IRP_MJ_CREATE_NAMED_PIPE
When Sent
The I/O Manager sends the IRP_MJ_CREATE_NAMED_PIPE request when a new named pipe is being created or opened. Normally this IRP is sent:
- On behalf of a user-mode application that has called a Microsoft Win32 function such as CreateNamedPipe.
- Or, on behalf of a kernel-mode component that has called IoCreateFile or IoCreateFileSpecifyDeviceObjectHint.
If the named pipe create request is completed successfully, the application or kernel-mode component receives a handle to the server end of the named pipe file instance.
The handling of IRP_MJ_CREATE_NAMED_PIPE is much the same as IRP_MJ_CREATE.
Operation: File System Drivers
If the target device object is the file system’s control device object, the file system driver’s dispatch routine must complete the IRP and return an appropriate NTSTATUS value, after setting Irp->IoStatus.Status and Irp->IoStatus.Information to appropriate values.
Otherwise, the file system driver should process the create request.
Operation: File System Legacy Filter Drivers
If the target device object is the legacy filter driver’s control device object, that driver’s dispatch routine must complete the IRP and return an appropriate NTSTATUS value, after setting Irp->IoStatus.Status and Irp->IoStatus.Information to appropriate values.
Otherwise, the legacy filter driver should perform any needed processing and, depending on the nature of the filter, either complete the IRP or pass it down to the next-lower driver on the stack.
Generally, legacy filter drivers should not return STATUS_PENDING in response to IRP_MJ_CREATE_NAMED_PIPE. However, if a lower-level driver returns STATUS_PENDING, the legacy filter driver should pass this status value up the driver chain.
Parameters
A file system or legacy filter driver calls IoGetCurrentIrpStackLocation with the given IRP to get a pointer to its own stack location in the IRP. In the parameters below, Irp points to the IRP and IrpSp points to the IO_STACK_LOCATION. The driver can use the information that is set in the following members of the IRP and the IRP stack location in processing a create request.
DeviceObject is a pointer to the target device object.
Irp->Flags is set to the following flags for this request:
- IRP_CREATE_OPERATION
- IRP_DEFER_IO_COMPLETION
- IRP_SYNCHRONOUS_API
Irp->IoStatus points to an IO_STATUS_BLOCK structure that receives the final completion status and information about the requested operation. The file system sets the Information member of this structure to one of the following values:
Irp->RequestorMode Indicates the execution mode of the process that requested the operation, either KernelMode or UserMode. Note that if the SL_FORCE_ACCESS_CHECK flag is set, access checks must be performed, even if Irp->RequestorMode is KernelMode.
IrpSp->MajorFunction is set to IRP_MJ_CREATE_NAMED_PIPE.
- IrpSp->Flags can be set to SL_FORCE_ACCESS_CHECK. If this flag is set, access checks must be performed even if the value of Irp->RequestorMode is KernelMode.
IrpSp->Parameters.CreatePipe.SecurityContext->AccessState is a pointer to an ACCESS_STATE structure containing the object’s subject context, granted access types, and remaining desired access types.
IrpSp->Parameters.CreatePipe.SecurityContext->DesiredAccess is an ACCESS_MASK structure specifying access rights requested for the named pipe. For more information, see the description of the DesiredAccess parameter to IoCreateFileSpecifyDeviceObjectHint.
IrpSp->Parameters.CreatePipe.Options is a bitmask of flags that specify the options to be applied when creating or opening the named pipe, as well as the action to be taken if the named pipe already exists.
The high 8 bits of this parameter correspond to the Disposition parameter to IoCreateFileSpecifyDeviceObjectHint.
The low 24 bits of this member correspond to the CreateOptions parameter to IoCreateFileSpecifyDeviceObjectHint.
IrpSp->Parameters.CreatePipe.ShareAccess is a bitmask of share access rights requested for the named pipe. If this member is zero, exclusive access is being requested. For more information, see the description of the ShareAccess parameter to IoCreateFileSpecifyDeviceObjectHint.
IrpSp->Parameters.CreatePipe.Parameters is a pointer to a NAMED_PIPE_CREATE_PARAMETERS structure that contains the create parameters for when the named pipe is being created.
