dohertj2/histsdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: managed .NET 10 AVEVA Historian SDK + reverse-engineering toolkit

Browse Source 
Full read-only SDK (src/AVEVA.Historian.Client) implementing the CLAUDE.md required
surface against AVEVA Historian's binary WCF protocol — no native AVEVA runtime
dependency. All operations live-verified against a local Historian:

- ProbeAsync, ReadRawAsync, ReadAggregateAsync, ReadAtTimeAsync, ReadEventsAsync
- BrowseTagNamesAsync, GetTagMetadataAsync (17 native data-type codes mapped)
- GetConnectionStatusAsync, GetStoreForwardStatusAsync, GetSystemParameterAsync
- 108/108 unit + integration tests pass

Includes the reverse-engineering toolkit (tools/AVEVA.Historian.ReverseEngineering)
used to decode the protocol: WCF probes, IL inspection via dnlib, and IL-rewrite
instrumentation (instrument-wcf-{write,read}message etc.) plus the .NET Framework
trace harness (tools/AVEVA.Historian.NativeTraceHarness) for parity testing.

Sanitized handoff evidence under docs/reverse-engineering/. Native AVEVA binaries
(current/, aveva-install-x64/, aveva-install-x86/) are gitignored — fetch separately
from the AVEVA installer.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
dohertj2
2026-05-04 06:31:48 -04:00
commit c95824a65d
230 changed files with 38666 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/decode-readmessage-capture.py
+71
View File
@@ -0,0 +1,71 @@
"""Decode ReadMessage capture (incoming WCF response bodies)."""
import base64
import json
import re
import sys
from pathlib import Path
REPO_ROOT = Path(__file__).resolve().parent.parent
CAPTURE = REPO_ROOT / "artifacts" / "reverse-engineering" / "instrumented-wcf-readmessage" / "readmessage-capture-event-latest.ndjson"
# WCF response bodies don't carry the action URI in the body itself (the request action is
# echoed differently). Look for known parameter names instead. WCF response wraps the result
# in <{OpName}Response> with parameter elements inside.
RESPONSE_NAME_RE = re.compile(rb"[A-Za-z][A-Za-z0-9]+Response")
GUID_RE = re.compile(rb"[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}")
PARAM_RE = re.compile(rb"[\x20-\x7E]{4,}")
def main() -> int:
records = []
with CAPTURE.open(encoding="utf-8-sig") as fh:
for line in fh:
records.append(json.loads(line))
print(f"# {CAPTURE.name}: {len(records)} records")
print()
print(f"{'#':>3} {'Length':>6} {'Sha8':<10} {'Operation':<32} {'GUIDs(first2)'}")
print("-" * 120)
for idx, rec in enumerate(records):
body = base64.b64decode(rec["Base64"])
op_match = RESPONSE_NAME_RE.search(body)
op = op_match.group(0).decode() if op_match else "<no-Response-name>"
guids = [g.decode() for g in GUID_RE.findall(body)]
guid_summary = ", ".join(guids[:2]) if guids else ""
sha8 = rec["Sha256"][:8]
print(f"{idx:>3} {rec['Length']:>6} {sha8:<10} {op:<32} {guid_summary}")
# Detailed dump for the most interesting records.
INTEREST = {
"StartEventQuery": "after request to /Retr/StartEventQuery",
"GetNextEventQueryResultBuffer": "the event-row body we want",
"Open2": "session-establishing response",
"EnsT2": "what the server returns for EnsureTags2",
"EnsureTags2": "EnsT2 alt name",
"RTag2": "RegisterTags2 response",
"RegisterTags2": "RTag2 alt name",
"UpdC3": "UpdateClientStatus3 response",
"UpdateClientStatus3": "UpdC3 alt name",
}
print()
print("# Detailed dumps")
for idx, rec in enumerate(records):
body = base64.b64decode(rec["Base64"])
op_match = RESPONSE_NAME_RE.search(body)
if not op_match:
continue
op = op_match.group(0).decode().removesuffix("Response")
if not any(k in op for k in INTEREST):
continue
print()
print(f"=== Record {idx} {op} (length={rec['Length']}) ===")
for off in range(0, min(256, len(body)), 32):
chunk = body[off:off + 32]
hp = " ".join(f"{b:02X}" for b in chunk)
ap = "".join(chr(b) if 32 <= b < 127 else "." for b in chunk)
print(f" {off:04X} {hp:<96} |{ap}|")
return 0
if __name__ == "__main__":
sys.exit(main())