examples: add remote mgmt example

Author: oiweiwei

examples/samples_with_config/epm.go

@@ -134,6 +134,7 @@ func main() {
 	fmt.Println("ievent")
 
 	MapSyntax(ctx, cli, eventlog.EventlogSyntaxV0_0)
+
 }
 
 func MapSyntax(ctx context.Context, cli epm.EpmClient, syntax *dcerpc.SyntaxID) {

examples/samples_with_config/mgmt.go

@@ -0,0 +1,88 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"os"
+
+	config "github.com/oiweiwei/go-msrpc/config"
+	config_flag "github.com/oiweiwei/go-msrpc/config/flag"
+	"github.com/oiweiwei/go-msrpc/dcerpc"
+	"github.com/oiweiwei/go-msrpc/msrpc/mgmt/mgmt/v1"
+	"github.com/oiweiwei/go-msrpc/msrpc/well_known"
+	"github.com/oiweiwei/go-msrpc/ssp/gssapi"
+)
+
+var (
+	cfg = config.New().DisableEPM()
+)
+
+var Statistics = [4]string{
+	"RPC_C_STATS_CALLS_IN",
+	"RPC_C_STATS_CALLS_OUT",
+	"RPC_C_STATS_PKTS_IN",
+	"RPC_C_STATS_PKTS_OUT",
+}
+
+func init() {
+
+	config_flag.BindFlags(cfg, flag.CommandLine)
+}
+
+func main() {
+
+	if err := config_flag.ParseAndValidate(cfg, flag.CommandLine); err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return
+	}
+
+	ctx := gssapi.NewSecurityContext(context.Background())
+
+	cc, err := dcerpc.Dial(ctx, cfg.ServerAddr(), cfg.DialOptions(ctx)...)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return
+	}
+	defer cc.Close(ctx)
+
+	cli2, err := mgmt.NewManagementClient(ctx, cc, cfg.ClientOptions(ctx)...)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return
+	}
+
+	stats, err := cli2.InquireStats(ctx, &mgmt.InquireStatsRequest{Count: 4})
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return
+	}
+
+	for i, v := range stats.Statistics {
+		if i >= len(Statistics) {
+			fmt.Printf("unknown statistic %d: %d\n", i, v)
+		}
+		fmt.Printf("%s: %d\n", Statistics[i], v)
+	}
+
+	ifs, err := cli2.InquireInterfaceIDs(ctx, &mgmt.InquireInterfaceIDsRequest{})
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return
+	}
+
+	for i, iff := range ifs.InterfaceIDVector.InterfaceID {
+		fmt.Printf("[%d]: %s %s %d.%d\n", i, iff.UUID.UUID(), (*well_known.UUID)(iff.UUID.UUID()).Describe(), iff.VersMajor, iff.VersMinor)
+	}
+
+	resp2, err := cli2.InquirePrincName(ctx, &mgmt.InquirePrincNameRequest{
+		AuthnProto:    uint32(dcerpc.AuthTypeWinNT),
+		PrincNameSize: 1024},
+	)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return
+	}
+
+	fmt.Println("Server principal name:", resp2.PrincName)
+}

