPE,E_TIMESTAMPRULE,E_QUALITYRULE,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,EValueSelector,E_AGGREGATIONTYPE,std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt16,CMetadataNamespace modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),SRedundantEndpoint modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SRedundantEndpoint modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),AutoSummaryParameters modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt16,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong))", + "Token": "0x0600570F" + }, + { + "Offset": "0x019B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x01A4", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::AutoSummaryParameters.{dtor}(AutoSummaryParameters* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06002C1A" + }, + { + "Offset": "0x01AD", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryRequest.Save\u003Cclass SByteStream\u003Cclass SCrtMemFile\u003E \u003E(DataQueryRequest modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x06005760" + }, + { + "Offset": "0x01BD", + "OpCode": "calli", + "Operand": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x01C5", + "OpCode": "call", + "Operand": "SCrtMemFile* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SCrtMemFile.{ctor}(SCrtMemFile* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000CFB" + }, + { + "Offset": "0x0222", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt16,SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x027E", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt16,SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x028F", + "OpCode": "call", + "Operand": "DataQueryResponse* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryResponse.{ctor}(DataQueryResponse* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005711" + }, + { + "Offset": "0x0299", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryResponse.Load\u003Cclass SByteStream\u003Cclass SCrtMemFile\u003E \u003E(DataQueryResponse* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x06005761" + }, + { + "Offset": "0x02A9", + "OpCode": "call", + "Operand": "System.Char modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryResponse.GetStandardTimezoneName(DataQueryResponse modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005713" + }, + { + "Offset": "0x02B3", + "OpCode": "call", + "Operand": "System.Int32 modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::wcsncpy_s(System.Char*,System.UInt64,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt64)", + "Token": "0x06005CD0" + }, + { + "Offset": "0x02EA", + "OpCode": "call", + "Operand": "System.Int32 modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::wcsncpy_s(System.Char*,System.UInt64,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt64)", + "Token": "0x06005CD0" + }, + { + "Offset": "0x02F7", + "OpCode": "call", + "Operand": "SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.=(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),SError modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x06000162" + }, + { + "Offset": "0x031B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0323", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryResponse.{dtor}(DataQueryResponse* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005712" + }, + { + "Offset": "0x0332", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x033A", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{dtor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E0" + }, + { + "Offset": "0x0349", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0351", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryRequest.{dtor}(DataQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06002C1D" + }, + { + "Offset": "0x0360", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0368", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{dtor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E0" + }, + { + "Offset": "0x0377", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x037F", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Tidy(std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060006FD" + }, + { + "Offset": "0x038E", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0396", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Tidy(std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060006FD" + } + ], + "Instructions": [ + { + "Offset": "0x0160", + "OpCode": "ldarg.s", + "Operand": "timezone", + "Token": null + }, + { + "Offset": "0x0162", + "OpCode": "ldarg.s", + "Operand": "versionType", + "Token": null + }, + { + "Offset": "0x0164", + "OpCode": "ldc.i4", + "Operand": "65536", + "Token": null + }, + { + "Offset": "0x0169", + "OpCode": "ldarg.s", + "Operand": "interpolationType", + "Token": null + }, + { + "Offset": "0x016B", + "OpCode": "ldarg.s", + "Operand": "timestampRule", + "Token": null + }, + { + "Offset": "0x016D", + "OpCode": "ldarg.s", + "Operand": "eQualityRule", + "Token": null + }, + { + "Offset": "0x016F", + "OpCode": "ldarg.s", + "Operand": "wwOption", + "Token": null + }, + { + "Offset": "0x0171", + "OpCode": "ldarg.s", + "Operand": "wwFilter", + "Token": null + }, + { + "Offset": "0x0173", + "OpCode": "ldarg.s", + "Operand": "valueSelector", + "Token": null + }, + { + "Offset": "0x0175", + "OpCode": "ldarg.s", + "Operand": "stateCalc", + "Token": null + }, + { + "Offset": "0x0177", + "OpCode": "ldloca.s", + "Operand": "V_24", + "Token": null + }, + { + "Offset": "0x0179", + "OpCode": "ldloca.s", + "Operand": "V_23", + "Token": null + }, + { + "Offset": "0x017B", + "OpCode": "ldarg.s", + "Operand": "maxStates", + "Token": null + }, + { + "Offset": "0x017D", + "OpCode": "ldarg.s", + "Operand": "ns", + "Token": null + }, + { + "Offset": "0x017F", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0180", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0181", + "OpCode": "ldarg.s", + "Operand": "storageEndPoint", + "Token": null + }, + { + "Offset": "0x0183", + "OpCode": "ldarg.s", + "Operand": "mdsEndPoint", + "Token": null + }, + { + "Offset": "0x0185", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0186", + "OpCode": "ldloc.s", + "Operand": "V_12", + "Token": null + }, + { + "Offset": "0x0188", + "OpCode": "ldc.i4.s", + "Operand": "9", + "Token": null + }, + { + "Offset": "0x018A", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x018B", + "OpCode": "call", + "Operand": "DataQueryRequest* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryRequest.{ctor}(DataQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),QueryColumnSelector modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),INSQL_QUERYTYPE,INSQL_QUERYFORMAT,HISTORIAN_SUMMARYTYPE,System.UInt64,System.UInt64,System.UInt64,System.Single,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)*,E_VERSIONTYPE,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),E_INTERPOLATIONTYPE,E_TIMESTAMPRULE,E_QUALITYRULE,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,EValueSelector,E_AGGREGATIONTYPE,std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt16,CMetadataNamespace modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),SRedundantEndpoint modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SRedundantEndpoint modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),AutoSummaryParameters modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt16,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong))", + "Token": "0x0600570F" + }, + { + "Offset": "0x0190", + "OpCode": "pop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0191", + "OpCode": "leave.s", + "Operand": "IL_01A1: nop", + "Token": null + }, + { + "Offset": "0x0193", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::AutoSummaryParameters.{dtor}(AutoSummaryParameters* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06002C1A" + }, + { + "Offset": "0x0199", + "OpCode": "ldloca.s", + "Operand": "V_20", + "Token": null + }, + { + "Offset": "0x019B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x01A0", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01A1", + "OpCode": "nop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01A2", + "OpCode": "ldloca.s", + "Operand": "V_20", + "Token": null + }, + { + "Offset": "0x01A4", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::AutoSummaryParameters.{dtor}(AutoSummaryParameters* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06002C1A" + }, + { + "Offset": "0x01A9", + "OpCode": "ldloca.s", + "Operand": "V_19", + "Token": null + }, + { + "Offset": "0x01AB", + "OpCode": "ldloca.s", + "Operand": "V_21", + "Token": null + }, + { + "Offset": "0x01AD", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryRequest.Save\u003Cclass SByteStream\u003Cclass SCrtMemFile\u003E \u003E(DataQueryRequest modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x06005760" + }, + { + "Offset": "0x01B2", + "OpCode": "ldsfld", + "Operand": "System.Int32** \u003CModule\u003E::__unep@??$endstream@VSCrtMemFile@@@@$$FYAAEAV?$SByteStream@VSCrtMemFile@@@@AEAV0@@Z", + "Token": "0x04001B05" + }, + { + "Offset": "0x01B7", + "OpCode": "stloc.s", + "Operand": "V_11", + "Token": null + }, + { + "Offset": "0x01B9", + "OpCode": "ldloca.s", + "Operand": "V_21", + "Token": null + }, + { + "Offset": "0x01BB", + "OpCode": "ldloc.s", + "Operand": "V_11", + "Token": null + }, + { + "Offset": "0x01BD", + "OpCode": "calli", + "Operand": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x01C2", + "OpCode": "pop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01C3", + "OpCode": "ldloca.s", + "Operand": "V_18", + "Token": null + }, + { + "Offset": "0x01C5", + "OpCode": "call", + "Operand": "SCrtMemFile* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SCrtMemFile.{ctor}(SCrtMemFile* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000CFB" + }, + { + "Offset": "0x01CA", + "OpCode": "pop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01CB", + "OpCode": "ldloca.s", + "Operand": "V_17", + "Token": null + }, + { + "Offset": "0x01CD", + "OpCode": "ldloca.s", + "Operand": "V_18", + "Token": null + }, + { + "Offset": "0x01CF", + "OpCode": "stind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01D0", + "OpCode": "ldloca.s", + "Operand": "V_18", + "Token": null + }, + { + "Offset": "0x01D2", + "OpCode": "ldc.i4.s", + "Operand": "28", + "Token": null + }, + { + "Offset": "0x01D4", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01D5", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01D6", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01D7", + "OpCode": "ldarg.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01D8", + "OpCode": "ldc.i4.s", + "Operand": "72", + "Token": null + }, + { + "Offset": "0x01DA", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01DB", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01DC", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01DD", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01DE", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01DF", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01E0", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01E1", + "OpCode": "ldarg.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01E2", + "OpCode": "ldc.i4.s", + "Operand": "72", + "Token": null + }, + { + "Offset": "0x01E4", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01E5", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01E6", + "OpCode": "ldc.i4.4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01E7", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01E8", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01E9", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01EA", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01EB", + "OpCode": "ldarg.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01EC", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01ED", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01EE", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01EF", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01F0", + "OpCode": "stloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01F1", + "OpCode": "ldloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01F2", + "OpCode": "ldc.i4.s", + "Operand": "16", + "Token": null + }, + { + "Offset": "0x01F4", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01F5", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01F6", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01F7", + "OpCode": "ldc.i4", + "Operand": "1096", + "Token": null + }, + { + "Offset": "0x01FC", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01FD", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01FE", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01FF", + "OpCode": "stloc.s", + "Operand": "V_7", + "Token": null + }, + { + "Offset": "0x0201", + "OpCode": "ldloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0202", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0203", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0204", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0205", + "OpCode": "ldind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0206", + "OpCode": "stloc.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x0208", + "OpCode": "ldarg.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0209", + "OpCode": "ldc.i4.s", + "Operand": "16", + "Token": null + }, + { + "Offset": "0x020B", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x020C", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x020D", + "OpCode": "stloc.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x020E", + "OpCode": "ldloc.s", + "Operand": "V_7", + "Token": null + }, + { + "Offset": "0x0210", + "OpCode": "ldloc.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x0212", + "OpCode": "ldc.i4.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0213", + "OpCode": "ldloca.s", + "Operand": "V_21", + "Token": null + }, + { + "Offset": "0x0215", + "OpCode": "ldloca.s", + "Operand": "V_17", + "Token": null + }, + { + "Offset": "0x0217", + "OpCode": "ldloc.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0218", + "OpCode": "ldarg.s", + "Operand": "error", + "Token": null + }, + { + "Offset": "0x021A", + "OpCode": "ldloc.s", + "Operand": "V_7", + "Token": null + }, + { + "Offset": "0x021C", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x021D", + "OpCode": "ldc.i4.s", + "Operand": "96", + "Token": null + }, + { + "Offset": "0x021F", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0220", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0221", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0222", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt16,SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x0227", + "OpCode": "brtrue.s", + "Operand": "IL_028D: ldloca.s V_16", + "Token": null + }, + { + "Offset": "0x0229", + "OpCode": "ldarg.s", + "Operand": "error", + "Token": null + }, + { + "Offset": "0x022B", + "OpCode": "ldc.i4.s", + "Operand": "12", + "Token": null + }, + { + "Offset": "0x022D", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x022E", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x022F", + "OpCode": "ldind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0230", + "OpCode": "ldc.i4.4", + "Operand": null, + "Token": null + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-query-startdataquery-target-latest.json b/docs/reverse-engineering/dnlib-query-startdataquery-target-latest.json new file mode 100644 index 0000000..fcd5e9b --- /dev/null +++ b/docs/reverse-engineering/dnlib-query-startdataquery-target-latest.json @@ -0,0 +1,265 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "0x0600574B", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "\u003CModule\u003E", + "Name": { + "String": "Query.StartDataQuery", + "Data": "UXVlcnkuU3RhcnREYXRhUXVlcnk=", + "Length": 20, + "DataLength": 20 + }, + "Token": "0x0600574B", + "Rva": "0x0041CACC", + "IsStatic": true, + "IsPublic": false, + "HasBody": true, + "InstructionCount": 481, + "Calls": [ + { + "Offset": "0x0018", + "OpCode": "call", + "Operand": "SMemFile\u003CSNullAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSNullAllocator\u003E.{ctor}(SMemFile\u003CSNullAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Void modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt64,SMemFile\u003CSNullAllocator\u003E/EDisableAlloc)", + "Token": "0x06000803" + }, + { + "Offset": "0x0030", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x003D", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSNullAllocator\u003E.LoadEx(SMemFile\u003CSNullAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Void*,System.UInt64)", + "Token": "0x0600080C" + }, + { + "Offset": "0x004D", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSNullAllocator\u003E.LoadEx(SMemFile\u003CSNullAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Void*,System.UInt64)", + "Token": "0x0600080C" + }, + { + "Offset": "0x005C", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0064", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSNullAllocator\u003E.{dtor}(SMemFile\u003CSNullAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000805" + }, + { + "Offset": "0x0072", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::QueryColumnSelector.SelectAllQueryColumns(QueryColumnSelector* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000048" + }, + { + "Offset": "0x00CF", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.SetTagNameListWithDataSourceId(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**)", + "Token": "0x0600570B" + }, + { + "Offset": "0x00F0", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.SetTagNameListWithDataSourceId(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**)", + "Token": "0x0600570B" + }, + { + "Offset": "0x00FE", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.SetTagNameList(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**)", + "Token": "0x0600570A" + }, + { + "Offset": "0x010A", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::Query.SetTagNameList(Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**)", + "Token": "0x0600570A" + }, + { + "Offset": "0x0111", + "OpCode": "call", + "Operand": "SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{ctor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011DE" + }, + { + "Offset": "0x0129", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x013E", + "OpCode": "call", + "Operand": "AutoSummaryParameters* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::AutoSummaryParameters.{ctor}(AutoSummaryParameters* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06002C18" + }, + { + "Offset": "0x018B", + "OpCode": "call", + "Operand": "DataQueryRequest* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryRequest.{ctor}(DataQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),QueryColumnSelector modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),INSQL_QUERYTYPE,INSQL_QUERYFORMAT,HISTORIAN_SUMMARYTYPE,System.UInt64,System.UInt64,System.UInt64,System.Single,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)*,E_VERSIONTYPE,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),E_INTERPOLATIONTYPE,E_TIMESTAMPRULE,E_QUALITYRULE,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,EValueSelector,E_AGGREGATIONTYPE,std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt16,CMetadataNamespace modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),SRedundantEndpoint modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SRedundantEndpoint modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),AutoSummaryParameters modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt16,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong))", + "Token": "0x0600570F" + }, + { + "Offset": "0x019B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x01A4", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::AutoSummaryParameters.{dtor}(AutoSummaryParameters* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06002C1A" + }, + { + "Offset": "0x01AD", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryRequest.Save\u003Cclass SByteStream\u003Cclass SCrtMemFile\u003E \u003E(DataQueryRequest modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x06005760" + }, + { + "Offset": "0x01BD", + "OpCode": "calli", + "Operand": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x01C5", + "OpCode": "call", + "Operand": "SCrtMemFile* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SCrtMemFile.{ctor}(SCrtMemFile* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000CFB" + }, + { + "Offset": "0x0222", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt16,SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x027E", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt16,SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x028F", + "OpCode": "call", + "Operand": "DataQueryResponse* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryResponse.{ctor}(DataQueryResponse* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005711" + }, + { + "Offset": "0x0299", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryResponse.Load\u003Cclass SByteStream\u003Cclass SCrtMemFile\u003E \u003E(DataQueryResponse* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x06005761" + }, + { + "Offset": "0x02A9", + "OpCode": "call", + "Operand": "System.Char modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryResponse.GetStandardTimezoneName(DataQueryResponse modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005713" + }, + { + "Offset": "0x02B3", + "OpCode": "call", + "Operand": "System.Int32 modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::wcsncpy_s(System.Char*,System.UInt64,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt64)", + "Token": "0x06005CD0" + }, + { + "Offset": "0x02EA", + "OpCode": "call", + "Operand": "System.Int32 modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::wcsncpy_s(System.Char*,System.UInt64,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt64)", + "Token": "0x06005CD0" + }, + { + "Offset": "0x02F7", + "OpCode": "call", + "Operand": "SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.=(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),SError modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x06000162" + }, + { + "Offset": "0x031B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0323", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryResponse.{dtor}(DataQueryResponse* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005712" + }, + { + "Offset": "0x0332", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x033A", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{dtor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E0" + }, + { + "Offset": "0x0349", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0351", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::DataQueryRequest.{dtor}(DataQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06002C1D" + }, + { + "Offset": "0x0360", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0368", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{dtor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E0" + }, + { + "Offset": "0x0377", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x037F", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Tidy(std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060006FD" + }, + { + "Offset": "0x038E", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0396", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Tidy(std.vector\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060006FD" + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-query-starteventquery-il-window-latest.json b/docs/reverse-engineering/dnlib-query-starteventquery-il-window-latest.json new file mode 100644 index 0000000..2a9b29e --- /dev/null +++ b/docs/reverse-engineering/dnlib-query-starteventquery-il-window-latest.json @@ -0,0 +1,1251 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "0x0600574A", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "\u003CModule\u003E", + "Name": { + "String": "Query.StartEventQuery", + "Data": "UXVlcnkuU3RhcnRFdmVudFF1ZXJ5", + "Length": 21, + "DataLength": 21 + }, + "Token": "0x0600574A", + "Rva": "0x0041DB4C", + "IsStatic": true, + "IsPublic": false, + "HasBody": true, + "InstructionCount": 373, + "Locals": [ + { + "Index": 0, + "Type": "System.Int64" + }, + { + "Index": 1, + "Type": "Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst)" + }, + { + "Index": 2, + "Type": "System.Int64" + }, + { + "Index": 3, + "Type": "System.Int32" + }, + { + "Index": 4, + "Type": "System.Int64" + }, + { + "Index": 5, + "Type": "System.UInt32" + }, + { + "Index": 6, + "Type": "System.UInt32" + }, + { + "Index": 7, + "Type": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))" + }, + { + "Index": 8, + "Type": "std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst)" + }, + { + "Index": 9, + "Type": "SByteStream\u003CSCrtMemFile\u003E" + }, + { + "Index": 10, + "Type": "SCrtMemFile" + }, + { + "Index": 11, + "Type": "EventQueryRequest" + }, + { + "Index": 12, + "Type": "std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E*" + }, + { + "Index": 13, + "Type": "std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E" + }, + { + "Index": 14, + "Type": "SByteStream\u003CSCrtMemFile\u003E" + }, + { + "Index": 15, + "Type": "SCrtMemFile" + } + ], + "Calls": [ + { + "Offset": "0x0029", + "OpCode": "call", + "Operand": "SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{ctor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011DE" + }, + { + "Offset": "0x0041", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x005C", + "OpCode": "call", + "Operand": "std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E.{ctor}(std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Char modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600005E" + }, + { + "Offset": "0x0077", + "OpCode": "call", + "Operand": "EventQueryRequest* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{ctor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.UInt64,System.UInt64,System.UInt32,System.UInt32,System.UInt16,System.UInt16,EventQueryFilters* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E modreq(System.Runtime.CompilerServices.IsCopyConstructed)*,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong))", + "Token": "0x06005719" + }, + { + "Offset": "0x0081", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.Save\u003Cclass SByteStream\u003Cclass SCrtMemFile\u003E \u003E(EventQueryRequest modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x0600575E" + }, + { + "Offset": "0x0091", + "OpCode": "calli", + "Operand": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x0099", + "OpCode": "call", + "Operand": "SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{ctor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011DE" + }, + { + "Offset": "0x00B1", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x00FB", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt16,SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x0134", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x013C", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{dtor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E0" + }, + { + "Offset": "0x014B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0153", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{dtor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600571A" + }, + { + "Offset": "0x0162", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x016A", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{dtor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E0" + }, + { + "Offset": "0x0179", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0186", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E._Tidy(std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005466" + }, + { + "Offset": "0x0195", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x019E", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Erase_head\u003Cclass std::allocator\u003Cstruct std::_Tree_node\u003Cclass std::basic_string\u003Cwchar_t,struct std::char_traits\u003Cwchar_t\u003E,class std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E \u003E(std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.allocator\u003Cstd::_Tree_node\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060008A5" + }, + { + "Offset": "0x01D7", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt16,SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x01ED", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x01FD", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x020C", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0224", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x022C", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{dtor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600571A" + }, + { + "Offset": "0x023B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x024B", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x025A", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0272", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x027F", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E._Tidy(std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005466" + }, + { + "Offset": "0x028E", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0297", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Erase_head\u003Cclass std::allocator\u003Cstruct std::_Tree_node\u003Cclass std::basic_string\u003Cwchar_t,struct std::char_traits\u003Cwchar_t\u003E,class std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E \u003E(std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.allocator\u003Cstd::_Tree_node\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060008A5" + }, + { + "Offset": "0x02A8", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x02B7", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x02CF", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x02D7", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{dtor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600571A" + }, + { + "Offset": "0x02E6", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x02F6", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x0305", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x031D", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x032A", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E._Tidy(std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005466" + }, + { + "Offset": "0x0339", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0342", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Erase_head\u003Cclass std::allocator\u003Cstruct std::_Tree_node\u003Cclass std::basic_string\u003Cwchar_t,struct std::char_traits\u003Cwchar_t\u003E,class std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E \u003E(std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.allocator\u003Cstd::_Tree_node\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060008A5" + } + ], + "Instructions": [ + { + "Offset": "0x0100", + "OpCode": "brfalse.s", + "Operand": "IL_0107: ldarg.s error", + "Token": null + }, + { + "Offset": "0x0102", + "OpCode": "leave", + "Operand": "IL_029E: ldloca.s V_10", + "Token": null + }, + { + "Offset": "0x0107", + "OpCode": "ldarg.s", + "Operand": "error", + "Token": null + }, + { + "Offset": "0x0109", + "OpCode": "ldc.i4.s", + "Operand": "12", + "Token": null + }, + { + "Offset": "0x010B", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x010C", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x010D", + "OpCode": "ldind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x010E", + "OpCode": "ldc.i4.4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x010F", + "OpCode": "bne.un.s", + "Operand": "IL_011F: ldc.i4.0", + "Token": null + }, + { + "Offset": "0x0111", + "OpCode": "ldc.i4.s", + "Operand": "51", + "Token": null + }, + { + "Offset": "0x0113", + "OpCode": "ldarg.s", + "Operand": "error", + "Token": null + }, + { + "Offset": "0x0115", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0116", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0117", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0118", + "OpCode": "ldind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0119", + "OpCode": "bne.un.s", + "Operand": "IL_011F: ldc.i4.0", + "Token": null + }, + { + "Offset": "0x011B", + "OpCode": "ldc.i4.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x011C", + "OpCode": "stloc.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x011D", + "OpCode": "br.s", + "Operand": "IL_0121: ldloc.3", + "Token": null + }, + { + "Offset": "0x011F", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0120", + "OpCode": "stloc.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0121", + "OpCode": "ldloc.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0122", + "OpCode": "conv.u1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0123", + "OpCode": "brfalse.s", + "Operand": "IL_012A: leave.s IL_013A", + "Token": null + }, + { + "Offset": "0x0125", + "OpCode": "leave", + "Operand": "IL_01A5: nop", + "Token": null + }, + { + "Offset": "0x012A", + "OpCode": "leave.s", + "Operand": "IL_013A: ldloca.s V_10", + "Token": null + }, + { + "Offset": "0x012C", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SCrtMemFile.{dtor}(SCrtMemFile* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000CFE" + }, + { + "Offset": "0x0132", + "OpCode": "ldloca.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x0134", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0139", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x013A", + "OpCode": "ldloca.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x013C", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{dtor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E0" + }, + { + "Offset": "0x0141", + "OpCode": "leave.s", + "Operand": "IL_0151: ldloca.s V_11", + "Token": null + }, + { + "Offset": "0x0143", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{dtor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600571A" + }, + { + "Offset": "0x0149", + "OpCode": "ldloca.s", + "Operand": "V_11", + "Token": null + }, + { + "Offset": "0x014B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0150", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0151", + "OpCode": "ldloca.s", + "Operand": "V_11", + "Token": null + }, + { + "Offset": "0x0153", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{dtor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600571A" + }, + { + "Offset": "0x0158", + "OpCode": "leave.s", + "Operand": "IL_0168: ldloca.s V_15", + "Token": null + }, + { + "Offset": "0x015A", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SCrtMemFile.{dtor}(SCrtMemFile* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000CFE" + }, + { + "Offset": "0x0160", + "OpCode": "ldloca.s", + "Operand": "V_15", + "Token": null + }, + { + "Offset": "0x0162", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0167", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0168", + "OpCode": "ldloca.s", + "Operand": "V_15", + "Token": null + }, + { + "Offset": "0x016A", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{dtor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E0" + }, + { + "Offset": "0x016F", + "OpCode": "leave.s", + "Operand": "IL_017F: nop", + "Token": null + }, + { + "Offset": "0x0171", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryFilters.{dtor}(EventQueryFilters* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060055E3" + }, + { + "Offset": "0x0177", + "OpCode": "ldarg.s", + "Operand": "filterRequest", + "Token": null + }, + { + "Offset": "0x0179", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x017E", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x017F", + "OpCode": "nop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0180", + "OpCode": "ldarg.s", + "Operand": "filterRequest", + "Token": null + }, + { + "Offset": "0x0182", + "OpCode": "ldc.i4.s", + "Operand": "48", + "Token": null + }, + { + "Offset": "0x0184", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0185", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0186", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E._Tidy(std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005466" + }, + { + "Offset": "0x018B", + "OpCode": "leave.s", + "Operand": "IL_019B: ldarg.s filterRequest", + "Token": null + }, + { + "Offset": "0x018D", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.set\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::less\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E.{dtor}(std.set\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,std::less\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E,std::allocator\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060004CB" + }, + { + "Offset": "0x0193", + "OpCode": "ldarg.s", + "Operand": "filterRequest", + "Token": null + }, + { + "Offset": "0x0195", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x019A", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x019B", + "OpCode": "ldarg.s", + "Operand": "filterRequest", + "Token": null + }, + { + "Offset": "0x019D", + "OpCode": "dup", + "Operand": null, + "Token": null + }, + { + "Offset": "0x019E", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Erase_head\u003Cclass std::allocator\u003Cstruct std::_Tree_node\u003Cclass std::basic_string\u003Cwchar_t,struct std::char_traits\u003Cwchar_t\u003E,class std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E \u003E(std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.allocator\u003Cstd::_Tree_node\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060008A5" + }, + { + "Offset": "0x01A3", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01A4", + "OpCode": "ret", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01A5", + "OpCode": "nop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01A6", + "OpCode": "ldloc.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01A7", + "OpCode": "ldc.i4.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01A8", + "OpCode": "stind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01A9", + "OpCode": "ldarg.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01AA", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01AB", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01AC", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01AD", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01AE", + "OpCode": "stloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01AF", + "OpCode": "ldloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01B0", + "OpCode": "ldc.i4.s", + "Operand": "16", + "Token": null + }, + { + "Offset": "0x01B2", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01B3", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01B4", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01B5", + "OpCode": "ldc.i4", + "Operand": "1096", + "Token": null + }, + { + "Offset": "0x01BA", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01BB", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01BC", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01BD", + "OpCode": "stloc.2", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01BE", + "OpCode": "ldloc.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01BF", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01C0", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01C1", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01C2", + "OpCode": "ldind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01C3", + "OpCode": "stloc.s", + "Operand": "V_5", + "Token": null + }, + { + "Offset": "0x01C5", + "OpCode": "ldloc.2", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01C6", + "OpCode": "ldloc.s", + "Operand": "V_5", + "Token": null + }, + { + "Offset": "0x01C8", + "OpCode": "ldc.i4.3", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01C9", + "OpCode": "ldloca.s", + "Operand": "V_14", + "Token": null + }, + { + "Offset": "0x01CB", + "OpCode": "ldloca.s", + "Operand": "V_9", + "Token": null + }, + { + "Offset": "0x01CD", + "OpCode": "ldloc.1", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01CE", + "OpCode": "ldarg.s", + "Operand": "error", + "Token": null + }, + { + "Offset": "0x01D0", + "OpCode": "ldloc.2", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01D1", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01D2", + "OpCode": "ldc.i4.s", + "Operand": "120", + "Token": null + }, + { + "Offset": "0x01D4", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01D5", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01D6", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01D7", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt16,SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x01DC", + "OpCode": "brfalse.s", + "Operand": "IL_01E3: leave.s IL_01F3", + "Token": null + }, + { + "Offset": "0x01DE", + "OpCode": "leave", + "Operand": "IL_029E: ldloca.s V_10", + "Token": null + }, + { + "Offset": "0x01E3", + "OpCode": "leave.s", + "Operand": "IL_01F3: ldloca.s V_10", + "Token": null + }, + { + "Offset": "0x01E5", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SCrtMemFile.{dtor}(SCrtMemFile* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000CFE" + }, + { + "Offset": "0x01EB", + "OpCode": "ldloca.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x01ED", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x01F2", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01F3", + "OpCode": "ldloca.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x01F5", + "OpCode": "ldsflda", + "Operand": "\u003CCppImplementationDetails\u003E.$ArrayType$$$BY0BC@Q6AXXZ modopt(System.Runtime.CompilerServices.IsConst) \u003CModule\u003E::??_7?$SMemFile@VSCrtAllocator@@@@6B@", + "Token": "0x040010BA" + }, + { + "Offset": "0x01FA", + "OpCode": "stind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x01FB", + "OpCode": "ldloca.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x01FD", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x0202", + "OpCode": "leave.s", + "Operand": "IL_0212: ldloca.s V_10", + "Token": null + }, + { + "Offset": "0x0204", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SFile.{dtor}(SFile* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600014C" + }, + { + "Offset": "0x020A", + "OpCode": "ldloca.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x020C", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0211", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0212", + "OpCode": "ldloca.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x0214", + "OpCode": "ldsflda", + "Operand": "\u003CCppImplementationDetails\u003E.$ArrayType$$$BY0BC@Q6AXXZ modopt(System.Runtime.CompilerServices.IsConst) \u003CModule\u003E::??_7SFile@@6B@", + "Token": "0x0400037E" + }, + { + "Offset": "0x0219", + "OpCode": "stind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x021A", + "OpCode": "leave.s", + "Operand": "IL_022A: ldloca.s V_11", + "Token": null + }, + { + "Offset": "0x021C", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{dtor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600571A" + }, + { + "Offset": "0x0222", + "OpCode": "ldloca.s", + "Operand": "V_11", + "Token": null + }, + { + "Offset": "0x0224", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0229", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x022A", + "OpCode": "ldloca.s", + "Operand": "V_11", + "Token": null + }, + { + "Offset": "0x022C", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{dtor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600571A" + }, + { + "Offset": "0x0231", + "OpCode": "leave.s", + "Operand": "IL_0241: ldloca.s V_15", + "Token": null + }, + { + "Offset": "0x0233", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SCrtMemFile.{dtor}(SCrtMemFile* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000CFE" + }, + { + "Offset": "0x0239", + "OpCode": "ldloca.s", + "Operand": "V_15", + "Token": null + }, + { + "Offset": "0x023B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0240", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0241", + "OpCode": "ldloca.s", + "Operand": "V_15", + "Token": null + }, + { + "Offset": "0x0243", + "OpCode": "ldsflda", + "Operand": "\u003CCppImplementationDetails\u003E.$ArrayType$$$BY0BC@Q6AXXZ modopt(System.Runtime.CompilerServices.IsConst) \u003CModule\u003E::??_7?$SMemFile@VSCrtAllocator@@@@6B@", + "Token": "0x040010BA" + }, + { + "Offset": "0x0248", + "OpCode": "stind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0249", + "OpCode": "ldloca.s", + "Operand": "V_15", + "Token": null + }, + { + "Offset": "0x024B", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x0250", + "OpCode": "leave.s", + "Operand": "IL_0260: ldloca.s V_15", + "Token": null + }, + { + "Offset": "0x0252", + "OpCode": "ldftn", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SFile.{dtor}(SFile* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600014C" + }, + { + "Offset": "0x0258", + "OpCode": "ldloca.s", + "Operand": "V_15", + "Token": null + }, + { + "Offset": "0x025A", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x025F", + "OpCode": "endfinally", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0260", + "OpCode": "ldloca.s", + "Operand": "V_15", + "Token": null + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-query-starteventquery-save-window-latest.json b/docs/reverse-engineering/dnlib-query-starteventquery-save-window-latest.json new file mode 100644 index 0000000..7549756 --- /dev/null +++ b/docs/reverse-engineering/dnlib-query-starteventquery-save-window-latest.json @@ -0,0 +1,459 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "0x0600574A", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "\u003CModule\u003E", + "Name": { + "String": "Query.StartEventQuery", + "Data": "UXVlcnkuU3RhcnRFdmVudFF1ZXJ5", + "Length": 21, + "DataLength": 21 + }, + "Token": "0x0600574A", + "Rva": "0x0041DB4C", + "IsStatic": true, + "IsPublic": false, + "HasBody": true, + "InstructionCount": 373, + "Locals": [ + { + "Index": 0, + "Type": "System.Int64" + }, + { + "Index": 1, + "Type": "Query* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst)" + }, + { + "Index": 2, + "Type": "System.Int64" + }, + { + "Index": 3, + "Type": "System.Int32" + }, + { + "Index": 4, + "Type": "System.Int64" + }, + { + "Index": 5, + "Type": "System.UInt32" + }, + { + "Index": 6, + "Type": "System.UInt32" + }, + { + "Index": 7, + "Type": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))" + }, + { + "Index": 8, + "Type": "std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst)" + }, + { + "Index": 9, + "Type": "SByteStream\u003CSCrtMemFile\u003E" + }, + { + "Index": 10, + "Type": "SCrtMemFile" + }, + { + "Index": 11, + "Type": "EventQueryRequest" + }, + { + "Index": 12, + "Type": "std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E*" + }, + { + "Index": 13, + "Type": "std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E" + }, + { + "Index": 14, + "Type": "SByteStream\u003CSCrtMemFile\u003E" + }, + { + "Index": 15, + "Type": "SCrtMemFile" + } + ], + "Calls": [ + { + "Offset": "0x0029", + "OpCode": "call", + "Operand": "SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{ctor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011DE" + }, + { + "Offset": "0x0041", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x005C", + "OpCode": "call", + "Operand": "std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E.{ctor}(std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Char modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600005E" + }, + { + "Offset": "0x0077", + "OpCode": "call", + "Operand": "EventQueryRequest* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{ctor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.UInt64,System.UInt64,System.UInt32,System.UInt32,System.UInt16,System.UInt16,EventQueryFilters* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E modreq(System.Runtime.CompilerServices.IsCopyConstructed)*,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong))", + "Token": "0x06005719" + }, + { + "Offset": "0x0081", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.Save\u003Cclass SByteStream\u003Cclass SCrtMemFile\u003E \u003E(EventQueryRequest modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x0600575E" + }, + { + "Offset": "0x0091", + "OpCode": "calli", + "Operand": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x0099", + "OpCode": "call", + "Operand": "SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{ctor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011DE" + }, + { + "Offset": "0x00B1", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x00FB", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt16,SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x0134", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x013C", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{dtor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E0" + }, + { + "Offset": "0x014B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0153", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{dtor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600571A" + }, + { + "Offset": "0x0162", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x016A", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{dtor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E0" + }, + { + "Offset": "0x0179", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0186", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E._Tidy(std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005466" + }, + { + "Offset": "0x0195", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x019E", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Erase_head\u003Cclass std::allocator\u003Cstruct std::_Tree_node\u003Cclass std::basic_string\u003Cwchar_t,struct std::char_traits\u003Cwchar_t\u003E,class std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E \u003E(std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.allocator\u003Cstd::_Tree_node\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060008A5" + }, + { + "Offset": "0x01D7", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.UInt16,SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x01ED", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x01FD", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x020C", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0224", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x022C", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{dtor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600571A" + }, + { + "Offset": "0x023B", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x024B", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x025A", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0272", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x027F", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E._Tidy(std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005466" + }, + { + "Offset": "0x028E", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0297", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Erase_head\u003Cclass std::allocator\u003Cstruct std::_Tree_node\u003Cclass std::basic_string\u003Cwchar_t,struct std::char_traits\u003Cwchar_t\u003E,class std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E \u003E(std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.allocator\u003Cstd::_Tree_node\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060008A5" + }, + { + "Offset": "0x02A8", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x02B7", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x02CF", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x02D7", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{dtor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x0600571A" + }, + { + "Offset": "0x02E6", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x02F6", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x0305", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x031D", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x032A", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E._Tidy(std.vector\u003CEventQueryFilter,std::allocator\u003CEventQueryFilter\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005466" + }, + { + "Offset": "0x0339", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0342", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E._Erase_head\u003Cclass std::allocator\u003Cstruct std::_Tree_node\u003Cclass std::basic_string\u003Cwchar_t,struct std::char_traits\u003Cwchar_t\u003E,class std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E \u003E(std._Tree_val\u003Cstd::_Tree_simple_types\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E \u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),std.allocator\u003Cstd::_Tree_node\u003Cstd::basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E,void *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060008A5" + } + ], + "Instructions": [ + { + "Offset": "0x0070", + "OpCode": "ldloc.s", + "Operand": "V_8", + "Token": null + }, + { + "Offset": "0x0072", + "OpCode": "ldc.i4", + "Operand": "65536", + "Token": null + }, + { + "Offset": "0x0077", + "OpCode": "call", + "Operand": "EventQueryRequest* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.{ctor}(EventQueryRequest* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.UInt64,System.UInt64,System.UInt32,System.UInt32,System.UInt16,System.UInt16,EventQueryFilters* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),std.basic_string\u003Cwchar_t,std::char_traits\u003Cwchar_t\u003E,std::allocator\u003Cwchar_t\u003E \u003E modreq(System.Runtime.CompilerServices.IsCopyConstructed)*,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong))", + "Token": "0x06005719" + }, + { + "Offset": "0x007C", + "OpCode": "pop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x007D", + "OpCode": "ldloca.s", + "Operand": "V_11", + "Token": null + }, + { + "Offset": "0x007F", + "OpCode": "ldloca.s", + "Operand": "V_14", + "Token": null + }, + { + "Offset": "0x0081", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::EventQueryRequest.Save\u003Cclass SByteStream\u003Cclass SCrtMemFile\u003E \u003E(EventQueryRequest modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x0600575E" + }, + { + "Offset": "0x0086", + "OpCode": "ldsfld", + "Operand": "System.Int32** \u003CModule\u003E::__unep@??$endstream@VSCrtMemFile@@@@$$FYAAEAV?$SByteStream@VSCrtMemFile@@@@AEAV0@@Z", + "Token": "0x04001B05" + }, + { + "Offset": "0x008B", + "OpCode": "stloc.s", + "Operand": "V_7", + "Token": null + }, + { + "Offset": "0x008D", + "OpCode": "ldloca.s", + "Operand": "V_14", + "Token": null + }, + { + "Offset": "0x008F", + "OpCode": "ldloc.s", + "Operand": "V_7", + "Token": null + }, + { + "Offset": "0x0091", + "OpCode": "calli", + "Operand": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x0096", + "OpCode": "pop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0097", + "OpCode": "ldloca.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x0099", + "OpCode": "call", + "Operand": "SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{ctor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011DE" + }, + { + "Offset": "0x009E", + "OpCode": "pop", + "Operand": null, + "Token": null + }, + { + "Offset": "0x009F", + "OpCode": "ldloca.s", + "Operand": "V_10", + "Token": null + }, + { + "Offset": "0x00A1", + "OpCode": "ldsflda", + "Operand": "\u003CCppImplementationDetails\u003E.$ArrayType$$$BY0BC@Q6AXXZ modopt(System.Runtime.CompilerServices.IsConst) \u003CModule\u003E::??_7SCrtMemFile@@6B@", + "Token": "0x04001016" + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-sbytestream-getdata-latest.json b/docs/reverse-engineering/dnlib-sbytestream-getdata-latest.json new file mode 100644 index 0000000..26a0e2f --- /dev/null +++ b/docs/reverse-engineering/dnlib-sbytestream-getdata-latest.json @@ -0,0 +1,94 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "0x0600100D", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "\u003CModule\u003E", + "Name": { + "String": "SByteStream\u003CSCrtMemFile\u003E.GetData", + "Data": "U0J5dGVTdHJlYW08U0NydE1lbUZpbGU+LkdldERhdGE=", + "Length": 32, + "DataLength": 32 + }, + "Token": "0x0600100D", + "Rva": "0x0005FDF8", + "IsStatic": true, + "IsPublic": false, + "HasBody": true, + "InstructionCount": 10, + "Locals": [], + "Calls": [ + { + "Offset": "0x0009", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr)", + "Token": null + } + ], + "Instructions": [ + { + "Offset": "0x0000", + "OpCode": "ldarg.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0001", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0002", + "OpCode": "dup", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0003", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0004", + "OpCode": "ldc.i4.s", + "Operand": "120", + "Token": null + }, + { + "Offset": "0x0006", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0007", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0008", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0009", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr)", + "Token": null + }, + { + "Offset": "0x000E", + "OpCode": "ret", + "Operand": null, + "Token": null + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-sbytestream-getlength-latest.json b/docs/reverse-engineering/dnlib-sbytestream-getlength-latest.json new file mode 100644 index 0000000..7ba3377 --- /dev/null +++ b/docs/reverse-engineering/dnlib-sbytestream-getlength-latest.json @@ -0,0 +1,75 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "0x0600100C", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "\u003CModule\u003E", + "Name": { + "String": "SByteStream\u003CSCrtMemFile\u003E.GetLength", + "Data": "U0J5dGVTdHJlYW08U0NydE1lbUZpbGU+LkdldExlbmd0aA==", + "Length": 34, + "DataLength": 34 + }, + "Token": "0x0600100C", + "Rva": "0x00064FE8", + "IsStatic": true, + "IsPublic": false, + "HasBody": true, + "InstructionCount": 8, + "Locals": [], + "Calls": [], + "Instructions": [ + { + "Offset": "0x0000", + "OpCode": "ldarg.0", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0001", + "OpCode": "ldind.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0002", + "OpCode": "ldc.i4.8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0003", + "OpCode": "conv.i8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0004", + "OpCode": "add", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0005", + "OpCode": "ldind.i4", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0006", + "OpCode": "conv.u8", + "Operand": null, + "Token": null + }, + { + "Offset": "0x0007", + "OpCode": "ret", + "Operand": null, + "Token": null + } + ] + } + ] +} diff --git a/docs/reverse-engineering/dnlib-write-copy-probe-latest.txt b/docs/reverse-engineering/dnlib-write-copy-probe-latest.txt new file mode 100644 index 0000000..5a5a0fe --- /dev/null +++ b/docs/reverse-engineering/dnlib-write-copy-probe-latest.txt @@ -0,0 +1,362 @@ +{ + "Path": "C:\\Users\\dohertj2\\Desktop\\histsdk\\current\\aahClientManaged.dll", + "Filter": "ArchestrA.HistoryQuery.StartQuery", + "IsILOnly": false, + "IsMixedMode": true, + "Methods": [ + { + "DeclaringType": "ArchestrA.HistoryQuery", + "Name": { + "String": "StartQuery", + "Data": "U3RhcnRRdWVyeQ==", + "Length": 10, + "DataLength": 10 + }, + "Token": "0x060062A1", + "Rva": "0x0044012C", + "IsStatic": false, + "IsPublic": true, + "HasBody": true, + "InstructionCount": 426, + "Calls": [ + { + "Offset": "0x0002", + "OpCode": "call", + "Operand": "HistorianClient* ArchestrA.BaseQuery::GetClient(ArchestrA.HistorianAccessError\u0026)", + "Token": "0x060061B5" + }, + { + "Offset": "0x000F", + "OpCode": "call", + "Operand": "System.Boolean ArchestrA.HistoryQuery::EndQuery(ArchestrA.HistorianAccessError\u0026)", + "Token": "0x060062A3" + }, + { + "Offset": "0x0054", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.CompilerMarshalOverride) modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Boolean* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x00B1", + "OpCode": "callvirt", + "Operand": "System.Boolean ArchestrA.HistoryQueryArgs::ProcessQueryArgs(ArchestrA.HistorianAccessError\u0026)", + "Token": "0x06006246" + }, + { + "Offset": "0x00C7", + "OpCode": "call", + "Operand": "System.String ArchestrA.HistoryQueryArgs::get_Option()", + "Token": "0x06006251" + }, + { + "Offset": "0x00D1", + "OpCode": "call", + "Operand": "System.Int32 \u003CModule\u003E::ArchestrA.ConvertHelper.ManagedToUnmanagedString(System.String,System.UInt64,System.Char*)", + "Token": "0x06005823" + }, + { + "Offset": "0x00F3", + "OpCode": "call", + "Operand": "System.String ArchestrA.HistoryQueryArgs::get_Filter()", + "Token": "0x06006257" + }, + { + "Offset": "0x00FD", + "OpCode": "call", + "Operand": "System.Int32 \u003CModule\u003E::ArchestrA.ConvertHelper.ManagedToUnmanagedString(System.String,System.UInt64,System.Char*)", + "Token": "0x06005823" + }, + { + "Offset": "0x0116", + "OpCode": "call", + "Operand": "System.Collections.Specialized.StringCollection ArchestrA.BaseQueryArgs::get_TagNames()", + "Token": "0x060061B7" + }, + { + "Offset": "0x011B", + "OpCode": "callvirt", + "Operand": "System.Int32 System.Collections.Specialized.StringCollection::get_Count()", + "Token": "0x0A00041C" + }, + { + "Offset": "0x013B", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003Cwchar_t *,std::allocator\u003Cwchar_t *\u003E \u003E.reserve(std.vector\u003Cwchar_t *,std::allocator\u003Cwchar_t *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.UInt64 modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005856" + }, + { + "Offset": "0x014A", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0152", + "OpCode": "call", + "Operand": "System.Collections.Specialized.StringCollection ArchestrA.BaseQueryArgs::get_TagNames()", + "Token": "0x060061B7" + }, + { + "Offset": "0x015A", + "OpCode": "call", + "Operand": "System.Boolean \u003CModule\u003E::ArchestrA.ConvertHelper.ManagedToUnmanagedStrings(System.Collections.Specialized.StringCollection,stx.tsarray* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced),ArchestrA.HistorianAccessError\u0026)", + "Token": "0x06005825" + }, + { + "Offset": "0x016A", + "OpCode": "call", + "Operand": "QueryColumnSelector* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::QueryColumnSelector.{ctor}(QueryColumnSelector* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000041" + }, + { + "Offset": "0x0174", + "OpCode": "call", + "Operand": "System.Void ArchestrA.HistoryQuery::SelectQueryColumns(ArchestrA.HistoryQueryArgs,QueryColumnSelector* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x0600629C" + }, + { + "Offset": "0x017B", + "OpCode": "call", + "Operand": "SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.{ctor}(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011DE" + }, + { + "Offset": "0x0193", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x01A8", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.SaveEx(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Void modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt64)", + "Token": "0x06000801" + }, + { + "Offset": "0x01B4", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.SaveEx(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),System.Void modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt64)", + "Token": "0x06000801" + }, + { + "Offset": "0x01C4", + "OpCode": "calli", + "Operand": "SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced) modopt(System.Runtime.CompilerServices.CallConvCdecl) (SByteStream\u003CSCrtMemFile\u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": null + }, + { + "Offset": "0x0210", + "OpCode": "call", + "Operand": "System.DateTime ArchestrA.BaseQueryArgs::get_EndDateTime()", + "Token": "0x060061BB" + }, + { + "Offset": "0x0219", + "OpCode": "call", + "Operand": "System.DateTime System.DateTime::ToUniversalTime()", + "Token": "0x0A00040D" + }, + { + "Offset": "0x0221", + "OpCode": "call", + "Operand": "System.DateTime ArchestrA.BaseQueryArgs::get_StartDateTime()", + "Token": "0x060061B9" + }, + { + "Offset": "0x022A", + "OpCode": "call", + "Operand": "System.DateTime System.DateTime::ToUniversalTime()", + "Token": "0x0A00040D" + }, + { + "Offset": "0x023D", + "OpCode": "calli", + "Operand": "System.Byte modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.CallConvCdecl) (System.IntPtr)", + "Token": null + }, + { + "Offset": "0x0250", + "OpCode": "call", + "Operand": "ArchestrA.HistorianRetrievalMode ArchestrA.BaseQueryArgs::get_RetrievalMode()", + "Token": "0x060061BD" + }, + { + "Offset": "0x0258", + "OpCode": "call", + "Operand": "System.Collections.Specialized.StringCollection ArchestrA.BaseQueryArgs::get_TagNames()", + "Token": "0x060061B7" + }, + { + "Offset": "0x025D", + "OpCode": "callvirt", + "Operand": "System.Int32 System.Collections.Specialized.StringCollection::get_Count()", + "Token": "0x0A00041C" + }, + { + "Offset": "0x0264", + "OpCode": "call", + "Operand": "System.Char modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::stx.tsarray.get(stx.tsarray modopt(System.Runtime.CompilerServices.IsConst)* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060057EA" + }, + { + "Offset": "0x026E", + "OpCode": "call", + "Operand": "System.Int64 System.DateTime::ToFileTime()", + "Token": "0x0A00040C" + }, + { + "Offset": "0x0275", + "OpCode": "call", + "Operand": "System.Int64 System.DateTime::ToFileTime()", + "Token": "0x0A00040C" + }, + { + "Offset": "0x027B", + "OpCode": "call", + "Operand": "System.UInt64 ArchestrA.BaseQueryArgs::get_Resolution()", + "Token": "0x060061BF" + }, + { + "Offset": "0x0283", + "OpCode": "call", + "Operand": "System.Single ArchestrA.HistoryQueryArgs::get_ValueDeadband()", + "Token": "0x06006247" + }, + { + "Offset": "0x0289", + "OpCode": "call", + "Operand": "System.UInt32 ArchestrA.HistoryQueryArgs::get_TimeDeadband()", + "Token": "0x06006249" + }, + { + "Offset": "0x0294", + "OpCode": "call", + "Operand": "ArchestrA.HistorianVersionType ArchestrA.BaseQueryArgs::get_DataVersion()", + "Token": "0x060061C1" + }, + { + "Offset": "0x029A", + "OpCode": "call", + "Operand": "ArchestrA.HistorianInterpolationType ArchestrA.HistoryQueryArgs::get_InterpolationType()", + "Token": "0x0600624B" + }, + { + "Offset": "0x02A0", + "OpCode": "call", + "Operand": "ArchestrA.HistorianTimestampRule ArchestrA.HistoryQueryArgs::get_TimeStampRule()", + "Token": "0x0600624D" + }, + { + "Offset": "0x02A6", + "OpCode": "call", + "Operand": "ArchestrA.HistorianQualityRule ArchestrA.HistoryQueryArgs::get_QualityRule()", + "Token": "0x0600624F" + }, + { + "Offset": "0x02B6", + "OpCode": "call", + "Operand": "ArchestrA.HistorianValueSelector ArchestrA.HistoryQueryArgs::get_ValueSelector()", + "Token": "0x06006253" + }, + { + "Offset": "0x02BC", + "OpCode": "call", + "Operand": "ArchestrA.HistorianAggregationType ArchestrA.HistoryQueryArgs::get_AggregationType()", + "Token": "0x06006255" + }, + { + "Offset": "0x02C9", + "OpCode": "call", + "Operand": "System.UInt16 ArchestrA.HistoryQueryArgs::get_MaxStates()", + "Token": "0x06006259" + }, + { + "Offset": "0x02D2", + "OpCode": "call", + "Operand": "System.Boolean modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::HistorianClient.StartDataQuery(HistorianClient* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst),INSQL_QUERYTYPE,INSQL_QUERYFORMAT,HISTORIAN_SUMMARYTYPE,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong),System.Char modopt(System.Runtime.CompilerServices.IsConst)**,System.UInt64,System.UInt64,System.Double,System.Single,System.UInt32,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,E_VERSIONTYPE,E_INTERPOLATIONTYPE,E_TIMESTAMPRULE,E_QUALITYRULE,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.Char*,System.UInt16,System.Char*,System.UInt16,EValueSelector,E_AGGREGATIONTYPE,System.UInt32,System.Byte modopt(System.Runtime.CompilerServices.IsConst)*,System.Char modopt(System.Runtime.CompilerServices.IsConst)*,System.UInt16,System.UInt32 modopt(System.Runtime.CompilerServices.IsLong)*,SError* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x060055E4" + }, + { + "Offset": "0x031A", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0322", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.ClearErrorDetail(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000165" + }, + { + "Offset": "0x0331", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0341", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SMemFile\u003CSCrtAllocator\u003E.Free(SMemFile\u003CSCrtAllocator\u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x060011E7" + }, + { + "Offset": "0x0350", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0368", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0370", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::QueryColumnSelector.