Most of existing RPC monitoring tools are based on the EndpointMapper system component in order to enumerate all registered interfaces. Nevertheless, many software use RPC with unregistered interfaces as IPC mechanism. In this sense, requesting the EndpointMapper is not a perfect method to enumerate local RPC interfaces. Based on the RPC runtime internals, RpcView is not only able to analyse all interfaces present on a system but is also able to decompile most of them.
The above screenshot illustrates the whole tool aspect. RpcView is composed by several dock widgets whose details are given below:
This view is the main and minimal one given by RpcView. Look for RPC servers, just see which ones are highlighted. Given information are:
The Microsoft NDR specification allows the decompilation of server stub in charge of the marshalling process. RpcView is able to reconstruct a MIDL compatible IDL file describing an interface.