msrpc/well_known/data/well_known_endpoints.tsv

@@ -326,6 +326,7 @@ F120A684-B926-447F-9DF4-C966CB785648	MS-RAI	Remote Assistance Initiation Protoco
 45F52C28-7F9F-101A-B52B-08002B2EFABE	MS-RAIW	Remote Administrative Interface: WINS	winsif	v1.0	ncacn_np:WinsPipe
 A35AF600-9CF4-11CD-A076-08002B2BD711	MS-RDPESC	Remote Desktop Protocol: Smart Card Virtual Channel Extension	TypeScardPack	v1.0	
 E1AF8308-5D1F-11C9-91A4-08002B14A0FA	MS-RPCE	Endpoint Mapper Protocol	EndpointMapper	v3.0	ncacn_ip_tcp:135 ncacn_np:epmapper
+AFA8BD80-7D8A-11C9-BEF4-08002B102989	MS-RPCE	Remote Management Protocol	RemoteManagement	v1.0	ncacn_ip_tcp:135
 71710533-BEBA-4937-8319-B5DBEF9CCC36	MS-RPCE	Transfer Syntax NDR64	TransferNDR64	v1.0	
 8A885D04-1CEB-11C9-9FE8-08002B104860	MS-RPCE	Transfer Syntax NDR	TransferNDR	v2.0	
 E33C0CC4-0482-101A-BC0C-02608C6BA218	MS-RPCL	Remote Procedure Call Location Services Extensions	LocToLoc	v1.0	ncacn_np:Locator
@@ -753,3 +754,11 @@ B4CB7611-AD0B-4C2D-B35F-FFE45785C709	MS-DLL	wwansvc.dll: WWAN Auto Config Servic
 9C56D792-0591-4431-8D1F-681BFD80E4C0	MS-DLL	wwansvc.dll: WWAN Auto Config Service	Wwan2Rpc	v1.0	
 DE2DAF3B-5C16-4613-B204-D810EE629D9E	MS-DLL	wwansvc.dll: WWAN Auto Config Service	WwanMgmtRpc	v1.0	
 C503F532-443A-4C69-8300-CCD1FBDB3839	MS-DLL	mpsvc.dll: Windows Defender Service	IMpService	v2.0	
+C6F3EE72-CE7E-11D1-B71E-00C04FC3111A	RPCSS	Machine Activator Control	IMachineActivatorControl	v1.0	
+00000136-0000-0000-C000-000000000046	RPCSS	The ISCM Local Activactor	ISCMLocalActivator	v0.0	
+412F241E-C12A-11CE-ABFF-0020AF6E7A17	RPCSS	The ISCM RPC interface	ISCM	v0.2 ncacn_ip_tcp:135	
+B9E79E60-3D52-11CE-AAA1-00006901293F	RPCSS	Running Object Table Interface	IROT	v0.2	ncacn_ip_tcp:135
+E60C73E6-88F9-11CF-9AF1-0020AF6E72F4	RPCSS	Local Object Exporter Service	ILocalObjectExporter	v2.0	ncacn_ip_tcp:135
+0B0A6584-9E0F-11CF-A3CF-00805F68CB1B	RPCSS	Local Endpoint Mapper	localepmp	v1.1	
+1D55B526-C137-46C5-AB79-638F2A68E869	RPCSS	Dbgidl	Dbgidl	v1.0	
+64FE0B7F-9EF5-4553-A7DB-9A1975777554	RPCSS	Fwidl	Fwidl	v1.0	

