First off, I wanted to thank everyone for their responses…I received many, but unfortunately, it seems that no one has the specific information I'm looking for.
To that end, I thought I'd narrow my question down a bit…a lot, actually.
USB devices have a descriptor (on Windows, a USB_DEVICE_DESCRIPTOR structure) that contains values called "idProduct", "idVendor", and "iSerialNumber"…this last value is an index, not the actual serial number.
Now, Linux has a program called 'lsusb', and if the '-vv' switch is used, the actual string containing the serial number is returned.
Is there a similar program for Windows? I've taken a look at devcon.exe, but haven't found anything in particular yet. Perhaps the question should be, "is there a program for Windows that will display the idProduct and idVendor values, and the actual iSerialNumber string, similar to what lsusb does for Linux?"
An alternate question is, what API calls (DeviceIOControl() ???) would be used to get this? If I know the API calls and the order, I may be able to put something together. Please, no "look at" responses…if you know, you know…and if you don't, please don't bother.
Thanks, your input/effort is appreciated.
H. Carvey
"Windows Forensics and Incident Recovery"
Harlan,
Try this:
usbview.exe
It is a Windows program that extracts the data you require (idVendor values, and the actual iSerialNumber string). Hope this helps.
Andy
P.S. I’ll upload this one to the forum program list. Don’t forget to run a virus checker on it, as I did find it out on the net.
Andy,
Thanks. I've been using USBView for a while, and I can see the contents of the device descriptor. However, the iSerialNumber value in the descriptor, according to MS's own documentation, is an *index* to the string that is the serial number, not the actual serial number.
I've tried this with a couple of USB devices.
Thanks,
H. Carvey
"Windows Forensics and Incident Recovery"
Andy,
Just an update…I received word from someone else with regards to *how* USBView should be used, and I've found the info I'm looking for.
Thanks,
H. Carvey
"Windows Forensics and Incident Recovery"