Creating a Virtual USB Device

19
votes

I am a newbie learning how to write WDM device drivers for USB devices and found that the materials available are all too hard to comprehend (the DDK online doc is one of the most difficult to read, and the WDM Device driver book by Oney isn't anything better).

So, I've got a simple question. Where do I start if I want to create a virtual USB device (for example, a virtual USB mouse which looks like a real USB mouse attached to a USB port) for testing/learning.

So far what I understand is the HIDClass driver (hidclass.sys) has a minidriver for the usb bus (hidusb.sys) that carries out the enumeration of attached USB hardware. So, if I want to hijack the hardware enumeration process and creates my own virtual hardware, should I include a filter driver somewhere to intercept some IRPs related to the hardware enumeration process?

Sorry if the above does not make sense at all since I am still in the learning stage and this is actually one of the exercise I think could help me learn about writing USB device drivers better.

4
usbdevicedrivers
mocking usb device for linux platform stackoverflow.com/a/43917529/6180077Abdullah Farweez

4 Answers

24
votes

Windows uses a Plug and Play Architecture. When you insert a USB device, It sends low level USB request to the device and then based on the response from a device decides what driver to load. Matching is done by comparing vendor id, product id and etc to inf files sections. Drivers come in the form of a compiled xxx.sys with xxx.inf file and is loaded to kernel space. Windows decides which xxx.sys to load based on the *.inf file that comes with the device's driver.

These files have sections like this:

[Manufacturer]
%Manufacturer% = DeviceInstall

[DeviceInstall]
"some usb dev"=OTHER_SECTION_DEV, USB\Vid_XXXX&Pid_yyyy

# This is where windows learns to match this information
# to your device, using the product id (Pid) and the 
# vendor id (Vid) that Windows gets back during the
# low level USB DeviceDescriptor request

[OTHER_SECTION_DEV]
CopyFiles = xxx.sys, 10,system32\drivers

(a more detailed description on what's in inf files can be found over on https://docs.microsoft.com/en-us/windows-hardware/drivers/install/inf-manufacturer-section)

A detailed look at the USB enumeration process (Use USB Logger):

  • USB Device Plugged
  • USB Bus Driver Request
    • GetDescriptor(Device)
    • GetDescriptor(Configuration)
    • GetDescriptor(String iSerialNumber), used as Device Instance ID
    • GetDescriptor(String iProduct), used in the "new Hardware been identified" popups
  • The PNP (Plug and Play) manager is informed that a device was added by the bus drivers.
  • The PNP manager then asks the bus driver for device information by using a PNP request, asking for:
    • DeviceID string, representing the USB Vendor and Product ID,
    • HardwareIDs string,
    • CompatibleIDs string, representing USB device' Interface Class, Subclass and Protocol, and
    • InstanceID string, representing the uid for this particular device within the set of all instances with the same compatible id hooked up to the computer.

For any connected USB device you can see these strings using the Device Manager:

  • Open the Device Manager (windows menu -> "device manager", or control panel -> "System" -> "Hardware" -> "Device Manager")
  • then use the "view" menu to switch to "Device by Connection"
  • open "ACPI [...]" -> "PCI bus"/"PCI Express Root Complex" -> "[...] USB [...] Host Controller"
  • expand any of the entries under the host controller, and for any of the devices listed, right click to get their properties, open the "details" tab, and then use the property pulldown menu to find "Hardware Ids", "Compatible Ids", "Device Instance ID", "Matching Device Id", "Service", etc.

For example, I have a USB storage device with Device Id = usb\class_08&subclass_06&prot_50 hooked up, and this string can be matched to an .inf file that was added to the list of known devices after first enumeration. This file has a string Service = USBSTOR, and so we know that usbstor.sys is used to interface with this USB Mass Storage Device.

Let's continue with matching process.

  • The PNP Manager tries to determine whether Device was already "installed":
    • It search the registry for a key matching the "DeviceInstance ID" to see which service handles interfacing with this device. Specifically, it searches for this in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB

For disk on key, you can see something like:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0781&Pid_5406\0775555ACA54ADE3]
"Service"="USBSTOR"
  • The PNP Manager then loads the associated driver based on a match between the strings in PNP requests and data from the .inf database:
    • inf database located under: C:\WINDOWS\inf\
    • drivers .sys files located: C:\WINDOWS\system32\drivers
  • If PNP can't find matching string, you will get prompt to show a path to xxx.sys and xxx.inf

For writing drivers my advice is:

  1. Don't start with implementing HID (human interface device) devices, because you can cause windows to use your custom driver for you mouse or keyboard instead of original driver, this will disable your mouse or keyboard, very dangerous.
  2. Don't load drivers into your dev machine:
    1. use a virtual machine and install your drivers there. Set up a kernel debugger for your virtual machine: http://www.codeproject.com/KB/winsdk/KernelModeDebuggerSetup.asp
    2. or load drivers on other test machine.
  3. Good learning platform for USB drivers is "OSR USB-FX2 Learning Kit"
3
votes

You can use the USB/IP project to emulate any device that you want. In my blog I demonstrated how to emulate USB Mouse device in python using the USB/IP project: http://breaking-the-system.blogspot.com/2014/08/emulating-usb-devices-in-python-with-no.html

It wont help you to understand how to create the virtual USB device (the process is done in the USB/IP driver, you could read the code), but it will create the virtual USB HID device and you could play with the HID arguments sent to the USB driver.

1
votes

Wouldn't it make more sense to provide your own bus type and enumerator?