rpv-ghidra is a Ghidra extension for analyzing Windows RPC interfaces. After importing an rpv-snapshot the extension visualizes the available RPC interfaces, security callbacks and allows easy navigation between them. In theory, the extension also applies function signatures and adds all data types contained within the decompiled IDL data from the snapshot. However, this feature is currently buggy and I have no idea why it does not work. Pull requests are welcome :)
The recommended way of installing rpv-ghidra is downloading the pre-build version from the
release section of this project. After
download, you can install the extension in Ghidra by using File -> Install Extensions. For
more information, read the official documentation
If you want to build from source, you can use the docker-compose.yml file
from this repository. It expects the extension source to be present in the current working directory
within a folder named rpv-ghidra. A Ghidra installation is also required and by default expected
in the current working directory under a folder named ghidra.
Icons used within the extension were kindly provided by Icons8.