4.13. Implication of multiple RPC services in one process

4.13.1. Win32 services hosting
4.13.2. Example of multiple RPC services in one process
4.13.3. Implications of running multiple RPC services in one process

One important property of the MSRPC implementation is that inside a given process any RPC services listening on any protocol sequences can be reached using any opened endpoints.

This specifity of the MSRPC implementation is documented in the MSDN, under the “Be Wary of Other RPC Endpoints Running in the Same Process” [90] section.

To restrict RPC calls on the server-side, either the RpcServerRegister2() API or the RpcServerRegisterIfEx() API must be used.

As most Win32 services are implemented in a few processes, hosting many Win32 services (lsass.exe, services.exe, svchost.exe), a direct consequence is that all RPC services started by any Win32 service in a given process can be invoked using any opened endpoint in the process context, if RPC services do not use one of the two APIs earlier mentionned.