Added fixes for handling ranges in correlation descriptors.

NtApiDotNet/Ndr/NdrNativeUtils.cs

@@ -646,6 +646,7 @@ internal enum MidlTypePicklingInfoFlags
         None = 0,
         NewCorrDesc = 0x1,
         Oicf = 0x2,
+        HasRangeOnConformance = 0x4
     }
 
     [StructLayout(LayoutKind.Sequential)]

NtApiDotNet/Ndr/NdrParser.cs

@@ -399,7 +399,11 @@ private void ReadTypes(IntPtr midl_type_pickling_info_ptr, IntPtr midl_stub_desc
                 throw new ArgumentException($"Unsupported picking type version {pickle_info.Version:X}");
             }
 
-            var flags = pickle_info.Flags.HasFlag(MidlTypePicklingInfoFlags.NewCorrDesc) ? NdrInterpreterOptFlags2.HasNewCorrDesc : 0;
+            NdrInterpreterOptFlags2 flags = 0;
+            if (pickle_info.Flags.HasFlag(MidlTypePicklingInfoFlags.NewCorrDesc))
+                flags |= NdrInterpreterOptFlags2.HasNewCorrDesc;
+            if (pickle_info.Flags.HasFlag(MidlTypePicklingInfoFlags.HasRangeOnConformance))
+                flags |= NdrInterpreterOptFlags2.HasRangeOnConformance;
             MIDL_STUB_DESC stub_desc = _reader.ReadStruct<MIDL_STUB_DESC>(midl_stub_desc_ptr);
             NdrParseContext context = new NdrParseContext(_type_cache, null, stub_desc, stub_desc.pFormatTypes, stub_desc.GetExprDesc(_reader),
                 flags, _reader, NdrParserFlags.IgnoreUserMarshal);

NtObjectManager/RpcFunctions.ps1

@@ -1382,7 +1382,7 @@ function Get-NdrComplexType {
 
     switch($PSCmdlet.ParameterSetName) {
         "FromDecode2" {
-            $type_offset = $TypeFormat | % { $_ + $base_address }
+            $type_offset = $TypeFormat | % { [intptr]($_ + $base_address) }
             [NtApiDotNet.Ndr.NdrParser]::ReadPicklingComplexTypes($Process, $PicklingInfo+$base_address,`
                 $StubDesc+$base_address, $type_offset, $Flags) | Write-Output
         }