mspdbsrv.exe is a utility used internally by Microsoft to update PDB files.
The compiler sends symbols updates to mspdbsrv through RPC, and mspdbsrv in turn updates the PDB file.
I'm trying to understand how these updates look like. unfortunately Microsoft did not release the IDL so I don't know the RPC function prototype, nevertheless looking at these updates as raw data is interesting enough.
Here is what I had in mind:
mspdbsrv.exe default endpoint in this case is \RPC Control\mspdb_10.00.30319.01_rtl_32_00000000000733A0. But mspdbsrv has a command line argument -endpoint that sets its endpoint to a different endpoint. The compiler however is probably always connecting to the default endpoint.
I suppose I could create a kind of "Proxy Server" that listens on mspdbsrv default endpoint, run mspdbsrv.exe with a different endpoint, and pass through the RPC to mspdbsrv transparently while logging it. The compiler will not know it is connected to the proxy since the proxy exposes the mspdbsrv endpoint.
Does this make sense? How can I write such proxy RPC server, without IDL?
Perhaps there is a shortcut if someone knows some details about these PDB updates?
Update
I've Found out what's the 00000000000733A0 suffix of mspdbsrv port name...(mspdb_10.00.30319.01_rtl_32_00000000000733A0).
This is the security access token of the current user!
Here is a snippet of how to obtain it:
HANDLE hToken;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken) != 0)
{
TOKEN_STATISTICS tsStats;
DWORD dwOutSize;
if (GetTokenInformation(hToken, TokenStatistics, &tsStats, sizeof(tsStats), &dwOutSize))
{
printf(TEXT("%08x%08x\n"), (UINT)tsStats.AuthenticationId.HighPart, (UINT)tsStats.AuthenticationId.LowPart);
}
}
Related
I can't figure out why web calls do not find the service GetNodeChannels.
I have registered the server with the associated services here:
https://github.com/lncapital/lnc/blob/frontend/cmd/lnc/lnc.go#L158-L168
And I'm creating the server struct and attaching the method here:
https://github.com/lncapital/lnc/blob/frontend/server/server.go
However neither reflection nor grpc-web seems to recognize them. Reflection simply does not show them and web calls respons with Error: unknown service lncrpc.lncrpc
Normal grpc calls work, but reflection and the web wrapped server does not.
Also: when I call: fmt.Printf("%v", grpcServer.GetServiceInfo()) I get this in the terminal:
map[lightning.lncrpc:{[{GetNodeChannels false false}] lncrpc.proto}]
However I have never mentioned lightning anywhere. I do however import a proto file named lightning.proto in my proto file here: https://github.com/lncapital/lnc/blob/frontend/proto/lncrpc.proto#L3
How do I close tcp v4 and tcp v6 connections on Windows? I don't want to kill the entire process that has the open connection as this obviously will kick everyone else off that process. I need to do this from a separate process, and so will not have access to socket handles, etc. I am using Windows API to get tcp table, etc. so I know which connections are active.
One way might be to enumerate all open handles on the system, or at least the open handles of a given target process, until you find the SOCKET handle you are interested in (see HOWTO: Enumerate handles, Socket Handles, and C++ Get Handle of Open Sockets of a Program - though I'm not sure how you would be able to retrieve the IP/Port pairs of a SOCKET to compare to the active connection you are interested in, without injecting remote getsockname()/getpeername() calls into the owning process of the SOCKET).
Once you have found the SOCKET handle you want, you can then close it by using DuplicateHandle() with the DUPLICATE_CLOSE_SOURCE flag 1.
1: This is how the "Close Handle" feature in Process Explorer works.
Since I'm using C#, I cannot PInvoke SetTcpEntry, even as administrator with an app.manifest file, it always sends a 317 error. So I created a C++ .exe to close a comma separated list of ipv4 addresses on the command line using SetTcpEntry, works fine even without an app.manifest file. That solves kicking ipv4 connections.
I tried using the get handles approach with NtQuerySystemInformation but never could get it working quite right, and it is a private mostly undocumented API and seems unsafe to use.
