Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page How to find out what process issued a windows service start?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-10-2020, 22:55
DavidXanatos DavidXanatos is offline
Family
  
Join Date: Jun 2018
Posts: 183
Rept. Given: 3
Rept. Rcvd 47 Times in 33 Posts
Thanks Given: 59
Thanks Rcvd at 363 Times in 120 Posts
DavidXanatos Reputation: 47
Quote:
Originally Posted by WhoCares View Post
hook the RPC server in services.exe?
Sounds tricky, could you please point me in the direction of a guide or how-to for that task.
Reply With Quote
  #2  
Old 04-11-2020, 06:00
Rasmus Rasmus is offline
Friend
  
Join Date: Jul 2019
Posts: 179
Rept. Given: 0
Rept. Rcvd 9 Times in 8 Posts
Thanks Given: 116
Thanks Rcvd at 106 Times in 64 Posts
Rasmus Reputation: 9
Quote:
Originally Posted by DavidXanatos View Post
Sounds tricky, could you please point me in the direction of a guide or how-to for that task.
Code:
https://docs.microsoft.com/en-us/windows/win32/rpc/how-rpc-works
A quick example though it is in java-
Code:
https://github.com/km-works/portal-rpc-server-hook
You'd need to do the same for services.exe
Reply With Quote
The Following User Says Thank You to Rasmus For This Useful Post:
chants (04-11-2020)
  #3  
Old 04-11-2020, 12:35
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
  
Join Date: Jan 2002
Location: Here
Posts: 468
Rept. Given: 11
Rept. Rcvd 32 Times in 25 Posts
Thanks Given: 69
Thanks Rcvd at 247 Times in 94 Posts
WhoCares Reputation: 32
here is a tutorial with demo source code, but in Chinese
https://bbs.pediy.com/thread-251158.htm

Quote:
Originally Posted by DavidXanatos View Post
Sounds tricky, could you please point me in the direction of a guide or how-to for that task.
__________________
AKA Solomon/blowfish.
Reply With Quote
The Following User Says Thank You to WhoCares For This Useful Post:
DavidXanatos (04-11-2020)
  #4  
Old 05-10-2020, 21:34
agoo agoo is offline
Friend
  
Join Date: Dec 2014
Posts: 129
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 13
Thanks Rcvd at 25 Times in 21 Posts
agoo Reputation: 0
Quote:
Originally Posted by WhoCares View Post
here is a tutorial with demo source code, but in Chinese
https://bbs.pediy.com/thread-251158.htm
Any english version of the tutorial?
Reply With Quote
  #5  
Old 05-11-2020, 09:51
SinaDiR SinaDiR is offline
Family
  
Join Date: Aug 2005
Location: Recycle Bin
Posts: 123
Rept. Given: 14
Rept. Rcvd 34 Times in 22 Posts
Thanks Given: 178
Thanks Rcvd at 227 Times in 63 Posts
SinaDiR Reputation: 34
Quote:
Originally Posted by agoo View Post
Any english version of the tutorial?
Yes, try Google Chrome or use Google Translate !
__________________
UnREal RCE - Persian Crackers
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Some advice on how to load a windows process dump into IDA Pro? rcer General Discussion 7 03-08-2025 00:09


All times are GMT +8. The time now is 16:53.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )