Is there any way to sniff named pipe traffic in Windows?

Question

Is there any tool that can monitor/capture/sniff named pipe traffic?

Even when max instance = 1?

score 10 · Accepted Answer · edited Mar 14 '20 at 15:38

10

There's no official way.

Use API hooking. Hook ReadFile and/or WriteFile, maybe also CreateFileA/W (assuming that the app is a pipe client) and do the necessary things on their invocation.

Microsoft has also its own library for API hooking - Detours .

edited Mar 14 '20 at 15:38

X. Liu

1,070
11
30

answered Apr 15 '11 at 01:16

ivan_pozdeev

33,874
19
107
152

Is there any way to sniff named pipe traffic in Windows?

1 Answers1