| page_type | description | languages | products | |||
|---|---|---|---|---|---|---|
sample |
A tool to monitor and capture real-time traffic in windwos named pipe. |
|
|
The NPmon is a tool to monitor and capture real-time traffic in windwos named pipe. NPmon is implemented as a minifilter.
This project builds a Universal Windows Driver. It uses only APIs and DDIs that are included in OneCoreUAP.
NPmon consists of both user-mode and kernel-mode components. The kernel-mode component registers callback functions that correspond to read/write operations on named pipes with the filter manager. These callback functions help observe I/O activity on named pipes. When a user can request the recorded information, the recorded information is passed to the user-mode component, which can either output it on screen or log it to a file on disk.
To observe I/O activity on named pipes from a specific process, you must explicitly provide PID by using the Minispy user-mode component. Similarly, you can request Minispy to stop logging data for a particular process.
For more information on file system minifilter design, start with the File System Minifilter Drivers section in the Installable File Systems Design Guide.