I would like to write a USB filter driver, so I wrote a USB class filter driver hanging in the {36fc9e60-c465-11cf-8056-444553540000} below, but I found that the filter driver can not intercept the information to the USB wifi device to ask you How can you intercept all USB interface devices. thank you all!
If you really want to filter all usb devices (but why?) you need to write
yourself a usb bus filter driver that filters usb PDO device objects .
Mark Roddy
On Sun, Sep 17, 2017 at 9:22 PM, xxxxx@gmail.com
wrote:
>
> I would like to write a USB filter driver, so I wrote a USB class filter
> driver hanging in the {36fc9e60-c465-11cf-8056-444553540000} below, but I
> found that the filter driver can not intercept the information to the USB
> wifi device to ask you How can you intercept all USB interface devices.
> thank you all!
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
></http:></http:>
Wifi adapters belong to the Net class but USBHUB belongs to the USB class so your filter should be attached on the USBHUB’s device stack which is, I think but I may be wrong, on the lower side of the Wifi adapter’s stack.
Open the Wifi adapter’s property page in Device Manager, select the ‘Details’ tab and then select the ‘Device Stack’ property and look if your filter driver is present in the list. Typically, you should have:
\Driver\WIFIAdapterFunctionDriver
\Driver\USBUpperFilter
\Driver\USBHUB
\Driver\USBLowerFilter
xxxxx@gmail.com wrote:
I would like to write a USB filter driver, so I wrote a USB class filter driver hanging in the {36fc9e60-c465-11cf-8056-444553540000} below,
That’s the class for USB Host Controllers and hubs. It has been widely
misused to hold generic USB devices, but that’s not where they are
supposed to go.  In any case, USB wifi devices are certainly not going
to appear there.
but I found that the filter driver can not intercept the information to the USB wifi device…
Well, the USB wifi traffic WILL appear there, although probably not inÂ
format you recognize. You’ll see URBs being exchanged between the host
controller driver and the hub drivers. The layer you need to filter
depends on what information you need to acquire, and what you intend to
do. Without that data, we can’t really help you very much.
to ask you How can you intercept all USB interface devices.
What would be the point? You don’t know the protocol for every USB
device. It would simply be random gobbledygook.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Thank you for the reply, I first do the same purpose is to get in the drive to insert all the USB devices and pull out. At the same time can intercept all the USB packets.
Lots of people are going to jump all over this and proclaim that you should
do something else, but there are some use cases where this is reasonable,
for example you are redirecting usb devices to a vdi session or a client
vm. That’s the good news. The bad news is that you have a design and
implementation challenge in front of you that will likely consume many
months to a functional prototype.
Mark Roddy
On Wed, Sep 20, 2017 at 8:55 AM, xxxxx@gmail.com
wrote:
>
> Thank you for the reply, I first do the same purpose is to get in the
> drive to insert all the USB devices and pull out. At the same time can
> intercept all the USB packets.
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
></http:></http:>
xxxxx@gmail.com wrote:
Thank you for the reply, I first do the same purpose is to get in the drive to insert all the USB devices and pull out. At the same time can intercept all the USB packets.
It’s easy enough to get notifications of device insertion and removal
using RegisterDeviceNotification. You can go enumerate the USB devices
to find how the tree changed.
What do you think you are going to do with “all USB packets”? You don’t
know the protocols for all those devices. The buffers will be nothing
but random collections of bytes.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Thanks to everyone’s reply, I tried LowFilter and UperFilter, but at that time when the virtual machine was tested, I found that when I inserted the usb wifi device, my addDevice would not be executed, but the device would work properly and I would not understand that why?
xxxxx@gmail.com wrote:
Thanks to everyone’s reply, I tried LowFilter and UperFilter, but at that time when the virtual machine was tested, I found that when I inserted the usb wifi device, my addDevice would not be executed, but the device would work properly and I would not understand that why?
LowerFilter and UpperFilter to what?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
to {36fc9e60-c465-11cf-8056-444553540000} USB class!
You need to filter the PDOs enumerated by usb hubs in order to “filter all
usb devices”.
Mark Roddy
On Thu, Sep 21, 2017 at 8:40 PM, xxxxx@gmail.com
wrote:
> to {36fc9e60-c465-11cf-8056-444553540000} USB class!
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
></http:></http:>
>> to ask you How can you intercept all USB interface devices.
What would be the point?? You don’t know the protocol for every USB device.
Well, the very first idea that gets into my head is that the OP may try to implement some yet another version of “USB over IP” project and redirect all USB traffic to a remote machine. In such case he may, probably, have to filter UHCI/EHCI controller, rather than USB hub, but this is already a different story - the point is that there may, indeed, be a 100% reasonable and legitimate reason (no pun intended) to capture all USB traffic without knowing the specifics of every device/class. BTW, I think we had already discussed something like that no that long (I would say around 3-4 months) ago…
Anton Bassov