USB 3.0 sniffing
2,534 views
Skip to first unread message
Tomasz Moń
May 15, 2013, 7:01:39 AM5/15/13
to usb...@googlegroups.com
Hello,
Currently USBPcap doesn't work with USB 3.0 root hubs. When attaching
to root hubs, USBPcap checks if device has USB\ROOT_HUB or
USB\ROOT_HUB20 hardware ID. Many of the USB 3.0 hubs use custom
hardware IDs.
As there doesn't seem to be reliable way to determine if device of USB
class GUID {36FC9E60-C465-11CF-8056-444553540000} is Root Hub, USBPcap
needs some workaround.
I have tried attaching as filter to host controllers - the problem is
that GUID_DEVINTERFACE_USB_HOST_CONTROLLER is not registered at the
time AddDevice gets called.
I think we could work around that issue by making an small application
to scan the system Root Hubs and store the non-standard Hardware IDs
into USBPcap registry entry. The application would just enumerate all
host controllers and check the Hardware IDs for all Root Hubs. After
restart, USBPcap would pick the entry from registry and will attach as
a filter to Root Hub with non-standard Hardware ID.
Doing so would require quite some testing. This thread is supposed to
gather interested testers. Also, if you have better idea how to
overcome the issue feel free to describe it.
If you are interested in testing, please reply including following information:
* Windows version
* USB 3.0 host controller type
* Hardware ID for USB 3.0 Root Hub as seen in Device Manager
Regards,
Tomasz
Currently USBPcap doesn't work with USB 3.0 root hubs. When attaching
to root hubs, USBPcap checks if device has USB\ROOT_HUB or
USB\ROOT_HUB20 hardware ID. Many of the USB 3.0 hubs use custom
hardware IDs.
As there doesn't seem to be reliable way to determine if device of USB
class GUID {36FC9E60-C465-11CF-8056-444553540000} is Root Hub, USBPcap
needs some workaround.
I have tried attaching as filter to host controllers - the problem is
that GUID_DEVINTERFACE_USB_HOST_CONTROLLER is not registered at the
time AddDevice gets called.
I think we could work around that issue by making an small application
to scan the system Root Hubs and store the non-standard Hardware IDs
into USBPcap registry entry. The application would just enumerate all
host controllers and check the Hardware IDs for all Root Hubs. After
restart, USBPcap would pick the entry from registry and will attach as
a filter to Root Hub with non-standard Hardware ID.
Doing so would require quite some testing. This thread is supposed to
gather interested testers. Also, if you have better idea how to
overcome the issue feel free to describe it.
If you are interested in testing, please reply including following information:
* Windows version
* USB 3.0 host controller type
* Hardware ID for USB 3.0 Root Hub as seen in Device Manager
Regards,
Tomasz
Dmitry Pereverzev
May 17, 2013, 2:05:53 AM5/17/13
to usb...@googlegroups.com
Hello!
I tried to install USBPcap on my Lenovo G580 (with all USB3.0 hubs afaik) with Windows 7 Home Basic 32bit, and it literally killed my OS. Windows fall into blue screen at startup, saying there are problems with usbpcap system driver. In order to restore my OS I had to delete this sys file from system32/drivers, but I can't use USB devices after this. I can provide any additional information when I'll have access to my notebook again (in few hours). Thank you for your software, anyway :)
среда, 15 мая 2013 г., 11:01:39 UTC пользователь Tomasz Moń написал:
Tomasz Moń
May 17, 2013, 3:01:44 AM5/17/13
to usb...@googlegroups.com
On Fri, May 17, 2013 at 8:05 AM, Dmitry Pereverzev
<dmitry.s...@gmail.com> wrote:
> I tried to install USBPcap on my Lenovo G580 (with all USB3.0 hubs afaik)
> with Windows 7 Home Basic 32bit, and it literally killed my OS. Windows fall
> into blue screen at startup, saying there are problems with usbpcap system
> driver. In order to restore my OS I had to delete this sys file from
> system32/drivers, but I can't use USB devices after this. I can provide any
> additional information when I'll have access to my notebook again (in few
> hours). Thank you for your software, anyway :)
Did you send the report to Microsoft? I have signed the Windows Error
<dmitry.s...@gmail.com> wrote:
> I tried to install USBPcap on my Lenovo G580 (with all USB3.0 hubs afaik)
> with Windows 7 Home Basic 32bit, and it literally killed my OS. Windows fall
> into blue screen at startup, saying there are problems with usbpcap system
> driver. In order to restore my OS I had to delete this sys file from
> system32/drivers, but I can't use USB devices after this. I can provide any
> additional information when I'll have access to my notebook again (in few
> hours). Thank you for your software, anyway :)
Reporting and this problem should appear in my dashboard (assuming you
have used the 1.0.0.3 release).
If you want to make the error information available to me earlier (WER
seems to take some time to update) please send me the minidump file
from C:\Windows\Minidump.
To make yout USB devices operable again after manually removing
USBPcap.sys remove the USBPcap entry from following registry key:
HKLM\System\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\UpperFilters
USBPcap uninstaller should it though.
Zach C.
Jun 4, 2013, 1:27:20 AM6/4/13
to usb...@googlegroups.com
I have USBPcap on a Razer Blade R2, which has a USB 3.0 host but no devices (keyboard, mouse, trackpad graphics, etc. are all 2.0)
Device class GUID for Intel(R) USB 3.0 eXtensible Host Controller - 0100 (Microsoft) is: {36fc9e60-c465-11cf-8056-444553540000}
Device class GUID for USB Root Hub (xHCI) is the same.
Running Windows 8 64-bit.
Device class GUID for Intel(R) USB 3.0 eXtensible Host Controller - 0100 (Microsoft) is: {36fc9e60-c465-11cf-8056-444553540000}
Device class GUID for USB Root Hub (xHCI) is the same.
Running Windows 8 64-bit.
Zach C.
Jun 4, 2013, 1:29:12 AM6/4/13
to usb...@googlegroups.com
Actual hardware IDs: PCI\VEN_8086&DEV_1E31&SUBSYS_67451458&REV_04 (for the Intel) and USB\ROOT_HUB30&VID8086&PID1E31&REV0004 for the generic.
Tomasz Moń
Jul 9, 2013, 7:03:12 AM7/9/13
to usb...@googlegroups.com
On Wed, May 15, 2013 at 1:01 PM, Tomasz Moń <des...@gmail.com> wrote:
> I think we could work around that issue by making an small application
> to scan the system Root Hubs and store the non-standard Hardware IDs
> into USBPcap registry entry. The application would just enumerate all
> host controllers and check the Hardware IDs for all Root Hubs. After
> restart, USBPcap would pick the entry from registry and will attach as
> a filter to Root Hub with non-standard Hardware ID.
I have implemented this idea. It is committed in USBPcap git
> I think we could work around that issue by making an small application
> to scan the system Root Hubs and store the non-standard Hardware IDs
> into USBPcap registry entry. The application would just enumerate all
> host controllers and check the Hardware IDs for all Root Hubs. After
> restart, USBPcap would pick the entry from registry and will attach as
> a filter to Root Hub with non-standard Hardware ID.
repository and will be included in next USBPcap release.
Running "USBPcapCMD.exe -I" starts scan of all host controllers
present in system. All non-standard Hardware IDs are stored in
REG_MULTI_SZ registry entry named NonStandardHWIDs in
HKLM\System\CurrentControlSet\services\USBPcap registry key.
Jason Bailey
Jul 9, 2013, 4:00:43 PM7/9/13
to usb...@googlegroups.com
Greetings Tomasz,
I have an inventory of several USB 3.0 controllers, devices, and different Operating Systems. Are you still in need of testing assistance?
Cheers,
Jason Bailey
Tomasz Moń
Jul 10, 2013, 3:11:10 AM7/10/13
to usb...@googlegroups.com
On Tue, Jul 9, 2013 at 10:00 PM, Jason Bailey <bal...@gmail.com> wrote:
> I have an inventory of several USB 3.0 controllers, devices, and different
> Operating Systems. Are you still in need of testing assistance?
Sure. USBPcap was just tested with USB 2.0 devices connected to Intel
> I have an inventory of several USB 3.0 controllers, devices, and different
> Operating Systems. Are you still in need of testing assistance?
USB 3.0 host controller. The number one question is: can you actually
capture USB 3.0 device traffic and get meaningful capture file?
It would be great if you also had access to USB 3.0 hardware sniffer
so we could check USBPcap USB 3.0 capture limitations. But even
without that testing would still be useful.
Parihar Naresh Singh
Jul 10, 2013, 9:00:08 AM7/10/13
to usb...@googlegroups.com
Hello
I would like to know why this failure occurs :X64_0xD1_USBPcap+250a
Tomasz Moń
Jul 10, 2013, 9:12:43 AM7/10/13
to usb...@googlegroups.com
On Wed, Jul 10, 2013 at 3:00 PM, Parihar Naresh Singh
<mrattit...@gmail.com> wrote:
> I would like to know why this failure occurs :X64_0xD1_USBPcap+250a
You have this failure with USBPcap 1.0.0.4, right?
<mrattit...@gmail.com> wrote:
> I would like to know why this failure occurs :X64_0xD1_USBPcap+250a
In 1.0.0.4 it happens beucase some drivers/devices send
_URB_SELECT_CONFIGURATION/_URB_SELECT_INTERFACE with specific
USBD_INTERFACE_INFORMATION.
The parser for USBD_INTERFACE_INFORMATION was fixed in:
https://github.com/desowin/usbpcap/commit/2cce668bbade616d4c81a4f01b64daccd146610d
If this happened with 1.0.0.5, please provide me with the minidump. If
you send the report to Microsoft it unfortunately takes quite some
time to appear in my dashboard.
Parihar Naresh Singh
Jul 10, 2013, 9:39:58 AM7/10/13
to usb...@googlegroups.com
Thank You!
Hope fix for issue is http://desowin.org/usbpcap/thankyou.html?file=USBPcapSetup-1.0.0.5.exe
Nikolaos Tsarmpopoulos
Jun 18, 2015, 6:56:46 PM6/18/15
to usb...@googlegroups.com
Hi, I could help test on Windows 8.1 Pro 64 bit, an X99 chipset integrated controller, and a Via controller (on PCIe card):
PCI\VEN_8086&DEV_8D26&SUBSYS_8D261849&REV_05
PCI\VEN_8086&DEV_8D26&SUBSYS_8D261849
PCI\VEN_8086&DEV_8D26&CC_0C0320
PCI\VEN_8086&DEV_8D26&CC_0C03
===
PCI\VEN_8086&DEV_8D31&SUBSYS_8D311849&REV_05
PCI\VEN_8086&DEV_8D31&SUBSYS_8D311849
PCI\VEN_8086&DEV_8D31&CC_0C0330
PCI\VEN_8086&DEV_8D31&CC_0C03
===
VIA USB3 Hub:
USB\VIA_ROOT_HUB&VID1106&PID3483&REV0001
USB\VIA_ROOT_HUB&VID1106&PID3483
USB\VIA_ROOT_HUB
Reply all
Reply to author
Forward
0 new messages