Joseph Doherty
fe2a6db786
rust / build / test / clippy / fmt (push) Has been cancelled
Layout:
- src/ .NET 10 x64 reference: MxNativeCodec, MxNativeClient,
MxAsbClient, probes, tests, harnesses. Executable spec.
- design/ Architectural plan for the Rust port (M0–M6), error
model, protocol invariants, risks (R1–R16), adversarial
review log (review.md).
- rust/ Rust workspace. M0 skeleton + M1 codec parity.
mxaccess-codec: 215 unit tests + 2 cross-implementation
parity tests (byte-identical against .NET reference).
Other crates are M0 stubs awaiting M2+.
- captures/ Frida + netsh + pcap evidence per CLAUDE.md
("captures are evidence, not throwaway logs").
- analysis/ Decompiled C# (frida/proxy/decompiled-*),
Ghidra exports for native DLLs (`exports/` only —
working state at `projects/` and AVEVA's input
binaries at `input/` are gitignored).
- docs/ Reverse-engineering reference docs.
- tools/ Setup-LiveProbeEnv.ps1 (Infisical credential fetcher),
Compute-Crc.ps1 (.NET parity helper).
- .github/workflows/ Rust CI: fmt + build + test + clippy on Windows.
- LICENSE MIT (Joseph Doherty, 2026).
Verified:
- cargo test --workspace → 217 passed (215 unit + 2 .NET parity), 0 failed
- cargo clippy --workspace -- -D warnings → clean
- cargo fmt --all -- --check → clean
- cargo publish --dry-run -p mxaccess-codec → packages cleanly
Excluded from history (see .gitignore):
- **/bin, **/obj, **/target — build artifacts
- analysis/ghidra/projects/ — Ghidra working state (regenerable)
- analysis/ghidra/input/ — AVEVA proprietary DLLs (vendor IP)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
92 lines
28 KiB
JSON
92 lines
28 KiB
JSON
____
|
|
/ _ | Frida 17.9.1 - A world-class dynamic instrumentation toolkit
|
|
| (_| |
|
|
> _ | Commands:
|
|
/_/ |_| help -> Displays the help system
|
|
. . . . object? -> Display information about 'object'
|
|
. . . . exit/quit -> Exit
|
|
. . . .
|
|
. . . . More info at https://frida.re/docs/home/
|
|
. . . .
|
|
. . . . Connected to Local System (id=local)
|
|
Spawning `C:\Users\dohertj2\Desktop\mxaccess\src\MxTraceHarness\bin\Release\net481\MxTraceHarness.exe --scenario=write --tag=TestChildObject.TestDateTime --type=datetime --values=2026-04-25T02:30:00,2026-04-25T02:31:00,2026-04-25T02:32:00 --user-id=1 --write-delay-ms=1000 --write-interval-ms=700 --duration=4 --log=C:\Users\dohertj2\Desktop\mxaccess\captures\028-frida-write-test-datetime-sequence\harness.log --client=MxFridaTrace-028-frida-write-test-datetime-sequence`...
|
|
Spawned `C:\Users\dohertj2\Desktop\mxaccess\src\MxTraceHarness\bin\Release\net481\MxTraceHarness.exe --scenario=write --tag=TestChildObject.TestDateTime --type=datetime --values=2026-04-25T02:30:00,2026-04-25T02:31:00,2026-04-25T02:32:00 --user-id=1 --write-delay-ms=1000 --write-interval-ms=700 --duration=4 --log=C:\Users\dohertj2\Desktop\mxaccess\captures\028-frida-write-test-datetime-sequence\harness.log --client=MxFridaTrace-028-frida-write-test-datetime-sequence`. Resuming main thread!
|
|
[Local::MxTraceHarness.exe ]-> {"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","base":"0x65a40000","rva":"0x12c0c","address":"0x65a52c0c","time":"2026-04-25T06:27:02.976Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantB","base":"0x65a40000","rva":"0x13280","address":"0x65a53280","time":"2026-04-25T06:27:02.977Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.WriteSecured.variantA","base":"0x65a40000","rva":"0x12f24","address":"0x65a52f24","time":"2026-04-25T06:27:02.978Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.WriteSecured.variantB","base":"0x65a40000","rva":"0x135fe","address":"0x65a535fe","time":"2026-04-25T06:27:02.978Z"}
|
|
{"event":"hook.installed","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","base":"0x65a40000","rva":"0x142b4","address":"0x65a542b4","time":"2026-04-25T06:27:02.979Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","base":"0x64180000","rva":"0x10996","address":"0x64190996","time":"2026-04-25T06:27:10.122Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","base":"0x64180000","rva":"0x112da","address":"0x641912da","time":"2026-04-25T06:27:10.123Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","base":"0x64180000","rva":"0x15169","address":"0x64195169","time":"2026-04-25T06:27:10.123Z"}
|
|
{"event":"hook.installed","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequestEx","base":"0x64180000","rva":"0x159c3","address":"0x641959c3","time":"2026-04-25T06:27:10.124Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","address":"0x65a542b4","ecx":"0xafed7c","args":["0x5f28ff0","0x1","0x1","0xa8837d04","0x74794704"],"time":"2026-04-25T06:27:10.220Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.AdviseSupervisory","retval":"0x0","time":"2026-04-25T06:27:10.221Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x90fc738","0x1","0x1","0x1","0x2","0x0","0x13a","0x9100648","0xafea40","0x5d23e122"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":1,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":314,"ptr":"0x9100648","hex":"17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 6a 00 00 00 40 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 d0 fc 0f 09 1f 01 00 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba 00 00 01 00 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 76 00 00 00 4c 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 43 00 6f 00 6e 00 66 00 69 00 67 00 43 00 68 00 61"}],"time":"2026-04-25T06:27:10.350Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x1","0x168","0x9a84020","0xdfcc8c99","0x9100214","0x9100204","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":360,"ptr":"0x9a84020","hex":"01 00 3a 01 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 02 00 00 30 75 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 6a 00 00 00 40 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 d0 fc 0f 09 1f 01 00 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba 00 00 01 00 00 00 17 01 00 01 01 00 01 00 00 00 65 00 71 00 0a 00 00 00 00 00 08 76 00 00 00 4c 00 00 81 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d"}],"time":"2026-04-25T06:27:10.353Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:10.354Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:27:10.354Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x90fc738","0x1","0x1","0x2","0x2","0x0","0x27","0x91ce9a8","0xafea40","0x5d23e122"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":39,"ptr":"0x91ce9a8","hex":"1f 01 00 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba 00 00 05 00 36 d7 02 00 9f 00 0a 00 62 49 00 00 03 00 00 00"}],"time":"2026-04-25T06:27:10.355Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x2","0x55","0x9a84020","0xdfcc8c99","0x91d9584","0x91d9574","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":85,"ptr":"0x9a84020","hex":"01 00 27 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 1f 01 00 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba 00 00 05 00 36 d7 02 00 9f 00 0a 00 62 49 00 00 03 00 00 00"}],"time":"2026-04-25T06:27:10.358Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:10.358Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:27:10.359Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x90fc738","args":["0x5c","0x78962d0","0x741ece0","0x76ffedd8","0x90fc744","0x5c","0x78962d0","0x206","0x3","0x765f8a4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":92,"ptr":"0x78962d0","hex":"01 00 2e 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 00 00 50 80 01 00 01 00 02 00 30 75 00 00 e5 c1 81 a9 f6 1b d0 4d 8e 68 b0 2a 1c c0 40 c8 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x765f8a4","hex":"90 b3 59"}],"time":"2026-04-25T06:27:10.365Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:27:10.365Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x90fc738","args":["0x76","0x78a6720","0x741ece0","0x76ffedd8","0x90fc744","0x76","0x78a6720","0x206","0x3","0x765f8a4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":118,"ptr":"0x78a6720","hex":"01 00 48 00 00 00 00 00 00 00 78 76 04 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 32 01 00 01 00 00 00 e5 c1 81 a9 f6 1b d0 4d 8e 68 b0 2a 1c c0 40 c8 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba 03 00 00 00 03 00 00 00 c0 00 b0 a0 e2 57 47 bd dc 01 06 0a 00 00 00 c0 d6 54 04 aa b9 dc 01 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x765f8a4","hex":"90 b3 59"}],"time":"2026-04-25T06:27:10.368Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:27:10.368Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x90fc738","args":["0x2c2","0x791ed68","0x741ece0","0x76ffedd8","0x90fc744","0x2c2","0x791ed68","0x206","0x3","0x765f8a4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":706,"ptr":"0x791ed68","hex":"01 00 94 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 40 1f 50 80 08 a6 00 00 00 40 00 00 91 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 2e 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 18 00 00 00 44 00 65 00 76 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 00 6d 00 00 00 28 00 00 00 47 00 52 00 2e 00 54 00 69 00 6d 00 65 00 4f 00 66 00 4c 00 61 00 73 00 74 00 44 00 65 00 70 00 6c 00 6f 00 79 00 00 00 02 00 00 00 00 00 01 01 00 01 00 01 00 53 f2 9a 00 6a 00 0a 00 5f f1 00 00 01 6c 00 00 00 41 00 6e 00 20 00 69 00 6e 00 74 00 65 00 72 00 6e 00 61 00 6c 00 20 00 65 00 72 00 72 00 6f"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x765f8a4","hex":"90 b3 59"}],"time":"2026-04-25T06:27:10.400Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:27:10.401Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x90fc738","args":["0x97","0x7916528","0x741ece0","0x76ffedd8","0x90fc744","0x97","0x7916528","0x206","0x3","0x765f8a4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":151,"ptr":"0x7916528","hex":"01 00 69 00 00 00 00 00 00 00 a2 ec 08 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 32 01 00 02 00 00 00 92 e4 b6 f0 35 ad bc 46 a0 ea 5c 4b 34 cb 9f 90 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba 01 00 00 00 03 00 00 00 c0 00 20 2e 5a 46 28 d3 dc 01 06 0a 00 00 00 00 a0 41 c3 55 bd dc 01 00 00 02 00 00 00 03 00 00 00 c0 00 80 18 5b 46 28 d3 dc 01 06 0a 00 00 00 80 c1 75 25 a5 bd dc 01 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x765f8a4","hex":"90 b3 59"}],"time":"2026-04-25T06:27:10.403Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:27:10.403Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x2","0x2e","0x9a84020","0xdfcc8cb5","0x90f7010","0x0","0x0","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":46,"ptr":"0x9a84020","hex":"01 00 00 00 00 00 00 00 00 00 78 76 04 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 02 02 00 00 30 75 00 00"}],"time":"2026-04-25T06:27:10.494Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:10.495Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x1","0x2e","0x9a84020","0xdfcc8cb5","0x90f7010","0x0","0x0","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":46,"ptr":"0x9a84020","hex":"01 00 00 00 00 00 00 00 00 00 a2 ec 08 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 