dohertj2/mxaccess
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb6c689f0916a5fbd2fc1dfd005b2ce418e8bf29
mxaccess/analysis/ghidra/all-native.headless.log
T
Joseph Doherty fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Details
Initial project state: .NET reference, design, Rust port (M0+M1), evidence 
Layout:
- src/                    .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
                          MxAsbClient, probes, tests, harnesses. Executable spec.
- design/                 Architectural plan for the Rust port (M0–M6), error
                          model, protocol invariants, risks (R1–R16), adversarial
                          review log (review.md).
- rust/                   Rust workspace. M0 skeleton + M1 codec parity.
                          mxaccess-codec: 215 unit tests + 2 cross-implementation
                          parity tests (byte-identical against .NET reference).
                          Other crates are M0 stubs awaiting M2+.
- captures/               Frida + netsh + pcap evidence per CLAUDE.md
                          ("captures are evidence, not throwaway logs").
- analysis/               Decompiled C# (frida/proxy/decompiled-*),
                          Ghidra exports for native DLLs (`exports/` only —
                          working state at `projects/` and AVEVA's input
                          binaries at `input/` are gitignored).
- docs/                   Reverse-engineering reference docs.
- tools/                  Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
                          Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/      Rust CI: fmt + build + test + clippy on Windows.
- LICENSE                 MIT (Joseph Doherty, 2026).

Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly

Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 06:21:00 -04:00

757 lines
66 KiB
Plaintext
Raw Blame History

2026-04-25 02:07:07 INFO (LoggingInitialization) Using log config file: jar:file:/C:/Users/dohertj2/Desktop/focas/tools/ghidra_12.0.4_PUBLIC/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml
2026-04-25 02:07:07 INFO (LoggingInitialization) Using log file: C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\all-native.headless.log
2026-04-25 02:07:07 INFO (Preferences) Loading user preferences: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\preferences
2026-04-25 02:07:07 INFO (ClassSearcher) Searching for classes...
2026-04-25 02:07:12 INFO (ClassSearcher) Class search complete (4899 ms)
2026-04-25 02:07:12 INFO (DefaultSSLContextInitializer) Initializing SSL Context
2026-04-25 02:07:13 INFO (SecureRandomFactory) Initializing Random Number Generator...
2026-04-25 02:07:13 INFO (SecureRandomFactory) Random Number Generator initialization complete: SHA1PRNG
2026-04-25 02:07:13 INFO (DefaultTrustManagerFactory) Trust manager disabled, cacerts have not been set
2026-04-25 02:07:14 INFO (AnalyzeHeadless) Headless startup complete (11738 ms)
2026-04-25 02:07:14 INFO (ClassSearcher) Class searcher loaded 58 extension points (18 false positives)
2026-04-25 02:07:15 INFO (HeadlessAnalyzer) HEADLESS Script Paths:
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\FunctionID\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\SwiftDemangler\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\WildcardAssembler\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\MicrosoftCodeAnalyzer\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\FileFormats\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\BytePatterns\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Processors\DATA\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Debug\Debugger\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\PyGhidra\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Debug\Debugger-rmi-trace\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Processors\8051\ghidra_scripts
C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\PDB\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\BSim\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Decompiler\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\SystemEmulation\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Processors\Atmel\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\DecompilerDependent\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Processors\PIC\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\GnuDemangler\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Jython\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\VersionTracking\ghidra_scripts
C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Processors\JVM\ghidra_scripts
2026-04-25 02:07:16 INFO (HeadlessAnalyzer) HEADLESS: execution starts
2026-04-25 02:07:16 INFO (HeadlessAnalyzer) Opening existing project: C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\projects\mxnmx
2026-04-25 02:07:16 INFO (HeadlessProject) Opening project: C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\projects\mxnmx
2026-04-25 02:07:16 INFO (HeadlessAnalyzer) REPORT: Processing input files:
2026-04-25 02:07:16 INFO (HeadlessAnalyzer) project: C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\projects\mxnmx
2026-04-25 02:07:16 INFO (HeadlessAnalyzer) IMPORTING: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/LmxProxy.dll?MD5=b3a6a8f46ce22a48a42c23b77fbf9449
2026-04-25 02:07:24 INFO (ProgramLoader) Using Loader: Portable Executable (PE)
2026-04-25 02:07:24 INFO (ProgramLoader) Using Language/Compiler: x86:LE:32:default:windows
2026-04-25 02:07:24 INFO (ProgramLoader) Using Library Search Path: [., C:\Windows\SysWOW64, C:\Program Files\Eclipse Adoptium\jdk-21.0.10.7-hotspot\bin, C:\Windows\Sun\Java\bin, C:\Windows\system32, C:\Windows, C:\Program Files\WindowsApps\Microsoft.PowerShell_7.6.1.0_x64__8wekyb3d8bbwe, C:\Users\dohertj2\.codex\tmp\arg0\codex-arg0eaNSL1, C:\TwinCAT\Common64, C:\TwinCAT\Common32, C:\Program Files (x86)\Wonderware\OI-Server\CommonFiles\bin\, C:\Program Files (x86)\Common Files\ArchestrA\, C:\Program Files\OpenSSH\, C:\Windows\System32\Wbem, C:\Windows\System32\WindowsPowerShell\v1.0\, C:\Windows\System32\OpenSSH\, C:\Program Files\dotnet\, C:\Program Files\Git\cmd, C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\, C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\, C:\Program Files\Microsoft SQL Server\140\Tools\Binn\, C:\Program Files\Microsoft SQL Server\140\DTS\Binn\, C:\Program Files (x86)\Common Files\ArchestrA\Licensing Framework\License API2, C:\Program Files\nodejs\, C:\Program Files\Docker\Docker\resources\bin, C:\Users\dohertj2\AppData\Local\Programs\Python\Python312\Scripts\, C:\Users\dohertj2\AppData\Local\Programs\Python\Python312\, C:\Users\dohertj2\AppData\Local\Programs\Python\Launcher\, C:\Users\dohertj2\AppData\Local\Microsoft\WindowsApps, C:\Users\dohertj2\.dotnet\tools, C:\Users\dohertj2\.local\bin, C:\Users\dohertj2\AppData\Local\JetBrains\Toolbox\scripts, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Links, C:\Users\dohertj2\AppData\Roaming\npm, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Packages\BurntSushi.ripgrep.MSVC_Microsoft.Winget.Source_8wekyb3d8bbwe\ripgrep-15.1.0-x86_64-pc-windows-msvc, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Packages\zig.zig_Microsoft.Winget.Source_8wekyb3d8bbwe\zig-x86_64-windows-0.16.0, C:\Users\dohertj2\AppData\Local\OpenAI\Codex\bin, C:\Program Files\WindowsApps\OpenAI.Codex_26.422.2437.0_x64__2p2nqsd0c76g0\app\resources]
2026-04-25 02:07:47 ERROR (CliStreamBlob) Cannot replace existing blob at address 10023015 with CustomAttrib_8117 because they have different sizes (Old: 6, New: 5).
2026-04-25 02:07:47 WARN (CliBlobCustomAttrib) Invalid FieldOrProp value in NamedArg #1: 0x8
2026-04-25 02:07:47 ERROR (CliStreamBlob) Cannot replace existing blob at address 1002305b with CustomAttrib_8187 because they have different sizes (Old: 6, New: 9).
2026-04-25 02:07:47 ERROR (CliStreamBlob) Cannot replace existing blob at address 10023083 with CustomAttrib_8227 because they have different sizes (Old: 78, New: 58).
2026-04-25 02:07:47 ERROR (CliStreamBlob) Cannot replace existing blob at address 10023015 with CustomAttrib_8117 because they have different sizes (Old: 6, New: 5).
