« previous next »
Pages: [1]

Author Topic: How do I monitor the USB payload?  (Read 13431 times)

spamme0

  • Member
  • ***
  • Posts: 2
How do I monitor the USB payload?
« on: January 27, 2012, 04:05:42 am »
I'm trying to reverse engineer a program so I can use the undocumented .ocx file to address the hardware
from VB6 WinXP.  Need to see what data it sends to the endpoint thru the usb port.
All I need to see is the data passed.  No need for any of the protocol info.
Is there a freeware or demo program to do this?  Yes, the object browser partially documents the
methods, but gives no info about what data to send.

I don't have ANY source code, just executables.

I've downloaded a bunch of free or demo protocol monitors.  i can see a LOT of data going back and forth
but nothing that i can relate to the 3 bytes of data being sent.

The "howitworks" page for usblyzer says that the data is embedded in the IOCTL_INTERNAL_USB_SUBMIT_URB.
But I can't find anywhere in the user interface to trace that info??????

Is there something simple and FREE,
not to be confused with the ubiquitous free to download, pay to use,
that can let me see
the actual data being sent/received from the usb endpoint with all the supporting stuff filtered out?
Time limited demo is fine 'cause I don't need it for long.
thanks, mike
Logged

Jan Axelson

  • Administrator
  • Frequent Contributor
  • *****
  • Posts: 3033
    • Lakeview Research
Re: How do I monitor the USB payload?
« Reply #1 on: January 27, 2012, 10:31:17 am »
Software analyzers look at data at the driver level (such as IOCTL_INTERNAL_USB_SUBMIT_URB). So there is some work to decoding the data. If you know the bytes of data being sent and can do a text search for them, that would be a start.

Look in Windows Device Manager to find out what driver the device is using. That will tell you if the device is using a USB class protocol (such as HID) or a vendor-provided driver.

Viewing the descriptors can also be helpful. I don't know if any of the free analyzers show enumeration traffic. Try the trial of SourceUSB.

If you can use Linux, the free usbmon shows enumeration traffic. Use vusb-analyzer to view the data. As far as I know it doesn't decode class protocols however.

Jan
« Last Edit: January 27, 2012, 11:00:37 am by Jan Axelson »
Logged

spamme0

  • Member
  • ***
  • Posts: 2
Re: How do I monitor the USB payload?
« Reply #2 on: January 28, 2012, 06:13:20 pm »
Thanks for the  input.

>Software analyzers look at data at the driver level (such as IOCTL_INTERNAL_USB_SUBMIT_URB).

Problem is that I can't figure out how to get the analyzer to capture this.
It's missing from the list of checkboxes in usblyzer for things to capture.
Tried several other programs with similar results.
I can see a lot of data going back and forth, even when I'm not sending or receiving data.
I've searched myself silly and can't find any of the data I'm sending in the capture buffer.

This Softmark USB/GPIB interface shows up as a HID device.

>I don't know if any of the free analyzers show enumeration traffic. Try the trial of SourceUSB.

Interesting.  Isn't that the FIRST thing anybody would want to look at?

It's a windows program, so a linux tool isn't likely to be useful??

I'll take a look at SourceUSB.
Thanks, mike
Logged
Pages: [1]
« previous next »