Task

USB Monitor allows you to display, record and analyze all the data transferred between any USB device connected to your PC and applications. Also you can recover transferred data (for some file types).

The resulted project includes such components: Driver, Common library, GUI.

Driver

Language: C
Filter driver is a driver, which is inserted into the existing driver stack to perform record function (collect URB packets*). A filter driver is not affect the normal working of the existing driver stack in any major way.

*URB packet is USB request block that contain data to be transferred to/from USB device.

Common library

Language: C++
Using: STL (Standard Template Library)
Main purpose is to get data from filter driver.
Includes:

• Parser to extract information from URB packages.
• Classes to obtain information about installed USB devices.
• Classes to install lower filter to the Device Stack.
• Classes for all kind of URB.
• Transferred data analyzer (HID, Mass Storage).
• Recovery tool for transferred data (Image type).

GUI

Language: C++
Using: STL (Standard Template Library), MFC (Microsoft Foundation Classes)
Includes:

• USB Device Tree.
• USB Device Info.
• URB List Viewer.
• Transfer Data Viewer.
• HID (Mouse) Data Analyzer Viewer.
• Mass Storage Data Analyzer Viewer.
• Transferred File Data Analyzer Viewer.
• Recovery Image File Tool.

Tools & Technologies

Development environment: Visual Studio 2008 + DDK;
Debugger: WinDbg for kernel mode, VS2008 inbuilt debugger for user mode. Libraries: STL, MFC

Future features to implement

• Install filter driver without restarting any device.
• More file types to recover.
• More devices to analyze.

Downloads

Project Solution

Project Sources