Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 6520] New: Feature Request: Support for dissection of Event Tracing for Window

Wireshark-bugs: [Wireshark-bugs] [Bug 6520] New: Feature Request: Support for dissection of Even
Date: Sun, 30 Oct 2011 08:23:13 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6520

           Summary: Feature Request: Support for dissection of Event
                    Tracing for Windows USB Port packets in NetMon files
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: tyson.key@xxxxxxxxx


Created an attachment (id=7338)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7338)
A NetMon 3.4 trace containing 2
"USBPort_MicrosoftWindowsUSBUSBPORT"-encapsulated CCID packets

Build Information:
Version 1.7.0-SVN-39630 (SVN Rev 39630 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.22.1, with Cairo 1.10.2, with Pango 1.28.3, with
GLib 2.26.1, with WinPcap (version unknown), with libz 1.2.5, without POSIX
capabilities, with threads support, with SMI 0.4.8, with c-ares 1.7.1, with Lua
5.1, without Python, with GnuTLS 2.10.3, with Gcrypt 1.4.6, without Kerberos,
with GeoIP, with PortAudio V19-devel (built Oct 27 2011), with AirPcap.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.10.3, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
It may be useful to support dissection of USB Port packets generated by the
Event Tracing for Windows subsystem that have been copied into a Microsoft
Network Monitor trace file from a log file in ETW's native format ("ETL").

A NetMon trace file containing 2 packets of this type is attached; and I'll
attach a more detailed trace file, shortly.

Due to an oversight in the process of copying these packets, the contents of
both are identical; and NetMon provides output similar to:

