{"id":20563714,"url":"https://github.com/trustedsec/windows-ms-lsat-rpc-example","last_synced_at":"2026-03-14T16:33:19.849Z","repository":{"id":115337117,"uuid":"599138597","full_name":"trustedsec/Windows-MS-LSAT-RPC-Example","owner":"trustedsec","description":"Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD","archived":false,"fork":false,"pushed_at":"2024-01-04T19:34:07.000Z","size":618,"stargazers_count":26,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-28T03:41:23.090Z","etag":null,"topics":["c","cpp","rpc","visual-studio","windows"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trustedsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-08T14:32:39.000Z","updated_at":"2025-03-04T17:25:02.000Z","dependencies_parsed_at":null,"dependency_job_id":"15b1dbb2-3c19-4195-a987-93bb249cca2b","html_url":"https://github.com/trustedsec/Windows-MS-LSAT-RPC-Example","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FWindows-MS-LSAT-RPC-Example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FWindows-MS-LSAT-RPC-Example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FWindows-MS-LSAT-RPC-Example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FWindows-MS-LSAT-RPC-Example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trustedsec","download_url":"https://codeload.github.com/trustedsec/Windows-MS-LSAT-RPC-Example/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248898720,"owners_count":21179830,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","cpp","rpc","visual-studio","windows"],"created_at":"2024-11-16T04:20:25.487Z","updated_at":"2026-03-14T16:33:19.842Z","avatar_url":"https://github.com/trustedsec.png","language":"C","readme":"## Windows RPC Example\n\nThis repository is a companion document to the blog available at [TrustedSec](https://trustedsec.com/blog/rpc-programming-for-the-aspiring-windows-developer) Its main purpose is to help show what an example of calling an RPC function from the generated code of an IDL might look like.\n\nOnce you open the solution you will find two projects\n\n### MS-lsat-poc\n\nThis project simply makes two calls to aquire a policy object handle and then attempt to translate a couple service names to sids.  Succesfull translation means the service exists on the target machine.  This can be done at a user level as of the writing of this post.\n\nThe reason this works is because since windows vista every windows service has an associated virtual account created with the same name as the service itself.  We can take advantage of this to see if a service with a known name exists.  If you want to see how true this is use `sc create` to create a service on your windows machine and then call `sc showsid` on that service to see the virtual account's sid.\n\n### WindowsRpcHelper\n\nThis project is a static library that goes largely unused in the MS-lsat-poc.  It provides a framework to help with prototyping more standard smb based rpc connections.  The main function from this library is `make_rpc_request`.  It takes all the arguments required to bind an rpc connection and then on success calls a callback function you specify, passing in a va_list that can be unpacked using va_arg.\n\n### Credits\n\n[reactos project](https://github.com/reactos/reactos)\n\n[mimikatz](https://github.com/gentilkiwi/mimikatz)\n\n\nThis project will not be maintained beyond its intial release.  Its intended purely as a learning tool with the released blog, and as a helper for others learning RPC.  Any pull requests to this repository will be closed without review.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustedsec%2Fwindows-ms-lsat-rpc-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrustedsec%2Fwindows-ms-lsat-rpc-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustedsec%2Fwindows-ms-lsat-rpc-example/lists"}