2026-04-25 02:07:47 ERROR (CliStreamBlob) Cannot replace existing blob at address 10023083 with CustomAttrib_8227 because they have different sizes (Old: 78, New: 58).
2026-04-25 02:07:47 WARN (CliBlobCustomAttrib) Invalid FieldOrProp value in NamedArg #1: 0x8
2026-04-25 02:07:47 ERROR (CliStreamBlob) Cannot replace existing blob at address 1002305b with CustomAttrib_8187 because they have different sizes (Old: 6, New: 9).
2026-04-25 02:07:47 ERROR (CliStreamBlob) Cannot replace existing blob at address 10023015 with CustomAttrib_8117 because they have different sizes (Old: 6, New: 5).
2026-04-25 02:07:53 INFO (TLSDirectory) TLS callbacks at 68f051c0
2026-04-25 02:07:54 DEBUG (WEVTResourceDataType) Error processing Provider Element.
2026-04-25 02:07:57 INFO (TLSDirectory) TLS callbacks at 1000701c
2026-04-25 02:07:57 WARN (ExportDataDirectory) Invalid or missing function at 10085b88
2026-04-25 02:08:00 WARN (ExportDataDirectory) Invalid or missing function at 69e9f8f8
2026-04-25 02:08:01 DEBUG (WEVTResourceDataType) Error processing Provider Element.
2026-04-25 02:08:04 INFO (ProgramLoader) Additional info:
Loading file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/LmxProxy.dll?MD5=b3a6a8f46ce22a48a42c23b77fbf9449...
[LmxProxy.dll]: failed to create TerminatedCString at 10038210: Failed to resolve data length for TerminatedCString
------------------------------------------------
Searching 36 paths for library ADVAPI32.DLL...
Loading file:///C:/Windows/SysWOW64/advapi32.dll?MD5=950c6d7d9ee5088375a96ae8436eaa70...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\advapi32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library DBGHELP.DLL...
Loading file:///C:/Windows/SysWOW64/dbghelp.dll?MD5=7a365edaa1b5c3a3fcdca41ee8fc95e2...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\dbghelp.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library KERNEL32.DLL...
Loading file:///C:/Windows/SysWOW64/kernel32.dll?MD5=0ce1f5f3d23f51b9ecfd453e34ca0af7...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\kernel32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library LICAPINATIVEWRAPPER.DLL...
Loading file:///C:/Program Files (x86)/Wonderware/OI-Server/CommonFiles/bin/LicAPINativeWrapper.dll?MD5=dd566b235e709da69c91e8175544321c...
Created exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\licapinativewrapper.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library MSVCP100.DLL...
Loading file:///C:/Windows/SysWOW64/msvcp100.dll?MD5=bc83108b18756547013ed443b8cdb31b...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcp100.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library MSVCR100.DLL...
Loading file:///C:/Windows/SysWOW64/msvcr100.dll?MD5=0e37fbfa79d349d672456923ec5fbbe3...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcr100.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library OLE32.DLL...
Loading file:///C:/Windows/SysWOW64/ole32.dll?MD5=0c99de30cc1bc2997ebf5b7ca4b54fe8...
[ole32.dll]: failed to create WEVTResource at 68fc5218: Failed to resolve data length for WEVTResource
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\ole32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library OLEAUT32.DLL...
Loading file:///C:/Windows/SysWOW64/oleaut32.dll?MD5=96b3f5be7d92458fb909620f918a1f63...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\oleaut32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library SHLWAPI.DLL...
Loading file:///C:/Windows/SysWOW64/shlwapi.dll?MD5=7955116f6d0ddddab0dab96deaea0b3d...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\shlwapi.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library USER32.DLL...
Loading file:///C:/Windows/SysWOW64/user32.dll?MD5=0927ed96558e5b2392df6cf7582f2655...
[user32.dll]: failed to create WEVTResource at 69eb6a70: Failed to resolve data length for WEVTResource
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\user32.exports
Library not saved to project.
------------------------------------------------
Applying cached symbols from LICAPINATIVEWRAPPER.DLL
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\kernel32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\user32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\advapi32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\ole32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\oleaut32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\shlwapi.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcp100.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\dbghelp.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcr100.exports
Linking the External Programs of 'LmxProxy.dll' to imported libraries...
[LICAPINATIVEWRAPPER.DLL] -> not found in project
[KERNEL32.DLL] -> not found in project
[USER32.DLL] -> not found in project
[ADVAPI32.DLL] -> not found in project
[OLE32.DLL] -> not found in project
[OLEAUT32.DLL] -> not found in project
[SHLWAPI.DLL] -> not found in project
[MSVCP100.DLL] -> not found in project
[DBGHELP.DLL] -> not found in project
[MSVCR100.DLL] -> not found in project
------------------------------------------------
2026-04-25 02:08:04 INFO (HeadlessAnalyzer) IMPORTING: Loaded 0 additional files
2026-04-25 02:08:05 INFO (HeadlessAnalyzer) ANALYZING all memory and code: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/LmxProxy.dll?MD5=b3a6a8f46ce22a48a42c23b77fbf9449
2026-04-25 02:08:05 WARN (NoReturnFunctionAnalyzer) Ignoring leading '_' chars on no-return name '___raise_securityfailure' specified in file: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\PEFunctionsThatDoNotReturn
2026-04-25 02:08:05 WARN (NoReturnFunctionAnalyzer) Ignoring leading '_' chars on no-return name '___report_rangecheckfailure' specified in file: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\PEFunctionsThatDoNotReturn
2026-04-25 02:08:05 INFO (PdbUniversalAnalyzer) Skipping PDB processing: missing PDB information in program metadata
2026-04-25 02:08:05 INFO (PackedDatabaseCache) Packed database cache: C:\Users\dohertj2\AppData\Local\ghidra\packed-db-cache
2026-04-25 02:08:05 DEBUG (PackedDatabaseCache) Using cached packed database: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\typeinfo\win32\windows_vs12_32.gdt
2026-04-25 02:08:20 INFO (DecompilerSwitchAnalyzer) hit non-returning function, restarting decompiler switch analyzer later
2026-04-25 02:08:45 INFO (TypeDescriptorModel) Unprocessed TypeDescriptor: long
2026-04-25 02:08:51 INFO (TypeDescriptorModel) Unprocessed TypeDescriptor: long
2026-04-25 02:09:21 INFO (ApplyDataArchiveAnalyzer) Applied data type archive: windows_vs12_32
2026-04-25 02:09:23 INFO (ApplyDataArchiveAnalyzer) Applied data type archive: windows_vs12_32
2026-04-25 02:10:08 INFO (AutoAnalysisManager) -----------------------------------------------------
ASCII Strings 1.891 secs
Apply Data Archives 1.076 secs
Call Convention ID 0.055 secs
Call-Fixup Installer 0.199 secs
Create Address Tables 0.245 secs
Create Address Tables - One Time 0.071 secs
Create Function 0.918 secs
Data Reference 0.612 secs
Decompiler Parameter ID 24.775 secs
Decompiler Switch Analysis 29.912 secs
Decompiler Switch Analysis - One Time 6.507 secs
Demangler Microsoft 0.622 secs
Disassemble 1.721 secs
Disassemble Entry Points 0.526 secs
