Named Pipe Kernel Security

This automated test verifies that only kernel-mode requestors can invoke SCTL_PIPE_INTERNAL_TRANSCEIVE, because this command can read kernel memory.

Test details

Associated requirements

Filter.Driver.AntiVirus.MiniFilter Filter.Driver.AntiVirus.NamedPipeAndMailSlots Filter.Driver.FileSystem.MiniFilter Filter.Driver.FileSystem.NamedPipeAndMailSlots

See the filter hardware requirements.

Platforms

Windows 8 (x64) Windows 8 (x86) Windows Server 2012 (x64) Windows 8.1 x64 Windows 8.1 x86 Windows Server 2012 R2

Expected run time

~30 minutes

Categories

Certification Functional

Type

Automated

 

Running the test

Before you run the test, complete the test setup as described in the test requirements: File System Testing Prerequisites.

To run this test, follow these steps:

  1. Copy the test binaries that are listed in the File List section locally.

  2. Run the following command: npfsregr.exe

  3. The expected Pass count is 1. Inspect the log file for the presence of +SEV error tags. If you do not find any instances of this tag, the test has passed.

Troubleshooting

For troubleshooting information, see Troubleshooting File System Testing.

This test returns Pass or Fail. To review test details, review the test log from Windows Hardware Certification Kit (Windows HCK) Studio.

More information

Command syntax

This test does not accept command-line parameters.

File list

File Location

Npfsregr.exe

[WTT\TestBinRoot]\NTTEST\BASETEST\kernel\misc\npfsregr.exe

Ntlog.dll

[WTT\OsBinRoot]\ddk_flat\DTM\tests\ntlog\ntlog.dll

Ntlogger.ini

[WTT\OsBinRoot]\ddk_flat\DTM\tests\ntlog\ntlogger.ini

 

 

 

Send comments about this topic to Microsoft