where can get the all pipe_names details?some net\NtControlPipelook like connect with CMD /NETSTAT -ANO -------------------------------------clients:\\[host_name]\pipe\[pipe_name]\\\.\pipe\pipe_nameservers:\\.\pipe\pipe_name----------------------------------------------C:\Documents and Settings\user\My Documents\SysinternalsSuite>pipelist.exe PipeList v1.01by Mark Russinovichhttp://www.sysinternals.com Pipe Name Instances Max Instances--------- --------- -------------TerminalServer\AutoReconnect 1 1InitShutdown 2 -1lsass 6 -1protected_storage 2 -1SfcApi 2 -1ntsvcs 4 -1scerpc 2 -1net\NtControlPipe1 1 1net\NtControlPipe2 1 1net\NtControlPipe3 1 1Winsock2\CatalogChangeListener-4f8-0 1 1net\NtControlPipe4 1 1net\NtControlPipe0 1 1net\NtControlPipe5 1 1net\NtControlPipe6 1 1atsvc 2 -1epmapper 2 -1net\NtControlPipe7 1 1winlogonrpc 3 -1spoolss 2 -1wkssvc 3 -1net\NtControlPipe8 1 1DAV RPC SERVICE 3 -1keysvc 2 -1PCHHangRepExecPipe 1 8PCHFaultRepExecPipe 1 8net\NtControlPipe12 1 1srvsvc 3 -1net\NtControlPipe13 1 1winreg 2 -1net\NtControlPipe14 1 1trkwks 2 -1W32TIME 2 -1net\NtControlPipe15 1 1OIPC_TMLISTEN_PIPE_2218EBAB_63F8_49E4_930C_AF69E77928AF 1 1net\NtControlPipe16 1 1PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER 2 -1OIPC_NTRTSCAN_PIPE_2218EBAB_63F8_49E4_930C_AF69E77928AF 1 1Ctx_WinStation_API_service 2 -1Spooler\LPT1 10 -1net\NtControlPipe18 1 1ROUTER 13 -1Winsock2\CatalogChangeListener-568-0 1 1OIPC_PFW_PIPE_2218EBAB_63F8_49E4_930C_AF69E77928AF 1 1 browser 2 -1net\NtControlPipe19 1 1 C:\Documents and Settings\user\My Documents\SysinternalsSuite>-------------------------C:\Documents and Settings\user\My Documents\pipesec100>pipesec.exe Win32 Pipe Security Viewer V1.0Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.orgAvailable pipes on Local Computer:\\.\pipe\TerminalServer\AutoReconnect\\.\pipe\InitShutdown\\.\pipe\lsass\\.\pipe\protected_storage\\.\pipe\SfcApi\\.\pipe\ntsvcs\\.\pipe\scerpc\\.\pipe\net\NtControlPipe1\\.\pipe\net\NtControlPipe2\\.\pipe\net\NtControlPipe3\\.\pipe\Winsock2\CatalogChangeListener-4f8-0\\.\pipe\net\NtControlPipe4\\.\pipe\net\NtControlPipe0\\.\pipe\net\NtControlPipe5\\.\pipe\net\NtControlPipe6\\.\pipe\atsvc\\.\pipe\epmapper\\.\pipe\net\NtControlPipe7\\.\pipe\winlogonrpc\\.\pipe\spoolss\\.\pipe\wkssvc\\.\pipe\net\NtControlPipe8\\.\pipe\DAV RPC SERVICE\\.\pipe\keysvc\\.\pipe\PCHHangRepExecPipe\\.\pipe\PCHFaultRepExecPipe\\.\pipe\net\NtControlPipe12\\.\pipe\srvsvc\\.\pipe\net\NtControlPipe13\\.\pipe\winreg\\.\pipe\net\NtControlPipe14\\.\pipe\trkwks\\.\pipe\W32TIME\\.\pipe\net\NtControlPipe15\\.\pipe\OIPC_TMLISTEN_PIPE_2218EBAB_63F8_49E4_930C_AF69E77928AF\\.\pipe\net\NtControlPipe16\\.\pipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER\\.\pipe\OIPC_NTRTSCAN_PIPE_2218EBAB_63F8_49E4_930C_AF69E77928AF\\.\pipe\Ctx_WinStation_API_service\\.\pipe\Spooler\LPT1\\.\pipe\net\NtControlPipe18\\.\pipe\ROUTER\\.\pipe\Winsock2\CatalogChangeListener-568-0\\.\pipe\OIPC_PFW_PIPE_2218EBAB_63F8_49E4_930C_AF69E77928AF\\.\pipe\browser\\.\pipe\net\NtControlPipe19