Embedded Media 0.036 secs
External Entry References 0.001 secs
Function ID 3.014 secs
Function Start Pre Search 0.058 secs
Function Start Search 0.262 secs
Function Start Search After Code 0.095 secs
Function Start Search After Data 0.067 secs
Non-Returning Functions - Discovered 0.672 secs
Non-Returning Functions - Known 0.022 secs
PDB Universal 0.009 secs
Reference 0.727 secs
Scalar Operand References 1.674 secs
Shared Return Calls 0.892 secs
Stack 9.805 secs
Subroutine References 0.777 secs
Subroutine References - One Time 0.015 secs
Windows x86 PE Exception Handling 12.548 secs
Windows x86 PE RTTI Analyzer 10.726 secs
Windows x86 Thread Environment Block (TEB) Analyzer 0.058 secs
WindowsResourceReference 2.872 secs
X86 Function Callee Purge 0.638 secs
x86 Constant Reference Analyzer 8.431 secs
-----------------------------------------------------
Total Time 122 secs
-----------------------------------------------------
2026-04-25 02:10:08 INFO (HeadlessAnalyzer) REPORT: Analysis succeeded for file: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/LmxProxy.dll?MD5=b3a6a8f46ce22a48a42c23b77fbf9449
2026-04-25 02:10:08 INFO (HeadlessAnalyzer) REPORT: Execute script: MxNmxExport.java 'C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\exports'
2026-04-25 02:10:08 INFO (HeadlessAnalyzer) SCRIPT: C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\scripts\MxNmxExport.java
2026-04-25 02:10:11 INFO (GhidraScript) MxNmxExport.java> Wrote MX/NMX Ghidra export for LmxProxy.dll to C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\exports
2026-04-25 02:10:11 INFO (HeadlessAnalyzer) ANALYZING changes made by post scripts: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/LmxProxy.dll?MD5=b3a6a8f46ce22a48a42c23b77fbf9449
2026-04-25 02:10:11 INFO (HeadlessAnalyzer) REPORT: Post-analysis succeeded for file: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/LmxProxy.dll?MD5=b3a6a8f46ce22a48a42c23b77fbf9449
2026-04-25 02:10:11 INFO (LocalFileSystem) /input/LmxProxy.dll: file created (dohertj2)
2026-04-25 02:10:11 INFO (HeadlessAnalyzer) REPORT: Save succeeded for: /input/LmxProxy.dll (mxnmx:/input/LmxProxy.dll)
2026-04-25 02:10:11 INFO (HeadlessAnalyzer) REPORT: Import succeeded
2026-04-25 02:10:11 INFO (HeadlessAnalyzer) IMPORTING: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxAdptr.dll?MD5=ed206eb8de895f295c88017a15cb23de
2026-04-25 02:10:11 INFO (ProgramLoader) Using Loader: Portable Executable (PE)
2026-04-25 02:10:11 INFO (ProgramLoader) Using Language/Compiler: x86:LE:32:default:windows
2026-04-25 02:10:11 INFO (ProgramLoader) Using Library Search Path: [., C:\Windows\SysWOW64, C:\Program Files\Eclipse Adoptium\jdk-21.0.10.7-hotspot\bin, C:\Windows\Sun\Java\bin, C:\Windows\system32, C:\Windows, C:\Program Files\WindowsApps\Microsoft.PowerShell_7.6.1.0_x64__8wekyb3d8bbwe, C:\Users\dohertj2\.codex\tmp\arg0\codex-arg0eaNSL1, C:\TwinCAT\Common64, C:\TwinCAT\Common32, C:\Program Files (x86)\Wonderware\OI-Server\CommonFiles\bin\, C:\Program Files (x86)\Common Files\ArchestrA\, C:\Program Files\OpenSSH\, C:\Windows\System32\Wbem, C:\Windows\System32\WindowsPowerShell\v1.0\, C:\Windows\System32\OpenSSH\, C:\Program Files\dotnet\, C:\Program Files\Git\cmd, C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\, C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\, C:\Program Files\Microsoft SQL Server\140\Tools\Binn\, C:\Program Files\Microsoft SQL Server\140\DTS\Binn\, C:\Program Files (x86)\Common Files\ArchestrA\Licensing Framework\License API2, C:\Program Files\nodejs\, C:\Program Files\Docker\Docker\resources\bin, C:\Users\dohertj2\AppData\Local\Programs\Python\Python312\Scripts\, C:\Users\dohertj2\AppData\Local\Programs\Python\Python312\, C:\Users\dohertj2\AppData\Local\Programs\Python\Launcher\, C:\Users\dohertj2\AppData\Local\Microsoft\WindowsApps, C:\Users\dohertj2\.dotnet\tools, C:\Users\dohertj2\.local\bin, C:\Users\dohertj2\AppData\Local\JetBrains\Toolbox\scripts, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Links, C:\Users\dohertj2\AppData\Roaming\npm, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Packages\BurntSushi.ripgrep.MSVC_Microsoft.Winget.Source_8wekyb3d8bbwe\ripgrep-15.1.0-x86_64-pc-windows-msvc, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Packages\zig.zig_Microsoft.Winget.Source_8wekyb3d8bbwe\zig-x86_64-windows-0.16.0, C:\Users\dohertj2\AppData\Local\OpenAI\Codex\bin, C:\Program Files\WindowsApps\OpenAI.Codex_26.422.2437.0_x64__2p2nqsd0c76g0\app\resources]
2026-04-25 02:10:14 WARN (ExportDataDirectory) Invalid or missing function at 78a7afe0
2026-04-25 02:10:24 INFO (TLSDirectory) TLS callbacks at 68f051c0
2026-04-25 02:10:24 DEBUG (WEVTResourceDataType) Error processing Provider Element.
2026-04-25 02:10:26 INFO (TLSDirectory) TLS callbacks at 1000701c
2026-04-25 02:10:26 WARN (ExportDataDirectory) Invalid or missing function at 10085b88
2026-04-25 02:10:30 WARN (ExportDataDirectory) Invalid or missing function at 69e9f8f8
2026-04-25 02:10:30 DEBUG (WEVTResourceDataType) Error processing Provider Element.
2026-04-25 02:10:32 WARN (ExportDataDirectory) Invalid or missing function at 4f7c43d4
2026-04-25 02:10:32 DEBUG (WEVTResourceDataType) Error processing Provider Element.
2026-04-25 02:10:34 INFO (ProgramLoader) Additional info:
Loading file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxAdptr.dll?MD5=ed206eb8de895f295c88017a15cb23de...
[NmxAdptr.dll]: failed to create TerminatedCString at 100583d0: Failed to resolve data length for TerminatedCString
------------------------------------------------
Searching 36 paths for library ADVAPI32.DLL...
Loading file:///C:/Windows/SysWOW64/advapi32.dll?MD5=950c6d7d9ee5088375a96ae8436eaa70...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\advapi32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library ATL100.DLL...
Loading file:///C:/Windows/SysWOW64/atl100.dll?MD5=c85670ab64068f8080998aeba6c5019c...
Created exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\atl100.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library DBGHELP.DLL...
Loading file:///C:/Windows/SysWOW64/dbghelp.dll?MD5=7a365edaa1b5c3a3fcdca41ee8fc95e2...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\dbghelp.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library KERNEL32.DLL...
Loading file:///C:/Windows/SysWOW64/kernel32.dll?MD5=0ce1f5f3d23f51b9ecfd453e34ca0af7...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\kernel32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library MSVCP100.DLL...
Loading file:///C:/Windows/SysWOW64/msvcp100.dll?MD5=bc83108b18756547013ed443b8cdb31b...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcp100.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library MSVCR100.DLL...
Loading file:///C:/Windows/SysWOW64/msvcr100.dll?MD5=0e37fbfa79d349d672456923ec5fbbe3...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcr100.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library OLE32.DLL...
Loading file:///C:/Windows/SysWOW64/ole32.dll?MD5=0c99de30cc1bc2997ebf5b7ca4b54fe8...
[ole32.dll]: failed to create WEVTResource at 68fc5218: Failed to resolve data length for WEVTResource
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\ole32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library OLEAUT32.DLL...
