Joseph Doherty
fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Layout:
- src/ .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
MxAsbClient, probes, tests, harnesses. Executable spec.
- design/ Architectural plan for the Rust port (M0–M6), error
model, protocol invariants, risks (R1–R16), adversarial
review log (review.md).
- rust/ Rust workspace. M0 skeleton + M1 codec parity.
mxaccess-codec: 215 unit tests + 2 cross-implementation
parity tests (byte-identical against .NET reference).
Other crates are M0 stubs awaiting M2+.
- captures/ Frida + netsh + pcap evidence per CLAUDE.md
("captures are evidence, not throwaway logs").
- analysis/ Decompiled C# (frida/proxy/decompiled-*),
Ghidra exports for native DLLs (`exports/` only —
working state at `projects/` and AVEVA's input
binaries at `input/` are gitignored).
- docs/ Reverse-engineering reference docs.
- tools/ Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/ Rust CI: fmt + build + test + clippy on Windows.
- LICENSE MIT (Joseph Doherty, 2026).
Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly
Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
77 lines
28 KiB
JSON
77 lines
28 KiB
JSON
____
|
|
/ _ | Frida 17.9.1 - A world-class dynamic instrumentation toolkit
|
|
| (_| |
|
|
> _ | Commands:
|
|
/_/ |_| help -> Displays the help system
|
|
. . . . object? -> Display information about 'object'
|
|
. . . . exit/quit -> Exit
|
|
. . . .
|
|
. . . . More info at https://frida.re/docs/home/
|
|
. . . .
|
|
. . . . Connected to Local System (id=local)
|
|
Spawning `C:\Users\dohertj2\Desktop\mxaccess\src\MxTraceHarness\bin\Release\net481\MxTraceHarness.exe --scenario=write2 --tag=TestChildObject.TestDateTimeArray[] --type=datetime[] --value=2026-04-25T09:00:00;2026-04-25T09:01:00;2026-04-25T09:02:00;2026-04-25T09:03:00;2026-04-25T09:04:00;2026-04-25T09:05:00;2026-04-25T09:06:00;2026-04-25T09:07:00;2026-04-25T09:08:00;2026-04-25T09:09:00 --user-id=1 --write-time=2026-04-25T08:15:16 --write-delay-ms=1000 --duration=4 --log=C:\Users\dohertj2\Desktop\mxaccess\captures\076-frida-write2-test-datetime-array-timestamp\harness.log --client=MxFridaTrace-076-frida-write2-test-datetime-array-timestamp`...
|
|
Spawned `C:\Users\dohertj2\Desktop\mxaccess\src\MxTraceHarness\bin\Release\net481\MxTraceHarness.exe --scenario=write2 --tag=TestChildObject.TestDateTimeArray[] --type=datetime[] --value=2026-04-25T09:00:00;2026-04-25T09:01:00;2026-04-25T09:02:00;2026-04-25T09:03:00;2026-04-25T09:04:00;2026-04-25T09:05:00;2026-04-25T09:06:00;2026-04-25T09:07:00;2026-04-25T09:08:00;2026-04-25T09:09:00 --user-id=1 --write-time=2026-04-25T08:15:16 --write-delay-ms=1000 --duration=4 --log=C:\Users\dohertj2\Desktop\mxaccess\captures\076-frida-write2-test-datetime-array-timestamp\harness.log --client=MxFridaTrace-076-frida-write2-test-datetime-array-timestamp`. Resuming main thread!
|
|
[Local::MxTraceHarness.exe ]-> {"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","base":"0x65a40000","rva":"0x12c0c","address":"0x65a52c0c","time":"2026-04-25T20:17:40.194Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantB","base":"0x65a40000","rva":"0x13280","address":"0x65a53280","time":"2026-04-25T20:17:40.195Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.WriteSecured.variantA","base":"0x65a40000","rva":"0x12f24","address":"0x65a52f24","time":"2026-04-25T20:17:40.195Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.WriteSecured.variantB","base":"0x65a40000","rva":"0x135fe","address":"0x65a535fe","time":"2026-04-25T20:17:40.196Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","base":"0x65a40000","rva":"0x142b4","address":"0x65a542b4","time":"2026-04-25T20:17:40.196Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"MxConnection.PrebindReference","base":"0x10000000","rva":"0xea780","address":"0x100ea780","time":"2026-04-25T20:17:46.750Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"MxConnection.UserRegisterPreboundReference","base":"0x10000000","rva":"0xe1920","address":"0x100e1920","time":"2026-04-25T20:17:46.751Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"IMxReference.GetMxHandle","base":"0x10000000","rva":"0x5f730","address":"0x1005f730","time":"2026-04-25T20:17:46.751Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","base":"0x10000000","rva":"0x8f8b0","address":"0x1008f8b0","time":"2026-04-25T20:17:46.752Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"PreboundReference.Resolve","base":"0x10000000","rva":"0x113d40","address":"0x10113d40","time":"2026-04-25T20:17:46.752Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"PreboundReference.OnPlatformResolveReferenceResults","base":"0x10000000","rva":"0x1155a0","address":"0x101155a0","time":"2026-04-25T20:17:46.753Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"PreboundReference.OnSetAttributeResult","base":"0x10000000","rva":"0x114a90","address":"0x10114a90","time":"2026-04-25T20:17:46.753Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","base":"0x64180000","rva":"0x10996","address":"0x64190996","time":"2026-04-25T20:17:46.851Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","base":"0x64180000","rva":"0x112da","address":"0x641912da","time":"2026-04-25T20:17:46.852Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","base":"0x64180000","rva":"0x15169","address":"0x64195169","time":"2026-04-25T20:17:46.852Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequestEx","base":"0x64180000","rva":"0x159c3","address":"0x641959c3","time":"2026-04-25T20:17:46.853Z"}
|
|
{"event":"lmx.fixup-mxhandle.enter","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","accessManager":"0x9837010","outPtr":"0x116e548","inWords":[65537,65537,0,0,0,0],"time":"2026-04-25T20:17:46.880Z"}
|
|
{"event":"lmx.fixup-mxhandle.leave","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","outPtr":"0x116e548","handle":{"raw":"01 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00","w0":65537,"w1":65537,"w2":0,"w3":0,"w4":0},"retval":"0x116e548","time":"2026-04-25T20:17:46.880Z"}
|
|
{"event":"lmx.fixup-mxhandle.enter","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","accessManager":"0x9837010","outPtr":"0x116e548","inWords":[65537,65537,0,0,0,0],"time":"2026-04-25T20:17:46.881Z"}
|
|
{"event":"lmx.fixup-mxhandle.leave","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","outPtr":"0x116e548","handle":{"raw":"01 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00","w0":65537,"w1":65537,"w2":0,"w3":0,"w4":0},"retval":"0x116e548","time":"2026-04-25T20:17:46.881Z"}
|
|
{"event":"lmx.prebind.enter","module":"Lmx.dll","name":"MxConnection.PrebindReference","ecx":"0x10188a34","reference":"\u8a34\u1018\u8a20\u1018\u8a04\u1018\u89f0\u1018\u89dc\u1018\u89ac\u1018\u0004","time":"2026-04-25T20:17:46.971Z"}
|
|
{"event":"lmx.mxhandle.read","module":"Lmx.dll","name":"IMxReference.GetMxHandle","referencePtr":"0x98e2788","outPtr":"0x116eac8","handle":{"raw":"01 00 01 00 02 00 05 00 36 d7 02 00 a1 00 0a 00 1b df ff ff","w0":65537,"w1":327682,"w2":186166,"w3":655521,"w4":4294958875},"retval":"0x116eac8","time":"2026-04-25T20:17:46.972Z"}
|
|
{"event":"lmx.prebound-resolve.enter","module":"Lmx.dll","name":"PreboundReference.Resolve","prebound":{"ptr":"0x9840588","referenceString":{"length":35,"capacity":39,"value":"TestChildObject.TestDateTimeArray[]"},"contextString":{"length":0,"capacity":7,"value":""},"auxString":{"length":0,"capacity":7,"value":""},"mxReference":"0x990e2e8","status":3,"errorText":"","raw":"08 64 19 10 f0 63 19 10 00 6f 00 6e e8 63 19 10 00 67 00 43 02 00 00 00 38 90 91 09 00 65 00 00 00 02 00 00 00 00 00 02 23 00 00 00 27 00 00 00 00 00 00 01 00 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 01 00 02 00 e8 e2 90 09 8c 59 4b 08 00 00 00 00 00 00 00 00 00 00 00 00 10 70 83 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 7c fe 6e 01 00 00 00 00"},"time":"2026-04-25T20:17:46.973Z"}
|
|
{"event":"lmx.mxhandle.read","module":"Lmx.dll","name":"IMxReference.GetMxHandle","referencePtr":"0x98405d8","outPtr":"0x116ea58","handle":{"raw":"01 00 01 00 02 00 05 00 36 d7 02 00 a1 00 0a 00 1b df ff ff","w0":65537,"w1":327682,"w2":186166,"w3":655521,"w4":4294958875},"retval":"0x116ea58","time":"2026-04-25T20:17:46.973Z"}
|
|
{"event":"lmx.mxhandle.read","module":"Lmx.dll","name":"IMxReference.GetMxHandle","referencePtr":"0x98405d8","outPtr":"0x116ea58","handle":{"raw":"01 00 01 00 02 00 05 00 36 d7 02 00 a1 00 0a 00 1b df ff ff","w0":65537,"w1":327682,"w2":186166,"w3":655521,"w4":4294958875},"retval":"0x116ea58","time":"2026-04-25T20:17:46.973Z"}
|
|
{"event":"lmx.mxhandle.read","module":"Lmx.dll","name":"IMxReference.GetMxHandle","referencePtr":"0x98405d8","outPtr":"0x116ea58","handle":{"raw":"01 00 01 00 02 00 05 00 36 d7 02 00 a1 00 0a 00 1b df ff ff","w0":65537,"w1":327682,"w2":186166,"w3":655521,"w4":4294958875},"retval":"0x116ea58","time":"2026-04-25T20:17:46.974Z"}
|
|
{"event":"lmx.prebound-resolve.leave","module":"Lmx.dll","name":"PreboundReference.Resolve","prebound":{"ptr":"0x9840588","referenceString":{"length":35,"capacity":39,"value":"TestChildObject.TestDateTimeArray[]"},"contextString":{"length":0,"capacity":7,"value":""},"auxString":{"length":0,"capacity":7,"value":""},"mxReference":"0x990e2e8","status":3,"errorText":"","raw":"08 64 19 10 f0 63 19 10 00 6f 00 6e e8 63 19 10 00 67 00 43 02 00 00 00 38 90 91 09 00 65 00 00 00 02 00 00 00 00 00 02 23 00 00 00 27 00 00 00 00 00 00 01 00 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 01 00 02 00 e8 e2 90 09 8c 59 4b 08 00 00 00 00 00 00 00 00 00 00 00 00 10 70 83 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 7c fe 6e 01 00 00 00 00"},"retval":"0x70fe1e01","time":"2026-04-25T20:17:46.975Z"}
|
|
{"event":"lmx.prebind.leave","module":"Lmx.dll","name":"MxConnection.PrebindReference","handle":6619220,"time":"2026-04-25T20:17:46.975Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","address":"0x65a542b4","ecx":"0x116ec2c","args":["0x6458ff0","0x1","0x1","0x47a4689a","0x74794704"],"time":"2026-04-25T20:17:46.977Z"}
|
|
{"event":"lmx.fixup-mxhandle.enter","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","accessManager":"0x9837010","outPtr":"0x116eaac","inWords":[65537,327682,186166,655521,4294958875,0],"time":"2026-04-25T20:17:46.977Z"}
|
|
{"event":"lmx.fixup-mxhandle.leave","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","outPtr":"0x116eaac","handle":{"raw":"01 00 01 00 02 00 05 00 36 d7 02 00 a1 00 0a 00 1b df ff ff","w0":65537,"w1":327682,"w2":186166,"w3":655521,"w4":4294958875},"retval":"0x116eaac","time":"2026-04-25T20:17:46.977Z"}
|
|
{"event":"lmx.fixup-mxhandle.enter","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","accessManager":"0x9837010","outPtr":"0x116d740","inWords":[65537,327682,186166,655521,4294958875,0],"time":"2026-04-25T20:17:46.978Z"}
|
|
