MS-RPC/DCOM client library for Go. Implements the Microsoft Extension of C706: DCE/RPC 1.1 and includes ready-to-use generated stubs for all major Windows RPC and DCOM protocols: Netlogon, Windows Registry, Eventlog, WMI (query, exec), DCOM/OXID, and many more.
go get github.com/oiweiwei/go-msrpcpackage main
import (
"context"
"fmt"
"github.com/oiweiwei/go-msrpc/dcerpc"
"github.com/oiweiwei/go-msrpc/msrpc/rrp/winreg/v1"
"github.com/oiweiwei/go-msrpc/ssp"
"github.com/oiweiwei/go-msrpc/ssp/credential"
"github.com/oiweiwei/go-msrpc/ssp/gssapi"
_ "github.com/oiweiwei/go-msrpc/msrpc/erref/win32"
)
func main() {
ctx := gssapi.NewSecurityContext(context.Background(),
gssapi.WithCredential(credential.NewFromPassword("DOMAIN\\User", "password")),
gssapi.WithMechanismFactory(ssp.SPNEGO),
gssapi.WithMechanismFactory(ssp.NTLM),
)
// connect to server
cc, err := dcerpc.Dial(ctx, "192.168.1.1", dcerpc.WithEndpoint("ncacn_np:[winreg]"))
if err != nil {
panic(err)
}
// create protocol client (MS-RRP)
cli, err := winreg.NewWinregClient(ctx, cc, dcerpc.WithSeal())
if err != nil {
panic(err)
}
// make RPC call
resp, err := cli.OpenLocalMachine(ctx, &winreg.OpenLocalMachineRequest{
DesiredAccess: winreg.KeyRead,
})
if err != nil {
panic(err)
}
fmt.Printf("HKLM handle: %v\n", resp.Key)
}See examples/samples_with_config and the msrpc package documentation.
# Using string binding format
go run examples/samples_with_config/dnsp.go Administrator%P@ssw0rd@ncacn_ip_tcp:dc01.msad.local[privacy,spnego,krb5]
go run examples/samples_with_config/wmic.go Administrator%P@ssw0rd@ncacn_ip_tcp:dc01.msad.local[privacy,spnego,krb5] \
--query "SELECT * FROM Win32_ComputerSystem"
# Using explicit flags
go run examples/samples_with_config/dnsp.go \
--username=Administrator \
--domain=MSAD.LOCAL \
--password=P@ssw0rd \
--auth-level=privacy \
--auth-spnego \
--auth-type=krb5 \
--server=dc01.msad.localOlder examples in examples/ use environment variables instead:
| Variable | Description | Example |
|---|---|---|
USERNAME |
Domain\Username | "MSAD2.COM\User" |
PASSWORD |
Password | "password" |
PASSWORD_MD4 |
NT hash (generate with nt_hash.go) | "f077ca4b7d73486a45e75dcdd74cd5bd" |
WORKSTATION |
Workstation name | "Ubuntu" |
SERVER |
Server FQDN or IP | "192.168.0.22" |
SERVER_NAME |
Server NetBIOS name | "WIN2019" |
SERVER_HOST |
Server FQDN | "my-server.win2019.com" |
SAM_USERNAME |
Machine account name (see netlogon_sec_channel.go) | "COMPUTER$" |
SAM_PASSWORD |
Machine account password | "password" |
SAM_WORKSTATION |
Machine account workstation | "COMPUTER" |
TARGET |
Kerberos SPN | "host/my-server.win2019.com" |
KRB5_CONFIG |
Kerberos config path | "/path/to/krb5.conf" |
Tip: RedTeamPentesting/adauth integrates well with this library and provides a convenient way to handle Active Directory authentication (Kerberos, NTLM, pass-the-hash, PKINIT) from command-line tools.
The IDL parser and Go code generator live at github.com/oiweiwei/midl-gen-go and are consumed here via the published Docker image ghcr.io/oiweiwei/midl-gen-go.
Regenerate all stubs:
make allRegenerate a single protocol (e.g. nrpc.go):
make nrpc.goUnder the hood each target runs:
docker run --rm \
-v $(pwd):/work \
-u $(id -u):$(id -g) \
ghcr.io/oiweiwei/midl-gen-go generate \
--pkg "github.com/oiweiwei/go-msrpc/msrpc/" \
-I /work/idl \
-I /work/idl/h \
--output /work/msrpc/ \
--msdn-openspecs-indexer-file /work/msdn/index.yaml \
--msdn-openspecs-extra-file /work/msdn/extra.yaml \
--msdn-openspecs-cache-dir /work/msdn/.cache/ \
/work/idl/<protocol>.idlTo add a new IDL file, place it in idl/ (or idl/dcom/ for DCOM), then add a corresponding target to the all rule in the Makefile.
- Transfer Syntax: NDR 2.0 and NDR64
- Transports: Named Pipe (SMB2/3) and TCP
- Connection multiplexing: multiple clients over a single connection
- Multiple connections per association group, with shared context handles
- Verification trailer support
- Kerberos, Netlogon, NTLM, SPNEGO authentication
- Endpoint mapper and string binding support
- Basic DCOM support
- Eventlog BinXML parser
- WMIO object marshaler/unmarshaler
- Security Context Multiplexing
- Bind-time Feature Negotiation
- Header Signing
- NDR64
GSS-API interface definitions live in ssp/gssapi. The ssp package implements the following security providers:
- Kerberos (via jcmturner/gokrb5 fork):
- Encryption: RC4-HMAC, DES-CBC-MD5, DES-CBC-CRC, AES128-CTS-HMAC-SHA1, AES256-CTS-HMAC-SHA1
- DCE-style AP Request/Reply
- Mutual and non-mutual authentication
- Wrap/GetMic-Ex methods
- NTLM: NTLMv1 and NTLMv2
- Netlogon: RC4-HMAC and AES-SHA2
- SPNEGO: MechListMIC and NegTokenInit2
Based on the hirochachacha/go-smb2 fork, with the following additions:
- Force-encryption support
- Kerberos/NTLM integration via
ssp/gssapi - Fix for
NT_STATUS_PENDING - Keying material export (Application Key, Session Key)
| Spec | Description | Package | Revision |
|---|---|---|---|
| MS-ADTS | Active Directory Technical Specification: Claims | msrpc/adts | 68.0 Major 5/25/2026 |
| MS-BKRP | BackupKey Remote Protocol | msrpc/bkrp | 27.0 Major 4/23/2024 |
| MS-BPAU | BITS Peer-Caching: Peer Authentication Protocol | msrpc/bpau | 4.2 None 6/1/2017 |
| MS-BRWSA | CIFS Browser Auxiliary Protocol | msrpc/brwsa | 15.0 Major 4/23/2024 |
| MS-CAPR | Central Access Policy ID Retrieval Protocol | msrpc/capr | 9.0 Major 4/23/2024 |
| MS-CMPO | MSDTC Connection Manager: OleTx Transports Protocol | msrpc/cmpo | 31.0 Major 7/29/2024 |
| MS-CMRP | Failover Cluster: Management API (ClusAPI) Protocol | msrpc/cmrp | 44.0 Major 8/11/2025 |
| MS-DFSNM | DFS Namespace Management Protocol | msrpc/dfsnm | 33.0 Major 4/23/2024 |
| MS-DHCPM | DHCP Server Management Protocol | msrpc/dhcpm | 36.0 None 9/16/2024 |
| MS-DLTM | Distributed Link Tracking: Central Manager Protocol | msrpc/dltm | 9.1 None 6/1/2017 |
| MS-DLTW | Distributed Link Tracking: Workstation Protocol | msrpc/dltw | 17.0 Major 4/23/2024 |
