如何从ETW中提取USB设备类型及其驱动器号

时间:2018-04-22 07:55:46

标签: winapi events usb etw

因此,我正在编写一个简单的ETW记录器,以便在连接新的USB设备时提供触发事件状态机来唤醒。使用微软Messages analyzer我设法跟踪并接收USB"新的USB设备信息"跟踪使用以下过滤器Microsoft_Windows_USB_USBHUB3.Summary == "New USB Device Information"

但是,在检查数据包后,我无法区分USB mass storage devices和其他USB devices(camera?)

跟踪中的可用值:

Name    Value   Bit Offset  Bit Length  Type    
pointerValue                        132972247379928 64  64  UInt64  
Fid_HubDevice                       0x000078F011FC3CC8  0   64  Etw.EtwPointer  
pointerValue                        132972489227464 0   64  UInt64  
Fid_UsbDevice                       0x000078F00391EFD8  64  64  Etw.EtwPointer  
Fid_PortNumber                      1   128 32  UInt32  
Fid_DeviceDescription               USB Mass Storage Device 160 384 String  
Fid_DeviceInterfacePath             \??\USB#VID_0781&PID_5567#200602669107DD62F0E0#{a5dcbf10-6530-11d2-901f-00c04fb951ed}   544 1376    String  
Fid_DeviceDescriptor                fid_DeviceDescriptor{Fid_bLength=18,Fid_bDescriptorType=1,Fid_bcdUSB=512,Fid_bDeviceClass=0,Fid_bDeviceSubClass=0,Fid_bDeviceProtocol=0,Fid_bMaxPacketSize0=64,Fid_idVendor=1921,Fid_idProduct=21863,Fid_bcdDevice=295,Fid_iManufacturer=1,Fid_iProduct=2,Fid_iSerialNumber=3,Fid_bNumConfigurations=1} 1920    144 Microsoft_Windows_USB_USBHUB3.fid_DeviceDescriptor  
Fid_bLength 18  1920    8   Byte    
Fid_bDescriptorType 1   1928    8   Byte    
Fid_bcdUSB  0x0200  1936    16  UInt16  
Fid_bDeviceClass    0   1952    8   Byte    
Fid_bDeviceSubClass 0   1960    8   Byte    
Fid_bDeviceProtocol 0   1968    8   Byte    
Fid_bMaxPacketSize0 64  1976    8   Byte    
Fid_idVendor    0x0781  1984    16  UInt16  
Fid_idProduct   0x5567  2000    16  UInt16  
Fid_bcdDevice   0x0127  2016    16  UInt16  
Fid_iManufacturer   1   2032    8   Byte    
Fid_iProduct    2   2040    8   Byte    
Fid_iSerialNumber   3   2048    8   Byte    
Fid_bNumConfigurations  1   2056    8   Byte    
Fid_ConfigurationDescriptorLength   0x0020  2064    16  UInt16  
Fid_ConfigurationDescriptor [9,2,32,0,1,1,0,128,100,9,4,0,0,2,8,6,80,0,7,5,129,2,0,2,0,7,5,2,2,0,2,1]   2080    256 ArrayValue`1        
Fid_PdoName \Device\USBPDO-13   2336    288 String  
Fid_Suspended   1   2624    8   Byte    
Fid_PortPathDepth   1   2632    32  UInt32  
Fid_PortPath    [1,0,0,0,0,0]   2664    192 ArrayValue`1    
Fid_PciBus  0x00000000  2856    32  UInt32  
Fid_PciDevice   0x00000014  2888    32  UInt32  
Fid_PciFunction 0x00000000  2920    32  UInt32  
Fid_PciVendorId 0x00008086  2952    32  UInt32  
Fid_PciDeviceId 0x0000A12F  2984    32  UInt32  
Fid_PciRevisionId   0x00000031  3016    32  UInt32  
Fid_CurrentWdfPowerDeviceState  0x00000005  3048    32  UInt32  
Fid_Usb20LpmStatus  0x00000006  3080    32  UInt32  
Fid_ControllerParentBusType ControllerParentBusTypePci  3112    32  MapControllerParentBusType  
Fid_AcpiVendorId    NULL    3144    40  String  
Fid_AcpiDeviceId    NULL    3184    40  String  
Fid_AcpiRevisionId  NULL    3224    40  String  
Fid_PortFlagAcpiUpcValid    1   3264    8   Byte    
Fid_PortConnectorType   255 3272    8   Byte    
Fid_UcmConnectorId  0x0000000000000001  3280    64  UInt64  
EtwKeywords Keywords{StandardKeywords=WindowsEtwKeywords{EventlogClassic=False,CorrelationHint=False,AuditSuccess=False,AuditFailure=False,SQM=False,WDIDiag=False,WDIContext=False,Reserved=False},Default=True,USBError=False,IRP=False,Power=False,PnP=True,Performance=False,HeadersBusTrace=False,PartialDataBusTrace=False,FullDataBusTrace=False,StateMachine=False,Enumeration=False,VerifyDriver=False,HWVerifyHost=False,HWVerifyHub=False,HWVerifyDevice=False,Rundown=False,Device=False,Hub=False,Compat=False,ControllerCommand=False,MsMeasures=True}            Microsoft_Windows_USB_USBHUB3.Keywords  

限制:

  1. 无字符串比较
  2. 必须使用ETW机制

0 个答案:

没有答案