Hello all, I am a new user, first time poster so please bear with me. I am using Wireshark to analyze USB traffic captured by a program called USBPcap (http://desowin.org/usbpcap/). To give you some background, I am attempting to create a driver for a device whose manufacturer stopped making software for it after XP. To do this, I am attempting to isolate the low-level commands and send them to the device with a laptop running a modern OS using LabVIEW and NI-VISA. I have run and successfully captured the USB data. Trying to send a simple command (GET DESCRIPTOR Request DEVICE) I have run in to two problems that I was hoping the community could help me out with: First, though the command I am sending is the same, the pseudoheader length has changed. On the XP laptop, this command took 36 bytes, on the modern OS it is taking 35 and the byte right before the command I am sending is missing. This byte is described by Wireshark as Control transfer stage: Setup (0). If I add the appropriate byte before the data I am sending, it becomes part of my data instead of the pseudoheader as it does in XP. What could I be doing wrong here? Could it be the NI-VISA from LabVIEW? There is the option to use a Write to USB Port versus VISA Write which is what I am using. Next, while I have deciphered parts of the data being sent over (pseudoheader length, data size, data direction), there are some that differ between XP and the modern OS that I don't understand. Mostly these descriptions start with URB and IRP and I cannot find a definition on the site or in the Wireshark manual. Could anyone explain to me what these acronyms and their subcategories mean? All the ones I need help with are included below: IRP ID IRP USBD_STATUS URB FUNCTION Endpoint Direction (Endpoint) URB transfer type Control transfer Stage I have my captures for the XP and modern OS as well as a beakdown of the data as well as I have been able to make it. Here are the links to these files: All input is greatly appreciated, Yusif Nurizade asked 24 Jul '13, 19:41  Akello edited 26 Jul '13, 10:05 showing 5 of 8 show 3 more comments |
One Answer:
Have you read USBPcap website, especially the section about capture limitations? (no offense here; being familiar with this section is mandatory for your task). The most important thing is that USBPcap pseudoheader never ever gets seen by USB device. After looking at files I have to admit that you are completely mistaking some USB concepts. There are four different transfer types: Control, Interrupt, Isochronous and Bulk. These transfers are COMPLETELY DIFFERENT and CANNOT BE INTERCHANGED with each other. I don't know if you can achieve your goal with LabView. You would have to get dirty with driver development. If the device does not use isochronous transfers you could write the driver using WinUSB. If it does, or if you don't like WinUSB, you can use libusb-win32. answered 31 Jul '13, 09:34  desowin Desowin, Thank you for your response. It seems I did not give the USBPcap site as good a look as I thought I did. I will be looking at it in detail in the coming days. My only other thought with LabVIEW was using a USB Write command instead of a VISA Write and seeing if the customization that allows me will make a difference. Admittedly this is an issue for the NI forums. Meanwhile, I will definitely be looking at WinUSB and libusb-win32. Thank you for the recommendations, between you and Kurt I have a lot of good leads! Thanks again, Yusif Nurizade (01 Aug '13, 12:50) Akello |
Yes, please upload the capture files somewhere (google docs/drive, dropbox, etc.).
Hm.. wouldn't it be easier to run Win XP in a virtual machine and map that USB device into the virtual machine instead of trying to reverse engineer the protocol used by that device?
Kurt,
Thanks for the reply. I have added links to the capture files and breakdown in the original message.
As far as running XP in the virtual machine, I tried using this method but could not get it to work.
Please let me know if you need anything else on my end. I would be very grateful if you could help me figure out some of the acronyms in the capture.
Thanks again, Yusif Nurizade
What VM software did you use and what was the problem/error?
I don't remember the name of the VM software but the problem was that the driver just wouldn't install. I tried the online and the CD but it the same thing that happens in a modern OS. The setup would run and at one point where you're supposed to click next, it told you that the program incurred an error and all you could do is press Finish.
I'm open to giving it another shot if you can recommend a solid VM software. In the meantime, do you have any suggestions about the acronyms I can't figure out?
Yusif Nurizade
Well, I had good experiences with VMware. VMware Player comes for free (in certain environments - please read their EULA) and is able to map USB devices into the virtual machine without problems so far (for me).
BTW: What kind of USB device are we talking about?
Thank you for the suggestion. I will give VMware a try by the end of the week and report back with the results.
The USB device is a tachometer: DT-209X from SHIMPO.
While I am trying out VMware, any thoughts on the acronyms I mentioned? Or at least where I can track down their meanings?
Are you sure it is worth the effort to reverse engineer the protocol used by that device in order to develop your own driver??
There are similar devices available for a few 100 $ (or less).
It would only make sense (to me), if you had to replace >> 50 devices.
Actually no, as I don't know LabView and it seems you tried to use that to send/receive some data via USB.
I think this might be the wrong forum/site for your problem, as we are primarily discussing Wireshark issues here, and sometimes network/application related problems. Unfortunately, your specific problem is far beyond the scope of this site. Anyway, I hope the hints provided so far will guide you to a solution.
Kurt,
The purpose for developing a driver for this device is to learn about USB protocol and driver creation. I used this device for my for my senior design project and hated the fact that it didn't have software for a modern OS. Now I'm committed and I hate leaving something unfinished.
I understand your position about the problem being outside of this site's intended purpose. The program was recommended by the USBPcap site and The acronyms I need help with show up in the USB analysis of a laptop running the XP driver and software. They show up when using LabVIEW but are not specific to it. In any case, I knew posting here would be a long shot but it was worth a try and I got some great input!
Thanks again,
Yusif Nurizade