windows WinUSB 应用程序或用户模式驱动程序作为 USB 分析/嗅探器/趋势的过滤器驱动程序
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1354421/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
WinUSB application or user-mode driver as a filter driver for USB analysis/sniffer/trending
提问by Bob
A question to maybe some who have worked extensively with WinUSB APIs or user mode USB drivers - can the WinUSB API or a user mode driver be used as a passive observer of USB connections, capturing notification of interrupts, control requests, data transfers, etc. without interfering with other applications (such as iTunes) which would obviously require concurrent access to the device at the same time my application is monitoring the connection and displaying data on it?
一个问题可能是一些广泛使用 WinUSB API 或用户模式 USB 驱动程序的人 - WinUSB API 或用户模式驱动程序是否可以用作 USB 连接的被动观察者,捕获中断通知、控制请求、数据传输等。在不干扰其他应用程序(例如 iTunes)的情况下,这显然需要同时访问设备,同时我的应用程序正在监视连接并在其上显示数据?
Or do you pretty much have to write a kernel-mode filter driver and inject yourself in the USB stack in order to make that happen?
或者您几乎必须编写内核模式过滤器驱动程序并将自己注入 USB 堆栈才能实现这一点?
In the past, there have been a few credible options (libusb-win32 and usbsnoop to be specific) though both are built around the old DDK, not the Windows Driver Foundation, and are not really supported on a regular basis any more. I'm hesitant to build something significant around them, as a result.
过去,有一些可靠的选项(具体来说是 libusb-win32 和 usbsnoop),尽管它们都是围绕旧的 DDK 构建的,而不是 Windows Driver Foundation,并且不再得到真正的定期支持。因此,我很犹豫要不要在他们周围建立一些重要的东西。
采纳答案by Ilya
You must write a filter driver. There is no other way to intercept traffic generated by other devices. And you can use newer versions of the DDK, that is, KMDF for this task. It will make your life easier. But I think it will be cheaper and more effective just to get a hardware bus analyzer.
您必须编写过滤器驱动程序。没有其他方法可以拦截其他设备产生的流量。并且您可以使用较新版本的 DDK,即 KMDF 来完成此任务。它会让你的生活更轻松。但我认为仅获得硬件总线分析仪会更便宜、更有效。
There is a good overview by OSR. You must signed in to read this, but I strongly advice to sign in anyway if you are going to do any kernel mode development.
回答by djp
The core USB drivers in Windows 7 have ETW trace points, so you can sniff traffic that way (blog post ETW in the Windows 7 USB core stack), but it is a bit kludgy and has some limitations like only tracing the first 32 bytes of each packet.
Windows 7 中的核心 USB 驱动程序具有 ETW 跟踪点,因此您可以通过这种方式嗅探流量(博客文章Windows 7 USB 核心堆栈中的 ETW),但它有点笨拙并且有一些限制,例如仅跟踪前 32 个字节每个数据包。
I have made a USB filter driver (KMDF) that is pretty easy to use (IMHO): http://code.google.com/p/busdog/
我制作了一个非常易于使用的 USB 过滤器驱动程序(KMDF)(恕我直言):http: //code.google.com/p/busdog/
回答by deype0
USB Sniffer allows you to display, record and analyze all the data transferred between any USB device connected to your PC and applications. Also you can recover transferred data (for some file types).
USB Sniffer 允许您显示、记录和分析连接到 PC 的任何 USB 设备和应用程序之间传输的所有数据。您也可以恢复传输的数据(对于某些文件类型)。
The resulted project includes such components: Driver, Common library, GUI. http://tellmeword.com/5zu2z5
生成的项目包括以下组件:驱动程序、通用库、GUI。 http://tellmeword.com/5zu2z5
