Joseph Doherty
fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Layout:
- src/ .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
MxAsbClient, probes, tests, harnesses. Executable spec.
- design/ Architectural plan for the Rust port (M0–M6), error
model, protocol invariants, risks (R1–R16), adversarial
review log (review.md).
- rust/ Rust workspace. M0 skeleton + M1 codec parity.
mxaccess-codec: 215 unit tests + 2 cross-implementation
parity tests (byte-identical against .NET reference).
Other crates are M0 stubs awaiting M2+.
- captures/ Frida + netsh + pcap evidence per CLAUDE.md
("captures are evidence, not throwaway logs").
- analysis/ Decompiled C# (frida/proxy/decompiled-*),
Ghidra exports for native DLLs (`exports/` only —
working state at `projects/` and AVEVA's input
binaries at `input/` are gitignored).
- docs/ Reverse-engineering reference docs.
- tools/ Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/ Rust CI: fmt + build + test + clippy on Windows.
- LICENSE MIT (Joseph Doherty, 2026).
Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly
Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
87 lines
27 KiB
JSON
87 lines
27 KiB
JSON
____
|
|
/ _ | Frida 17.9.1 - A world-class dynamic instrumentation toolkit
|
|
| (_| |
|
|
> _ | Commands:
|
|
/_/ |_| help -> Displays the help system
|
|
. . . . object? -> Display information about 'object'
|
|
. . . . exit/quit -> Exit
|
|
. . . .
|
|
. . . . More info at https://frida.re/docs/home/
|
|
. . . .
|
|
. . . . Connected to Local System (id=local)
|
|
Spawning `C:\Users\dohertj2\Desktop\mxaccess\src\MxTraceHarness\bin\Release\net481\MxTraceHarness.exe --scenario=write-secured2 --tag=TestMachine_001.ProtectedValue --type=bool --value=false --user-id=1 --current-user-id=0 --verifier-user-id=0 --authenticate-before-write --auth-user=dohertj2 --write-delay-ms=1000 --duration=5 --log=C:\Users\dohertj2\Desktop\mxaccess\captures\114-frida-write-secured2-auth-protectedvalue-false\harness.log --client=MxFridaTrace-114-frida-write-secured2-auth-protectedvalue-false`...
|
|
Spawned `C:\Users\dohertj2\Desktop\mxaccess\src\MxTraceHarness\bin\Release\net481\MxTraceHarness.exe --scenario=write-secured2 --tag=TestMachine_001.ProtectedValue --type=bool --value=false --user-id=1 --current-user-id=0 --verifier-user-id=0 --authenticate-before-write --auth-user=dohertj2 --write-delay-ms=1000 --duration=5 --log=C:\Users\dohertj2\Desktop\mxaccess\captures\114-frida-write-secured2-auth-protectedvalue-false\harness.log --client=MxFridaTrace-114-frida-write-secured2-auth-protectedvalue-false`. Resuming main thread!
|
|
[Local::MxTraceHarness.exe ]-> {"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","base":"0x65a40000","rva":"0x12c0c","address":"0x65a52c0c","time":"2026-04-26T01:27:19.156Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantB","base":"0x65a40000","rva":"0x13280","address":"0x65a53280","time":"2026-04-26T01:27:19.157Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.WriteSecured.variantA","base":"0x65a40000","rva":"0x12f24","address":"0x65a52f24","time":"2026-04-26T01:27:19.157Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.WriteSecured.variantB","base":"0x65a40000","rva":"0x135fe","address":"0x65a535fe","time":"2026-04-26T01:27:19.158Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.AddBufferedItem","base":"0x65a40000","rva":"0x1121d","address":"0x65a5121d","time":"2026-04-26T01:27:19.158Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.SetBufferedUpdateInterval","base":"0x65a40000","rva":"0xfc80","address":"0x65a4fc80","time":"2026-04-26T01:27:19.159Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","base":"0x65a40000","rva":"0x142b4","address":"0x65a542b4","time":"2026-04-26T01:27:19.159Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CProxy_ILMXProxyServerEvents2.Fire_OnBufferedDataChange","base":"0x65a40000","rva":"0x163c0","address":"0x65a563c0","time":"2026-04-26T01:27:19.160Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.AuthenticateUser","base":"0x65a40000","rva":"0x1399f","address":"0x65a5399f","time":"2026-04-26T01:27:19.161Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"MxConnection.PrebindReference","base":"0x10000000","rva":"0xea780","address":"0x100ea780","time":"2026-04-26T01:27:26.207Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"MxConnection.UserRegisterPreboundReference","base":"0x10000000","rva":"0xe1920","address":"0x100e1920","time":"2026-04-26T01:27:26.208Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"IMxReference.GetMxHandle","base":"0x10000000","rva":"0x5f730","address":"0x1005f730","time":"2026-04-26T01:27:26.209Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","base":"0x10000000","rva":"0x8f8b0","address":"0x1008f8b0","time":"2026-04-26T01:27:26.209Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"PreboundReference.Resolve","base":"0x10000000","rva":"0x113d40","address":"0x10113d40","time":"2026-04-26T01:27:26.210Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"PreboundReference.OnPlatformResolveReferenceResults","base":"0x10000000","rva":"0x1155a0","address":"0x101155a0","time":"2026-04-26T01:27:26.210Z"}
|
|
{"event":"hook.installed","module":"Lmx.dll","name":"PreboundReference.OnSetAttributeResult","base":"0x10000000","rva":"0x114a90","address":"0x10114a90","time":"2026-04-26T01:27:26.212Z"}
|
|
{"event":"lmx.fixup-mxhandle.enter","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","accessManager":"0x97d6fe8","outPtr":"0x113e330","inWords":[65537,65537,0,0,0,0],"time":"2026-04-26T01:27:26.299Z"}
|
|
{"event":"lmx.fixup-mxhandle.leave","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","outPtr":"0x113e330","handle":{"raw":"01 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00","w0":65537,"w1":65537,"w2":0,"w3":0,"w4":0},"retval":"0x113e330","time":"2026-04-26T01:27:26.300Z"}
|
|
{"event":"lmx.fixup-mxhandle.enter","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","accessManager":"0x97d6fe8","outPtr":"0x113e330","inWords":[65537,65537,0,0,0,0],"time":"2026-04-26T01:27:26.300Z"}
|
|
{"event":"lmx.fixup-mxhandle.leave","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","outPtr":"0x113e330","handle":{"raw":"01 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00","w0":65537,"w1":65537,"w2":0,"w3":0,"w4":0},"retval":"0x113e330","time":"2026-04-26T01:27:26.301Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","base":"0x64180000","rva":"0x10996","address":"0x64190996","time":"2026-04-26T01:27:26.309Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","base":"0x64180000","rva":"0x112da","address":"0x641912da","time":"2026-04-26T01:27:26.309Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","base":"0x64180000","rva":"0x15169","address":"0x64195169","time":"2026-04-26T01:27:26.310Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequestEx","base":"0x64180000","rva":"0x159c3","address":"0x641959c3","time":"2026-04-26T01:27:26.310Z"}
|
|
{"event":"lmx.prebind.enter","module":"Lmx.dll","name":"MxConnection.PrebindReference","self":"0x97e0234","outPtr":"0x113e95c","referencePtr":"0x113e990","reference":"TestMachine_001.ProtectedValue","time":"2026-04-26T01:27:26.411Z"}
|
|
{"event":"lmx.mxhandle.read","module":"Lmx.dll","name":"IMxReference.GetMxHandle","referencePtr":"0x9880c58","outPtr":"0x113e8c4","handle":{"raw":"01 00 01 00 02 00 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00","w0":65537,"w1":393218,"w2":193544,"w3":655526,"w4":26555},"retval":"0x113e8c4","time":"2026-04-26T01:27:26.412Z"}
|
|
{"event":"lmx.prebound-resolve.enter","module":"Lmx.dll","name":"PreboundReference.Resolve","prebound":{"ptr":"0x97e0560","referenceString":{"length":30,"capacity":31,"value":"TestMachine_001.ProtectedValue"},"contextString":{"length":0,"capacity":7,"value":""},"auxString":{"length":0,"capacity":7,"value":""},"mxReference":"0x98ae110","flags10":1124099840,"word14":2,"word4c":131073,"word54":138427596,"word58":0,"word5c":0,"word60":0,"word64":159215592,"word68":0,"word6c":0,"worda0":0,"worda4":0,"status":3,"flagb0":0,"errorText":"","raw":"08 64 19 10 f0 63 19 10 00 6f 00 6e e8 63 19 10 00 67 00 43 02 00 00 00 70 db 8a 09 00 65 00 00 00 02 00 00 00 00 00 02 1e 00 00 00 1f 00 00 00 00 00 00 01 00 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 01 00 02 00 10 e1 8a 09 cc 3c 40 08 00 00 00 00 00 00 00 00 00 00 00 00 e8 6f 7d 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ac b4 35 01 00 00 00 00"},"time":"2026-04-26T01:27:26.413Z"}
|
|
{"event":"lmx.mxhandle.read","module":"Lmx.dll","name":"IMxReference.GetMxHandle","referencePtr":"0x97e05b0","outPtr":"0x113e854","handle":{"raw":"01 00 01 00 02 00 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00","w0":65537,"w1":393218,"w2":193544,"w3":655526,"w4":26555},"retval":"0x113e854","time":"2026-04-26T01:27:26.413Z"}
|
|
{"event":"lmx.mxhandle.read","module":"Lmx.dll","name":"IMxReference.GetMxHandle","referencePtr":"0x97e05b0","outPtr":"0x113e854","handle":{"raw":"01 00 01 00 02 00 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00","w0":65537,"w1":393218,"w2":193544,"w3":655526,"w4":26555},"retval":"0x113e854","time":"2026-04-26T01:27:26.414Z"}
|
|
{"event":"lmx.mxhandle.read","module":"Lmx.dll","name":"IMxReference.GetMxHandle","referencePtr":"0x97e05b0","outPtr":"0x113e854","handle":{"raw":"01 00 01 00 02 00 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00","w0":65537,"w1":393218,"w2":193544,"w3":655526,"w4":26555},"retval":"0x113e854","time":"2026-04-26T01:27:26.414Z"}
|
|
{"event":"lmx.prebound-resolve.leave","module":"Lmx.dll","name":"PreboundReference.Resolve","prebound":{"ptr":"0x97e0560","referenceString":{"length":30,"capacity":31,"value":"TestMachine_001.ProtectedValue"},"contextString":{"length":0,"capacity":7,"value":""},"auxString":{"length":0,"capacity":7,"value":""},"mxReference":"0x98ae110","flags10":1124099840,"word14":2,"word4c":131073,"word54":138427596,"word58":0,"word5c":0,"word60":0,"word64":159215592,"word68":0,"word6c":0,"worda0":0,"worda4":0,"status":3,"flagb0":0,"errorText":"","raw":"08 64 19 10 f0 63 19 10 00 6f 00 6e e8 63 19 10 00 67 00 43 02 00 00 00 70 db 8a 09 00 65 00 00 00 02 00 00 00 00 00 02 1e 00 00 00 1f 00 00 00 00 00 00 01 00 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 01 00 02 00 10 e1 8a 09 cc 3c 40 08 00 00 00 00 00 00 00 00 00 00 00 00 e8 6f 7d 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ac b4 35 01 00 00 00 00"},"retval":"0x70fe1e01","time":"2026-04-26T01:27:26.415Z"}
|
|
{"event":"lmx.prebind.leave","module":"Lmx.dll","name":"MxConnection.PrebindReference","handle":1,"time":"2026-04-26T01:27:26.415Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","address":"0x65a542b4","ecx":"0x113ea1c","args":["0x6358fe0","0x1","0x1","0xe940e4b3","0x74794704"],"time":"2026-04-26T01:27:26.417Z"}
|
|
{"event":"lmx.fixup-mxhandle.enter","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","accessManager":"0x97d6fe8","outPtr":"0x113e89c","inWords":[65537,393218,193544,655526,26555,0],"time":"2026-04-26T01:27:26.417Z"}
|
|
{"event":"lmx.fixup-mxhandle.leave","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","outPtr":"0x113e89c","handle":{"raw":"01 00 01 00 02 00 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00","w0":65537,"w1":393218,"w2":193544,"w3":655526,"w4":26555},"retval":"0x113e89c","time":"2026-04-26T01:27:26.418Z"}
|
|
{"event":"lmx.fixup-mxhandle.enter","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","accessManager":"0x97d6fe8","outPtr":"0x113d530","inWords":[65537,393218,193544,655526,26555,0],"time":"2026-04-26T01:27:26.418Z"}
|
|
{"event":"lmx.fixup-mxhandle.leave","module":"Lmx.dll","name":"AccessManager.FixUpMxHandle","outPtr":"0x113d530","handle":{"raw":"01 00 01 00 02 00 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00","w0":65537,"w1":393218,"w2":193544,"w3":655526,"w4":26555},"retval":"0x113d530","time":"2026-04-26T01:27:26.419Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","retval":"0x0","time":"2026-04-26T01:27:26.419Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x97dc710","0x1","0x1","0x1","0x2","0x0","0x13a","0x97e0620","0x113e6e0","0xfdd1603"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":1,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":314,"ptr":"0x97e0620","hex":"17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 6a 00 00 00 40 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 a8 fc 7d 09 1f 01 00 7d 18 17 b8 e3 f4 23 41 9a a4 c3 e5 bf 0d e1 0a 00 00 01 00 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 76 00 00 00 4c 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 43 00 6f 00 6e 00 66 00 69 00 67 00 43 00 68 00 61 00 6e 00 67 00 65 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 28 03 7e 09 20 01 00 02 00 00 00"}],"time":"2026-04-26T01:27:26.545Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x97dc710","args":["0x1","0x1","0x1","0x168","0xa978020","0x8c77c5b2","0x97e01ec","0x97e01dc","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":360,"ptr":"0xa978020","hex":"01 00 3a 01 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 02 00 00 30 75 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 6a 00 00 00 40 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 a8 fc 7d 09 1f 01 00 7d 18 17 b8 e3 f4 23 41 9a a4 c3 e5 bf 0d e1 0a 00 00 01 00 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 76 00 00 00 4c 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 43 00 6f 00 6e 00 66 00 69 00 67 00 43 00 68 00 61 00 6e 00 67 00 65 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 28 03 7e 09 20 01 00 02 00 00 00"}],"time":"2026-04-26T01:27:26.547Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-26T01:27:26.548Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-26T01:27:26.548Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x97dc710","0x1","0x1","0x2","0x2","0x0","0x27","0x98ad858","0x113e6e0","0xfdd1603"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":39,"ptr":"0x98ad858","hex":"1f 01 00 7d 18 17 b8 e3 f4 23 41 9a a4 c3 e5 bf 0d e1 0a 00 00 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00 03 00 00 00"}],"time":"2026-04-26T01:27:26.549Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x97dc710","args":["0x1","0x1","0x2","0x55","0xa978020","0x8c77c5b2","0x98b955c","0x98b954c","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":85,"ptr":"0xa978020","hex":"01 00 27 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 1f 01 00 7d 18 17 b8 e3 f4 23 41 9a a4 c3 e5 bf 0d e1 0a 00 00 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00 03 00 00 00"}],"time":"2026-04-26T01:27:26.550Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-26T01:27:26.551Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-26T01:27:26.551Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x97dc710","args":["0x2c2","0x8305654","0x7b5e940","0x76ffedd8","0x97dc71c","0x2c2","0x8305654","0x206","0x3","0x7dac514"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":706,"ptr":"0x8305654","hex":"c2 02 00 00 01 00 94 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 40 1f 50 80 08 a6 00 00 00 40 00 00 91 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 18 00 00 00 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 00 00 28 00 00 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 53 f2 9a 00 6a 00 0a 00 5f f1 00 00 01 6c 00 00 00 41 00 6e 00 20 00 69 00 6e 00 74 00 65 00 72 00 6e 00 61 00 6c 00 20 00 65 00 72 00 72 00 6f 00 72 00 20 00 6f 00 63 00 63 00 75 00 72 00 72 00 65 00 64 00 20 00 69 00 6e 00 20 00 74 00 68 00 65 00 20 00 42 00 61 00 73 00 65 00 20 00 52 00 75 00 6e 00 74 00 69 00 6d 00 65 00 20 00 4f 00 62 00 6a 00 65 00 63 00 74 00 00 00 1f 00 00 50 80 01 00 01 00 01 00 30 75 00 00 a5 75 9d b6 2d 9d c6 45 9d 5d 3a 90 e0 75 62 4a 7d 18 17 b8 e3 f4 23 41 9a a4 c3 e5 bf 0d e1 0a 40 1f 50 80 08 be 00 00 00 4c 00 00 91 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 43 00 6f 00 6e 00 66 00 69 00 67 00 43 00 68 00 61 00 6e 00 67 00 65 00 00 00 18 00 00 00 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 00 00 34 00 00 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 43 00 6f 00 6e 00 66 00 69 00 67 00 43 00 68 00 61 00 6e 00 67 00 65 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 53 f2 9a 00 6b 00 0a 00 87 3a 00 00 01 6c 00 00 00 41 00 6e 00 20 00 69 00 6e 00 74 00 65 00 72 00 6e 00 61 00 6c 00 20 00 65 00 72 00 72 00 6f 00 72 00 20 00 6f 00 63 00 63 00 75 00 72 00 72 00 65 00 64 00 20 00 69 00 6e 00 20 00 74 00 68 00 65 00 20 00 42 00 61 00 73 00 65 00 20 00 52 00 75 00 6e 00 74 00 69 00 6d 00 65 00 20 00 4f 00 62 00 6a 00 65 00 63 00 74 00 00 00 20 00 00 50 80 01 00 01 00 01 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7dac514","hex":"48 03 c4"}],"time":"2026-04-26T01:27:26.578Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-26T01:27:26.580Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x97dc710","args":["0x97","0x138698c","0x7b5e940","0x76ffedd8","0x97dc71c","0x97","0x138698c","0x206","0x3","0x7dac514"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":151,"ptr":"0x138698c","hex":"97 00 00 00 01 00 69 00 00 00 00 00 00 00 fa 1a 0d 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 32 01 00 02 00 00 00 a5 75 9d b6 2d 9d c6 45 9d 5d 3a 90 e0 75 62 4a 7d 18 17 b8 e3 f4 23 41 9a a4 c3 e5 bf 0d e1 0a 01 00 00 00 03 00 00 00 c0 00 20 2e 5a 46 28 d3 dc 01 06 0a 00 00 00 00 a0 41 c3 55 bd dc 01 00 00 02 00 00 00 03 00 00 00 c0 00 80 18 5b 46 28 d3 dc 01 06 0a 00 00 00 80 c1 75 25 a5 bd"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7dac514","hex":"48 03 c4"}],"time":"2026-04-26T01:27:26.583Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-26T01:27:26.584Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x97dc710","args":["0x5c","0x8305654","0x7b5e940","0x76ffedd8","0x97dc71c","0x5c","0x8305654","0x206","0x3","0x7dac514"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":92,"ptr":"0x8305654","hex":"5c 00 00 00 01 00 2e 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 00 00 50 80 01 00 01 00 02 00 30 75 00 00 11 d3 e0 7e 42 c1 80 4e 9b 75 ec ba 99 fc f7 ca 7d 18 17 b8 e3 f4 23 41 9a a4 c3 e5"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7dac514","hex":"48 03 c4"}],"time":"2026-04-26T01:27:26.586Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-26T01:27:26.587Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x97dc710","args":["0x69","0x138698c","0x7b5e940","0x76ffedd8","0x97dc71c","0x69","0x138698c","0x206","0x3","0x7dac514"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":105,"ptr":"0x138698c","hex":"69 00 00 00 01 00 3b 00 00 00 00 00 00 00 20 8a 05 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 32 01 00 01 00 00 00 11 d3 e0 7e 42 c1 80 4e 9b 75 ec ba 99 fc f7 ca 7d 18 17 b8 e3 f4 23 41 9a a4 c3 e5 bf 0d e1 0a 03 00 00 00 03 00 00 00 c0 00 80 dc d4 63 1b d5"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7dac514","hex":"48 03 c4"}],"time":"2026-04-26T01:27:26.590Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-26T01:27:26.591Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.AuthenticateUser","address":"0x65a5399f","ecx":"0x113e9e0","serverHandle":1,"user":"dohertj2","passwordLength":8,"userIdOut":"0x113e9c4","time":"2026-04-26T01:27:27.454Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.AuthenticateUser","retval":"0x0","userId":1,"time":"2026-04-26T01:27:27.470Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.WriteSecured.variantB","address":"0x65a535fe","ecx":"0x113e9e8","args":["0x6358fe0","0x1","0x1","0x1","0x0","0xb","0x0","0x0","0x0","0x7","0x0","0x9c34f995","0x40e6873c","0xe940e4b3"],"time":"2026-04-26T01:27:27.497Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.WriteSecured.variantB","retval":"0x0","time":"2026-04-26T01:27:27.499Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x97dc710","0x1","0x1","0x2","0x3","0x0","0xcb","0x98ba108","0x113e6e0","0xfdd1603"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x3","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":203,"ptr":"0x98ba108","hex":"38 01 00 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00 01 00 00 00 80 e9 76 d7 1b d5 dc 01 07 b9 a9 f4 72 6e ae 48 83 b5 bb de 91 8c 89 0f 80 00 00 00 4d 00 78 00 46 00 72 00 69 00 64 00 61 00 54 00 72 00 61 00 63 00 65 00 2d 00 31 00 31 00 34 00 2d 00 66 00 72 00 69 00 64 00 61 00 2d 00 77 00 72 00 69 00 74 00 65 00 2d 00 73 00 65 00 63 00 75 00 72 00 65 00 64 00 32 00 2d 00 61 00 75 00 74 00 68 00 2d 00 70 00 72 00 6f 00 74 00 65 00 63 00 74 00 65 00 64 00 76 00 61 00 6c 00 75 00 65 00 2d 00 66 00 61 00 6c 00 73 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 13 87 cc 0c 01 00 00 00"}],"time":"2026-04-26T01:27:27.553Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x97dc710","args":["0x1","0x1","0x2","0xf9","0xa978020","0x8c77c5b2","0x97d77cc","0x97d77bc","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":249,"ptr":"0xa978020","hex":"01 00 cb 00 00 00 00 00 00 00 03 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 03 00 00 30 75 00 00 38 01 00 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00 01 00 00 00 80 e9 76 d7 1b d5 dc 01 07 b9 a9 f4 72 6e ae 48 83 b5 bb de 91 8c 89 0f 80 00 00 00 4d 00 78 00 46 00 72 00 69 00 64 00 61 00 54 00 72 00 61 00 63 00 65 00 2d 00 31 00 31 00 34 00 2d 00 66 00 72 00 69 00 64 00 61 00 2d 00 77 00 72 00 69 00 74 00 65 00 2d 00 73 00 65 00 63 00 75 00 72 00 65 00 64 00 32 00 2d 00 61 00 75 00 74 00 68 00 2d 00 70 00 72 00 6f 00 74 00 65 00 63 00 74 00 65 00 64 00 76 00 61 00 6c 00 75 00 65 00 2d 00 66 00 61 00 6c 00 73 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 13 87 cc 0c 01 00 00 00"}],"time":"2026-04-26T01:27:27.555Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-26T01:27:27.556Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-26T01:27:27.556Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x97dc710","args":["0x33","0x8305654","0x7b5e940","0x76ffedd8","0x97dc71c","0x33","0x8305654","0x206","0x3","0x7dac514"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":51,"ptr":"0x8305654","hex":"33 00 00 00 01 00 05 00 00 00 00 00 00 00 03 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 03 00 00 30 75 00 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7dac514","hex":"48 03 c4"}],"time":"2026-04-26T01:27:27.579Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-26T01:27:27.580Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x97dc710","args":["0x55","0x138698c","0x7b5e940","0x76ffedd8","0x97dc71c","0x55","0x138698c","0x206","0x3","0x7dac514"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":85,"ptr":"0x138698c","hex":"55 00 00 00 01 00 27 00 00 00 00 00 00 00 21 8a 05 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 33 01 00 01 00 00 00 11 d3 e0 7e 42 c1 80 4e 9b 75 ec ba 99 fc f7 ca 03 00 00 00 c0 00 80 e9 76 d7 1b d5"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x7dac514","hex":"48 03 c4"}],"time":"2026-04-26T01:27:27.582Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x0","time":"2026-04-26T01:27:27.584Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x97dc710","0x1","0x1","0x2","0x2","0x0","0x25","0x98ad858","0x113e73c","0xfdd15f7"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":37,"ptr":"0x98ad858","hex":"21 01 00 7d 18 17 b8 e3 f4 23 41 9a a4 c3 e5 bf 0d e1 0a 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00 03 00 00 00"}],"time":"2026-04-26T01:27:32.529Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x97dc710","args":["0x1","0x1","0x2","0x53","0xa978020","0x8c77c5c6","0x113e78c","0x113e77c","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":83,"ptr":"0xa978020","hex":"01 00 25 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 21 01 00 7d 18 17 b8 e3 f4 23 41 9a a4 c3 e5 bf 0d e1 0a 06 00 08 f4 02 00 a6 00 0a 00 bb 67 00 00 03 00 00 00"}],"time":"2026-04-26T01:27:32.530Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-26T01:27:32.530Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-26T01:27:32.531Z"}
|
|
Process terminated
|
|
|
|
Thank you for using Frida!
|