Description

Copies data from a named or anonymous pipe into a buffer without removing it from the pipe. It also returns information about data in the pipe.

Note

This function is popular with reverse shells.

Syntax

BOOL WINAPI PeekNamedPipe(
  _In_      HANDLE  hNamedPipe,
  _Out_opt_ LPVOID  lpBuffer,
  _In_      DWORD   nBufferSize,
  _Out_opt_ LPDWORD lpBytesRead,
  _Out_opt_ LPDWORD lpTotalBytesAvail,
  _Out_opt_ LPDWORD lpBytesLeftThisMessage
);

Parameters

hNamedPipe [in]

A handle to the pipe. This parameter can be a handle to a named pipe instance, as returned by the CreateNamedPipe or CreateFile function, or it can be a handle to the read end of an anonymous pipe, as returned by the CreatePipe function. The handle must have GENERIC_READ access to the pipe.

lpBuffer [out, optional]

A pointer to a buffer that receives data read from the pipe. This parameter can be NULL if no data is to be read.

nBufferSize [in]

The size of the buffer specified by the lpBuffer parameter, in bytes. This parameter is ignored if lpBuffer is NULL.

lpBytesRead [out, optional]

A pointer to a variable that receives the number of bytes read from the pipe. This parameter can be NULL if no data is to be read.

lpTotalBytesAvail [out, optional]

A pointer to a variable that receives the total number of bytes available to be read from the pipe. This parameter can be NULL if no data is to be read.

lpBytesLeftThisMessage [out, optional]

A pointer to a variable that receives the number of bytes remaining in this message. This parameter will be zero for byte-type named pipes or for anonymous pipes. This parameter can be NULL if no data is to be read.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.