Reverse engineering methods

Although I am sure that there are many more ways to reverse engineer windows drivers, I will outline the candidates that I found and evaluated below.


DebugFS and USBMon

I found a site with a seemingly perfect solution. By simply mounting the Linux debugfs and loading the usbmon module one can monitor the USB packets. This functionality is available in my default Kubuntu 7.04 installation without needing to recompile my kernel.

The idea is then that one launches VMWare (or similar virtualization software) to boot Windows. Once in Windows, you execute the functionality in the device which you would like to reproduce in the Linux driver. The USB packets are funnelled from VMWare through usbmon/debugfs, and one can then write the driver from this output that is produced.

This was the first method I pursued, but quickly found that keyboards and mice act as generic input devices in VMWare, no matter how hard you try to use a custom driver. Without being able to execute the blinking LED functionality under even Windows and finding many people with the same problem, I quickly discarded this alternative. I'm certain that this method would work great for any other non-keyboard device.

I found this idea from:


USBSnoop and

I found a very concise guide to using a native USB monitor driver/application under Windows. One would use the log files generated by this application to create a simple libusb skeleton driver through a perl parser. A seemingly optimal solution, however, it failed miserably for me. The application was buggy, and I could not get any interesting data sniffed. Most of the links on the site are broken, and some googling is required to find the software mentioned.

The guide:



While looking for a copy of the usbsnoop application, I found a new and improved version dubbed SnoopyPro. This application was able to reliably and easily capture USB packets and worked well. Lets use this one!

SnoopyPro project site: