Windows C# RPC Clients
Generated by James Forshaw 2019.
This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System from 7 to Windows 10 1909.
The purposes of these clients is to aid in security research and systems analysis. They are not designed for general use. If you want to use the APIs exposed by the RPC server then you should find the documented mechanism to do so or complain to Microsoft. The tooling only provides for ALPC connections, there's currently no support for Named Pipe or TCP transports.
The RPC client files are not placed under any specific license as they are automatically generated by a tool. You can recreate them by using the NtObjectManager PowerShell module using the following code on the OS you want to gather the data from. Note that you should install a copy of Debugging Tools for Windows for a version of DBGHELP which supports the public symbol server if you want to resolve function names.
Import-Module NtObjectManager
# Extract all servers from SYSTEM32. You can repeat this for other directories.
$rpc = ls "$env:windir\system32\*" -Include "*.dll","*.exe" `
| Get-RpcServer -DbgHelpPath \windbg\x64\dbghelp.dll
# Generate C# client files in output_dir.
$rpc | Format-RpcClient -OutputPath .\output_dir
Using the clients requires you to reference the NtApiDotNet assembly, which is available on NuGet
For example usage see the LaunchAdminProcess project which uses the RPC server exported by the AppInfo to spawn a UAC process. It uses the client generated from Windows 7 as the calling information has not changed from 7 through latest versions of Windows 10.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.