  Frame: Number = 1, Captured Frame Length = 366, MediaType = NetEvent
- NetEvent: 
  - Header: 
     Size: 357 (0x165)
     HeaderType: 0 (0x0)
   - Flags: 64 (0x40)
      ExtInfo:   (...............0) 
      Private:   (..............0.) 
      String:    (.............0..) 
      Trace:     (............0...) 
      NoCPUTime: (...........0....) 
      B32:       (..........0.....) 
      B64:       (.........1......) EVENT_HEADER_FLAG_64_BIT_HEADER
      Reserved1: (........0.......)
      Classic:   (.......0........) 
      Reserved2: (0000000.........)
   - EventProperty: 0 (0x0)
      XML:            (...............0) 
      ForwardXML:     (..............0.) 
      LegacyEventLog: (.............0..) 
      Reserved:     (0000000000000...)
     ThreadId: 7944 (0x1F08)
     ProcessId: 7940, ProcessName: 
     TimeStamp: 10/30/2011, 14:55:17.915178 UTC
     ProviderId: {C88A4EF5-D048-4013-9408-E04B7DB2814A}
   - Descriptor: 
      Id: 71 (0x47)
      Version: 0 (0x0)
      Channel: 16 (0x10)
      Level: WINEVENT_LEVEL_INFO
      Opcode: 0x1b
      Task: 12 (0xC)
    - MicrosoftWindowsUSBUSBPORT_Keyword: 
       Diagnostic:      
(...............................................................1)
USBPORT_ETW_KEYWORD_DIAGNOSTIC
       PowerDiagnostics:
(..............................................................0.) 
       Reserved1:       
(10000000000000000000000000000000000000000000000000000000000000..)
     ProcessorTime: 141532057355532 (0x80B90000C50C)
     ActivityId: {00000000-0000-0000-0000-000000000000}
     ETLProvider: 
  - BufferContext: 
     ProcessorNumber: 2 (0x2)
     Alignment: 8 (0x8)
     LoggerId: 12 (0xC)
    ExtendedDataCount: 0 (0x0)
    UserDataLength: 277 (0x115)
    Reassembled: 0 (0x0)
  MicrosoftWindowsUSBUSBPORT: Complete URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER
with Data
- UsbPort: Complete URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER with Data
  - USBPORT_ETW_EVENT_COMPLETE_URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER_DATA:
Complete URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER with Data
   - HostController: 12-0
    - DeviceObject: 0x0000000003604050
       Ptr: 0x0000000003604050
    - HostController: 12-0
       PciBus: 0 (0x0)
       PciDevice: 18 (0x12)
       PciFunction: 0 (0x0)
       PciVendorId: 4098 (0x1002)
       PciDeviceId: 17303 (0x4397)
   - fid_USBPORT_Device: 
    - DeviceHandle: 0x000000000656B6A0
       Ptr: 0x000000000656B6A0
      idVendor: 1839 (0x72F)
      idProduct: 8704 (0x2200)
    - PortPath: 3
       PortPathDepth: 1 (0x1)
       PortPath0: 3 (0x3)
       PortPath1: 0 (0x0)
       PortPath2: 0 (0x0)
       PortPath3: 0 (0x0)
       PortPath4: 0 (0x0)
       PortPath5: 0 (0x0)
      DeviceSpeed: 1 (0x1)
      DeviceAddress: 1 (0x1)
   - fid_USBPORT_Endpoint: 
    - Endpoint: 0x0000000005DF8010
       Ptr: 0x0000000005DF8010
    - PipeHandle: 0x0000000002A519F8
       Ptr: 0x0000000002A519F8
    - DeviceHandle: 0x000000000656B6A0
       Ptr: 0x000000000656B6A0
   - fid_USBPORT_Endpoint_Descriptor: 
      fid_bLength: 7 (0x7)
      fid_bDescriptorType: 5 (0x5)
      fid_bEndpointAddress: 130 (0x82)
      fid_bmAttributes: 2 (0x2)
      fid_wMaxPacketSize: 64 (0x40)
      fid_bInterval: 0 (0x0)
   - fid_IRP_Ptr: 0x0000000002AAA010
      Ptr: 0x0000000002AAA010
   - fid_URB_Ptr: 0x000000000258FB80
      Ptr: 0x000000000258FB80
   - Urb: success, Function = URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER, Length =
44, Flags 0x3
      fid_URB_Hdr_Length: 128 (0x80)
      fid_URB_Hdr_Function: URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER (0x9)
      fid_URB_Hdr_Status: USBD_STATUS_SUCCESS (0x0)
    - fid_URB_Hdr_UsbdDeviceHandle: 0x000000000656B6A0
       Ptr: 0x000000000656B6A0
    - fid_URB_Hdr_UsbdFlags: 0x0000000000000022
       Ptr: 0x0000000000000022
    - fid_URB_PipeHandle: 0x0000000002A519F8
       Ptr: 0x0000000002A519F8
    - fid_URB_TransferFlags: In, short ok (0x3)
       USBD_TRANSFER_DIRECTION_IN:   (...............................1) 1
       USBD_SHORT_TRANSFER_OK:       (..............................1.) 1
       USBD_START_ISO_TRANSFER_ASAP: (.............................0..) 0
       USBD_DEFAULT_PIPE_TRANSFER:   (............................0...) 0
       Reserved: 0 (0x0)
      fid_URB_TransferBufferLength: 44 (0x2C)
    - fid_URB_TransferBuffer: 0x00000000064E73C0
       Ptr: 0x00000000064E73C0
    - fid_URB_TransferBufferMDL: 0x0000000005689460
       Ptr: 0x0000000005689460
    - fid_URB_ReservedMBZ: 0x0000000000000000
       Ptr: 0x0000000000000000
    - fid_URB_ReservedHcd: 0x0000000005A9D230
       Ptr: 0x0000000005A9D230
    - fid_URB_ReservedHcd: 0x00000000DEADF00D
       Ptr: 0x00000000DEADF00D
    - fid_URB_ReservedHcd: 0x000000004AA1C914
       Ptr: 0x000000004AA1C914
    - fid_URB_ReservedHcd: 0x000000009BAEC5F3
       Ptr: 0x000000009BAEC5F3
    - fid_URB_ReservedHcd: 0x0000000000000000
       Ptr: 0x0000000000000000
    - fid_URB_ReservedHcd: 0x0000000000000000
       Ptr: 0x0000000000000000
    - fid_URB_ReservedHcd: 0x0000000000000000
       Ptr: 0x0000000000000000
    - fid_URB_ReservedHcd: 0x0000000000000000
       Ptr: 0x0000000000000000
     fid_URB_TransferDataLength: 32 (0x20)
   - fid_URB_TransferData: 
      fid_URB_TransferData: 128 (0x80)
      fid_URB_TransferData: 34 (0x22)
      fid_URB_TransferData: 0 (0x0)
      fid_URB_TransferData: 0 (0x0)
      fid_URB_TransferData: 0 (0x0)
      fid_URB_TransferData: 0 (0x0)
      fid_URB_TransferData: 31 (0x1F)
      fid_URB_TransferData: 0 (0x0)
      fid_URB_TransferData: 0 (0x0)
      fid_URB_TransferData: 0 (0x0)
      fid_URB_TransferData: 62 (0x3E)
      fid_URB_TransferData: 86 (0x56)
      fid_URB_TransferData: 111 (0x6F)
      fid_URB_TransferData: 105 (0x69)
      fid_URB_TransferData: 99 (0x63)
      fid_URB_TransferData: 101 (0x65)
      fid_URB_TransferData: 109 (0x6D)
      fid_URB_TransferData: 97 (0x61)
      fid_URB_TransferData: 105 (0x69)
      fid_URB_TransferData: 108 (0x6C)
      fid_URB_TransferData: 32 (0x20)
      fid_URB_TransferData: 57 (0x39)
      fid_URB_TransferData: 48 (0x30)
      fid_URB_TransferData: 49 (0x31)
      fid_URB_TransferData: 255 (0xFF)
      fid_URB_TransferData: 255 (0xFF)
      fid_URB_TransferData: 255 (0xFF)
      fid_URB_TransferData: 255 (0xFF)
      fid_URB_TransferData: 3 (0x3)
      fid_URB_TransferData: 128 (0x80)
      fid_URB_TransferData: 9 (0x9)
      fid_URB_TransferData: 241 (0xF1)

I also wanted to paste a hex dump - although NetMon doesn't seem to produce
clipboard data formatted in a sane manner.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Prev by Date: [Wireshark-bugs] [Bug 6519] New: Buildbot crash output: fuzz-2011-10-30-31495.pcap
Next by Date: [Wireshark-bugs] [Bug 6513] [NAS EPS] Fix dissection of PLMN List IE
Previous by thread: [Wireshark-bugs] [Bug 6519] CIP dissector: Buildbot crash output: fuzz-2011-10-30-31495.pcap
Next by thread: [Wireshark-bugs] [Bug 6521] New: Move Y.1711 out of MPLS dissector and GAL intro
Index(es):
- Date
- Thread