{dtor}(QueryColumnSelector* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000044" + }, + { + "Offset": "0x037F", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x0388", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::stx.clear_array_ptr_vector\u003Cwchar_t\u003E(std.vector\u003Cwchar_t *,std::allocator\u003Cwchar_t *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsImplicitlyDereferenced))", + "Token": "0x06005886" + }, + { + "Offset": "0x0397", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x039F", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::std.vector\u003Cwchar_t *,std::allocator\u003Cwchar_t *\u003E \u003E._Tidy(std.vector\u003Cwchar_t *,std::allocator\u003Cwchar_t *\u003E \u003E* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06005872" + }, + { + "Offset": "0x03AE", + "OpCode": "call", + "Operand": "System.Void \u003CModule\u003E::___CxxCallUnwindDtor(System.Void (System.Void*),System.Void*)", + "Token": "0x06005C0F" + }, + { + "Offset": "0x03B6", + "OpCode": "call", + "Operand": "System.Void modopt(System.Runtime.CompilerServices.CallConvCdecl) \u003CModule\u003E::SError.ClearErrorDetail(SError* modopt(System.Runtime.CompilerServices.IsConst) modopt(System.Runtime.CompilerServices.IsConst))", + "Token": "0x06000165" + } + ] + } + ] +} +Wrote copy: docs\reverse-engineering\dnlib-write-copy\aahClientManaged.dll diff --git a/docs/reverse-engineering/dumpbin-aahclientmanaged-dependents-latest.txt b/docs/reverse-engineering/dumpbin-aahclientmanaged-dependents-latest.txt new file mode 100644 index 0000000..2cb0909 --- /dev/null +++ b/docs/reverse-engineering/dumpbin-aahclientmanaged-dependents-latest.txt @@ -0,0 +1,46 @@ +Microsoft (R) COFF/PE Dumper Version 14.44.35226.0 +Copyright (C) Microsoft Corporation. All rights reserved. + + +Dump of file current\aahClientManaged.dll + +File Type: DLL + + Image has the following dependencies: + + WS2_32.dll + Secur32.dll + VERSION.dll + RPCRT4.dll + NETAPI32.dll + MSVCP140.dll + KERNEL32.dll + USER32.dll + ADVAPI32.dll + SHELL32.dll + OLEAUT32.dll + CRYPT32.dll + VCRUNTIME140.dll + VCRUNTIME140_1.dll + api-ms-win-crt-stdio-l1-1-0.dll + api-ms-win-crt-string-l1-1-0.dll + api-ms-win-crt-filesystem-l1-1-0.dll + api-ms-win-crt-runtime-l1-1-0.dll + api-ms-win-crt-heap-l1-1-0.dll + api-ms-win-crt-convert-l1-1-0.dll + api-ms-win-crt-utility-l1-1-0.dll + api-ms-win-crt-math-l1-1-0.dll + ole32.dll + SHLWAPI.dll + api-ms-win-crt-time-l1-1-0.dll + mscoree.dll + + Summary + + DA000 .data + 5D000 .nep + 6000 .pdata + AB9000 .rdata + 2000 .reloc + 1000 .rsrc + 465000 .text diff --git a/docs/reverse-engineering/dumpbin-aahclientmanaged-imports-filtered-latest.txt b/docs/reverse-engineering/dumpbin-aahclientmanaged-imports-filtered-latest.txt new file mode 100644 index 0000000..06dea1a --- /dev/null +++ b/docs/reverse-engineering/dumpbin-aahclientmanaged-imports-filtered-latest.txt @@ -0,0 +1,10 @@ + +Dump of file current\aahClientManaged.dll + WS2_32.dll + 4FF ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ + ADVAPI32.dll + CRYPT32.dll + 7D CryptBinaryToStringW + DF CryptStringToBinaryW + mscoree.dll + diff --git a/docs/reverse-engineering/dumpbin-aahclientmanaged-imports-latest.txt b/docs/reverse-engineering/dumpbin-aahclientmanaged-imports-latest.txt new file mode 100644 index 0000000..2859838 --- /dev/null +++ b/docs/reverse-engineering/dumpbin-aahclientmanaged-imports-latest.txt @@ -0,0 +1,584 @@ +Microsoft (R) COFF/PE Dumper Version 14.44.35226.0 +Copyright (C) Microsoft Corporation. All rights reserved. + + +Dump of file current\aahClientManaged.dll + +File Type: DLL + + Section contains the following imports: + + WS2_32.dll + 1804C3980 Import Address Table + 180F78A00 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 2 FreeAddrInfoW + 9 GetNameInfoW + B InetPtonW + 7 GetAddrInfoW + Ordinal 115 + Ordinal 116 + + Secur32.dll + 1804C3840 Import Address Table + 180F788C0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 24 InitializeSecurityContextW + 2 AcquireCredentialsHandleW + 0 AcceptSecurityContext + 36 QuerySecurityContextToken + 18 FreeCredentialsHandle + + VERSION.dll + 1804C3960 Import Address Table + 180F789E0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 8 GetFileVersionInfoW + 10 VerQueryValueW + 7 GetFileVersionInfoSizeW + + RPCRT4.dll + 1804C37F8 Import Address Table + 180F78878 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 21D UuidCreate + 226 UuidToStringW + 214 RpcStringFreeW + 222 UuidFromStringW + + NETAPI32.dll + 1804C3768 Import Address Table + 180F787E8 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + EF NetUserGetLocalGroups + E0 NetShareGetInfo + 9B NetLocalGroupGetMembers + 51 NetApiBufferFree + + MSVCP140.dll + 1804C34C8 Import Address Table + 180F78548 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 4C3 ?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z + 12E ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z + 4BC ?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z + 3CB ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A + 28C ?_Xbad_function_call@std@@YAXXZ + 28D ?_Xinvalid_argument@std@@YAXPEBD@Z + 283 ?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ + 282 ?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ + 1C8 ?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ + 57D _Mbrtowc + 28F ?_Xout_of_range@std@@YAXPEBD@Z + 28E ?_Xlength_error@std@@YAXPEBD@Z + 28B ?_Xbad_alloc@std@@YAXXZ + 34F ?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ + 352 ?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ + 35B ?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ + 449 ?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ + 4C9 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z + 3F8 ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z + 4FF ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ + 4B7 ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z + 53D ?width@ios_base@std@@QEAA_J_J@Z + 4E3 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z + 4E0 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z + 3FE ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z + 1EA ?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ + 1E7 ?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ + 437 ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z + 132 ??Bios_base@std@@QEBA_NXZ + 2B ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z + 22 ??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z + 4DA ?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ + 497 ?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ + 4D1 ?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ + 3C2 ?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ + 1AD ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z + A5 ??1_Lockit@std@@QEAA@XZ + 1B5 ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z + 131 ??Bid@locale@std@@QEAA_KXZ + 6D ??0_Lockit@std@@QEAA@H@Z + 85 ??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ + 88 ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ + 365 ?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ + 367 ?flags@ios_base@std@@QEBAHXZ + 53E ?width@ios_base@std@@QEBA_JXZ + 8B ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ + 21B ?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z + 52B ?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z + 29D ?always_noconv@codecvt_base@std@@QEBA_NXZ + 1F9 ?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ + 1D5 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ + 35F ?fail@ios_base@std@@QEBA_NXZ + ED ??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z + 2AA ?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z + 12D ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z + 124 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z + 36D ?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z + 4C2 ?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z + 24C ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ + 82 ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ + 128 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z + 3C8 ?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ + 35 ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ + 50E ?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ + 3C5 ?good@ios_base@std@@QEBA_NXZ + 246 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ + 51E ?uncaught_exception@std@@YA_NXZ + 36A ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ + 463 ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z + 536 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z + 548 ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z + 545 ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z + 51D ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ + 4D7 ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ + 281 ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ + 22A ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ + 48B ?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ + 295 ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z + 299 ?__ExceptionPtrDestroy@@YAXPEAX@Z + 10 ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ + 7F ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ + 17 ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z + 440 ?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ + + KERNEL32.dll + 1804C3138 Import Address Table + 180F781B8 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + E5 CreateProcessW + DC CreateNamedPipeW + 451 QueryPerformanceFrequency + 426 PostQueuedCompletionStatus + 9C ConnectNamedPipe + 368 InitializeCriticalSectionAndSpinCount + 5E7 WaitForSingleObjectEx + 369 InitializeCriticalSectionEx + 10A DecodePointer + 1B1 FreeLibrary + 86 CloseHandle + 135 EnterCriticalSection + 267 GetLastError + 3C0 LeaveCriticalSection + 5B5 TryEnterCriticalSection + 2F0 GetSystemTimeAsFileTime + 5E4 WaitForMultipleObjects + 4CA ResetEvent + 111 DeleteCriticalSection + 367 InitializeCriticalSection + BF CreateEventW + 3D2 LocalFree + 16F FileTimeToLocalFileTime + 170 FileTimeToSystemTime + 36D InitializeSRWLock + 0 AcquireSRWLockExclusive + 4B6 ReleaseSRWLockExclusive + 1 AcquireSRWLockShared + 4B7 ReleaseSRWLockShared + 60D WideCharToMultiByte + 3C6 LoadLibraryExW + 2B5 GetProcAddress + 27A GetModuleFileNameW + 186 FindFirstFileW + 17B FindClose + 27D GetModuleHandleExW + 1E5 GetComputerNameW + 64F lstrlenW + 466 RaiseException + 21D GetCurrentProcess + 1AD FormatMessageW + BA CreateDirectoryW + CB CreateFileW + 116 DeleteFileW + 17C FindCloseChangeNotification + 17E FindFirstChangeNotificationW + 18F FindNextChangeNotification + 192 FindNextFileW + 1A5 FlushFileBuffers + 230 GetDiskFreeSpaceW + 22F GetDiskFreeSpaceExW + 249 GetFileAttributesExW + 253 GetFileSizeEx + 2FB GetTempFileNameW + 477 ReadFile + 4BD RemoveDirectoryW + 51E SetEndOfFile + 531 SetFilePointerEx + 534 SetFileTime + 621 WriteFile + 1E1 GetCompressedFileSizeW + 41C OutputDebugStringW + 12F DuplicateHandle + 53F SetLastError + 5ED WaitNamedPipeW + 450 QueryPerformanceCounter + 29F GetOverlappedResult + 71 CancelIo + 524 SetEvent + 4B8 ReleaseSemaphore + 4B4 ReleaseMutex + 5E6 WaitForSingleObject + DA CreateMutexW + 584 SetWaitableTimer + 58B Sleep + EC CreateSemaphoreW + 101 CreateWaitableTimerW + 21E GetCurrentProcessId + 221 GetCurrentThread + 222 GetCurrentThreadId + 56B SetThreadPriority + 566 SetThreadIdealProcessor + 2EA GetSystemInfo + 268 GetLocalTime + 30E GetTickCount + 3C7 LoadLibraryW + 649 lstrcpyW + AD CopyFileW + 3EE MoveFileW + 3EB MoveFileExW + FB CreateToolhelp32Snapshot + 431 Process32NextW + 27E GetModuleHandleW + 4D3 RtlCaptureContext + 4DA RtlLookupFunctionEntry + 4E1 RtlVirtualUnwind + 5BC UnhandledExceptionFilter + 57B SetUnhandledExceptionFilter + 59A TerminateProcess + 389 IsProcessorFeaturePresent + 382 IsDebuggerPresent + 2D7 GetStartupInfoW + 122 DisableThreadLibraryCalls + 36C InitializeSListHead + 64E lstrlenA + 596 SystemTimeToFileTime + 597 SystemTimeToTzSpecificLocalTime + 40C OpenMutexW + 3CF LocalFileTimeToFileTime + 126 DisconnectNamedPipe + 2D1 GetQueuedCompletionStatus + D0 CreateIoCompletionPort + 3F2 MultiByteToWideChar + + USER32.dll + 1804C3870 Import Address Table + 180F788F0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 3B3 UnregisterClassW + 3E5 wsprintfW + + ADVAPI32.dll + 1804C3000 Import Address Table + 180F78080 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 264 RegCreateKeyExW + 20 AllocateAndInitializeSid + 215 OpenProcessToken + 25B RegCloseKey + 299 RegQueryValueExW + 28C RegOpenKeyExW + 170 GetTokenInformation + 1A9 LookupAccountSidW + 21A OpenThreadToken + 134 FreeSid + 18B ImpersonateLoggedOnUser + 2C1 RevertToSelf + 17B GetUserNameW + 1A5 LogonUserW + 25F RegConnectRegistryW + 27D RegEnumValueW + 19E IsValidSid + 14B GetLengthSid + 85 CopySid + 18F InitializeSecurityDescriptor + 2E8 SetSecurityDescriptorDacl + 1A7 LookupAccountNameW + 2D8 SetEntriesInAclW + 83 ConvertStringSidToSidW + 65 CloseServiceHandle + 217 OpenSCManagerW + 219 OpenServiceW + 5D ChangeServiceConfigW + 250 QueryServiceStatus + 2FB StartServiceW + 27E RegFlushKey + 8B CreateProcessAsUserW + 288 RegNotifyChangeKeyValue + 2A9 RegSetValueExW + F1 DuplicateTokenEx + + SHELL32.dll + 1804C3820 Import Address Table + 180F788A0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 176 SHGetSpecialFolderPathW + + OLEAUT32.dll + 1804C3790 Import Address Table + 180F78810 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + Ordinal 201 + Ordinal 9 + Ordinal 202 + Ordinal 150 + Ordinal 2 + Ordinal 12 + Ordinal 7 + Ordinal 6 + Ordinal 10 + Ordinal 8 + Ordinal 149 + Ordinal 200 + + CRYPT32.dll + 1804C3120 Import Address Table + 180F781A0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 7D CryptBinaryToStringW + DF CryptStringToBinaryW + + VCRUNTIME140.dll + 1804C3888 Import Address Table + 180F78908 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 1B __current_exception + 24 __std_type_info_compare + 3B memcmp + 36 _purecall + E __CxxFrameHandler3 + 1 _CxxThrowException + F __CxxQueryExceptionSize + B __CxxExceptionFilter + 10 __CxxRegisterExceptionObject + A __CxxDetectRethrow + 11 __CxxUnregisterExceptionObject + 13 __FrameUnwindFilter + 3E memset + 21 __std_exception_copy + 22 __std_exception_destroy + 38 _set_se_translator + 3C memcpy + 3D memmove + 44 wcschr + 45 wcsrchr + 18 __RTDynamicCast + 8 __C_specific_handler + 25 __std_type_info_destroy_list + 1C __current_exception_context + + VCRUNTIME140_1.dll + 1804C3950 Import Address Table + 180F789D0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 0 __CxxFrameHandler4 + + api-ms-win-crt-stdio-l1-1-0.dll + 1804C3B30 Import Address Table + 180F78BB0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 81 fputwc + 9E ungetwc + 79 fgetpos + 74 fclose + 7B fgetwc + 8A fwrite + 88 fsetpos + 98 setvbuf + 77 fflush + 78 fgetc + 9D ungetc + C __stdio_common_vsnwprintf_s + 2F _fseeki64 + + api-ms-win-crt-string-l1-1-0.dll + 1804C3BA0 Import Address Table + 180F78C20 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 6E isspace + 4A _wcsicmp + A6 wcsncmp + A8 wcsncpy_s + 97 tolower + 9D wcscat_s + 7B iswspace + 6C isprint + 34 _strnicmp + 54 _wcsnicmp + 9B towupper + 2A _stricmp + 90 strncpy_s + 9A towlower + A1 wcscpy_s + 71 iswalpha + 70 iswalnum + B0 wmemcpy_s + + api-ms-win-crt-filesystem-l1-1-0.dll + 1804C3A10 Import Address Table + 180F78A90 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 39 _wsplitpath_s + 25 _waccess + 24 _unlock_file + 16 _lock_file + 31 _wfullpath + + api-ms-win-crt-runtime-l1-1-0.dll + 1804C3AA0 Import Address Table + 180F78B20 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 18 _configure_narrow_argv + 3F _seh_filter_dll + 36 _initterm + 67 terminate + 39 _invalid_parameter_noinfo_noreturn + 54 abort + 16 _cexit + 1D _crt_at_quick_exit + 38 _invalid_parameter_noinfo + 33 _initialize_narrow_environment + 34 _initialize_onexit_table + 21 _errno + 14 _beginthreadex + 3C _register_onexit_function + 1E _crt_atexit + 37 _initterm_e + 22 _execute_onexit_table + + api-ms-win-crt-heap-l1-1-0.dll + 1804C3A40 Import Address Table + 180F78AC0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 1A realloc + 15 _recalloc + 17 calloc + 18 free + 19 malloc + 8 _callnewh + + api-ms-win-crt-convert-l1-1-0.dll + 1804C39B8 Import Address Table + 180F78A38 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 2F _ui64tow_s + 33 _ultow_s + 47 _wtoi + 6B wcstod + 50 atoi + 1E _ltow_s + 4B _wtol + 5E strtod + 73 wcstoul + 45 _wtof + + api-ms-win-crt-utility-l1-1-0.dll + 1804C3C68 Import Address Table + 180F78CE8 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 1B rand + 1D srand + + api-ms-win-crt-math-l1-1-0.dll + 1804C3A78 Import Address Table + 180F78AF8 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 7D ceilf + 29 _finite + 10 _dclass + 30 _isnan + + ole32.dll + 1804C3C90 Import Address Table + 180F78D10 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 90 CoUninitialize + 61 CoInitializeEx + 1BE OleRun + 2B CoCreateInstance + 20C StringFromGUID2 + 60 CoInitialize + + SHLWAPI.dll + 1804C3830 Import Address Table + 180F788B0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 158 StrToIntW + + api-ms-win-crt-time-l1-1-0.dll + 1804C3C38 Import Address Table + 180F78CB8 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 20 _gmtime64_s + 30 _time64 + 28 _mktime64 + 24 _localtime64_s + 47 wcsftime + + mscoree.dll + 1804C3C80 Import Address Table + 180F78D00 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 76 _CorDllMain + + Summary + + DA000 .data + 5D000 .nep + 6000 .pdata + AB9000 .rdata + 2000 .reloc + 1000 .rsrc + 465000 .text diff --git a/docs/reverse-engineering/dumpbin-aahclientmanaged-ws2-imports-latest.txt b/docs/reverse-engineering/dumpbin-aahclientmanaged-ws2-imports-latest.txt new file mode 100644 index 0000000..374b667 --- /dev/null +++ b/docs/reverse-engineering/dumpbin-aahclientmanaged-ws2-imports-latest.txt @@ -0,0 +1,81 @@ +> WS2_32.dll + 1804C3980 Import Address Table + 180F78A00 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 2 FreeAddrInfoW + 9 GetNameInfoW + B InetPtonW + 7 GetAddrInfoW + Ordinal 115 + Ordinal 116 + + Secur32.dll + 1804C3840 Import Address Table + 180F788C0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 24 InitializeSecurityContextW + 2 AcquireCredentialsHandleW + 0 AcceptSecurityContext + 36 QuerySecurityContextToken + 18 FreeCredentialsHandle + + VERSION.dll + 1804C3960 Import Address Table + 180F789E0 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 8 GetFileVersionInfoW + 10 VerQueryValueW + 7 GetFileVersionInfoSizeW + + RPCRT4.dll + 1804C37F8 Import Address Table + 180F78878 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 21D UuidCreate + 226 UuidToStringW + 214 RpcStringFreeW + 222 UuidFromStringW + + NETAPI32.dll + 1804C3768 Import Address Table + 180F787E8 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + EF NetUserGetLocalGroups + E0 NetShareGetInfo + 9B NetLocalGroupGetMembers + 51 NetApiBufferFree + + MSVCP140.dll + 1804C34C8 Import Address Table + 180F78548 Import Name Table + 0 time date stamp + 0 Index of first forwarder reference + + 4C3 ?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z + 12E ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z + 4BC ?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z + 3CB ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A + 28C ?_Xbad_function_call@std@@YAXXZ + 28D ?_Xinvalid_argument@std@@YAXPEBD@Z + 283 ?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ + 282 ?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ + 1C8 ?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ + 57D _Mbrtowc + 28F ?_Xout_of_range@std@@YAXPEBD@Z + 28E ?_Xlength_error@std@@YAXPEBD@Z + 28B ?_Xbad_alloc@std@@YAXXZ + 34F ?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ + 352 ?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ + 35B ?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ + 449 ?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ + 4C9 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z diff --git a/docs/reverse-engineering/frida-aahclientmanaged-hook-pass.md b/docs/reverse-engineering/frida-aahclientmanaged-hook-pass.md new file mode 100644 index 0000000..2c9ca03 --- /dev/null +++ b/docs/reverse-engineering/frida-aahclientmanaged-hook-pass.md @@ -0,0 +1,281 @@ +# Frida Hook Pass: aahClientManaged Integrated Read + +Scenario: + +```powershell +powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\Attach-AahClientManagedFridaCapture.ps1 -TagName OtOpcUaParityTest_001.Counter -LookbackMinutes 1440 -MaxRows 1 +``` + +Artifacts: + +- Script: `scripts\frida\aahclientmanaged-open-query.js` +- Runner: `scripts\Attach-AahClientManagedFridaCapture.ps1` +- Latest capture: `docs\reverse-engineering\frida-aahclientmanaged-attach-read-latest.ndjson` + +## Result + +The attach-based workflow is the reliable Frida path for this mixed CLR/native +assembly: + +1. Start Windows PowerShell. +2. Load `current\aahClientManaged.dll`. +3. Sleep briefly before creating `HistorianAccess`. +4. Attach Frida to the already-loaded process. +5. Install hooks at candidate RVAs. +6. Continue the native integrated read. + +Frida confirmed: + +- target process architecture: `x64` +- loaded module: `aahClientManaged.dll` +- module base for latest run: `0x7ffd4a600000` +- module size: `17166336` +- path: `C:\Users\dohertj2\Desktop\histsdk\current\aahClientManaged.dll` + +Hooks were installed for candidate method RVAs including: + +- `CClientInfo.SerializeOpenConnectionInParams*` +- `CHistoryConnectionWCF.OpenConnection*` +- `HistorianClient.StartQuery` +- `HistorianClient.StartDataQuery` +- `ClientApp.StartDataQuery` +- `Query.StartDataQuery` +- `CRetrievalConnectionWCF.StartQuery2` +- `QueryColumnSelector.SelectNonSummaryColumns` +- `QueryColumnSelector.Save` +- `QueryColumnSelector.GetColumnSelectorFlags` +- `HistorianClient.GetNextRow` +- `HistorianClient.GetNextRow` + +No hook entry/leave events fired during the successful read. + +## Interpretation + +The `methods` command RVAs are not reliable executable hook targets for the +successful path. They are CLR/mixed-mode method body locations or stubs, not the +actual runtime addresses invoked after CLR/JIT/mixed-mode dispatch. Frida can +see the module and can install some interceptors at `base + RVA`, but those +addresses are not reached by the wrapper scenario. + +The successful read still proves the scenario: + +- integrated auth opens +- `GetConnectionStatus` settles +- `HistoryQuery.StartQuery` succeeds +- `MoveNext` returns one row for `OtOpcUaParityTest_001.Counter` + +An expanded pass based on decompiled call targets produced the same result: +hooks installed for MethodDef RVAs such as `HistorianClient.StartDataQuery` +(`0x4160C4`), `Query.StartDataQuery` (`0x41CACC`), +`QueryColumnSelector.SelectNonSummaryColumns` (`0x1EE34`), and +`HistorianClient.GetNextRow` (`0x42F818`), but no +entry/leave callbacks fired. Treat MethodDef RVAs from the mixed-mode assembly +as insufficient for Frida interception without resolving the actual CLR/native +dispatch target. + +Runtime method-pointer dumps from +`tools\AVEVA.Historian.NativeTraceHarness --dump-method-pointers ...` provide a +better target class, but not stable RVAs. `RuntimeHelpers.PrepareMethod` plus +`MethodHandle.GetFunctionPointer()` exposes process-local CLR/JIT entry +addresses for methods such as `.HistorianClient.StartDataQuery`, +`.CRetrievalConnectionWCF.StartQuery2`, and +`.HistorianClient.GetNextRow`. The current +artifacts mark all of these as `FunctionPointerInModule = false`, so they must +be discovered in the same process that will be hooked. + +`scripts\Attach-NativeTraceHarnessRuntimePointerCapture.ps1` now automates that +same-process attempt. It starts `NativeTraceHarness`, writes a runtime pointer +snapshot immediately before `StartQuery`, pauses, generates a temporary Frida +script with the absolute addresses, and attaches to the still-paused process. +The latest local direct history run installed 37 absolute hooks from +`runtime-method-pointers-before-history-start-latest.json`; the read succeeded, +but no hook `enter`/`leave` callbacks fired. This rules out raw Frida +interception of `MethodHandle.GetFunctionPointer()` addresses as the next +primary capture route. + +## Decompiled Query Call Facts + +`ArchestrA.HistoryQuery.StartQuery`: + +- Calls `BaseQuery.GetClient`. +- Calls `EndQuery` before starting a new query. +- Converts tag names to a native UTF-16 pointer vector. +- Builds a selected-column stream as: + - `ushort` value `1` + - 8-byte `QueryColumnSelector` payload +- Calls `HistorianClient.StartDataQuery` with retrieval mode, query format `0`, + summary type `0`, tag count, tag pointer vector, UTC FILETIME start/end, + resolution, deadbands, time zone `UTC`, version/interpolation/timestamp/ + quality/value-selector/aggregation enum values, option/filter buffers, + selected-column byte count and pointer, max states, output query handle, and + `SError`. + +`ArchestrA.EventQuery.StartQuery`: + +- Calls `BaseQuery.GetClient`. +- Calls `EndQuery` before starting a new event query. +- Normalizes `EventCount = 0` to `100000` and enables a continue-query mode. +- Calls `HistorianClient.StartEventQuery` with UTC FILETIME start/end, event + count, skip count, event order as `ushort`, query type value `1`, filter + pointer, time zone `UTC`, output query handle, and `SError`. + +## Confirmed Managed Contract Shape + +Decompilation confirms these WCF byte-buffer contracts: + +- `HistoryServiceContract.IHistoryServiceContract2.OpenConnection2` +- `HistoryServiceContract.IHistoryServiceContract2.ExchangeKey` +- `HistoryServiceContract.IHistoryServiceContract2.ValidateClientCredential` +- `RetrievalServiceContract.IRetrievalServiceContract2.StartQuery2` +- `RetrievalServiceContract.IRetrievalServiceContract2.GetNextQueryResultBuffer2` +- `RetrievalServiceContract.IRetrievalServiceContract2.EndQuery2` + +`StartQuery2` signature: + +```text +bool StartQuery2( + uint clientHandle, + ushort queryRequestType, + uint requestSize, + byte[] pRequestBuff, + out uint responseSize, + out byte[] pResponseBuff, + ref uint queryHandle, + out uint errSize, + out byte[] err) +``` + +`GetNextQueryResultBuffer2` signature: + +```text +bool GetNextQueryResultBuffer2( + uint clientHandle, + uint queryHandle, + out uint resultSize, + out byte[] pResultBuff, + out uint errSize, + out byte[] err) +``` + +## Next Hook Direction + +Use profiler/API-boundary interception rather than raw Frida function-pointer +interception: + +- CLR profiler / managed method rewrite for `HistoryServiceContract.*` and + `RetrievalServiceContract.*` calls. +- API Monitor or Detours-style hooks at the lower native/WCF DLL boundary. +- Focus first on capturing managed byte-array arguments to: + - `OpenConnection2` + - `ExchangeKey` + - `ValidateClientCredential` + - `StartQuery2` + - `GetNextQueryResultBuffer2` + +## WCF Diagnostics Attempt + +`tools\AVEVA.Historian.NativeTraceHarness` attempted classic .NET Framework +`System.ServiceModel` diagnostics and message logging while running the same +successful integrated read. No `.svclog` file was produced, even though the +scenario succeeded. This is negative evidence that the native wrapper path does +not expose a managed WCF client pipeline in the harness AppDomain that can be +captured with ordinary WCF config diagnostics. A profiler/method-rewrite hook +remains the likely buffer-capture route. + +## Event Add-Tag Hook Pass + +Scenario: + +```powershell +.\tools\AVEVA.Historian.NativeTraceHarness\bin\Debug\net481\AVEVA.Historian.NativeTraceHarness.exe --scenario event --server-name localhost --tcp-port 32568 --connection-wait-seconds 15 --pre-open-sleep-seconds 15 --max-rows 1 --lookback-minutes 1440 +``` + +Artifacts: + +- Script: `scripts\frida\aahclientmanaged-open-query.js` +- Latest capture: `docs\reverse-engineering\frida-aahclientmanaged-event-addtag-latest.ndjson` +- Native result: `docs\reverse-engineering\native-event-addtag-frida-child.json` + +The native event query still succeeded and returned one event row. The +expanded hook list installed hooks for the event default-tag path: + +- `HistorianAccess.CreateDefaultEventTag` at method RVA `0x43c2d4` +- `HistorianAccess.AddTagInternal` at method RVA `0x43be68` +- `HistorianClient.AddHistorianTag` at method RVA `0x417c18` +- `HistorianClient.ConvertEventTagToTagMetadata` at method RVA `0x417b68` +- `CTagMetadata.Save>` at method RVA `0x1044dc` + +The capture has hook-install events and some hook-install failures for other +candidates, but still no enter/leave events. This confirms the same limitation +as the history pass: MethodDef RVAs from this mixed-mode assembly are not the +actual runtime entry points for the successful wrapper path. The next capture +mechanism needs CLR method rewriting/profiling or a lower native boundary such +as Winsock/API Monitor, not raw `base + RVA` Frida interceptors. + +## Event Winsock/IPС Pass + +`tools\AVEVA.Historian.NativeTraceHarness` now supports +`--pre-load-sleep-seconds`, allowing Frida to attach before +`aahClientManaged.dll` is loaded. Running the event scenario with that preload +pause produced: + +- `docs\reverse-engineering\winsock-event-preload-localhost-latest.ndjson` +- native event open succeeded +- `StartQuery` succeeded +- one event row returned +- no Historian-port `connect`/`send`/`recv` events +- no tracked named-pipe or interesting file `ReadFile`/`WriteFile` payloads + +For the local event scenario, the successful wrapper path is therefore not +visible through the current Winsock or named-pipe hook set. Keep the preload +pause because it is useful for future lower-level hooks, but the next byte +capture should target CLR method arguments, API Monitor at the native/WCF DLL +boundary, or a real remote/relay path where traffic leaves the process. + +The remote relay path does expose event-mode transport, but it still stops at +the security layer. With endpoint-host rewriting enabled, event mode sends +`/HistCert` over `application/ssl-tls`, then repeats `/Hist-Integrated` over +`application/negotiate` with NTLMSSP messages. The server returns a short reject +record before the native harness reaches connected state, so this path has +endpoint/security evidence but still no query payload evidence. + +## aahClient Export Hook Pass + +`scripts\frida\aahclient-exports.js` and +`scripts\Attach-NativeTraceHarnessAahClientExportCapture.ps1` hook the +procedural `mdas_*` exports from `aahClient.dll` if that DLL is loaded. The +first local direct history run attached before `aahClientManaged.dll` load and +the native read succeeded, but Frida never observed `aahClient.dll` being loaded +and installed no export hooks. A separate `-DumpLoadedModules` run of the older +PowerShell harness also showed only `aahClientManaged.dll` among the current +AVEVA DLL set during a successful wrapper read. + +That rules out `aahClient.dll` exports as the immediate capture boundary for +the active wrapper path. The `mdas_*` exports may still describe a separate +native client ABI, but they are not the calls currently made by +`HistoryQuery.StartQuery` in this harness. + +## System Boundary Hook Pass + +`scripts\frida\aahclientmanaged-system-boundary.js` and +`scripts\Attach-NativeTraceHarnessSystemBoundaryCapture.ps1` hook the imported +system/API boundary used by `aahClientManaged.dll`: file I/O, `NtCreateFile`, +`NtReadFile`, `NtWriteFile`, `NtDeviceIoControlFile`, DNS, exported Winsock +connect/send/recv APIs, `WSAIoctl`, `mswsock` extension exports, Secur32, +Crypt32, and NetAPI. + +Local direct history and same-machine remote-IP reads still succeeded without +file/pipe/socket/security callbacks beyond hook installation. This reinforces +that the local Historian path is optimized below the query surface we need. + +The Debian relay run adds one sharper fact. The relay accepted connections from +the Windows host, and the Windows TCP owner monitor attributed the established +connection to the `AVEVA.Historian.NativeTraceHarness` PID. Even with hooks +installed in that same PID before `OpenConnection`, no exported Winsock, +`WSAIoctl`, `mswsock`, or `NtDeviceIoControlFile` callbacks fired. The relay +connection still reset before the harness reached `ConnectedToServer = true`. + +That makes raw Frida export hooks insufficient for the remaining transport +capture. The next local capture mechanism should be ETW/netsh/WFP/kernel-level +network tracing, API Monitor/Detours below the wrapper, or CLR profiler/IL +instrumentation inside the mixed-mode assembly. diff --git a/docs/reverse-engineering/getnexteventrow-memory-latest.json b/docs/reverse-engineering/getnexteventrow-memory-latest.json new file mode 100644 index 0000000..5b8bd98 --- /dev/null +++ b/docs/reverse-engineering/getnexteventrow-memory-latest.json @@ -0,0 +1,81 @@ +{ + "Rows": [ + { + "Index": 0, + "Sha256": "ed1b47b525e0b6376a4971cb3f0b0cc41e210c861c0c9dbff3bed7aaf56cedd8", + "ManagedEventTimeUtc": "2026-04-26T01:24:13.6890000Z", + "ManagedReceivedTimeUtc": "2026-04-26T01:24:14.0694578Z", + "ManagedEventType": "User.Write.Secured", + "EventTimeFileTimeOffsets": [ + "0x0018" + ], + "ReceivedTimeFileTimeOffsets": [], + "UInt32_0": 2425116024, + "UInt32_4": 32764, + "UInt32_16": 3276024449, + "UInt32_24": 1681784464, + "CandidateGuidsFirst512": [ + "0x0000:908c5578-7ffc-0000-f9d6-0943872add44", + "0x0008:4309d6f9-2a87-44dd-812a-44c3da2a0d48", + "0x0010:c3442a81-2ada-480d-90fe-3d641bd5dc01", + "0x0018:643dfe90-d51b-01dc-0000-000000000000", + "0x0028:43e1fa80-015d-0000-b04b-f4255d012600", + "0x0030:25f44bb0-015d-0026-1200-000000000000", + "0x0048:cac30000-7ffc-0000-30e2-c3cafc7f0000", + "0x0088:c82f0000-0031-0000-b5eb-67cafc7f0000" + ] + }, + { + "Index": 1, + "Sha256": "59226efdb1ec72d19ac46d49c6b34738f7cbc9b0cbb9073024b13aaffb2c79c5", + "ManagedEventTimeUtc": "2026-04-26T01:27:27.5750000Z", + "ManagedReceivedTimeUtc": "2026-04-26T01:27:28.0515993Z", + "ManagedEventType": "User.Write.Secured", + "EventTimeFileTimeOffsets": [ + "0x0018" + ], + "ReceivedTimeFileTimeOffsets": [], + "UInt32_0": 2425116024, + "UInt32_4": 32764, + "UInt32_16": 1261349795, + "UInt32_24": 3620644464, + "CandidateGuidsFirst512": [ + "0x0000:908c5578-7ffc-0000-1a66-179b9f7f7641", + "0x0008:9b17661a-7f9f-4176-a3ab-2e4bd2bdf7af", + "0x0010:4b2eaba3-bdd2-aff7-70a6-ced71bd5dc01", + "0x0018:d7cea670-d51b-01dc-0000-000000000000", + "0x00C8:3f800000-015d-0000-5036-de435d010000", + "0x00E0:43df1b30-015d-0000-301f-df435d010000", + "0x00E8:43df1f30-015d-0000-301f-df435d010000", + "0x0110:ca5fa300-7ffc-0000-01d1-f7e569d20000" + ] + }, + { + "Index": 2, + "Sha256": "780af7ec3a20ca264d16357c64e47bae7782d2e0cf38bb4a144c69160d25d7d0", + "ManagedEventTimeUtc": "2026-04-26T01:27:55.5750000Z", + "ManagedReceivedTimeUtc": "2026-04-26T01:27:56.0491226Z", + "ManagedEventType": "User.Write.Secured", + "EventTimeFileTimeOffsets": [ + "0x0018" + ], + "ReceivedTimeFileTimeOffsets": [], + "UInt32_0": 2425116024, + "UInt32_4": 32764, + "UInt32_16": 203626129, + "UInt32_24": 3900644464, + "CandidateGuidsFirst512": [ + "0x0000:908c5578-7ffc-0000-6409-7dc6ab5afb44", + "0x0008:c67d0964-5aab-44fb-9116-230c0dd54f03", + "0x0010:0c231691-d50d-034f-701c-7fe81bd5dc01", + "0x0018:e87f1c70-d51b-01dc-0000-000000000000", + "0x0048:c82f0000-0031-0000-8434-80cafc7f0000", + "0x00C8:3f800000-0000-0000-5036-de435d010000", + "0x00E0:43df06e0-015d-0000-e00a-df435d010000", + "0x00E8:43df0ae0-015d-0000-e00a-df435d010000" + ] + } + ], + "Count": 3, + "Notes": "Raw EventQueryResultRow snapshots are retained only under ignored artifacts. This doc stores hashes, managed timestamps, and matching FILETIME offsets." +} diff --git a/docs/reverse-engineering/getnextrow-dataqueryresultrow-memory-latest.json b/docs/reverse-engineering/getnextrow-dataqueryresultrow-memory-latest.json new file mode 100644 index 0000000..2b3ad26 --- /dev/null +++ b/docs/reverse-engineering/getnextrow-dataqueryresultrow-memory-latest.json @@ -0,0 +1,29 @@ +{ + "CapturedLength": 512, + "UInt32_4": 1, + "HexFirst256": [ + "0000: EE 00 00 00 01 00 00 00 10 2A 4B E7 3B 02 00 00 .........*K.;...", + "0010: 00 00 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................", + "0020: 1F 00 00 00 00 00 00 00 5E A1 29 8D 76 D9 DC 01 ........^.).v...", + "0030: 85 00 00 00 F8 00 00 00 C0 00 00 00 00 00 00 00 ................", + "0040: 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 ................", + "0050: 08 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 ................", + "0060: 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................", + "0070: 00 00 00 00 FC 7F 00 00 00 00 00 00 00 00 00 00 ................", + "0080: 00 00 00 00 00 00 59 40 00 00 00 00 00 00 00 00 ......Y@........", + "0090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................", + "00A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................", + "00B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................", + "00C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................", + "00D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................", + "00E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................", + "00F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................" + ], + "UInt32_304": 0, + "UInt32_0": 238, + "Sha256": "2c2cb06988187c1bd7793a52a71f33599542a69d5e83885c583de8bf3df5d43b", + "UInt32_308": 0, + "Int64_48": 1065151889541, + "UInt32_300": 0, + "Double_80": 2.590366E-318 +} diff --git a/docs/reverse-engineering/getnextrow-interpolated-memory-latest.json b/docs/reverse-engineering/getnextrow-interpolated-memory-latest.json new file mode 100644 index 0000000..b415f8b --- /dev/null +++ b/docs/reverse-engineering/getnextrow-interpolated-memory-latest.json @@ -0,0 +1,30 @@ +{ + "Count": 2, + "Rows": [ + { + "Index": 0, + "Sha256": "09de8a05e230f8367265a3034d8d1fac17b34afeeb122ebfdbfe699a41855a99", + "TagKey": 238, + "EndUtc_0x28": "2026-05-01T14:36:00.7909908Z", + "StartUtc_0x150": "2026-04-24T15:56:00.7909908Z", + "Quality_0x30": 0, + "QualityDetail_0x34": 248, + "OpcQuality_0x38": 192, + "PercentGood_0x80": 100.0, + "ResolutionCandidate_0x1B8": 7 + }, + { + "Index": 1, + "Sha256": "09de8a05e230f8367265a3034d8d1fac17b34afeeb122ebfdbfe699a41855a99", + "TagKey": 238, + "EndUtc_0x28": "2026-05-01T14:36:00.7909908Z", + "StartUtc_0x150": "2026-04-24T15:56:00.7909908Z", + "Quality_0x30": 0, + "QualityDetail_0x34": 248, + "OpcQuality_0x38": 192, + "PercentGood_0x80": 100.0, + "ResolutionCandidate_0x1B8": 7 + } + ], + "Notes": "Interpolated row layout matches aggregate time-bound offsets in this fixture; second capture duplicates the first after no-more-data." +} diff --git a/docs/reverse-engineering/getnextrow-timeweightedaverage-memory-latest.json b/docs/reverse-engineering/getnextrow-timeweightedaverage-memory-latest.json new file mode 100644 index 0000000..82180b9 --- /dev/null +++ b/docs/reverse-engineering/getnextrow-timeweightedaverage-memory-latest.json @@ -0,0 +1,45 @@ +{ + "Count": 3, + "Rows": [ + { + "Index": 0, + "Sha256": "171fee4de57c4130a7d716a26906eb4481328ffb931251ad49acc0182f384578", + "TagKey": 238, + "EndUtc_0x28": "2026-05-01T14:34:18.8170203Z", + "StartUtc_0x150": "2026-04-24T15:54:18.8170203Z", + "Quality_0x30": 0, + "QualityDetail_0x34": 64, + "OpcQuality_0x38": 64, + "PercentGood_0x80": 19.614948272705078, + "ResolutionScaled_0x1A8": 0, + "ResolutionCandidate_0x1B8": 7 + }, + { + "Index": 1, + "Sha256": "ff8848ca8765fe97f76a82a2006511ccfb055b139a6eced3ded9715261e12d86", + "TagKey": 238, + "EndUtc_0x28": "2026-05-02T14:34:18.8170203Z", + "StartUtc_0x150": "2026-05-01T14:34:18.8170203Z", + "Quality_0x30": 0, + "QualityDetail_0x34": 4160, + "OpcQuality_0x38": 64, + "PercentGood_0x80": 99.99822998046875, + "ResolutionScaled_0x1A8": 0, + "ResolutionCandidate_0x1B8": 7 + }, + { + "Index": 2, + "Sha256": "ff8848ca8765fe97f76a82a2006511ccfb055b139a6eced3ded9715261e12d86", + "TagKey": 238, + "EndUtc_0x28": "2026-05-02T14:34:18.8170203Z", + "StartUtc_0x150": "2026-05-01T14:34:18.8170203Z", + "Quality_0x30": 0, + "QualityDetail_0x34": 4160, + "OpcQuality_0x38": 64, + "PercentGood_0x80": 99.99822998046875, + "ResolutionScaled_0x1A8": 0, + "ResolutionCandidate_0x1B8": 7 + } + ], + "Notes": "0x28 is managed EndDateTime for aggregate rows; 0x150 is managed StartDateTime. Last two captures are duplicate no-more-data snapshots." +} diff --git a/docs/reverse-engineering/handoff.md b/docs/reverse-engineering/handoff.md new file mode 100644 index 0000000..faef8eb --- /dev/null +++ b/docs/reverse-engineering/handoff.md @@ -0,0 +1,1099 @@ +# AVEVA Historian Managed Driver Handoff + +Last updated: 2026-05-04 (event-flow prereqs) + +## Project Direction + +The project goal is still a fully managed .NET 10 C# AVEVA Historian client. +The production SDK must not depend on `aahClientManaged.dll`, `aahClient.dll`, +or any other AVEVA native runtime binary. + +Do not pivot to REST or a P/Invoke production shim unless the project +requirements change. Native and P/Invoke tools in this repo are reverse +engineering aids only. + +Required production surface remains narrowly scoped: + +- `ProbeAsync` +- `ReadRawAsync` +- `ReadAggregateAsync` +- `ReadAtTimeAsync` +- `ReadEventsAsync` +- `BrowseTagNamesAsync` +- `GetTagMetadataAsync` + +Writes are out of scope for the current pass. + +## Repository Map + +- `AGENTS.md` - standing project instructions and constraints. +- `instructions.md` - original plan and decision record. +- `current\` - deployed sidecar dependency DLL set; use this first for wrapper + behavior. +- `aveva-install-x64\` and `aveva-install-x86\` - full installed AVEVA DLL + sets for comparison. +- `src\AVEVA.Historian.Client\` - production managed SDK. +- `tests\AVEVA.Historian.Client.Tests\` - unit and gated integration tests. +- `tools\AVEVA.Historian.ReverseEngineering\` - .NET 10 CLI for static + inspection, WCF probes, and IL-rewrite generation. +- `tools\AVEVA.Historian.NativeTraceHarness\` - .NET Framework native-wrapper + comparison harness. Reverse-engineering only. +- `tools\AVEVA.Historian.NetFxWcfProbe\` - .NET Framework WCF probe used to + rule out .NET 10 WCF-only differences. +- `tools\AVEVA.Historian.ReverseInstrumentation\` - helper assembly injected + into rewritten wrapper copies for sanitized logging. +- `tools\AVEVA.Historian.WcfCaptureServer\` - fake WCF capture server used for + endpoint experiments. +- `scripts\` - PowerShell runners and Frida scripts. +- `docs\reverse-engineering\` - sanitized notes and small evidence summaries. +- `artifacts\reverse-engineering\` - ignored raw/sensitive runtime artifacts. + Do not commit raw captures or identity-bearing logs. + +## Build And Test + +From the repository root, normally `%USERPROFILE%\Desktop\histsdk`: + +```powershell +dotnet build .\Histsdk.slnx --no-restore +dotnet test .\Histsdk.slnx --no-build --logger "console;verbosity=minimal" +``` + +Current known-good result: + +- Build succeeds. +- Unit tests pass: 55/55. + +The repository folder is not currently a Git working tree in this checkout, so +use file timestamps or your own external backup if you need change tracking. + +## Environment Variables + +Live integration tests and probes are gated by environment variables: + +```powershell +$env:HISTORIAN_HOST = "" +$env:HISTORIAN_PORT = "32568" +$env:HISTORIAN_USER = "" +$env:HISTORIAN_PASSWORD = "" +$env:HISTORIAN_TEST_TAG = "" +$env:HISTORIAN_TAG_FILTER = "" +``` + +Do not write actual credentials into docs, scripts, captures, or command logs. +The scripts read these values from the process environment. + +## Useful Commands + +Probe managed WCF endpoints: + +```powershell +dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- wcf-probe $env:HISTORIAN_HOST 32568 +dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- wcf-cert-probe $env:HISTORIAN_HOST 32568 localhost +``` + +Test the positive managed tag-browse route: + +```powershell +dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- wcf-like-tag-browse $env:HISTORIAN_HOST 32568 $env:HISTORIAN_TAG_FILTER +``` + +Run a bounded negative `StartQuery2` replay without burning the full matrix: + +```powershell +dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- wcf-start-query $env:HISTORIAN_HOST 32568 $env:HISTORIAN_TEST_TAG --max-attempts 1 --timeout-seconds 3 +``` + +Run the native wrapper comparison harness: + +```powershell +dotnet run --project tools\AVEVA.Historian.NativeTraceHarness -- --scenario history --tag $env:HISTORIAN_TEST_TAG --lookback-minutes 1440 +dotnet run --project tools\AVEVA.Historian.NativeTraceHarness -- --scenario event --lookback-minutes 10080 +``` + +Search local Galaxy Repository for historized tags: + +```powershell +powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\Find-GalaxyHistorizedTags.ps1 +``` + +Prompt for Historian credentials in a PowerShell window: + +```powershell +powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\Prompt-HistorianCredentialsAndOpen2.ps1 +``` + +## Script Locations + +Credential/session helpers: + +- `scripts\Prompt-HistorianCredentialsAndOpen2.ps1` +- `scripts\Test-AahClientManagedOpen.ps1` +- `scripts\Test-AahClientManagedReadIntegrated.ps1` + +Native/wrapper capture runners: + +- `scripts\Run-AahClientManagedFridaCapture.ps1` +- `scripts\Attach-AahClientManagedFridaCapture.ps1` +- `scripts\Attach-NativeTraceHarnessRuntimePointerCapture.ps1` +- `scripts\Attach-NativeTraceHarnessWinsockCapture.ps1` +- `scripts\Attach-NativeTraceHarnessSystemBoundaryCapture.ps1` +- `scripts\Attach-NativeTraceHarnessAahClientExportCapture.ps1` + +Server-side ValCl probe: + +- `scripts\Capture-AahClientAccessPointValClContext.ps1` +- `scripts\frida\aahclientaccesspoint-valcl-context.js` + +Network/relay experiments: + +- `scripts\Attach-SystemBoundaryViaDebianRelay.ps1` +- `scripts\Run-DebianHistorianRelayCapture.ps1` +- `scripts\Run-PktmonDebianRelayCapture.ps1` +- `scripts\Start-WcfOpen2CaptureServer.ps1` + +Frida hook implementations: + +- `scripts\frida\aahclientmanaged-open-query.js` +- `scripts\frida\aahclientmanaged-system-boundary.js` +- `scripts\frida\aahclientmanaged-winsock.js` +- `scripts\frida\aahclient-exports.js` + +## Current Evidence Summary + +Positive evidence: + +- Fully managed WCF/MDAS endpoint probing works. +- `/Hist`, `/Retr`, `/Stat`, and `/Trx` `GetV` calls are reachable. +- `/HistCert` is reachable with MDAS over transport security. +- `/Hist-Integrated` accepts managed Windows integrated `Open2`. +- The returned `Open2` handle is accepted by `Retr.IsOriginalAllowed`. +- Managed wildcard tag browse works through: + - `Retr.StartLikeTagNameSearch` + - `Retr.GetLikeTagnames` +- Native wrapper history reads succeed in the direct/local path for known + historized tags. +- Native wrapper event query succeeds and returns sanitized local-dev rows. +- `DataQueryRequest` serialization is byte-matched for: + - full/raw request + - time-weighted aggregate request + - interpolated request +- `EventQueryRequest` serialization is byte-matched for the current empty-filter + event query fixture. +- `OpenConnection3` request/response layout is partially decoded: + - request byte `0`: version `6` + - request bytes `1..16`: authenticated context GUID + - request byte `17`: content selector + - response byte `0`: version `3` + - response bytes `1..4`: transient `/Retr` client handle + - response includes storage session id, connect time, and server time + +Negative evidence: + +- `Open2` by itself is not enough for history/event query starts. +- Direct managed `/Retr.StartQuery2` fails even with byte-matched + `DataQueryRequest` bytes. +- The bounded current replay shape is: + - `/Hist-Integrated Open2` succeeds + - `Retr.IsOriginalAllowed` returns true + - `StartQuery2` returns `false` + - response and error buffers are empty + - legacy `StartQuery` may fault with a server null-reference +- Query failure is not caused by: + - wrong basic WCF service path + - wrong MDAS content type + - wrong `DataQueryRequest` serializer + - wrong `QueryType` sweep + - wrong common selector flag variants + - missing `IsOriginalAllowed` + - simple explicit username/password mismatch +- Managed standalone `ValCl` replay reproduces the first native wrapped NTLM + token but still fails at round 0. +- Running the same managed `ValCl` path through .NET Framework also fails, so + this is not just a .NET 10 WCF behavior difference. + +## Active Blocker + +**Resolved on `2026-05-04`.** The previous blocker — managed `ValCl` +rejected by the server — had two causes, both now fixed: + +1. **WCF parameter-name mismatch.** SDK and probe declared the + `ValidateClientCredential` byte parameters as `inputBuffer` / + `outputBuffer`; the actual server contract (per `ildasm` of + `aahClientAccessPoint.exe`) uses `inBuff` / `outBuff`. WCF derives + body element names from the C# parameter name, so the server's + deserialiser was ignoring the unknown `` element and + `arg.2` was null, NRE-ing at IL `0x01AA`. Fixed via + `[MessageParameter(Name = "inBuff")]` / `Name = "outBuff"` in the + probe and in `src/AVEVA.Historian.Client/Wcf/Contracts/IHistoryServiceContract2.cs` + and `IStorageServiceContract.cs`. +2. **SSPI request-flag mismatch.** Probe used `ALLOCATE_MEMORY | + CONFIDENTIALITY | INTEGRITY | CONNECTION = 0x10910`; the native + wrapper uses `0x2081C` round 0 / `0x81C` round 1+ (adds + `IDENTIFY` round 0 and `REPLAY_DETECT` + `SEQUENCE_DETECT` always). + The REPLAY/SEQUENCE pair gates NTLM MIC generation; without it, + `AcceptSecurityContext` rejects round 1 with + `SEC_E_INVALID_TOKEN`. Fixed in the probe's `SspiClient`. + +The full chain a successful native read uses is now reproducible from +a fully managed client end-to-end: + +1. `Hist-Integrated.GetV` → version `11` +2. `Hist-Integrated.ValCl` round 0 (69 → 239 bytes) ✓ +3. `Hist-Integrated.ValCl` round 1 (93 → 1 byte terminal) ✓ + +The next evidence layers — `OpenConnection3` (with the now-known +context key), `Retr.IsOriginalAllowed`, and `Retr.StartQuery2` — +should now work, because the native context-map registration that +`ProcessServerToken` performs has finally been completed by a managed +client. Run the same managed sequence and observe whether +`OpenConnection3` returns the expected 42-byte response and whether +`StartQuery2` returns a non-empty result for +`OtOpcUaParityTest_001.Counter`. + +## Next Pickup Steps + +`scripts\Capture-AahClientAccessPointValClContext.ps1` cannot get server-side +helper visibility on this host. Both scenarios were re-run on `2026-05-03` +from an elevated PowerShell session (Admin, High Mandatory Label, +`SeDebugPrivilege` enabled) and Frida attach into `aahClientAccessPoint.exe` +(running as `NT SERVICE\aahClientAccessPoint`) was rejected with +`Failed to attach: process with pid either refused to load frida-agent, +or terminated during injection`. The actual Frida Python exception is +`frida.ProcessNotRespondingError`, which means the agent injection +handshake did not complete in time, not a load-time refusal. The probes +themselves still ran cleanly: NativeRead reproduced the canonical fixture +row, and ManagedValCl reproduced the type-4/code-1 round-zero failure with +the canonical wrapped-NTLM prefix. + +Hypotheses already ruled out on this host: + +- **Process mitigation policy.** `Get-ProcessMitigation -Id ` reports + every category OFF for the service, including + `BinarySignature.MicrosoftSignedOnly`, `DynamicCode.BlockDynamicCode`, + `Cfg.Enable`, `ImageLoad.BlockRemoteImageLoads`, + `ExtensionPoint.DisableExtensionPoints`, and `UserShadowStack.*`. +- **DACL / token.** `OpenProcess(PROCESS_ALL_ACCESS)` from the elevated + token succeeds, including `PROCESS_VM_OPERATION`, `PROCESS_VM_WRITE`, and + `PROCESS_CREATE_THREAD`. +- **Bitness.** Cross-bitness Frida (64-bit Python attaching to a fresh + `C:\Windows\SysWOW64\cmd.exe`) works. +- **AV / EDR.** Defender real-time protection, behavior monitoring, and + on-access protection are OFF; no third-party AV/EDR is registered with + `SecurityCenter2`; no EDR-style filter driver is active. +- **IFEO / AppInit.** No IFEO debugger entry for `aahClientAccessPoint.exe`; + `AppInit_DLLs` empty in 64-bit and WOW64 hives. +- **Frida realm / persist_timeout knobs.** `realm='native'`, + `realm='emulated'`, and `persist_timeout=30` all fail identically. + +Likely remaining cause: service-internal — `aahClientAccessPoint.exe` runs +~150 threads, many in `EventPairLow` ALPC/SCM waits, and Frida's manual +mapper does not get a cooperative thread to complete its RPC bootstrap. + +ETW SSPI tracing then produced the actionable evidence Frida could not. +A `logman` session capturing `LsaSrv`, `LSA`, +`Microsoft-Windows-NTLM`, `NTLM Security Protocol`, and +`Security: NTLM Authentication` providers at level `0xFF` and keywords +`0xFFFFFFFFFFFFFFFF` recorded **10 SSPI events from +`aahClientAccessPoint` during a successful native read (Ids 30, 34, 35, +40, 84, 10, 12, 16, 17, 86 in a 47 ms burst) and zero from the same +process during a failing managed ValCl run**. lsass-side SSPI activity +also drops 35x in the failing run (4330 → 121 events). The implication +is that the long-standing +`HistoryService.ValidateClientCredential caught NullReferenceException +at line 1593` fires *before* reaching `CServerNode.ProcessServerToken` +at IL `0x01DC`, i.e. between `Guid.TryParse(handle)` at IL `0x012A` and +the ProcessServerToken call site. Likely culprits: `CServerBuffer` +vtable allocation at IL `0x0183`, the byte-array pointer/length copy +into buffer `+72/+76`, or a parameter pull from +`ServiceSecurityContext.Current` whose `WindowsIdentity` is null on the +plain `Security.Mode = None` pipe binding. + +Static IL inspection of `HistoryService.ValidateClientCredential` +(token `0x06000774`, 779 instructions, in mixed-mode +`aahClientAccessPoint.exe`) enumerates every NRE-capable instruction +on the straight-line path before the ProcessServerToken call and +narrows the failure to five candidates (full table in +`openconnection3-correlation-latest.json` +`ValidateClientCredentialIlNreCandidates`): + +- `0x00ED` — `LogHistorianMessage(... CServerClient*, ...)` in the + prologue. NREs if the `CServerClient*` is null on the failing + binding. +- `0x017E` and `0x0182` — vtable derefs in the allocator chain at + `&g_ClientAccessPoint + 2328` → vtable → +40. NREs if the field is + uninitialised; ruled out as the differentiator because + `g_ClientAccessPoint` is a process-wide singleton. +- `0x01AA` (`ldelema`) and `0x01B2` (`ldlen`) on `arg.2 = byte[] + inputBuffer`. NREs if WCF deserialises the buffer as null even + though 69 bytes are on the wire. + +The two custom-error paths in this method (code `28` for invalid GUID +text at `0x012F`, code `204` for allocator-null at `0x018A`) are both +explicitly handled, so neither would manifest as the logged +`NullReferenceException`. + +Differential analysis against the successful native local read (which +uses the same `Security.Mode = None` pipe binding) rules out the +prologue and the static-singleton vtable chain as differentiators. The +**byte-array deref at `0x01AA`/`0x01B2` is the most plausible remaining +candidate** because it depends on WCF body deserialisation which can +silently differ between the managed probe and the native wrapper even +when both sides claim the same operation contract. + +SOAP-body comparison via WCF message logging in the .NET Framework +probe resolved this. The wire body sent +`BASE64DATA` but the response used +``. `ildasm` against `aahClientAccessPoint.exe` +confirmed the actual server contract is + +```il +ValidateClientCredential(string handle, uint8[] inBuff, + [out] uint8[]& outBuff, + [out] uint8[]& errorBuffer) +``` + +WCF derives the request body element name from the C# parameter name, +so the probe's `inputBuffer` parameter produced `` on the +wire and the server's WCF deserialiser ignored that unknown element, +leaving server-side `arg.2 = inBuff = null`. IL `0x01AA` `ldelema +System.Byte` then NREs and the C++/CLI catch handler converts it to +native error type 4 / code 1. + +Adding `[MessageParameter(Name = "inBuff")]` and `[MessageParameter(Name += "outBuff")]` to the probe's `ValidateClientCredential` declaration +unblocks the request: + +- **Round 0:** `ServerSuccess=true`, `ServerOutputLength=239`, + `ServerContinue=true`, output prefix `01 4e 54 4c 4d 53 53 50 00 02 + ...` (continue byte + NTLMSSP type-2 challenge). Matches the + documented native-success "69→239 byte" first round exactly. +- **Round 1:** `Type=129 Code=0x80090308 = SEC_E_INVALID_TOKEN` with a + 100-byte error buffer whose ASCII payload includes + `aahClientAccessPoint::CServerContext::ProcessClientToken` and + `InitializeSecurityContext`. The original parameter-binding NRE is + gone; the next layer of failure is real SSPI rejection inside + `AcceptSecurityContext`. + +The same `[MessageParameter]` fix is now applied to the production SDK +contracts `IHistoryServiceContract2.ValidateClientCredential` and +`IStorageServiceContract.ValidateClientCredential`. `ildasm` also +revealed the same parameter-naming mismatch on +`EnsT`/`EnsT2`/`RTag2`/`ExKey`/`StJb`/`GtJb` with their current SDK +declarations; those operations are not on the read-only SDK path so +they are intentionally left alone for now (audit when those flows +become required — see `ServerContractAuditedOtherOperationsWithLikelySameMismatch` +in `openconnection3-correlation-latest.json` for the table). + +Native SSPI flag replication on `2026-05-04` resolved +`SEC_E_INVALID_TOKEN`. Decoded native flags: + +- `0x2081C` round 0 = `ISC_REQ_IDENTIFY | ISC_REQ_CONNECTION | + ISC_REQ_CONFIDENTIALITY | ISC_REQ_SEQUENCE_DETECT | + ISC_REQ_REPLAY_DETECT` +- `0x81C` round 1+ = same minus `ISC_REQ_IDENTIFY` + +The probe was missing `ISC_REQ_REPLAY_DETECT`, +`ISC_REQ_SEQUENCE_DETECT`, and round-0 `ISC_REQ_IDENTIFY`. The +REPLAY/SEQUENCE pair gates NTLM MIC generation in the type-3 +response; without it the server's `AcceptSecurityContext` rejects with +`SEC_E_INVALID_TOKEN`. Adding those flags (and tracking the round +count internally in `SspiClient`, keeping `ALLOCATE_MEMORY` for +buffer convenience) reproduces the documented native two-round +sequence byte-for-byte from a managed client: + +| Round | Wire | Server output | Continue | Error | +|---|---|---|---|---| +| 0 | 69 wrapped | 239 (NTLM type-2 challenge) | true | none | +| 1 | 93 wrapped | **1 byte (`0x00` terminal)** | false | **none** | + +`FinalServerSuccess: true`, `FinalNativeError: null`. The long-standing +managed `ValCl` blocker is resolved. The chain a successful native +read uses is now reproducible from a managed client end-to-end: + +1. `Hist-Integrated.GetV` → version `11` +2. `Hist-Integrated.ValCl` round 0 (69 → 239 bytes) ✓ +3. `Hist-Integrated.ValCl` round 1 (93 → 1 byte terminal) ✓ + +End-to-end chain verification on `2026-05-04`. The .NET Framework +probe was extended to chain `Hist.Open2` (replaying the captured +1346-byte v6 request with the leading 16 context-key bytes spliced to +match the managed `ValCl` GUID), then `Retr.IsOriginalAllowed`, then +`Retr.StartQuery2` (replaying the captured 251-byte +`OtOpcUaParityTest_001.Counter` `DataQueryRequest`). Result: + +| Step | Outcome | +|---|---| +| `Hist.Open2` | 42 bytes, version `0x03`, transient `/Retr` client handle decoded | +| `Retr.GetV` | version `4` | +| `Retr.IsOriginalAllowed(handle)` | return code `0`, `isAllowed = true` | +| `Retr.StartQuery2(handle, 1, 251 bytes, ...)` | `Success=true`, response **31 bytes**, `QueryHandlePresent=true`, no error | + +The 31-byte `StartQuery2` response SHA-256 +`4c062b5ce8181308f0f46bfd8c6088acb52e6ade94401651b7d3ccc8952edfb5` +is **byte-for-byte identical** to the previously captured native +success response. The full AVEVA Historian native wire protocol chain +through `StartQuery2` is now reproducible end-to-end from a fully +managed client. + +This required one additional contract fix: +`IRetrievalServiceContract2` had the same parameter-name mismatch +class. Server uses `pRequestBuff` / `pResponseBuff` / `errSize` / `err` +on `StartQuery2` (and `pResultBuff` / `errSize` / `err` on +`GetNextQueryResultBuffer2`, `errSize` / `err` on `EndQuery2`). +`[MessageParameter(Name = ...)]` attributes added to +`src/AVEVA.Historian.Client/Wcf/Contracts/IRetrievalServiceContract2.cs`. + +Reproduce the chain with: + +```powershell +.\tools\AVEVA.Historian.NetFxWcfProbe\bin\Debug\net481\AVEVA.Historian.NetFxWcfProbe.exe ` + --endpoint "net.pipe://localhost/Hist" ` + --retr-endpoint "net.pipe://localhost/Retr" ` + --open2-replay .\artifacts\reverse-engineering\openconnection3-request-replay.bin ` + --data-query-replay .\artifacts\reverse-engineering\startdataquery-request-replay.bin +``` + +The two `*.bin` inputs are extracted from +`artifacts/reverse-engineering/instrumented-openconnection3-correlation/capture.ndjson` +(`OpenConnection3.Request` and `StartDataQuery.Request` Base64 +fields) and stay under `artifacts/` (gitignored). The probe stdout +JSON only echoes lengths, SHAs, version bytes, and prefix hex; it +does not echo identity payloads or transient handle values. + +Production SDK note: `src/AVEVA.Historian.Client` currently has no +SSPI client (only wrap/unwrap helpers in +`HistorianWcfAuthenticationProtocol`). When the SDK auth flow is +wired for the production read path, it must use the same +native-equivalent flags. .NET 10's +`System.Net.Security.NegotiateAuthentication` does not expose +`ISC_REQ_*` directly; P/Invoke `InitializeSecurityContextW` (or +equivalent) to set `IDENTIFY` + `REPLAY_DETECT` + `SEQUENCE_DETECT` +explicitly. Reference implementation in +`tools/AVEVA.Historian.NetFxWcfProbe/Program.cs` `SspiClient`. + +The protocol is now fully understood end-to-end for the read path; +remaining work is plumbing — replace the captured-replay `Open2` +payload with `HistorianOpen2Protocol.SerializeNativeOpenConnection3Version6` +(already in the SDK), then chain `ValCl → Open2 → /Retr.StartQuery2 → +/Retr.GetNextQueryResultBuffer2` for the canonical read fixture. + +Production SDK plumbing landed on `2026-05-04`. The fully managed +.NET 10 SDK now reads history end-to-end against the live local +Historian. New SDK pieces: + +- `Wcf/HistorianSspiClient.cs` — managed SSPI client, P/Invokes + `InitializeSecurityContextW` with native flags `0x2081C` round 0 / + `0x81C` later. `[SupportedOSPlatform("windows")]`. +- `Wcf/HistorianWcfBindingFactory.CreateMdasNetNamedPipeBinding` + + `CreatePipeEndpointAddress` — Named Pipe transport for the local + Historian. `[SupportedOSPlatform("windows")]`. +- `Wcf/HistorianDataQueryProtocol.TryParseGetNextQueryResultBufferRows` — + parses `UInt16 version=9` + `UInt32 rowCount` + N self-describing + rows; recognises the 5-byte `04 1E 00 00 00` ("no more data") + terminal. +- `Wcf/HistorianWcfReadOrchestrator.cs` — chains `Hist.GetV → + Hist.ValCl × N → Hist.Open2 → /Retr.GetV → + Retr.IsOriginalAllowed → Retr.StartQuery2 → loop + Retr.GetNextQueryResultBuffer2`. Builds the OpenConnection3 v6 + request through `HistorianOpen2Protocol.SerializeNativeOpenConnection3Version6` + with documented native constants (`ClientType=4`, + `ConnectionMode=0x402`, `FormatVersion=4`, `HcalVersion=17`, + `DataSourceId="2020.406.2652.2"`). +- `HistorianClientOptions.Transport` (defaults to `LocalPipe`) and + `HistorianClientOptions.TargetSpn` (defaults to + `NT SERVICE\aahClientAccessPoint`). +- `Models/HistorianSample.PercentGood`. +- `Protocol/Historian2020ProtocolDialect.ReadRawAsync` now delegates + to the orchestrator on Windows + `LocalPipe`. + +`ReadRawAsync` against the live local Historian for the canonical +`OtOpcUaParityTest_001.Counter` fixture returns parsed +`HistorianSample` rows including `Quality`, `OpcQuality`, +`QualityDetail`, `NumericValue`, `PercentGood`, and `TimestampUtc`. + +Test coverage: + +- **Without** the integration env vars: 64/64 unit tests pass + (golden-byte coverage of SSPI flag selection, Named Pipe binding + shape, and the row-buffer parser for the captured 570-byte + fixture). +- **With** `HISTORIAN_HOST=localhost` + + `HISTORIAN_TEST_TAG=OtOpcUaParityTest_001.Counter`: 69/69 pass, + including + `HistorianClientIntegrationTests.ReadRawAsync_AgainstLocalHistorian_ReturnsAtLeastOneRow` + which exercises the full managed chain end-to-end. + +Reverse-engineering for the read path is **complete**. Remaining +follow-up work (not blocked by protocol discovery — only plumbing): + +- Aggregate row layouts (`Interpolated`, `TimeWeightedAverage`) and + `ReadAggregateAsync` / `ReadAtTimeAsync` wiring (use the per-mode + `dnlib` row captures already in `docs/reverse-engineering/`). +- `ReadEventsAsync` wiring (`StartEventQuery` request bytes are + already byte-matched; need event row layout + a similar + orchestrator). +- Remote TCP transports (`RemoteTcpIntegrated`, + `RemoteTcpCertificate`). +- Explicit username/password authentication (current orchestrator is + integrated-only). +- `[MessageParameter]` audit on the other contracts ildasm flagged + with parameter-name mismatches: `EnsT`, `EnsT2`, `RTag2`, `ExKey`, + `StJb`, `GtJb` (none on the read path so far). +- Decode the trailing 34 bytes per row (likely string-value + placeholder + aggregate end-timestamp slot). + +All of the above landed on `2026-05-04`. The SDK now exposes +`ReadRawAsync`, `ReadAggregateAsync`, `ReadAtTimeAsync`, and +`ReadEventsAsync` end-to-end; `[MessageParameter]` audits applied to +~30 parameter-name mismatches across `IHistoryServiceContract`, +`IHistoryServiceContract2`, `IRetrievalServiceContract`, +`IRetrievalServiceContract3`, and `IRetrievalServiceContract4`; +`HistorianWcfBindingFactory.CreateBindingPair(options)` now selects +the right `Hist` + `Retr` binding/endpoint pair for `LocalPipe`, +`RemoteTcpIntegrated`, and `RemoteTcpCertificate` transports; +`HistorianSspiClient` has an explicit-creds constructor overload that +builds `SEC_WINNT_AUTH_IDENTITY`. **72/72 tests pass with +`HISTORIAN_HOST=localhost` + `HISTORIAN_TEST_TAG=...