dohertj2/mxaccess
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb6c689f0916a5fbd2fc1dfd005b2ce418e8bf29
mxaccess/analysis/ghidra/exports/NmxSvcps.dll.ghidra.md
T
Joseph Doherty fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Details
Initial project state: .NET reference, design, Rust port (M0+M1), evidence 
Layout:
- src/                    .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
                          MxAsbClient, probes, tests, harnesses. Executable spec.
- design/                 Architectural plan for the Rust port (M0–M6), error
                          model, protocol invariants, risks (R1–R16), adversarial
                          review log (review.md).
- rust/                   Rust workspace. M0 skeleton + M1 codec parity.
                          mxaccess-codec: 215 unit tests + 2 cross-implementation
                          parity tests (byte-identical against .NET reference).
                          Other crates are M0 stubs awaiting M2+.
- captures/               Frida + netsh + pcap evidence per CLAUDE.md
                          ("captures are evidence, not throwaway logs").
- analysis/               Decompiled C# (frida/proxy/decompiled-*),
                          Ghidra exports for native DLLs (`exports/` only —
                          working state at `projects/` and AVEVA's input
                          binaries at `input/` are gitignored).
- docs/                   Reverse-engineering reference docs.
- tools/                  Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
                          Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/      Rust CI: fmt + build + test + clippy on Windows.
- LICENSE                 MIT (Joseph Doherty, 2026).

Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly

Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 06:21:00 -04:00

16 KiB
Raw Blame History

NmxSvcps.dll

Program

  • Language: x86:LE:32:default
  • Compiler spec: windows
  • Image base: 10000000
  • Executable format: Portable Executable (PE)

Memory Blocks

Name Start End Size R W X
Headers 10000000 100003ff 1024 Y
.text 10001000 100057ff 18432 Y Y
.orpc 10006000 100061ff 512 Y Y
.rdata 10007000 10009fff 12288 Y
.data 1000a000 1000b9bb 6588 Y Y
.rsrc 1000c000 1000c5ff 1536 Y
.reloc 1000d000 1000d9ff 2560 Y
tdb ffdff000 ffdfffff 4096 Y Y

External Imports

  • KERNEL32.DLL::DecodePointer
  • KERNEL32.DLL::DeleteCriticalSection
  • KERNEL32.DLL::DisableThreadLibraryCalls
  • KERNEL32.DLL::EncodePointer
  • KERNEL32.DLL::EnterCriticalSection
  • KERNEL32.DLL::ExitProcess
  • KERNEL32.DLL::FreeEnvironmentStringsW
  • KERNEL32.DLL::GetACP
  • KERNEL32.DLL::GetCPInfo
  • KERNEL32.DLL::GetCommandLineA
  • KERNEL32.DLL::GetCurrentProcess
  • KERNEL32.DLL::GetCurrentProcessId
  • KERNEL32.DLL::GetCurrentThreadId
  • KERNEL32.DLL::GetEnvironmentStringsW
  • KERNEL32.DLL::GetFileType
  • KERNEL32.DLL::GetLastError
  • KERNEL32.DLL::GetModuleFileNameA
  • KERNEL32.DLL::GetModuleFileNameW
  • KERNEL32.DLL::GetModuleHandleW
  • KERNEL32.DLL::GetOEMCP
  • KERNEL32.DLL::GetProcAddress
  • KERNEL32.DLL::GetStartupInfoW
  • KERNEL32.DLL::GetStdHandle
  • KERNEL32.DLL::GetStringTypeW
  • KERNEL32.DLL::GetSystemTimeAsFileTime
  • KERNEL32.DLL::GetTickCount
  • KERNEL32.DLL::HeapAlloc
  • KERNEL32.DLL::HeapCreate
  • KERNEL32.DLL::HeapDestroy
  • KERNEL32.DLL::HeapFree
  • KERNEL32.DLL::HeapReAlloc
  • KERNEL32.DLL::HeapSize
  • KERNEL32.DLL::InitializeCriticalSectionAndSpinCount
  • KERNEL32.DLL::InterlockedDecrement
  • KERNEL32.DLL::InterlockedIncrement
  • KERNEL32.DLL::IsDebuggerPresent
  • KERNEL32.DLL::IsProcessorFeaturePresent
  • KERNEL32.DLL::IsValidCodePage
  • KERNEL32.DLL::LCMapStringW
  • KERNEL32.DLL::LeaveCriticalSection
  • KERNEL32.DLL::LoadLibraryW
  • KERNEL32.DLL::MultiByteToWideChar
  • KERNEL32.DLL::QueryPerformanceCounter
  • KERNEL32.DLL::RtlUnwind
  • KERNEL32.DLL::SetHandleCount
  • KERNEL32.DLL::SetLastError
  • KERNEL32.DLL::SetUnhandledExceptionFilter
  • KERNEL32.DLL::Sleep
  • KERNEL32.DLL::TerminateProcess
  • KERNEL32.DLL::TlsAlloc
  • KERNEL32.DLL::TlsFree
  • KERNEL32.DLL::TlsGetValue
  • KERNEL32.DLL::TlsSetValue
  • KERNEL32.DLL::UnhandledExceptionFilter
  • KERNEL32.DLL::WideCharToMultiByte
  • KERNEL32.DLL::WriteFile
  • OLEAUT32.DLL::BSTR_UserFree
  • OLEAUT32.DLL::BSTR_UserMarshal
  • OLEAUT32.DLL::BSTR_UserSize
  • OLEAUT32.DLL::BSTR_UserUnmarshal
  • RPCRT4.DLL::CStdStubBuffer_AddRef
  • RPCRT4.DLL::CStdStubBuffer_Connect
  • RPCRT4.DLL::CStdStubBuffer_CountRefs
  • RPCRT4.DLL::CStdStubBuffer_DebugServerQueryInterface
  • RPCRT4.DLL::CStdStubBuffer_DebugServerRelease
  • RPCRT4.DLL::CStdStubBuffer_Disconnect
  • RPCRT4.DLL::CStdStubBuffer_Invoke
  • RPCRT4.DLL::CStdStubBuffer_IsIIDSupported
  • RPCRT4.DLL::CStdStubBuffer_QueryInterface
  • RPCRT4.DLL::IUnknown_AddRef_Proxy
  • RPCRT4.DLL::IUnknown_QueryInterface_Proxy
  • RPCRT4.DLL::IUnknown_Release_Proxy
  • RPCRT4.DLL::NdrCStdStubBuffer_Release
  • RPCRT4.DLL::NdrDllCanUnloadNow
  • RPCRT4.DLL::NdrDllGetClassObject
  • RPCRT4.DLL::NdrDllRegisterProxy
  • RPCRT4.DLL::NdrDllUnregisterProxy
  • RPCRT4.DLL::NdrOleAllocate
  • RPCRT4.DLL::NdrOleFree

Exports and Globals

Name Address Function
Ordinal_2 10001000 DllGetClassObject
DllGetClassObject 10001000 DllGetClassObject
Ordinal_1 10001040 DllCanUnloadNow
DllCanUnloadNow 10001040 DllCanUnloadNow
Ordinal_3 100010a0 DllRegisterServer
DllRegisterServer 100010a0 DllRegisterServer
Ordinal_4 100010e0 DllUnregisterServer
DllUnregisterServer 100010e0 DllUnregisterServer
NdrCStdStubBuffer_Release 1000111c NdrCStdStubBuffer_Release
__CRT_INIT@12 1000118e __CRT_INIT@12
___DllMainCRTStartup 100012f2 ___DllMainCRTStartup
entry 100013e8 entry
___set_flsgetvalue 1000141d ___set_flsgetvalue
__mtterm 10001451 __mtterm
__initptd 1000148e __initptd
__getptd_noexit 10001542 __getptd_noexit
__getptd 100015bb __getptd
__freefls@4 100015d5 __freefls@4
__freeptd 10001704 __freeptd
__mtinit 10001772 __mtinit
_free 100018ed _free
__malloc_crt 10001927 __malloc_crt
__calloc_crt 1000196c __calloc_crt
__realloc_crt 100019b8 __realloc_crt
___crtCorExitProcess 10001a06 ___crtCorExitProcess
___crtExitProcess 10001a31 ___crtExitProcess
__init_pointers 10001a5b __init_pointers
__initterm_e 10001a8e __initterm_e
__cinit 10001ab2 __cinit
doexit 10001b49 doexit
_doexit 10001b49 doexit
__exit 10001c89 __exit
__cexit 10001c9f __cexit
__amsg_exit 10001cae __amsg_exit
__ioinit 10001ccc __ioinit
__ioterm 10001f11 __ioterm
__setenvp 10001f64 __setenvp
parse_cmdline 10002040 parse_cmdline
_parse_cmdline 10002040 parse_cmdline
__setargv 100021da __setargv
___crtGetEnvironmentStringsA 10002295 ___crtGetEnvironmentStringsA
__RTC_Initialize 1000232c __RTC_Initialize
__heap_init 10002378 __heap_init
__heap_term 10002396 __heap_term
__SEH_prolog4 100023b0 __SEH_prolog4
__SEH_epilog4 100023f5 __SEH_epilog4
__except_handler4 10002410 __except_handler4
__XcptFilter 1000259f __XcptFilter
___CppXcptFilter 100026e9 ___CppXcptFilter
___security_init_cookie 10002709 ___security_init_cookie
__mtinitlocks 100027a4 __mtinitlocks
__mtdeletelocks 100027ee __mtdeletelocks
__mtinitlocknum 1000285c __mtinitlocknum
__lock 1000291e __lock
___addlocaleref 10002951 ___addlocaleref
___removelocaleref 100029e0 ___removelocaleref
___freetlocinfo 10002a79 ___freetlocinfo
__updatetlocinfoEx_nolock 10002bc4 __updatetlocinfoEx_nolock
___updatetlocinfo 10002c11 ___updatetlocinfo
CPtoLCID 10002c8a CPtoLCID
?CPtoLCID@@YAHH@Z 10002c8a CPtoLCID
setSBCS 10002cb9 setSBCS
?setSBCS@@YAXPAUthreadmbcinfostruct@@@Z 10002cb9 setSBCS
setSBUpLow 10002d1d setSBUpLow
?setSBUpLow@@YAXPAUthreadmbcinfostruct@@@Z 10002d1d setSBUpLow
___updatetmbcinfo 10002ead ___updatetmbcinfo
??0_LocaleUpdate@@QAE@PAUlocaleinfo_struct@@@Z 10002f51 _LocaleUpdate
getSystemCP 10002fd8 getSystemCP
?getSystemCP@@YAHH@Z 10002fd8 getSystemCP
__setmbcp_nolock 10003054 __setmbcp_nolock
__setmbcp 1000323d __setmbcp
___initmbctable 100033d7 ___initmbctable
__get_errno_from_oserr 100033f5 __get_errno_from_oserr
__errno 10003437 __errno
_malloc 1000344a _malloc
__calloc_impl 100034de __calloc_impl
_realloc 10003560 _realloc
__initp_misc_winsig 10003657 __initp_misc_winsig
siglookup 10003675 siglookup
_siglookup 10003675 siglookup
_raise 100036b9 _raise
__call_reportfault 10003889 __call_reportfault
__invoke_watson 100039b2 __invoke_watson
__invalid_parameter 100039d7 __invalid_parameter
__callnewh 10003a23 __callnewh
__onexit_nolock 10003a4b __onexit_nolock
__onexit 10003b32 __onexit
_atexit 10003b6e _atexit
__initp_misc_cfltcvt_tab 10003b85 __initp_misc_cfltcvt_tab
__ValidateImageBase 10003bb0 __ValidateImageBase
__FindPESection 10003bf0 __FindPESection
__IsNonwritableInCurrentImage 10003c40 __IsNonwritableInCurrentImage
__GET_RTERRMSG 10003cfc __GET_RTERRMSG
__NMSG_WRITE 10003d22 __NMSG_WRITE
__FF_MSGBANNER 10003ed1 __FF_MSGBANNER
_strcpy_s 10003f0a _strcpy_s
_strlen 10003f70 _strlen
x_ismbbtype_l 10003ffb x_ismbbtype_l
?x_ismbbtype_l@@YAHPAUlocaleinfo_struct@@IHH@Z 10003ffb x_ismbbtype_l
__ismbblead 1000404e __ismbblead
__security_check_cookie 10004066 __security_check_cookie
@__security_check_cookie@4 10004066 __security_check_cookie
__local_unwind4 10004080 __local_unwind4
_EH4_CallFilterFunc 10004172 _EH4_CallFilterFunc
