USB调试笔记
+ -

手动分析使用BUSHOUND抓取同步传输的URB

2021-10-29 1367 1

BUSHOUND大家太熟了,使用它来进行数据抓包那不太太方便。但在BUSHOUND的抓取配置项中,有一个叫了URB的东西,我相信大家都没有选中过,因为一般来说,对WINDOWS USB驱动开发人员来说都不一定有用,更何况大家也只是用来抓取一下几个数据的输入输出,更没有必要进行USB的分析了。
本人今天刚好有机会,使用BUSHOUND来抓取USB同步传输方式,需要解析一些参数,故抓一个包来分析一下。
当然在抓包之前,我们得首选在bushound的选项中选中URB选项,然后再抓包:
URB选项

本人使用的是windows10 x64操作系统,并且本人抓取的是同步方式的传输,所以我们对原URB的结构体进行简化,只保留同步方式和URB头的相关字段,其余字段这里省去。

URB结构体是由多个传输方式的共用体组成的一个结构体。

所以简化后的URB是这样子的:

typedef _Struct_size_bytes_(UrbHeader.Length) struct _URB {
    union {
        struct _URB_HEADER
            UrbHeader;
      ...
        struct _URB_ISOCH_TRANSFER
            UrbIsochronousTransfer;
    ...
    };

} URB, *PURB;

再次简化是这样子的:

typedef _Struct_size_bytes_(UrbHeader.Length) struct _URB {
        struct _URB_ISOCH_TRANSFER
            UrbIsochronousTransfer;
} URB, *PURB;

再简化其实就是URB_ISOCH_TRANSFER 结构体,并进行解析


struct _URB_HEADER {
    USHORT Length;   //2字节
    USHORT Function; //2字节
    USBD_STATUS Status; //实际就是LONG 4字节
    PVOID UsbdDeviceHandle; // Reserved  8字节
    ULONG UsbdFlags; // Reserved   4字节,
};

URB_HEADER结构体共24个字节,但因后面与_URB_ISOCH_TRANSFER中的PipeHandle需要字节对齐,故实际占20+4=24字节


typedef struct _USBD_ISO_PACKET_DESCRIPTOR {
    ULONG Offset;
    ULONG Length;
    USBD_STATUS Status;
} USBD_ISO_PACKET_DESCRIPTOR, *PUSBD_ISO_PACKET_DESCRIPTOR;

struct _URB_HCD_AREA {
    PVOID Reserved8[8];
};
typedef PVOID USBD_PIPE_HANDLE;
struct _URB_ISOCH_TRANSFER {
    struct _URB_HEADER Hdr; //由于下面的是一个指针,所以该结构体为了对齐占用24个字节,+0
    USBD_PIPE_HANDLE PipeHandle; //其实就是个指针  +24
    ULONG TransferFlags;                          +32
    ULONG TransferBufferLength;                      +36
    PVOID TransferBuffer;                          +40
    PMDL TransferBufferMDL;                          +48
    struct _URB *UrbLink; // Reserved  一个指针    +56
    struct _URB_HCD_AREA hca; // Reserved 其实就是8个保留指针   +64
    ULONG StartFrame;                                        + +64+8*8=128
    ULONG NumberOfPackets;                                    132
    ULONG ErrorCount;                                        136
    USBD_ISO_PACKET_DESCRIPTOR IsoPacket[1];                +140    
};

通过上面的结构体,我们可以先将bushound的MAX Record Length设为16个字节,先取URB的前2字节,看一下该URB的数据长度是多少。
MAX Record Length
通过抓包可以知道,URB的前2字节为98 06,即0x0698=1688,所以我们这里将MAX Record Length抓完整的URB包。

注意:URB虽然为USB的数据请求块,在理论上应该是URB在前,数据在后,不过由于BUSHOUND抓取的是IRP完成后的URB,所以在抓包工具中,会出现数据在前,URB在后的显示顺序问题。

我们抓到一包同步传输数据长度为8928的数据长度:

 14.1      8928  ISOC   02 81 9e 04  8d 43 15 11  f4 24 ad fb  25 ba 71 a6  e5 af ce 41  a8 0d 92 c8  88 b5 5f 0f  7d f7 0f f6
.....

