I want to create usb moniter or filter driver which will track all information going or coming to USB. I had some queries regarding this. Can anybody help me out in this…
-
Microsoft provides device specific drivers like usbstor.sys for mass storage device and also bus drivers like usbd.sys and usbhub.sys. Now I want to track any information going to usb device or coming from usb device. For that I am trying to build filter driver which will give me all details of URB’s, IRP etc. Now this filter driver will be in between vendor’s device specific driver and usb bus driver since vendor device specific driver create URB’s or IRP. Is it right.
-
Can I track information before it goes to vendor device specific driver, and if yes then can provide me some information. For this is it necessary to know interfaces provided by vendor driver.
-
Can I create generic filter driver just above vendor driver. This filter driver should not depends on vendors supplied driver but should be capable of extrating information going to driver.
-
Is there any sample for building this this type of driver or monitor above or below vendor supplied device specific driver.
Thanks in advance
Chandrakant
xxxxx@yahoo.co.in wrote:
I want to create usb moniter or filter driver which will track all information going or coming to USB. I had some queries regarding this. Can anybody help me out in this…
There are quite a number of products available that do this. I believe
some are even open source. I’m using the HHD USB Monitor, which cost
about $60 but does exactly what I needed.
- Microsoft provides device specific drivers like usbstor.sys for mass storage device and also bus drivers like usbd.sys and usbhub.sys. Now I want to track any information going to usb device or coming from usb device. For that I am trying to build filter driver which will give me all details of URB’s, IRP etc. Now this filter driver will be in between vendor’s device specific driver and usb bus driver since vendor device specific driver create URB’s or IRP. Is it right.
What you want here is an upper filter to the host controller driver,
usbehci.sys. That will get all URBs. (Well, it will get all USB 2.0 URBs.)
- Can I track information before it goes to vendor device specific driver, and if yes then can provide me some information. For this is it necessary to know interfaces provided by vendor driver.
I’m not sure what you’re asking. If you want to monitor USB traffic,
then you don’t care what the vendor drivers are doing. You just capture
the URBs. URBs are all the same, no matter whether it is a storage
device, a HID device, a camera device, or whatever. You are working
underneath the vendor driver.
- Can I create generic filter driver just above vendor driver. This filter driver should not depends on vendors supplied driver but should be capable of extrating information going to driver.
No, you can’t do this in a generic way. If you need to match up storage
requests to specific URBs, then you need to have a storage-specific
filter. But if all you want is USB traffic, then you don’t care that it
is a storage driver.
- Is there any sample for building this this type of driver or monitor above or below vendor supplied device specific driver.
Well, there are certainly sample filter drivers in the DDK. Beyond
that, it’s just figuring out what USB information you need.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.