Loading file:///C:/Windows/SysWOW64/oleaut32.dll?MD5=96b3f5be7d92458fb909620f918a1f63...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\oleaut32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library SHLWAPI.DLL...
Loading file:///C:/Windows/SysWOW64/shlwapi.dll?MD5=7955116f6d0ddddab0dab96deaea0b3d...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\shlwapi.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library USER32.DLL...
Loading file:///C:/Windows/SysWOW64/user32.dll?MD5=0927ed96558e5b2392df6cf7582f2655...
[user32.dll]: failed to create WEVTResource at 69eb6a70: Failed to resolve data length for WEVTResource
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\user32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library WS2_32.DLL...
Loading file:///C:/Windows/SysWOW64/ws2_32.dll?MD5=fc4a6145ddd1b64983e8700601c71fc6...
[ws2_32.dll]: failed to create WEVTResource at 4f7cc4b8: Failed to resolve data length for WEVTResource
Created exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\ws2_32.exports
Library not saved to project.
------------------------------------------------
Applying cached symbols from WS2_32.DLL
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\kernel32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\user32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\advapi32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\ole32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\oleaut32.exports
Applying cached symbols from ATL100.DLL
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\shlwapi.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcp100.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\dbghelp.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcr100.exports
Linking the External Programs of 'NmxAdptr.dll' to imported libraries...
[WS2_32.DLL] -> not found in project
[KERNEL32.DLL] -> not found in project
[USER32.DLL] -> not found in project
[ADVAPI32.DLL] -> not found in project
[OLE32.DLL] -> not found in project
[OLEAUT32.DLL] -> not found in project
[ATL100.DLL] -> not found in project
[SHLWAPI.DLL] -> not found in project
[MSVCP100.DLL] -> not found in project
[DBGHELP.DLL] -> not found in project
[MSVCR100.DLL] -> not found in project
------------------------------------------------
2026-04-25 02:10:34 INFO (HeadlessAnalyzer) IMPORTING: Loaded 0 additional files
2026-04-25 02:10:34 INFO (HeadlessAnalyzer) ANALYZING all memory and code: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxAdptr.dll?MD5=ed206eb8de895f295c88017a15cb23de
2026-04-25 02:10:34 WARN (NoReturnFunctionAnalyzer) Ignoring leading '_' chars on no-return name '___raise_securityfailure' specified in file: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\PEFunctionsThatDoNotReturn
2026-04-25 02:10:34 WARN (NoReturnFunctionAnalyzer) Ignoring leading '_' chars on no-return name '___report_rangecheckfailure' specified in file: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\PEFunctionsThatDoNotReturn
2026-04-25 02:10:34 DEBUG (SymbolServerService) SymbolServerService: querying Program's Import Location - C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\input for NmxAdptr.pdb, c16245bc-ff95-411c-b853-a40971320811, 3, 0, ???
2026-04-25 02:10:34 DEBUG (SymbolServerService) SymbolServerService: got 0 results from Program's Import Location - C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\input
2026-04-25 02:10:34 DEBUG (SymbolServerService) SymbolServerService: found 0 matches
2026-04-25 02:10:34 INFO (PdbUniversalAnalyzer) Skipping PDB processing: failed to locate PDB file in configured locations
2026-04-25 02:10:34 INFO (PdbUniversalAnalyzer) Use a script to set the PDB file location. I.e.,
PdbAnalyzer.setPdbFileOption(currentProgram, new File("/path/to/pdb/file.pdb")); or
PdbUniversalAnalyzer.setPdbFileOption(currentProgram, new File("/path/to/pdb/file.pdb"));
Or set the symbol server search configuration using: PdbPlugin.saveSymbolServerServiceConfig(...);
This must be done using a pre-script (prior to analysis).
2026-04-25 02:10:34 DEBUG (PackedDatabaseCache) Using cached packed database: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\typeinfo\win32\windows_vs12_32.gdt
2026-04-25 02:10:45 INFO (DecompilerSwitchAnalyzer) hit non-returning function, restarting decompiler switch analyzer later
2026-04-25 02:11:18 INFO (TypeDescriptorModel) Unprocessed TypeDescriptor: long
2026-04-25 02:11:21 INFO (TypeDescriptorModel) Unprocessed TypeDescriptor: long
2026-04-25 02:11:45 INFO (ApplyDataArchiveAnalyzer) Applied data type archive: windows_vs12_32
2026-04-25 02:11:46 INFO (ApplyDataArchiveAnalyzer) Applied data type archive: windows_vs12_32
2026-04-25 02:12:30 INFO (AutoAnalysisManager) -----------------------------------------------------
ASCII Strings 0.182 secs
Apply Data Archives 0.577 secs
Call Convention ID 0.072 secs
Call-Fixup Installer 0.162 secs
Create Address Tables 0.327 secs
Create Address Tables - One Time 0.081 secs
Create Function 0.926 secs
Data Reference 0.504 secs
Decompiler Parameter ID 25.217 secs
Decompiler Switch Analysis 35.928 secs
Decompiler Switch Analysis - One Time 5.933 secs
Demangler Microsoft 0.447 secs
Disassemble 1.670 secs
Disassemble Entry Points 0.210 secs
Embedded Media 0.026 secs
External Entry References 0.000 secs
Function ID 3.141 secs
Function Start Pre Search 0.056 secs
Function Start Search 0.195 secs
Function Start Search After Code 0.202 secs
Function Start Search After Data 0.094 secs
Non-Returning Functions - Discovered 0.689 secs
Non-Returning Functions - Known 0.020 secs
PDB Universal 0.081 secs
Reference 0.720 secs
Scalar Operand References 1.345 secs
Shared Return Calls 0.606 secs
Stack 9.996 secs
Subroutine References 0.520 secs
Subroutine References - One Time 0.024 secs
Windows x86 PE Exception Handling 9.693 secs
Windows x86 PE RTTI Analyzer 5.597 secs
Windows x86 Thread Environment Block (TEB) Analyzer 0.022 secs
WindowsResourceReference 0.896 secs
X86 Function Callee Purge 1.919 secs
x86 Constant Reference Analyzer 8.159 secs
-----------------------------------------------------
Total Time 116 secs
-----------------------------------------------------
2026-04-25 02:12:30 INFO (HeadlessAnalyzer) REPORT: Analysis succeeded for file: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxAdptr.dll?MD5=ed206eb8de895f295c88017a15cb23de
2026-04-25 02:12:30 INFO (HeadlessAnalyzer) REPORT: Execute script: MxNmxExport.java 'C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\exports'
2026-04-25 02:12:31 INFO (HeadlessAnalyzer) SCRIPT: C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\scripts\MxNmxExport.java
2026-04-25 02:12:33 INFO (GhidraScript) MxNmxExport.java> Wrote MX/NMX Ghidra export for NmxAdptr.dll to C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\exports
2026-04-25 02:12:33 INFO (HeadlessAnalyzer) ANALYZING changes made by post scripts: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxAdptr.dll?MD5=ed206eb8de895f295c88017a15cb23de
2026-04-25 02:12:33 INFO (HeadlessAnalyzer) REPORT: Post-analysis succeeded for file: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxAdptr.dll?MD5=ed206eb8de895f295c88017a15cb23de
2026-04-25 02:12:33 INFO (LocalFileSystem) /input/NmxAdptr.dll: file created (dohertj2)
2026-04-25 02:12:33 INFO (HeadlessAnalyzer) REPORT: Save succeeded for: /input/NmxAdptr.dll (mxnmx:/input/NmxAdptr.dll)
2026-04-25 02:12:33 INFO (HeadlessAnalyzer) REPORT: Import succeeded
2026-04-25 02:12:33 INFO (HeadlessAnalyzer) IMPORTING: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvc.exe?MD5=33e3fda3607d01af4d83859567d99d47
2026-04-25 02:12:33 INFO (ProgramLoader) Using Loader: Portable Executable (PE)
2026-04-25 02:12:33 INFO (ProgramLoader) Using Language/Compiler: x86:LE:32:default:windows
2026-04-25 02:12:33 INFO (ProgramLoader) Using Library Search Path: [., C:\Windows\SysWOW64, C:\Program Files\Eclipse Adoptium\jdk-21.0.10.7-hotspot\bin, C:\Windows\Sun\Java\bin, C:\Windows\system32, C:\Windows, C:\Program Files\WindowsApps\Microsoft.PowerShell_7.6.1.0_x64__8wekyb3d8bbwe, C:\Users\dohertj2\.codex\tmp\arg0\codex-arg0eaNSL1, C:\TwinCAT\Common64, C:\TwinCAT\Common32, C:\Program Files (x86)\Wonderware\OI-Server\CommonFiles\bin\, C:\Program Files (x86)\Common Files\ArchestrA\, C:\Program Files\OpenSSH\, C:\Windows\System32\Wbem, C:\Windows\System32\WindowsPowerShell\v1.0\, C:\Windows\System32\OpenSSH\, C:\Program Files\dotnet\, C:\Program Files\Git\cmd, C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\, C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\, C:\Program Files\Microsoft SQL Server\140\Tools\Binn\, C:\Program Files\Microsoft SQL Server\140\DTS\Binn\, C:\Program Files (x86)\Common Files\ArchestrA\Licensing Framework\License API2, C:\Program Files\nodejs\, C:\Program Files\Docker\Docker\resources\bin, C:\Users\dohertj2\AppData\Local\Programs\Python\Python312\Scripts\, C:\Users\dohertj2\AppData\Local\Programs\Python\Python312\, C:\Users\dohertj2\AppData\Local\Programs\Python\Launcher\, C:\Users\dohertj2\AppData\Local\Microsoft\WindowsApps, C:\Users\dohertj2\.dotnet\tools, C:\Users\dohertj2\.local\bin, C:\Users\dohertj2\AppData\Local\JetBrains\Toolbox\scripts, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Links, C:\Users\dohertj2\AppData\Roaming\npm, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Packages\BurntSushi.ripgrep.MSVC_Microsoft.Winget.Source_8wekyb3d8bbwe\ripgrep-15.1.0-x86_64-pc-windows-msvc, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Packages\zig.zig_Microsoft.Winget.Source_8wekyb3d8bbwe\zig-x86_64-windows-0.16.0, C:\Users\dohertj2\AppData\Local\OpenAI\Codex\bin, C:\Program Files\WindowsApps\OpenAI.Codex_26.422.2437.0_x64__2p2nqsd0c76g0\app\resources]
2026-04-25 02:12:47 INFO (TLSDirectory) TLS callbacks at 68f051c0
2026-04-25 02:12:48 DEBUG (WEVTResourceDataType) Error processing Provider Element.
2026-04-25 02:12:50 INFO (TLSDirectory) TLS callbacks at 1000701c
2026-04-25 02:12:50 WARN (ExportDataDirectory) Invalid or missing function at 10085b88
2026-04-25 02:12:54 WARN (ExportDataDirectory) Invalid or missing function at 69e9f8f8
2026-04-25 02:12:55 DEBUG (WEVTResourceDataType) Error processing Provider Element.
2026-04-25 02:12:56 WARN (ExportDataDirectory) Invalid or missing function at 4f7c43d4
2026-04-25 02:12:57 DEBUG (WEVTResourceDataType) Error processing Provider Element.
2026-04-25 02:12:57 INFO (ProgramLoader) Additional info:
Loading file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvc.exe?MD5=33e3fda3607d01af4d83859567d99d47...
[NmxSvc.exe]: failed to create TerminatedCString at 00465770: Failed to resolve data length for TerminatedCString
------------------------------------------------
Searching 36 paths for library ADVAPI32.DLL...
Loading file:///C:/Windows/SysWOW64/advapi32.dll?MD5=950c6d7d9ee5088375a96ae8436eaa70...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\advapi32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library DBGHELP.DLL...
Loading file:///C:/Windows/SysWOW64/dbghelp.dll?MD5=7a365edaa1b5c3a3fcdca41ee8fc95e2...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\dbghelp.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library IPHLPAPI.DLL...
Loading file:///C:/Windows/SysWOW64/IPHLPAPI.DLL?MD5=c5f93114591ab9efe8dc3a4a98845cde...
Created exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\iphlpapi.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library KERNEL32.DLL...
Loading file:///C:/Windows/SysWOW64/kernel32.dll?MD5=0ce1f5f3d23f51b9ecfd453e34ca0af7...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\kernel32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library MSVCP100.DLL...
Loading file:///C:/Windows/SysWOW64/msvcp100.dll?MD5=bc83108b18756547013ed443b8cdb31b...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcp100.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library MSVCR100.DLL...
Loading file:///C:/Windows/SysWOW64/msvcr100.dll?MD5=0e37fbfa79d349d672456923ec5fbbe3...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcr100.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library NETAPI32.DLL...
Loading file:///C:/Windows/SysWOW64/netapi32.dll?MD5=b87c412295a901b441e06549fc7798c2...
Created exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\netapi32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library OLE32.DLL...
Loading file:///C:/Windows/SysWOW64/ole32.dll?MD5=0c99de30cc1bc2997ebf5b7ca4b54fe8...
[ole32.dll]: failed to create WEVTResource at 68fc5218: Failed to resolve data length for WEVTResource
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\ole32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library OLEAUT32.DLL...
Loading file:///C:/Windows/SysWOW64/oleaut32.dll?MD5=96b3f5be7d92458fb909620f918a1f63...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\oleaut32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library SECUR32.DLL...
Loading file:///C:/Windows/SysWOW64/secur32.dll?MD5=f43305d96ef703ac86f5a38f635b6f2f...
Created exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\secur32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library SHLWAPI.DLL...
Loading file:///C:/Windows/SysWOW64/shlwapi.dll?MD5=7955116f6d0ddddab0dab96deaea0b3d...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\shlwapi.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library USER32.DLL...
Loading file:///C:/Windows/SysWOW64/user32.dll?MD5=0927ed96558e5b2392df6cf7582f2655...
[user32.dll]: failed to create WEVTResource at 69eb6a70: Failed to resolve data length for WEVTResource
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\user32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library WS2_32.DLL...
Loading file:///C:/Windows/SysWOW64/ws2_32.dll?MD5=fc4a6145ddd1b64983e8700601c71fc6...
[ws2_32.dll]: failed to create WEVTResource at 4f7cc4b8: Failed to resolve data length for WEVTResource
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\ws2_32.exports
Library not saved to project.
------------------------------------------------
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\ws2_32.exports
Applying cached symbols from IPHLPAPI.DLL
Applying cached symbols from SECUR32.DLL
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\kernel32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\user32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\advapi32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\ole32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\oleaut32.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\shlwapi.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcp100.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\dbghelp.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\msvcr100.exports
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\netapi32.exports
Linking the External Programs of 'NmxSvc.exe' to imported libraries...
