!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
L$ SVWH
<lt#<p
L$ SUVWH
|$ AVH
H3E H3E
u0HcH<H
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
u3HcH<H
@USVWATAVAWH
D8d$Xt
A_A^A\_^[]
D8t$8t
D$@H;G
CA< t(<#t
CA< t(<#t
<htl<jt\<lt4<tt$<wt
!,X< w
<htl<jt\<lt4<tt$<wt
!,X< w
t$ WAVAWH
<Ct-<D
<StW@:
<g~{<itd<ntY<ot7<pt
<utT@:
D<P0@:
k4+kP+
0A_A^_
t$ WAVAWH
<Ct-<D
<StW@:
<g~{<itd<ntY<ot7<pt
<utT@:
D<P0@:
k(+sPL
0A_A^_
WAVAWH
A_A^_
x ATAVAWH
A_A^A\
x ATAVAWH
A_A^A\
UVWAVAWH
0A_A^_^]
WAVAWH
0A_A^_
t$ WAVAWH
A_A^_
WAVAWH
A_A^_
x AUAVAWH
@A_A^A]
WATAUAVAWH
A_A^A]A\_
L$ VWAVH
fD9t$b
@8l$Ht
L$ UVWH
WATAUAVAWH
gfffffffH
D8l$ht
A_A^A]A\_
u"8Z(t
uF8Z(t
vC8_(t
u"8Z(t
uF8Z(t
vB8_(t
UVWATAUAVAWH
`A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
H97u+A
\$ UVWATAUAVAWH
@8|$Ht
@8|$Ht
@8|$Ht
D$XD9x
@8|$ht
@8|$ht
@8|$ht
A_A^A]A\_^]
u"8Z(t
UVWATAUAVAWH
L$&8\$&t,8Y
@A_A^A]A\_^]
fD94Fu
UVWATAUAVAWH
xWI96tRI
0A_A^A]A\_^]
@UATAUAVAWH
e0A_A^A]A\]
\$ VWATAUAVH
D!l$xA
@A^A]A\_^
WAVAWH
A_A^_
UVWATAUAVAWH
D8T8>t
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ H
`A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
SUVWATAVAWH
A_A^A\_^][
@USVWATAUAVAWH
D+d$8H
#D8d$`t
A_A^A]A\_^[]
D$0H9D$8
ATAUAVH
L$ fff
L$ |+L;
A^A]A\
@UATAUAVAWH
H!T$0D
ue!T$(H!T$
A_A^A]A\]
UAVAWH
WATAUAVAWH
A_A^A]A\_
UVWAVAWH
@A_A^_^]
ffffff
fffffff
@USVWATAUAVAWH
e8A_A^A]A\_^[]
USVWAVH
A^_^[]
LcA<E3
u HcA<H
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
`h````
xpxxxx
`h`hhh
xwpwpp
(null)
AreFileApisANSI
CompareStringEx
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
UUUUUU
UUUUUU
=imb;D
/>58d%
VM >cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
RoguePotato
Wrong Argument: %s
RogueOxidResolver
@splinter_code & @decoder_it
Mandatory args:
-l listening_port: port to listen for RogueOxidResolver
Optional args:
-p pipename_placeholder: placeholder to be used in the pipe name creation (default: RoguePotato)
Examples:
- Run RogueOxidResolver on port 9999
RogueOxidResolver.exe -l 9999
- Run RogueOxidResolver on port 9999 and use a custom pipe name
RogueOxidResolver.exe -l 9999 -p splintercode
ncacn_ip_tcp
[-] RpcServerUseProtseqEp() failed with status code %d
[-] RpcServerRegisterIf2() failed with status code %d
[-] RpcServerInqBindings() failed with status code %d
[-] RpcServerRegisterAuthInfoA() failed with status code %d
[-] RpcEpRegister() failed with status code %d
[*] Starting RogueOxidResolver RPC Server listening on port %s ...
[-] RpcServerListen() failed with status code %d
[*] SecurityCallback RPC call
[*] ResolveOxid RPC call
[*] SimplePing RPC call
[*] ComplexPing RPC call
[*] ServerAlive RPC call
[*] ResolveOxid2 RPC call, this is for us!
localhost/pipe/%s[\pipe\epmapper]
NT AUTHORITY\NETWORK SERVICE
[*] ResolveOxid2: returned endpoint binding information = ncacn_np:%s
[*] ServerAlive2 RPC Call
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
_RDATA
.rsrc$01
.rsrc$02
CLSIDFromString
ole32.dll
RpcServerRegisterAuthInfoA
RpcServerRegisterIf2
RpcEpRegisterA
RpcImpersonateClient
RpcServerListen
RpcServerUseProtseqEpA
RpcServerInqBindings
NdrServerCallAll
NdrServerCall2
RPCRT4.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
CloseHandle
CreateFileW
WriteConsoleW
KERNEL32.dll
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
(null)
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
{99fcfec4-5260-101b-bbcb-00aa0021347a}