` set, including +seven live integration tests against the local Historian.** + +Surfaced new evidence target during event-flow verification: +`Retr.GetNextEventQueryResultBuffer` returns native error type=4 +code=85 (`0x55`) — a fresh server response we haven't seen before, +likely caused by the missing `RegisterTags2(CM_EVENT)` prerequisite +that the native wrapper's `CreateDefaultEventTag` performs before any +event read. The orchestrator treats the 5-byte type=4 buffer as a +soft terminal so the chain doesn't throw; `LastErrorBufferDescription` +surfaces the full code for diagnostics. + +Open items (each isolated, no protocol discovery required): + +1. **Event default-tag registration (CM_EVENT prerequisite) — partially + decoded, full chain incomplete.** Built `instrument-wcf-writemessage` + IL-rewrite tooling that hooks `aahMDASEncoder.ClientMessageEncoder.WriteMessage` + (token `0x06005E65`, MDAS encoder layer) to capture every outgoing + WCF body via the existing CaptureLogger pattern. The captured event + scenario flow has **27 outgoing WCF calls** between session startup + and the first event row: + + | # | Action | Notes | + |---|---|---| + | 0 | Hist/GetV | version probe | + | 1-2 | Hist/GetI | get-info | + | 3-4 | Hist/ValCl ×2 | auth (handle = ValCl context key GUID) | + | 5 | Hist/Open2 | 1472-byte v6 buffer (we replicate this) | + | 6-7 | unknown 105-byte | session setup | + | **8-9** | **unknown 211-byte** | **first appearance of session GUID `6D332FCD-…` (later used as EnsT2 handle)** | + | 10 | Hist/UpdC3 | status update — uses 6D332FCD | + | 11-16 | unknown 183/185/188/192-byte | more setup | + | 17 | Hist/RTag2 | uses 6D332FCD | + | 18 | unknown 184-byte | | + | 19 | Trx/GetV | transaction service version probe | + | 20 | unknown 105-byte | | + | 21 | Retr/GetV | retrieval version probe | + | **22** | **Hist/EnsT2** | **CTagMetadata(CM_EVENT) — uses 6D332FCD** | + | 23 | Retr/StartEventQuery | succeeds when 22 succeeds | + | 24 | Retr/GetNextEventQueryResultBuffer | returns row buffer | + | 25 | Retr/EndEventQuery | terminal | + | 26 | Hist/Close2 | session close | + + **CTagMetadata payload is now byte-for-byte verified.** Captured + 83-byte CM_EVENT payload from record 22 matches our SDK + `HistorianAddTagsProtocol.SerializeCmEventCTagMetadata` exactly + when the captured FILETIME is substituted in (verified via + reflection unit dump: 83/83 bytes match). Layout corrections from + the wire capture vs. the previously-documented format: + + - Action URI is `aa/Hist/EnsT2`, NOT `aa/Hist/AddT`. + - 7-byte storage block ends with `0x01`, not `0x00`. + - Layout is `flags(7) + uint(0) + FILETIME(8) + GUID(16) + tail(5)`, + NOT `FILETIME + flags + uint(rate) + uint(deadband) + GUID`. + - Common Archestra event type GUID is + `5f59ae42-3bb6-4760-91a5-ab0be01f9f02` (NOT `…e01f2f27` as + previously documented from IL inspection). + - 5-byte tail `2F 27 01 01 01` (3 unknown bytes + 2 trailing 01s). + + **Live event reads still return zero events** because: + + - Records 6-9 (which establish the session GUID `6D332FCD-…` used + by every subsequent call) and records 11-16 (~5 unknown setup + calls) have NOT been decoded yet. + - Without those calls, our SDK's EnsT2 uses the storage session id + from the Open2 response as the handle, but the server expects + the session GUID established by records 8-9 — which it never + received because we never made those calls. EnsT2 returns false + and `Retr.GetNextEventQueryResultBuffer` returns native code 85. + - SDK's EnsT2 attempt is wrapped in try/catch and surfaces the + return code via `HistorianWcfEventOrchestrator.LastAddReturnCode` + for diagnostics; the chain doesn't throw. + + Concrete remaining work for live event reads: + + - Identify and decode records 6-9 from + `artifacts/reverse-engineering/instrumented-wcf-writemessage/writemessage-capture-event-latest.ndjson`. + The action URI of each will be visible as ASCII in the body + (e.g. `aa/Hist/Foo`). For each, decode the request body shape and + identify which call returns the session GUID `6D332FCD-…` that + subsequent calls use as their handle. + - Implement those calls in the orchestrator before EnsT2. + - Same for records 11-16 (unknown 183/185/188/192-byte calls). + - Then re-test EnsT2 should return true and events should flow. + - Once events flow, capture the `GetNextEventQueryResultBuffer` + response bytes (would require also instrumenting `ReadMessage` — + symmetric to WriteMessage) and write the event-row parser. + + The IL-rewrite tooling (`tools/AVEVA.Historian.ReverseEngineering` + `instrument-wcf-writemessage` command) and corresponding + `LogByteArraySegment` helper in `CaptureLogger` are now in place + for any future capture work. Reproduce a fresh capture with: + + ```powershell + dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- instrument-wcf-writemessage + # Then stage the modified DLL into a current-copy dir alongside + # AVEVA.Historian.ReverseInstrumentation.dll, set AVEVA_HISTORIAN_RE_CAPTURE, + # and run the native trace harness with --current-dir --managed-dll-path /aahClientManaged.dll + ``` +2. Capture a `Wcf.GetNextEventQueryResultBuffer.ResultBytes` fixture + (only possible AFTER the registration step above succeeds and + rows actually flow), then write a parser using the same approach + as `TryParseGetNextQueryResultBufferRows`. +3. Verify `RemoteTcpIntegrated` and `RemoteTcpCertificate` against + an actual remote Historian. +4. Verify explicit-creds path with a non-current user account. +5. Add `RetrievalMode` → `QueryType` mappings for the modes beyond + `Full` / `Interpolated` / `TimeWeightedAverage` / `Cyclic`. +6. Decode the trailing ~24 bytes of each row body (vary across rows + for the same tag — likely per-sample value/source/state metadata). + +Diagnostic helper: `EventChainDiagnosticTests.EventOrchestrator_DiagnosticDump_AgainstLocalHistorian` +calls the orchestrator directly via `InternalsVisibleTo` and prints +`LastResultBufferLength` + `LastErrorBufferDescription`. Useful when +iterating on the registration step. Run with: + +```powershell +$env:HISTORIAN_HOST = 'localhost' +dotnet test .\Histsdk.slnx --no-build --logger "console;verbosity=detailed" --filter "FullyQualifiedName~EventOrchestrator_DiagnosticDump" +``` + +SQL ground-truth check for events (verified against the live +Historian on `2026-05-04`): + +```powershell +sqlcmd -E -S . -d Runtime -W -Q "SELECT TOP 10 EventTimeUtc, Type, Source_Object FROM Events WHERE EventTimeUtc > DATEADD(DAY, -7, GETUTCDATE()) ORDER BY EventTimeUtc" +``` + +Returns event rows like `System.OffScan`, `System.Stop`, `Alarm.Set` +that the managed `ReadEventsAsync` should also surface once the +registration step is wired. + +If runtime confirmation is later required (e.g., to capture the actual +NRE stack frame), pick exactly one of these escalation paths and do not +retry plain elevated Frida: + +1. **SYSTEM-token injection (requires explicit user consent — spawns a + SYSTEM shell).** Whether or not this clears + `ProcessNotRespondingError` is uncertain (the bottleneck looks like + the agent RPC handshake, not the caller token). Cheapest test, but + ETW already answered the immediate question. + + ```powershell + PsExec64.exe -accepteula -s -i frida -p -l .\scripts\frida\aahclientaccesspoint-valcl-context.js -o .\artifacts\reverse-engineering\valcl-context-system.ndjson + ``` + +2. **Signed Detours/EasyHook DLL.** Slowest path, but does not depend on + Frida's bootstrap handshake completing. + +3. **WinDbg non-invasive attach (`windbg -p -pv`).** Useful for + one-shot stack/handle inspection rather than live hook coverage, and + it confirms whether the process responds to a debugger at all. + +To rerun the ETW capture (no service touch, only ETW providers and the +existing harness/probe binaries): + +```powershell +$artifacts = "$PWD\artifacts\reverse-engineering"; New-Item -ItemType Directory -Force -Path $artifacts | Out-Null +$stamp = Get-Date -Format "yyyyMMdd-HHmmss" +$nativeEtl = Join-Path $artifacts "etw-sspi-nativeread-$stamp.etl" +$managedEtl = Join-Path $artifacts "etw-sspi-managedvalcl-$stamp.etl" +$providers = @( + '{199FE037-2B82-40A9-82AC-E1D46C792B99}', # LsaSrv + '{CC85922F-DB41-11D2-9244-006008269001}', # LSA + '{AC43300D-5FCC-4800-8E99-1BD3F85F0320}', # Microsoft-Windows-NTLM + '{C92CF544-91B3-4DC0-8E11-C580339A0BF8}', # NTLM Security Protocol + '{5BBB6C18-AA45-49B1-A15F-085F7ED0AA90}' # Security: NTLM Authentication +) +function Start-Sspi($name, $etl) { + logman create trace $name -ow -o $etl -p $providers[0] 0xFFFFFFFFFFFFFFFF 0xFF -ets | Out-Null + foreach ($p in $providers[1..($providers.Count-1)]) { logman update trace $name -p $p 0xFFFFFFFFFFFFFFFF 0xFF -ets | Out-Null } +} +Start-Sspi 'histsdk-sspi-nativeread' $nativeEtl +.\tools\AVEVA.Historian.NativeTraceHarness\bin\Debug\net481\AVEVA.Historian.NativeTraceHarness.exe --scenario history --server-name localhost --tcp-port 32568 --tag OtOpcUaParityTest_001.Counter --lookback-minutes 1440 --max-rows 1 --connection-wait-seconds 15 | Out-Null +logman stop 'histsdk-sspi-nativeread' -ets | Out-Null +Start-Sspi 'histsdk-sspi-managedvalcl' $managedEtl +.\tools\AVEVA.Historian.NetFxWcfProbe\bin\Debug\net481\AVEVA.Historian.NetFxWcfProbe.exe --endpoint "net.pipe://localhost/Hist" | Out-Null +logman stop 'histsdk-sspi-managedvalcl' -ets | Out-Null +``` + +Decode with `Get-WinEvent -Path -Oldest`, then group by +`ProcessId`. Only `aahClientAccessPoint`'s event count + Id list belongs +in committed docs; ETL files contain SSPI tokens and identity metadata +and stay under `artifacts\reverse-engineering\` (gitignored). + +After the chosen path produces server-helper telemetry: + +5. Compare native vs managed runs for whether first-round setup helper + `0x0050FFC0` runs, whether lookup helper `0x00517AB0` returns a context, + whether `AcquireCredentialsHandleW` succeeds, whether + `AcceptSecurityContext` is reached, and whether failures occur before or + after native context-map insertion. +6. Update: + - `docs\reverse-engineering\implementation-status.md` + - `docs\reverse-engineering\openconnection3-correlation-latest.json` +7. Re-run: + + ```powershell + dotnet test .\Histsdk.slnx --no-build --logger "console;verbosity=minimal" + ``` + +8. Run a targeted secret scan after touching auth/capture docs: + + ```powershell + rg -n "(?i)(password|credential|secret|token|||)" docs\reverse-engineering scripts tools + ``` + +Expected scan output includes generic words like `token`, `credential`, and +environment variable names. It must not include real passwords, unsanitized +server names, or customer tag data. + +## Primary Reference Docs + +Read these first when resuming: + +- `docs\reverse-engineering\implementation-status.md` +- `docs\reverse-engineering\wcf-contract-evidence.md` +- `docs\reverse-engineering\managed-wrapper-findings.md` +- `docs\reverse-engineering\openconnection3-correlation-latest.json` +- `docs\reverse-engineering\query-handle-correlation-latest.json` +- `docs\reverse-engineering\cclientcommon-startquery-correlation-latest.json` +- `docs\reverse-engineering\capture-workflow.md` + +## Event-flow prereqs (2026-05-04) + +`HistorianWcfEventOrchestrator.AddCmEventTagViaAddT` now replays the prerequisite +calls captured via `instrument-wcf-writemessage` against the live native event +read. Before invoking `EnsT2(CM_EVENT)`, the orchestrator now calls: + +1. **`UpdC3` (UpdateClientStatus3)** — handle = storage session id (string GUID), + `clientStatusSize=81`, `clientStatus` = `02 01 00…00 1E 00 00 00` (81-byte + blob: 2 leading bytes + 76 zero bytes + uint32 0x1E trailer). +2. **`RTag2` (RegisterTags2)** — handle = same GUID, `ElementCount=1`, + `pInBuff` = `50 67 02 00 01 00 00 00` + 16-byte `CmEventTagId` + (`353b8145-5df0-4d46-a253-871aef49b321`) = 24 bytes total. +3. **`EnsT2` (EnsureTags2)** — unchanged byte-for-byte CTagMetadata payload. + +Live diagnostic against `localhost`: + +| Stage | Result | +|---|---| +| `UpdC3` | success (return = 0) | +| `RTag2` | success (return = 0) | +| `EnsT2` | returns false (likely benign — CM_EVENT exists with same metadata) | +| `StartEventQuery` | success, query handle returned | +| `GetNextEventQueryResultBuffer` | empty result + 5-byte error `04 55 00 00 00` (type=4 code=85) | + +The Stat-service queries the native client also issues +(`Stat/GetV`, `Stat/GETHI` for `HistorianVersion`, `Stat/GetSystemParameter` +for `AllowOriginals`, `HistorianPartner`, `HistorianVersion`, +`MaxCyclicStorageTimeout`, `RealTimeWindow`, `FutureTimeThreshold`, +`AllowRenameTags`) appear informational and are skipped. + +Decoded native `aa/Retr/StartEventQuery` `pRequestBuff` (63 bytes captured vs +65 bytes our SDK sends) — diff narrowed to the trailing 4 bytes of +`HistorianEventQueryProtocol.CreateNativeEmptyFilterAttempt`. Reverting the +trailer to a `ushort 0` yielded code 46 (validation reject) instead of code 85, +so the uint trailer is structurally correct against this server even though the +captured native bytes appear to use 2 bytes there. Either the server tolerates +both shapes or the metadata-namespace encoding is off; resolution requires a +ReadMessage capture. + +24,773 events exist in the last 7 days per +`SELECT COUNT(*) FROM Events WHERE EventTimeUtc >= DATEADD(DAY, -7, GETUTCDATE())`, +so code 85 is not "no events". + +## ReadMessage instrumentation + decoded event responses (2026-05-04) + +`instrument-wcf-readmessage` CLI command added to +`tools/AVEVA.Historian.ReverseEngineering`. Mirror of +`instrument-wcf-writemessage`; targets +`aahMDASEncoder.ClientMessageEncoder.ReadMessage(ArraySegment, BufferManager, string)` +(token `0x06005E63`). Injects at method entry (IL_0000) capturing `arg.1` +(the incoming `ArraySegment`) so both the compressed +(post-`DecompressBuffer` V_1) and uncompressed (direct `arg.1` at IL_009C) +paths are recorded. + +Capture obtained (28 records; +`artifacts/reverse-engineering/instrumented-wcf-readmessage/readmessage-capture-event-latest.ndjson`, +gitignored). Key responses: + +| Record | Response | Length | Decoded | +|---|---|---|---| +| 5 | `Open2Response` | 1586 | encoded user identity + session state — must not commit | +| 18 | `StartEventQueryResponse` | 299 | `responseSize=1`, `pResponseBuff=nil`, `queryHandle=0x3E (=62)`, `errSize=1`, `err=nil` | +| 23 | `RTag2Response` | 208 | `outBuff` 24 bytes (echoes input shape), `errorBuffer=nil` | +| 24 | `GetNextEventQueryResultBufferResponse` | 2783 | `resultSize=2506`, `pResultBuff` starts `09 00 02 00 00 00 1E 00 00 00 07 00…Alarm.Set…` | +| 25 | `EnsT2Response` | 229 | **`EnsT2Result=true`**, OutBuff 45 bytes echoing `CmEventTagId` | + +**Critical finding:** native `EnsT2` returns **true** with a 45-byte `OutBuff` +that echoes `CmEventTagId`. Our SDK's `EnsT2` returns **false**. Since the +request bytes are byte-identical (verified prior pass), the difference is +server-side session state. Between `UpdC3` (record 10) and `RTag2` (record 17) +the native flow issues 7 `Stat/GetSystemParameter` queries +(`AllowOriginals`, `HistorianPartner`, `HistorianVersion`, +`MaxCyclicStorageTimeout`, `RealTimeWindow`, `FutureTimeThreshold`, +`AllowRenameTags`) plus 2 `Stat/GETHI` for `HistorianVersion`. These were +previously assumed informational; the EnsT2 false vs true differential +suggests at least one of them primes the session for tag operations. + +**Event-row wire shape** (from record 24 `pResultBuff`): + +``` +UInt16 version = 9 +UInt32 rowCount +N rows, each: + UInt32 rowMarker = 0x1E + UInt16 fieldCount = 7 + Int64 filetimeUtc + UInt16[fieldCount-1] fieldOffsets // running offsets into the trailing string blob + variable-length UTF-16 strings (Alarm.Set, …) +``` + +The 2506-byte fixture contains exactly 2 event rows (matches `--max-rows 2` +passed to the harness). Once the EnsT2-priming gap is closed, this layout +plugs directly into `HistorianWcfEventOrchestrator.RunEventQuery`. + +Reproduce with: + +```powershell +$captureDir = "artifacts\reverse-engineering\instrumented-wcf-readmessage" +dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- ` + instrument-wcf-readmessage current\aahClientManaged.dll "$captureDir\aahClientManaged.dll" +Copy-Item -Force "$captureDir\aahClientManaged.dll" "$captureDir\current-copy\aahClientManaged.dll" +$env:AVEVA_HISTORIAN_RE_CAPTURE = (Resolve-Path $captureDir).Path + "\readmessage-capture-event-latest.ndjson" +dotnet run --no-build --project tools\AVEVA.Historian.NativeTraceHarness -- ` + --scenario event --tag CM_EVENT --lookback-minutes 1440 --max-rows 2 ` + --current-dir (Resolve-Path "$captureDir\current-copy").Path ` + --managed-dll-path (Resolve-Path "$captureDir\current-copy\aahClientManaged.dll").Path +python scripts\decode-readmessage-capture.py +``` + +## Stat-priming + event-row parser landed (2026-05-04) + +`HistorianWcfEventOrchestrator.AddCmEventTagViaAddT` now replays the Stat-service +priming sequence captured from native: + +1. `Stat/GetV` ×2 (records 6, 7) +2. `Stat/GETHI(HistorianVersion)` ×2 (records 8, 9) — builds the 39-byte + `pRequestBuff` via `BuildGetHistorianInfoRequest("HistorianVersion")` +3. `Hist/UpdC3` (record 10) +4. `Stat/GetSystemParameter` ×6 for `AllowOriginals`, `HistorianPartner`, + `HistorianVersion`, `MaxCyclicStorageTimeout`, `RealTimeWindow`, + `FutureTimeThreshold` (records 11-16) +5. `Hist/RTag2(CmEventTagId)` (record 17) +6. `Stat/GetSystemParameter("AllowRenameTags")` (record 18) +7. `Stat/GetV` (record 20) +8. `Hist/EnsT2(CTagMetadata)` (record 22) + +Each Stat call is wrapped in best-effort `TryRun(...)` so individual rejections +don't abort the chain. Also fixed: + +- `IStatusServiceContract2.GetHistorianInfo` parameter naming — + `[MessageParameter(Name = "pRequestBuff")]` and `Name = "pResponseBuff"` + attributes added to match the wire (default would have been `` + and the server would have ignored the body). +- Event-flow `ConnectionMode` switched from `0x501` to `0x402` — decoded from + the native Open2 request bytes (writemessage record 5 offset `0x26`). The + previous `0x501` was an unverified guess; native uses the same `0x402` + read-only mode for both data and event scenarios. + +**Diagnostic against `localhost`:** + +| Stage | Result | +|---|---| +| `UpdC3` | success (return = 0) | +| `RTag2` | success (return = 0) | +| `EnsT2` | still returns false | +| `GetNextEventQueryResultBuffer` | type=4 code=85 | + +EnsT2 still doesn't match native (which returns `true` with a 45-byte OutBuff). +Hypothesis under investigation: the `StorageSessionId` extracted at Open2 +response offset 5-20 is the v3 layout; the v6 response (1345 bytes payload, +contains user identity) likely has the session GUID at a different offset. +Tested bytes 1-16 — UpdC3+RTag2 then both fail (return 1), so 5-20 is the +acceptable handle for those ops. The right offset for EnsT2 may be elsewhere +in the response. **The Open2 v6 response decode requires bytes-level inspection +of identity-bearing data (kept under `artifacts/`, never committed) — see +record 5 of `instrumented-wcf-readmessage/readmessage-capture-event-latest.ndjson`.** + +### Event-row parser + +`Wcf/HistorianEventRowProtocol.Parse(ReadOnlySpan)` parses the +version-9 row buffer: + +```text +UInt16 version = 9 +UInt32 rowCount +N rows, each: + UInt32 rowMarker = 0x1E + UInt16 rowFormat = 7 + Int64 filetimeUtc (event time) + UInt16 × 8 fieldOffsets (opaque — purpose not fully decoded) + Property bag (sequence of name=value pairs; first name is the event type) +``` + +The parser extracts `EventTimeUtc` and `Type` (the first compact-ASCII-string +in the property bag) for each row, and seeks forward to the next row by +scanning for the next `1E 00 00 00 07 00` marker. Property-bag value +encoding is partially decoded (compact ASCII `09 LEN 00 …`, UTF-16 strings +`43 UInt32 LEN × UInt16`, integers with markers in the `0x88–0x8B` range, +8-byte FILETIMEs) but **value parsing is intentionally not implemented yet** +— it requires more reverse-engineering and would need sanitized fixtures. + +5 unit tests in `HistorianEventRowProtocolTests.cs` cover empty buffer, +zero-row, wrong-version, two-row synthetic, and missing-marker. Test count +went from 73 to 78. The orchestrator's `RunEventQuery` now calls the parser +on each non-empty `resultBuffer`, so events will flow with timestamps + types +once the EnsT2-priming gap is closed. + +## Open2 v6 response decoded + live events working (2026-05-04) + +A combined Read+Write capture under +`artifacts/reverse-engineering/instrumented-wcf-both/` (gitignored) let us +correlate the session GUID used as `handle` in the UpdC3/RTag2/EnsT2 REQUESTS +with its location in the Open2 RESPONSE. + +**Open2Response decoded** (~1586 bytes WCF body): + +```text +Open2Response wraps three byte[] outputs: + inParameters (echoed ref param — contains user identity; never commit) + outParameters (the session blob) + err (empty on success) +``` + +`outParameters` payload (42 bytes): + +```text +byte 0 protocol version (server returns 3 even when we send Open3 v6 request) +bytes 1-4 UInt32 (purpose unknown — possibly a connect sequence/checksum) +bytes 5-20 16-byte session GUID — used as `handle` for UpdC3/RTag2/EnsT2/Close2 +bytes 21-28 Int64 FILETIME (connect time) +bytes 29-36 Int64 FILETIME (server time) +bytes 37-41 5 trailing bytes (status flags?) +``` + +This matches `HistorianNativeOpen3Output` exactly — our existing offset 5-20 +GUID extraction was always correct. The earlier hypothesis about a "v6 +response layout" was wrong; the server returns the v3 layout regardless of +the request version. + +**Real blocker resolved.** Native does three cross-service version probes +between RTag2 and EnsT2 — `Trx/GetV` (record 19), `Stat/GetV` (record 20), +`Retr/GetV` (record 21) — that register the client with each service's +session table. Without them the server rejects EnsT2 (returns false) and +GetNextEventQueryResultBuffer reports type=4 code=85. + +`HistorianWcfEventOrchestrator.AddCmEventTagViaAddT` now opens +`ITransactionServiceContract` and `IRetrievalServiceContract4` channels +inside the setup callback (in addition to the existing `IStatusServiceContract2` +channel) and calls `GetInterfaceVersion` on all three between RTag2 and EnsT2. + +**Final live-read diagnostic (`localhost`):** + +| Stage | Result | +|---|---| +| `UpdC3` | success (return = 0) | +| `RTag2` | success (return = 0) | +| `Trx/GetV`, `Stat/GetV`, `Retr/GetV` | success | +| `EnsT2` | returns false (benign — "CM_EVENT exists with same metadata") | +| `StartEventQuery` | success | +| `GetNextEventQueryResultBuffer` | returns event-row buffer | +| Parser | **`Events observed: 1`** ✅ | + +`LastErrorBufferDescription: type=4 code=85` reaches the orchestrator only +on the terminal (no-more-data) call, after the first batch returned an +event. The existing soft-terminal handling (`if errorBuffer[0] == 4 return`) +is correct. + +The full managed event-read chain is reproducible end-to-end from a pure +.NET 10 SDK: GetV → ValCl × N → Open2 → UpdC3 → 6× GetSystemParameter → +RTag2 → GetSystemParameter(AllowRenameTags) → Trx/GetV → Stat/GetV → +Retr/GetV → EnsT2 → StartEventQuery → GetNextEventQueryResultBuffer loop → +EndEventQuery → Close2. + +## Property-bag value-type parser landed (2026-05-04) + +Decoded the row property-bag wire format. Unified value layout: + +```text +typeMarker (UInt8) +length (UInt8 — bytes of value following the status byte) +status (UInt8 — observed 0x00 in successful captures) +value (length × byte, encoding determined by typeMarker) +``` + +Typemarker dispatch: + +| Marker | Type | Value bytes | +|---|---|---| +| `0x02` | Boolean | 1 byte (0/1) | +| `0x10` | GUID | 16 bytes (.NET Guid byte order) | +| `0x18` | FILETIME UTC | Int64 LE | +| `0x31` | Int32 | 4 bytes LE | +| `0x43` | UTF-16 string | UInt16 charCount + (charCount × 2) UTF-16 LE bytes | + +Unknown markers preserve the raw `length` value bytes as a `byte[]` in +the property dictionary. + +Each row layout (refines the earlier skeleton): + +```text +UInt32 rowMarker = 0x1E +UInt16 rowFormat = 7 +Int64 eventTimeUtcFiletime +UInt16 × 8 // purpose unclear +compact ASCII string // event type ("Alarm.Set", …) +UInt16 propertyCount +propertyCount × Property { + compact ASCII string // property name + Value (per the typed format above) +} +``` + +`HistorianEventRowProtocol.Parse` populates `HistorianEvent` fields by +mapping known property names: `alarm_id`→`Id`, `receivedtime`→ +`ReceivedTimeUtc`, `source_processvariable`/`source_object`→`SourceName`, +`namespace`/`provider_system`→`Namespace`, `revisionversion`→ +`RevisionVersion`. All decoded properties (typed, not raw bytes) are also +exposed via the `Properties` dictionary. + +**Live verification (`localhost`):** `Events observed: 1`, +`Properties.Count: 31`, `Has alarm_id: True`, `EventTimeUtc` and +`ReceivedTimeUtc` decoded as plausible timestamps. + +Tests: 78 → 80. Added `Parse_RowWithKnownProperties_PopulatesEventFields` +(verifies all known-name → HistorianEvent-field mappings using synthetic +placeholder values) and `Parse_UnknownTypeMarker_KeepsRawBytesInPropertyBag` +(verifies the unknown-type fallback). + +The fully managed event read is now end-to-end: chain auth → Stat priming → +EnsT2 → StartEventQuery → row buffer → typed event with property dictionary. + +## Safety Notes + +- Keep raw captures and identity-bearing logs under `artifacts\reverse-engineering`. +- Do not commit credentials, hostnames, user names, customer tags, or raw packet + captures. +- Prefer sanitized JSON and Markdown summaries under `docs\reverse-engineering`. +- Production code under `src\AVEVA.Historian.Client` must remain pure managed + .NET 10. +- Reverse-engineering harnesses may reference native AVEVA binaries only for + analysis and parity comparison. diff --git a/docs/reverse-engineering/ildasm-classlist-filtered-latest.txt b/docs/reverse-engineering/ildasm-classlist-filtered-latest.txt new file mode 100644 index 0000000..539ea0c --- /dev/null +++ b/docs/reverse-engineering/ildasm-classlist-filtered-latest.txt @@ -0,0 +1,91 @@ +221515:// Class QueryColumnSelector (sequential) (ansi) (sealed) +222202:// Class DataQueryResultRow (sequential) (ansi) (sealed) +224482:// Class HistoryQuery (sequential) (ansi) (sealed) +224598:// Class HistoryQueryArgs (sequential) (ansi) (sealed) +224599:// Class HistoryQueryResult (sequential) (ansi) (sealed) +224833:// Class _Ref_count_resource > (sequential) (ansi) (sealed) +224834:// Class _Temporary_owner_del > (sequential) (ansi) (sealed) +224855:// Class _Compressed_pair,wchar_t const * *,1> (sequential) (ansi) (sealed) +226006:// Class _Tree_iterator > > > (sequential) (ansi) (sealed) +226014:// Class _Tree_unchecked_const_iterator > >,std::_Iterator_base0> (sequential) (ansi) (sealed) +226022:// Class _Tree_id,void *> *> (sequential) (ansi) (sealed) +226041:// Class DataQueryRequest (sequential) (ansi) (sealed) +226042:// Class DataQueryResultBuffer (sequential) (ansi) (sealed) +226131:// Class CActiveDataQuery (sequential) (ansi) (sealed) +226147:// Class SExternallyLocked,std::allocator > >,SProtectCriticalSection > (sequential) (ansi) (sealed) +226154:// Class map,std::allocator > > (sequential) (ansi) (sealed) +226167:// Class pair (sequential) (ansi) (sealed) +226168:// Class _Tree_const_iterator > > > (sequential) (ansi) (sealed) +226193:// Class _Tree,std::allocator >,0> > (sequential) (ansi) (sealed) +226276:// Class _Tree_node,void *> (sequential) (ansi) (sealed) +226278:// Class _Tree_val > > (sequential) (ansi) (sealed) +226322:// Class allocator,void *> > (sequential) (ansi) (sealed) +226354:// Class _Compressed_pair,void *> >,std::_Tree_val > >,1> (sequential) (ansi) (sealed) +226405:// Class pair > > >,bool> (sequential) (ansi) (sealed) +226419:// Class _Compressed_pair,std::_Compressed_pair,void *> >,std::_Tree_val > >,1>,1> (sequential) (ansi) (sealed) +226467:// Class _Tree_unchecked_iterator > > > (sequential) (ansi) (sealed) +226497:// Class pair,void *> *,bool> (sequential) (ansi) (sealed) +226498:// Class _Tree_find_result,void *> *> (sequential) (ansi) (sealed) +226520:// Class _Tree_temp_node,void *> > > (sequential) (ansi) (sealed) +226522:// Class _Alloc_construct_ptr,void *> > > (sequential) (ansi) (sealed) +226523:// Class _In_place_key_extract_map > (sequential) (ansi) (sealed) +226539:// Class _Default_allocator_traits,void *> > > (sequential) (ansi) (sealed) +226543:// Class _Tree_temp_node_alloc,void *> > > (sequential) (ansi) (sealed) +226555:// Class _Tmap_traits,std::allocator >,0> (sequential) (ansi) (sealed) +226570:// Class DataQueryResponse (sequential) (ansi) (sealed) +226571:// Class DataQueryResponseVersion (auto) (ansi) (sealed) (nested assembly) +227149:// Interface IHistoryServiceContract (public) (abstract) (auto) (ansi) +227150:// Interface IHistoryServiceContract2 (public) (abstract) (auto) (ansi) +227196:// Class gcroot (sequential) (ansi) (sealed) +227598:// Interface IRetrievalServiceContract (public) (abstract) (auto) (ansi) +227599:// Interface IRetrievalServiceContract2 (public) (abstract) (auto) (ansi) +227600:// Interface IRetrievalServiceContract3 (public) (abstract) (auto) (ansi) +227601:// Interface IRetrievalServiceContract4 (public) (abstract) (auto) (ansi) +227690:// Class CRetrievalConnectionWCF (sequential) (ansi) (sealed) +227691:// Class gcroot (sequential) (ansi) (sealed) +228414:// Class _Vector_iterator > > (sequential) (ansi) (sealed) +228415:// Class _Vector_const_iterator > > (sequential) (ansi) (sealed) +228424:// Class EventQueryCondition (sequential) (ansi) (sealed) +228425:// Class EventQueryFilter (sequential) (ansi) (sealed) +228426:// Class EventQueryFilters (sequential) (ansi) (sealed) +228427:// Class EventQueryResultBuffer (sequential) (ansi) (sealed) +228436:// Class HistorianClient (sequential) (ansi) (sealed) +228440:// Class ClientApp (sequential) (ansi) (sealed) +228443:// Class SExternallyLocked,SProtectCriticalSection > (sequential) (ansi) (sealed) +228444:// Class SHashMap (sequential) (ansi) (sealed) +228452:// Class vector::TreeAssoc,std::allocator::TreeAssoc> > (sequential) (ansi) (sealed) +228453:// Class vector::RootAssoc,std::allocator::RootAssoc> > (sequential) (ansi) (sealed) +228462:// Class _Vector_const_iterator > > (sequential) (ansi) (sealed) +228463:// Class vector > (sequential) (ansi) (sealed) +228464:// Class vector > (sequential) (ansi) (sealed) +228473:// Class _Tidy_guard > > (sequential) (ansi) (sealed) +228478:// Class allocator (sequential) (ansi) (sealed) +228479:// Class _Default_allocator_traits > (sequential) (ansi) (sealed) +228480:// Class allocator (sequential) (ansi) (sealed) +228485:// Class allocator::TreeAssoc> (sequential) (ansi) (sealed) +228486:// Class allocator::RootAssoc> (sequential) (ansi) (sealed) +228487:// Class _Compressed_pair,std::_Vector_val >,1> (sequential) (ansi) (sealed) +228488:// Class _Compressed_pair,std::_Vector_val >,1> (sequential) (ansi) (sealed) +228490:// Class _Compressed_pair::TreeAssoc>,std::_Vector_val::TreeAssoc> >,1> (sequential) (ansi) (sealed) +228491:// Class _Compressed_pair::RootAssoc>,std::_Vector_val::RootAssoc> >,1> (sequential) (ansi) (sealed) +228492:// Class EventQueryResultRow (sequential) (ansi) (sealed) +228496:// Class _Vector_val > (sequential) (ansi) (sealed) +228497:// Class _Vector_val > (sequential) (ansi) (sealed) +228498:// Class _Default_allocator_traits > (sequential) (ansi) (sealed) +228511:// Class _Vector_val::TreeAssoc> > (sequential) (ansi) (sealed) +228512:// Class _Vector_val::RootAssoc> > (sequential) (ansi) (sealed) +228514:// Class _Tidy_guard > > (sequential) (ansi) (sealed) +228519:// Class _Uninitialized_backout_al > (sequential) (ansi) (sealed) +228521:// Class _Uninitialized_backout_al > (sequential) (ansi) (sealed) +228532:// Class _Uninitialized_backout_al::RootAssoc> > (sequential) (ansi) (sealed) +228533:// Class _Uninitialized_backout_al::TreeAssoc> > (sequential) (ansi) (sealed) +228534:// Class _Default_allocator_traits::TreeAssoc> > (sequential) (ansi) (sealed) +228535:// Class _Default_allocator_traits::RootAssoc> > (sequential) (ansi) (sealed) +228636:// Class EventQueryRequest (sequential) (ansi) (sealed) +228830:// Class EventQueryArgsBase (public) (auto) (ansi) +228831:// Class EventQueryArgs (public) (auto) (ansi) +228832:// Class EventQuery (public) (auto) (ansi) +228835:// Class HistorianEventQueryType (public) (auto) (ansi) (sealed) +228873:// Class HistoryQueryArgs (public) (auto) (ansi) +228874:// Class HistoryQueryResult (public) (auto) (ansi) +228875:// Class HistoryQuery (public) (auto) (ansi) diff --git a/docs/reverse-engineering/ildasm-historyquery-movenext-excerpt-latest.il b/docs/reverse-engineering/ildasm-historyquery-movenext-excerpt-latest.il new file mode 100644 index 0000000..4a66c8b --- /dev/null +++ b/docs/reverse-engineering/ildasm-historyquery-movenext-excerpt-latest.il @@ -0,0 +1,108 @@ + +.class /*02001EF9*/ public auto ansi beforefieldinit ArchestrA.HistoryQuery + extends ArchestrA.BaseQuery/*02001E55*/ + implements [mscorlib/*23000001*/]System.IDisposable/*01000049*/ +{ + .method /*060062A2*/ public hidebysig instance bool + marshal( unsigned int8) + MoveNext([out] class ArchestrA.HistorianAccessError/*02001E2E*/& 'error') cil managed + // SIG: 20 01 02 10 12 C0 00 78 B8 + { + // Method begins at RVA 0x4405d4 + // Code size 142 (0x8e) + .maxstack 4 + .locals /*110030A3*/ (bool V_0, + valuetype HistorianClient/*02001D42*/* V_1, + valuetype SError/*0200043D*/ V_2, + uint32 V_3) + IL_0000: /* 16 | */ ldc.i4.0 + IL_0001: /* 0D | */ stloc.3 + IL_0002: /* 02 | */ ldarg.0 + IL_0003: /* 03 | */ ldarg.1 + IL_0004: /* 28 | (06)0061B5 */ call instance valuetype HistorianClient/*02001D42*/* ArchestrA.BaseQuery/*02001E55*/::GetClient(class ArchestrA.HistorianAccessError/*02001E2E*/&) /* 060061B5 */ + IL_0009: /* 0B | */ stloc.1 + IL_000a: /* 07 | */ ldloc.1 + IL_000b: /* 2D | 02 */ brtrue.s IL_000f + + IL_000d: /* 16 | */ ldc.i4.0 + IL_000e: /* 2A | */ ret + + IL_000f: /* 02 | */ ldarg.0 + IL_0010: /* 7B | (04)009EFB */ ldfld uint32 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsLong/*0100000C*/) ArchestrA.BaseQuery/*02001E55*/::queryHandle /* 04009EFB */ + IL_0015: /* 2D | 0C */ brtrue.s IL_0023 + + IL_0017: /* 03 | */ ldarg.1 + IL_0018: /* 1A | */ ldc.i4.4 + IL_0019: /* 1F | 3A */ ldc.i4.s 58 + IL_001b: /* 73 | (06)005F77 */ newobj instance void ArchestrA.HistorianAccessError/*02001E2E*/::.ctor(valuetype ArchestrA.HistorianAccessError/*02001E2E*//ErrorTypeValue/*02001E30*/, + valuetype ArchestrA.HistorianAccessError/*02001E2E*//ErrorValue/*02001E2F*/) /* 06005F77 */ + IL_0020: /* 51 | */ stind.ref + IL_0021: /* 16 | */ ldc.i4.0 + IL_0022: /* 2A | */ ret + + IL_0023: /* 02 | */ ldarg.0 + IL_0024: /* 7B | (04)00A087 */ ldfld class ArchestrA.HistoryQueryResult/*02001EF8*/ ArchestrA.HistoryQuery/*02001EF9*/::queryResult /* 0400A087 */ + IL_0029: /* 28 | (06)006262 */ call instance void ArchestrA.HistoryQueryResult/*02001EF8*/::CleanResult() /* 06006262 */ + IL_002e: /* 12 | 02 */ ldloca.s V_2 + IL_0030: /* 16 | */ ldc.i4.0 + IL_0031: /* 6A | */ conv.i8 + IL_0032: /* 55 | */ stind.i8 + IL_0033: /* 12 | 02 */ ldloca.s V_2 + IL_0035: /* 1E | */ ldc.i4.8 + IL_0036: /* 58 | */ add + IL_0037: /* 16 | */ ldc.i4.0 + IL_0038: /* 54 | */ stind.i4 + IL_0039: /* 12 | 02 */ ldloca.s V_2 + IL_003b: /* 1F | 0C */ ldc.i4.s 12 + IL_003d: /* 58 | */ add + IL_003e: /* 16 | */ ldc.i4.0 + IL_003f: /* 54 | */ stind.i4 + .try + { + IL_0040: /* 07 | */ ldloc.1 + IL_0041: /* 02 | */ ldarg.0 + IL_0042: /* 7B | (04)009EFB */ ldfld uint32 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsLong/*0100000C*/) ArchestrA.BaseQuery/*02001E55*/::queryHandle /* 04009EFB */ + IL_0047: /* 02 | */ ldarg.0 + IL_0048: /* 7B | (04)00A087 */ ldfld class ArchestrA.HistoryQueryResult/*02001EF8*/ ArchestrA.HistoryQuery/*02001EF9*/::queryResult /* 0400A087 */ + IL_004d: /* 28 | (06)006263 */ call instance valuetype DataQueryResultRow/*020004E8*/* ArchestrA.HistoryQueryResult/*02001EF8*/::get_UnmanagedQueryResult() /* 06006263 */ + IL_0052: /* 12 | 02 */ ldloca.s V_2 + IL_0054: /* 28 | (06)00588D */ call bool modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'HistorianClient.GetNextRow'(valuetype HistorianClient/*02001D42*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/), + uint32 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsLong/*0100000C*/), + valuetype DataQueryResultRow/*020004E8*/*, + valuetype SError/*0200043D*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/)) /* 0600588D */ + IL_0059: /* 2D | 0D */ brtrue.s IL_0068 + + IL_005b: /* 03 | */ ldarg.1 + IL_005c: /* 12 | 02 */ ldloca.s V_2 + IL_005e: /* 73 | (06)005F73 */ newobj instance void ArchestrA.HistorianAccessError/*02001E2E*/::.ctor(valuetype SError/*0200043D*/ modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/)) /* 06005F73 */ + IL_0063: /* 51 | */ stind.ref + IL_0064: /* 16 | */ ldc.i4.0 + IL_0065: /* 0A | */ stloc.0 + IL_0066: /* DE | 1D */ leave.s IL_0085 + + IL_0068: /* 02 | */ ldarg.0 + IL_0069: /* 7B | (04)00A087 */ ldfld class ArchestrA.HistoryQueryResult/*02001EF8*/ ArchestrA.HistoryQuery/*02001EF9*/::queryResult /* 0400A087 */ + IL_006e: /* 28 | (06)006260 */ call instance void ArchestrA.HistoryQueryResult/*02001EF8*/::InitializeBasicProperties() /* 06006260 */ + IL_0073: /* 17 | */ ldc.i4.1 + IL_0074: /* 0A | */ stloc.0 + IL_0075: /* DE | 0E */ leave.s IL_0085 + + } // end .try + fault + { + IL_0077: /* FE06 | (06)000159 */ ldftn void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'SError.{dtor}'(valuetype SError/*0200043D*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06000159 */ + IL_007d: /* 12 | 02 */ ldloca.s V_2 + IL_007f: /* 28 | (06)005C0F */ call void ___CxxCallUnwindDtor(method void *(void*), + void*) /* 06005C0F */ + IL_0084: /* DC | */ endfinally + } // end handler + // HEX: 04 00 00 00 40 00 00 00 37 00 00 00 77 00 00 00 0E 00 00 00 73 00 00 01 + IL_0085: /* 12 | 02 */ ldloca.s V_2 + IL_0087: /* 28 | (06)000165 */ call void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) SError.ClearErrorDetail(valuetype SError/*0200043D*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06000165 */ + IL_008c: /* 06 | */ ldloc.0 + IL_008d: /* 2A | */ ret + } // end of method HistoryQuery::MoveNext + +} // end of class ArchestrA.HistoryQuery + +// *********** DISASSEMBLY COMPLETE *********************** diff --git a/docs/reverse-engineering/ildasm-historyquery-startquery-excerpt-latest.il b/docs/reverse-engineering/ildasm-historyquery-startquery-excerpt-latest.il new file mode 100644 index 0000000..bb8e13b --- /dev/null +++ b/docs/reverse-engineering/ildasm-historyquery-startquery-excerpt-latest.il @@ -0,0 +1,627 @@ +// RVA: 0x00fd7d80 +// Count: 0x0001 +// Type: 0x0002 +// [0x0000] (0x 6005c3f) + + +.class /*02001EF9*/ public auto ansi beforefieldinit ArchestrA.HistoryQuery + extends ArchestrA.BaseQuery/*02001E55*/ + implements [mscorlib/*23000001*/]System.IDisposable/*01000049*/ +{ + .method /*060062A1*/ public hidebysig instance bool + marshal( unsigned int8) + StartQuery(class ArchestrA.HistoryQueryArgs/*02001EF7*/ startArgs, + [out] class ArchestrA.HistorianAccessError/*02001E2E*/& 'error') cil managed + // SIG: 20 02 02 12 C0 00 7B DC 10 12 C0 00 78 B8 + { + // Method begins at RVA 0x44012c + // Code size 957 (0x3bd) + .maxstack 31 + .locals /*110031C3*/ (valuetype HistorianClient/*02001D42*/* V_0, + bool V_1, + valuetype std.'basic_string,std::allocator >'/*020001F4*/ modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) V_2, + char modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* V_3, + int64 V_4, + uint64 V_5, + uint8 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* V_6, + char modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* V_7, + uint32 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsLong/*0100000C*/) V_8, + method unmanaged cdecl valuetype 'SByteStream'/*02000551*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) *(valuetype 'SByteStream'/*02000551*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/)) V_9, + uint64 V_10, + bool V_11, + uint32 V_12, + valuetype [mscorlib/*23000001*/]System.DateTime/*01000086*/ V_13, + valuetype [mscorlib/*23000001*/]System.DateTime/*01000086*/ V_14, + valuetype [mscorlib/*23000001*/]System.DateTime/*01000086*/ V_15, + valuetype [mscorlib/*23000001*/]System.DateTime/*01000086*/ V_16, + valuetype ''.$ArrayType$$$BY0EA@_W/*0200033B*/ V_17, + valuetype ''.$ArrayType$$$BY0EA@_W/*0200033B*/ V_18, + valuetype SError/*0200043D*/ V_19, + uint16 V_20, + valuetype 'SByteStream'/*02000551*/ V_21, + valuetype SCrtMemFile/*020004AE*/ V_22, + valuetype QueryColumnSelector/*02000239*/ V_23, + valuetype stx.tsarray/*0200022B*/ V_24, + valuetype ''.$ArrayType$$$BY0EA@_W/*0200033B*/ V_25, + valuetype ''.$ArrayType$$$BY0EA@_W/*0200033B*/ V_26, + valuetype SError/*0200043D*/ V_27) + IL_0000: /* 02 | */ ldarg.0 + IL_0001: /* 04 | */ ldarg.2 + IL_0002: /* 28 | (06)0061B5 */ call instance valuetype HistorianClient/*02001D42*/* ArchestrA.BaseQuery/*02001E55*/::GetClient(class ArchestrA.HistorianAccessError/*02001E2E*/&) /* 060061B5 */ + IL_0007: /* 0A | */ stloc.0 + IL_0008: /* 06 | */ ldloc.0 + IL_0009: /* 2D | 02 */ brtrue.s IL_000d + + IL_000b: /* 16 | */ ldc.i4.0 + IL_000c: /* 2A | */ ret + + IL_000d: /* 02 | */ ldarg.0 + IL_000e: /* 04 | */ ldarg.2 + IL_000f: /* 28 | (06)0062A3 */ call instance bool ArchestrA.HistoryQuery/*02001EF9*/::EndQuery(class ArchestrA.HistorianAccessError/*02001E2E*/&) /* 060062A3 */ + IL_0014: /* 2D | 02 */ brtrue.s IL_0018 + + IL_0016: /* 16 | */ ldc.i4.0 + IL_0017: /* 2A | */ ret + + IL_0018: /* 12 | 1B */ ldloca.s V_27 + IL_001a: /* 16 | */ ldc.i4.0 + IL_001b: /* 6A | */ conv.i8 + IL_001c: /* 55 | */ stind.i8 + IL_001d: /* 12 | 1B */ ldloca.s V_27 + IL_001f: /* 1E | */ ldc.i4.8 + IL_0020: /* 58 | */ add + IL_0021: /* 16 | */ ldc.i4.0 + IL_0022: /* 54 | */ stind.i4 + IL_0023: /* 12 | 1B */ ldloca.s V_27 + IL_0025: /* 1F | 0C */ ldc.i4.s 12 + IL_0027: /* 58 | */ add + IL_0028: /* 16 | */ ldc.i4.0 + IL_0029: /* 54 | */ stind.i4 + .try + { + IL_002a: /* 06 | */ ldloc.0 + IL_002b: /* 1F | 10 */ ldc.i4.s 16 + IL_002d: /* 6A | */ conv.i8 + IL_002e: /* 58 | */ add + IL_002f: /* 4C | */ ldind.i8 + IL_0030: /* 20 | 48040000 */ ldc.i4 0x448 + IL_0035: /* 6A | */ conv.i8 + IL_0036: /* 58 | */ add + IL_0037: /* 4C | */ ldind.i8 + IL_0038: /* 13 | 04 */ stloc.s V_4 + IL_003a: /* 06 | */ ldloc.0 + IL_003b: /* 1E | */ ldc.i4.8 + IL_003c: /* 6A | */ conv.i8 + IL_003d: /* 58 | */ add + IL_003e: /* 4A | */ ldind.i4 + IL_003f: /* 13 | 0C */ stloc.s V_12 + IL_0041: /* 11 | 04 */ ldloc.s V_4 + IL_0043: /* 11 | 0C */ ldloc.s V_12 + IL_0045: /* 12 | 0B */ ldloca.s V_11 + IL_0047: /* 12 | 1B */ ldloca.s V_27 + IL_0049: /* 11 | 04 */ ldloc.s V_4 + IL_004b: /* 4C | */ ldind.i8 + IL_004c: /* 20 | 00030000 */ ldc.i4 0x300 + IL_0051: /* 6A | */ conv.i8 + IL_0052: /* 58 | */ add + IL_0053: /* 4C | */ ldind.i8 + IL_0054: /* 29 | C0310011 */ calli unmanaged cdecl uint8 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CompilerMarshalOverride/*01000018*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/)(native int,uint32 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsLong/*0100000C*/),bool* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/),valuetype SError/*0200043D*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/)) /*110031C0*/ + IL_0059: /* 2D | 0E */ brtrue.s IL_0069 + + IL_005b: /* 04 | */ ldarg.2 + IL_005c: /* 12 | 1B */ ldloca.s V_27 + IL_005e: /* 73 | (06)005F73 */ newobj instance void ArchestrA.HistorianAccessError/*02001E2E*/::.ctor(valuetype SError/*0200043D*/ modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/)) /* 06005F73 */ + IL_0063: /* 51 | */ stind.ref + IL_0064: /* 38 | A5000000 */ br IL_010e + + IL_0069: /* 02 | */ ldarg.0 + IL_006a: /* 11 | 0B */ ldloc.s V_11 + IL_006c: /* 7D | (04)00A086 */ stfld bool ArchestrA.HistoryQuery/*02001EF9*/::optionAvailable /* 0400A086 */ + IL_0071: /* 06 | */ ldloc.0 + IL_0072: /* 1F | 10 */ ldc.i4.s 16 + IL_0074: /* 6A | */ conv.i8 + IL_0075: /* 58 | */ add + IL_0076: /* 4C | */ ldind.i8 + IL_0077: /* 20 | 80000000 */ ldc.i4 0x80 + IL_007c: /* 6A | */ conv.i8 + IL_007d: /* 58 | */ add + IL_007e: /* 0C | */ stloc.2 + IL_007f: /* 08 | */ ldloc.2 + IL_0080: /* 0D | */ stloc.3 + IL_0081: /* 1E | */ ldc.i4.8 + IL_0082: /* 6A | */ conv.i8 + IL_0083: /* 08 | */ ldloc.2 + IL_0084: /* 1F | 18 */ ldc.i4.s 24 + IL_0086: /* 6A | */ conv.i8 + IL_0087: /* 58 | */ add + IL_0088: /* 4C | */ ldind.i8 + IL_0089: /* 36 | 03 */ ble.un.s IL_008e + + IL_008b: /* 16 | */ ldc.i4.0 + IL_008c: /* 2B | 01 */ br.s IL_008f + + IL_008e: /* 17 | */ ldc.i4.1 + IL_008f: /* D2 | */ conv.u1 + IL_0090: /* 2C | 03 */ brfalse.s IL_0095 + + IL_0092: /* 08 | */ ldloc.2 + IL_0093: /* 4C | */ ldind.i8 + IL_0094: /* 0D | */ stloc.3 + IL_0095: /* 02 | */ ldarg.0 + IL_0096: /* 09 | */ ldloc.3 + IL_0097: /* 73 | (0A)000042 */ newobj instance void [mscorlib/*23000001*/]System.String/*01000030*/::.ctor(char*) /* 0A000042 */ + IL_009c: /* 7D | (04)00A085 */ stfld string ArchestrA.HistoryQuery/*02001EF9*/::dataSourceId /* 0400A085 */ + IL_00a1: /* 03 | */ ldarg.1 + IL_00a2: /* 2D | 0B */ brtrue.s IL_00af + + IL_00a4: /* 04 | */ ldarg.2 + IL_00a5: /* 1A | */ ldc.i4.4 + IL_00a6: /* 1C | */ ldc.i4.6 + IL_00a7: /* 73 | (06)005F77 */ newobj instance void ArchestrA.HistorianAccessError/*02001E2E*/::.ctor(valuetype ArchestrA.HistorianAccessError/*02001E2E*//ErrorTypeValue/*02001E30*/, + valuetype ArchestrA.HistorianAccessError/*02001E2E*//ErrorValue/*02001E2F*/) /* 06005F77 */ + IL_00ac: /* 51 | */ stind.ref + IL_00ad: /* 2B | 5F */ br.s IL_010e + + IL_00af: /* 03 | */ ldarg.1 + IL_00b0: /* 04 | */ ldarg.2 + IL_00b1: /* 6F | (06)006246 */ callvirt instance bool ArchestrA.HistoryQueryArgs/*02001EF7*/::ProcessQueryArgs(class ArchestrA.HistorianAccessError/*02001E2E*/&) /* 06006246 */ + IL_00b6: /* 2C | 56 */ brfalse.s IL_010e + + IL_00b8: /* 12 | 1A */ ldloca.s V_26 + IL_00ba: /* 16 | */ ldc.i4.0 + IL_00bb: /* 20 | 80000000 */ ldc.i4 0x80 + IL_00c0: /* 6A | */ conv.i8 + IL_00c1: /* FE12 | 04 */ unaligned. 4 + IL_00c4: /* FE18 | */ initblk + IL_00c6: /* 03 | */ ldarg.1 + IL_00c7: /* 28 | (06)006251 */ call instance string ArchestrA.HistoryQueryArgs/*02001EF7*/::get_Option() /* 06006251 */ + IL_00cc: /* 1F | 40 */ ldc.i4.s 64 + IL_00ce: /* 6A | */ conv.i8 + IL_00cf: /* 12 | 1A */ ldloca.s V_26 + IL_00d1: /* 28 | (06)005823 */ call int32 ArchestrA.ConvertHelper.ManagedToUnmanagedString(string, + uint64, + char*) /* 06005823 */ + IL_00d6: /* 2C | 0C */ brfalse.s IL_00e4 + + IL_00d8: /* 04 | */ ldarg.2 + IL_00d9: /* 1A | */ ldc.i4.4 + IL_00da: /* 1F | 55 */ ldc.i4.s 85 + IL_00dc: /* 73 | (06)005F77 */ newobj instance void ArchestrA.HistorianAccessError/*02001E2E*/::.ctor(valuetype ArchestrA.HistorianAccessError/*02001E2E*//ErrorTypeValue/*02001E30*/, + valuetype ArchestrA.HistorianAccessError/*02001E2E*//ErrorValue/*02001E2F*/) /* 06005F77 */ + IL_00e1: /* 51 | */ stind.ref + IL_00e2: /* 2B | 2A */ br.s IL_010e + + IL_00e4: /* 12 | 19 */ ldloca.s V_25 + IL_00e6: /* 16 | */ ldc.i4.0 + IL_00e7: /* 20 | 80000000 */ ldc.i4 0x80 + IL_00ec: /* 6A | */ conv.i8 + IL_00ed: /* FE12 | 04 */ unaligned. 4 + IL_00f0: /* FE18 | */ initblk + IL_00f2: /* 03 | */ ldarg.1 + IL_00f3: /* 28 | (06)006257 */ call instance string ArchestrA.HistoryQueryArgs/*02001EF7*/::get_Filter() /* 06006257 */ + IL_00f8: /* 1F | 40 */ ldc.i4.s 64 + IL_00fa: /* 6A | */ conv.i8 + IL_00fb: /* 12 | 19 */ ldloca.s V_25 + IL_00fd: /* 28 | (06)005823 */ call int32 ArchestrA.ConvertHelper.ManagedToUnmanagedString(string, + uint64, + char*) /* 06005823 */ + IL_0102: /* 2C | 11 */ brfalse.s IL_0115 + + IL_0104: /* 04 | */ ldarg.2 + IL_0105: /* 1A | */ ldc.i4.4 + IL_0106: /* 1F | 55 */ ldc.i4.s 85 + IL_0108: /* 73 | (06)005F77 */ newobj instance void ArchestrA.HistorianAccessError/*02001E2E*/::.ctor(valuetype ArchestrA.HistorianAccessError/*02001E2E*//ErrorTypeValue/*02001E30*/, + valuetype ArchestrA.HistorianAccessError/*02001E2E*//ErrorValue/*02001E2F*/) /* 06005F77 */ + IL_010d: /* 51 | */ stind.ref + IL_010e: /* 16 | */ ldc.i4.0 + IL_010f: /* 0B | */ stloc.1 + IL_0110: /* DD | 9F020000 */ leave IL_03b4 + + IL_0115: /* 03 | */ ldarg.1 + IL_0116: /* 28 | (06)0061B7 */ call instance class [System/*2300000D*/]System.Collections.Specialized.StringCollection/*01000126*/ ArchestrA.BaseQueryArgs/*02001E56*/::get_TagNames() /* 060061B7 */ + IL_011b: /* 6F | (0A)00041C */ callvirt instance int32 [System/*2300000D*/]System.Collections.Specialized.StringCollection/*01000126*/::get_Count() /* 0A00041C */ + IL_0120: /* 6A | */ conv.i8 + IL_0121: /* 13 | 0A */ stloc.s V_10 + IL_0123: /* 12 | 18 */ ldloca.s V_24 + IL_0125: /* 16 | */ ldc.i4.0 + IL_0126: /* 6A | */ conv.i8 + IL_0127: /* 55 | */ stind.i8 + IL_0128: /* 12 | 18 */ ldloca.s V_24 + IL_012a: /* 1E | */ ldc.i4.8 + IL_012b: /* 58 | */ add + IL_012c: /* 16 | */ ldc.i4.0 + IL_012d: /* 6A | */ conv.i8 + IL_012e: /* 55 | */ stind.i8 + IL_012f: /* 12 | 18 */ ldloca.s V_24 + IL_0131: /* 1F | 10 */ ldc.i4.s 16 + IL_0133: /* 58 | */ add + IL_0134: /* 16 | */ ldc.i4.0 + IL_0135: /* 6A | */ conv.i8 + IL_0136: /* 55 | */ stind.i8 + .try + { + IL_0137: /* 12 | 18 */ ldloca.s V_24 + IL_0139: /* 11 | 0A */ ldloc.s V_10 + IL_013b: /* 28 | (06)005856 */ call void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'std.vector >.reserve'(valuetype std.'vector >'/*02000245*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/), + uint64 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06005856 */ + IL_0140: /* DE | 0E */ leave.s IL_0150 + + } // end .try + fault + { + IL_0142: /* FE06 | (06)00585A */ ldftn void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'std.vector >.{dtor}'(valuetype std.'vector >'/*02000245*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 0600585A */ + IL_0148: /* 12 | 18 */ ldloca.s V_24 + IL_014a: /* 28 | (06)005C0F */ call void ___CxxCallUnwindDtor(method void *(void*), + void*) /* 06005C0F */ + IL_014f: /* DC | */ endfinally + } // end handler + // HEX: 04 00 00 00 37 01 00 00 0B 00 00 00 42 01 00 00 0E 00 00 00 73 00 00 01 + IL_0150: /* 00 | */ nop + .try + { + IL_0151: /* 03 | */ ldarg.1 + IL_0152: /* 28 | (06)0061B7 */ call instance class [System/*2300000D*/]System.Collections.Specialized.StringCollection/*01000126*/ ArchestrA.BaseQueryArgs/*02001E56*/::get_TagNames() /* 060061B7 */ + IL_0157: /* 12 | 18 */ ldloca.s V_24 + IL_0159: /* 04 | */ ldarg.2 + IL_015a: /* 28 | (06)005825 */ call bool ArchestrA.ConvertHelper.ManagedToUnmanagedStrings(class [System/*2300000D*/]System.Collections.Specialized.StringCollection/*01000126*/, + valuetype stx.tsarray/*0200022B*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/), + class ArchestrA.HistorianAccessError/*02001E2E*/&) /* 06005825 */ + IL_015f: /* 2D | 07 */ brtrue.s IL_0168 + + IL_0161: /* 16 | */ ldc.i4.0 + IL_0162: /* 0B | */ stloc.1 + IL_0163: /* 38 | 0D020000 */ br IL_0375 + + IL_0168: /* 12 | 17 */ ldloca.s V_23 + IL_016a: /* 28 | (06)000041 */ call valuetype QueryColumnSelector/*02000239*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'QueryColumnSelector.{ctor}'(valuetype QueryColumnSelector/*02000239*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06000041 */ + IL_016f: /* 26 | */ pop + .try + { + IL_0170: /* 02 | */ ldarg.0 + IL_0171: /* 03 | */ ldarg.1 + IL_0172: /* 12 | 17 */ ldloca.s V_23 + IL_0174: /* 28 | (06)00629C */ call instance void ArchestrA.HistoryQuery/*02001EF9*/::SelectQueryColumns(class ArchestrA.HistoryQueryArgs/*02001EF7*/, + valuetype QueryColumnSelector/*02000239*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/)) /* 0600629C */ + IL_0179: /* 12 | 16 */ ldloca.s V_22 + IL_017b: /* 28 | (06)0011DE */ call valuetype 'SMemFile'/*020006A8*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'SMemFile.{ctor}'(valuetype 'SMemFile'/*020006A8*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 060011DE */ + IL_0180: /* 26 | */ pop + .try + { + IL_0181: /* 12 | 16 */ ldloca.s V_22 + IL_0183: /* 7F | (04)001016 */ ldsflda valuetype ''.$ArrayType$$$BY0BC@Q6AXXZ/*0200032C*/ modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) '??_7SCrtMemFile@@6B@' /* 04001016 */ + IL_0188: /* 55 | */ stind.i8 + IL_0189: /* DE | 0E */ leave.s IL_0199 + + } // end .try + fault + { + IL_018b: /* FE06 | (06)0011E0 */ ldftn void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'SMemFile.{dtor}'(valuetype 'SMemFile'/*020006A8*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 060011E0 */ + IL_0191: /* 12 | 16 */ ldloca.s V_22 + IL_0193: /* 28 | (06)005C0F */ call void ___CxxCallUnwindDtor(method void *(void*), + void*) /* 06005C0F */ + IL_0198: /* DC | */ endfinally + } // end handler + // HEX: 04 00 00 00 81 01 00 00 0A 00 00 00 8B 01 00 00 0E 00 00 00 73 00 00 01 + IL_0199: /* 00 | */ nop + .try + { + IL_019a: /* 12 | 15 */ ldloca.s V_21 + IL_019c: /* 12 | 16 */ ldloca.s V_22 + IL_019e: /* 55 | */ stind.i8 + IL_019f: /* 17 | */ ldc.i4.1 + IL_01a0: /* 13 | 14 */ stloc.s V_20 + IL_01a2: /* 12 | 16 */ ldloca.s V_22 + IL_01a4: /* 12 | 14 */ ldloca.s V_20 + IL_01a6: /* 18 | */ ldc.i4.2 + IL_01a7: /* 6A | */ conv.i8 + IL_01a8: /* 28 | (06)000801 */ call void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'SMemFile.SaveEx'(valuetype 'SMemFile'/*020006A8*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/), + void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)*, + uint64) /* 06000801 */ + IL_01ad: /* 12 | 15 */ ldloca.s V_21 + IL_01af: /* 4C | */ ldind.i8 + IL_01b0: /* 12 | 17 */ ldloca.s V_23 + IL_01b2: /* 1E | */ ldc.i4.8 + IL_01b3: /* 6A | */ conv.i8 + IL_01b4: /* 28 | (06)000801 */ call void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'SMemFile.SaveEx'(valuetype 'SMemFile'/*020006A8*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/), + void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)*, + uint64) /* 06000801 */ + IL_01b9: /* 7E | (04)001B05 */ ldsfld int32** __unep@??$endstream@VSCrtMemFile@@@@$$FYAAEAV?$SByteStream@VSCrtMemFile@@@@AEAV0@@Z /* 04001B05 */ + IL_01be: /* 13 | 09 */ stloc.s V_9 + IL_01c0: /* 12 | 15 */ ldloca.s V_21 + IL_01c2: /* 11 | 09 */ ldloc.s V_9 + IL_01c4: /* 29 | 23080011 */ calli unmanaged cdecl valuetype 'SByteStream'/*02000551*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/)(valuetype 'SByteStream'/*02000551*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/)) /*11000823*/ + IL_01c9: /* 26 | */ pop + IL_01ca: /* 16 | */ ldc.i4.0 + IL_01cb: /* 13 | 08 */ stloc.s V_8 + IL_01cd: /* 12 | 13 */ ldloca.s V_19 + IL_01cf: /* 16 | */ ldc.i4.0 + IL_01d0: /* 6A | */ conv.i8 + IL_01d1: /* 55 | */ stind.i8 + IL_01d2: /* 12 | 13 */ ldloca.s V_19 + IL_01d4: /* 1E | */ ldc.i4.8 + IL_01d5: /* 58 | */ add + IL_01d6: /* 16 | */ ldc.i4.0 + IL_01d7: /* 54 | */ stind.i4 + IL_01d8: /* 12 | 13 */ ldloca.s V_19 + IL_01da: /* 1F | 0C */ ldc.i4.s 12 + IL_01dc: /* 58 | */ add + IL_01dd: /* 16 | */ ldc.i4.0 + IL_01de: /* 54 | */ stind.i4 + .try + { + IL_01df: /* 12 | 12 */ ldloca.s V_18 + IL_01e1: /* 16 | */ ldc.i4.0 + IL_01e2: /* 20 | 80000000 */ ldc.i4 0x80 + IL_01e7: /* 6A | */ conv.i8 + IL_01e8: /* FE12 | 04 */ unaligned. 4 + IL_01eb: /* FE18 | */ initblk + IL_01ed: /* 12 | 11 */ ldloca.s V_17 + IL_01ef: /* 16 | */ ldc.i4.0 + IL_01f0: /* 20 | 80000000 */ ldc.i4 0x80 + IL_01f5: /* 6A | */ conv.i8 + IL_01f6: /* FE12 | 04 */ unaligned. 4 + IL_01f9: /* FE18 | */ initblk + IL_01fb: /* 02 | */ ldarg.0 + IL_01fc: /* 7B | (04)00A086 */ ldfld bool ArchestrA.HistoryQuery/*02001EF9*/::optionAvailable /* 0400A086 */ + IL_0201: /* 16 | */ ldc.i4.0 + IL_0202: /* 33 | 07 */ bne.un.s IL_020b + + IL_0204: /* 7F | (04)007BCA */ ldsflda valuetype ''.$ArrayType$$$BY08$$CB_W/*02000151*/ modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) '??_C@_1BC@KNNFNJNI@?$AAN?$AAo?$AAO?$AAp?$AAt?$AAi?$AAo?$AAn@' /* 04007BCA */ + IL_0209: /* 2B | 02 */ br.s IL_020d + + IL_020b: /* 12 | 1A */ ldloca.s V_26 + IL_020d: /* 13 | 07 */ stloc.s V_7 + IL_020f: /* 03 | */ ldarg.1 + IL_0210: /* 28 | (06)0061BB */ call instance valuetype [mscorlib/*23000001*/]System.DateTime/*01000086*/ ArchestrA.BaseQueryArgs/*02001E56*/::get_EndDateTime() /* 060061BB */ + IL_0215: /* 13 | 10 */ stloc.s V_16 + IL_0217: /* 12 | 10 */ ldloca.s V_16 + IL_0219: /* 28 | (0A)00040D */ call instance valuetype [mscorlib/*23000001*/]System.DateTime/*01000086*/ [mscorlib/*23000001*/]System.DateTime/*01000086*/::ToUniversalTime() /* 0A00040D */ + IL_021e: /* 13 | 0F */ stloc.s V_15 + IL_0220: /* 03 | */ ldarg.1 + IL_0221: /* 28 | (06)0061B9 */ call instance valuetype [mscorlib/*23000001*/]System.DateTime/*01000086*/ ArchestrA.BaseQueryArgs/*02001E56*/::get_StartDateTime() /* 060061B9 */ + IL_0226: /* 13 | 0E */ stloc.s V_14 + IL_0228: /* 12 | 0E */ ldloca.s V_14 + IL_022a: /* 28 | (0A)00040D */ call instance valuetype [mscorlib/*23000001*/]System.DateTime/*01000086*/ [mscorlib/*23000001*/]System.DateTime/*01000086*/::ToUniversalTime() /* 0A00040D */ + IL_022f: /* 13 | 0D */ stloc.s V_13 + IL_0231: /* 12 | 15 */ ldloca.s V_21 + IL_0233: /* 4C | */ ldind.i8 + IL_0234: /* 12 | 15 */ ldloca.s V_21 + IL_0236: /* 4C | */ ldind.i8 + IL_0237: /* 4C | */ ldind.i8 + IL_0238: /* 1F | 78 */ ldc.i4.s 120 + IL_023a: /* 6A | */ conv.i8 + IL_023b: /* 58 | */ add + IL_023c: /* 4C | */ ldind.i8 + IL_023d: /* 29 | F6000011 */ calli unmanaged cdecl uint8 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/)(native int) /*110000F6*/ + IL_0242: /* 13 | 06 */ stloc.s V_6 + IL_0244: /* 12 | 15 */ ldloca.s V_21 + IL_0246: /* 4C | */ ldind.i8 + IL_0247: /* 1E | */ ldc.i4.8 + IL_0248: /* 6A | */ conv.i8 + IL_0249: /* 58 | */ add + IL_024a: /* 4A | */ ldind.i4 + IL_024b: /* 6E | */ conv.u8 + IL_024c: /* 13 | 05 */ stloc.s V_5 + IL_024e: /* 06 | */ ldloc.0 + IL_024f: /* 03 | */ ldarg.1 + IL_0250: /* 28 | (06)0061BD */ call instance valuetype ArchestrA.HistorianRetrievalMode/*02001E6D*/ ArchestrA.BaseQueryArgs/*02001E56*/::get_RetrievalMode() /* 060061BD */ + IL_0255: /* 16 | */ ldc.i4.0 + IL_0256: /* 16 | */ ldc.i4.0 + IL_0257: /* 03 | */ ldarg.1 + IL_0258: /* 28 | (06)0061B7 */ call instance class [System/*2300000D*/]System.Collections.Specialized.StringCollection/*01000126*/ ArchestrA.BaseQueryArgs/*02001E56*/::get_TagNames() /* 060061B7 */ + IL_025d: /* 6F | (0A)00041C */ callvirt instance int32 [System/*2300000D*/]System.Collections.Specialized.StringCollection/*01000126*/::get_Count() /* 0A00041C */ + IL_0262: /* 12 | 18 */ ldloca.s V_24 + IL_0264: /* 28 | (06)0057EA */ call char modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) stx.tsarray.get(valuetype stx.tsarray/*0200022B*/ modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 060057EA */ + IL_0269: /* 16 | */ ldc.i4.0 + IL_026a: /* 16 | */ ldc.i4.0 + IL_026b: /* 6A | */ conv.i8 + IL_026c: /* 12 | 0D */ ldloca.s V_13 + IL_026e: /* 28 | (0A)00040C */ call instance int64 [mscorlib/*23000001*/]System.DateTime/*01000086*/::ToFileTime() /* 0A00040C */ + IL_0273: /* 12 | 0F */ ldloca.s V_15 + IL_0275: /* 28 | (0A)00040C */ call instance int64 [mscorlib/*23000001*/]System.DateTime/*01000086*/::ToFileTime() /* 0A00040C */ + IL_027a: /* 03 | */ ldarg.1 + IL_027b: /* 28 | (06)0061BF */ call instance uint64 ArchestrA.BaseQueryArgs/*02001E56*/::get_Resolution() /* 060061BF */ + IL_0280: /* 76 | */ conv.r.un + IL_0281: /* 6C | */ conv.r8 + IL_0282: /* 03 | */ ldarg.1 + IL_0283: /* 28 | (06)006247 */ call instance float32 ArchestrA.HistoryQueryArgs/*02001EF7*/::get_ValueDeadband() /* 06006247 */ + IL_0288: /* 03 | */ ldarg.1 + IL_0289: /* 28 | (06)006249 */ call instance uint32 ArchestrA.HistoryQueryArgs/*02001EF7*/::get_TimeDeadband() /* 06006249 */ + IL_028e: /* 7F | (04)004924 */ ldsflda valuetype ''.$ArrayType$$$BY03$$CB_W/*02000183*/ modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) '??_C@_17JJKFGAAG@?$AAU?$AAT?$AAC@' /* 04004924 */ + IL_0293: /* 03 | */ ldarg.1 + IL_0294: /* 28 | (06)0061C1 */ call instance valuetype ArchestrA.HistorianVersionType/*02001E6E*/ ArchestrA.BaseQueryArgs/*02001E56*/::get_DataVersion() /* 060061C1 */ + IL_0299: /* 03 | */ ldarg.1 + IL_029a: /* 28 | (06)00624B */ call instance valuetype ArchestrA.HistorianInterpolationType/*02001E60*/ ArchestrA.HistoryQueryArgs/*02001EF7*/::get_InterpolationType() /* 0600624B */ + IL_029f: /* 03 | */ ldarg.1 + IL_02a0: /* 28 | (06)00624D */ call instance valuetype ArchestrA.HistorianTimestampRule/*02001F03*/ ArchestrA.HistoryQueryArgs/*02001EF7*/::get_TimeStampRule() /* 0600624D */ + IL_02a5: /* 03 | */ ldarg.1 + IL_02a6: /* 28 | (06)00624F */ call instance valuetype ArchestrA.HistorianQualityRule/*02001F04*/ ArchestrA.HistoryQueryArgs/*02001EF7*/::get_QualityRule() /* 0600624F */ + IL_02ab: /* 11 | 07 */ ldloc.s V_7 + IL_02ad: /* 12 | 12 */ ldloca.s V_18 + IL_02af: /* 1F | 40 */ ldc.i4.s 64 + IL_02b1: /* 12 | 11 */ ldloca.s V_17 + IL_02b3: /* 1F | 40 */ ldc.i4.s 64 + IL_02b5: /* 03 | */ ldarg.1 + IL_02b6: /* 28 | (06)006253 */ call instance valuetype ArchestrA.HistorianValueSelector/*02001F05*/ ArchestrA.HistoryQueryArgs/*02001EF7*/::get_ValueSelector() /* 06006253 */ + IL_02bb: /* 03 | */ ldarg.1 + IL_02bc: /* 28 | (06)006255 */ call instance valuetype ArchestrA.HistorianAggregationType/*02001F06*/ ArchestrA.HistoryQueryArgs/*02001EF7*/::get_AggregationType() /* 06006255 */ + IL_02c1: /* 11 | 05 */ ldloc.s V_5 + IL_02c3: /* 6D | */ conv.u4 + IL_02c4: /* 11 | 06 */ ldloc.s V_6 + IL_02c6: /* 12 | 19 */ ldloca.s V_25 + IL_02c8: /* 03 | */ ldarg.1 + IL_02c9: /* 28 | (06)006259 */ call instance uint16 ArchestrA.HistoryQueryArgs/*02001EF7*/::get_MaxStates() /* 06006259 */ + IL_02ce: /* 12 | 08 */ ldloca.s V_8 + IL_02d0: /* 12 | 13 */ ldloca.s V_19 + IL_02d2: /* 28 | (06)0055E4 */ call bool modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) HistorianClient.StartDataQuery(valuetype HistorianClient/*02001D42*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/), + valuetype INSQL_QUERYTYPE/*0200013F*/, + valuetype INSQL_QUERYFORMAT/*02000140*/, + valuetype HISTORIAN_SUMMARYTYPE/*02000191*/, + uint32 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsLong/*0100000C*/), + char modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)**, + uint32 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsLong/*0100000C*/), + char modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)**, + uint64, + uint64, + float64, + float32, + uint32, + char modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)*, + valuetype E_VERSIONTYPE/*02000133*/, + valuetype E_INTERPOLATIONTYPE/*02000128*/, + valuetype E_TIMESTAMPRULE/*02000129*/, + valuetype E_QUALITYRULE/*0200012A*/, + char modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)*, + char*, + uint16, + char*, + uint16, + valuetype EValueSelector/*02000197*/, + valuetype E_AGGREGATIONTYPE/*0200012B*/, + uint32, + uint8 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)*, + char modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)*, + uint16, + uint32 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsLong/*0100000C*/)*, + valuetype SError/*0200043D*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/)) /* 060055E4 */ + IL_02d7: /* 2D | 0D */ brtrue.s IL_02e6 + + IL_02d9: /* 04 | */ ldarg.2 + IL_02da: /* 12 | 13 */ ldloca.s V_19 + IL_02dc: /* 73 | (06)005F73 */ newobj instance void ArchestrA.HistorianAccessError/*02001E2E*/::.ctor(valuetype SError/*0200043D*/ modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/)) /* 06005F73 */ + IL_02e1: /* 51 | */ stind.ref + IL_02e2: /* 16 | */ ldc.i4.0 + IL_02e3: /* 0B | */ stloc.1 + IL_02e4: /* DE | 3A */ leave.s IL_0320 + + IL_02e6: /* 02 | */ ldarg.0 + IL_02e7: /* 11 | 08 */ ldloc.s V_8 + IL_02e9: /* 7D | (04)009EFB */ stfld uint32 modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsLong/*0100000C*/) ArchestrA.BaseQuery/*02001E55*/::queryHandle /* 04009EFB */ + IL_02ee: /* 03 | */ ldarg.1 + IL_02ef: /* 02 | */ ldarg.0 + IL_02f0: /* 7B | (04)00A085 */ ldfld string ArchestrA.HistoryQuery/*02001EF9*/::dataSourceId /* 0400A085 */ + IL_02f5: /* 7D | (04)009F08 */ stfld string ArchestrA.BaseQueryArgs/*02001E56*/::dataSourceId /* 04009F08 */ + IL_02fa: /* 02 | */ ldarg.0 + IL_02fb: /* 7B | (04)00A087 */ ldfld class ArchestrA.HistoryQueryResult/*02001EF8*/ ArchestrA.HistoryQuery/*02001EF9*/::queryResult /* 0400A087 */ + IL_0300: /* 2D | 0C */ brtrue.s IL_030e + + IL_0302: /* 02 | */ ldarg.0 + IL_0303: /* 03 | */ ldarg.1 + IL_0304: /* 73 | (06)00625C */ newobj instance void ArchestrA.HistoryQueryResult/*02001EF8*/::.ctor(class ArchestrA.HistoryQueryArgs/*02001EF7*/) /* 0600625C */ + IL_0309: /* 7D | (04)00A087 */ stfld class ArchestrA.HistoryQueryResult/*02001EF8*/ ArchestrA.HistoryQuery/*02001EF9*/::queryResult /* 0400A087 */ + IL_030e: /* 17 | */ ldc.i4.1 + IL_030f: /* 0B | */ stloc.1 + IL_0310: /* DE | 0E */ leave.s IL_0320 + + } // end .try + fault + { + IL_0312: /* FE06 | (06)000159 */ ldftn void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'SError.{dtor}'(valuetype SError/*0200043D*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06000159 */ + IL_0318: /* 12 | 13 */ ldloca.s V_19 + IL_031a: /* 28 | (06)005C0F */ call void ___CxxCallUnwindDtor(method void *(void*), + void*) /* 06005C0F */ + IL_031f: /* DC | */ endfinally + } // end handler + // HEX: 04 00 00 00 DF 01 00 00 33 01 00 00 12 03 00 00 0E 00 00 00 73 00 00 01 + IL_0320: /* 12 | 13 */ ldloca.s V_19 + IL_0322: /* 28 | (06)000165 */ call void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) SError.ClearErrorDetail(valuetype SError/*0200043D*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06000165 */ + IL_0327: /* DE | 0E */ leave.s IL_0337 + + } // end .try + fault + { + IL_0329: /* FE06 | (06)000CFE */ ldftn void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'SCrtMemFile.