Looking for a solution to enable our WDM driver to communicate with a device using its bus address

Hello,

We have a WDM driver that manages a Microchip hub controller. Behind the hub, we can connect 2 devices. We can detect when a device is connected or removed by creating a control transfer URB (URB_FUNCTION_CONTROL_TRANSFER) and sending the URB to our device object using IoBuildDeviceIoControlRequest followed by IoCallDriver.

When a device connects to the hub, we need to communicate with the device and configure it in a specific way before allowing it to be visible in the system. We need to read the VID/PID, send/receive bulk transfers to/from the device and so on. So we need to send control transfers directly from the hub driver to the device. When the device connects, it initially has address 0 before the main USB controller configures it, so we thought there might be a way to locate the device at address 0 and communicate directly with it. Or after the device has been assigned an address, we could attempt to locate the device by that address. But so far, we’ve had no luck locating the right functions that would allow us to do that.

Would anyone have a clue on how can the WDM driver of the hub communicate directly with the device(s) attached to its ports? Something like sending a control transfer to the device at address 0 or at a specific USB address, or forwarding any requesting coming to the hub towards the device that is beneath it?

We could also rewrite the whole thing using KMDF if the solution can only be done with KMDF. However going through the documentation and samples we have not seen that there is a way of doing this.

Many thanks for any feedback on this.

I don’t have an answer, as I suspect what you are trying to do is basically not how the usb stack works, but I can say that there is nothing KMDF is going to do for you here that you cannot do in WDM. That said, of course you should scrap WDM and use KMDF. But it won’t solve your problem.

You are misunderstanding the USB spec. When a device has address 0, that’s called the “unconfigured” state. In that state, the only requests it will accept are requests to assign an address. What you need to do is write a filter driver, either upper to the hub or lower to the function driver, and do your manipulations during startup. That’s the earliest point you can interfere. There is no acceptable way for you to communicate with a USB device before it has been enumerated.

2 Likes