URB    ISOC TRANSFER
98 06 0a 00  00 00 00 00  c8 87 f1 70  f8 4c 00 00  00 00 00 00  00 00 00 00  b0 3c d8 8f  07 b3 ff ff
05 00 00 00  e0 22 00 00  b0 f6 c1 63  07 b3 ff ff  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
65 30 8b 00  80 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 04 00 00  00 00 00 00
00 00 00 00  00 08 00 00  00 00 00 00  00 00 00 00  00 0c 00 00  00 00 00 00  00 00 00 00  00 10 00 00
00 00 00 00  00 00 00 00  00 14 00 00  00 00 00 00  00 00 00 00  00 18 00 00  00 00 00 00  00 00 00 00
00 1c 00 00  00 00 00 00  00 00 00 00  00 20 00 00  00 00 00 00  00 00 00 00  00 24 00 00  00 00 00 00
00 00 00 00  00 28 00 00  00 00 00 00  00 00 00 00  00 2c 00 00  00 00 00 00  00 00 00 00  00 30 00 00
00 00 00 00  00 00 00 00  00 34 00 00  00 00 00 00  00 00 00 00  00 38 00 00  00 00 00 00  00 00 00 00
00 3c 00 00  00 00 00 00  00 00 00 00  00 40 00 00  00 00 00 00  00 00 00 00  00 44 00 00  00 00 00 00
00 00 00 00  00 48 00 00  00 00 00 00  00 00 00 00  00 4c 00 00  00 00 00 00  00 00 00 00  00 50 00 00
00 00 00 00  00 00 00 00  00 54 00 00  00 00 00 00  00 00 00 00  00 58 00 00  00 00 00 00  00 00 00 00
00 5c 00 00  00 00 00 00  00 00 00 00  00 60 00 00  00 00 00 00  00 00 00 00  00 64 00 00  00 00 00 00
00 00 00 00  00 68 00 00  00 04 00 00  00 00 00 00  00 6c 00 00  00 04 00 00  00 00 00 00  00 70 00 00
00 04 00 00  00 00 00 00  00 74 00 00  00 04 00 00  00 00 00 00  00 78 00 00  00 04 00 00  00 00 00 00
00 7c 00 00  00 04 00 00  00 00 00 00  00 80 00 00  00 04 00 00  00 00 00 00  00 84 00 00  00 04 00 00
00 00 00 00  00 88 00 00  e0 02 00 00  00 00 00 00  00 8c 00 00  00 00 00 00  00 00 00 00  00 90 00 00
00 00 00 00  00 00 00 00  00 94 00 00  00 00 00 00  00 00 00 00  00 98 00 00  00 00 00 00  00 00 00 00
00 9c 00 00  00 00 00 00  00 00 00 00  00 a0 00 00  00 00 00 00  00 00 00 00  00 a4 00 00  00 00 00 00
00 00 00 00  00 a8 00 00  00 00 00 00  00 00 00 00  00 ac 00 00  00 00 00 00  00 00 00 00  00 b0 00 00
00 00 00 00  00 00 00 00  00 b4 00 00  00 00 00 00  00 00 00 00  00 b8 00 00  00 00 00 00  00 00 00 00
00 bc 00 00  00 00 00 00  00 00 00 00  00 c0 00 00  00 00 00 00  00 00 00 00  00 c4 00 00  00 00 00 00
00 00 00 00  00 c8 00 00  00 00 00 00  00 00 00 00  00 cc 00 00  00 00 00 00  00 00 00 00  00 d0 00 00
00 00 00 00  00 00 00 00  00 d4 00 00  00 00 00 00  00 00 00 00  00 d8 00 00  00 00 00 00  00 00 00 00
00 dc 00 00  00 00 00 00  00 00 00 00  00 e0 00 00  00 00 00 00  00 00 00 00  00 e4 00 00  00 00 00 00
00 00 00 00  00 e8 00 00  00 00 00 00  00 00 00 00  00 ec 00 00  00 00 00 00  00 00 00 00  00 f0 00 00
