Creating Named Pipe in protected mode.

Forum|Forum|6 years ago
March 10, 2020
1 reply
2796 views

Hello i have an issue with creating COM objects in protected mode. As far as i know this type of action is forbiden in protected mode so i found this link. It says that I able to create named pipe if I specify something in NAMEDPIPES_ALLOW_ANY section. I tried with different naming and formats without result.
To be more clear i have a host application where named pipe created (C# application) and i want to connect to it from Adobe plug-in.

Also I looked at broker process but didn't found any information about possibility of creating COM objects if i implement custom broker.

So my question is: what name format should be at NAMEDPIPES_ALLOW_ANY to allow me create named pipe?

This topic has been closed for replies.

T

Test Screen Name

Legend

I’ve never worked with this but perhaps we can check your work. Please describe all the steps in detail that you have used to set the policy to enable named pipes.

yevheniiy81221888Author

Known Participant

Thx for your help.
1. I have host application where I created named pipe like this:

Task.Factory.StartNew(() =>
                {
                    var server = new NamedPipeServerStream("foo");
                    server.WaitForConnection();
                    StreamWriter writer = new StreamWriter(server);

                    while (true)
                    {
                        writer.WriteLine("hello");
                        writer.Flush();
                    }
                });

2. In Adobe plug-in (ACCB1 ASBool ACCB2 PluginInit(void) function) I tried to connect to it :

HANDLE hPipe;

hPipe = CreateFile(TEXT("\\\\.\\pipe\\foo"),
		GENERIC_READ | GENERIC_WRITE,
		0,
		NULL,
		OPEN_EXISTING,
		0,
		NULL);

if (hPipe != INVALID_HANDLE_VALUE)
{
 // do stuff 
}

And I always get INVALID_HANDLE_VALUE result.

Add setting in reg. (HKLM_Software/Policies/Adobe/Acrobat Reader/DC/FeatureLockDown/bUseWhitelistConfigFile = 1)
In ProtectedModeWhitelistConfig.txt file which placed in C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader folder I added this lines :

FILES_ALLOW_ANY = pipe\*
NAMEDPIPES_ALLOW_ANY = \.\pipe\foo

I tried different string patterns in NAMEDPIPES_ALLOW_ANY section :
\\\\.\\pipe\\foo.*

\\\\.\\pipe\\foo
pipe\foo.*
pipe\foo
pipe\*
\\\\.\\pipe\\*
\.\pipe\*

Tried put only pipe name.
As well as at FILES_ALLOW_ANY section.
Also i enabled logs

Go to HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\(version)\Privileged.
Right click and choose New > REG_SZ Value.
Create tBrokerLogfilePath.
Right click on tBrokerLogfilePath and choose Modify.
Set the value. For example: C:\DOCUME~1\<username>\LOCALS~1\Temp\BrL4FBA.tmp.

Log :

[03:10/16:53:53] NtCreateFile: STATUS_ACCESS_DENIED
[03:10/16:53:53] real path: \??\pipe\foo
[03:10/16:53:53] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY

I got this message every time with different string pattern.

yevheniiy81221888Author

Known Participant

I looked for info on \?? And find it has a specific meaning, see https://superuser.com/questions/1069055/what-is-the-function-of-question-marks-in-file-system-paths-in-windows-registry . I suggest you use the exact path shown in the message with the same number of \ and ?

You write it creates a path of the form starting\\.\\\\pipe but it does not. The \\ doubling is only part of C string constants and so the name is starting \.\pipe

Thx, i aware of C special symbols representation it was copy/paste.
Maybe there is a way to somehow allow to my plaug-in to create a COM objects by CoCreateInstance(...)?
For now in proteced mode it behaves like pipe creation.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded