What is RPC and why is it so important?

From the beginning, I've heard that you never, ever disable the Remote Procedure Call service in Windows. Doing so leads to horrible things that used to be hard to overturn (I believe that it's no longer easy to do but is now much easier to fix). However, I have no idea what it does or why it is so important to basically the entire operating system.

Is it possible to sum up the purpose of the RPC service and why so many other services/applications/operations depend on it to run?


Solution 1:

The designers of Windows decided to make many things talk to each other over RPC - so that they can talk either locally or over a network.

This includes things like Active Directory, most MMC consoles, the functionality of some control panel applets like Device Manager, many of the things in Administrative Tools, and possibly internal Windows components.

I believe even when you are accessing an MMC console, like compmgmt.msc to view things about the local machine, it's basically RPC'ing to localhost (I could be wrong though).

Think of RPC as something one level above TCP/IP that's used as a low-level (and insecure) networkable communications framework by many Windows components. Why not use TCP/IP directly? At the time Windows NT was engineered (initial version released in 1993), you had other network protocols besides TCP/IP in common use, such as Netware (SPX/IPX), NetBIOS, AppleTalk (I think Windows supported this back in the day, could be wrong ...) and such. So this is a network-agnostic way for Windows components to be able to talk to other components on the local machine or remote machine.

Solution 2:

The truth is: RPC is widely used in LOCAL machine, but for HOST-to-HOST usage, is mainly used by Microsoft internally, seldom used by third-party.


LOCAL RPC main usage:

  • Raw RPC component, such as Registry, Netlogon, Firewall, Service Control, SQL Server... You can see some of them in the list in "HOST-to-HOST" section.

  • many DCOM components(based on RPC, like a C++ wrapper of C), include COM+ components.

You can run dcomcnfg to see how many DCOM components on your machine:

Excel, Internet Explorer, Visual Studio... can be automated because they are DCOM component:

enter image description here

Even Explorer's File Property dialog are also DCOM component, funny? If you remove all ACLs from "Edit Limits" of Launch Permissions of DCOMCNFG, you will can not do almost anything not only management works!, even show file property in explorer!

enter image description here


HOST-to-HOST RPC main usage :

  • Remote Management stuff such as when "Computer Management", "Registry Editor", you can let it connect to a remote machine! What happens underline is the RPC over SMB protocol(TCP port 445, known as File Sharing).

    enter image description here

You can use rpcdump or ifids tool to dump all RPC internfaces on remote machine, see following results, you can see many system management interfaces(They can also be used locally of course):

[MS-RSP]: Remote Shutdown Protocol 
[MS-TSCH]: Task Scheduler Service Remoting Protocol 
[MS-TSCH]: Task Scheduler Service Remoting Protocol 
[MS-TSCH]: Task Scheduler Service Remoting Protocol 
[MS-EVEN6]: EventLog Remoting Protocol 
Adh APIs
AppInfo
Base Firewall Engine API
DHCP Client LRPC Endpoint
DHCPv6 Client LRPC Endpoint
DfsDs service
EFSK RPC Interface
Event log TCPIP
Fw APIs
Group Policy RPC Interface
IP Transition Configuration endpoint
IdSegSrv service
Impl friendly name
KeyIso
LicenseManager
NRP server endpoint
NSI server endpoint
NetSetup API
Ngc Pop Key Service
Proxy Manager client server endpoint
Proxy Manager provider server endpoint
Secure Desktop LRPC interface
Security Center
UserMgrCli
WM_WindowManagerRPC\Server
WinHttp Auto-Proxy Service
Witness Client Test Interface
Witness Client Upcall Server
XactSrv service
...

Received 499 endpoints.

Why is RPC important? Just because every mature system need a cross-process communication mechanism, a toolset to generate stub/proxy, a standard to pack/unpack object. Every system have similar things. You must know Android, its Binder is very similar to DCOM's design.

In fact, HOST-to-HOST RPC is not widely spread, mainly because they are complicated and opaque, not friendly to the Internet due to the 445 or 135 ports often being blocked, and the authentication experience is bad. People prefer to choose a HTTPS server to invoke a remote component, it's more straightforward and controllable.

Solution 3:

Remote Procedure Call (RPC)

source: http://searchsoa.techtarget.com/definition/Remote-Procedure-Call

Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer in a network without having to understand network details. (A procedure call is also sometimes known as a function call or a subroutine call.) RPC uses the client/server model. The requesting program is a client and the service-providing program is the server. Like a regular or local procedure call, an RPC is a synchronous operation requiring the requesting program to be suspended until the results of the remote procedure are returned. However, the use of lightweight processes or threads that share the same address space allows multiple RPCs to be performed concurrently.

When program statements that use RPC are compiled into an executable program, a stub is included in the compiled code that acts as the representative of the remote procedure code. When the program is run and the procedure call is issued, the stub receives the request and forwards it to a client runtime program in the local computer. The client runtime program has the knowledge of how to address the remote computer and server application and sends the message across the network that requests the remote procedure. Similarly, the server includes a runtime program and stub that interface with the remote procedure itself. Results are returned the same way.

There are several RPC models and implementations. A popular model and implementation is the Open Software Foundation's Distributed Computing Environment (DCE). The Institute of Electrical and Electronics Engineers defines RPC in its ISO Remote Procedure Call Specification, ISO/IEC CD 11578 N6561, ISO/IEC, November 1991.

RPC spans the Transport layer and the Application layer in the Open Systems Interconnection (OSI) model of network communication. RPC makes it easier to develop an application that includes multiple programs distributed in a network.

Alternative methods for client/server communication include message queueing and IBM's Advanced Program-to-Program Communication (APPC).


Here more from Microsoft:http://msdn.microsoft.com/en-us/library/windows/desktop/aa378651(v=vs.85).aspx

Purpose
Microsoft Remote Procedure Call (RPC) defines a powerful technology for creating distributed client/server programs. The RPC run-time stubs and libraries manage most of the processes relating to network protocols and communication. This enables you to focus on the details of the application rather than the details of the network.
Where applicable
RPC can be used in all client/server applications based on Windows operating systems. It can also be used to create client and server programs for heterogeneous network environments that include such operating systems as Unix and Apple.