[WS2_32.DLL] -> not found in project
[IPHLPAPI.DLL] -> not found in project
[SECUR32.DLL] -> not found in project
[KERNEL32.DLL] -> not found in project
[USER32.DLL] -> not found in project
[ADVAPI32.DLL] -> not found in project
[OLE32.DLL] -> not found in project
[OLEAUT32.DLL] -> not found in project
[SHLWAPI.DLL] -> not found in project
[MSVCP100.DLL] -> not found in project
[DBGHELP.DLL] -> not found in project
[MSVCR100.DLL] -> not found in project
[NETAPI32.DLL] -> not found in project
------------------------------------------------
2026-04-25 02:12:57 INFO (HeadlessAnalyzer) IMPORTING: Loaded 0 additional files
2026-04-25 02:12:58 INFO (HeadlessAnalyzer) ANALYZING all memory and code: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvc.exe?MD5=33e3fda3607d01af4d83859567d99d47
2026-04-25 02:12:58 WARN (NoReturnFunctionAnalyzer) Ignoring leading '_' chars on no-return name '___raise_securityfailure' specified in file: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\PEFunctionsThatDoNotReturn
2026-04-25 02:12:58 WARN (NoReturnFunctionAnalyzer) Ignoring leading '_' chars on no-return name '___report_rangecheckfailure' specified in file: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\PEFunctionsThatDoNotReturn
2026-04-25 02:12:58 DEBUG (SymbolServerService) SymbolServerService: querying Program's Import Location - C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\input for NmxSvc.pdb, fd35a3a5-adbb-4c2d-827b-138689f178ad, 1, 0, ???
2026-04-25 02:12:58 DEBUG (SymbolServerService) SymbolServerService: got 0 results from Program's Import Location - C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\input
2026-04-25 02:12:58 DEBUG (SymbolServerService) SymbolServerService: found 0 matches
2026-04-25 02:12:58 INFO (PdbUniversalAnalyzer) Skipping PDB processing: failed to locate PDB file in configured locations
2026-04-25 02:12:58 INFO (PdbUniversalAnalyzer) Use a script to set the PDB file location. I.e.,
PdbAnalyzer.setPdbFileOption(currentProgram, new File("/path/to/pdb/file.pdb")); or
PdbUniversalAnalyzer.setPdbFileOption(currentProgram, new File("/path/to/pdb/file.pdb"));
Or set the symbol server search configuration using: PdbPlugin.saveSymbolServerServiceConfig(...);
This must be done using a pre-script (prior to analysis).
2026-04-25 02:12:58 DEBUG (PackedDatabaseCache) Using cached packed database: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\typeinfo\win32\windows_vs12_32.gdt
2026-04-25 02:13:09 INFO (DecompilerSwitchAnalyzer) hit non-returning function, restarting decompiler switch analyzer later
2026-04-25 02:13:19 INFO (DecompilerSwitchAnalyzer) hit non-returning function, restarting decompiler switch analyzer later
2026-04-25 02:13:39 INFO (TypeDescriptorModel) Unprocessed TypeDescriptor: long
2026-04-25 02:13:44 INFO (TypeDescriptorModel) Unprocessed TypeDescriptor: long
2026-04-25 02:14:09 INFO (ApplyDataArchiveAnalyzer) Applied data type archive: windows_vs12_32
2026-04-25 02:14:10 INFO (ApplyDataArchiveAnalyzer) Applied data type archive: windows_vs12_32
2026-04-25 02:14:49 DEBUG (DecompilerParameterIdCmd) Failed to decompile function: FUN_0040eba5:
Low-level Error: Cannot properly adjust input varnodes
2026-04-25 02:15:05 INFO (AutoAnalysisManager) -----------------------------------------------------
ASCII Strings 0.161 secs
Apply Data Archives 0.592 secs
Call Convention ID 0.081 secs
Call-Fixup Installer 0.246 secs
Create Address Tables 0.309 secs
Create Address Tables - One Time 0.077 secs
Create Function 1.263 secs
Data Reference 0.669 secs
Decompiler Parameter ID 30.290 secs
Decompiler Switch Analysis 21.475 secs
Decompiler Switch Analysis - One Time 14.353 secs
Demangler Microsoft 0.666 secs
Disassemble 1.864 secs
Disassemble Entry Points 0.268 secs
Embedded Media 0.033 secs
External Entry References 0.000 secs
Function ID 3.688 secs
Function Start Pre Search 0.074 secs
Function Start Search 0.361 secs
Function Start Search After Code 0.214 secs
Function Start Search After Data 0.190 secs
Non-Returning Functions - Discovered 0.614 secs
Non-Returning Functions - Known 0.019 secs
PDB Universal 0.003 secs
Reference 0.737 secs
Scalar Operand References 1.795 secs
Shared Return Calls 0.867 secs
Stack 13.370 secs
Subroutine References 0.644 secs
Subroutine References - One Time 0.029 secs
Windows x86 PE Exception Handling 9.698 secs
Windows x86 PE RTTI Analyzer 7.709 secs
Windows x86 Thread Environment Block (TEB) Analyzer 0.022 secs
WindowsResourceReference 2.289 secs
X86 Function Callee Purge 1.973 secs
x86 Constant Reference Analyzer 10.856 secs
-----------------------------------------------------
Total Time 127 secs
-----------------------------------------------------
2026-04-25 02:15:05 INFO (HeadlessAnalyzer) REPORT: Analysis succeeded for file: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvc.exe?MD5=33e3fda3607d01af4d83859567d99d47
2026-04-25 02:15:05 INFO (HeadlessAnalyzer) REPORT: Execute script: MxNmxExport.java 'C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\exports'
2026-04-25 02:15:05 INFO (HeadlessAnalyzer) SCRIPT: C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\scripts\MxNmxExport.java
2026-04-25 02:15:08 INFO (GhidraScript) MxNmxExport.java> Wrote MX/NMX Ghidra export for NmxSvc.exe to C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\exports
2026-04-25 02:15:08 INFO (HeadlessAnalyzer) ANALYZING changes made by post scripts: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvc.exe?MD5=33e3fda3607d01af4d83859567d99d47
2026-04-25 02:15:08 INFO (HeadlessAnalyzer) REPORT: Post-analysis succeeded for file: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvc.exe?MD5=33e3fda3607d01af4d83859567d99d47
2026-04-25 02:15:08 INFO (LocalFileSystem) /input/NmxSvc.exe: file created (dohertj2)
2026-04-25 02:15:08 INFO (HeadlessAnalyzer) REPORT: Save succeeded for: /input/NmxSvc.exe (mxnmx:/input/NmxSvc.exe)
2026-04-25 02:15:08 INFO (HeadlessAnalyzer) REPORT: Import succeeded
2026-04-25 02:15:08 INFO (HeadlessAnalyzer) IMPORTING: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvcps.dll?MD5=e819cc7af405b742deb1505da4a7e3d4
2026-04-25 02:15:08 INFO (ProgramLoader) Using Loader: Portable Executable (PE)
2026-04-25 02:15:08 INFO (ProgramLoader) Using Language/Compiler: x86:LE:32:default:windows
2026-04-25 02:15:08 INFO (ProgramLoader) Using Library Search Path: [., C:\Windows\SysWOW64, C:\Program Files\Eclipse Adoptium\jdk-21.0.10.7-hotspot\bin, C:\Windows\Sun\Java\bin, C:\Windows\system32, C:\Windows, C:\Program Files\WindowsApps\Microsoft.PowerShell_7.6.1.0_x64__8wekyb3d8bbwe, C:\Users\dohertj2\.codex\tmp\arg0\codex-arg0eaNSL1, C:\TwinCAT\Common64, C:\TwinCAT\Common32, C:\Program Files (x86)\Wonderware\OI-Server\CommonFiles\bin\, C:\Program Files (x86)\Common Files\ArchestrA\, C:\Program Files\OpenSSH\, C:\Windows\System32\Wbem, C:\Windows\System32\WindowsPowerShell\v1.0\, C:\Windows\System32\OpenSSH\, C:\Program Files\dotnet\, C:\Program Files\Git\cmd, C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\, C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\, C:\Program Files\Microsoft SQL Server\140\Tools\Binn\, C:\Program Files\Microsoft SQL Server\140\DTS\Binn\, C:\Program Files (x86)\Common Files\ArchestrA\Licensing Framework\License API2, C:\Program Files\nodejs\, C:\Program Files\Docker\Docker\resources\bin, C:\Users\dohertj2\AppData\Local\Programs\Python\Python312\Scripts\, C:\Users\dohertj2\AppData\Local\Programs\Python\Python312\, C:\Users\dohertj2\AppData\Local\Programs\Python\Launcher\, C:\Users\dohertj2\AppData\Local\Microsoft\WindowsApps, C:\Users\dohertj2\.dotnet\tools, C:\Users\dohertj2\.local\bin, C:\Users\dohertj2\AppData\Local\JetBrains\Toolbox\scripts, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Links, C:\Users\dohertj2\AppData\Roaming\npm, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Packages\BurntSushi.ripgrep.MSVC_Microsoft.Winget.Source_8wekyb3d8bbwe\ripgrep-15.1.0-x86_64-pc-windows-msvc, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Packages\zig.zig_Microsoft.Winget.Source_8wekyb3d8bbwe\zig-x86_64-windows-0.16.0, C:\Users\dohertj2\AppData\Local\OpenAI\Codex\bin, C:\Program Files\WindowsApps\OpenAI.Codex_26.422.2437.0_x64__2p2nqsd0c76g0\app\resources]
2026-04-25 02:15:12 INFO (TLSDirectory) TLS callbacks at 1000701c
2026-04-25 02:15:12 WARN (ExportDataDirectory) Invalid or missing function at 10085b88
2026-04-25 02:15:15 INFO (ProgramLoader) Additional info:
Loading file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvcps.dll?MD5=e819cc7af405b742deb1505da4a7e3d4...
[NmxSvcps.dll]: failed to create TerminatedCString at 1000c46c: Failed to resolve data length for TerminatedCString
------------------------------------------------
Searching 36 paths for library KERNEL32.DLL...
Loading file:///C:/Windows/SysWOW64/kernel32.dll?MD5=0ce1f5f3d23f51b9ecfd453e34ca0af7...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\kernel32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library OLEAUT32.DLL...
Loading file:///C:/Windows/SysWOW64/oleaut32.dll?MD5=96b3f5be7d92458fb909620f918a1f63...
Using existing exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\oleaut32.exports
Library not saved to project.
------------------------------------------------
Searching 36 paths for library RPCRT4.DLL...
Loading file:///C:/Windows/SysWOW64/rpcrt4.dll?MD5=86b4865aed411b83c8188779681eab79...
Index 10 out of bounds for length 10
Created exports file: C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\rpcrt4.exports
Library not saved to project.
------------------------------------------------
Applying cached symbols from RPCRT4.DLL
Applying C:\Users\dohertj2\AppData\Roaming\ghidra\ghidra_12.0.4_PUBLIC\symbols\win32\kernel32.exports
Applying cached symbols from OLEAUT32.DLL
Linking the External Programs of 'NmxSvcps.dll' to imported libraries...
[RPCRT4.DLL] -> not found in project
[KERNEL32.DLL] -> not found in project
[OLEAUT32.DLL] -> not found in project
------------------------------------------------
2026-04-25 02:15:15 INFO (HeadlessAnalyzer) IMPORTING: Loaded 0 additional files
2026-04-25 02:15:15 INFO (HeadlessAnalyzer) ANALYZING all memory and code: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvcps.dll?MD5=e819cc7af405b742deb1505da4a7e3d4
2026-04-25 02:15:15 WARN (NoReturnFunctionAnalyzer) Ignoring leading '_' chars on no-return name '___raise_securityfailure' specified in file: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\PEFunctionsThatDoNotReturn
2026-04-25 02:15:15 WARN (NoReturnFunctionAnalyzer) Ignoring leading '_' chars on no-return name '___report_rangecheckfailure' specified in file: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\PEFunctionsThatDoNotReturn
2026-04-25 02:15:15 INFO (PdbUniversalAnalyzer) Skipping PDB processing: missing PDB information in program metadata
2026-04-25 02:15:25 DEBUG (PackedDatabaseCache) Using cached packed database: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\typeinfo\win32\windows_vs12_32.gdt
2026-04-25 02:15:28 INFO (ApplyDataArchiveAnalyzer) Applied data type archive: windows_vs12_32
2026-04-25 02:15:28 INFO (ApplyDataArchiveAnalyzer) Applied data type archive: windows_vs12_32
2026-04-25 02:15:47 INFO (AutoAnalysisManager) -----------------------------------------------------
ASCII Strings 0.025 secs
Apply Data Archives 3.243 secs
Call Convention ID 0.005 secs
Call-Fixup Installer 0.040 secs
Create Address Tables 0.041 secs
Create Address Tables - One Time 0.090 secs
Create Function 0.111 secs
Data Reference 0.062 secs
Decompiler Parameter ID 6.964 secs
Decompiler Switch Analysis 15.562 secs
Demangler Microsoft 0.076 secs
Disassemble 0.043 secs
Disassemble Entry Points 0.315 secs
Embedded Media 0.015 secs
External Entry References 0.001 secs
Function ID 0.546 secs
Function Start Pre Search 0.192 secs
Function Start Search 0.158 secs
Function Start Search After Code 0.020 secs
Function Start Search After Data 0.026 secs
Function Start Search delayed - One Time 0.001 secs
Non-Returning Functions - Discovered 0.082 secs
Non-Returning Functions - Known 0.016 secs
PDB Universal 0.003 secs
Reference 0.095 secs
Scalar Operand References 0.110 secs
Shared Return Calls 0.109 secs
Stack 1.307 secs
Subroutine References 0.052 secs
Subroutine References - One Time 0.009 secs
Windows x86 PE Exception Handling 0.002 secs
Windows x86 PE RTTI Analyzer 0.003 secs
Windows x86 Thread Environment Block (TEB) Analyzer 0.026 secs
WindowsResourceReference 0.917 secs
X86 Function Callee Purge 0.032 secs
x86 Constant Reference Analyzer 1.289 secs
-----------------------------------------------------
Total Time 31 secs
-----------------------------------------------------
2026-04-25 02:15:47 INFO (HeadlessAnalyzer) REPORT: Analysis succeeded for file: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvcps.dll?MD5=e819cc7af405b742deb1505da4a7e3d4
2026-04-25 02:15:47 INFO (HeadlessAnalyzer) REPORT: Execute script: MxNmxExport.java 'C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\exports'
2026-04-25 02:15:47 INFO (HeadlessAnalyzer) SCRIPT: C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\scripts\MxNmxExport.java
2026-04-25 02:15:47 INFO (GhidraScript) MxNmxExport.java> Wrote MX/NMX Ghidra export for NmxSvcps.dll to C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\exports
2026-04-25 02:15:47 INFO (HeadlessAnalyzer) ANALYZING changes made by post scripts: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvcps.dll?MD5=e819cc7af405b742deb1505da4a7e3d4
2026-04-25 02:15:47 INFO (HeadlessAnalyzer) REPORT: Post-analysis succeeded for file: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/NmxSvcps.dll?MD5=e819cc7af405b742deb1505da4a7e3d4
2026-04-25 02:15:48 INFO (LocalFileSystem) /input/NmxSvcps.dll: file created (dohertj2)
2026-04-25 02:15:48 INFO (HeadlessAnalyzer) REPORT: Save succeeded for: /input/NmxSvcps.dll (mxnmx:/input/NmxSvcps.dll)
2026-04-25 02:15:48 INFO (HeadlessAnalyzer) REPORT: Import succeeded
2026-04-25 02:15:48 INFO (HeadlessAnalyzer) IMPORTING: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/WWProxyStub.dll?MD5=562fc393145e7507093acefb2b59808b
2026-04-25 02:15:48 INFO (ProgramLoader) Using Loader: Portable Executable (PE)
2026-04-25 02:15:48 INFO (ProgramLoader) Using Language/Compiler: x86:LE:32:default:windows