msrpc/well_known/well_known_endpoints.go

@@ -333,6 +333,7 @@ var (
 	MSRAIWWinsif                                      = uuid.UUID{TimeLow: 0x45f52c28, TimeMid: 0x7f9f, TimeHiAndVersion: 0x101a, ClockSeqHiAndReserved: 0xb5, ClockSeqLow: 0x2b, Node: [6]uint8{0x8, 0x0, 0x2b, 0x2e, 0xfa, 0xbe}}
 	MSRDPESCTypeScardPack                             = uuid.UUID{TimeLow: 0xa35af600, TimeMid: 0x9cf4, TimeHiAndVersion: 0x11cd, ClockSeqHiAndReserved: 0xa0, ClockSeqLow: 0x76, Node: [6]uint8{0x8, 0x0, 0x2b, 0x2b, 0xd7, 0x11}}
 	MSRPCEEndpointMapper                              = uuid.UUID{TimeLow: 0xe1af8308, TimeMid: 0x5d1f, TimeHiAndVersion: 0x11c9, ClockSeqHiAndReserved: 0x91, ClockSeqLow: 0xa4, Node: [6]uint8{0x8, 0x0, 0x2b, 0x14, 0xa0, 0xfa}}
+	MSRPCERemoteManagement                            = uuid.UUID{TimeLow: 0xafa8bd80, TimeMid: 0x7d8a, TimeHiAndVersion: 0x11c9, ClockSeqHiAndReserved: 0xbe, ClockSeqLow: 0xf4, Node: [6]uint8{0x8, 0x0, 0x2b, 0x10, 0x29, 0x89}}
 	MSRPCETransferNDR64                               = uuid.UUID{TimeLow: 0x71710533, TimeMid: 0xbeba, TimeHiAndVersion: 0x4937, ClockSeqHiAndReserved: 0x83, ClockSeqLow: 0x19, Node: [6]uint8{0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36}}
 	MSRPCETransferNDR                                 = uuid.UUID{TimeLow: 0x8a885d04, TimeMid: 0x1ceb, TimeHiAndVersion: 0x11c9, ClockSeqHiAndReserved: 0x9f, ClockSeqLow: 0xe8, Node: [6]uint8{0x8, 0x0, 0x2b, 0x10, 0x48, 0x60}}
 	MSRPCLLocToLoc                                    = uuid.UUID{TimeLow: 0xe33c0cc4, TimeMid: 0x482, TimeHiAndVersion: 0x101a, ClockSeqHiAndReserved: 0xbc, ClockSeqLow: 0xc, Node: [6]uint8{0x2, 0x60, 0x8c, 0x6b, 0xa2, 0x18}}
@@ -760,6 +761,14 @@ var (
 	MSDLLWwan2Rpc                                     = uuid.UUID{TimeLow: 0x9c56d792, TimeMid: 0x591, TimeHiAndVersion: 0x4431, ClockSeqHiAndReserved: 0x8d, ClockSeqLow: 0x1f, Node: [6]uint8{0x68, 0x1b, 0xfd, 0x80, 0xe4, 0xc0}}
 	MSDLLWwanMgmtRpc                                  = uuid.UUID{TimeLow: 0xde2daf3b, TimeMid: 0x5c16, TimeHiAndVersion: 0x4613, ClockSeqHiAndReserved: 0xb2, ClockSeqLow: 0x4, Node: [6]uint8{0xd8, 0x10, 0xee, 0x62, 0x9d, 0x9e}}
 	MSDLLIMpService                                   = uuid.UUID{TimeLow: 0xc503f532, TimeMid: 0x443a, TimeHiAndVersion: 0x4c69, ClockSeqHiAndReserved: 0x83, ClockSeqLow: 0x0, Node: [6]uint8{0xcc, 0xd1, 0xfb, 0xdb, 0x38, 0x39}}
+	RPCSSIMachineActivatorControl                     = uuid.UUID{TimeLow: 0xc6f3ee72, TimeMid: 0xce7e, TimeHiAndVersion: 0x11d1, ClockSeqHiAndReserved: 0xb7, ClockSeqLow: 0x1e, Node: [6]uint8{0x0, 0xc0, 0x4f, 0xc3, 0x11, 0x1a}}
+	RPCSSISCMLocalActivator                           = uuid.UUID{TimeLow: 0x136, TimeMid: 0x0, TimeHiAndVersion: 0x0, ClockSeqHiAndReserved: 0xc0, ClockSeqLow: 0x0, Node: [6]uint8{0x0, 0x0, 0x0, 0x0, 0x0, 0x46}}
+	RPCSSISCM                                         = uuid.UUID{TimeLow: 0x412f241e, TimeMid: 0xc12a, TimeHiAndVersion: 0x11ce, ClockSeqHiAndReserved: 0xab, ClockSeqLow: 0xff, Node: [6]uint8{0x0, 0x20, 0xaf, 0x6e, 0x7a, 0x17}}
+	RPCSSIROT                                         = uuid.UUID{TimeLow: 0xb9e79e60, TimeMid: 0x3d52, TimeHiAndVersion: 0x11ce, ClockSeqHiAndReserved: 0xaa, ClockSeqLow: 0xa1, Node: [6]uint8{0x0, 0x0, 0x69, 0x1, 0x29, 0x3f}}
+	RPCSSILocalObjectExporter                         = uuid.UUID{TimeLow: 0xe60c73e6, TimeMid: 0x88f9, TimeHiAndVersion: 0x11cf, ClockSeqHiAndReserved: 0x9a, ClockSeqLow: 0xf1, Node: [6]uint8{0x0, 0x20, 0xaf, 0x6e, 0x72, 0xf4}}
+	RPCSSLocalepmp                                    = uuid.UUID{TimeLow: 0xb0a6584, TimeMid: 0x9e0f, TimeHiAndVersion: 0x11cf, ClockSeqHiAndReserved: 0xa3, ClockSeqLow: 0xcf, Node: [6]uint8{0x0, 0x80, 0x5f, 0x68, 0xcb, 0x1b}}
+	RPCSSDbgidl                                       = uuid.UUID{TimeLow: 0x1d55b526, TimeMid: 0xc137, TimeHiAndVersion: 0x46c5, ClockSeqHiAndReserved: 0xab, ClockSeqLow: 0x79, Node: [6]uint8{0x63, 0x8f, 0x2a, 0x68, 0xe8, 0x69}}
+	RPCSSFwidl                                        = uuid.UUID{TimeLow: 0x64fe0b7f, TimeMid: 0x9ef5, TimeHiAndVersion: 0x4553, ClockSeqHiAndReserved: 0xa7, ClockSeqLow: 0xdb, Node: [6]uint8{0x9a, 0x19, 0x75, 0x77, 0x75, 0x54}}
 )
 
