Hello,
I need a solution to sniff the serial port stream. Does anyone know how to
create one? I do not want to develop a kernel mode driver.
Is it possible do it from user mode? It should run on Windows XP.
–
-George
Hello,
I need a solution to sniff the serial port stream. Does anyone know how to
create one? I do not want to develop a kernel mode driver.
Is it possible do it from user mode? It should run on Windows XP.
–
-George
I believe this requires hooks on NtReadFile/NtWriteFile. Not a best solution.
Attach filters to device objects created by \Driver\serial . Implement IRP_MJ_READ and IRP_MJ_WRITE to collect data, IRP_MJ_PNP to process device object removal, pass through other requests. Basically this is something like 200 lines of code for WDM or KMDF driver for filtering functionality plus a communication with an application to offload collected data.
Sysinternals has a serial port monitor you can use. It uses as a driver. If you can be in process, you could hook the file io and serial specific API imports to your own functions and monitor as a pass through observer.
What bigger problem are you trying to solve?
Get Outlook for Androidhttps:
________________________________
From: xxxxx@lists.osr.com on behalf of George Luiz Bittencourt
Sent: Wednesday, October 19, 2016 4:30:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Serial Port Monitor
Hello,
I need a solution to sniff the serial port stream. Does anyone know how to create one? I do not want to develop a kernel mode driver.
Is it possible do it from user mode? It should run on Windows XP.
–
-George
— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at</https:>