Apriorit - Professional consulting and software development
USB Sniffer PDF Print E-mail
Wednesday, 26 November 2008 06:37

Task

The task was to develop the software project to log the work with USB port.

This project was developed by Oleg Poluektov, Junior Software Developer (Network Security Direction).

Result

The resulted project includes such components: Driver, Library of Common Components, Console Sniffer and GUI Sniffer.

Driver

Filter driver was developed to intercept URB (USB request block) packages and save them to the corresponding place. User mode part of the sniffer obtains saved packages by means of DeviceIoControl function.

Library of Common Components includes:

  • Parser to extract information from URB packages.
  • Classes to obtain information about installed USB devices.
  • Functions to install filter to the Device Stack.

Console Sniffer is used to:

  • Browse the list of USB devices that are installed in the system.
  • Install Filter Driver to the selected device.
  • Print the log of coming URB packages to the screen or to the file.

GUI Sniffer

This version of the sniffer does the same as Console Sniffer but it is easier to use and demonstrates information better.

Project Results

Although all requirements to the project were implemented we had some more tasks in our plan – we just didn’t have enough time to implement all of them.

What we planned but did not implement:

  • Change the Driver installation scheme. It makes sense to install Filter Driver not to a single device but to the class of devices. It would help to avoid problems with devices restart (when driver is installed to a single device we have to restart it and it is not always possible). Also such installation would implement the logging of the several devices simultaneously.
  • Optimize the performance and memory usage in GUI Sniffer.
  • Interpret the data from URB transfer buffer – for example to show cursor coordinates offset and the codes of clicked buttons for the HID devices.

Tools & Technologies

Development environment: Visual Studio 2005 + WinDDK;
Debugger: WinDbg for kernel mode, VS2005 inbuilt debugger for user mode. Libraries: STL, boost, cppunit.

GUI sniffer is written in C# with WinForms. The interaction of managed code with the native libraries is implemented with С++/CLI

Unit Testing and Pare Programming were used.

Download USB Sniffer Documentation.

Download USB Sniffer Sources.