{dtor}'(valuetype SCrtMemFile/*020004AE*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06000CFE */ + IL_032f: /* 12 | 16 */ ldloca.s V_22 + IL_0331: /* 28 | (06)005C0F */ call void ___CxxCallUnwindDtor(method void *(void*), + void*) /* 06005C0F */ + IL_0336: /* DC | */ endfinally + } // end handler + // HEX: 04 00 00 00 9A 01 00 00 8F 01 00 00 29 03 00 00 0E 00 00 00 73 00 00 01 + IL_0337: /* 12 | 16 */ ldloca.s V_22 + IL_0339: /* 7F | (04)0010BA */ ldsflda valuetype ''.$ArrayType$$$BY0BC@Q6AXXZ/*0200032C*/ modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) '??_7?$SMemFile@VSCrtAllocator@@@@6B@' /* 040010BA */ + IL_033e: /* 55 | */ stind.i8 + .try + { + IL_033f: /* 12 | 16 */ ldloca.s V_22 + IL_0341: /* 28 | (06)0011E7 */ call void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'SMemFile.Free'(valuetype 'SMemFile'/*020006A8*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 060011E7 */ + IL_0346: /* DE | 0E */ leave.s IL_0356 + + } // end .try + fault + { + IL_0348: /* FE06 | (06)00014C */ ldftn void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'SFile.{dtor}'(valuetype SFile/*0200022E*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 0600014C */ + IL_034e: /* 12 | 16 */ ldloca.s V_22 + IL_0350: /* 28 | (06)005C0F */ call void ___CxxCallUnwindDtor(method void *(void*), + void*) /* 06005C0F */ + IL_0355: /* DC | */ endfinally + } // end handler + // HEX: 04 00 00 00 3F 03 00 00 09 00 00 00 48 03 00 00 0E 00 00 00 73 00 00 01 + IL_0356: /* 12 | 16 */ ldloca.s V_22 + IL_0358: /* 7F | (04)00037E */ ldsflda valuetype ''.$ArrayType$$$BY0BC@Q6AXXZ/*0200032C*/ modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) '??_7SFile@@6B@' /* 0400037E */ + IL_035d: /* 55 | */ stind.i8 + IL_035e: /* DE | 0E */ leave.s IL_036e + + } // end .try + fault + { + IL_0360: /* FE06 | (06)000044 */ ldftn void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'QueryColumnSelector.{dtor}'(valuetype QueryColumnSelector/*02000239*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06000044 */ + IL_0366: /* 12 | 17 */ ldloca.s V_23 + IL_0368: /* 28 | (06)005C0F */ call void ___CxxCallUnwindDtor(method void *(void*), + void*) /* 06005C0F */ + IL_036d: /* DC | */ endfinally + } // end handler + // HEX: 04 00 00 00 70 01 00 00 F0 01 00 00 60 03 00 00 0E 00 00 00 73 00 00 01 + IL_036e: /* 12 | 17 */ ldloca.s V_23 + IL_0370: /* 28 | (06)000044 */ call void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'QueryColumnSelector.{dtor}'(valuetype QueryColumnSelector/*02000239*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06000044 */ + IL_0375: /* DE | 0E */ leave.s IL_0385 + + } // end .try + fault + { + IL_0377: /* FE06 | (06)0057E7 */ ldftn void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'stx.tsarray.{dtor}'(valuetype stx.tsarray/*0200022B*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 060057E7 */ + IL_037d: /* 12 | 18 */ ldloca.s V_24 + IL_037f: /* 28 | (06)005C0F */ call void ___CxxCallUnwindDtor(method void *(void*), + void*) /* 06005C0F */ + IL_0384: /* DC | */ endfinally + } // end handler + // HEX: 04 00 00 00 51 01 00 00 26 02 00 00 77 03 00 00 0E 00 00 00 73 00 00 01 + IL_0385: /* 00 | */ nop + .try + { + IL_0386: /* 12 | 18 */ ldloca.s V_24 + IL_0388: /* 28 | (06)005886 */ call void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'stx.clear_array_ptr_vector'(valuetype std.'vector >'/*02000245*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsImplicitlyDereferenced/*01000012*/)) /* 06005886 */ + IL_038d: /* DE | 0E */ leave.s IL_039d + + } // end .try + fault + { + IL_038f: /* FE06 | (06)00585A */ ldftn void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'std.vector >.{dtor}'(valuetype std.'vector >'/*02000245*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 0600585A */ + IL_0395: /* 12 | 18 */ ldloca.s V_24 + IL_0397: /* 28 | (06)005C0F */ call void ___CxxCallUnwindDtor(method void *(void*), + void*) /* 06005C0F */ + IL_039c: /* DC | */ endfinally + } // end handler + // HEX: 04 00 00 00 86 03 00 00 09 00 00 00 8F 03 00 00 0E 00 00 00 73 00 00 01 + IL_039d: /* 12 | 18 */ ldloca.s V_24 + IL_039f: /* 28 | (06)005872 */ call void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'std.vector >._Tidy'(valuetype std.'vector >'/*02000245*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06005872 */ + IL_03a4: /* DE | 0E */ leave.s IL_03b4 + + } // end .try + fault + { + IL_03a6: /* FE06 | (06)000159 */ ldftn void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) 'SError.{dtor}'(valuetype SError/*0200043D*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06000159 */ + IL_03ac: /* 12 | 1B */ ldloca.s V_27 + IL_03ae: /* 28 | (06)005C0F */ call void ___CxxCallUnwindDtor(method void *(void*), + void*) /* 06005C0F */ + IL_03b3: /* DC | */ endfinally + } // end handler + // HEX: 04 00 00 00 2A 00 00 00 7C 03 00 00 A6 03 00 00 0E 00 00 00 73 00 00 01 + IL_03b4: /* 12 | 1B */ ldloca.s V_27 + IL_03b6: /* 28 | (06)000165 */ call void modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.CallConvCdecl/*0100000B*/) SError.ClearErrorDetail(valuetype SError/*0200043D*/* modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/) modopt([mscorlib/*23000001*/]System.Runtime.CompilerServices.IsConst/*0100000D*/)) /* 06000165 */ + IL_03bb: /* 07 | */ ldloc.1 + IL_03bc: /* 2A | */ ret + } // end of method HistoryQuery::StartQuery + +} // end of class ArchestrA.HistoryQuery + +// *********** DISASSEMBLY COMPLETE *********************** diff --git a/docs/reverse-engineering/implementation-status.md b/docs/reverse-engineering/implementation-status.md new file mode 100644 index 0000000..938440f --- /dev/null +++ b/docs/reverse-engineering/implementation-status.md @@ -0,0 +1,1460 @@ +# Implementation Status + +## Completed + +- Production SDK targets `net10.0` and has no AVEVA binary references. +- Public API now includes the intended parity surface: + - TCP probe + - raw, aggregate, at-time, and block history reads + - event reads + - tag browse and metadata calls + - connection, store-forward, and system-parameter status calls + - write-back intentionally remains out of scope for this read-only SDK pass +- Internal protocol scaffolding exists: + - `HistorianConnection` + - `HistorianFrameReader` + - `HistorianFrameWriter` + - `Historian2020ProtocolDialect` +- Evidence-backed WCF scaffolding exists: + - WCF service names for `Hist`, `Retr`, `Storage`, `Stat`, and `Trx` + - contract interfaces for history, history extensions, retrieval, retrieval + extensions, and status + - `application/x-mdas` message encoder wrapper + - Net.TCP binding and endpoint factory for port `32568` + - bounded `wcf-start-query` harness options (`--max-attempts` and + `--timeout-seconds`) so negative query probes do not have to run the full + matrix + - live local and remote `GetV` evidence for `/Hist`, `/Retr`, `/Stat`, and + `/Trx` + - live `GetV` evidence for `/HistCert` using MDAS over WCF Net.TCP + transport security + - `ValidateClientCredential` token wrapping and the native NTLM negotiate + `VERSION` flag adjustment as isolated, tested protocol primitives +- `ProbeAsync` now uses fully managed WCF/MDAS `GetV` calls instead of a raw + TCP socket check. +- Managed `Hist.OpenConnection` reaches server logic, but the older scalar + operation expects the native password/session packet. +- Managed `Hist.Open2` now reaches server logic with a version-1 byte buffer. + Empty credentials return custom native error `171` (`AuthenticationFailed`), + confirming the basic byte-buffer framing and UTF-16 string encoding. +- Managed integrated Windows `Open2` succeeds when the same version-1 buffer is + sent to `/Hist-Integrated` with WCF Windows transport security. `/Hist` with + that binding fails before the operation call because the upgrade is not + supported on the plain history endpoint. +- The same managed integrated Windows `Open2` flow succeeds remotely against + `:32568/Hist-Integrated`; the returned handle is accepted by + `Retr.IsOriginalAllowed`. The stored artifact redacts the session output + buffer and transient handle value. +- The native `aahClientManaged.dll` path is confirmed to open successfully with + integrated Windows auth after polling `GetConnectionStatus` until pending + clears. +- The native integrated read path is confirmed to reach query execution: a + deliberately missing tag returns native `TagNotFound` (`127`) instead of + connection/authentication failure. +- `scripts\Find-GalaxyHistorizedTags.ps1` queries the local Galaxy Repository + (`localhost`, database `ZB`, Windows auth) for non-array dynamic attributes + with `HistoryExtension`. +- `OtOpcUaParityTest_001.Counter` is confirmed as a live native read fixture + candidate. A 1440-minute native wrapper read returned one row with timestamp + `2026-04-30T11:00:29.4340342Z`, `Value = 0`, `Quality = 133`, + `OpcQuality = 192`, and `QualityDetail = 248`. +- A Frida attach pass can see `aahClientManaged.dll` and install hooks at + candidate mixed-mode RVAs, but those `base + RVA` hooks do not fire during the + successful read. The next capture approach must intercept CLR/WCF managed + byte-array calls rather than raw method RVAs. See + `frida-aahclientmanaged-hook-pass.md`. +- `tools\AVEVA.Historian.NativeTraceHarness` is a reverse-engineering-only + .NET Framework harness for native integrated reads. It records sanitized + reflection snapshots around `OpenConnection`, `StartQuery`, and `MoveNext`. + The latest run confirms `StartQuery` assigned `queryHandle = 1` and returned + tag key `238`, value `0`, quality `133`, OPC quality `192`, and quality + detail `248` for `OtOpcUaParityTest_001.Counter`. It now supports fixed + UTC windows plus configurable retrieval mode and resolution; latest artifacts + cover `Full`, `Cyclic`, `Interpolated`, and `TimeWeightedAverage`. +- The native trace harness also supports `--scenario event` with an event + connection. The latest event artifact confirms `EventQuery.StartQuery` + succeeds and returns three sanitized local-dev event rows for a seven-day + window. +- `scripts\Attach-NativeTraceHarnessWinsockCapture.ps1` and + `scripts\frida\aahclientmanaged-winsock.js` can attach before native + `OpenConnection` and hook Winsock plus common file/pipe APIs. Localhost, + `127.0.0.1`, and the machine LAN IP all completed successful native reads + without observed `connect`/`send`/`recv`, `CreateFile`/`ReadFile`/`WriteFile`, + or `NtCreateFile`/`NtReadFile`/`NtWriteFile` payload events. This is negative + evidence that the installed local Historian path uses an in-process/local + optimization rather than the remote Net.TCP transport path. +- An expanded Frida method pass added decompiled `QueryColumnSelector` and + `HistorianClient.StartDataQuery`/`GetNextRow` MethodDef RVAs. Hooks installed + where Frida allowed them, but no enter/leave events fired during successful + native reads. MethodDef RVAs from the mixed-mode assembly are not the actual + CLR/native dispatch targets. +- The native trace harness can now dump prepared CLR runtime method pointers for + mixed-mode `` methods such as `HistorianClient.StartDataQuery`, + `CRetrievalConnectionWCF.StartQuery2`, `HistorianClient.GetNextRow`, and + `HistorianClient.StartEventQuery`. The corrected artifacts show these + pointers are process-specific CLR/JIT entry addresses outside the loaded + `aahClientManaged.dll` image, not stable DLL RVAs. +- `scripts\Attach-NativeTraceHarnessRuntimePointerCapture.ps1` automates a + same-process Frida pass against those runtime pointers. It successfully + generated a pre-`StartQuery` pointer snapshot and installed 37 absolute hooks + while the native direct history read was paused. The read then succeeded, but + no hook `enter`/`leave` callbacks fired. This is negative evidence for using + `MethodHandle.GetFunctionPointer()` addresses as direct Frida hook targets. +- `scripts\Attach-NativeTraceHarnessAahClientExportCapture.ps1` and + `scripts\frida\aahclient-exports.js` attempted to hook the procedural + `mdas_*` exports from `aahClient.dll`. A successful local direct history read + did not load `aahClient.dll`, and `dumpbin /dependents` confirms + `aahClientManaged.dll` does not import `aahClient.dll` or + `aahClientCommon.dll`. A separate `-DumpLoadedModules` run showed only + `aahClientManaged.dll` among the current AVEVA DLLs. The exported `mdas_*` + ABI is likely a separate native client surface, not the active C++/CLI wrapper + boundary used by this harness. +- `scripts\Attach-NativeTraceHarnessSystemBoundaryCapture.ps1` and + `scripts\frida\aahclientmanaged-system-boundary.js` now hook file I/O, + `Nt*File`, `NtDeviceIoControlFile`, DNS, exported Winsock calls, `WSAIoctl`, + `mswsock` extension exports, Secur32, Crypt32, and NetAPI. Local direct and + same-machine remote-IP reads produce no boundary callbacks beyond hook + installation. A Debian relay run confirms the relay TCP connection is owned + by the harness PID, but the same exported user-mode hooks still see no + connect/send/recv/device-control callbacks before the security reset. +- `scripts\Run-PktmonDebianRelayCapture.ps1` records pktmon metadata for the + Debian relay path without retaining raw payload bytes. The latest history run + captured TCP packet metadata for `:32568`, converted the ETL to a + text report, deleted the ETL, and wrote a summary confirming + `PayloadBytesCaptured = false` and `RawEtlDeleted = true`. +- Focused `ildasm` excerpts now confirm `ArchestrA.HistoryQuery.StartQuery` has + an IL call at `IL_02d2` to `HistorianClient.StartDataQuery` token + `060055E4`, and `HistoryQuery.MoveNext` has an IL call at `IL_0054` to + `HistorianClient.GetNextRow` token `0600588D`. + IL-rewrite instrumentation is now validated: a dnlib-written wrapper copy can + run in a disposable DLL folder, and an instrumented + `.Query.StartDataQuery` captured a 251-byte native + `DataQueryRequest` buffer during a successful local direct read. +- The captured full-history buffer corrected the managed + `HistorianDataQueryProtocol` serializer. It now matches the native wrapper + byte-for-byte for the deterministic `OtOpcUaParityTest_001.Counter` fixture. + The buffer hash is + `3581ef3b42b59b46503d1aa0127fa60fe4b40943e419aeab99e47e4683888851`. +- The same instrumentation path now captures the native + `DataQueryResultRow*` memory after `GetNextRow`. The first full-history row + confirms tag key, timestamp, quality, OPC quality, quality detail, and + percent-good offsets; the artifact hash is + `2c2cb06988187c1bd7793a52a71f33599542a69d5e83885c583de8bf3df5d43b`. +- The read-boundary instrumentation now logs `GetNextRow` `arg.1` as an + explicit `queryHandle` scalar before dumping `arg.2` row memory. A combined + local read captured `StartDataQuery.Request` SHA + `543ea11af87607044067a0274b1da423cef2acbb7b4f4fab137af023a7153d7f`, + `GetNextRow.QueryHandle = 1`, and `GetNextRow.DataQueryResultRow` SHA + `702f5248cf8319e3e02da33678ed97dfaa43666bddb88c42101d5290990a4198` + in the same session. +- A follow-up combined IL instrumentation pass correlated the native open, + query, WCF retrieval, and row-read handles. `HistorianClient.OpenConnection` + wrote legacy handle `2`, and `Query.StartDataQuery` read the same value as + its `ClientHandleCandidate` immediately before entering the common retrieval + layer. The successful `CRetrievalConnectionWCF.StartQuery2` call then used a + different transient WCF retrieval client handle. This proves the missing read + parity state is the native client/session mapping below the legacy + `ClientApp` handle, not the 251-byte `DataQueryRequest` payload. +- Instrumenting `aahClientCommon.CServerClient.GetHandle` token `060017F9` + produced no records during a successful local history read, even while the + surrounding open/query/WCF hooks fired. Direct metadata-token scanning also + found no IL references to that accessor. The transient WCF retrieval handle is + not obtained through `GetHandle` on this path. +- Instrumenting `aahClientCommon.CRetrieval.StartQuery2`, + `aahClientCommon.CSrvRetrievalConnection.StartQuery`, and + `CRetrievalConsoleClient.StartQuery` also produced no records in the + successful WCF read path. The active path is instead + `aahClientCommon.CClientCommon.StartQuery` token `06002E86`. +- The `CClientCommon.StartQuery` instrumentation captured the missing handle + boundary: legacy handle `2` enters `Query.StartDataQuery`, then + `CClientCommon.StartQuery` calls a `CClient` vtable function at IL offset + `0x01A3`. The returned transient value exactly equals the client handle used + by `CRetrievalConnectionWCF.StartQuery2` and + `GetNextQueryResultBuffer2`. The WCF server query handle returned by + `StartQuery2` is copied back through the `queryHandle` pointer, while the + public managed `HistoryQuery.queryHandle` remains the wrapper value `1`. + Sanitized evidence is in `cclientcommon-startquery-correlation-latest.json`. +- `CClientBase.OpenConnection` confirms that same vtable offset `24` is the + handle accessor: the initial value is `0`, then the secondary open branch + succeeds and the post-open value exactly matches the later + `CClientCommon.StartQuery` and WCF `StartQuery2` client handle. The primary + open branch did not emit records on this local integrated path. Sanitized + evidence is in `cclientbase-open-correlation-latest.json`; the next target is + the secondary open vtable call at IL offset `0x06D4`. +- The secondary open branch resolves to + `CHistoryConnectionWCF.OpenConnection3` token `06004059`. It calls + `IHistoryServiceContract2.OpenConnection2` with a 1346-byte request and gets a + 42-byte response with empty error. The deserialized response initializes the + vtable offset `24` handle later used by `CClientCommon.StartQuery` and + `/Retr.StartQuery2`. In the captured 42-byte response, byte `0` is `0x03` and + the transient `/Retr` client handle is UInt32 little-endian at offset `1`. + `CClientInfo.DeserializeOpenConnectionOutParams` token `06004008` confirms + the response layout: byte protocol version, `uint32` client handle, 16 session + bytes, one FILETIME, and for version `3` an additional FILETIME. The observed + five-byte tail is preserved as opaque trailing data until a caller or native + field assignment is identified. + `CClientInfo.SerializeOpenConnectionInParams4` token `06004003` confirms the + observed request starts with protocol byte `6`, a 16-byte client key, and a + boolean content selector. The observed selector is `0`, so the active content + branch is `SerializeOpenConnectionInParams2Content` token `06004005`, whose + field order matches the existing native version-3 content serializer: host + string, UInt16 secret length plus secret bytes, client type, connection mode, + metadata namespace, two strings, and client common info. + `CMetadataNamespace.Save` uses compact/scrambled empty strings in this + envelope, so the empty metadata namespace is 10 bytes rather than the older + 13-byte plain layout. With that correction, managed replay with the observed + 1026-byte zero credential block reaches server credential validation instead + of packet-version rejection. Both `/Hist-Integrated` Windows transport and + `/HistCert` certificate transport now return native error `171` with an + extended message saying the server context could not be found. That makes the + leading 16-byte OpenConnection3 key the next evidence target. A same-run + memory-correlation pass now proves request bytes `1..16` exactly match + `CClientInfo +1240`, and request byte `17` matches `CClientInfo +1608`. + `CClientInfo.SetContextKey` token `0600386E` copies its GUID argument to the + same `CClientInfo +1240` field, but no direct IL caller exists. The actual + source is now narrowed to `CClientBase.ConfigureOpenConnection` token + `0600388C`: it calls native `CClientContext.AuthenticateClient` token + `06005DCB` on `CClientBase +2112`, then copies 16 bytes from + `CClientBase +2176` (`CClientContext +64`, the `GetContextKey` location) to + `CClientBase +1480`. Since this aligns with `CClientInfo +1240`, the prefix is + the context key that native `AuthenticateClient` validates before + OpenConnection3, not an arbitrary fresh managed replay GUID. Runtime + instrumentation around `AuthenticateClient` confirms the field equals the + generated client key before authentication, changes during the native auth + path, then matches the copied `CClientInfo` field and the OpenConnection3 + request prefix. A direct managed `Hist-Integrated.ValidateClient2` probe reaches the + service but fails with native error type `4`/code `51` before `ExchangeKey`. + Sanitized IL instrumentation of `CHistoryConnectionWCF.ValidateClient` + (`06004044`) and `CHistoryConnectionWCF.GetClientKey` (`06004041`) was present + in an isolated wrapper copy and the logger smoke test passed, but a successful + native integrated history read emitted no `ValidateClient2` or `ExchangeKey` + records. That negative result rules out the obvious managed WCF auth methods + for this path. Native disassembly of `CClientContext.AuthenticateClient` + (`06005DCB`, RVA `0x298BA0`) shows it uses Secur32 + `AcquireCredentialsHandleW` with package `Negotiate`, creates a context GUID + at `CClientContext +64`, and loops through + `CHistoryConnectionWCF.ValidateClientCredential` / WCF `ValCl`. + Instrumenting `ValCl` confirms two successful native rounds: a 69-byte client + input to 239-byte server output, then a 93-byte client input to a one-byte + terminal output. The client input envelope is one round byte, a 4-byte + little-endian token length, then an NTLMSSP token; the first native input + prefix is `01400000004e544c4d5353500001000000b7b218e209000900370000000f000f`. + System-boundary Frida evidence now confirms that these wrapped payloads come + directly from SSPI: native calls `AcquireCredentialsHandleW` with package + `Negotiate`, then two `InitializeSecurityContextW` calls for + `NT SERVICE\aahClientAccessPoint`. The raw SSPI output token lengths are 64 + and 88 bytes, matching the 69- and 93-byte `ValCl` bodies after the 5-byte + AVEVA wrapper is added. The first call returns `SEC_I_CONTINUE_NEEDED` + (`0x90312`) and the second returns success. + Native disassembly of `CClientContext.AuthenticateClient` now maps the loop + directly: it is native-only, calls `UuidCreate`, stores the context GUID at + `CClientContext +64`, calls `AcquireCredentialsHandleW`, and enters a loop at + VA `0x180298DE0`. The internal helper at VA `0x180298F30` calls + `InitializeSecurityContextW`, uses request flags `0x2081C` on the first round + and `0x81C` on later rounds, then writes the `ValCl` stream envelope as round + byte, UInt32 token length, and token bytes. The outer loop copies + `CClientContext +64` as the context key and calls the connection's + `ValidateClientCredential` virtual method; in the captured local read, + `CClientContext +0x50` is zero, so the normal connection-object virtual path + at VA `0x180298E95` is selected. + A stable IL-side memory window around `CClientContext.AuthenticateClient` + shows the embedded `CClientContext` mutates only four regions in the first + 256 bytes during successful auth: pointer-sized fields at offsets `+8`, + `+16`, and `+24`, plus the context key at `+64..+79`. + Dereferencing the `+8` target shows SSPI/security-package metadata strings + such as `Schannel`, `Microsoft Kerberos V1.0`, `TSSSP`, `System.Core`, and + `Default TLS SSP`. The `+16` target is partially decoded as pointer-rich + native state: nested targets at offsets `0` and `8` have the same + pointer/count shape and no readable ASCII or UTF-16 Historian payload strings, + while the nested target at offset `64` is all zero. The `+24` value is not + safe to treat as a directly readable buffer. This narrows the missing managed + replay state to native `CClientContext` object state and server acceptance of + that client context key, rather than the SSPI token bytes alone. + A managed `NegotiateAuthentication` probe can reproduce that first wrapped + input exactly after setting the NTLM `VERSION` negotiate flag, but standalone + `ValCl` still fails with native error type `4`/code `1` on both `/HistCert` + and `/Hist-Integrated`. That means the active blocker is not the first token + envelope; it is native connection/session prerequisite state around proxy + initialization or server-side context registration. + A follow-up instrumented local read shows the native path constructs + `CHistoryConnectionWCF`, then calls `GetInterfaceVersion` before auth. The + first `GetInterfaceVersion` `InitializeProxy` path succeeds and + `SetManagedPtr` sets the ready flag to `1`; by both successful `ValCl` rounds, + `COperation.Start2` succeeds with error type/code `0`, the existing proxy is + not faulted, and the reconnect flag is `0`. Branch instrumentation now shows + the local native path uses connection mode `1`, enters + `CWcfConfig.ConfigurePipeProxy`, builds the uncompressed local `/Hist` + named-pipe endpoint shape, and does not use `ConfigureTcpProxy`. Static IL + inspection of `ConfigurePipeProxy` confirms this path builds a + `NetNamedPipeBinding` with `Security.Mode = None`, `TransactionFlow = false`, + native-sized `MaxBufferSize`/`ReaderQuotas.MaxArrayLength`, and the + `aahMDASEncoder.ClientBinding` wrapper. It then creates the channel through + the static `ChannelFactory.CreateChannel(binding, endpoint)` helper and + sets `IContextChannel.OperationTimeout` from the native timeout-minutes + argument. Managed pipe probes using the same static-factory channel shape, + with and without eager channel open, still fail in the same way. A managed + named-pipe `ValCl` replay reaches `GetInterfaceVersion` version `11` and + reproduces the first wrapped token hash, but is still rejected at round `0` + with native error type `4`/code `1`; explicitly running the managed calls under + the current Windows token does not change that result. Native handle summaries + show uppercase GUID text, and managed lowercase-handle replay still fails, so + handle casing is not the mismatch. Skipping + `GetInterfaceVersion` and avoiding explicit WCF channel open in the managed TCP + probe also returns native error type `4`/code `1`, so the mismatch is not just + transport or token bytes. Because native `GetInterfaceVersion` creates its + proxy while impersonating the stored Windows identity, the managed pipe probe + was extended to create/open the channel inside the same current-token + impersonation scope; that still fails at `ValCl` round `0`, with and without + also wrapping the operation calls. A local System Platform log check shows the managed + pipe `ValCl` failures correspond to `aahClientAccessPoint` warnings: + `ValidateClientCredential caught exception: System.NullReferenceException` at + `HistoryService.ValidateClientCredential` line `1593`. Enabling named-pipe + transport security is rejected as a binding mismatch, which confirms the native + uncompressed pipe binding shape. A new direct .NET Framework WCF probe using + the same `aa`/`Hist` contract, MDAS content type, uncompressed named pipe, and + SSPI-generated first token also fails with native error type `4`/code `1` and + the same server log exception. That rules out a simple .NET 10 WCF regression: + the success condition belongs to AVEVA's mixed/native wrapper state, not a + plain full-framework WCF client. Static IL inspection of `COperation.Start2` + shows it is only a local gate: it checks operation-priority and bandwidth + controls and can set local gate-failure error codes `243` or `150`, but it + does not call a WCF service operation. + Static inspection of the local `aahClientAccessPoint.exe` service now maps + the receiving side of this failure. `HistoryService.ValidateClientCredential` + parses the WCF `handle` as a GUID, allocates a `CServerBuffer`, copies the + `ValCl` byte array into that buffer, and calls native + `CServerNode.ProcessServerToken`. That native method parses exactly the AVEVA + token envelope already observed on the client side: one round byte, a + 4-byte little-endian token length, then SSPI token bytes. On the first round, + `ProcessServerToken` calls helper `0x0050FFC0`, which locks the server + context collection and inserts or refreshes a keyed native context object. + It then calls helper `0x00517AB0` to look up that object. If no context object + is returned, the server sets custom error code `0x29` and `ValCl` fails before + any successful context registration. With a context object, helper + `0x00505C00` calls Secur32 `AcceptSecurityContext` through the service import + table at `0x005A0340`, treating both success and `SEC_I_CONTINUE_NEEDED` + (`0x90312`) as valid protocol progress. Only after the terminal round does + `HistoryService.ValidateClientCredential` add the context GUID to its managed + context-handle collection. This confirms the remaining managed replay gap is + before or inside server `ProcessServerToken` context setup/lookup, not + `OpenConnection3` itself. + A tighter IL window confirms the line number reported in System Platform logs + is the catch/log path, not the exact null-reference instruction. The normal + path is: `Guid.TryParse` on the WCF handle at IL `0x012A`, `CServerBuffer` + allocation through a vtable call at `0x0183`, byte-array pointer/length copy + into buffer offsets `+72/+76`, and `CServerNode.ProcessServerToken` at + `0x01DC`. Only when the native call returns success with `continue == false` + does IL `0x0311` add the parsed context GUID to `m_contextHandles`; when + `continue == true`, the method returns the server token without final handle + registration. This keeps the runtime server helper probe as the most direct + remaining evidence target. + Additional server disassembly and string decoding identify the native object + as `aahClientAccessPoint::CServerContext`. The first-round setup helper uses + the server lock at `CServerNode +0xE80` and keyed context map at + `CServerNode +0xE98`, logs `Adding ServerContext 0x%p`, constructs a + 0x3c-byte context object through helper `0x00505100`, and inserts the new + node through a red-black-tree insertion helper at `0x0042F590`. The lookup + helper reads the same map and returns the context object from map node offsets + `+0x20/+0x24`; a null result is what drives the `0x29` custom error path. + The credential helper calls `AcquireCredentialsHandleW` with the UTF-16 + package string `Negotiate`. The token-processing helper is logged as + `aahClientAccessPoint::CServerContext::ProcessClientToken`; its failure log + string still says `InitializeSecurityContext`, but the import actually called + by this server helper is Secur32 `AcceptSecurityContext`. + `HistoryService.ValidateIntegratedCredentials` is a separate server path: its + first instructions read `ServiceSecurityContext.Current.WindowsIdentity`. + That explains the earlier `OpenConnection2`/`OpenConnection3` null-reference + failures on bindings where `ServiceSecurityContext.Current` is absent. Those + errors are evidence of selecting the wrong integrated-credential path, not a + user/password validation result. + A focused object-window capture now shows the successful native + `GetInterfaceVersion` path populates the history proxy managed-pointer slot at + `CHistoryConnectionWCF +608` and the ready flag at `+669`; between + `GetInterfaceVersion` completion and `ValCl` entry, a second managed-pointer + slot at `+616` is populated for the binding wrapper. Across both successful + `ValCl` rounds the parent `CHistoryConnectionWCF` object window is stable, but + the `+608` history proxy target mutates at bytes `96..101`; the `+616` binding + target and `+640` Windows identity target remain stable. This points at + native-managed proxy wrapper state as the next concrete evidence target. + Static IL inspection of `CHistoryConnectionWCF.Initialize` narrows the + meaning of the AVEVA log line that says `Initialize: DataSourceId()`. It is + client-side connection/proxy setup, not a separate WCF `Initialize` operation: + the method logs `Initialize`, retrieves or creates the managed `/Hist` proxy + and binding through `InitializeProxy`, stores those + pointers at the same `+608`/`+616` managed-pointer slots seen at runtime, then + does the same for the `/Trx` proxy. The history proxy initializer has only the + previously mapped WCF setup branches: `ConfigurePipeProxy` at IL `0x0098` and + `ConfigureTcpProxy` at IL `0x038E`, followed by `SetProxyString`. The + decompiled `HistoryServiceContract` interfaces contain no `Initialize` + operation contract. This makes the log line supporting evidence for local + proxy setup state, but not a missing service call that a managed replay can + simply add before `ValCl`. + A focused server-side Frida probe was added at + `scripts\frida\aahclientaccesspoint-valcl-context.js` with runner + `scripts\Capture-AahClientAccessPointValClContext.ps1`. It hooks + `ProcessServerToken`, the first-round context setup and lookup helpers, and + the `AcceptSecurityContext` wrapper while logging only sanitized pointer, + GUID, round, length, and return-value metadata. The script writes a + `.frida.log` sidecar. + + An elevated PowerShell session (Admin, High Mandatory Label, + `SeDebugPrivilege` enabled, `SeImpersonatePrivilege` enabled) ran both + scenarios on `2026-05-03` and Frida attach was still rejected with the + CLI message `Failed to attach: process with pid either refused to + load frida-agent, or terminated during injection`. Direct + `frida.attach()` from the Python API reveals the actual exception + class is `frida.ProcessNotRespondingError`, which means the agent + injection handshake did not complete in time, not that the OS refused + the DLL load. The original suspected cause (mitigation policy + `MicrosoftSignedOnly` / `BlockNonMicrosoftBinaries`) is now disproven: + `Get-ProcessMitigation -Id ` reports every category OFF for this + process, including `BinarySignature.MicrosoftSignedOnly`, + `DynamicCode.BlockDynamicCode`, `Cfg.Enable`, + `ImageLoad.BlockRemoteImageLoads`, `ExtensionPoint.DisableExtensionPoints`, + and `UserShadowStack.