2026-04-25 02:15:48 INFO (ProgramLoader) Using Library Search Path: [., C:\Windows\SysWOW64, C:\Program Files\Eclipse Adoptium\jdk-21.0.10.7-hotspot\bin, C:\Windows\Sun\Java\bin, C:\Windows\system32, C:\Windows, C:\Program Files\WindowsApps\Microsoft.PowerShell_7.6.1.0_x64__8wekyb3d8bbwe, C:\Users\dohertj2\.codex\tmp\arg0\codex-arg0eaNSL1, C:\TwinCAT\Common64, C:\TwinCAT\Common32, C:\Program Files (x86)\Wonderware\OI-Server\CommonFiles\bin\, C:\Program Files (x86)\Common Files\ArchestrA\, C:\Program Files\OpenSSH\, C:\Windows\System32\Wbem, C:\Windows\System32\WindowsPowerShell\v1.0\, C:\Windows\System32\OpenSSH\, C:\Program Files\dotnet\, C:\Program Files\Git\cmd, C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\, C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\, C:\Program Files\Microsoft SQL Server\140\Tools\Binn\, C:\Program Files\Microsoft SQL Server\140\DTS\Binn\, C:\Program Files (x86)\Common Files\ArchestrA\Licensing Framework\License API2, C:\Program Files\nodejs\, C:\Program Files\Docker\Docker\resources\bin, C:\Users\dohertj2\AppData\Local\Programs\Python\Python312\Scripts\, C:\Users\dohertj2\AppData\Local\Programs\Python\Python312\, C:\Users\dohertj2\AppData\Local\Programs\Python\Launcher\, C:\Users\dohertj2\AppData\Local\Microsoft\WindowsApps, C:\Users\dohertj2\.dotnet\tools, C:\Users\dohertj2\.local\bin, C:\Users\dohertj2\AppData\Local\JetBrains\Toolbox\scripts, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Links, C:\Users\dohertj2\AppData\Roaming\npm, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Packages\BurntSushi.ripgrep.MSVC_Microsoft.Winget.Source_8wekyb3d8bbwe\ripgrep-15.1.0-x86_64-pc-windows-msvc, C:\Users\dohertj2\AppData\Local\Microsoft\WinGet\Packages\zig.zig_Microsoft.Winget.Source_8wekyb3d8bbwe\zig-x86_64-windows-0.16.0, C:\Users\dohertj2\AppData\Local\OpenAI\Codex\bin, C:\Program Files\WindowsApps\OpenAI.Codex_26.422.2437.0_x64__2p2nqsd0c76g0\app\resources]
2026-04-25 02:15:48 INFO (ProgramLoader) Additional info:
Loading file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/WWProxyStub.dll?MD5=562fc393145e7507093acefb2b59808b...
[WWProxyStub.dll]: failed to create TerminatedCString at 10003498: Failed to resolve data length for TerminatedCString
------------------------------------------------
2026-04-25 02:15:48 INFO (HeadlessAnalyzer) IMPORTING: Loaded 0 additional files
2026-04-25 02:15:48 INFO (HeadlessAnalyzer) ANALYZING all memory and code: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/WWProxyStub.dll?MD5=562fc393145e7507093acefb2b59808b
2026-04-25 02:15:48 WARN (NoReturnFunctionAnalyzer) Ignoring leading '_' chars on no-return name '___raise_securityfailure' specified in file: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\PEFunctionsThatDoNotReturn
2026-04-25 02:15:48 WARN (NoReturnFunctionAnalyzer) Ignoring leading '_' chars on no-return name '___report_rangecheckfailure' specified in file: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\PEFunctionsThatDoNotReturn
2026-04-25 02:15:48 INFO (PdbUniversalAnalyzer) Skipping PDB processing: missing PDB information in program metadata
2026-04-25 02:15:48 DEBUG (PackedDatabaseCache) Using cached packed database: C:\Users\dohertj2\Desktop\focas\tools\ghidra_12.0.4_PUBLIC\Ghidra\Features\Base\data\typeinfo\win32\windows_vs12_32.gdt
2026-04-25 02:15:51 INFO (ApplyDataArchiveAnalyzer) Applied data type archive: windows_vs12_32
2026-04-25 02:15:55 INFO (AutoAnalysisManager) -----------------------------------------------------
ASCII Strings 0.004 secs
Apply Data Archives 2.583 secs
Call Convention ID 0.001 secs
Call-Fixup Installer 0.000 secs
Create Address Tables 0.003 secs
Create Function 0.000 secs
Data Reference 0.001 secs
Decompiler Parameter ID 2.853 secs
Decompiler Switch Analysis 0.000 secs
Demangler Microsoft 0.002 secs
Disassemble Entry Points 0.008 secs
Embedded Media 0.006 secs
External Entry References 0.000 secs
Function ID 0.025 secs
Function Start Pre Search 0.018 secs
Function Start Search 0.058 secs
Function Start Search After Code 0.004 secs
Function Start Search After Data 0.002 secs
Non-Returning Functions - Discovered 0.000 secs
Non-Returning Functions - Known 0.012 secs
PDB Universal 0.001 secs
Reference 0.000 secs
Scalar Operand References 0.000 secs
Shared Return Calls 0.001 secs
Stack 0.003 secs
Subroutine References 0.001 secs
Windows x86 PE Exception Handling 0.000 secs
Windows x86 PE RTTI Analyzer 0.000 secs
Windows x86 Thread Environment Block (TEB) Analyzer 0.020 secs
WindowsResourceReference 0.967 secs
X86 Function Callee Purge 0.000 secs
x86 Constant Reference Analyzer 0.004 secs
-----------------------------------------------------
Total Time 6 secs
-----------------------------------------------------
2026-04-25 02:15:55 INFO (HeadlessAnalyzer) REPORT: Analysis succeeded for file: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/WWProxyStub.dll?MD5=562fc393145e7507093acefb2b59808b
2026-04-25 02:15:55 INFO (HeadlessAnalyzer) REPORT: Execute script: MxNmxExport.java 'C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\exports'
2026-04-25 02:15:55 INFO (HeadlessAnalyzer) SCRIPT: C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\scripts\MxNmxExport.java
2026-04-25 02:15:55 INFO (GhidraScript) MxNmxExport.java> Wrote MX/NMX Ghidra export for WWProxyStub.dll to C:\Users\dohertj2\Desktop\mxaccess\analysis\ghidra\exports
2026-04-25 02:15:55 INFO (HeadlessAnalyzer) ANALYZING changes made by post scripts: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/WWProxyStub.dll?MD5=562fc393145e7507093acefb2b59808b
2026-04-25 02:15:55 INFO (HeadlessAnalyzer) REPORT: Post-analysis succeeded for file: file:///C:/Users/dohertj2/Desktop/mxaccess/analysis/ghidra/input/WWProxyStub.dll?MD5=562fc393145e7507093acefb2b59808b
2026-04-25 02:15:55 INFO (LocalFileSystem) /input/WWProxyStub.dll: file created (dohertj2)
2026-04-25 02:15:55 INFO (HeadlessAnalyzer) REPORT: Save succeeded for: /input/WWProxyStub.dll (mxnmx:/input/WWProxyStub.dll)
2026-04-25 02:15:55 INFO (HeadlessAnalyzer) REPORT: Import succeeded
Reference in New Issue View Git Blame Copy Permalink