Results 1 to 8 of 8

Thread: Reversing a Win driver and writing one for Linux

  1. #1

    Reversing a Win driver and writing one for Linux

    Hi there,

    today I had a bad idea - I mean really bad
    My nephew made me a present yesterday (he is seven years old). He gave me new USB-Microscope ( a simple one from a discounter, but hey... it's my nephew and even if he brings along a dead mouse, I'd be happy). Since I had booted up Linux at the time he arrived, I plugged it in to see if it's got recognized. Well, it was but I couldn't get it to work. After some research later that evening I found out that no driver for this device exists.
    Today it came again into my mind and the idea was born: write a Linux device driver for it.
    So this is not one but two new things for me.
    The first is debugging a device driver under Windows. This driver came with the microscope.
    The second is writing the driver under Linux.
    I have a book for the latter and of course I did (and will do again, and again...) a Google search for the first, but I'd like to ask if someone did something like that before and is willing to share some knowledge or can recommend special reading.
    I'm really thankful for any help.
    If my progress is noteworthy, I'll blog about it (it's not a threat )

    Best regards
    darkelf


    edit: @moderators
    Please move this thread to a more appropriate place. It has only little to do with Linux RCE (more Linux coding), but a lot with Win RCE. Thank you.
    Last edited by Darkelf; March 28th, 2012 at 04:57. Reason: Thread is in wrong section of the forum
    I flout Chuck Norris, Spongebob barbecues underwater!

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Hi Darkelf,

    Watcha mean by "it got recognized"? If you don't have the usermode Linux viewing software, aren't you're still screwed even if you did write a linux USB driver?

    I notice that some USB microscopes offer Linux driver downloads which refer to a generic class for USB/UVC drivers.
    http://www.ideasonboard.org/uvc/

    In any case, re Win driver reversing, good old Softice/WinDbg/IDA is the way in, that and knowledge of driver structure, i.e.

    http://www.woodmann.com/forum/showthread.php?14561-Had-to-say&p=91470#post91470

    You might also try IrpTracker

    http://www.osronline.com/article.cfm?article=199

    and a damn good API monitor to get an overall feeling of how the Mic. software operates.

    Cheers,
    Kayaker

  3. #3
    Hi Kayaker,

    first of all, thanks a lot for the hints and links.
    By "it got recognized" I mean that I got a vendorID:deviceID via lsusb.
    When I then do a "lsusb -vd vID:dID" I see that the device really got fully recognized. It spits out all the information.
    I'm not screwed without the viewing software, because the USB microscope is nothing more than a webcam, just with different lenses, so every webcam viewer will do. Even VLC can do this (I just have to chose /dev/video0 as input device).
    Getting all the information needed for porting the driver seems to be way less complicated then I thought at first.
    I found a couple of really cool links to articles on exactly that topic:

    http://www.jespersaur.com/drupal/book/export/html/21
    http://www.quietearth.us/articles/2006/10/16/USB-Snoop-in-linux
    http://www.reactivated.net/weblog-content/20050806-reverse-0.2.txt

    There are even scripts out there that create a working driver stub from usbsnoop's output.

    So, it should be a doable task
    I'll keep you informed.

    Best regards
    darkelf
    I flout Chuck Norris, Spongebob barbecues underwater!

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Now that I've seen these USB microscopes, I think I want one, they look really cool

  5. #5
    Better get it with the "watertight bag" so you can take it on your voyages.

    Regards,
    JMI

  6. #6
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    kewl stuff never even imagined there were some Microscopes that operate by plugging into a usb port

    i can even find a DIY oooheshbee microscope using toothpick

    btw veho seems to offer a linux driver it is a .ko for fedora (i assumed all things linux must contain source and downloaded it to find just a ko )

    actually looking around i see someone using the microsoft sdk sample amcap in directshow (graph filter) as a software for capturing the micro stuff

    and looks like amcap is purely usermode only no drivers at all

  7. #7
    Yeah, those gadgets are really cool
    This one is mine:

    http://www.traveler-service.de/popups/usb-mikroskop_uk_popup/

    At the moment I feel like a little boy (even more than I do normally) and I have a lot of fun playing with it.

    @blabberer
    unfortunately the microscope I got seems to be the only one that is not an UVC device and therefore doesn't work with the existing USB/UVC drivers. But hey... that's the challenge after all and as I said, right now I have lots of fun

    Best regards
    darkelf
    I flout Chuck Norris, Spongebob barbecues underwater!

  8. #8
    DarkElf, welcome to my domain!

    Step 1, grab a tool from sourceforge called SniffUSB from windows. It will generate a dump file of the USB communications that go on when the device is plugged in, and instantiated.

    There is a perl script that converts this output file into a C program to do that instantiation under Linux. It won't be perfect, but it's a GREAT start.

    (This will be a user mode program that uses libUSB. But once you have that going, you can move it over to the kernel. I did this with a USB dongle).

Similar Threads

  1. Linux device driver
    By robert in forum Linux RCE
    Replies: 15
    Last Post: April 14th, 2011, 14:00
  2. Replies: 3
    Last Post: August 12th, 2008, 14:59
  3. writing a new driver for a certain protection
    By OHPen in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: January 9th, 2006, 08:55
  4. IDA IDC/plugin writing
    By crassy in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: January 13th, 2003, 09:14
  5. SOFTICE is writing to my disk!!!!
    By Bratsch in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: December 10th, 2000, 12:05

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •