dohertj2/mxaccess
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
mxaccess/analysis/frida/write-array-body-matrix.tsv
T
Joseph Doherty fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Details
Initial project state: .NET reference, design, Rust port (M0+M1), evidence 
Layout:
- src/                    .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
                          MxAsbClient, probes, tests, harnesses. Executable spec.
- design/                 Architectural plan for the Rust port (M0–M6), error
                          model, protocol invariants, risks (R1–R16), adversarial
                          review log (review.md).
- rust/                   Rust workspace. M0 skeleton + M1 codec parity.
                          mxaccess-codec: 215 unit tests + 2 cross-implementation
                          parity tests (byte-identical against .NET reference).
                          Other crates are M0 stubs awaiting M2+.
- captures/               Frida + netsh + pcap evidence per CLAUDE.md
                          ("captures are evidence, not throwaway logs").
- analysis/               Decompiled C# (frida/proxy/decompiled-*),
                          Ghidra exports for native DLLs (`exports/` only —
                          working state at `projects/` and AVEVA's input
                          binaries at `input/` are gitignored).
- docs/                   Reverse-engineering reference docs.
- tools/                  Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
                          Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/      Rust CI: fmt + build + test + clippy on Windows.
- LICENSE                 MIT (Joseph Doherty, 2026).

Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly

Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 06:21:00 -04:00

9 lines
2.8 KiB
Plaintext
Raw Permalink Blame History

capture tag type values com_variant_type putrequest_size putrequest_first_value_offset transferdata_size transferdata_first_value_offset processdatareceived_size processdatareceived_first_value_offset processdatareceived_encoding array_kind_byte element_count element_width_or_code array_descriptor_hex notes
029-frida-write-test-int-array TestChildObject.TestIntArray[] int[] 201;202;203;204;205;206;207;208;209;210 SAFEARRAY VT_I4/0x2003 86 28 132 74 134 94 int32 little-endian 0x42 10 4 42 00 00 00 00 0a 00 04 00 00 00 Packed numeric array values begin immediately after the 11-byte array descriptor.
030-frida-write-test-bool-array TestChildObject.TestBoolArray[] bool[] true;false;true;false;true;false;true;false;true;false SAFEARRAY VT_BOOL/0x200b 66 28 112 74 114 94 VARIANT_BOOL-style 16-bit values 0x41 10 2 41 00 00 00 00 0a 00 02 00 00 00 Requested alternating values returned as True,True,False,False,True,True,False,False,True,True; capture 098 confirms this is an x86 COM automation projection issue rather than a one-off capture.
098-frida-write-bool-array-pattern-10 TestChildObject.TestBoolArray[] bool[] true;false;false;true;true;false;true;false;false;true SAFEARRAY VT_BOOL/0x200b 66 28 112 74 114 94 VARIANT_BOOL-style 16-bit values 0x41 10 2 41 00 00 00 00 0a 00 02 00 00 00 Requested non-repeating values emitted as True,True,False,False,False,False,True,True,True,True through x86 MXAccess COM automation; managed native encoder keeps direct per-element bool encoding by default.
031-frida-write-test-float-array TestChildObject.TestFloatArray[] float[] 1.25;2.5;3.75;4.25;5.5;6.75;7.25;8.5;9.75;10.25 SAFEARRAY VT_R4/0x2004 86 28 132 74 134 94 float32 little-endian 0x43 10 4 43 00 00 00 00 0a 00 04 00 00 00 Packed numeric array values begin immediately after the 11-byte array descriptor.
032-frida-write-test-double-array TestChildObject.TestDoubleArray[] double[] 1.125;2.25;3.5;4.625;5.75;6.875;7.0;8.125;9.25;10.375 SAFEARRAY VT_R8/0x2005 126 28 172 74 174 94 float64 little-endian 0x44 10 8 44 00 00 00 00 0a 00 08 00 00 00 Packed numeric array values begin immediately after the 11-byte array descriptor.
033-frida-write-test-string-array TestChildObject.TestStringArray[] string[] A01;B02;C03;D04;E05;F06;G07;H08;I09;J10 SAFEARRAY VT_BSTR/0x2008 256 41 302 87 304 107 UTF-16LE per-element variable record 0x45 10 4 45 00 00 00 00 0a 00 04 00 00 00 Each element is record_length + scalar string-style variable payload.
035-frida-write-test-datetime-array-full TestChildObject.TestDateTimeArray[] datetime[] 2026-04-25T03:00:00 through 2026-04-25T03:09:00 SAFEARRAY VT_DATE/0x2007 596 41 642 87 214 94 outbound UTF-16LE per-element display string; callback FILETIME sequence 0x45 10 4 45 00 00 00 00 0a 00 04 00 00 00 Original capture 034 was truncated by the old 256-byte Frida dump cap; capture 035 uses the 4096-byte cap and has the full body.
Reference in New Issue View Git Blame Copy Permalink