So, for ipv6, I am using windivert and injecting RST flag to ipv6 packets with certain ip addresses. It is as simple as setting the RST flag of an incoming packet before sending it on through with windivert. The downside is, if the client never sends another packet, the ipv6 socket still stays open indefinitely.
Perhaps someday Microsoft will add a SetTcpEntry6 function, but until then this appears to be the only realistic way.
UPDATE 2022-05-01, found this gem at https://www.x86matthew.com/view_post?id=settcpentry6
I have been trying to find some way of redirecting outbound TCP packets under windows.
from from : https://github.com/basil00/Divert/blob/master/doc/windivert.html
"The WinDivert driver is automatically (and silently) installed on demand whenever
your application calls WinDivertOpen(). The calling application must have Administrator privileges."
Am a newbie in windows service programming. I want my Windows service to call the function WinDivertOpen().
Can someone just give a lead sample on how to go about it.
Thanks
We are attempting to connect to a WebDAV server using net use over SSL. On some servers we're seeing an issue in which this connection only succeeds if we specify port 443 in the URL.
Does Map
net use * "https://example.com:443/folder"
net use * "\\example.com#SSL#443\folder"
and, bizarrely, so does this:
net use * "\\example.com#SSLasdf\folder"
Does Not Map
net use * "https://example.com/folder"
net use * "\\example.com#SSL\folder"
In the non-working cases we consistently receive the following error:
System error 67 has occured.
The network name cannot be found.
We have noticed some things that might be useful information:
We have a test server that's configured the same way as the prod server and it works as expected.
In the non-working cases, no incoming requests are ever seen at the prod server from the failing host.
All clients are based on the same image.
The problem does not manifest uniformly on all clients -- some work, some don't.
There is an existing, valid entry for example.com in the client DNS cache.
Flushing the client DNS cache of the affected servers does not resolve the problem.
Once the problem appears, it seems to stick. That is, if I execute one of the working mappings, delete it, and then immediately execute one of the non-working mappings, the problem persists.
We are utterly stumped. Any theories?
You are seeing different behaviors because you are connecting using different names. Once a name has been attempted and failed, the WebClient (this is the service that enables WebDAV) will cache the response for a period. To clear the cache, locate the WebClient service in the Services console and restart it. Or from an administrative command prompt execute the following command:
net.exe stop webclient && net.exe start webclient
We ultimately determined that we were mis-interpreting the System Error 67 that net use was returning. We discovered two interesting things:
In the event that the WebDAV returns a 404 or a 50x on the initial, root folder PROPFIND, net use will (rightly) interpret this as the root folder being unavailable. The fact that it says the network name could not be found let us to believe that the problem was with the name resolution, but it was really just saying, 'hey, I couldn't find anything at this path.'
If 'net use' fails due to a 404/50x, it appears that for a brief period of time it will automatically fail any additional mappings for that same host without issuing a request. For example, if net use http://me.com/foo returns a 404, then net use http://me.com/bar will instantly fail if made in rapid succession to that first call, and no request record will be seen in the WebDAV server logs.
My best guess is that appending the #443 port didn't make any real difference. What it perhaps did do was to trick net use into thinking it was talking to a different host, at least for the purposes of its 'auto-fail' feature. But that's just a guess.
I am writting a RPC client server application on windows. I have gone through RPC sample programs MS has given. But none of them mention port specifically. This probably because RPC uses dynamic port above 1024. But what if I wanted to assign specific port/port range to specific service (my server and client app for example). How can I do that? I can use RPCCFG to assign range but that range will be for all RPC programs (http://support.microsoft.com/kb/908472) right? How can I control a single program? I know it's possible because exchange seem to able to do it for Client Access Service?
Thanks in advance,
-Neel.
You can define ports in the code or use a config file which you read in the code.
status = RpcServerUseProtseqEp(
(char *)"ncacn_ip_tcp", // Use TCP/IP
RPC_C_PROTSEQ_MAX_REQS_DEFAULT, // Backlog queue length for TCP/IP.
(char *)"4747", // TCP/IP port to use.
NULL); // No security.
Success. Jasper