This repo just simply research for the CVE, for more detailed ananlysis,please refer [here](http://showlinkroom.me/2022/04/30/Windows-CVE-2022-26809/).
Here is reproduce code for Windows RPC Vuln `CVE-2022-26809`, and it refer [https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Win7Samples/netds/rpc/hello](https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Win7Samples/netds/rpc/hello).
If have any better solution to trigger this vuln, feel free to submit issue or pr :)
_My python version is 3.6.7_
the `poc.py` just **try** to trigger the vuln function`OSF_SCALL::GetCoalescedBuffer`, it **wouldn't cause any crash because dword integer overflow is too hard to reproduce**.And the `rpcrt.py` is the python package `impacket.dcerpc.v5.rpcrt`，just replace it with origin to trigger vuln(Remember to backup the origin one :) I believe the `rpcrt.py` has a huge of bugs).
If it not work, maybe **wireshark** can help to locate the bug.
if necessary, just use `nmake` to rebuild it