[Lazarus] Decoding USB sniff data

Adem listmember at letterboxes.org
Thu Jun 3 23:58:50 CEST 2010 

On 2010-06-03 23:54, Marc Santhoff wrote:
> May I ask how you did that? I'm searching a usable but not very costly
> USB monitoring thingy for Windows(XP).
>    
I used USBTrace [ http://sysnucleus.com/ ]. It's not at all cheap [195 USD].
>> What do you use for this sort of thing?
>>      
> For a small controller built using an ATmega64 and the abandoned Philips
> PDIUSBD11 I did it on low level. The operating system gives me a raw
> device, /dev/ugen0 on FreeBSD, and I have translated a small subset of
> the USB headers. These are used to talk to the device sending user
> requests implemented by the maker of the small controller board.
>
> I can show some code snippets if you like.
>    
I am using Windows (will later port to *nix or --if I can-- to OSX when 
I release it as freeware)

USBTrace exports in XML format with content such as below [this a short 
<g> sample of 200,000 lines I got for one session alone]

I apologize for dumping on you this, but I thought you might like to see 
what the USBTrace output looks like too.

<Request Number = "5088" Dir = "[OUT]">
<LogType>URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER</LogType>
<Param>
<Name>Length</Name>
<Value>0x48</Value>
</Param>
<Param>
<Name>USBD Status</Name>
<Value>USBD_STATUS_SUCCESS (0x0)</Value>
</Param>
<Param>
<Name>EndpointAddress</Name>
<Value>0x81</Value>
</Param>
<Param>
<Name>PipeHandle</Name>
<Value>0x86363A94</Value>
</Param>
<Param>
<Name>TransferFlags</Name>
<Value>0x3 ( USBD_TRANSFER_DIRECTION_IN USBD_SHORT_TRANSFER_OK )</Value>
</Param>
<Param>
<Name>TransferBufferLength</Name>
<Value>0x40</Value>
</Param>
<Param>
<Name>TransferBuffer</Name>
<Value>0x86ED6AD8</Value>
</Param>
<Param>
<Name>TransferBufferMDL</Name>
<Value>0x0</Value>
</Param>
<Param>
<Name>UrbLink</Name>
<Value>0x0</Value>
</Param>
</Request>
<Request Number = "5089" Dir = "[IN]">
<LogType>URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER</LogType>
<Param>
<Name>Length</Name>
<Value>0x48</Value>
</Param>
<Param>
<Name>USBD Status</Name>
<Value>USBD_STATUS_PENDING (0x40000000)</Value>
</Param>
<Param>
<Name>EndpointAddress</Name>
<Value>0x81</Value>
</Param>
<Param>
<Name>PipeHandle</Name>
<Value>0x86363A94</Value>
</Param>
<Param>
<Name>TransferFlags</Name>
<Value>0x3 ( USBD_TRANSFER_DIRECTION_IN USBD_SHORT_TRANSFER_OK )</Value>
</Param>
<Param>
<Name>TransferBufferLength</Name>
<Value>0x0</Value>
</Param>
<Param>
<Name>TransferBuffer</Name>
<Value>0x86ED6AD8</Value>
</Param>
<Param>
<Name>TransferBufferMDL</Name>
<Value>0x858FD770</Value>
</Param>
<Param>
<Name>UrbLink</Name>
<Value>0x0</Value>
</Param>
</Request>

I believe all those capitalized labels are constants.
What the others are I have no idea yet.
> I have a similar problem with another type of hardware, but the USB
> analyzers (hardware) or sniffing software are very comfortable, they do
> on the fly protocol decoding and the like, but those have their price.
> And this price is amazing. ;)
>    
In my case, health considerations took precedence, I'm afraid.

-- 
Cheers,

Adem

More information about the Lazarus mailing list