Win32 Pipe Security Viewer V1.0 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Available pipes on Local Computer: \\.\pipe\InitShutdown------------------- winlogon.exe \\.\pipe\lsass---------------------services.msc \\.\pipe\protected_storage--------- services.msc \\.\pipe\SfcApi-------------------- winlogon.exe \\.\pipe\ntsvcs-------------------------services.msc/ PlugPlay \\.\pipe\scerpc--------------------- services.msc /services.exe \\.\pipe\atsvc Microsoft AT-Scheduler Service (ATSVC) This is a DCE/RPC based protocol used by CIFS hosts to access/control the AT-Scheduler Service across a network. This dissector is described by an IDL file and is automatically generated by the Pidl compiler. The ATSvc RPC interface provides methods to control scheduled tasks. All the ATSvc methods MUST have administrator privileges, as specified in section 3.2.5 and its subsections. If the server implements the ATSvc interface, it MUST implement the methods as specified in the following table. Matask.exe/schtasks.exe \\.\pipe\epmapper-----------------------------------port 135/ svchost.exe/RpcSs \\.\pipe\winlogonrpc-------------------------------- winlogon.exe \\.\pipe\spoolss------------------------------------Microsoft Spool Subsystem SPOOLSS uses DCE/RPC as its transport protocol \\.\pipe\wkssvc---------------------------------------- svchost.exe (wxp and w2k3) \\.\pipe\DAV RPC SERVICE -----------------------------WebClient \\.\pipe\keysvc--------------------------------------- CryptSvc \\.\pipe\srvsvc---------------- -------------------svchost.exe (wxp and w2k3) \\.\pipe\winreg------------------------------ services.msc /RemoteRegistry // Reserved Key Handles. // #define HKEY_CLASSES_ROOT (( HKEY ) 0x80000000 ) #define HKEY_CURRENT_USER (( HKEY ) 0x80000001 ) #define HKEY_LOCAL_MACHINE (( HKEY ) 0x80000002 ) #define HKEY_USERS (( HKEY ) 0x80000003 ) #define HKEY_PERFORMANCE_DATA (( HKEY ) 0x80000004 ) #if(WINVER >= 0x0400) #define HKEY_CURRENT_CONFIG (( HKEY ) 0x80000005 ) #define HKEY_DYN_DATA (( HKEY ) 0x80000006 ) \\.\pipe\trkwks-------------------------------- services.msc \\.\pipe\W32TIME-------------------------------- services.msc \\.\pipe\Ctx_WinStation_API_service------------- services.msc /termsrv.exe \\.\pipe\Spooler\LPT1--------------------------- services.msc /port \\.\pipe\ROUTER----------------- Remote Access mprdim.dll \\.\pipe\OIPC_PFW_PIPE_2218EBAB_63F8_49E4_930C_AF69E77928AF \\.\pipe\browser-------------------------------- services.msc Below havenot google yet \\.\pipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER CIMV2SCM --Common Information model version2 Service Control Manager \\.\pipe\TerminalServer\AutoReconnect \\.\pipe\Winsock2\CatalogChangeListener-4f8-0 \\.\pipe\Winsock2\CatalogChangeListener-568-0 \\.\pipe\OIPC_TMLISTEN_PIPE_2218EBAB_63F8_49E4_930C_AF69E77928AF \\.\pipe\OIPC_NTRTSCAN_PIPE_2218EBAB_63F8_49E4_930C_AF69E77928AF \\.\pipe\PCHHangRepExecPipe \\.\pipe\PCHFaultRepExecPipe \\.\pipe\net\NtControlPipe0/19 google below just now:Named pipes used by MSRPC servershttp://www.hsc.fr/ressources/articles/win_net_srv/well_known_named_pipes.html Named pipeDescriptionService or processInterface identifier atsvc atsvc interface (Scheduler service) mstask.exe 1ff70682-0a51-30e8-076d-740be8cee98b v1.0 AudioSrv AudioSrv interface (Windows Audio service) AudioSrv 3faf4738-3a21-4307-b46c-fdda9bb8c0d5 v1.0 browser (ntsvcs alias) browser interface (Computer Browser service) Browser 6bffd098-a112-3610-9833-012892020162 v0.0 cert ICertPassage interface (Certificate services) certsrv.exe 91ae6020-9e3c-11cf-8d7c-00aa00c091be v0.0 Ctx_Winstation_API_Service winstation_rpc interface termsrv.exe 5ca4a760-ebb1-11cf-8611-00a0245420ed v1.0 DAV RPC SERVICE davclntrpc interface (WebDAV client service) WebClient c8cb7687-e6d3-11d2-a958-00c04f682e16 v1.0 dnsserver DnsServer interface (DNS Server service) dns.exe 