dohertj2/histsdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
92d4110142de5010bd583d27d2802f76f321d865
histsdk/docs/reverse-engineering/wcf-open-localhost.md
T
dohertj2 c95824a65d Initial commit: managed .NET 10 AVEVA Historian SDK + reverse-engineering toolkit 
Full read-only SDK (src/AVEVA.Historian.Client) implementing the CLAUDE.md required
surface against AVEVA Historian's binary WCF protocol — no native AVEVA runtime
dependency. All operations live-verified against a local Historian:

- ProbeAsync, ReadRawAsync, ReadAggregateAsync, ReadAtTimeAsync, ReadEventsAsync
- BrowseTagNamesAsync, GetTagMetadataAsync (17 native data-type codes mapped)
- GetConnectionStatusAsync, GetStoreForwardStatusAsync, GetSystemParameterAsync
- 108/108 unit + integration tests pass

Includes the reverse-engineering toolkit (tools/AVEVA.Historian.ReverseEngineering)
used to decode the protocol: WCF probes, IL inspection via dnlib, and IL-rewrite
instrumentation (instrument-wcf-{write,read}message etc.) plus the .NET Framework
trace harness (tools/AVEVA.Historian.NativeTraceHarness) for parity testing.

Sanitized handoff evidence under docs/reverse-engineering/. Native AVEVA binaries
(current/, aveva-install-x64/, aveva-install-x86/) are gitignored — fetch separately
from the AVEVA installer.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 06:31:48 -04:00

33 lines
1.4 KiB
Markdown
Raw Blame History

# WCF OpenConnection Evidence
Command:
```powershell
dotnet run --no-build --project tools\AVEVA.Historian.ReverseEngineering -- wcf-open localhost 32568
```
Confirmed:
- `Hist.OpenConnection` is reachable through fully managed WCF/MDAS.
- Correcting WCF parameter names to match the decompiled contract changed the
result from a server-side null-reference fault to normal AVEVA return codes.
- An empty password buffer returns `31`, which maps to `BufferTooSmall`.
- Non-empty and 513-wide-char-sized password buffers return `73`, which maps to
`InvalidPacketVersion`.
- Varying client type `0..7` and client versions `0,1,2,4,11` did not produce a
successful session open.
- Packet-version guesses using little-endian `ushort` and `uint` values `1..4`
at the start of a 1026-byte buffer also returned `InvalidPacketVersion`.
- The native string table contains `CClientInfo::SerializeOpenConnectionInParams3`
and `CClientInfo::EncryptWithClientKey`, so simple literal password buffers
are not enough.
Interpretation:
- The managed WCF envelope and endpoint are correct enough to invoke server
operation logic.
- Session open is blocked on the exact native password/session packet encoding,
not on TCP, endpoint routing, or service-contract discovery.
- The native WCF client uses the byte-buffer `Open2` path for normal WCF session
setup. See `wcf-open2-localhost.md` for confirmed `Open2` framing evidence.
Reference in New Issue View Git Blame Copy Permalink