[Minifilter] Uniquely identify usb

Hello everyone, hope you are having a nice day.

This is an issue I need help with, I need to uniquely identify the usbs which get plugged in to the system.

What I have tried:
I send IOCTL_STORAGE_QUERY_PROPERTY down to the device which returns me a STORAGE_ADAPTER_DESCRIPTOR structure from which I can get vendorId(ASCII), productID(ASCII) but the serial number is not of the physical device as seen from the thread here : http://www.osronline.com/cf.cfm?PageURL=showlists.cfm?list=NTFSD

Since it would be easier to get the serial number from a user level application, I created a communication port from which I send the vendorId, productID to the user level service.

In the user level service I get the output of
wmic diskdrive get pnpdeviceid

which gives me an output like so,

USBSTOR\DISK&VEN_&PROD_&REV_1.10<serialnumber>&0

Here I match the vendorID and the productID to get the serial number, but the issue is that if two USBs have the same vendor & productID I would not be able to distinguish between them.

I also wanted the true vendorID and productID ie aplhanumeric, so in the serivice after I get the serialnumber of the said device I use SetupApi to get the devicepath, which gives me an output like so.
\?\usb#vid_&pid_#&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}

I compare the serial number and send back the VID,PID(alphanumeric) and serial number to the driver.

Again the major problem here is that I filter based on the vendorID and productID which can be common across devices.

Is there any other parameter that can be obtained through the minifilter and the user level which would uniquely identify USB.

I thought of using VolumeGUID but then at the userlevel how would I map the volumeGuid to a VID/PID/SerialNumber.

How unique are you expecting this unique identifier to be? USB devices are supposed to have unique serial numbers, but they can be missing or not actually unique.

What are you trying to achieve?

-scott
OSR
@OSRDrivers

> What are you trying to achieve?

The user should be able to set permissions from user level, I would have a file which would specify if the device would be blocked.
The user would basically add the VID + PID + Serial number and the minifilter would block read write calls to said devices.

How unique are you expecting this unique identifier to be?

Any value which can be retrieved from both user level and my driver which I could compare and map to VID/PID/Serial Number in user level.

USB devices are supposed to have unique serial numbers

The thing is I cant get the serial number from my minifilter
https://www.osronline.com/showthread.cfm?link=285807

so I delegated the functionality to user level service, but getting a unique serial number is a problem.
I can retrieve vendorId and productID from my driver which I pass to the service which gives me a serial number but the vendor ID and product ID could be same across multiple devices

Thanks.

Not all USB devices have a unique ID. If a device doesn’t have a unique ID it is being generated by the system, such IDs contain & , e.g. 1234&45ABC .

Some devices report the same unique ID.

Thank you Mr Slava,

Can I get this unique ID from usermode? I would like to map it to VID,PID,Serialnum.

You can fetch all information with SetupAPI ( https://msdn.microsoft.com/en-us/library/windows/hardware/mt813626(v=vs.85).aspx ) or by directly querying the register, for example a path for a device registry entry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\VID_046D&PID_0A14&MI_00\6&1c88b9a2&0&0000\

contains and ID 6&1c88b9a2&0&0000 which is an ID generated by the system ( it has & ) for a device that doesn’t report a unique ID.

While a path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\VID_1058&PID_0702\575845393037343633363435\

is for a device that reports a unique ID 575845393037343633363435 .

A generated ID is not unique even on the same PC. It can change if a device is replugged to another USB hub.

Ok so with SetupAPI I can get the Uniqie ID, the issue that remains is getting the same unique ID through the minfilter.

IOCTL_STORAGE_QUERY_PROPERTY with StorageDeviceProperty and PropertyStandardQuery does not seem to return the same unique ID.

Using SetupAPI you can build a PnP tree and find a USB device related to a volume. It is possible to do this in the kernel with IRP_MJ_PNP ( IRP_MN_QUERY_DEVICE_RELATIONS for BusRelations, EjectionRelations and RemovalRelations ) but this is not considered as a standard technique.

Sending a BusRelations is bad business, the PnP Manager is the only one who should ever send it. If the bus driver detects a bus change as a result of your query (e.g. device added/removed) the PnP Manager may never be notified of it.

I’m still not sure what you’re actually going to be able to DO with this “unique” ID as, as Slava mentioned, it’s not even really unique. But you’ll probably end up in a situation where you need to get the ID in user mode and then have user mode tell the driver what the ID is.

-scott
OSR
@OSRDrivers