Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.
Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).
In case of pipe monitoring on Windows, can we know that the actually examined process what kind of IPC method it is using? (Pipe, sockets or shared memory etc.)
Sorry, if it is a trivial question!
Based on the screenshot below, there is a file being sent from the process. I would like to know which type of IPC the process was using in this case.
![0_1736967033591_3d57a8db-494f-4fba-a2c6-5477ef6b0e91-image.png](Uploading 0%)
The screenshot failed to upload; could you try again, please?
Regarding the IPC method, well, the Pipe Monitor shows communications over named and anonymous pipes. To see if a particular read or write is issued over an anonymous or named pipe (and the name of the pipe), you have to follow the log up all the way to the pipe open operation for this particular file ID; there you'll see the file name and the role (client or server).
@vladimir
Thanks for your quick response!
So in this snapshot I went to the file ID. This should be an anonymous pipe.
while in the below snapshot, we can now the file in the first case (and the file serves as a client) As far as I undesrtand.
Are those little icons on the snapshot indicates the type of connection besides it is a pipe? (Socket, shared memory, message queue)
Pipe Monitor shows named and anonymous pipes only.
Anonymous pipe opens will be marked as (unnamed). If you run a Win32 code to create anonymous pipes such as:
(unnamed)
HANDLE hReadPipe; HANDLE hWritePipe; dword_t actualSize; char data[] = "abcdefghi"; char buffer[1024]; ::CreatePipe(&hReadPipe, &hWritePipe, NULL, 0); ::WriteFile(hWritePipe, data, sizeof(data), &actualSize, NULL); ::ReadFile(hReadPipe, buffer, sizeof(buffer), &actualSize, NULL); ::CloseHandle(hReadPipe); ::CloseHandle(hWritePipe);
You should see something like: