Finally back on track hacking on some fun crack!
After months of bitrotting I finally picked up the oSpy codebase during Christmas and added a new feature to oSpy2. My original plan was to get oSpy.SharpDumpLib up to a more useful level, but I got bored and decided I wanted some more useful data to analyse, and thus I ended up adding support for USB-sniffing. It’s a WDM kernel-driver (filter-driver) that intercepts the ioctls and logs them to a file. Right now it’s really simple and just dumps raw URB structs as-is, but adding the needed parsing and logging is really trivial and what I’m planning on doing next.
The cool thing is that there’s not really much USB-specific in this, so adding support for sniffing other things, for instance PCI-drivers, is quite easy.
Oh and while I’m at it, the mandatory screencast. Stay tuned!
you rock!