文件列表:

sniffusb\filter\Driver.h (867, 2001-10-07)
sniffusb\filter\DriverEntry.cpp (55737, 2001-10-07)
sniffusb\filter\RemoveLock.cpp (1561, 2001-10-07)
sniffusb\filter\stddcls.cpp (124, 1998-11-20)
sniffusb\filter\stddcls.h (1519, 2001-10-07)
sniffusb\filter\UsbSnoop.dsp (7612, 2000-02-17)
sniffusb\filter\UsbSnoop.dsw (539, 2000-02-17)
sniffusb\filter (0, 2006-03-19)
sniffusb\ui\Debug (0, 2001-10-07)
sniffusb\ui\Release (0, 2006-03-19)
sniffusb\ui\Res\SniffUSB.ico (1078, 2000-02-16)
sniffusb\ui\Res\SniffUSB.rc2 (452, 2001-10-07)
sniffusb\ui\Res (0, 2006-03-19)
sniffusb\ui\resource.h (2137, 2001-10-07)
sniffusb\ui\SetupDIMgr.cpp (14701, 2001-03-04)
sniffusb\ui\SetupDIMgr.h (1541, 2001-03-04)
sniffusb\ui\SniffUSB.aps (40760, 2001-10-07)
sniffusb\ui\SniffUSB.cpp (2058, 2000-02-16)
sniffusb\ui\SniffUSB.dsp (4393, 2001-10-07)
sniffusb\ui\SniffUSB.dsw (539, 2000-02-25)
sniffusb\ui\SniffUSB.h (1346, 2000-02-16)
sniffusb\ui\SniffUSB.rc (7931, 2001-10-07)
sniffusb\ui\SniffUSBDlg.cpp (13288, 2001-10-07)
sniffusb\ui\SniffUSBDlg.h (2035, 2001-10-07)
sniffusb\ui\StdAfx.cpp (210, 2000-02-16)
sniffusb\ui\StdAfx.h (1175, 2001-10-07)
sniffusb\ui (0, 2006-03-19)
sniffusb (0, 2006-03-19)

SniffUSB - USB packet watcher 0.13 ------------------------------------------------------------- ** What is it? SniffUSB is a packet watcher for Windows ***, Me and 2000. It's a combination of a kernel mode filter and a UI to catch the watched traffic. ** How does it work? The kernel mode filter slips in between a USB client driver and USBD.sys, logging everything that's going on without touching anything. It's invisible to USB client drivers. The UI will connect to the filter and retrieve the watched traffic, allowing further analysis, filtering etc... ** Limitations/known bugs/missing stuff As of today (10/07/2001), the filter works and can be used. However, it does *not* collect any data at all; it simply spits out stuff to the debugger (or a debugging message logging facility if no debugger is installed). Therefore, a release build doesn't do anything at all, and included in this package is a debug build. The UI does not attempt to connect to the filter yet. It is useful for installing/removing the filter only. To catch the debug output, a debugger like SoftIce is needed. If this is not available, any debugging message hooker can be used. Included in the package is dbgview, made by Mark Russinovich at http://www.sysinternals.com. The filter can produce *lots* of debug output at times, which might make the debug viewer appear to be locked up. If it doesn't react anymore, give it some time (possibly up to a few minutes). If you're fed up, just kill it. Under certain circumstances, you might not get any output at all. This is usually due to bugs in USB drivers which circumvent the filter; there is no provision (yet) to snatch entry points and make sure that all the traffic arrives at the filter. It is a well-behaved WDM filter, and if the filter layered on top of it misbehaves, it doesn't try to correct that. Further, as outlined in the first point, the method of data collection is a simple debug print. While this works great for control messages, or low-bandwidth transfers (like to a mouse, for example), it does pose some problems with high-bandwidth transfers, such as bulk or isochronous. Due to the nature of debug message logging, some of the output does get lost, and you will end up with partial logs. Keep your brain turned on while looking at the logs... future versions are intended to use a direct link between application and filter to allow a complete data collection log. ** How do I use it?!? Here's what you have been waiting for - the "install": -- One-time installation 1. Make sure you're running Windows *** or *** Second Edition, Me or Windows 2000 (XP should work well, but is not tested). 2. Copy ui\Release\SniffUSB.exe to a convenient location (desktop?) 3. Copy the entire dbgview\ directory to a convenient location 4. Run the SniffUSB.exe. Click the button labelled "Unpack SYS". This will unpack a copy of USBSnoop.sys (also located standalone in the filter\Debug directory) into your \System32\Drivers directory -- Device setup 1. Make sure you have your device plugged in at least once. To ensure consistent results, make sure you won't plug it into another port during the logging sessions (the filter is registered on a per-port basis, and any new port will not be using the filter) 2. Run dbgview.exe. You will get a window which shows all debug output of everything that produces debug output. 3. Run SniffUSB.exe. You will get a list of USB devices with their description and a note if the filter is installed or not. 4. Right-click on the entry you want to sniff, select "Install". This will register the filter for this device on all ports that have been ever used so far. 5. At this point, the device needs to be unplugged/re-plugged; as filters get loaded as part of the PnP AddDevice process, which only takes place during plug-in. Instead of physically unplugging/ re-plugging, you can right-click the entry, and select "Replug". You should start seeing debug output on the viewer. 6. Analyze what you see ;-) -- Filter uninstall 1. Run SniffUSB.exe. 2. Right-click entry which you want the filter removed for, select "Uninstall". That's it. Comments, suggestions, bug fixes, to roland@wingmanteam.com (mostly UI related stuff), or/and tom@wingmanteam.com (mostly filter related stuff). Flames to /dev/null (or, on an MS platform, NUL:) ------- Because we live in such a strange world: As usual, the legal stuff - this package is provided as is, no warranties are expressed or implied, no liability whatsoever is assumed, if this program burns down your house of puts your fish on fire, it's all your fault. Simply put - you're on your own. M'kay?

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：