50abc2a4-574d-40b3-9d66-ee4fd5fba076 v5.0 epmapper epmp interface (RPC endpoint mapper) RpcSs e1af8308-5d1f-11c9-91a4-08002b14a0fa v3.0 eventlog (ntsvcs alias) eventlog interface (Eventlog service) Eventlog 82273fdc-e32a-18c3-3f78-827929dc23ea v0.0 HydraLsPipe Terminal Server Licensing lserver.exe 3d267954-eeb7-11d1-b94e-00c04fa3080d v1.0 InitShutdown InitShutdown interface winlogon.exe 894de0c0-0d55-11d3-a322-00c04fa321a1 v1.0 keysvc IKeySvc interface (Cryptographic services) CryptSvc 8d0ffe72-d252-11d0-bf8f-00c04fd9126b v1.0 keysvc ICertProtect interface (Cryptographic services) CryptSvc 0d72a7d4-6148-11d1-b4aa-00c04fb66ea0 v1.0 locator NsiS interface (RPC Locator service) locator.exe d6d70ef0-0e3b-11cb-acc3-08002b1d29c4 v1.0 llsrpc llsrpc interface (Licensing Logging service) llssrv.exe 342cfd40-3c6c-11ce-a893-08002b2e9c6d v0.0 lsarpc (lsass alias) lsarpc interface lsass.exe 12345778-1234-abcd-ef00-0123456789ab v0.0 lsarpc (lsass alias) dssetup interface lsass.exe 3919286a-b10c-11d0-9ba8-00c04fd92ef5 v0.0 msgsvc (ntsvcs alias) msgsvcsend interface (Messenger service) messenger 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc v1.0 nddeapi nddeapi interface (NetDDE service) netdde.exe 2f5f3220-c126-1076-b549-074d078619da v1.2 netdfs netdfs interface (Distributed File System service) Dfssvc 4fc742e0-4a10-11cf-8273-00aa004ae673 v3.0 netlogon (lsass alias) netlogon interface (Net Logon service) Netlogon 12345678-1234-abcd-ef00-01234567cffb v1.0 ntsvcs pnp interface (Plug and Play service) PlugPlay 8d9f4e40-a03d-11ce-8f69-08003e30051b v1.0 plugplay pnp interface (Plug and Play Windows Vista service) PlugPlay 8d9f4e40-a03d-11ce-8f69-08003e30051b v1.0 policyagent PolicyAgent interface (IPSEC Policy Agent (Windows 2000)) PolicyAgent d335b8f6-cb31-11d0-b0f9-006097ba4e54 v1.5 ipsec winipsec interface (IPsec Services) PolicyAgent 12345678-1234-abcd-ef00-0123456789ab v1.0 ProfMapApi pmapapi interface winlogon.exe 369ce4f0-0fdc-11d3-bde8-00c04f8eee78 v1.0 protected_storage IPStoreProv interface (Protected Storage) lsass.exe c9378ff1-16f7-11d0-a0b2-00aa0061426a v1.0 ROUTER Remote Access mprdim.dll 8f09f000-b7ed-11ce-bbd2-00001a181cad v0.0 samr (lsass alias) samr interface lsass.exe 12345778-1234-abcd-ef00-0123456789ac v1.0 scerpc SceSvc services.exe 93149ca2-973b-11d1-8c39-00c04fb984f9 v0.0 SECLOGON ISeclogon interface (Secondary logon service) seclogon 12b81e99-f207-4a4c-85d3-77b42f76fd14 v1.0 SfcApi sfcapi interface (Windows File Protection) winlogon.exe 83da7c00-e84f-11d2-9807-00c04f8ec850 v2.0 spoolss spoolss interface (Spooler service) spoolsv.exe 12345678-1234-abcd-ef00-0123456789ab v1.0 srvsvc (ntsvcs alias) srvsvc interface (Server service) services.exe (w2k) or svchost.exe (wxp and w2k3) 4b324fc8-1670-01d3-1278-5a47bf6ee188 v3.0 ssdpsrv ssdpsrv interface (SSDP service) ssdpsrv 4b112204-0e19-11d3-b42b-0000f81feb9f v1.0 svcctl (ntsvcs alias) svcctl interface (Services control manager) services.exe 367aeb81-9844-35f1-ad32-98f038001003 v2.0 tapsrv tapsrv interface (Telephony service) Tapisrv 2f5f6520-ca46-1067-b319-00dd010662da v1.0 trkwks trkwks interface (Distributed Link Tracking Client) Trkwks 300f3532-38cc-11d0-a3f0-0020af6b0add v1.2 W32TIME (ntsvcs alias) w32time interface (Windows Time (Windows 2000 and XP)) w32time 8fb6d884-2388-11d0-8c35-00c04fda2795 v4.1 W32TIME_ALT w32time interface (Windows Time (Windows Server 2003, Windows Vista)) w32time 8fb6d884-2388-11d0-8c35-00c04fda2795 v4.1 winlogonrpc GetUserToken interface winlogon.exe a002b3a0-c9b7-11d1-ae88-0080c75e4ec1 v1.0 winreg winreg interface (Remote registry service) RemoteRegistry 338cd001-2244-31f1-aaaa-900038001003 v1.0 winspipe winsif interface (WINS service) wins.exe 45f52c28-7f9f-101a-b52b-08002b2efabe v1.0 wkssvc (ntsvcs alias) wkssvc interface (Workstation service) services.exe (w2k) or svchost.exe (wxp and w2k3) 6bffd098-a112-3610-9833-46c3f87e345a v1.0

Hi There,I would first suggest you to understand the scope of hte workYou use pipe when you want to establish communication between processes . Understand about a) anonymous pipes b) named pipes you will be using \\.pipe\pipename when you use createnamedpipe and not during accessing shares eg; \\servername\sharename.Please understand that a) mailslots B) pipes c) namedpipes etc...are form of interprocess communication and applicatoins makes use of these for handling communication across 2 applications / processes

thank you very much!maybe pipe (anonymous/named)is LPC communication,pipe+MSRPC protocol can RPC communication

FSD:file system driverhttp://www.codeproject.com/KB/threads/dotnetnamedpipespart1.aspx?msg=1515670 IPC Mechanism Win2000 WinNT Win9x Win32s(1) Win16(2) MS-DOS(2) POSIX OS/2 ------------- ----- ----- ------ -------- -------- -------- ----- ----- DDE YES YES YES YES YES NO NO NO OLE 1.0 YES YES YES YES YES NO NO NO OLE 2.0 YES YES YES YES YES NO NO NO NetBIOS YES YES YES YES YES YES NO YES Named pipes YES YES YES(3) YES(3) YES(3) YES(3) YES(4) YES Windows sockets YES(5) YES(5) YES YES YES(5) NO NO(6) NO Mailslots YES YES YES YES(3) NO NO NO YES Semaphores YES YES YES NO NO NO YES YES RPC YES YES YES(7) YES(8) YES YES NO NO Mem-Mapped File YES YES YES YES NO NO NO NO WM_COPYDATA YES YES YES YES(9) YES NO NO NO

Hi ,Please understnad that When components communicating within same system they uses LPC , eg: LSASS and GINA communicates using LPC (lsasrv.dll) and components which communicate with other subsystem uses RPC eg: Active directory

http://zh.wikipedia.org/wiki/CORBAlinux lpc: --------------------------------------CORBA:Common Object Request Broker ArchitectureCORBA/GIOP:

Hi ,Please understnad that When components communicating within same system they uses LPC , eg: LSASS and GINA communicates using LPC (lsasrv.dll) and components which communicate with other subsystem uses RPC eg: Active directory thank you very much!GINA :Graphical Identification and Authentication

Hi therecan i know what do you want to learn in windows so that we can assist you better

thank you very much!no goals yet,first step I want knows deeply all the contents from cmd.exe/msinfo32.exe,but I find many words in msinfo32.exe is only a title of a hard books..........

Hi There,I would first suggest you to read through the a) object manager : windows is implemented in Object manager in one word, every communication will hit the OM first .b) SRM : if you want to understand the Local security policies, LSASS communication go through the SRM .c) Memory manager; one of the challenging but worth understanding d) Process and Thread : Windows is most similar to unix and i would say any thing and everything is finally a thread / mutex / semaphore / job so you need ot understand them e) Networking : essential and wide component in windowsI would recommend you to study the above concepts and then switch over to driver development , or else u wouldnt understnad much of the things.

thank you very much!object mgr :google in winobj.exehttp://mj198798.spaces.live.com/blog/cns!71FA34CE1810F8EC!248.entry?sa=660730065TABLE 1: Object Types and Defining Subsystems Object Type Represents Defining Subsystem Object type Object type object Object Manager Directory Object namespace Object Manager SymbolicLink Object namespace Object Manager Event Synchronization primitive Executive EventPair Synchronization primitive Executive Mutant Synchronization primitive Executive Semaphore Synchronization primitive Executive Windows Station Login session Win32 Desktop Windows desktop Win32 Timer Timer notifications Executive File Tracks open files I/O Manager IoCompletion Tracks I/O completion notifications I/O Manager Adapter DMA resource I/O Manager Controller DMA controller I/O Manager Device Logical or physical device I/O Manager Driver Device driver I/O Manager Key Doorway to the Registry Configuration Manager Port Communications channel LPC Facility Section Memory mapping Memory Manager Process Active process Process Manager Thread Active thread Process Manager Token Process security profile Process Manager Profile Performance monitoring Kernel

+------->| ( OBJECT_HEADER_QUOTA_INFO ) | | +---->| ( OBJECT_HEADER_HANDLE_INFO ) | | | +->| ( OBJECT_HEADER_NAME_INFO ) | | | | ( OBJECT_HEADER_CREATOR_INFO ) | | | | +------------------------[ Object Header ]-----------------------+ | | | | nt!_OBJECT_HEADER | | | | | ( OBJECT_HEADER_CREATOR_INFO ) | | | | +------------------------[ Object Header ]-----------------------+ | | | | nt!_OBJECT_HEADER | | | | | +0x000 PointerCount : Int4B | | | | | +0x004 HandleCount : Int4B | | | | | +0x004 NextToFree : Ptr32 Void | [Page]| | | | +0x008 Type : Ptr32 _OBJECT_TYPE | | | +--| +0x00c NameInfoOffset : UChar | | +-----| +0x00d HandleInfoOffset : UChar | +--------| +0x00e QuotaInfoOffset : UChar | | +0x00f Flags : UChar | | +0x010 ObjectCreateInfo : Ptr32 _OBJECT_Create_INFORMATION | --------------------------------------