00 00 00 00  00 00 00 00  00 f4 00 00  00 00 00 00  00 00 00 00  00 f8 00 00  00 00 00 00  00 00 00 00
00 fc 00 00  00 00 00 00  00 00 00 00  00 00 01 00  00 00 00 00  00 00 00 00  00 04 01 00  00 00 00 00
00 00 00 00  00 08 01 00  00 00 00 00  00 00 00 00  00 0c 01 00  00 00 00 00  00 00 00 00  00 10 01 00
00 00 00 00  00 00 00 00  00 14 01 00  00 00 00 00  00 00 00 00  00 18 01 00  00 00 00 00  00 00 00 00
00 1c 01 00  00 00 00 00  00 00 00 00  00 20 01 00  00 00 00 00  00 00 00 00  00 24 01 00  00 00 00 00
00 00 00 00  00 28 01 00  00 00 00 00  00 00 00 00  00 2c 01 00  00 00 00 00  00 00 00 00  00 30 01 00
00 00 00 00  00 00 00 00  00 34 01 00  00 00 00 00  00 00 00 00  00 38 01 00  00 00 00 00  00 00 00 00
00 3c 01 00  00 00 00 00  00 00 00 00  00 40 01 00  00 00 00 00  00 00 00 00  00 44 01 00  00 00 00 00
00 00 00 00  00 48 01 00  00 00 00 00  00 00 00 00  00 4c 01 00  00 00 00 00  00 00 00 00  00 50 01 00
00 00 00 00  00 00 00 00  00 54 01 00  00 00 00 00  00 00 00 00  00 58 01 00  00 00 00 00  00 00 00 00
00 5c 01 00  00 00 00 00  00 00 00 00  00 60 01 00  00 00 00 00  00 00 00 00  00 64 01 00  00 00 00 00
00 00 00 00  00 68 01 00  00 00 00 00  00 00 00 00  00 6c 01 00  00 00 00 00  00 00 00 00  00 70 01 00
00 00 00 00  00 00 00 00  00 74 01 00  00 00 00 00  00 00 00 00  00 78 01 00  00 00 00 00  00 00 00 00
00 7c 01 00  00 00 00 00  00 00 00 00  00 80 01 00  00 00 00 00  00 00 00 00  00 84 01 00  00 00 00 00
00 00 00 00  00 88 01 00  00 00 00 00  00 00 00 00  00 8c 01 00  00 00 00 00  00 00 00 00  00 90 01 00
00 00 00 00  00 00 00 00  00 94 01 00  00 00 00 00  00 00 00 00  00 98 01 00  00 00 00 00  00 00 00 00
00 9c 01 00  00 00 00 00  00 00 00 00  00 a0 01 00  00 00 00 00  00 00 00 00  00 a4 01 00  00 00 00 00
00 00 00 00  00 a8 01 00  00 00 00 00  00 00 00 00  00 ac 01 00  00 00 00 00  00 00 00 00  00 b0 01 00
00 00 00 00  00 00 00 00  00 b4 01 00  00 00 00 00  00 00 00 00  00 b8 01 00  00 00 00 00  00 00 00 00
00 bc 01 00  00 00 00 00  00 00 00 00  00 c0 01 00  00 00 00 00  00 00 00 00  00 c4 01 00  00 00 00 00
00 00 00 00  00 c8 01 00  00 00 00 00  00 00 00 00  00 cc 01 00  00 00 00 00  00 00 00 00  00 d0 01 00
00 00 00 00  00 00 00 00  00 d4 01 00  00 00 00 00  00 00 00 00  00 d8 01 00  00 00 00 00  00 00 00 00
00 dc 01 00  00 00 00 00  00 00 00 00  00 e0 01 00  00 00 00 00  00 00 00 00  00 e4 01 00  00 00 00 00
00 00 00 00  00 e8 01 00  00 00 00 00  00 00 00 00  00 ec 01 00  00 00 00 00  00 00 00 00  00 f0 01 00
00 00 00 00  00 00 00 00  00 f4 01 00  00 00 00 00  00 00 00 00  00 f8 01 00  00 00 00 00  00 00 00 00
00 fc 01 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00

我们对以上的数据进行分析:

Length 98 06 
Function 0a 00  //URB_FUNCTION_ISOCH_TRANSFER
Status 00 00 00 00  
c8 87 f1 70  f8 4c 00 00  
UsbdFlags 00 00 00 00  
结构体对齐补充的:00 00 00 00  

PipeHandle b0 3c d8 8f  07 b3 ff ff
TransferFlags 05 00 00 00  
TransferBufferLength e0 22 00 00  
TransferBuffer b0 f6 c1 63  07 b3 ff ff  
TransferBufferMDL 00 00 00 00  00 00 00 00  
UrbLink 00 00 00 00  00 00 00 00
hca[8]:
00 00 00 00  00 00 00 00  
00 00 00 00  00 00 00 00  
00 00 00 00  00 00 00 00  
00 00 00 00  00 00 00 00
00 00 00 00  00 00 00 00  
00 00 00 00  00 00 00 00  
00 00 00 00  00 00 00 00  
00 00 00 00  00 00 00 00

StartFrame 65 30 8b 00  
NumberOfPackets 80 00 00 00  
ErrorCount 00 00 00 00  
00 00 00 00  00 00 00 00  00 00 00 00  
00 04 00 00  00 00 00 00  00 00 00 00  
00 08 00 00  00 00 00 00  00 00 00 00  
00 0c 00 00  00 00 00 00  00 00 00 00  
00 10 00 00  00 00 00 00  00 00 00 00  
00 14 00 00  00 00 00 00  00 00 00 00  
00 18 00 00  00 00 00 00  00 00 00 00
00 1c 00 00  00 00 00 00  00 00 00 00  
00 20 00 00  00 00 00 00  00 00 00 00  
00 24 00 00  00 00 00 00  00 00 00 00  
00 28 00 00  00 00 00 00  00 00 00 00  
00 2c 00 00  00 00 00 00  00 00 00 00  
00 30 00 00  00 00 00 00  00 00 00 00  
00 34 00 00  00 00 00 00  00 00 00 00  
00 38 00 00  00 00 00 00  00 00 00 00
00 3c 00 00  00 00 00 00  00 00 00 00  
00 40 00 00  00 00 00 00  00 00 00 00  
00 44 00 00  00 00 00 00  00 00 00 00  
00 48 00 00  00 00 00 00  00 00 00 00  
00 4c 00 00  00 00 00 00  00 00 00 00  
00 50 00 00  00 00 00 00  00 00 00 00  
00 54 00 00  00 00 00 00  00 00 00 00  
00 58 00 00  00 00 00 00  00 00 00 00
00 5c 00 00  00 00 00 00  00 00 00 00  
00 60 00 00  00 00 00 00  00 00 00 00  
00 64 00 00  00 00 00 00  00 00 00 00  
00 68 00 00  00 04 00 00  00 00 00 00  
00 6c 00 00  00 04 00 00  00 00 00 00  
00 70 00 00  00 04 00 00  00 00 00 00  
00 74 00 00  00 04 00 00  00 00 00 00  
00 78 00 00  00 04 00 00  00 00 00 00
00 7c 00 00  00 04 00 00  00 00 00 00  
00 80 00 00  00 04 00 00  00 00 00 00  
00 84 00 00  00 04 00 00  00 00 00 00  
00 88 00 00  e0 02 00 00  00 00 00 00  
00 8c 00 00  00 00 00 00  00 00 00 00  
00 90 00 00  00 00 00 00  00 00 00 00  
00 94 00 00  00 00 00 00  00 00 00 00  00 98 00 00  00 00 00 00  00 00 00 00
00 9c 00 00  00 00 00 00  00 00 00 00  00 a0 00 00  00 00 00 00  00 00 00 00  00 a4 00 00  00 00 00 00
00 00 00 00  00 a8 00 00  00 00 00 00  00 00 00 00  00 ac 00 00  00 00 00 00  00 00 00 00  00 b0 00 00
00 00 00 00  00 00 00 00  00 b4 00 00  00 00 00 00  00 00 00 00  00 b8 00 00  00 00 00 00  00 00 00 00
00 bc 00 00  00 00 00 00  00 00 00 00  00 c0 00 00  00 00 00 00  00 00 00 00  00 c4 00 00  00 00 00 00
00 00 00 00  00 c8 00 00  00 00 00 00  00 00 00 00  00 cc 00 00  00 00 00 00  00 00 00 00  00 d0 00 00
00 00 00 00  00 00 00 00  00 d4 00 00  00 00 00 00  00 00 00 00  00 d8 00 00  00 00 00 00  00 00 00 00