01 00 00 00 02 02 00 00 30 75 00 00"}],"time":"2026-04-25T06:27:10.497Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:10.498Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","address":"0x65a52c0c","ecx":"0xafed70","args":["0x5f28ff0","0x1","0x1","0x7","0x0","0x55555555","0x40e68723","0x1","0xa8837d04","0x74794704"],"time":"2026-04-25T06:27:11.271Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","retval":"0x0","time":"2026-04-25T06:27:11.271Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x90fc738","0x1","0x1","0x2","0x2","0x0","0x56","0x91d9bc8","0xafea40","0x5d23e122"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":86,"ptr":"0x91d9bc8","hex":"37 01 00 05 00 36 d7 02 00 9f 00 0a 00 62 49 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 32 00 3a 00 33 00 30 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 ff ff 00 00 00 00 00 00 00 00 58 94 b8 08 01 00 00 00"}],"time":"2026-04-25T06:27:11.324Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x2","0x84","0x9a84020","0xdfcc8c99","0x90f77f4","0x90f77e4","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":132,"ptr":"0x9a84020","hex":"01 00 56 00 00 00 00 00 00 00 03 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 37 01 00 05 00 36 d7 02 00 9f 00 0a 00 62 49 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 32 00 3a 00 33 00 30 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 ff ff 00 00 00 00 00 00 00 00 58 94 b8 08 01 00 00 00"}],"time":"2026-04-25T06:27:11.325Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:11.326Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:27:11.326Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x90fc738","args":["0x33","0x78962d0","0x741ece0","0x76ffedd8","0x90fc744","0x33","0x78962d0","0x206","0x3","0x765f8a4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":51,"ptr":"0x78962d0","hex":"01 00 05 00 00 00 00 00 00 00 03 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 00 00 50 80 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x765f8a4","hex":"90 b3 59"}],"time":"2026-04-25T06:27:11.344Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:27:11.345Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x90fc738","args":["0x62","0x7916528","0x741ece0","0x76ffedd8","0x90fc744","0x62","0x7916528","0x206","0x3","0x765f8a4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":98,"ptr":"0x7916528","hex":"01 00 34 00 00 00 00 00 00 00 7b 76 04 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 33 01 00 01 00 00 00 e5 c1 81 a9 f6 1b d0 4d 8e 68 b0 2a 1c c0 40 c8 03 00 00 00 c0 00 f0 1f 8e 8c 7c d4 dc 01 06 0a 00 00 00 00 24 15 f1 7c d4 dc 01 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x765f8a4","hex":"90 b3 59"}],"time":"2026-04-25T06:27:11.346Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:27:11.346Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x2","0x2e","0x9a84020","0xdfcc8cb5","0x90f7010","0x0","0x0","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":46,"ptr":"0x9a84020","hex":"01 00 00 00 00 00 00 00 00 00 7b 76 04 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 02 02 00 00 30 75 00 00"}],"time":"2026-04-25T06:27:11.431Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:11.432Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","address":"0x65a52c0c","ecx":"0xafed70","args":["0x5f28ff0","0x1","0x1","0x7","0x0","0x5b05b05b","0x40e68723","0x1","0xa8837d04","0x74794704"],"time":"2026-04-25T06:27:11.996Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","retval":"0x0","time":"2026-04-25T06:27:11.997Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x90fc738","0x1","0x1","0x2","0x2","0x0","0x56","0x91d9bc8","0xafea40","0x5d23e122"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":86,"ptr":"0x91d9bc8","hex":"37 01 00 05 00 36 d7 02 00 9f 00 0a 00 62 49 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 32 00 3a 00 33 00 31 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 ff ff 00 00 00 00 00 00 00 00 58 94 b8 08 02 00 00 00"}],"time":"2026-04-25T06:27:12.100Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x2","0x84","0x9a84020","0xdfcc8c99","0x91d99dc","0x91d99cc","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":132,"ptr":"0x9a84020","hex":"01 00 56 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 37 01 00 05 00 36 d7 02 00 9f 00 0a 00 62 49 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 32 00 3a 00 33 00 31 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 ff ff 00 00 00 00 00 00 00 00 58 94 b8 08 02 00 00 00"}],"time":"2026-04-25T06:27:12.101Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:12.102Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:27:12.102Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x90fc738","args":["0x33","0x7922080","0x741ece0","0x76ffedd8","0x90fc744","0x33","0x7922080","0x206","0x3","0x765f8a4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":51,"ptr":"0x7922080","hex":"01 00 05 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 00 00 50 80 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x765f8a4","hex":"90 b3 59"}],"time":"2026-04-25T06:27:12.108Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:27:12.108Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x90fc738","args":["0x62","0x78962d0","0x741ece0","0x76ffedd8","0x90fc744","0x62","0x78962d0","0x206","0x3","0x765f8a4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":98,"ptr":"0x78962d0","hex":"01 00 34 00 00 00 00 00 00 00 7f 76 04 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 33 01 00 01 00 00 00 e5 c1 81 a9 f6 1b d0 4d 8e 68 b0 2a 1c c0 40 c8 03 00 00 00 c0 00 a0 8c 02 8d 7c d4 dc 01 06 0a 00 00 00 00 6a d8 14 7d d4 dc 01 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x765f8a4","hex":"90 b3 59"}],"time":"2026-04-25T06:27:12.109Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:27:12.110Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x2","0x2e","0x9a84020","0xdfcc8cb5","0x90f7010","0x0","0x0","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":46,"ptr":"0x9a84020","hex":"01 00 00 00 00 00 00 00 00 00 7f 76 04 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 02 02 00 00 30 75 00 00"}],"time":"2026-04-25T06:27:12.208Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:12.209Z"}
|
|
{"event":"call.enter","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","address":"0x65a52c0c","ecx":"0xafed70","args":["0x5f28ff0","0x1","0x1","0x7","0x0","0x60b60b61","0x40e68723","0x1","0xa8837d04","0x74794704"],"time":"2026-04-25T06:27:12.719Z"}
|
|
{"event":"call.leave","module":"LmxProxy.dll","name":"CLMXProxyServer.Write.variantA","retval":"0x0","time":"2026-04-25T06:27:12.720Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x90fc738","0x1","0x1","0x2","0x2","0x0","0x56","0x91d9bc8","0xafea40","0x5d23e122"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":86,"ptr":"0x91d9bc8","hex":"37 01 00 05 00 36 d7 02 00 9f 00 0a 00 62 49 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 32 00 3a 00 33 00 32 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 ff ff 00 00 00 00 00 00 00 00 58 94 b8 08 03 00 00 00"}],"time":"2026-04-25T06:27:12.772Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x2","0x84","0x9a84020","0xdfcc8c99","0x90f77f4","0x90f77e4","0x641add04","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":132,"ptr":"0x9a84020","hex":"01 00 56 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 37 01 00 05 00 36 d7 02 00 9f 00 0a 00 62 49 00 00 05 2e 00 00 00 2a 00 00 00 34 00 2f 00 32 00 35 00 2f 00 32 00 30 00 32 00 36 00 20 00 32 00 3a 00 33 00 32 00 3a 00 30 00 30 00 20 00 41 00 4d 00 00 00 ff ff 00 00 00 00 00 00 00 00 58 94 b8 08 03 00 00 00"}],"time":"2026-04-25T06:27:12.773Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:12.773Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:27:12.774Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x90fc738","args":["0x33","0x7916528","0x741ece0","0x76ffedd8","0x90fc744","0x33","0x7916528","0x206","0x3","0x765f8a4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":51,"ptr":"0x7916528","hex":"01 