| MS-DNSP | DNS Server Management Protocol | msrpc/dnsp | 40.0 Major 3/9/2026 |
| MS-DRSR | Directory Replication Service (DRS) Remote Protocol | msrpc/drsr | 46.0 Major 3/9/2026 |
| MS-DSSP | Directory Services Setup Remote Protocol | msrpc/dssp | 16.0 Major 4/23/2024 |
| MS-DTYP | Windows Data Types | msrpc/dtyp | 42.0 Major 11/19/2024 |
| MS-EERR | ExtendedError Remote Data Structure | msrpc/eerr | 16.0 Major 4/23/2024 |
| MS-EFSR | Encrypting File System Remote (EFSRPC) Protocol | msrpc/efsr | 32.0 None 9/16/2024 |
| MS-ERREF | Windows Error Codes | msrpc/erref | 23.0 Major 11/19/2024 |
| MS-EVEN6-BINXML | EventLog BinXML encoding | msrpc/binxml | 25.0 Major 4/23/2024 |
| MS-EVEN6 | EventLog Remoting Protocol Version 6.0 | msrpc/even6 | 25.0 Major 4/23/2024 |
| MS-EVEN | EventLog Remoting Protocol | msrpc/even | 26.0 Major 4/23/2024 |
| MS-FASP | Firewall and Advanced Security Protocol | msrpc/fasp | 36.0 Major 6/8/2026 |
| MS-FAX | Fax Server and Client Remote Protocol | msrpc/fax | 29.0 None 4/23/2024 |
| MS-FRS1 | File Replication Service (FRS) Remote Protocol | msrpc/frs1 | 29.0 None 9/16/2024 |
| MS-FSR2 | File Replication Service (FRS) Remote Protocol Version 2 | msrpc/frs2 | 30.0 Major 4/23/2024 |
| MS-ICPR | ICertPassage Remote Protocol | msrpc/icpr | 24.0 Major 4/23/2024 |
| MS-IRP | IIS Inetinfo Remote Protocol | msrpc/irp | 13.0 Major 4/23/2024 |
| MS-LREC | Live Remote Event Capture (LREC) Protocol | msrpc/lrec | 5.0 Major 4/23/2024 |
| MS-LSAD | Local Security Authority (Domain Policy) Remote Protocol | msrpc/lsad | 49.0 Major 6/10/2025 |
| MS-LSAT | Local Security Authority (Translation Methods) Remote Protocol | msrpc/lsat | 33.0 Major 5/1/2024 |
| MS-MQDS | MSMQ: Directory Service Protocol | msrpc/mqds | 24.1 None 6/1/2017 |
| MS-MQMP | MSMQ: Queue Manager Client Protocol | msrpc/mqmp | 31.0 Major 4/23/2024 |
| MS-MQMQ | MSMQ: Data Structures | msrpc/mqmq | 26.0 Major 4/23/2024 |
| MS-MQMR | MSMQ: Queue Manager Management Protocol | msrpc/mqmr | 18.0 Major 4/23/2024 |
| MS-MQQP | MSMQ: Queue Manager to Queue Manager Protocol | msrpc/mqqp | 25.0 Major 4/23/2024 |
| MS-MQRR | MSMQ: Queue Manager Remote Read Protocol | msrpc/mqrr | 29.0 Major 11/21/2025 |
| MS-MSRP | Messenger Service Remote Protocol | msrpc/msrp | 10.3 None 6/1/2017 |
| MS-NEGOEX | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism | msrpc/negoex | 4.0 Major 4/23/2024 |
| MS-NRPC-SECCHANNEL | Netlogon Secure Channel | msrpc/nrpc | 49.0 Major 2/9/2026 |
| MS-NRPC | Netlogon Remote Protocol | msrpc/nrpc | 49.0 Major 2/9/2026 |
| MS-NSPI | Name Service Provider Interface (NSPI) Protocol | msrpc/nspi | 16.0 Major 4/23/2024 |
| MS-OXABREF | Address Book NSPI Referral Protocol | msrpc/oxabref | 15.0 Major 5/20/2025 |
| MS-OXCRPC | Wire Format Protocol | msrpc/oxcrpc | 25.0 Major 5/20/2025 |
| MS-OXNSPI | Exchange NSPI Protocol | msrpc/nspi | 15.0 Major 5/20/2025 |
| MS-PAC | Privilege Attribute Certificate Data Structure | msrpc/pac | 26.0 Major 6/10/2024 |
| MS-PAN | Print System Asynchronous Notification Protocol | msrpc/pan | 19.0 Major 4/23/2024 |
| MS-PAR | Print System Asynchronous Remote Protocol | msrpc/par | 19.0 Major 8/11/2025 |
| MS-PCQ | Performance Counter Query Protocol | msrpc/pcq | 18.0 Major 4/23/2024 |
| MS-RAA | Remote Authorization API Protocol | msrpc/raa | 11.0 Major 4/23/2024 |
| MS-RAIW | Remote Administrative Interface: WINS | msrpc/raiw | 14.0 Major 4/23/2024 |
| MS-RPCE-EPM / C706-EPM | Endpoint Mapper | msrpc/epm | |
| MS-RPCL | RPC Location Services Extensions | msrpc/rpcl | 12.1 None 6/1/2017 |
| MS-RPRN | Print System Remote Protocol | msrpc/rprn | 39.0 8/11/2025 |
| MS-RRP | Windows Remote Registry Protocol | msrpc/rrp | 39.0 Major 10/21/2024 |
| MS-RSP | Remote Shutdown Protocol | msrpc/rsp | 12.0 Major 4/23/2024 |
| MS-SAMR | Security Account Manager (SAM) Remote Protocol | msrpc/samr | 51.1 Minor 4/27/2026 |
| MS-SCMR | Service Control Manager Remote Protocol | msrpc/scmr | 35.0 Major 8/11/2025 |
| MS-SRVS | Server Service Remote Protocol | msrpc/srvs | 39.0 None 9/16/2024 |
| MS-SSP | Single Sign-On Protocol | msrpc/ssp | 7.0 Major 10/5/2021 |
| MS-SWN | Service Witness Protocol | msrpc/swn | 14.0 None 11/19/2024 |
| MS-TRP | Telephony Remote Protocol | msrpc/trp | 20.0 Major 4/23/2024 |
| MS-TSCH | Task Scheduler Service Remoting Protocol | msrpc/tsch | 28.0 Major 4/23/2024 |
| MS-TSGU | Terminal Services Gateway Server Protocol | msrpc/tsgu | 42.0 Major 4/23/2024 |
| MS-TSTS | Terminal Services Runtime Interface Protocol | msrpc/tsts | 33.0 Major 11/21/2025 |
| MS-W32T | W32Time Remote Protocol | msrpc/w32t | 23.0 Major 4/23/2024 |
| MS-WDSC | Windows Deployment Services Control Protocol | msrpc/wdsc | 9.0 Major 4/23/2024 |
| MS-WKST | Workstation Service Remote Protocol | msrpc/wkst | 32.0 Major 4/23/2024 |
| Spec | Description | Package | Revision |
|---|---|---|---|
| MC-CCFG | Server Cluster: Configuration (ClusCfg) Protocol | msrpc/dcom/ccfg | 1.2 None 1/17/2020 |
| MC-IISA | IIS Application Host COM Protocol | msrpc/dcom/iisa | 15.0 Major 4/23/2024 |
| MC-MQAC | MSMQ: ActiveX Client Protocol | msrpc/dcom/mqac | 27.0 Major 4/23/2024 |
| MS-ADTG | Remote Data Services (RDS) Transport Protocol | msrpc/dcom/adtg | 19.1 Minor 5/30/2025 |
| MS-COMA | COM+ Remote Administration Protocol | msrpc/dcom/coma | 15.0 Major 4/23/2024 |
| MS-COMEV | COM+ Event System Protocol | msrpc/dcom/comev | 9.0 Major 9/9/2025 |
| MS-COMT | COM+ Tracker Service Protocol | msrpc/dcom/comt | 10.0 Major 4/23/2024 |
| MS-COM | Component Object Model Plus (COM+) Protocol | msrpc/dcom/com | 12.0 Major 4/23/2024 |
| MS-CSRA | Certificate Services Remote Administration Protocol | msrpc/dcom/csra | 46.1 Minor 1/13/2026 |
| MS-CSVP | Failover Cluster: Setup and Validation Protocol (ClusPrep) | msrpc/dcom/csvp | 34.0 None 11/21/2025 |
| MS-DCOM | Distributed Component Object Model (DCOM) Remote Protocol | msrpc/dcom | 25.0 None 9/16/2024 |
| MS-DFSRH | DFS Replication Helper Protocol | msrpc/dcom/dfsrh | 17.0 Major 4/23/2024 |
| MS-DMRP | Disk Management Remote Protocol | msrpc/dcom/dmrp | 8.2 None 6/1/2017 |
| MS-FSRM | File Server Resource Manager Protocol | msrpc/dcom/fsrm | 36.0 Major 4/23/2024 |
| MS-IISS | IIS ServiceControl Protocol | msrpc/dcom/iiss | 12.0 Major 4/23/2024 |
| MS-IMSA | IIS IMSAdminBaseW Remote Protocol | msrpc/dcom/imsa | 16.0 Major 4/23/2024 |
| MS-IOI | IManagedObject Interface Protocol | msrpc/dcom/ioi | 20.0 Major 3/13/2019 |
| MS-OAUT | OLE Automation Protocol | msrpc/dcom/oaut | 21.0 Major 4/23/2024 |
| MS-OCSPA | Microsoft OCSP Administration Protocol | msrpc/dcom/ocspa | 14.0 Major 8/11/2025 |
| MS-PLA | Performance Logs and Alerts Protocol | msrpc/dcom/pla | 26.0 Major 4/23/2024 |
| MS-RAI | Remote Assistance Initiation Protocol | msrpc/dcom/rai | 12.0 Major 4/23/2024 |
| MS-RDPESC | RDP: Smart Card Virtual Channel Extension | msrpc/dcom/rdpesc | 17.0 Major 4/23/2024 |
| MS-RRASM | RRAS Management Protocol | msrpc/dcom/rrasm | 26.0 Major 4/23/2024 |
| MS-RSMP | Removable Storage Manager (RSM) Remote Protocol | msrpc/dcom/rsmp | 11.0 None 6/1/2017 |
| MS-SCMP | Shadow Copy Management Protocol | msrpc/dcom/scmp | 10.0 Major 4/23/2024 |
| MS-TPMVSC | TPM Virtual Smart Card Remote Protocol | msrpc/dcom/tpmvsc | 8.0 Major 4/23/2024 |
| MS-UAMG | Update Agent Management Protocol | msrpc/dcom/uamg | 15.0 Major 9/9/2025 |
| MS-VDS | Virtual Disk Service (VDS) Protocol | msrpc/dcom/vds | 31.0 None 9/16/2024 |
| MS-WCCE | Windows Client Certificate Enrollment Protocol | msrpc/dcom/wcce | 53.0 Major 11/21/2025 |
| MS-WMIO | WMI Encoding Version 1.0 Protocol | msrpc/dcom/wmio | 18.0 Major 4/23/2024 |
| MS-WMI | Windows Management Instrumentation Remote Protocol | msrpc/dcom/wmi | 32.0 Major 4/23/2024 |
| MS-WSRM | Windows System Resource Manager (WSRM) Protocol | msrpc/dcom/wsrm | 14.2 None 6/1/2017 |
| Spec | Description | Package |
|---|---|---|
| MIMICOM | Mimikatz Command Interface | msrpc/mimicom |
| MS-LCID | Windows Language Code Identifier (LCID) Reference | msrpc/lcid |
Generated code includes documentation pulled from the MSDN portal. Accuracy may vary due to inconsistencies in the upstream HTML source.
- Why does IObjectExporter not support NDR64?
- Why does the server return indistinguishable pointers for NDR64?
- Why does SMB2 not support certain auth levels (e.g. Winreg supports only Insecure and Privacy)?
Open an issue before submitting a PR. The project is still maturing and there are likely undiscovered bugs.