Geek Answers Handbook

WinUSB application or user mode driver as a filter driver for analysis / analysis / analysis of USB traffic

The question, perhaps, is the one who worked a lot with the WinUSB API or user modes of USB drivers - can the WinUSB API or user mode driver be used as a passive observer of USB connections, recording notification of interruptions, control requests, data transfer, etc. ., without interfering with other applications (for example, iTunes), which obviously require simultaneous access to the device, while my application controls the connection and displays data on it?

Or do you pretty much have to write a kernel-mode filter driver and push yourself onto the USB stack for this to happen?

In the past, there were several reliable options (libusb-win32 and usbsnoop to be specific), although both are built around the old DDK and not the Windows Driver Foundation, and are not actually supported on a regular basis. As a result, I hesitate to create something- something important around.

+4
source share
3 answers

You must write a filter driver. There is no other way to intercept traffic generated by other devices. And you can use newer versions of DDK, i.e. KMDF for this task. It will make your life easier. But I think it will be cheaper and more efficient to just get a hardware bus analyzer.

There is a good review on OSR . You must be logged in to read this, but I strongly advise you to log in anyway if you intend to develop kernel mode.

+4
source

The main USB drivers in Windows 7 have ETW trace points, so you can sniff traffic like this (an ETW blog post on the Windows 7 USB kernel stack ), but it is a bit cloned and has some limitations, such as tracking the first 32 bytes of each packet.

I made a USB filter driver (KMDF) which is pretty easy to use (IMHO): http://code.google.com/p/busdog/

+2
source

USB Sniffer allows you to display, record and analyze all data transferred between any USB device connected to your PC and applications. You can also restore transferred data (for some types of files).

The following components are included in the above project: Driver, Shared Library, GUI. http://tellmeword.com/5zu2z5

0
source

More articles:


All Articles