dohertj2/mxaccess
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb6c689f0916a5fbd2fc1dfd005b2ce418e8bf29
mxaccess/analysis/ghidra/exports/WWProxyStub.dll.ghidra.md
T
Joseph Doherty fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Details
Initial project state: .NET reference, design, Rust port (M0+M1), evidence 
Layout:
- src/                    .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
                          MxAsbClient, probes, tests, harnesses. Executable spec.
- design/                 Architectural plan for the Rust port (M0–M6), error
                          model, protocol invariants, risks (R1–R16), adversarial
                          review log (review.md).
- rust/                   Rust workspace. M0 skeleton + M1 codec parity.
                          mxaccess-codec: 215 unit tests + 2 cross-implementation
                          parity tests (byte-identical against .NET reference).
                          Other crates are M0 stubs awaiting M2+.
- captures/               Frida + netsh + pcap evidence per CLAUDE.md
                          ("captures are evidence, not throwaway logs").
- analysis/               Decompiled C# (frida/proxy/decompiled-*),
                          Ghidra exports for native DLLs (`exports/` only —
                          working state at `projects/` and AVEVA's input
                          binaries at `input/` are gitignored).
- docs/                   Reverse-engineering reference docs.
- tools/                  Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
                          Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/      Rust CI: fmt + build + test + clippy on Windows.
- LICENSE                 MIT (Joseph Doherty, 2026).

Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly

Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 06:21:00 -04:00

135 lines
4.7 KiB
Markdown
Raw Blame History

# WWProxyStub.dll
## Program
- Language: `x86:LE:32:default`
- Compiler spec: `windows`
- Image base: `10000000`
- Executable format: `Portable Executable (PE)`
## Memory Blocks
| Name | Start | End | Size | R | W | X |
| --- | ---: | ---: | ---: | :---: | :---: | :---: |
| `Headers` | `10000000` | `100003ff` | 1024 | Y | | |
| `.text` | `10001000` | `100011ff` | 512 | Y | | Y |
| `.rdata` | `10002000` | `100021ff` | 512 | Y | | |
| `.rsrc` | `10003000` | `100035ff` | 1536 | Y | | |
| `tdb` | `ffdff000` | `ffdfffff` | 4096 | Y | Y | |
## External Imports
## Exports and Globals
| Name | Address | Function |
| --- | ---: | --- |
| `entry` | `10001000` | `entry` |
| `Ordinal_2` | `10001010` | `DllGetClassObject` |
| `DllGetClassObject` | `10001010` | `DllGetClassObject` |
| `Ordinal_1` | `10001020` | `DllCanUnloadNow` |
| `DllCanUnloadNow` | `10001020` | `DllCanUnloadNow` |
| `Ordinal_3` | `10001030` | `DllRegisterServer` |
| `DllRegisterServer` | `10001030` | `DllRegisterServer` |
| `Ordinal_4` | `10001040` | `DllUnregisterServer` |
| `DllUnregisterServer` | `10001040` | `DllUnregisterServer` |
| `Rsrc_Version_1_409` | `100030a0` | `` |
| `Rsrc_Manifest_2_409` | `10003498` | `` |
| `ExceptionList` | `ffdff000` | `` |
| `StackBase` | `ffdff004` | `` |
| `StackLimit` | `ffdff008` | `` |
| `SubSystemTib` | `ffdff00c` | `` |
| `FiberData` | `ffdff010` | `` |
| `ArbitraryUserPointer` | `ffdff014` | `` |
| `Self` | `ffdff018` | `` |
| `EnvironmentPointer` | `ffdff01c` | `` |
| `ClientId` | `ffdff020` | `` |
| `ActiveRpcHandle` | `ffdff028` | `` |
| `ThreadLocalStoragePointer` | `ffdff02c` | `` |
| `ProcessEnvironmentBlock` | `ffdff030` | `` |
| `LastErrorValue` | `ffdff034` | `` |
| `CountOfOwnedCriticalSections` | `ffdff038` | `` |
| `CsrClientThread` | `ffdff03c` | `` |
| `Win32ThreadInfo` | `ffdff040` | `` |
| `User32Reserved` | `ffdff044` | `` |
| `UserReserved` | `ffdff0ac` | `` |
| `WOW32Reserved` | `ffdff0c0` | `` |
| `CurrentLocale` | `ffdff0c4` | `` |
| `FpSoftwareStatusRegister` | `ffdff0c8` | `` |
| `SystemReserved1` | `ffdff0cc` | `` |
| `ExceptionCode` | `ffdff1a4` | `` |
| `ActivationContextStackPointer` | `ffdff1a8` | `` |
| `SpareBytes` | `ffdff1ac` | `` |
| `TxFsContext` | `ffdff1d0` | `` |
| `GdiTebBatch` | `ffdff1d4` | `` |
| `RealClientId` | `ffdff6b4` | `` |
| `GdiCachedProcessHandle` | `ffdff6bc` | `` |
| `GdiClientPID` | `ffdff6c0` | `` |
| `GdiCLientTID` | `ffdff6c4` | `` |
| `GdiThreadLocalInfo` | `ffdff6c8` | `` |
| `Win32ClientInfo` | `ffdff6cc` | `` |
| `glDispatchTable` | `ffdff7c4` | `` |
| `glReserved1` | `ffdffb68` | `` |
| `glReserved2` | `ffdffbdc` | `` |
| `glSectionInfo` | `ffdffbe0` | `` |
| `glSection` | `ffdffbe4` | `` |
| `glTable` | `ffdffbe8` | `` |
| `glCurrentRC` | `ffdffbec` | `` |
| `glContext` | `ffdffbf0` | `` |
| `LastStatusValue` | `ffdffbf4` | `` |
| `StaticUnicodeBuffer` | `ffdffc00` | `` |
| `DeallocationStack` | `ffdffe0c` | `` |
| `TlsSlots` | `ffdffe10` | `` |
| `TlsLinks.Flink` | `ffdfff10` | `` |
| `TlsLinks.Blink` | `ffdfff14` | `` |
| `Vdm` | `ffdfff18` | `` |
| `ReservedForNtRpc` | `ffdfff1c` | `` |
| `DbgSsReserved` | `ffdfff20` | `` |
| `HardErrorMode` | `ffdfff28` | `` |
| `Instrumentation` | `ffdfff2c` | `` |
| `ActivityId` | `ffdfff50` | `` |
| `SubProcessTag` | `ffdfff60` | `` |
| `EtwLocalData` | `ffdfff64` | `` |
| `EtwTraceData` | `ffdfff68` | `` |
| `WinSockData` | `ffdfff6c` | `` |
| `GdiBatchCount` | `ffdfff70` | `` |
| `IdealProcessorValue` | `ffdfff74` | `` |
| `GuaranteedStackBytes` | `ffdfff78` | `` |
| `ReservedForPerf` | `ffdfff7c` | `` |
| `ReservedForOle` | `ffdfff80` | `` |
| `WaitingOnLoaderLock` | `ffdfff84` | `` |
| `SavedPriorityState` | `ffdfff88` | `` |
| `SoftPatchPtr1` | `ffdfff8c` | `` |
| `ThreadPoolData` | `ffdfff90` | `` |
| `TlsExpansionSlots` | `ffdfff94` | `` |
| `MuiGeneration` | `ffdfff98` | `` |
| `IsImpersonating` | `ffdfff9c` | `` |
| `NlsCache` | `ffdfffa0` | `` |
| `pShimData` | `ffdfffa4` | `` |
| `HeapVirtualAffinity` | `ffdfffa8` | `` |
| `CurrentTransactionHandle` | `ffdfffac` | `` |
| `ActiveFrame` | `ffdfffb0` | `` |
| `FlsData` | `ffdfffb4` | `` |
| `PreferredLanguages` | `ffdfffb8` | `` |
| `UserPrefLanguages` | `ffdfffbc` | `` |
| `MergedPrefLanguages` | `ffdfffc0` | `` |
| `MuiImpersonation` | `ffdfffc4` | `` |
| `CrossTebFlags` | `ffdfffc8` | `` |
| `SameTebFlags` | `ffdfffca` | `` |
| `TxnScopeEnterCallback` | `ffdfffcc` | `` |
| `TxnScopeExitCallback` | `ffdfffd0` | `` |
| `TxnScopeContext` | `ffdfffd4` | `` |
| `LockCount` | `ffdfffd8` | `` |
| `ResourceRetValue` | `ffdfffe0` | `` |
## Interesting Strings and Referencing Functions
| Address | String | Referencing Functions |
| ---: | --- | --- |
## Interesting API Callers
| Caller | Entry | Call Targets |
| --- | ---: | --- |
Reference in New Issue View Git Blame Copy Permalink