Let me save you the trouble. It simply sends down an FSCTL_PIPE_PEEK.
The FSCTL is present in NTIFS.H.
The OutputBuffer is defined in NTIFS as well.
typedef struct _FILE_PIPE_PEEK_BUFFER {
ULONG NamedPipeState;
ULONG ReadDataAvailable;
ULONG NumberOfMessages;
ULONG MessageLength;
CHAR Data[1];
} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
Ravi
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Asa Yeamans
Sent: Wednesday, April 20, 2005 5:06 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Kernel Mode PeekNamedPipe
try tracing the PeekNamedPipe call in user mode to see what Zw* services
it calls and what parameters it uses. thats what i would to to ‘reverse
engineer’
PeekNamedPipe.
windbg is great at that, set a breakpoint at kernel32!PeekNamedPipe and
simply trace it through to see where it goes
asa
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Sam King
Sent: Wednesday, April 20, 2005 6:02 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Kernel Mode PeekNamedPipe
Hello Everyone,
Does anyone know how to query the total number of bytes available for
reading from a named pipe from a kernel mode driver? I tried
ZwQueryInformationFile on the named pipe handle and it did not appear to
work (EndOfFile was always 0).
This is the same functionality as PeekNamedPipe.
However, I could not find a ZwPeekNamedPipe function.
Thanks.
–Sam
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@rivin.net To
unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com