Serial Port Monitor

Hello,

I need a solution to sniff the serial port stream. Does anyone know how to
create one? I do not want to develop a kernel mode driver.

Is it possible do it from user mode? It should run on Windows XP.


-George

I believe this requires hooks on NtReadFile/NtWriteFile. Not a best solution.

Attach filters to device objects created by \Driver\serial . Implement IRP_MJ_READ and IRP_MJ_WRITE to collect data, IRP_MJ_PNP to process device object removal, pass through other requests. Basically this is something like 200 lines of code for WDM or KMDF driver for filtering functionality plus a communication with an application to offload collected data.

Sysinternals has a serial port monitor you can use. It uses as a driver. If you can be in process, you could hook the file io and serial specific API imports to your own functions and monitor as a pass through observer.

What bigger problem are you trying to solve?

Get Outlook for Androidhttps:

________________________________
From: xxxxx@lists.osr.com on behalf of George Luiz Bittencourt
Sent: Wednesday, October 19, 2016 4:30:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Serial Port Monitor

Hello,

I need a solution to sniff the serial port stream. Does anyone know how to create one? I do not want to develop a kernel mode driver.

Is it possible do it from user mode? It should run on Windows XP.


-George
— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at</https:>