search

silverf0x / RpcView

RpcView is a free tool to explore and decompile Microsoft RPC interfaces
GNU General Public License v3.0
893 stars 247 forks source link

RpcView doesnt detect Named pipes #69

Open 0xDivyanshu-new opened 1 year ago

0xDivyanshu-new commented 1 year ago

Hi folks,

I have been playing around with RPC using RpcView and Process Hacker. Listing down all open handles in process hacker for a service running as SYSTEM shows me that a handle to \NamedPipe\dbxsvc is opened and this name pipe is accessible by everyone.

Screenshot 2023-07-11 at 09 43 00

On other hand, using RpcView to view this name pipe just returns everything and it doesn't even contain the application dbxsvc.exe in interface list.

Screenshot 2023-07-11 at 09 44 14

It seems to me that there is a issue with some sort of exception handling in RpcView where if it encounters any error, it will list all RPC Interface exposed on the system.

Let me know what you guys think of this

0xDivyanshu-new commented 1 year ago

Looking into the Named pipes via ObjectExplorer, it seems that it has reached the max number of instances possible for that named pipe. Can that be the reason by RpcView is not able to parse it?

Screenshot 2023-07-11 at 10 01 56