USB Monitor (Sniffer)
View 873

    Task

    USB Monitor allows you to display, record and analyze all the data transferred between any USB device connected to your PC and applications. Also you can recover transferred data (for some file types).

    The resulted project includes such components: Driver, Common library, GUI.

    Driver

    Language: C
    Filter driver is a driver, which is inserted into the existing driver stack to perform record function (collect URB packets*). A filter driver is not affect the normal working of the existing driver stack in any major way.

    *URB packet is USB request block that contain data to be transferred to/from USB device.

    Common library

    Language: C++
    Using: STL (Standard Template Library)
    Main purpose is to get data from filter driver.
    Includes:

    • Parser to extract information from URB packages.
    • Classes to obtain information about installed USB devices.
    • Classes to install lower filter to the Device Stack.
    • Classes for all kind of URB.
    • Transferred data analyzer (HID, Mass Storage).
    • Recovery tool for transferred data (Image type).

    GUI

    Language: C++
    Using: STL (Standard Template Library), MFC (Microsoft Foundation Classes)
    Includes:

    • USB Device Tree.
    • USB Device Info.
    • URB List Viewer.
    • Transfer Data Viewer.
    • HID (Mouse) Data Analyzer Viewer.
    • Mass Storage Data Analyzer Viewer.
    • Transferred File Data Analyzer Viewer.
    • Recovery Image File Tool.

    Tools & Technologies

    Development environment: Visual Studio 2008 + DDK;
    Debugger: WinDbg for kernel mode, VS2008 inbuilt debugger for user mode. Libraries: STL, MFC

    Future features to implement

    • Install filter driver without restarting any device.
    • More file types to recover.
    • More devices to analyze.

    Downloads

    Project Solution

    Project Sources

    Created by Den
    Wednesday, February 4, 2015