00 dc 00 00  00 00 00 00  00 00 00 00  00 e0 00 00  00 00 00 00  00 00 00 00  00 e4 00 00  00 00 00 00
00 00 00 00  00 e8 00 00  00 00 00 00  00 00 00 00  00 ec 00 00  00 00 00 00  00 00 00 00  00 f0 00 00
00 00 00 00  00 00 00 00  00 f4 00 00  00 00 00 00  00 00 00 00  00 f8 00 00  00 00 00 00  00 00 00 00
00 fc 00 00  00 00 00 00  00 00 00 00  00 00 01 00  00 00 00 00  00 00 00 00  00 04 01 00  00 00 00 00
00 00 00 00  00 08 01 00  00 00 00 00  00 00 00 00  00 0c 01 00  00 00 00 00  00 00 00 00  00 10 01 00
00 00 00 00  00 00 00 00  00 14 01 00  00 00 00 00  00 00 00 00  00 18 01 00  00 00 00 00  00 00 00 00
00 1c 01 00  00 00 00 00  00 00 00 00  00 20 01 00  00 00 00 00  00 00 00 00  00 24 01 00  00 00 00 00
00 00 00 00  00 28 01 00  00 00 00 00  00 00 00 00  00 2c 01 00  00 00 00 00  00 00 00 00  00 30 01 00
00 00 00 00  00 00 00 00  00 34 01 00  00 00 00 00  00 00 00 00  00 38 01 00  00 00 00 00  00 00 00 00
00 3c 01 00  00 00 00 00  00 00 00 00  00 40 01 00  00 00 00 00  00 00 00 00  00 44 01 00  00 00 00 00
00 00 00 00  00 48 01 00  00 00 00 00  00 00 00 00  00 4c 01 00  00 00 00 00  00 00 00 00  00 50 01 00
00 00 00 00  00 00 00 00  00 54 01 00  00 00 00 00  00 00 00 00  00 58 01 00  00 00 00 00  00 00 00 00
00 5c 01 00  00 00 00 00  00 00 00 00  00 60 01 00  00 00 00 00  00 00 00 00  00 64 01 00  00 00 00 00
00 00 00 00  00 68 01 00  00 00 00 00  00 00 00 00  00 6c 01 00  00 00 00 00  00 00 00 00  00 70 01 00
00 00 00 00  00 00 00 00  00 74 01 00  00 00 00 00  00 00 00 00  00 78 01 00  00 00 00 00  00 00 00 00
00 7c 01 00  00 00 00 00  00 00 00 00  00 80 01 00  00 00 00 00  00 00 00 00  00 84 01 00  00 00 00 00
00 00 00 00  00 88 01 00  00 00 00 00  00 00 00 00  00 8c 01 00  00 00 00 00  00 00 00 00  00 90 01 00
00 00 00 00  00 00 00 00  00 94 01 00  00 00 00 00  00 00 00 00  00 98 01 00  00 00 00 00  00 00 00 00
00 9c 01 00  00 00 00 00  00 00 00 00  00 a0 01 00  00 00 00 00  00 00 00 00  00 a4 01 00  00 00 00 00
00 00 00 00  00 a8 01 00  00 00 00 00  00 00 00 00  00 ac 01 00  00 00 00 00  00 00 00 00  00 b0 01 00
00 00 00 00  00 00 00 00  00 b4 01 00  00 00 00 00  00 00 00 00  00 b8 01 00  00 00 00 00  00 00 00 00
00 bc 01 00  00 00 00 00  00 00 00 00  00 c0 01 00  00 00 00 00  00 00 00 00  00 c4 01 00  00 00 00 00
00 00 00 00  00 c8 01 00  00 00 00 00  00 00 00 00  00 cc 01 00  00 00 00 00  00 00 00 00  00 d0 01 00
00 00 00 00  00 00 00 00  00 d4 01 00  00 00 00 00  00 00 00 00  00 d8 01 00  00 00 00 00  00 00 00 00
00 dc 01 00  00 00 00 00  00 00 00 00  00 e0 01 00  00 00 00 00  00 00 00 00  00 e4 01 00  00 00 00 00
00 00 00 00  00 e8 01 00  00 00 00 00  00 00 00 00  00 ec 01 00  00 00 00 00  00 00 00 00  00 f0 01 00
00 00 00 00  00 00 00 00  00 f4 01 00  00 00 00 00  00 00 00 00  00 f8 01 00  00 00 00 00  00 00 00 00
00 fc 01 00  00 00 00 00  00 00 00 00  
00 00 00 00  00 00 00 00  00 00 00 00 //最后一个ISO的包,必须全为00               

最后一个ISO的数据偏移为0x01fc00, 故数据总长度为0x20000,0x2000/1024=128即0x80

而该同步端点对应的描述符为:

        ----------------- Endpoint Descriptor -----------------
bLength                  : 0x07 (7 bytes)
bDescriptorType          : 0x05 (Endpoint Descriptor)
bEndpointAddress         : 0x81 (Direction=IN EndpointID=1)
bmAttributes             : 0x05 (TransferType=Isochronous  SyncType=Asynchronous  EndpointType=Data)
wMaxPacketSize           : 0x0400
 Bits 15..13             : 0x00 (reserved, must be zero)
 Bits 12..11             : 0x00 (0 additional transactions per microframe -> allows 1..1024 bytes per packet)
 Bits 10..0              : 0x400 (1024 bytes per packet)
bInterval                : 0x01 (1 ms)
Data (HexDump)           : 07 05 81 05 00 04 01                              .......

其打开摄像头的数据为

Length    Phase  Data                                                                                             
--------  -----  ------------------------------------------------------------------------------
     CTL    a1 81 00 01  01 00 1a 00                                                            GET CUR      
 26  IN     00 00 01 01  15 16 05 00  00 00 00 00  00 00 00 00  00 00 00 76  2f 00 00 00  00 00 .............
     CTL    21 01 00 01  01 00 1a 00                                                            SET CUR      
 26  OUT    00 00 01 01  90 d0 03 00  00 00 00 00  00 00 00 00  00 00 00 76  2f 00 00 00  00 00 .............
     CTL    a1 81 00 01  01 00 1a 00                                                            GET CUR      
 26  IN     00 00 01 01  15 16 05 00  00 00 00 00  00 00 00 00  00 00 00 76  2f 00 00 00  00 00 .............
     CTL    a1 83 00 01  01 00 1a 00                                                            GET MAX      
 26  IN     01 00 01 01  15 16 05 00  00 00 00 00  00 00 00 00  00 00 00 76  2f 00 00 04  00 00 .............
     CTL    a1 82 00 01  01 00 1a 00                                                            GET MIN      
 26  IN     01 00 01 01  15 16 05 00  00 00 00 00  00 00 00 00  00 00 00 76  2f 00 00 04  00 00 .............
     CTL    21 01 00 01  01 00 1a 00                                                            SET CUR      
 26  OUT    00 00 01 01  90 d0 03 00  00 00 00 00  00 00 00 00  00 00 00 76  2f 00 00 00  00 00 .............
     CTL    a1 81 00 01  01 00 1a 00                                                            GET CUR      
 26  IN     00 00 01 01  15 16 05 00  00 00 00 00  00 00 00 00  00 00 00 76  2f 00 00 00  00 00 .............
     CTL    21 01 00 02  01 00 1a 00                                                            SET CUR      
 26  OUT    00 00 01 01  15 16 05 00  00 00 00 00  00 00 00 00  00 00 00 76  2f 00 00 00  00 00 .............
     CTL    01 0b 01 00  01 00 00 00                                                            SET INTERFACE
HID人机交互QQ群:564808376    UAC音频QQ群:218581009    UVC相机QQ群:331552032    BOT&UASP大容量存储QQ群:258159197    STC-USB单片机QQ群:315457461    USB技术交流QQ群2:580684376    USB技术交流QQ群:952873936   

0 篇笔记 写笔记

UVC 等时传输中的URB_ISOCH_TRANSFER
通过UVC规范可知,视频图像数据的读取可使用两种端点传输方式,分别为:BULK 块/批量传输方式ISO 等时/同步传输方式在Windows内核中,USB数据的读取是通过URB来进行传输的,其结构体是一个大大的共用体,根据数据传输的方式对应其不同的结构体,其内容如下:typedef _Struct_s......
UVC等时传输中的dwMaxPayloadTransferSize
UVC的视频流接口控制请求的数据大小可为26字节,34字节和48字节,其分别对应的是UVC的1.0,1,1和UVC1.5版本。在其整个视频流控制接口参数偏移地址22处的字段为一4字节的dwMaxPayloadTransferSize,根据其字段解释为“指定设备在单个有效负载传输中可以传输或接收的最大......
BusHound的使用方法详解
在开始菜单日运行Bus Hound软件,将USB设备插入电脑U口。如图所示,进入”Devices”目录,在”Devices”内选择要监听的设备。例如:我的设备置是一个U盘,则装置为USB大容量储存设备,点选”USB大容量储存设备”图示,可以在下面的”Properties”图框内看到设备的设备树及设备......
HID键盘设备数据抓包分析实践
本文使用 Bus Hound 工具对 USB HID 设备数据包进行分析,并结合官方手册及网上文章进行整理。在进行数据分析前,我们先回顾一下USB相关的基础知识。USB描述符USB 主机是通过各种描述符来识别设备的,有设备描述符,接口描述符,端点描述符,字符描述符,报告描述符(HID)等。和普通的......
关于UVC摄像头指示灯的调试过程总结
最近遇到了一个很是奇怪的UVC摄像头指示灯问题,现象如下:上层应用是一个会议系统软件,当需要进行会议时,点击会议按钮添加会议。这时应用软件打开摄像头,并开始与服务器进行网络连接。当然由于摄像头的打开,摄像头指示灯点亮。上层应用软件与服务器连接后,进行会议界面。这时突然摄像头指示灯熄灭,但会议正常,摄......
USB 等时/同步传输、块传输与转换设置在UVC摄像头驱动中的探讨
最近在Windows10 x64环境下,开发了一个虚拟UVC摄像头驱动。确切的来说这不是摄像头驱动,而是一个虚拟USB总线驱动。使用该虚拟总线驱动使用应用软件通过IOCTL控制总线子设备的创建与卸载。框架设计驱动安装完成后,是一个单纯的USB虚拟总线。应用软件通过发送自定义IOCTL码IOCTL......
BusHound简介及安装
BusHound简介BusHound软件是由美国perisoft公司研制的一种专用于PC机各种总线数据包监视和控制的开发工具软件,其名“hound”的中文意思为“猎犬”,即指其能敏锐地感知到总线的丝毫变化。Bus Hound是一个超级软件总线协议分析器,用于捕捉来自设备的协议包和输入输出操作,其优......
BusHound设备窗口
使用BusHound进行数据抓包,抓包的目标为设备。BusHound提供了一个类似设备管理器的窗口,以树形的方式显示。设备树主要包括SCSI设备树和Usb设备树。设备IDBusHound为每个显示在设备窗口中的设备树分配一个ID,这个ID在设备窗口树列表中,设备名前中括号中的数字为设备ID.点击设备......
USB 同步/等时传输方式
USB协议规定了四种传输类型:控制传输、批量传输、同步传输、中断传输。等时传输也有“同步传输”的叫法,一般用于要求数据连续、实时且数据量大的场合,其对传输延时十分敏感,类似用于USB摄像设备,USB语音设备等等。同步事务没有握手包。当一个同步传输中有多个事务时,最后一个事务之前的事务的数据长......
USB超高速 同步传输
正如USB2.0一样,超速同步传输类型是用来支持想要能容忍错误,周期性的轮询服务的传输流。超速跟USB2.0一样不发送起始帧,但是时序信息要通过同步时间戳包(ITP)被发送给设备。这个规格的协议层章详细描述了用来完成同步传输的包,总线事务和事务处理流程。也描述了怎么样传送时序信息给设备。超速同步传输......
UVC 描述符实例
通过BUSBOUND抓取USB摄像头插入电脑时的数据信息,这里只是选报设备描述符和接口描述符信息Device Phase Data Description Cmd.Phase.Ofs(rep)------ ----- ----------......
Windows下USB驱动同步URB转IRP请求函数代码
URB和IRP类似,只不过一个应用于通用的Windows驱动,一个专职于USB。USB的URB的负载是IRP,其通过负载到IRP时,然后使用通用的Windows IRP请求发向下层目标USB设备。USB与IRP的关联是通过IRP的IO_STACK_LOCATION的 IoStack->Para......
Windows下USB驱动异步URB转IRP请求函数代码
URB有同步请求,也有异步请求。这里微软官方提供了一个异步请求URB的代码示例// The SubmitUrbASync routine submits an URB asynchronously.//// Parameters://// Parameters:// Devic......
Windows下USB驱动同步URB转IRP请求函数代码-改进版
URB的同步调用一般使用:Windows下USB驱动同步URB转IRP请求函数代码 http://www.usbzh.com/article/detail-547.html但是,在某些特定的情况下,有时会因为下底设备并没有完成而挂死。这里提供一种超时取消IRP的方法,同时考虑到了线和切换的情况。这里......
BUSHOUND抓包stall pid的USTS c0000004错误
对USB设备进行数据分析,使用最多的也就是BUSHOUND了,不过经常遇到一个问题就是 USTS c0000004 stall pid 错误。USTS c0000004 stall pid在本站中搜......
关注公众号
取消
感谢您的支持,我会继续努力的!
扫码支持
扫码打赏,你说多少就多少

打开支付宝扫一扫,即可进行扫码打赏哦

您的支持,是我们前进的动力!