No Alter_context RPC call for IID: ISpeechNamedPipe?

Just trying to understand the underlying technique here, as seen with the bitlockmove you can see in the pcap the RPC Alter_context call for IID  IBDEUILauncher (8961f0a0-ff62-403b-91b4-7b9280241ceb). So i was expecting to see this call also for IID: ISpeechNamedPipe (67C43788-DFDE-464E-BAA1-5AFA424895FD) in this POC... but there isn't any?

The POC is working by the way, executed both from windows server or win11, but how different is this from the bitlockmove? Maybe someone is willing to do some explaining? :) 

<img width="904" height="475" alt="Image" src="https://github.com/user-attachments/assets/84f15f87-0f43-43f4-9786-ba58857fec29" />

From the bitlockmove poc, you can see the alter_context RPC call for the IID IBDEUILauncher, but there is no call for the IID ISpeechNamedPipe..

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

No Alter_context RPC call for IID: ISpeechNamedPipe? #1

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

No Alter_context RPC call for IID: ISpeechNamedPipe? #1

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions