[pso] Any ideea?: USB2LPT adapter works in Win2K but not in WinXP

Laurentiu Duca duca at cs.pub.ro
Tue Jan 9 14:13:10 EET 2007


Hi,

  If you have any ideas regarding the problem described below, please help.
Thanks!

   Henrik Haftmann created an USB2LPT adapter
which is much cheaper then PCMCIA2LPT (or other) converters.
The (english)home-page of the project is:
http://www-user.tu-chemnitz.de/~heha/bastelecke/Rund%20um%20den%20PC/USB2LPT/index.html.en
There are the links to
successfully tested applications,
software drivers,
hardware do-it-yourself howto.
The interested persons (e.g. me, Laurentiu Duca)
can also buy an already-made USB2LPT adapter.

   I have tried to use this USB2LPT adapter
with Xilinx iMPACT tool (to program XC2S200E FPGA) from WinXP SP2,
but the result was "failure to program".
After more testing & research,
the problem seems to be the following:
USB2LPT works in Win2K but not in WinXP.
That's because
some piece of code that USB2LPT drivers use from Win2k kernel
is missing (or hidden? - need help) in WinXP kernel.

   Below are the details from the author of the USB2LPT project.



----- Forwarded message from Laurentiu Duca <laurentiuduca at yahoo.com> -----
    Date: Tue, 9 Jan 2007 00:06:58 -0800 (PST)
    From: Laurentiu Duca <laurentiuduca at yahoo.com>
Reply-To: Laurentiu Duca <laurentiuduca at yahoo.com>
 Subject: Fwd: Re: USB2LPT driver statistics
      To: duca at cs.pub.ro



Henrik Haftmann <henrik.haftmann at etit.tu-chemnitz.de> wrote: Date: Mon,  8 Jan
2007 17:47:14 +0100
From: Henrik Haftmann <henrik.haftmann at etit.tu-chemnitz.de>
To: Laurentiu Duca <laurentiuduca at yahoo.com>
Subject: Re: USB2LPT driver statistics

 Hello!
Thank you for your helping hint.

> ... we have the Operating Systems Department here in "Politehnica"
> University of Bucharest that
> worked with Windows kernels (drivers, ...).
>    So, if you can detail for me the question...

So the question text may be:

I wrote a driver that modifies the content of X86 debug registers
(DR0 - DR3, DR6, DR7) to catch specific IN and OUT
instructions somewhere in user or (more important:) kernel mode.
This is the only way to catch these instructions in kernel mode,
and this feature is available since Pentium grade processors.

I had done this without any Windows helper functions (there are
no documented functions), and with a self-made interrupt routine
(INT1) for the traps.
This works very well for all Windows versions before XP,
unless someone uses a (user or kernel mode) debugger that is
capable using breakpoints for own use.
For an average PC, this is not the case.
Furthermore, my driver does coexist with SoftICE as good as it can.

Now the problem is, somewhere in Windows XP is a piece of code
that seems to reset the debug register's content to an
inactive state, in periods of one second or similar (not regulary).
It is surprising that this is not the case in the very kernel-mode
similar W2K operating system.
I restore “my” debug register's contents by a (kernel) timer,
but, of course, IN and OUT instructions between theft and restoration
are not catched, and the accessing (redirected) software fails.
That is what the fourth counter in my "statistics" property page counts.

Note that there is a "debug register write trap" available
to assist in helping find that piece of code, but further reading
of Intel manuals reveals that some special external hardware
is needed to use this feature:-(

The question's reader may investigate my source code (usb2lpt.c, vlpt.c)
to see what I have written:-)

How can I find and/or defeat this Windows XP “feature”?

[
Note that this driver is related to virus or backdoor programming “art”,
and, if someone know the solution, he/she may not be able to answer...
]


henni
--
ACHTUNG: Eingehende TOFU-Mail (Text oben, Full-Quote unten)
         wird sofort beim Posteingang ungelesen GELÖSCHT!!!
Henrik Haftmann       | http://www.tu-chemnitz.de/~heha/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cursuri.cs.pub.ro/pipermail/pso/attachments/20070109/c673fd5e/unnamed.html


More information about the pso mailing list