• Stars
    star
    252
  • Rank 161,312 (Top 4 %)
  • Language
    C#
  • License
    The Unlicense
  • Created about 5 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System from 7 to Windows 10.

Windows C# RPC Clients

Generated by James Forshaw 2019.

This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System from 7 to Windows 10 1909.

The purposes of these clients is to aid in security research and systems analysis. They are not designed for general use. If you want to use the APIs exposed by the RPC server then you should find the documented mechanism to do so or complain to Microsoft. The tooling only provides for ALPC connections, there's currently no support for Named Pipe or TCP transports.

The RPC client files are not placed under any specific license as they are automatically generated by a tool. You can recreate them by using the NtObjectManager PowerShell module using the following code on the OS you want to gather the data from. Note that you should install a copy of Debugging Tools for Windows for a version of DBGHELP which supports the public symbol server if you want to resolve function names.

Import-Module NtObjectManager

# Extract all servers from SYSTEM32. You can repeat this for other directories.
$rpc = ls "$env:windir\system32\*" -Include "*.dll","*.exe" `
  | Get-RpcServer -DbgHelpPath \windbg\x64\dbghelp.dll

# Generate C# client files in output_dir.
$rpc | Format-RpcClient -OutputPath .\output_dir

Using the clients requires you to reference the NtApiDotNet assembly, which is available on NuGet

For example usage see the LaunchAdminProcess project which uses the RPC server exported by the AppInfo to spawn a UAC process. It uses the client generated from Windows 7 as the calling information has not changed from 7 through latest versions of Windows 10.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

More Repositories

1

DotNetToJScript

A tool to create a JScript file which loads a .NET v2 assembly from memory.
C#
1,139
star
2

oleviewdotnet

A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container
C#
984
star
3

ExploitRemotingService

A tool to exploit .NET Remoting Services
C#
453
star
4

blackhat-usa-2022-demos

Demos for the Blackhat USA 2022 talk "Taking Kerberos to the Next Level"
PowerShell
260
star
5

windows-logical-eop-workshop

C
221
star
6

CANAPE.Core

A network proxy library written in C# for .NET Core based on CANAPE
C#
172
star
7

infosec-presentations

A repository of previous info-sec presentations I've presented.
145
star
8

IE11SandboxEscapes

Some example source code for fixed IE11 sandbox escapes.
Objective-C
137
star
9

DeviceGuardBypasses

A repository of some of my Windows 10 Device Guard Bypasses
C#
130
star
10

ExploitDotNetDCOM

A tool to exploit .NET DCOM for EoP and RCE. Is fixed in latest versions of the .NET.
C++
82
star
11

WindowsRuntimeSecurityDemos

Demos for Presentation on Windows Runtime Security
C#
69
star
12

DotNetInteropDemos

A set of demos and a PowerShell module to interact with DotNetInterop.
PowerShell
66
star
13

windows-attacksurface-workshop

Workshop material for a Windows Attack Surface Analysis Workshop
65
star
14

ZeroNights2017

Some sample code from my Zero Nights 2017 presentation.
C++
62
star
15

ExampleChatApplication

A simple example chat application written for .NET Core to learn network protocol analysis.
C#
37
star
16

Zer0Con_2018

Repository for my talk on Desktop Bridge at Zer0Con 2018.
PowerShell
33
star
17

DumpReparsePoints

This is a simple tool to dump all the reparse points on an NTFS volume.
C#
32
star
18

setsidmapping

Simple tool to use LsaManageSidNameMapping get LSA to add or remove SID to name mappings.
C#
22
star
19

44con_2014

Materials for 44con 2014 CANAPE Workshop
Python
22
star
20

SuperFunkyChat

An example binary protocol application for learning CANAPE
C#
19
star
21

bh2014

Built binaries for BH 2014 workshop
Python
18
star
22

AxHell

A simple exploitable ActiveX control for RE/VR
C++
18
star
23

canape-ssl-mitm-osx

A simple CANAPE extension to exploit iOS/OSX SSL vulnerability
C#
9
star
24

saturndebug

My old old sega saturn debugger, for information purposes
C
6
star
25

re

Some simple reverse engineering resources
Python
5
star
26

prxtool

C
3
star
27

Sourcey-Jack

Simple injection project to convert network connections to SOCKS
C#
3
star
28

psplinkusb

C
2
star
29

Kanjidic-OSX

A project to convert Jim Breen's Kanji Dictionary to the OSX dictionary.app format
1
star