*`. Process access from the elevated token also + succeeds at `PROCESS_ALL_ACCESS`, including `PROCESS_VM_OPERATION`, + `PROCESS_VM_WRITE`, and `PROCESS_CREATE_THREAD`, so the DACL is not + blocking injection. Cross-bitness Frida (64-bit Python attaching to a + fresh `C:\Windows\SysWOW64\cmd.exe`) attaches and runs scripts cleanly, + so the WOW64 path itself is not broken. Defender real-time protection, + behavior monitoring, and on-access protection are all OFF, no + third-party AV/EDR product is registered with `SecurityCenter2`, no + EDR-style filter driver is active, no `frida` modules appear in the + target's loaded module list before or after a failed attempt, no IFEO + debugger entry exists for `aahClientAccessPoint.exe`, and + `AppInit_DLLs` is empty in both 64-bit and WOW64 hives. Attach attempts + with `realm='native'`, `realm='emulated'`, and `persist_timeout=30` all + fail identically. The remaining likely cause is service-internal: + `aahClientAccessPoint.exe` runs 152 threads, many in `EventPairLow` + ALPC/SCM waits, and Frida's in-memory manual-mapper agent does not get + a cooperative thread for its RPC bootstrap. This is consistent with + `ProcessNotRespondingError` rather than a load-time rejection. The + NativeRead probe still completed end-to-end with the canonical fixture row + (`TagKey=238`, `Value=0`, `Quality=133`, `OpcQuality=192`, + `QualityDetail=248`) but emitted no server-side helper events. The + ManagedValCl probe ran the .NET Framework named-pipe ValCl path against + `net.pipe://localhost/Hist`, reproduced the canonical first wrapped NTLM + envelope (raw outgoing 64 bytes, wrapped 69 bytes, wrapped prefix + `01400000004e544c4d5353500001000000b7b218e209000900370000000f000f`), and + again returned `ServerSuccess=false`, `ServerOutputLength=0`, `ErrorLength=5` + with `NativeError {Type:4, Code:1, Name:Failure}` — matching prior managed + named-pipe ValCl failures and confirming the failure shape is reproducible + but providing no new server-side helper visibility. None of the five + diagnostic questions (whether `0x0050FFC0` ran, whether `0x00517AB0` + returned a context, whether `AcquireCredentialsHandleW` succeeded, whether + `AcceptSecurityContext` was reached, whether failures are pre- or + post-context-map insertion) can be answered from these captures. + + ETW SSPI tracing on `2026-05-03` produced server-helper-boundary + evidence without injection. A `logman` trace session capturing the + `LsaSrv {199FE037-2B82-40A9-82AC-E1D46C792B99}`, + `LSA {CC85922F-DB41-11D2-9244-006008269001}`, + `Microsoft-Windows-NTLM {AC43300D-5FCC-4800-8E99-1BD3F85F0320}`, + `NTLM Security Protocol {C92CF544-91B3-4DC0-8E11-C580339A0BF8}`, and + `Security: NTLM Authentication {5BBB6C18-AA45-49B1-A15F-085F7ED0AA90}` + providers at level `0xFF` and keywords `0xFFFFFFFFFFFFFFFF` recorded: + + | Run | Total events | aahClientAccessPoint events | lsass events | + |---|---|---|---| + | NativeRead (success) | 5610 | **10** | 4330 | + | ManagedValCl (fail) | 133 | **0** | 121 | + + Successful native server-side activity is a 47-millisecond burst of + legacy MOF events (Ids `30, 34, 35, 40, 84, 10, 12, 16, 17, 86`) inside + PID `aahClientAccessPoint`. The failing managed run produces zero + events from the server PID at all — the server never reaches any SSPI + helper invocation. lsass activity is also 35x lower in the failing + run, consistent with auth never completing the first round end-to-end. + This pins the previously logged + `HistoryService.ValidateClientCredential caught + System.NullReferenceException at line 1593` to a code path **before** + `CServerNode.ProcessServerToken` at IL `0x01DC`. + + Static IL inspection of the full `HistoryService.ValidateClientCredential` + body (token `0x06000774` in mixed-mode `aahClientAccessPoint.exe`, + 779 instructions, dnlib output preserved at + `artifacts/reverse-engineering/server-historyservice-validateclientcredential-il-latest.json`) + enumerates every NRE-capable instruction reached on the straight-line + happy path before the ProcessServerToken call: + + - **Prologue (IL `0x0000..0x0129`).** Constructs a `std::wstring`, + case-insensitively compares two wide strings via `_wcsicmp` + (`0x00A0`), and calls + `CServerNode.LogHistorianMessage(this, _, CServerClient*, _, _, _, _)` + at `0x00ED`. The third argument is a `CServerClient*`. If that + pointer is derived from `OperationContext.Current` or related WCF + context state and is null for the calling binding shape, the call + site itself is an NRE candidate before `Guid.TryParse` is reached. + - **Guid parse and recover (IL `0x012A..0x015E`).** `Guid.TryParse` + on `arg.1` at `0x012A`. False branch raises custom error code `28` + via `SError.SetToCustomError` and returns. True branch calls + `::PtrToStringChars` at `0x0150` then `::GuidFromString` + at `0x0159` to recover a native `_GUID` for ProcessServerToken. + `Guid.TryParse` cannot NRE on a non-null string; the recovery path + only NREs if the string is null, which a successful `TryParse` + rules out. + - **Allocator vtable chain (IL `0x0160..0x0183`).** Loads + `&g_ClientAccessPoint + 2328`, dereferences once at `0x0178` to get + the allocator pointer `pAllocator`, then derefs `*pAllocator` at + `0x017E` (vtable pointer) and `*(vtable + 40)` at `0x0182` (slot for + the allocator method), and `calli` at `0x0183` returns + `CServerBuffer*`. **NRE candidates: `0x017E` if the field at + `g_ClientAccessPoint + 2328` is null/uninitialised, or `0x0182` if + the vtable is malformed.** Both target a process-wide static, so + they would fail identically for the successful native path; rule + out unless the field is initialised lazily per-binding. + - **Allocator-null branch (IL `0x0189..0x01A3`).** `brtrue.s` on the + returned `CServerBuffer*`. Null path raises custom error code `204` + ("No more buffer") and returns false. So a null allocator result is + handled and not the NRE source. + - **Byte-array copy (IL `0x01A8..0x01C6`).** `ldelema System.Byte` on + `arg.2` at `0x01AA` and `ldlen` on `arg.2` at `0x01B2`. **Both NRE + if the WCF-deserialised `inputBuffer` parameter is null.** The two + pointer/length values are then `stind.i4`'d into + `*(CServerBuffer + 72)` and `*(CServerBuffer + 76)`, matching the + documented `+72/+76` offsets. + - **ProcessServerToken call (IL `0x01CA..0x01DC`).** Loads + `&(g_ClientAccessPoint + 2144)` as the `CServerNode*` `this`, the + parsed `_GUID`, the `CServerBuffer*`, a `ref bool continue`, and a + `ref SError`, then calls `ProcessServerToken` (token `0x0600064F`). + + The IL slice does not include exception-handler metadata (current + `dnlib-method` output covers instructions only), so the precise + source-line `1593` reported by the System Platform log catch handler + cannot be mapped to one specific instruction from static IL alone. + The structural narrowing is: the throw must happen at a `ldelema`, + `ldlen`, `ldind`, or `calli` instruction reached before `0x01DC`. The + shortlist is `0x00ED` (LogHistorianMessage with `CServerClient*`), + `0x017E` and `0x0182` (allocator vtable derefs), and `0x01AA` / + `0x01B2` (byte-array deref). All other instructions in the window + either operate on managed strings already proven non-null or on + static-field addresses. + + Differential analysis against the successful native path narrows + this further. `g_ClientAccessPoint` is a process-wide singleton, so + the `+2328` field has the same value for both runs; the vtable chain + is therefore unlikely to be the differentiator. The native wrapper's + successful local read uses the same `Security.Mode = None` + uncompressed pipe binding the managed probe uses, so + `ServiceSecurityContext.Current.WindowsIdentity` is identical in both + paths and the prologue `CServerClient*` derivation is also unlikely + to be the differentiator. **The remaining structural difference is + the WCF parameter binding: if the managed probe's SOAP body schema + causes WCF to deserialise `inputBuffer` as null even though a 69-byte + wrapped token is on the wire, `ldelema` at `0x01AA` would NRE.** The + managed probe sends 69 bytes per its sanitised log, but the schema + expectation on the server side has not been verified end-to-end. + + The next concrete evidence target is therefore not more static IL, + but a SOAP-body comparison: dump the actual `` element + the .NET Framework probe writes versus the wire shape the native + wrapper writes for `/Hist-Integrated.ValCl`. If the schemas differ, + the WCF service deserialises `arg.2` as null and the IL window + decisively fails at `0x01AA`. If the schemas match, the throw is + earlier (the prologue's `CServerClient*` log argument becomes the + prime suspect) and runtime confirmation needs PsExec SYSTEM + injection or a signed Detours stub at IL `0x00ED`. + + SOAP-body comparison on `2026-05-04` resolved this. Enabling + `` + in `AVEVA.Historian.NetFxWcfProbe.exe.config` and capturing the + on-the-wire SOAP body for the failing `aa/Hist/ValCl` request + produced: + + ```xml + + ...GUID... + AUAAAABOVExNU1NQAAEAAAC3... + + ``` + + The 69-byte wrapped NTLM token IS on the wire as base64 inside + ``. The matching server response, however, used + `` rather than the expected `` shape, exposing a parameter-name mismatch. `ildasm` against + `aahClientAccessPoint.exe` confirmed the actual server contract is + + ```il + ValidateClientCredential(string handle, + uint8[] inBuff, + [out] uint8[]& outBuff, + [out] uint8[]& errorBuffer) + ``` + + not `inputBuffer` / `outputBuffer`. WCF builds the request body + element name from the C# parameter name, so the probe sent + `` and the server's WCF deserialiser ignored that + unknown element, leaving `arg.2 = inBuff = null`. IL `0x01AA` + `ldelema System.Byte` then NREs, which the C++/CLI catch handler at + HistoryService.cpp line 1593 maps to native error `Type=4 Code=1 + Failure` with an empty error buffer. + + Adding `[MessageParameter(Name = "inBuff")]` and + `[MessageParameter(Name = "outBuff")]` to the probe's + `ValidateClientCredential` declaration and re-running unblocks the + request: round 0 returns `ServerSuccess=true`, + `ServerOutputLength=239`, `ServerContinue=true`, with + `ServerOutputPrefixHex` `014e544c4d535350000200...` (a `0x01` + continue byte followed by NTLMSSP type-2 challenge). This matches + the previously documented native-success "69-byte client input to + 239-byte server output" exactly. Round 1 then sends the 88/93-byte + NTLMSSP type-3 token and the server returns + `Type=129 Code=0x80090308` (`SEC_E_INVALID_TOKEN`) with a 100-byte + error buffer whose ASCII payload includes + `aahClientAccessPoint::CServerContext::ProcessClientToken` and + `InitializeSecurityContext`. That is a real SSPI-level rejection + inside `AcceptSecurityContext`, not the previous parameter-binding + NRE — the original blocker is gone and the next layer of failure is + exposed. + + The same fix is now applied to the production SDK contracts + `IHistoryServiceContract2.ValidateClientCredential` and + `IStorageServiceContract.ValidateClientCredential` via + `[MessageParameter(Name = "inBuff" | "outBuff")]`, preserving the + conventional C# parameter names while making WCF emit the + server-correct element names. `ildasm` against `aahClientAccessPoint` + also revealed several other operations the SDK does not yet need + (`EnsT` `InBuff/OutBuff`, `EnsT2` `InBuff/OutBuff`, `RTag2` + `pInBuff/outBuff`, `ExKey` `inBuff/OutBuff`, `StJb` `strJobid`, + `GtJb` `strJobid/jobstatus`) carry the same parameter-naming + mismatch with their current SDK declarations. Those are intentionally + left alone for this read-only pass; audit them when their flows + become required. + + The next concrete evidence target is now `SEC_E_INVALID_TOKEN` on + `ValCl` round 1: native traces showed `InitializeSecurityContextW` + with request flags `0x2081C` for the first round and `0x81C` for + later rounds. The .NET Framework probe uses default flags through + the SSPI wrapper. Replicating those exact flags (and confirming the + Negotiate target name matches the wrapper's `NT + SERVICE\aahClientAccessPoint`) is the next testable hypothesis. + + Native SSPI flag replication on `2026-05-04` resolved this. Decoding + the documented native flags: + + - `0x2081C` (round 0) = `ISC_REQ_IDENTIFY (0x20000) | + ISC_REQ_CONNECTION (0x800) | ISC_REQ_CONFIDENTIALITY (0x10) | + ISC_REQ_SEQUENCE_DETECT (0x8) | ISC_REQ_REPLAY_DETECT (0x4)` + - `0x81C` (round 1+) = same minus `ISC_REQ_IDENTIFY` + + The probe's `SspiClient` previously used `ISC_REQ_ALLOCATE_MEMORY | + ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY | ISC_REQ_CONNECTION = + 0x10910`, which is missing `ISC_REQ_REPLAY_DETECT`, + `ISC_REQ_SEQUENCE_DETECT`, and round-0 `ISC_REQ_IDENTIFY`. The + REPLAY/SEQUENCE pair gates NTLM MIC (Message Integrity Code) + generation in the type-3 response message; without them the type-3 + message has no MIC and the server's `AcceptSecurityContext` rejects + it with `SEC_E_INVALID_TOKEN`. + + Adding `ISC_REQ_REPLAY_DETECT`, `ISC_REQ_SEQUENCE_DETECT`, and + round-0-only `ISC_REQ_IDENTIFY` (keeping `ISC_REQ_ALLOCATE_MEMORY` + for buffer convenience and tracking the round count internally in + `SspiClient`) reproduces the documented native ValCl sequence + byte-for-byte from a fully managed client: + + | Round | Outgoing wrapped | Server output | ServerContinue | NativeError | + |---|---|---|---|---| + | 0 | 69 bytes | 239 bytes (NTLM type-2 challenge) | true | none | + | 1 | 93 bytes | **1 byte (`0x00` terminal)** | false | **none** | + + `FinalServerSuccess: true`, `FinalNativeError: null`. This matches + the previously documented "successful native two `ValCl` rounds: + 69-byte client input to 239-byte server output, then 93-byte client + input to one-byte terminal output" exactly. + + The long-standing managed `ValCl` blocker is therefore resolved. + The chain that successful native reads use is now reproducible from + a managed client end-to-end: + + 1. `Hist-Integrated.GetV` → version `11` + 2. `Hist-Integrated.ValCl` round 0 (69 → 239 bytes) ✓ + 3. `Hist-Integrated.ValCl` round 1 (93 → 1 byte terminal) ✓ + + The next steps in the chain — `OpenConnection3` (with the now-known + context key), `Retr.IsOriginalAllowed`, and `Retr.StartQuery2` — + should now be exercisable without server-side helper failures, + because the prerequisite native context-map registration that + `ProcessServerToken` performs has finally been completed by a + managed client. + + The production SDK currently has no SSPI client (only the wrap/unwrap + helpers in `HistorianWcfAuthenticationProtocol`). When the SDK auth + flow is wired up for the production read path, it must use the same + native-equivalent flags. .NET 10's `System.Net.Security.NegotiateAuthentication` + does not expose `ISC_REQ_*` directly, so the SDK will likely need to + P/Invoke `InitializeSecurityContextW` (or equivalent) to set + `IDENTIFY` + `REPLAY_DETECT` + `SEQUENCE_DETECT` exactly. Sample + reference implementation in + `tools/AVEVA.Historian.NetFxWcfProbe/Program.cs` `SspiClient`. + + End-to-end chain verification on `2026-05-04`. With the WCF parameter + fix and SSPI flag fix in place, the .NET Framework probe was + extended to chain `Hist.Open2` (replaying the captured 1346-byte v6 + request with the leading 16 context-key bytes spliced to match the + managed `ValCl` GUID), then `Retr.IsOriginalAllowed`, then + `Retr.StartQuery2` (replaying the captured 251-byte + `OtOpcUaParityTest_001.Counter` `DataQueryRequest`). The result: + + | Step | Outcome | + |---|---| + | `Hist.GetV` | version `11` | + | `Hist.ValCl` round 0 | 239-byte server response, NTLM type-2 challenge | + | `Hist.ValCl` round 1 | 1-byte terminal response | + | `Hist.Open2` | **42 bytes, version `0x03`, transient `/Retr` client handle decoded** | + | `Retr.GetV` | version `4` | + | `Retr.IsOriginalAllowed(handle)` | return code `0`, `isAllowed = true` | + | `Retr.StartQuery2(handle, 1, 251 bytes, ...)` | **`Success=true`, response 31 bytes, `QueryHandlePresent=true`, no error** | + + The 31-byte `StartQuery2` response SHA-256 + `4c062b5ce8181308f0f46bfd8c6088acb52e6ade94401651b7d3ccc8952edfb5` + is **byte-for-byte identical** to the previously captured native + success response (recorded in the existing `Wcf.StartQuery2` block + of `Current Hard Blocker` and in + `instrumented-openconnection3-correlation/capture.ndjson`). The + full AVEVA Historian native wire protocol chain through `StartQuery2` + is now reproducible end-to-end from a fully managed client. + + This required one additional contract fix: `IRetrievalServiceContract2` + also had the parameter-name mismatch class of bug. The actual server + contract uses `pRequestBuff` / `pResponseBuff` / `errSize` / `err` + on `StartQuery2` (and `pResultBuff` / `errSize` / `err` on + `GetNextQueryResultBuffer2`, `errSize` / `err` on `EndQuery2`); the + SDK declared them as `requestBuffer` / `responseBuffer` / + `errorSize` / `errorBuffer`. `[MessageParameter(Name = ...)]` + attributes added to `src/AVEVA.Historian.Client/Wcf/Contracts/IRetrievalServiceContract2.cs`. + + Replay-only details: the `Open2` body was constructed by reading the + captured 1346-byte v6 native request from + `artifacts/reverse-engineering/openconnection3-request-replay.bin` + and overwriting bytes `1..16` with the new managed-side context-key + GUID; the 251-byte data query was loaded as-is from + `artifacts/reverse-engineering/startdataquery-request-replay.bin`. + Both inputs and the captured native fields they contain (machine + name, process name, etc.) are local to the dev host. The probe's + stdout JSON only echoes lengths, SHAs, version bytes, and prefix + hex; it does not echo identity payloads. + + The next concrete step is the production-SDK pass to wire the + managed auth chain: implement an SSPI client that emits the native + flags, replace the captured-replay `Open2` payload with a + schema-driven serialiser using `HistorianOpen2Protocol.SerializeNativeOpenConnection3Version6` + (already in the SDK), and chain `ValCl → Open2 → /Retr.StartQuery2 → + /Retr.GetNextQueryResultBuffer2` for the canonical read fixture. + The reverse-engineered protocol is now fully understood end-to-end + for the read path; remaining work is plumbing. + + Production SDK plumbing landed on `2026-05-04`. The full managed + read path is now wired and verified end-to-end against the live + local Historian: + + - `src/AVEVA.Historian.Client/AVEVA.Historian.Client.csproj` — + added `System.ServiceModel.NetNamedPipe 10.0.652802` package. + - `src/AVEVA.Historian.Client/Wcf/HistorianWcfBindingFactory.cs` — + added `CreateMdasNetNamedPipeBinding` (Security.Mode = None + + MDAS encoder wrapper) and `CreatePipeEndpointAddress`. Marked + `[SupportedOSPlatform("windows")]` since named pipes are + Windows-only. + - `src/AVEVA.Historian.Client/Wcf/HistorianSspiClient.cs` (new) — + P/Invoke `InitializeSecurityContextW` / + `AcquireCredentialsHandleW` / `DeleteSecurityContext` / + `FreeCredentialsHandle` with internal round counter and the + canonical native flag bitmasks (`0x2081C` round 0 / `0x81C` + later, plus `ALLOCATE_MEMORY` for buffer convenience). Constants + exposed as `internal` for test verification. + - `src/AVEVA.Historian.Client/Wcf/HistorianDataQueryProtocol.cs` — + added `TryParseGetNextQueryResultBufferRows` for the raw/Full row + layout: 6-byte buffer header (`UInt16 version=9`, `UInt32 + rowCount`) followed by `rowCount` self-describing rows of `UInt32 + tagKey + UInt32 tagNameChars + tagName UTF-16 + UInt32 + sampleBlockCount + Int64 startUtcFileTime + UInt32 quality + + UInt32 qualityDetail + UInt32 opcQuality + Double numericValue + + Double percentGood + 1-byte marker + 34 trailing bytes`. The + 5-byte error/terminal `04 1E 00 00 00` (type 4, code 30 = "no + more data") is recognised as the "stop looping" signal. + - `src/AVEVA.Historian.Client/Wcf/HistorianWcfReadOrchestrator.cs` + (new) — chains `Hist.GetV → Hist.ValCl × N → Hist.Open2 → /Retr + channel → Retr.GetV → Retr.IsOriginalAllowed → Retr.StartQuery2 → + loop Retr.GetNextQueryResultBuffer2`. Builds the OpenConnection3 + v6 request through `HistorianOpen2Protocol.SerializeNativeOpenConnection3Version6` + with the documented native constants (`ClientType=4`, + `ConnectionMode=0x402`, `FormatVersion=4`, `HcalVersion=17`, + `DataSourceId=ClientDllVersion="2020.406.2652.2"`, + `ClientCommonInfo.ClientVersion=999_999`, `ShardId=Guid.Empty`) + and a 1026-byte zero credential block. + - `src/AVEVA.Historian.Client/HistorianClientOptions.cs` — added + `Transport` (defaults to `LocalPipe`) and `TargetSpn` (defaults + to `NT SERVICE\aahClientAccessPoint`). + - `src/AVEVA.Historian.Client/HistorianTransport.cs` (new) — + enum `LocalPipe` / `RemoteTcpIntegrated` / `RemoteTcpCertificate`; + only `LocalPipe` is implemented in this pass. + - `src/AVEVA.Historian.Client/Models/HistorianSample.cs` — added + `PercentGood` positional property. + - `src/AVEVA.Historian.Client/Protocol/Historian2020ProtocolDialect.cs` — + constructor now takes `HistorianClientOptions`; `ReadRawAsync` + delegates to `HistorianWcfReadOrchestrator` on + Windows + `Transport.LocalPipe`, throws + `ProtocolEvidenceMissingException` otherwise. + - `tests/AVEVA.Historian.Client.Tests/` — new + `HistorianSspiClientTests` (5 flag-selection tests), + `WcfBindingFactoryTests` (3), `WcfDataQueryResultBufferTests` (5 + golden-byte parser tests using the captured 570-byte fixture). + `HistorianClientIntegrationTests.ReadRawAsync_AgainstLocalHistorian_ReturnsAtLeastOneRow` + (gated on `HISTORIAN_HOST=localhost` + `HISTORIAN_TEST_TAG`) + exercises the full managed chain against the live local + Historian. + + Test results with `HISTORIAN_HOST=localhost` and + `HISTORIAN_TEST_TAG=OtOpcUaParityTest_001.Counter`: **69/69 pass**, + including the live read. Without the env vars, the integration + test skips cleanly and 64/64 pass. + + The reverse-engineering phase for the read path is complete. The + production SDK now reads history end-to-end against the live local + Historian using only managed code — no `aahClientManaged.dll` or + `aahClient.dll` loaded in the consuming process. Aggregate + (`Interpolated` / `TimeWeightedAverage`) read modes, remote TCP + transport, explicit username/password auth, event reads, and other + contracts (`EnsT`, `RTag2`, `ExKey`, `StJb`, `GtJb` — all of which + ildasm shows have the same parameter-naming mismatch as the + resolved `ValCl` / `StartQuery2` operations) remain follow-up work + but no longer face protocol-discovery blockers — only the + parameter-rename audit + per-mode row-layout decoding + + transport-binding additions. + + All listed follow-up work landed on `2026-05-04`. The SDK now + supports: `ReadRawAsync`, `ReadAggregateAsync`, `ReadAtTimeAsync`, + and `ReadEventsAsync` — all verified against the live local + Historian (72/72 tests pass with the integration env vars set). + Specifically: + + - **`[MessageParameter]` audit (Phase B2):** `ildasm` against + `aahClientAccessPoint.exe` was used to verify server parameter + names for every operation across `IHistoryServiceContract`, + `IHistoryServiceContract2`, `IRetrievalServiceContract`, + `IRetrievalServiceContract3`, and `IRetrievalServiceContract4`. + `[MessageParameter(Name = ...)]` attributes were applied to ~30 + parameter-name mismatches: `EnsT`, `EnsT2`, `RTag2`, `ExKey`, + `AddTEx`, `DelTep`, `StJb`, `GtJb`, `AddS2`, `UpdC3`, `DelT`, + `VldC2`, `OpenConnection`, `AddTags`, `RegisterTags`, + `AddStreamValues`, `ValidateClient`, `UpdateClientStatus`, + `SetClientTimeOut`, `CloseConnection`, `StartQuery`, + `GetNextQueryResultBuffer`, `ExecuteSqlCommand`, + `GetRecordSetByteStream`, `StartTagQuery`, `QueryTag`, + `StartEventQuery`, `GetNextEventQueryResultBuffer`, + `EndEventQuery`, `GetShardTagidsByTagnameAndSource`. Build clean, + 72/72 tests pass. + + - **Aggregate row parser (Phase B4):** + `HistorianDataQueryProtocol.TryParseGetNextQueryResultBufferAggregateRows` + parses the same wire shape as raw rows but interprets FILETIME + #1 (at row offset `8 + tagNameLen*2 + 4`) as the interval + EndTimeUtc and the FILETIME at trailer offset 2 (row offset + `8 + tagNameLen*2 + 43`) as StartTimeUtc — derived from native + struct evidence (`+0x28 = EndDateTime`, `+0x150 = StartDateTime`) + and the captured raw fixture where Start == End. The orientation + was verified by the live `ReadAggregateAsync` test against + `OtOpcUaParityTest_001.Counter` returning consistent + `TimeWeightedAverage` rows. + + - **Aggregate + at-time wiring (Phase B5):** + `HistorianWcfReadOrchestrator.ReadAggregateAsync` and + `ReadAtTimeAsync` chain `Hist.GetV → ValCl × N → Hist.Open2 → + Retr.IsOriginalAllowed → Retr.StartQuery2 → loop + Retr.GetNextQueryResultBuffer2`. The aggregate request maps the + public `RetrievalMode` enum to the documented + `HistorianDataQueryRequest.QueryType` values + (`Full → 2`, `Interpolated → 3`, `TimeWeightedAverage → 5`, + `Cyclic → 4`); other modes throw + `ProtocolEvidenceMissingException` until they have a fixture- + backed mapping. `ReadAtTimeAsync` issues a one-tick + `Interpolated` window per requested timestamp and folds each + aggregate result into a `HistorianSample`. + + - **Event flow (Phase B6+B7+B8):** + `HistorianWcfEventOrchestrator` mirrors the read orchestrator but + targets `IRetrievalServiceContract4.StartEventQuery` and + `GetNextEventQueryResultBuffer`. The chain reaches `StartEventQuery` + successfully — a real victory, since the previous probe attempts + failed at this exact call site. `GetNextEventQueryResultBuffer` + then returns native error type=4 code=85 (0x55), which is a NEW + server response (not the canonical `code=30` "no more data"). + The orchestrator treats any 5-byte type=4 error buffer as a + soft terminal and surfaces the full code via the + `LastErrorBufferDescription` diagnostic. Likely investigation + targets for code 85: the existing notes describe a native + `CreateDefaultEventTag` step that calls `RegisterTags2` to + register a synthetic `CM_EVENT` tag before any event read can + return rows; we currently skip that prerequisite. Event-row + WCF wire format also remains undecoded (only native struct + snapshots are captured), so even if rows came back we'd need a + fresh capture to parse them. Both of these are documented as + open follow-ups. + + - **Remote TCP transport (Phase B1 + B9):** + `HistorianWcfBindingFactory.CreateBindingPair(options)` selects + binding + endpoint pairs by `HistorianTransport`: + `LocalPipe` → `net.pipe://host/Hist` + `/Retr` (existing pipe + binding); `RemoteTcpIntegrated` → `net.tcp://host:port/Hist-Integrated` + (NetTcpBinding + Windows transport security) for the auth chain + plus plain MDAS Net.TCP `/Retr` for queries (per existing + evidence that `/Retr` rejects Windows transport security); + `RemoteTcpCertificate` → `/HistCert` over MDAS+certificate + + plain `/Retr`. The orchestrators now consume the binding pair + transport-agnostically. Untested against a live remote Historian + on this host, but the auth chain is ready to fire. + + - **Explicit username/password auth (Phase B3):** + `HistorianSspiClient` has a second constructor overload that + builds a `SEC_WINNT_AUTH_IDENTITY` Unicode struct and passes it + as `pAuthData` to `AcquireCredentialsHandleW`. The auth chain + helper picks the constructor based on + `HistorianClientOptions.IntegratedSecurity`: when `false` and + `UserName` is set, it parses `DOMAIN\user` (or treats the value + as a bare user) and forwards it with `Password`. Untested + against a live remote Historian; reserved for the explicit-creds + production path. + + Verified test results with `HISTORIAN_HOST=localhost` and + `HISTORIAN_TEST_TAG=OtOpcUaParityTest_001.Counter`: + **72/72 pass (15-second total)**, including the four live + integration tests (`ProbeAsync`, `BrowseTagNamesAsync`, + `GetTagMetadataAsync`, `ReadRawAsync_AgainstLocalHistorian`, + `ReadAggregateAsync_AgainstLocalHistorian`, + `ReadAtTimeAsync_AgainstLocalHistorian`, + `ReadEventsAsync_AgainstLocalHistorian`). Without env vars, all + tests skip cleanly to 72/72. + + Remaining open work (no protocol discovery — pure plumbing or + fresh capture): + + - Decode the event-row WCF wire format (no captured fixture yet). + Most direct path: instrument the native trace harness to capture + `Wcf.GetNextEventQueryResultBuffer.ResultBytes` while running the + successful native event read, base-64-encode into the existing + capture.ndjson, then write a parser using the same approach as + the data-query parser. + - Investigate code 85 (`0x55`) terminal from + `GetNextEventQueryResultBuffer`. Most likely the missing + `RegisterTags2(CM_EVENT)` prerequisite. See + `wcf-register-event-tag-latest.json` for the prior probe attempts + and the documented `ConvertEventTagToTagMetadata` GUID values + (`353b8145-5df0-4d46-a253-871aef49b321` event tag id, + `5f59ae42-3bb6-4760-91a5-ab0be01f2f27` event type id). + - Verify remote TCP transports against an actual remote Historian. + Both `RemoteTcpIntegrated` (use `/Hist-Integrated`) and + `RemoteTcpCertificate` (use `/HistCert`) are wired but unverified + on this host. + - Verify explicit username/password against a live Historian with + a non-current user account. + - Add `RetrievalMode` mappings beyond the four currently supported + (`Cyclic`, `Delta`, `BestFit`, `MinimumWithTime`, + `MaximumWithTime`, `Integral`, `Slope`, `Counter`, `ValueState`, + `RoundTrip`, `StartBound`, `EndBound`) when corresponding native + QueryType constants are documented. + - Decode the trailing 24 bytes of each row body (after the + EndTime/Quality/NumericValue/PercentGood/marker/StartTime stack); + they're zero in the captured fixture but vary in some rows + (e.g. trailer bytes at row+125..+132 differ across the 4 + captured rows for the same tag), suggesting a per-sample value + or source identifier we haven't decoded. + + Event-flow follow-up investigation on `2026-05-04`. The event + orchestrator now uses `ConnectionMode = 0x501` (Event) so the + chain reaches `Retr.GetNextEventQueryResultBuffer`. The server + returns native error type=4 code=85 (`0x55`) with zero rows. SQL + ground truth (`SELECT * FROM Runtime.dbo.Events`) confirms 5+ + events ARE available in the test window — they're just not + flowing because the session is not subscribed. + + Attempted fix: call `IHistoryServiceContract2.RegisterTags2` with + a `count=1 + 16-byte CM_EVENT GUID` body before `StartEventQuery`. + Tested with both `storageSessionId` and `contextKey` as the handle + parameter, in both upper- and lower-case GUID-D format. Every + variant returned native error code=51 (InvalidParameter). Reverted. + + Per existing notes (lines 673–728 in this doc), the actual native + prerequisite is `IHistoryServiceContract.AddTags` (`AddT`) with a + `CTagMetadata` payload (`version=1 byte + optional-mask=2 bytes + + data-type-byte=10 + tag-id=16 bytes + compact UTF-16 strings`), + NOT `RegisterTags2`. Documented CM_EVENT identity: + tag id `353b8145-5df0-4d46-a253-871aef49b321`, + event type id `5f59ae42-3bb6-4760-91a5-ab0be01f2f27`, + `CDataType=10`, storage type `2`. + + The remaining concrete next step for live event reads: + + 1. Instrument `Wcf.AddT.Request` on a running native event harness + to capture the exact `CTagMetadata` wire bytes. The existing + reverse-engineering CLI has IL-rewrite instrumentation that + captures other WCF request/response bodies — extend the same + approach to AddT. + 2. Wire the captured payload into `HistorianWcfEventOrchestrator` + as the `additionalSetup` callback for the event chain. + 3. Once `AddT(CTagMetadata)` succeeds, capture the resulting + `Wcf.GetNextEventQueryResultBuffer.ResultBytes` and write a + parser similar to the data-query row parser. + + Until step 1 lands, `ReadEventsAsync` reaches the chain layer + successfully but returns empty results. The diagnostic helper + `EventChainDiagnosticTests.EventOrchestrator_DiagnosticDump_AgainstLocalHistorian` + surfaces `LastResultBufferLength` and `LastErrorBufferDescription` + via `ITestOutputHelper` for iteration. + + Raw ETL files contain SSPI tokens, machine names, and identity + metadata; they stay under + `artifacts/reverse-engineering/etw-sspi-{nativeread,managedvalcl}-*.etl` + and are not committed. + + Therefore "rerun from elevated PowerShell" is no longer a viable next + step on this host. Practical alternative evidence paths for the server + helper layer: + + - SYSTEM-level injection from an interactive PsExec session + (`PsExec64 -accepteula -s -i frida -p -l