dohertj2/histsdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
histsdk/docs/reverse-engineering/wcf-open-localhost.md
T
dohertj2 c95824a65d Initial commit: managed .NET 10 AVEVA Historian SDK + reverse-engineering toolkit 
Full read-only SDK (src/AVEVA.Historian.Client) implementing the CLAUDE.md required
surface against AVEVA Historian's binary WCF protocol — no native AVEVA runtime
dependency. All operations live-verified against a local Historian:

- ProbeAsync, ReadRawAsync, ReadAggregateAsync, ReadAtTimeAsync, ReadEventsAsync
- BrowseTagNamesAsync, GetTagMetadataAsync (17 native data-type codes mapped)
- GetConnectionStatusAsync, GetStoreForwardStatusAsync, GetSystemParameterAsync
- 108/108 unit + integration tests pass

Includes the reverse-engineering toolkit (tools/AVEVA.Historian.ReverseEngineering)
used to decode the protocol: WCF probes, IL inspection via dnlib, and IL-rewrite
instrumentation (instrument-wcf-{write,read}message etc.) plus the .NET Framework
trace harness (tools/AVEVA.Historian.NativeTraceHarness) for parity testing.

Sanitized handoff evidence under docs/reverse-engineering/. Native AVEVA binaries
(current/, aveva-install-x64/, aveva-install-x86/) are gitignored — fetch separately
from the AVEVA installer.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 06:31:48 -04:00

1.4 KiB
Raw Permalink Blame History

WCF OpenConnection Evidence

Command:

dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- wcf-open localhost 32568

Confirmed:

  • Hist.OpenConnection is reachable through fully managed WCF/MDAS.
  • Correcting WCF parameter names to match the decompiled contract changed the result from a server-side null-reference fault to normal AVEVA return codes.
  • An empty password buffer returns 31, which maps to BufferTooSmall.
  • Non-empty and 513-wide-char-sized password buffers return 73, which maps to InvalidPacketVersion.
  • Varying client type 0..7 and client versions 0,1,2,4,11 did not produce a successful session open.
  • Packet-version guesses using little-endian ushort and uint values 1..4 at the start of a 1026-byte buffer also returned InvalidPacketVersion.
  • The native string table contains CClientInfo::SerializeOpenConnectionInParams3 and CClientInfo::EncryptWithClientKey, so simple literal password buffers are not enough.

Interpretation:

  • The managed WCF envelope and endpoint are correct enough to invoke server operation logic.
  • Session open is blocked on the exact native password/session packet encoding, not on TCP, endpoint routing, or service-contract discovery.
  • The native WCF client uses the byte-buffer Open2 path for normal WCF session setup. See wcf-open2-localhost.md for confirmed Open2 framing evidence.
Reference in New Issue View Git Blame Copy Permalink