Joseph Doherty
fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Layout:
- src/ .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
MxAsbClient, probes, tests, harnesses. Executable spec.
- design/ Architectural plan for the Rust port (M0–M6), error
model, protocol invariants, risks (R1–R16), adversarial
review log (review.md).
- rust/ Rust workspace. M0 skeleton + M1 codec parity.
mxaccess-codec: 215 unit tests + 2 cross-implementation
parity tests (byte-identical against .NET reference).
Other crates are M0 stubs awaiting M2+.
- captures/ Frida + netsh + pcap evidence per CLAUDE.md
("captures are evidence, not throwaway logs").
- analysis/ Decompiled C# (frida/proxy/decompiled-*),
Ghidra exports for native DLLs (`exports/` only —
working state at `projects/` and AVEVA's input
binaries at `input/` are gitignored).
- docs/ Reverse-engineering reference docs.
- tools/ Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/ Rust CI: fmt + build + test + clippy on Windows.
- LICENSE MIT (Joseph Doherty, 2026).
Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly
Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
92 lines
28 KiB
JSON
92 lines
28 KiB
JSON
____
|
|
/ _ | Frida 17.9.1 - A world-class dynamic instrumentation toolkit
|
|
| (_| |
|
|
> _ | Commands:
|
|
/_/ |_| help -> Displays the help system
|
|
. . . . object? -> Display information about 'object'
|
|
. . . . exit/quit -> Exit
|
|
. . . .
|
|
. . . . More info at https://frida.re/docs/home/
|
|
. . . .
|
|
. . . . Connected to Local System (id=local)
|
|
Spawning `C:\Users\dohertj2\Desktop\mxaccess\src\MxTraceHarness\bin\Release\net481\MxTraceHarness.exe --scenario=write --tag=TestChildObject.TestString --type=string --values=AlphaMX,BetaMX,GammaMX --user-id=1 --write-delay-ms=1000 --write-interval-ms=700 --duration=4 --log=C:\Users\dohertj2\Desktop\mxaccess\captures\027-frida-write-test-string-sequence\harness.log --client=MxFridaTrace-027-frida-write-test-string-sequence`...
|
|
Spawned `C:\Users\dohertj2\Desktop\mxaccess\src\MxTraceHarness\bin\Release\net481\MxTraceHarness.exe --scenario=write --tag=TestChildObject.TestString --type=string --values=AlphaMX,BetaMX,GammaMX --user-id=1 --write-delay-ms=1000 --write-interval-ms=700 --duration=4 --log=C:\Users\dohertj2\Desktop\mxaccess\captures\027-frida-write-test-string-sequence\harness.log --client=MxFridaTrace-027-frida-write-test-string-sequence`. Resuming main thread!
|
|
[Local::MxTraceHarness.exe ]-> {"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","base":"0x65a40000","rva":"0x12c0c","address":"0x65a52c0c","time":"2026-04-25T06:26:00.778Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantB","base":"0x65a40000","rva":"0x13280","address":"0x65a53280","time":"2026-04-25T06:26:00.778Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.WriteSecured.variantA","base":"0x65a40000","rva":"0x12f24","address":"0x65a52f24","time":"2026-04-25T06:26:00.778Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.WriteSecured.variantB","base":"0x65a40000","rva":"0x135fe","address":"0x65a535fe","time":"2026-04-25T06:26:00.779Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","base":"0x65a40000","rva":"0x142b4","address":"0x65a542b4","time":"2026-04-25T06:26:00.780Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","base":"0x64180000","rva":"0x10996","address":"0x64190996","time":"2026-04-25T06:26:07.921Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","base":"0x64180000","rva":"0x112da","address":"0x641912da","time":"2026-04-25T06:26:07.923Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","base":"0x64180000","rva":"0x15169","address":"0x64195169","time":"2026-04-25T06:26:07.924Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequestEx","base":"0x64180000","rva":"0x159c3","address":"0x641959c3","time":"2026-04-25T06:26:07.924Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","address":"0x65a542b4","ecx":"0x1df27c","args":["0x5788ff0","0x1","0x1","0x8f01c86c","0x74794704"],"time":"2026-04-25T06:26:07.975Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","retval":"0x0","time":"2026-04-25T06:26:07.976Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x8a9c738","0x1","0x1","0x1","0x2","0x0","0x13a","0x8aa0648","0x1def40","0xd98c27c5"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":1,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":314,"ptr":"0x8aa0648","hex":"17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 6a 00 00 00 40 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 d0 fc a9 08 1f 01 00 b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc 00 00 01 00 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 76 00 00 00 4c 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 43 00 6f 00 6e 00 66 00 69 00 67 00 43 00 68 00 61"}],"time":"2026-04-25T06:26:08.103Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x1","0x168","0x956a020","0xaf9ba286","0x8aa0214","0x8aa0204","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":360,"ptr":"0x956a020","hex":"01 00 3a 01 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 02 00 00 30 75 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 6a 00 00 00 40 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 d0 fc a9 08 1f 01 00 b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc 00 00 01 00 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 76 00 00 00 4c 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d"}],"time":"2026-04-25T06:26:08.107Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:08.107Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:26:08.108Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x8a9c738","0x1","0x1","0x2","0x2","0x0","0x27","0x8b6e918","0x1def40","0xd98c27c5"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":39,"ptr":"0x8b6e918","hex":"1f 01 00 b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc 00 00 05 00 36 d7 02 00 9e 00 0a 00 1a 94 00 00 03 00 00 00"}],"time":"2026-04-25T06:26:08.108Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x2","0x55","0x956a020","0xaf9ba286","0x8b79584","0x8b79574","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":85,"ptr":"0x956a020","hex":"01 00 27 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 1f 01 00 b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc 00 00 05 00 36 d7 02 00 9e 00 0a 00 1a 94 00 00 03 00 00 00"}],"time":"2026-04-25T06:26:08.109Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:08.110Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:26:08.110Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x8a9c738","args":["0x2c2","0x72528b8","0x6e1ec18","0x76ffedd8","0x8a9c744","0x2c2","0x72528b8","0x206","0x3","0x70872ec"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":706,"ptr":"0x72528b8","hex":"01 00 94 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 40 1f 50 80 08 a6 00 00 00 40 00 00 91 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 18 00 00 00 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 00 00 28 00 00 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 53 f2 9a 00 6a 00 0a 00 5f f1 00 00 01 6c 00 00 00 41 00 6e 00 20 00 69 00 6e 00 74 00 65 00 72 00 6e 00 61 00 6c 00 20 00 65 00 72 00 72 00 6f"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x70872ec","hex":"d0 c4 3d"}],"time":"2026-04-25T06:26:08.133Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:26:08.134Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x8a9c738","args":["0x97","0x72b5d18","0x6e1ec18","0x76ffedd8","0x8a9c744","0x97","0x72b5d18","0x206","0x3","0x70872ec"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":151,"ptr":"0x72b5d18","hex":"01 00 69 00 00 00 00 00 00 00 a7 eb 08 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 32 01 00 02 00 00 00 37 97 a5 01 0f ce b8 48 82 23 80 08 73 95 16 5b b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc 01 00 00 00 03 00 00 00 c0 00 20 2e 5a 46 28 d3 dc 01 06 0a 00 00 00 00 a0 41 c3 55 bd dc 01 00 00 02 00 00 00 03 00 00 00 c0 00 80 18 5b 46 28 d3 dc 01 06 0a 00 00 00 80 c1 75 25 a5 bd dc 01 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x70872ec","hex":"d0 c4 3d"}],"time":"2026-04-25T06:26:08.135Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:26:08.136Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x8a9c738","args":["0x5c","0x72b4c10","0x6e1ec18","0x76ffedd8","0x8a9c744","0x5c","0x72b4c10","0x206","0x3","0x70872ec"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":92,"ptr":"0x72b4c10","hex":"01 00 2e 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 00 00 50 80 01 00 01 00 02 00 30 75 00 00 e1 40 1f 90 80 e4 7d 43 bf ab 6f a2 ea 23 97 ed b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x70872ec","hex":"d0 c4 3d"}],"time":"2026-04-25T06:26:08.157Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:26:08.158Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x8a9c738","args":["0x8e","0x7a1928","0x6e1ec18","0x76ffedd8","0x8a9c744","0x8e","0x7a1928","0x206","0x3","0x70872ec"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":142,"ptr":"0x7a1928","hex":"01 00 60 00 00 00 00 00 00 00 f5 75 04 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 32 01 00 01 00 00 00 e1 40 1f 90 80 e4 7d 43 bf ab 6f a2 ea 23 97 ed b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc 03 00 00 00 03 00 00 00 c0 00 b0 a0 e2 57 47 bd dc 01 05 22 00 00 00 1e 00 00 00 48 00 65 00 6c 00 6c 00 6f 00 46 00 72 00 6f 00 6d 00 4f 00 70 00 63 00 55 00 61 00 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x70872ec","hex":"d0 c4 3d"}],"time":"2026-04-25T06:26:08.159Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:26:08.159Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x1","0x2e","0x956a020","0xaf9ba2aa","0x8a97010","0x0","0x0","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":46,"ptr":"0x956a020","hex":"01 00 00 00 00 00 00 00 00 00 a7 eb 08 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 01 00 00 00 02 02 00 00 30 75 00 00"}],"time":"2026-04-25T06:26:08.214Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:08.215Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x2","0x2e","0x956a020","0xaf9ba2aa","0x8a97010","0x0","0x0","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":46,"ptr":"0x956a020","hex":"01 00 00 00 00 00 00 00 00 00 f5 75 04 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 02 02 00 00 30 75 00 00"}],"time":"2026-04-25T06:26:08.237Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:08.238Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","address":"0x65a52c0c","ecx":"0x1df270","args":["0x5788ff0","0x1","0x1","0x8","0x0","0x73d0204","0x0","0x1","0x8f01c86c","0x74794704"],"time":"2026-04-25T06:26:09.012Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","retval":"0x0","time":"2026-04-25T06:26:09.012Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x8a9c738","0x1","0x1","0x2","0x2","0x0","0x3c","0x8b6e498","0x1def40","0xd98c27c5"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":60,"ptr":"0x8b6e498","hex":"37 01 00 05 00 36 d7 02 00 9e 00 0a 00 1a 94 00 00 05 14 00 00 00 10 00 00 00 41 00 6c 00 70 00 68 00 61 00 4d 00 58 00 00 00 ff ff 00 00 00 00 00 00 00 00 3d a1 b7 08 01 00 00 00"}],"time":"2026-04-25T06:26:09.066Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x2","0x6a","0x956a020","0xaf9ba286","0x8a977f4","0x8a977e4","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":106,"ptr":"0x956a020","hex":"01 00 3c 00 00 00 00 00 00 00 03 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 37 01 00 05 00 36 d7 02 00 9e 00 0a 00 1a 94 00 00 05 14 00 00 00 10 00 00 00 41 00 6c 00 70 00 68 00 61 00 4d 00 58 00 00 00 ff ff 00 00 00 00 00 00 00 00 3d a1 b7 08 01 00 00 00"}],"time":"2026-04-25T06:26:09.068Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:09.068Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:26:09.069Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x8a9c738","args":["0x33","0x72528b8","0x6e1ec18","0x76ffedd8","0x8a9c744","0x33","0x72528b8","0x206","0x3","0x70872ec"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":51,"ptr":"0x72528b8","hex":"01 00 05 00 00 00 00 00 00 00 03 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 00 00 50 80 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x70872ec","hex":"d0 c4 3d"}],"time":"2026-04-25T06:26:09.106Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:26:09.107Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x8a9c738","args":["0x6c","0x79a1f0","0x6e1ec18","0x76ffedd8","0x8a9c744","0x6c","0x79a1f0","0x206","0x3","0x70872ec"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":108,"ptr":"0x79a1f0","hex":"01 00 3e 00 00 00 00 00 00 00 f8 75 04 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 33 01 00 01 00 00 00 e1 40 1f 90 80 e4 7d 43 bf ab 6f a2 ea 23 97 ed 03 00 00 00 c0 00 10 5c 75 67 7c d4 dc 01 05 14 00 00 00 10 00 00 00 41 00 6c 00 70 00 68 00 61 00 4d 00 58 00 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x70872ec","hex":"d0 c4 3d"}],"time":"2026-04-25T06:26:09.108Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:26:09.108Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x2","0x2e","0x956a020","0xaf9ba2aa","0x8a97010","0x0","0x0","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":46,"ptr":"0x956a020","hex":"01 00 00 00 00 00 00 00 00 00 f8 75 04 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 02 02 00 00 30 75 00 00"}],"time":"2026-04-25T06:26:09.173Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:09.173Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","address":"0x65a52c0c","ecx":"0x1df270","args":["0x5788ff0","0x1","0x1","0x8","0x0","0x73cfe44","0x0","0x1","0x8f01c86c","0x74794704"],"time":"2026-04-25T06:26:09.740Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","retval":"0x0","time":"2026-04-25T06:26:09.740Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x8a9c738","0x1","0x1","0x2","0x2","0x0","0x3a","0x8b6e8d0","0x1def40","0xd98c27c5"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":58,"ptr":"0x8b6e8d0","hex":"37 01 00 05 00 36 d7 02 00 9e 00 0a 00 1a 94 00 00 05 12 00 00 00 0e 00 00 00 42 00 65 00 74 00 61 00 4d 00 58 00 00 00 ff ff 00 00 00 00 00 00 00 00 3d a1 b7 08 02 00 00 00"}],"time":"2026-04-25T06:26:09.844Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x2","0x68","0x956a020","0xaf9ba286","0x8b799dc","0x8b799cc","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":104,"ptr":"0x956a020","hex":"01 00 3a 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 37 01 00 05 00 36 d7 02 00 9e 00 0a 00 1a 94 00 00 05 12 00 00 00 0e 00 00 00 42 00 65 00 74 00 61 00 4d 00 58 00 00 00 ff ff 00 00 00 00 00 00 00 00 3d a1 b7 08 02 00 00 00"}],"time":"2026-04-25T06:26:09.845Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:09.846Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:26:09.846Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x8a9c738","args":["0x33","0x72b4c10","0x6e1ec18","0x76ffedd8","0x8a9c744","0x33","0x72b4c10","0x206","0x3","0x70872ec"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":51,"ptr":"0x72b4c10","hex":"01 00 05 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 00 00 50 80 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x70872ec","hex":"d0 c4 3d"}],"time":"2026-04-25T06:26:09.849Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:26:09.850Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x8a9c738","args":["0x6a","0x7a1928","0x6e1ec18","0x76ffedd8","0x8a9c744","0x6a","0x7a1928","0x206","0x3","0x70872ec"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":106,"ptr":"0x7a1928","hex":"01 00 3c 00 00 00 00 00 00 00 fb 75 04 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 33 01 00 01 00 00 00 e1 40 1f 90 80 e4 7d 43 bf ab 6f a2 ea 23 97 ed 03 00 00 00 c0 00 80 bb e6 67 7c d4 dc 01 05 12 00 00 00 0e 00 00 00 42 00 65 00 74 00 61 00 4d 00 58 00 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x70872ec","hex":"d0 c4 3d"}],"time":"2026-04-25T06:26:09.851Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:26:09.852Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x2","0x2e","0x956a020","0xaf9ba2aa","0x8a97010","0x0","0x0","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":46,"ptr":"0x956a020","hex":"01 00 00 00 00 00 00 00 00 00 fb 75 04 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 02 02 00 00 30 75 00 00"}],"time":"2026-04-25T06:26:09.950Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:09.951Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","address":"0x65a52c0c","ecx":"0x1df270","args":["0x5788ff0","0x1","0x1","0x8","0x0","0x73cffd4","0x0","0x1","0x8f01c86c","0x74794704"],"time":"2026-04-25T06:26:10.465Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","retval":"0x0","time":"2026-04-25T06:26:10.465Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x8a9c738","0x1","0x1","0x2","0x2","0x0","0x3c","0x8b6e180","0x1def40","0xd98c27c5"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":60,"ptr":"0x8b6e180","hex":"37 01 00 05 00 36 d7 02 00 9e 00 0a 00 1a 94 00 00 05 14 00 00 00 10 00 00 00 47 00 61 00 6d 00 6d 00 61 00 4d 00 58 00 00 00 ff ff 00 00 00 00 00 00 00 00 3d a1 b7 08 03 00 00 00"}],"time":"2026-04-25T06:26:10.518Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x2","0x6a","0x956a020","0xaf9ba286","0x8a977f4","0x8a977e4","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":106,"ptr":"0x956a020","hex":"01 00 3c 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 37 01 00 05 00 36 d7 02 00 9e 00 0a 00 1a 94 00 00 05 14 00 00 00 10 00 00 00 47 00 61 00 6d 00 6d 00 61 00 4d 00 58 00 00 00 ff ff 00 00 00 00 00 00 00 00 3d a1 b7 08 03 00 00 00"}],"time":"2026-04-25T06:26:10.519Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:10.519Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:26:10.520Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x8a9c738","args":["0x33","0x72528b8","0x6e1ec18","0x76ffedd8","0x8a9c744","0x33","0x72528b8","0x206","0x3","0x70872ec"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":51,"ptr":"0x72528b8","hex":"01 00 05 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 00 00 50 80 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x70872ec","hex":"d0 c4 3d"}],"time":"2026-04-25T06:26:10.554Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:26:10.554Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x8a9c738","args":["0x6c","0x79a1f0","0x6e1ec18","0x76ffedd8","0x8a9c744","0x6c","0x79a1f0","0x206","0x3","0x70872ec"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":108,"ptr":"0x79a1f0","hex":"01 00 3e 00 00 00 00 00 00 00 ff 75 04 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 33 01 00 01 00 00 00 e1 40 1f 90 80 e4 7d 43 bf ab 6f a2 ea 23 97 ed 03 00 00 00 c0 00 90 4e 52 68 7c d4 dc 01 05 14 00 00 00 10 00 00 00 47 00 61 00 6d 00 6d 00 61 00 4d 00 58 00 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x70872ec","hex":"d0 c4 3d"}],"time":"2026-04-25T06:26:10.555Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:26:10.557Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x2","0x2e","0x956a020","0xaf9ba2aa","0x8a97010","0x0","0x0","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":46,"ptr":"0x956a020","hex":"01 00 00 00 00 00 00 00 00 00 ff 75 04 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 02 02 00 00 30 75 00 00"}],"time":"2026-04-25T06:26:10.624Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:10.626Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x8a9c738","0x1","0x1","0x1","0x2","0x0","0x3a","0x8b6e210","0x1df0fc","0xd98c3989"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":1,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":58,"ptr":"0x8b6e210","hex":"21 01 00 b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc 01 00 53 f2 9a 00 6a 00 0a 00 5f f1 00 00 01 00 00 00 22 01 00 01 00 53 f2 9a 00 6b 00 0a 00 87 3a 00 00 02 00 00 00"}],"time":"2026-04-25T06:26:14.521Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x1","0x68","0x956a020","0xaf9ba35a","0x8a977f4","0x8a977e4","0x641add04","0x64"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":104,"ptr":"0x956a020","hex":"01 00 3a 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 02 00 00 30 75 00 00 21 01 00 b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc 01 00 53 f2 9a 00 6a 00 0a 00 5f f1 00 00 01 00 00 00 22 01 00 01 00 53 f2 9a 00 6b 00 0a 00 87 3a 00 00 02 00 00 00"}],"time":"2026-04-25T06:26:14.522Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:14.522Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:26:14.523Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x8a9c738","0x1","0x1","0x2","0x2","0x0","0x25","0x8b6e258","0x1df0fc","0xd98c3989"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":37,"ptr":"0x8b6e258","hex":"21 01 00 b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc 05 00 36 d7 02 00 9e 00 0a 00 1a 94 00 00 03 00 00 00"}],"time":"2026-04-25T06:26:14.524Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x8a9c738","args":["0x1","0x1","0x2","0x53","0x956a020","0xaf9ba35a","0x8b79584","0x8b79574","0x641add04","0x64"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":83,"ptr":"0x956a020","hex":"01 00 25 00 00 00 00 00 00 00 07 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 21 01 00 b2 36 c6 09 ef 0d 00 43 9e 1d 5e d9 16 c8 7c cc 05 00 36 d7 02 00 9e 00 0a 00 1a 94 00 00 03 00 00 00"}],"time":"2026-04-25T06:26:14.525Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:26:14.525Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:26:14.526Z"}
|
|
Process terminated
|
|
|
|
Thank you for using Frida!
|