00 05 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 02 02 00 00 30 75 00 00 00 00 50 80 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x765f8a4","hex":"90 b3 59"}],"time":"2026-04-25T06:27:12.819Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:27:12.820Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","address":"0x641912da","ecx":"0x90fc738","args":["0x62","0xddf2c0","0x741ece0","0x76ffedd8","0x90fc744","0x62","0xddf2c0","0x206","0x3","0x765f8a4"],"candidates":[{"sizeIndex":5,"ptrIndex":6,"size":98,"ptr":"0xddf2c0","hex":"01 00 34 00 00 00 00 00 00 00 82 76 04 00 01 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 02 00 00 30 75 00 00 33 01 00 01 00 00 00 e5 c1 81 a9 f6 1b d0 4d 8e 68 b0 2a 1c c0 40 c8 03 00 00 00 c0 00 20 31 6f 8d 7c d4 dc 01 06 0a 00 00 00 00 b0 9b 38 7d d4 dc 01 00 00"},{"sizeIndex":7,"ptrIndex":8,"size":518,"ptr":"0x3","hex":""},{"sizeIndex":8,"ptrIndex":9,"size":3,"ptr":"0x765f8a4","hex":"90 b3 59"}],"time":"2026-04-25T06:27:12.821Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.ProcessDataReceived","retval":"0x1","time":"2026-04-25T06:27:12.821Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x2","0x2e","0x9a84020","0xdfcc8cb5","0x90f7010","0x0","0x0","0x0"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":46,"ptr":"0x9a84020","hex":"01 00 00 00 00 00 00 00 00 00 82 76 04 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 02 02 00 00 30 75 00 00"}],"time":"2026-04-25T06:27:12.878Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:12.879Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x90fc738","0x1","0x1","0x1","0x2","0x0","0x3a","0x91ce7f8","0xafebfc","0x5d23e36e"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":1,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":58,"ptr":"0x91ce7f8","hex":"21 01 00 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba 01 00 53 f2 9a 00 6a 00 0a 00 5f f1 00 00 01 00 00 00 22 01 00 01 00 53 f2 9a 00 6b 00 0a 00 87 3a 00 00 02 00 00 00"}],"time":"2026-04-25T06:27:16.778Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x1","0x68","0x9a84020","0xdfcc8f45","0x90f77f4","0x90f77e4","0x641add04","0x64"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":104,"ptr":"0x9a84020","hex":"01 00 3a 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 02 00 00 30 75 00 00 21 01 00 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba 01 00 53 f2 9a 00 6a 00 0a 00 5f f1 00 00 01 00 00 00 22 01 00 01 00 53 f2 9a 00 6b 00 0a 00 87 3a 00 00 02 00 00 00"}],"time":"2026-04-25T06:27:16.780Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:16.780Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:27:16.781Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","address":"0x64195169","ecx":"0x1","args":["0x90fc738","0x1","0x1","0x2","0x2","0x0","0x25","0x91ce1c8","0xafebfc","0x5d23e36e"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":2,"ptr":"0x2","hex":""},{"sizeIndex":6,"ptrIndex":7,"size":37,"ptr":"0x91ce1c8","hex":"21 01 00 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba 05 00 36 d7 02 00 9f 00 0a 00 62 49 00 00 03 00 00 00"}],"time":"2026-04-25T06:27:16.782Z"}
|
|
{"event":"nmx.enter","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","address":"0x64190996","ecx":"0x90fc738","args":["0x1","0x1","0x2","0x53","0x9a84020","0xdfcc8f45","0x91d9584","0x91d9574","0x641add04","0x64"],"candidates":[{"sizeIndex":3,"ptrIndex":4,"size":83,"ptr":"0x9a84020","hex":"01 00 25 00 00 00 00 00 00 00 07 00 00 00 01 00 00 00 01 00 00 00 fb 7f 00 00 01 00 00 00 01 00 00 00 02 00 00 00 01 02 00 00 30 75 00 00 21 01 00 b8 0e 42 27 b6 74 7a 43 9f 03 79 02 6c 2c 9e ba 05 00 36 d7 02 00 9f 00 0a 00 62 49 00 00 03 00 00 00"}],"time":"2026-04-25T06:27:16.783Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.TransferData","retval":"0x0","time":"2026-04-25T06:27:16.784Z"}
|
|
{"event":"nmx.leave","module":"NmxAdptr.dll","name":"CNmxAdapter.PutRequest","retval":"0x0","time":"2026-04-25T06:27:16.784Z"}
|
|
Process terminated
|
|
|
|
Thank you for using Frida!
|