IrpSp->FileObject Pointer to a file object that the I/O Manager creates to represent the named pipe to be created or opened. When the file system processes the IRP_MJ_CREATE_NAMED_PIPE request, it sets the FsContext and possibly FsContext2 fields in this file object to values that are file-system-specific. Thus the values of the FsContext and FsContext2 fields cannot be considered valid until after the file system has processed the create request. For more information, see File Streams, Stream Contexts, and Per-Stream Contexts.
IoCancelFileOpen (and FltCancelFileOpen) set the FO_FILE_OPEN_CANCELLED flag in the file object’s Flags field. Setting this flag indicates that the IRP_MJ_CREATE_NAMED_PIPE request has been canceled, and an IRP_MJ_CLOSE request will be issued for this file object. Once the create request has been canceled, it cannot be reissued.
The IrpSp->FileObject parameter contains a pointer to the RelatedFileObject field, which is also a FILE_OBJECT structure. The RelatedFileObject field of a FILE_OBJECT structure is used to indicate that a given named pipe has been opened relative to an already open file object. This usually indicates that the relative file is a directory but stream-based files may be opened relative to an already existing stream of a file. The RelatedFileObject field of the FILE_OBJECT structure is only valid during the processing of IRP_MJ_CREATE_NAMED_PIPE.
Named Pipes
A named pipe is a named, one-way or duplex pipe for communication between the pipe server and one or more pipe clients. All instances of a named pipe share the same pipe name, but each instance has its own buffers and handles, and provides a separate conduit for client/server communication. The use of instances enables multiple pipe clients to use the same named pipe simultaneously.
Any process can access named pipes, subject to security checks, making named pipes an easy form of communication between related or unrelated processes.
Any process can act as both a server and a client, making peer-to-peer communication possible. As used here, the term pipe server refers to a process that creates a named pipe, and the term pipe client refers to a process that connects to an instance of a named pipe. The server-side function for instantiating a named pipe is CreateNamedPipe. The server-side function for accepting a connection is ConnectNamedPipe. A client process connects to a named pipe by using the CreateFile or CallNamedPipe function.
Named pipes can be used to provide communication between processes on the same computer or between processes on different computers across a network. If the server service is running, all named pipes are accessible remotely. If you intend to use a named pipe locally only, deny access to NT AUTHORITY\NETWORK or switch to local RPC.
For more information, see the following topics:
CreateNamedPipeA function (winbase.h)
Creates an instance of a named pipe and returns a handle for subsequent pipe operations. A named pipe server process uses this function either to create the first instance of a specific named pipe and establish its basic attributes or to create a new instance of an existing named pipe.
Syntax
Parameters
The unique pipe name. This string must have the following form:
The pipename part of the name can include any character other than a backslash, including numbers and special characters. The entire pipe name string can be up to 256 characters long. Pipe names are not case sensitive.
The function fails if dwOpenMode specifies anything other than 0 or the flags listed in the following tables.
This parameter must specify one of the following pipe access modes. The same mode must be specified for each instance of the pipe.
| Mode | Meaning |
|---|---|
| PIPE_ACCESS_DUPLEX 0x00000003 | The pipe is bi-directional; both server and client processes can read from and write to the pipe. This mode gives the server the equivalent of GENERIC_READ and GENERIC_WRITE access to the pipe. The client can specify GENERIC_READ or GENERIC_WRITE, or both, when it connects to the pipe using the CreateFile function. |
| PIPE_ACCESS_INBOUND 0x00000001 | The flow of data in the pipe goes from client to server only. This mode gives the server the equivalent of GENERIC_READ access to the pipe. The client must specify GENERIC_WRITE access when connecting to the pipe. If the client must read pipe settings by calling the GetNamedPipeInfo or GetNamedPipeHandleState functions, the client must specify GENERIC_WRITE and FILE_READ_ATTRIBUTES access when connecting to the pipe. |
| PIPE_ACCESS_OUTBOUND 0x00000002 | The flow of data in the pipe goes from server to client only. This mode gives the server the equivalent of GENERIC_WRITE access to the pipe. The client must specify GENERIC_READ access when connecting to the pipe. If the client must change pipe settings by calling the SetNamedPipeHandleState function, the client must specify GENERIC_READ and FILE_WRITE_ATTRIBUTES access when connecting to the pipe. |
В
This parameter can also include one or more of the following flags, which enable the write-through and overlapped modes. These modes can be different for different instances of the same pipe.
| Mode | Meaning |
|---|---|
| FILE_FLAG_FIRST_PIPE_INSTANCE 0x00080000 | If you attempt to create multiple instances of a pipe with this flag, creation of the first instance succeeds, but creation of the next instance fails with ERROR_ACCESS_DENIED. |
| FILE_FLAG_WRITE_THROUGH 0x80000000 | Write-through mode is enabled. This mode affects only write operations on byte-type pipes and, then, only when the client and server processes are on different computers. If this mode is enabled, functions writing to a named pipe do not return until the data written is transmitted across the network and is in the pipe’s buffer on the remote computer. If this mode is not enabled, the system enhances the efficiency of network operations by buffering data until a minimum number of bytes accumulate or until a maximum time elapses. |
| FILE_FLAG_OVERLAPPED 0x40000000 | Overlapped mode is enabled. If this mode is enabled, functions performing read, write, and connect operations that may take a significant time to be completed can return immediately. This mode enables the thread that started the operation to perform other operations while the time-consuming operation executes in the background. For example, in overlapped mode, a thread can handle simultaneous input and output (I/O) operations on multiple instances of a pipe or perform simultaneous read and write operations on the same pipe handle. If overlapped mode is not enabled, functions performing read, write, and connect operations on the pipe handle do not return until the operation is finished. The ReadFileEx and WriteFileEx functions can only be used with a pipe handle in overlapped mode. The ReadFile, WriteFile, ConnectNamedPipe, and TransactNamedPipe functions can execute either synchronously or as overlapped operations. |
В
This parameter can include any combination of the following security access modes. These modes can be different for different instances of the same pipe.
| Mode | Meaning |
|---|---|
| WRITE_DAC 0x00040000L | The caller will have write access to the named pipe’s discretionary access control list (ACL). |
| WRITE_OWNER 0x00080000L | The caller will have write access to the named pipe’s owner. |
| ACCESS_SYSTEM_SECURITY 0x01000000L | The caller will have write access to the named pipe’s SACL. For more information, see Access-Control Lists (ACLs) and SACL Access Right. |
The function fails if dwPipeMode specifies anything other than 0 or the flags listed in the following tables.
One of the following type modes can be specified. The same type mode must be specified for each instance of the pipe.
| Mode | Meaning |
|---|---|
| PIPE_TYPE_BYTE 0x00000000 | Data is written to the pipe as a stream of bytes. This mode cannot be used with PIPE_READMODE_MESSAGE. The pipe does not distinguish bytes written during different write operations. |
| PIPE_TYPE_MESSAGE 0x00000004 | Data is written to the pipe as a stream of messages. The pipe treats the bytes written during each write operation as a message unit. The GetLastError function returns ERROR_MORE_DATA when a message is not read completely. This mode can be used with either PIPE_READMODE_MESSAGE or PIPE_READMODE_BYTE. |
В
One of the following read modes can be specified. Different instances of the same pipe can specify different read modes.
| Mode | Meaning |
|---|---|
| PIPE_READMODE_BYTE 0x00000000 | Data is read from the pipe as a stream of bytes. This mode can be used with either PIPE_TYPE_MESSAGE or PIPE_TYPE_BYTE. |
| PIPE_READMODE_MESSAGE 0x00000002 | Data is read from the pipe as a stream of messages. This mode can be only used if PIPE_TYPE_MESSAGE is also specified. |
В
One of the following wait modes can be specified. Different instances of the same pipe can specify different wait modes.
| Mode | Meaning | ||||||
|---|---|---|---|---|---|---|---|
| PIPE_WAIT 0x00000000 | Blocking mode is enabled. When the pipe handle is specified in the ReadFile, WriteFile, or ConnectNamedPipe function, the operations are not completed until there is data to read, all data is written, or a client is connected. Use of this mode can mean waiting indefinitely in some situations for a client process to perform an action. | ||||||
| PIPE_NOWAIT 0x00000001 | Nonblocking mode is enabled. In this mode, ReadFile, WriteFile, and ConnectNamedPipe always return immediately. Note that nonblocking mode is supported for compatibility with Microsoft LAN Manager version 2.0 and should not be used to achieve asynchronous I/O with named pipes. For more information on asynchronous pipe I/O, see Synchronous and Overlapped Input and Output. One of the following remote-client modes can be specified. Different instances of the same pipe can specify different remote-client modes.
The maximum number of instances that can be created for this pipe. The first instance of the pipe can specify this value; the same number must be specified for other instances of the pipe. Acceptable values are in the range 1 through PIPE_UNLIMITED_INSTANCES (255). If this parameter is PIPE_UNLIMITED_INSTANCES, the number of pipe instances that can be created is limited only by the availability of system resources. If nMaxInstances is greater than PIPE_UNLIMITED_INSTANCES, the return value is INVALID_HANDLE_VALUE and GetLastError returns ERROR_INVALID_PARAMETER. The number of bytes to reserve for the output buffer. For a discussion on sizing named pipe buffers, see the following Remarks section. The number of bytes to reserve for the input buffer. For a discussion on sizing named pipe buffers, see the following Remarks section. The default time-out value, in milliseconds, if the WaitNamedPipe function specifies NMPWAIT_USE_DEFAULT_WAIT. Each instance of a named pipe must specify the same value. A value of zero will result in a default time-out of 50 milliseconds. A pointer to a SECURITY_ATTRIBUTES structure that specifies a security descriptor for the new named pipe and determines whether child processes can inherit the returned handle. If lpSecurityAttributes is NULL, the named pipe gets a default security descriptor and the handle cannot be inherited. The ACLs in the default security descriptor for a named pipe grant full control to the LocalSystem account, administrators, and the creator owner. They also grant read access to members of the Everyone group and the anonymous account. Return valueIf the function succeeds, the return value is a handle to the server end of a named pipe instance. If the function fails, the return value is INVALID_HANDLE_VALUE. To get extended error information, call GetLastError. RemarksTo create an instance of a named pipe by using CreateNamedPipe, the user must have FILE_CREATE_PIPE_INSTANCE access to the named pipe object. If a new named pipe is being created, the access control list (ACL) from the security attributes parameter defines the discretionary access control for the named pipe. All instances of a named pipe must specify the same pipe type (byte-type or message-type), pipe access (duplex, inbound, or outbound), instance count, and time-out value. If different values are used, this function fails and GetLastError returns ERROR_ACCESS_DENIED. A client process connects to a named pipe by using the CreateFile or CallNamedPipe function. The client side of a named pipe starts out in byte mode, even if the server side is in message mode. To avoid problems receiving data, set the client side to message mode as well. To change the mode of the pipe, the pipe client must open a read-only pipe with GENERIC_READ and FILE_WRITE_ATTRIBUTES access. The pipe server should not perform a blocking read operation until the pipe client has started. Otherwise, a race condition can occur. This typically occurs when initialization code, such as the C run-time, needs to lock and examine inherited handles. Every time a named pipe is created, the system creates the inbound and/or outbound buffers using nonpaged pool, which is the physical memory used by the kernel. The number of pipe instances (as well as objects such as threads and processes) that you can create is limited by the available nonpaged pool. Each read or write request requires space in the buffer for the read or write data, plus additional space for the internal data structures. The input and output buffer sizes are advisory. The actual buffer size reserved for each end of the named pipe is either the system default, the system minimum or maximum, or the specified size rounded up to the next allocation boundary. The buffer size specified should be small enough that your process will not run out of nonpaged pool, but large enough to accommodate typical requests. Whenever a pipe write operation occurs, the system first tries to charge the memory against the pipe write quota. If the remaining pipe write quota is enough to fulfill the request, the write operation completes immediately. If the remaining pipe write quota is too small to fulfill the request, the system will try to expand the buffers to accommodate the data using nonpaged pool reserved for the process. The write operation will block until the data is read from the pipe so that the additional buffer quota can be released. Therefore, if your specified buffer size is too small, the system will grow the buffer as needed, but the downside is that the operation will block. If the operation is overlapped, a system thread is blocked; otherwise, the application thread is blocked. To free resources used by a named pipe, the application should always close handles when they are no longer needed, which is accomplished either by calling the CloseHandle function or when the process associated with the instance handles ends. Note that an instance of a named pipe may have more than one handle associated with it. An instance of a named pipe is always deleted when the last handle to the instance of the named pipe is closed. WindowsВ 10, version 1709:В В Pipes are only supported within an app-container; ie, from one UWP process to another UWP process that’s part of the same app. Also, named pipes must use the syntax «\.\pipe\LOCAL» for the pipe name. |