@_EH4_CallFilterFunc@8 10004172 _EH4_CallFilterFunc
_EH4_TransferToHandler 10004189 _EH4_TransferToHandler
@_EH4_TransferToHandler@8 10004189 _EH4_TransferToHandler
_EH4_GlobalUnwind2 100041a2 _EH4_GlobalUnwind2
@_EH4_GlobalUnwind2@8 100041a2 _EH4_GlobalUnwind2
_EH4_LocalUnwind 100041bb _EH4_LocalUnwind
@_EH4_LocalUnwind@16 100041bb _EH4_LocalUnwind
___free_lc_time 100041d2 ___free_lc_time
___free_lconv_num 10004549 ___free_lconv_num
___free_lconv_mon 100045b2 ___free_lconv_mon
_memset 100046b0 _memset
__freea 1000472a __freea
__crtLCMapStringA_stat 1000474a __crtLCMapStringA_stat
?__crtLCMapStringA_stat@@YAHPAUlocaleinfo_struct@@KKPBDHPADHHH@Z 1000474a __crtLCMapStringA_stat
___crtLCMapStringA 10004931 ___crtLCMapStringA
__crtGetStringTypeA_stat 10004977 __crtGetStringTypeA_stat
?__crtGetStringTypeA_stat@@YAHPAUlocaleinfo_struct@@KPBDHPAGHHH@Z 10004977 __crtGetStringTypeA_stat
___crtGetStringTypeA 10004a5e ___crtGetStringTypeA
__msize 10004a9e __msize
_abort 10004ad1 _abort
FID_conflict:_memcpy 10004b10 FID_conflict:_memcpy
_memmove 10004b10 FID_conflict:_memcpy
_memcpy 10004b10 FID_conflict:_memcpy
___crtMessageBoxW 10004e82 ___crtMessageBoxW
_wcscat_s 10004fee _wcscat_s
_wcsncpy_s 10005063 _wcsncpy_s
_wcslen 10005130 _wcslen
_wcscpy_s 1000514b _wcscpy_s
__set_error_mode 100051ae __set_error_mode
___report_gsfailure 100051ed ___report_gsfailure
__global_unwind2 10005300 __global_unwind2
__local_unwind2 10005365 __local_unwind2
__NLG_Notify 10005415 __NLG_Notify
__VEC_memzero 10005437 __VEC_memzero
__alloca_probe_16 10005510 __alloca_probe_16
__alloca_probe_8 10005526 __alloca_probe_8
__alloca_probe 10005640 __alloca_probe
__chkstk 10005640 __alloca_probe
RtlUnwind 1000566c RtlUnwind
Rsrc_Version_1_409 1000c0a0 ``
Rsrc_Manifest_2_409 1000c46c ``
ExceptionList ffdff000 ``
StackBase ffdff004 ``
StackLimit ffdff008 ``
SubSystemTib ffdff00c ``
FiberData ffdff010 ``
ArbitraryUserPointer ffdff014 ``
Self ffdff018 ``
EnvironmentPointer ffdff01c ``
ClientId ffdff020 ``
ActiveRpcHandle ffdff028 ``
ThreadLocalStoragePointer ffdff02c ``
ProcessEnvironmentBlock ffdff030 ``
LastErrorValue ffdff034 ``
CountOfOwnedCriticalSections ffdff038 ``
CsrClientThread ffdff03c ``
Win32ThreadInfo ffdff040 ``
User32Reserved ffdff044 ``
UserReserved ffdff0ac ``
WOW32Reserved ffdff0c0 ``
CurrentLocale ffdff0c4 ``
FpSoftwareStatusRegister ffdff0c8 ``
SystemReserved1 ffdff0cc ``
ExceptionCode ffdff1a4 ``
ActivationContextStackPointer ffdff1a8 ``
SpareBytes ffdff1ac ``
TxFsContext ffdff1d0 ``
GdiTebBatch ffdff1d4 ``
RealClientId ffdff6b4 ``
GdiCachedProcessHandle ffdff6bc ``
GdiClientPID ffdff6c0 ``
GdiCLientTID ffdff6c4 ``
GdiThreadLocalInfo ffdff6c8 ``
Win32ClientInfo ffdff6cc ``
glDispatchTable ffdff7c4 ``
glReserved1 ffdffb68 ``
glReserved2 ffdffbdc ``
glSectionInfo ffdffbe0 ``
glSection ffdffbe4 ``
glTable ffdffbe8 ``
glCurrentRC ffdffbec ``
glContext ffdffbf0 ``
LastStatusValue ffdffbf4 ``
StaticUnicodeBuffer ffdffc00 ``
DeallocationStack ffdffe0c ``
TlsSlots ffdffe10 ``
TlsLinks.Flink ffdfff10 ``
TlsLinks.Blink ffdfff14 ``
Vdm ffdfff18 ``
ReservedForNtRpc ffdfff1c ``
DbgSsReserved ffdfff20 ``
HardErrorMode ffdfff28 ``
Instrumentation ffdfff2c ``
ActivityId ffdfff50 ``
SubProcessTag ffdfff60 ``
EtwLocalData ffdfff64 ``
EtwTraceData ffdfff68 ``
WinSockData ffdfff6c ``
GdiBatchCount ffdfff70 ``
IdealProcessorValue ffdfff74 ``
GuaranteedStackBytes ffdfff78 ``
ReservedForPerf ffdfff7c ``
ReservedForOle ffdfff80 ``
WaitingOnLoaderLock ffdfff84 ``
SavedPriorityState ffdfff88 ``
SoftPatchPtr1 ffdfff8c ``
ThreadPoolData ffdfff90 ``
TlsExpansionSlots ffdfff94 ``
MuiGeneration ffdfff98 ``
IsImpersonating ffdfff9c ``
NlsCache ffdfffa0 ``
pShimData ffdfffa4 ``
HeapVirtualAffinity ffdfffa8 ``
CurrentTransactionHandle ffdfffac ``
ActiveFrame ffdfffb0 ``
FlsData ffdfffb4 ``
PreferredLanguages ffdfffb8 ``
UserPrefLanguages ffdfffbc ``
MergedPrefLanguages ffdfffc0 ``
MuiImpersonation ffdfffc4 ``
CrossTebFlags ffdfffc8 ``
SameTebFlags ffdfffca ``
TxnScopeEnterCallback ffdfffcc ``
TxnScopeExitCallback ffdfffd0 ``
TxnScopeContext ffdfffd4 ``
LockCount ffdfffd8 ``
ResourceRetValue ffdfffe0 ``

Interesting Strings and Referencing Functions

Address String Referencing Functions
10007538 INmxSvcCallback ``
10007548 INmxNotify ``
10007554 INmxService ``
10007560 INmxStatus ``
1000756c INmxSvcStatistics ``
10007580 INmxService2 ``
100097f6 NdrDllGetClassObject ``
1000980e NdrDllCanUnloadNow ``
10009824 NdrCStdStubBuffer_Release ``
10009840 NdrDllRegisterProxy ``
10009856 NdrDllUnregisterProxy ``
100099d2 NdrOleFree ``
100099e0 NdrOleAllocate ``
100099f0 RPCRT4.dll ``
10009e80 NmxSvcPS.dll ``
1000c1d0 NmxSvc_v0032 ``
1000c214 NmxSvcps Module ``
1000c40c NmxSvcps.dll ``

Interesting API Callers

Caller Entry Call Targets
DllGetClassObject 10001000 NdrDllGetClassObject
DllCanUnloadNow 10001040 NdrDllCanUnloadNow
FUN_10001050 10001050 NdrCStdStubBuffer_Release
DllRegisterServer 100010a0 NdrDllRegisterProxy
DllUnregisterServer 100010e0 NdrDllUnregisterProxy
setSBCS 10002cb9 _memset
setSBUpLow 10002d1d _memset
__setmbcp_nolock 10003054 _memset
__call_reportfault 10003889 _memset
__crtGetStringTypeA_stat 10004977 _memset
Reference in New Issue View Git Blame Copy Permalink