 type UUID uuid.UUID
@@ -1422,6 +1431,8 @@ func (u UUID) Describe() string {
 		return "MS-RDPESC: Remote Desktop Protocol: Smart Card Virtual Channel Extension: TypeScardPack"
 	case MSRPCEEndpointMapper:
 		return "MS-RPCE: Endpoint Mapper Protocol: EndpointMapper"
+	case MSRPCERemoteManagement:
+		return "MS-RPCE: Remote Management Protocol: RemoteManagement"
 	case MSRPCETransferNDR64:
 		return "MS-RPCE: Transfer Syntax NDR64: TransferNDR64"
 	case MSRPCETransferNDR:
@@ -2276,6 +2287,22 @@ func (u UUID) Describe() string {
 		return "MS-DLL: wwansvc.dll: WWAN Auto Config Service: WwanMgmtRpc"
 	case MSDLLIMpService:
 		return "MS-DLL: mpsvc.dll: Windows Defender Service: IMpService"
+	case RPCSSIMachineActivatorControl:
+		return "RPCSS: Machine Activator Control: IMachineActivatorControl"
+	case RPCSSISCMLocalActivator:
+		return "RPCSS: The ISCM Local Activactor: ISCMLocalActivator"
+	case RPCSSISCM:
+		return "RPCSS: The ISCM RPC interface: ISCM"
+	case RPCSSIROT:
+		return "RPCSS: Running Object Table Interface: IROT"
+	case RPCSSILocalObjectExporter:
+		return "RPCSS: Local Object Exporter Service: ILocalObjectExporter"
+	case RPCSSLocalepmp:
+		return "RPCSS: Local Endpoint Mapper: localepmp"
+	case RPCSSDbgidl:
+		return "RPCSS: Dbgidl: Dbgidl"
+	case RPCSSFwidl:
+		return "RPCSS: Fwidl: Fwidl"
 	}
 	return ""
 }
@@ -2336,6 +2363,8 @@ func (u UUID) WellKnownEndpoint() []string {
 		return []string{"ncacn_np:WinsPipe"}
 	case MSRPCEEndpointMapper:
 		return []string{"ncacn_ip_tcp:135", "ncacn_np:epmapper"}
+	case MSRPCERemoteManagement:
+		return []string{"ncacn_ip_tcp:135"}
 	case MSRPCLLocToLoc:
 		return []string{"ncacn_np:Locator"}
 	case MSRPRNWinspool:
@@ -2390,6 +2419,10 @@ func (u UUID) WellKnownEndpoint() []string {
 		return []string{"ncacn_np:locator"}
 	case MSDLLNsiM:
 		return []string{"ncacn_np:locator"}
+	case RPCSSIROT:
+		return []string{"ncacn_ip_tcp:135"}
+	case RPCSSILocalObjectExporter:
+		return []string{"ncacn_ip_tcp:135"}
 	}
 	return nil
 }
@@ -3051,6 +3084,8 @@ func (u UUID) Name() string {
 		return "TypeScardPack"
 	case MSRPCEEndpointMapper:
 		return "EndpointMapper"
+	case MSRPCERemoteManagement:
+		return "RemoteManagement"
 	case MSRPCETransferNDR64:
 		return "TransferNDR64"
 	case MSRPCETransferNDR:
@@ -3905,6 +3940,22 @@ func (u UUID) Name() string {
 		return "WwanMgmtRpc"
 	case MSDLLIMpService:
 		return "IMpService"
+	case RPCSSIMachineActivatorControl:
+		return "IMachineActivatorControl"
+	case RPCSSISCMLocalActivator:
+		return "ISCMLocalActivator"
+	case RPCSSISCM:
+		return "ISCM"
+	case RPCSSIROT:
+		return "IROT"
+	case RPCSSILocalObjectExporter:
+		return "ILocalObjectExporter"
+	case RPCSSLocalepmp:
+		return "localepmp"
+	case RPCSSDbgidl:
+		return "Dbgidl"
+	case RPCSSFwidl:
+		return "Fwidl"
 	}
 	return ""
 }