Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Using `FltCreateNamedPipeFile` to create a NamedPipe in minifilter
I am using a relatively new API called FltCreateNamedPipeFile (https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/fltkernel/nf-fltkernel-fltcreatenamedpipefile) to create a named pipe in my DfLoad routine of mini filter.
I am feeling a bit lazy to create MWE. The function InitializeNamedPipe creates a named pipe.
// globals.
UNICODE_STRING gServerNamedPipe = RTL_CONSTANT_STRING(L"\\\\.\\pipe\\SubComPipe");
HANDLE gServerNamedPipeHandle;
// ...
NTSTATUS
InitializeNamedPipe(IN PUNICODE_STRING PipeName, IN PFLT_FILTER Filter)
{
PAGED_CODE();
OBJECT_ATTRIBUTES objAttr;
IO_STATUS_BLOCK ioStatusBlock;
NTSTATUS status;
InitializeObjectAttributes(&objAttr, &gServerNamedPipe, OBJ_KERNEL_HANDLE, NULL, NULL);
status = FltCreateNamedPipeFile(Filter, /* Filter */
NULL, /* Instance */
&gServerNamedPipeHandle, /* FileHandle */
NULL, /* *FileObject */
FILE_WRITE_DATA, /* DesiredAccess */
&objAttr, /* ObjectAttributes */
&ioStatusBlock, /* IoStatusBlock */
FILE_SHARE_READ, /* ShareAccess */
FILE_OPEN_IF, /* CreateDisposition */
FILE_WRITE_THROUGH, /* CreateOptions */
FILE_PIPE_BYTE_STREAM_TYPE, /* NamedPipeType */
FILE_PIPE_BYTE_STREAM_MODE, /* ReadMode */
FILE_PIPE_COMPLETE_OPERATION, /* CompletionMode */
NULL, /* MaximumInstnaces */
1024, /* InboundQuota */
4096, /* OutboundQuota */
NULL, /* DefaultTimeOut */
NULL /* DriverContext */
);
DFLOG(INFO, __FUNCTION__ ": IoStatusBlock status %X", ioStatusBlock.Status);
return status;
}
This routine returns (status in functions above) code C0000033 which -- according to the NTSTATUS reference page -- means that The object name is invalid. From a brief search, I am getting the hint that maybe there is something wrong with the gServerNamedPipe?! On the other hand, windivert.c (https://github.com/basil00/Divert/blob/master/dll/windivert.c#L531) is using a similar naming scheme for named pipes (but without \\pipe\\).
InitializeNamedPipe: IoStatusBlock status 0 Shield>DriverEntry: NamePipeCreation code - C0000033
I am pretty sure I am doing something wrong but can't figure out how to go about debugging it.
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 16-20 October 2023 | Live, Online |
| Developing Minifilters | 13-17 November 2023 | Live, Online |
| Internals & Software Drivers | 4-8 Dec 2023 | Live, Online |
| Writing WDF Drivers | 10-14 July 2023 | Live, Online |
Comments
You need a kernel name. Try "\??\pipe\SubComPipe"
If you're creating a new pipe you'll also need to specify a max instance count and a default timeout.
-scott
OSR