GcpPlugin

GcpPlugin.dll is a GCIS event mediation and policy-enforcement plugin that sits between detection domains and session-control domains. It processes security-relevant notifications (app launch, cloud-sync, on-seat patching) and posts downstream actions/events.

File Info

Property	Value
File	`GcpPlugin.dll`
Size	14,361,120 bytes
Architecture	x64 (AMD64)
Build PDB Path	`C:\builds\gfn\security\gcis\out\x86_64-windows-release\GcpPlugin\GcpPlugin.pdb`
Export	`NvPluginGetInfo`

What This Plugin Appears To Do

Consume GCISCommunicationMessage.Notification.* payloads.
Normalize/validate notification fields.
Trigger post-actions for game start, LKM notifications, and on-seat patching.
Bridge enforcement and telemetry decisions into shared error/result paths.

This plugin is less documented than Elm/Gci/Lkm in symbols, so parts below are inferred from observed message/error strings.

Observed Message Domains

App Launch Notifications

GCISCommunicationMessage.Notification.AppLaunchCommand
Fields observed in symbol/string forms:
- command
- cms_id
- app_id
- DetectionTime

Platform Cloud Sync Notifications

GCISCommunicationMessage.Notification.PlatformCloudSync
Fields observed:
- file_path
- app_id

On-seat Patching Signals

isOnSeatPatchingEnabled
GSEC_GCI_Error_FailedToPostOnSeatPatchingMessage
GSEC_GCI_Error_OnSeatPatchingDisabledError

Runtime Flow (Inferred)

1) Init

Loads shared config and joins MessageBus.
Registers notification handlers for AppLaunchCommand and PlatformCloudSync.
Initializes message processing counters (MessageProcessingStats).

2) Validation + Normalization

Ensures required notification fields are present.
Applies policy checks against launch/cloud-sync events.
Emits warning/error when mandatory fields are missing.

Relevant warnings:

GSEC_GCI_Warning_AppLaunchCommandRequiredFieldsMissing
GSEC_GCI_Warning_PlatformCloudSyncItemRequiredFieldsMissing

3) Forwarding + Enforcement Hooks

Posts game-start and LKM-linked follow-up notifications.
Posts on-seat patching notifications when enabled.
On failures, records explicit Post*Failed errors.

Relevant errors:

GSEC_GCI_Error_PostGameStartedMessageFailed
GSEC_GCI_Error_PostLkmNotificationFailed
GSEC_GCI_Error_FailedToPostOnSeatPatchingMessage
GSEC_GCI_Error_ReportForcedSessionTerminationFailed

Error Families Seen in Gcp Surface

GSEC_GCI_Error_*
GSEC_GCI_Warning_*
Shared GSEC_Common_* and UnifiedErrorCode paths

Representative issues:

Malicious launch command handling (GSEC_GCI_Error_MaliciousAppLaunchCommand)
Cloud-sync policy mismatch (GSEC_GCI_Error_PlatformCloudSyncedBinaryError)
On-seat patching state/enablement mismatch

Telemetry and Metrics

MessageProcessingStats appears to track message throughput/failure by domain.
Uses shared GCIS telemetry plumbing (GsecTasTelemetry, GciUnifiedErrorCodes.proto).

Operational Guidance

If launch notifications are ignored, verify required AppLaunchCommand fields are present.
If cloud-sync violations look noisy, validate file-path normalization and app mapping.
If patching does not propagate, check isOnSeatPatchingEnabled and post failures.
Treat repeated PostGameStartedMessageFailed as a bus/routing health issue, not just a game runtime issue.

GcpPlugin ​

File Info ​

What This Plugin Appears To Do ​

Observed Message Domains ​

App Launch Notifications ​

Platform Cloud Sync Notifications ​

On-seat Patching Signals ​

Runtime Flow (Inferred) ​

1) Init ​

2) Validation + Normalization ​

3) Forwarding + Enforcement Hooks ​

Error Families Seen in Gcp Surface ​

Telemetry and Metrics ​

Operational Guidance ​