{"event":"lmx.fixup-mxhandle.leave","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","outPtr":"0x116d740","handle":{"raw":"01 00 01 00 02 00 05 00 36 d7 02 00 a1 00 0a 00 1b df ff ff","w0":65537,"w1":327682,"w2":186166,"w3":655521,"w4":4294958875},"retval":"0x116d740","time":"2026-04-25T20:17:46.978Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","retval":"0x0","time":"2026-04-25T20:17:46.978Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x983c738","0x1","0x1","0x1","0x2","0x0","0x13a","0x9840648","0x116e8f0","0x1129db16"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":1,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":314,"ptr":"0x9840648","hex":"17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 6a 00 00 00 40 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 d0 fc 83 09 1f 01 00 24 09 15 1f 01 0d a3 40 ad 66 44 f1 cd a6 01 18 00 00 01 00 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 76 00 00 00 4c 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 43 00 6f 00 6e 00 66 00 69 00 67 00 43 00 68 00 61 00 6e 00 67 00 65 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 50 03 84 09 20 01 00 02 00 00 00"}],"time":"2026-04-25T20:17:47.100Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x983c738","args":["0x1","0x1","0x1","0x168","0xa9df020","0xcdda3bcb","0x9840214","0x9840204","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":360,"ptr":"0xa9df020","hex":"01 00 3a 01 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fa 7f 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 02 00 00 30 75 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 6a 00 00 00 40 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 d0 fc 83 09 1f 01 00 24 09 15 1f 01 0d a3 40 ad 66 44 f1 cd a6 01 18 00 00 01 00 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 76 00 00 00 4c 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 43 00 6f 00 6e 00 66 00 69 00 67 00 43 00 68 00 61 00 6e 00 67 00 65 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 50 03 84 09 20 01 00 02 00 00 00"}],"time":"2026-04-25T20:17:47.103Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T20:17:47.104Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T20:17:47.105Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x983c738","0x1","0x1","0x2","0x2","0x0","0x27","0x990e7b0","0x116e8f0","0x1129db16"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":39,"ptr":"0x990e7b0","hex":"1f 01 00 24 09 15 1f 01 0d a3 40 ad 66 44 f1 cd a6 01 18 00 00 05 00 36 d7 02 00 a1 00 0a 00 1b df ff ff 03 00 00 00"}],"time":"2026-04-25T20:17:47.106Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x983c738","args":["0x1","0x1","0x2","0x55","0xa9df020","0xcdda3bcb","0x9919634","0x9919624","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":85,"ptr":"0xa9df020","hex":"01 00 27 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fa 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 1f 01 00 24 09 15 1f 01 0d a3 40 ad 66 44 f1 cd a6 01 18 00 00 05 00 36 d7 02 00 a1 00 0a 00 1b df ff ff 03 00 00 00"}],"time":"2026-04-25T20:17:47.107Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T20:17:47.108Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T20:17:47.109Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x983c738","args":["0x5c","0x835021c","0x7b6eda0","0x76ffedd8","0x983c744","0x5c","0x835021c","0x206","0x3","0x7e3a2c4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":92,"ptr":"0x835021c","hex":"5c 00 00 00 01 00 2e 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fa 7f 00 00 02 02 00 00 30 75 00 00 00 00 50 80 01 00 01 00 02 00 30 75 00 00 cc 92 9c f1 1a fe fa 43 b8 4c 78 14 08 d5 72 24 24 09 15 1f 01 0d a3 40 ad 66 44 f1"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7e3a2c4","hex":"f0 a0 4c"}],"time":"2026-04-25T20:17:47.118Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-25T20:17:47.120Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x983c738","args":["0xea","0x173e3ec","0x7b6eda0","0x76ffedd8","0x983c744","0xea","0x173e3ec","0x206","0x3","0x7e3a2c4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":234,"ptr":"0x173e3ec","hex":"ea 00 00 00 01 00 bc 00 00 00 00 00 00 00 83 89 05 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fa 7f 00 00 01 02 00 00 30 75 00 00 32 01 00 01 00 00 00 cc 92 9c f1 1a fe fa 43 b8 4c 78 14 08 d5 72 24 24 09 15 1f 01 0d a3 40 ad 66 44 f1 cd a6 01 18 03 00 00 00 03 00 00 00 c0 00 40 85 bb 06 7f d4 dc 01 46 00 00 00 00 0a 00 0c 00 00 00 00 58 f7 21 81 d4 dc 01 00 00 00 00 00 9e ba 45 81 d4 dc 01 00 00 00 00 00 e4 7d 69 81 d4 dc 01 00 00 00 00 00 2a 41 8d 81 d4 dc 01 00 00 00 00 00 70 04 b1 81 d4 dc 01 00 00 00 00 00 b6 c7 d4 81 d4 dc 01 00 00 00 00 00 fc 8a f8 81 d4 dc 01 00 00 00 00 00 42 4e 1c 82 d4 dc 01 00 00 00 00 00 88 11 40 82 d4 dc 01 00 00 00 00 00 ce d4 63 82 d4 dc 01"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7e3a2c4","hex":"f0 a0 4c"}],"time":"2026-04-25T20:17:47.123Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-25T20:17:47.125Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x983c738","args":["0x2c2","0x835021c","0x7b6eda0","0x76ffedd8","0x983c744","0x2c2","0x835021c","0x206","0x3","0x7e3a2c4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":706,"ptr":"0x835021c","hex":"c2 02 00 00 01 00 94 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fa 7f 00 00 02 02 00 00 30 75 00 00 40 1f 50 80 08 a6 00 00 00 40 00 00 91 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 18 00 00 00 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 00 00 28 00 00 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 53 f2 9a 00 6a 00 0a 00 5f f1 00 00 01 6c 00 00 00 41 00 6e 00 20 00 69 00 6e 00 74 00 65 00 72 00 6e 00 61 00 6c 00 20 00 65 00 72 00 72 00 6f 00 72 00 20 00 6f 00 63 00 63 00 75 00 72 00 72 00 65 00 64 00 20 00 69 00 6e 00 20 00 74 00 68 00 65 00 20 00 42 00 61 00 73 00 65 00 20 00 52 00 75 00 6e 00 74 00 69 00 6d 00 65 00 20 00 4f 00 62 00 6a 00 65 00 63 00 74 00 00 00 1f 00 00 50 80 01 00 01 00 01 00 30 75 00 00 56 17 5c b1 75 a4 64 45 91 76 8a 77 fb 55 74 8a 24 09 15 1f 01 0d a3 40 ad 66 44 f1 cd a6 01 18 40 1f 50 80 08 be 00 00 00 4c 00 00 91 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 43 00 6f 00 6e 00 66 00 69 00 67 00 43 00 68 00 61 00 6e 00 67 00 65 00 00 00 18 00 00 00 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 00 00 34 00 00 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 43 00 6f 00 6e 00 66 00 69 00 67 00 43 00 68 00 61 00 6e 00 67 00 65 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 53 f2 9a 00 6b 00 0a 00 87 3a 00 00 01 6c 00 00 00 41 00 6e 00 20 00 69 00 6e 00 74 00 65 00 72 00 6e 00 61 00 6c 00 20 00 65 00 72 00 72 00 6f 00 72 00 20 00 6f 00 63 00 63 00 75 00 72 00 72 00 65 00 64 00 20 00 69 00 6e 00 20 00 74 00 68 00 65 00 20 00 42 00 61 00 73 00 65 00 20 00 52 00 75 00 6e 00 74 00 69 00 6d 00 65 00 20 00 4f 00 62 00 6a 00 65 00 63 00 74 00 00 00 20 00 00 50 80 01 00 01 00 01 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7e3a2c4","hex":"f0 a0 4c"}],"time":"2026-04-25T20:17:47.163Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-25T20:17:47.164Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x983c738","args":["0x97","0x173e3ec","0x7b6eda0","0x76ffedd8","0x983c744","0x97","0x173e3ec","0x206","0x3","0x7e3a2c4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":151,"ptr":"0x173e3ec","hex":"97 00 00 00 01 00 69 00 00 00 00 00 00 00 c0 f7 0b 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fa 7f 00 00 01 02 00 00 30 75 00 00 32 01 00 02 00 00 00 56 17 5c b1 75 a4 64 45 91 76 8a 77 fb 55 74 8a 24 09 15 1f 01 0d a3 40 ad 66 44 f1 cd a6 01 18 01 00 00 00 03 00 00 00 c0 00 20 2e 5a 46 28 d3 dc 01 06 0a 00 00 00 00 a0 41 c3 55 bd dc 01 00 00 02 00 00 00 03 00 00 00 c0 00 80 18 5b 46 28 d3 dc 01 06 0a 00 00 00 80 c1 75 25 a5 bd"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7e3a2c4","hex":"f0 a0 4c"}],"time":"2026-04-25T20:17:47.167Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-25T20:17:47.168Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantB","address":"0x65a53280","ecx":"0x116ebfc","args":["0x6458ff0","0x1","0x1","0x2007","0x0","0x83b0618","0x0","0x7","0x0","0x1845c8a","0x40e6872b","0x1","0x47a4689a"],"time":"2026-04-25T20:17:48.032Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantB","retval":"0x0","time":"2026-04-25T20:17:48.033Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x983c738","0x1","0x1","0x2","0x2","0x0","0x254","0x991a4e0","0x116e8f0","0x1129db16"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":596,"ptr":"0x991a4e0","hex":"37 01 00 05 00 36 d7 02 00 a1 00 0a 00 1b df ff ff 45 00 00 00 00 0a 00 04 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 30 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 31 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 32 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 33 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 34 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 35 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 36 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 37 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 38 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 39 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 00 00 00 e2 c7 2c ad d4 dc 01 35 07 b1 0b 01 00 00 00"}],"time":"2026-04-25T20:17:48.087Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x983c738","args":["0x1","0x1","0x2","0x282","0xa9df020","0xcdda3bcb","0x9919a8c","0x9919a7c","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":642,"ptr":"0xa9df020","hex":"01 00 54 02 00 00 00 00 00 00 03 00 00 00 01 00 00 00 01 00 00 00 fa 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 37 01 00 05 00 36 d7 02 00 a1 00 0a 00 1b df ff ff 45 00 00 00 00 0a 00 04 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 30 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 31 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 32 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 33 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 34 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 35 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 36 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 37 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 38 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 33 00 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 39 00 3a 00 30 00 39 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 00 00 00 e2 c7 2c ad d4 dc 01 35 07 b1 0b 01 00 00 00"}],"time":"2026-04-25T20:17:48.090Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T20:17:48.091Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T20:17:48.092Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x983c738","args":["0x33","0x835021c","0x7b6eda0","0x76ffedd8","0x983c744","0x33","0x835021c","0x206","0x3","0x7e3a2c4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":51,"ptr":"0x835021c","hex":"33 00 00 00 01 00 05 00 00 00 00 00 00 00 03 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fa 7f 00 00 02 02 00 00 30 75 00 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7e3a2c4","hex":"f0 a0 4c"}],"time":"2026-04-25T20:17:48.100Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-25T20:17:48.101Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x983c738","args":["0xd6","0xadd347c","0x7b6eda0","0x76ffedd8","0x983c744","0xd6","0xadd347c","0x206","0x3","0x7e3a2c4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":214,"ptr":"0xadd347c","hex":"d6 00 00 00 01 00 a8 00 00 00 00 00 00 00 84 89 05 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fa 7f 00 00 01 02 00 00 30 75 00 00 33 01 00 01 00 00 00 cc 92 9c f1 1a fe fa 43 b8 4c 78 14 08 d5 72 24 03 00 00 00 c0 00 00 e2 c7 2c ad d4 dc 01 46 00 00 00 00 0a 00 0c 00 00 00 00 c8 91 6c b3 d4 dc 01 00 00 00 00 00 0e 55 90 b3 d4 dc 01 00 00 00 00 00 54 18 b4 b3 d4 dc 01 00 00 00 00 00 9a db d7 b3 d4 dc 01 00 00 00 00 00 e0 9e fb b3 d4 dc 01 00 00 00 00 00 26 62 1f b4 d4 dc 01 00 00 00 00 00 6c 25 43 b4 d4 dc 01 00 00 00 00 00 b2 e8 66 b4 d4 dc 01 00 00 00 00 00 f8 ab 8a b4 d4 dc 01 00 00 00 00 00 3e 6f ae b4 d4 dc 01"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7e3a2c4","hex":"f0 a0 4c"}],"time":"2026-04-25T20:17:48.104Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-25T20:17:48.105Z"}
|
|
Process terminated
|
|
|
|
Thank you for using Frida!
|