Snapshots
Snapshots capture the state of a machine at a given point in time and contain all RPC relevant data that can be displayed within rpv-web. This also includes the decompiled RPC interfaces and the associated IDL code. Snapshots are useful for exchanging and sharing data, for working together with colleagues or to compare exposed RPC services on different machines.
Creating a snapshot can be done in two ways. If you already have the rpv-web user interface running, just navigate to the Snapshots menu in the upper right. Within this menu you can find a button Create Snapshot. Just hit this button to create a snapshot for your current machine state:
A second option is to use the rpv-web executable directly. Specifying the -snapshot flag when executing creates a snapshot within the current working directory instead of running the web service:
C:\Users\tne>.\rpv-web-x64.exe -snapshot
[+] Refreshing RPC processes list.
[+] Taking a snapshot.
[+] Writing result to 2023.09.08-16.48-rpv-web-snapshot.json.Using an already recorded snapshot is simple. Just navigate to the Snapshots menu again and select the snapshot file within the Restore Snapshot menu. After the file was loaded, a new tab is created to display the snapshot data.
rpv-web can also compare snapshots. This is useful to see, which RPC relevant processes or interfaces have been changed. Comparing snapshots is again possible within the Snapshots menu. Navigate to the Compare Snapshot section and select the two files you want to compare. Afterwards, hit the compare button.
When comparing snapshots, the process tree contains additional color coding within the border of processes. This color encoding indicates whether a process was added, was removed or whether the contained RPC information has changed.
The color encoding as well as the comparison mechanism is not that ideal at the time of writing and will probably be improved in future.