Hello guys.
I’m trying to make a WDM filter driver for USB so as to monitor every USB device arrival/removal. This will not be limited to mass storage but any device that can be connected to the USB bus. I’m thinking of making a filter in usbport.sys. Not sure if upper or lower. Is this the right solution? I’m also considering usbhub.sys filter. If these solutions are not feasible, could anyone suggest how will I go about this?
Thanks.
chew
If your requirement is to simply monitor the arrival and departure of usb
devices you can do this from user mode. See the usbview sample application
in the WDK.
Mark Roddy
On Mon, Mar 15, 2010 at 7:23 AM, wrote:
> Hello guys.
>
> I’m trying to make a WDM filter driver for USB so as to monitor every USB
> device arrival/removal. This will not be limited to mass storage but any
> device that can be connected to the USB bus. I’m thinking of making a filter
> in usbport.sys. Not sure if upper or lower. Is this the right solution? I’m
> also considering usbhub.sys filter. If these solutions are not feasible,
> could anyone suggest how will I go about this?
> Thanks.
>
> chew
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Thnaks Mark.
Yes. That sample could do the trick but im planning to implement a policy for controlling allowed/not allowed usb devices maybe via a control utility so i need to somehow do something with the usb traffic IRP’s. There’s a nice sample filter from the toaster directory in WDK but I’m not sure where to put the filter.
You could implement a system wide usb policy using a bus filter driver for
usb adapters, but the ideal solution is a user mode management mechanism
that implement user/group based policies. I have no idea if the user mode
approach is do-able.
Mark Roddy
On Mon, Mar 15, 2010 at 12:00 PM, wrote:
> Thnaks Mark.
>
> Yes. That sample could do the trick but im planning to implement a policy
> for controlling allowed/not allowed usb devices maybe via a control utility
> so i need to somehow do something with the usb traffic IRP’s. There’s a nice
> sample filter from the toaster directory in WDK but I’m not sure where to
> put the filter.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
I’ll try to investigate the user-mode approach. I think that would be a lot easier than bus filters. Thanks.
For the bus filter thing, how to know the UUID of the bus driver to be filtered? Where will I put the LowerFilters/UpperFilters reg entries?
Thank you very much.
> For the bus filter thing, how to know the UUID of the bus driver to be filtered? Where will I put the LowerFilters/UpperFilters reg entries?
I think you can attach a class filter above {36FC9E60-C465-11CF-8056-444553540000}. (\HKLM\SYSTEM\CurrrentControlSet\Control\Class\ {36FC9E60-C465-11CF-8056-444553540000}), reg entries should be applied from INF file when you install the filter driver.
Thanks
Wayne
And then search this list for discussions on ‘bus filter driver’.
Mark Roddy
On Tue, Mar 16, 2010 at 3:50 AM, Wayne Gong wrote:
> > For the bus filter thing, how to know the UUID of the bus driver to be
> filtered? Where will I put the LowerFilters/UpperFilters reg entries?
>
> I think you can attach a class filter above
> {36FC9E60-C465-11CF-8056-444553540000}.
> (\HKLM\SYSTEM\CurrrentControlSet\Control\Class<br>> {36FC9E60-C465-11CF-8056-444553540000}), reg entries should be applied from
> INF file when you install the filter driver.
>
> Thanks
> Wayne
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Thank you very much.
Yes, I’ve been searching the list for those tags actually.
It’s really nice to know people out there are willing to help.
Chew