[I just typed this doc directly into my browser - please forgive typos and other weird things]
SnoopyPro allows sniffing of USB devices on Win98/2K. It consists of an Win32 application which grabs the sniffed URBs and three drivers: the filter driver which actually captures the URBs and depending on the OS (Win98/2K) a 'bridge' driver which connects the application to the filter.
All the drivers are stored in the resource section of the main application. This allows for easy installation - just copy the main application somewhere, start it and unpack the drivers (under Win98 only the filter and the VxD bridge, under Win2K only the filter and the WDM bridge driver).
To start sniffing a USB device, you open the devices dialog by pressing F2 (on the first run, it should already be open). Select the device you want to sniff and right-click on it. Choose one of the following options:
- Install: Just add the filter to the stack (it's not actually loaded unless you plug/replug your device).
- Install & Restart: Add the filter and simulate a unplug/replug cycle.
So get the filter into the stack and it will start logging URBs. The old style filter would dump all the contents to the debug output (which was traditionally captured using DebugView.exe). This version allocates a big chunk of memory (1MB at the time of this writing) and serializes the URBs into this buffer.
Nothing shows up in the application? Well, most likely the bridge is not installed/started/connected yet. Right-click again in the devices dialog and select 'Install Service'. This should unpack the VxD bridge and CreateFile() on it (Win98) or unpack the WDM bridge, install it as a service, start the service and CreateFile() on it (Win2K). There's a status line on top of the list of USB devices. If it says "Snpys bridge is present and accessible..." you're ok. Not too far away from actual sniffing now...
Replug your favorite device. (or right-click and select 'Restart device'). A new document window should popup inside the main application. Hit F2 to hide the USB devices dialog and have a clear view of the new document window. The top contains a line indicating how many URBs have been captured so far (for speed reasons they're not displayed yet). Click on the 'Pause' button to temporarily pause the sniffing or hit the 'Stop' button to ... well stop the sniffing and start having a look at the URBs...
There they are... URBs are displayed one after to other. Click on the '+' at the beginning to expand an URB. Select several URBs (using SHIFT or CTRL and mouse and/or cursor - you know the drill from Explorer) and hit the '+'-key or '-'-key to expand/collapse. Hit Ctrl-'+' to adjust the widths of the columns. Click on the top checkbox to switch between absolute and relative timestamps (why? because you might be sniffing 2 devices at the same time and want to correlate URBs from one log to the other... with relative timestamps it's relative to the first URB sniffed. With absolute timestamps it's relative to the last reboot of your PC).
Oh, yeah - hit 'DEL' to delete URBs, try also 'Cut', 'Copy' and 'Paste' -> if you open a new fresh log ('File','Open') you can assemble the most interesting URBs into a separate log file this way. If you paste URBs into a text editor (EMail/NotePad/Whatever else), they actually show up in clear text. (Hint - it is important to copy *expanded* URBs to get an *expanded* text in a subsequent paste...)
What did I forget? Oh... right... you can also print a log (but please don't - save the forests!!!).
The 'Analyze Log' menu item tries to fill in some information which is not readily available at the time of capturing, but can be deduced by looking at the sequence of URBs offline. For example the endpoint address - JeanSeb's version of USBSnoopy did a lookup on every captured URB. SnoopyPro tries to find this info by examining the log.
That's about it. It should work as advertised here, but there are definitely major features missing and most likely some bugs (I hope not too many).
Give me your feedback here on SourceForge and please send me any modifications/enhancements you make to it. I'll be happy to integrate it (with proper credits). Code with 'braces-down' has priority...
happy sniffing
roland
