none
Bluetooth PnP sequence RRS feed

  • Question

  • I am trying to learn the sequence of events/requests during the PnP of Bluetooth devices at the driver level. While there is more information of PnP events of USB devices there seems much less on Bluetooth . Can someone share some info/link on this? My intension is to load the BthEnum.sys driver and what makes it load upon seeing a BT device and the infernal driver level requests during the creation of the individual PDOs that represent the profiles. I found the this link and got some idea but would like to get more. Also, are there any free BT sniffer tools available?
    • Edited by its_me_here Thursday, April 27, 2017 12:46 PM
    Thursday, April 27, 2017 12:44 PM

Answers

  • As far as PnP is concerned, all bus drivers are the same. The bus driver is responsible for enumerating its bus, notifying the PnP manager of bus membership changes (add or remove), creating and deleting PDOs for the devices on its bus, and processing the enumeration IRPs sent to the PDOs. Any description you read about these interactions are not specific to any bus type, e.g. USB.

    If you want to look at the communication between the Bluetooth host adapter and the Bluetooth devices, you will need additional hardware. You might start with this article. Here is another article that describes the protocol

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog


    Thursday, April 27, 2017 11:55 PM
    Moderator

All replies

  • As far as PnP is concerned, all bus drivers are the same. The bus driver is responsible for enumerating its bus, notifying the PnP manager of bus membership changes (add or remove), creating and deleting PDOs for the devices on its bus, and processing the enumeration IRPs sent to the PDOs. Any description you read about these interactions are not specific to any bus type, e.g. USB.

    If you want to look at the communication between the Bluetooth host adapter and the Bluetooth devices, you will need additional hardware. You might start with this article. Here is another article that describes the protocol

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog


    Thursday, April 27, 2017 11:55 PM
    Moderator
  • Thank you , Brian. I tried to load BthEnum.sys as follows: I shall show the skeleton code for this ie. creating PDO. What I am looking at is creating a virtual bt bus driver. This is based on the WDK Bluetooth Serial HCI Bus Driver sample. This is the code for the PDO creation.

    WSTR _HardwareIds = L"BTHENUM\\Dev_XXXXX"; // bt device hardware id pDeviceInit = WdfPdoInitAllocate ( Device ); if ( NULL == pDeviceInit ) { Status = STATUS_INSUFFICIENT_RESOURCES; goto Cleanup; } // Set device type as Bus Extender. WdfDeviceInitSetDeviceType ( pDeviceInit, FILE_DEVICE_BUS_EXTENDER ); RtlInitUnicodeString ( &DeviceId, _HardwareIds ); Status = WdfPdoInitAssignDeviceID ( pDeviceInit, &DeviceId ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } Status = WdfPdoInitAddHardwareID ( pDeviceInit, &DeviceId ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; }

    RtlInitUnicodeString ( &StaticString, L"BTHENUM\\GENERIC_DEVICE" ); Status = WdfPdoInitAddCompatibleID ( pDeviceInit, &StaticString ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } RtlInitUnicodeString ( &StaticString, L"CM_DEVCAP_REMOVABLE" ); Status = WdfPdoInitAddCompatibleID ( pDeviceInit, &StaticString ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } RtlInitUnicodeString ( &StaticString, L"CM_DEVCAP_RAWDEVICEOK" ); Status = WdfPdoInitAddCompatibleID ( pDeviceInit, &StaticString ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } RtlInitUnicodeString ( &StaticString, L"CM_DEVCAP_SURPRISEREMOVALOK" ); Status = WdfPdoInitAddCompatibleID ( pDeviceInit, &StaticString ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } Status = RtlUnicodeStringPrintf ( &Buffer, L"%02d", _SerialNo ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } Status = WdfPdoInitAssignInstanceID ( pDeviceInit, &Buffer ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } Status = RtlStringFromGUID ( &CONTAINER_ID,&ContainerID); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } Status = WdfPdoInitAssignContainerID ( pDeviceInit, &ContainerID ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } Status = RtlUnicodeStringPrintf ( &Buffer, L"Virtual BTH Bus Driver_%02d", _SerialNo ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } RtlInitUnicodeString ( &StaticString, BT_PDO_DEVICE_LOCATION ); Status = WdfPdoInitAddDeviceText ( pDeviceInit, &Buffer, &StaticString, 0x409 ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } WdfPdoInitSetDefaultLocale ( pDeviceInit, 0x409 ); WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE ( &objectAttributes, PDO_DEVICE_DATA ); QueueConfig.EvtIoInternalDeviceControl = EvtIoInternalDeviceControl; Status = WdfDeviceCreate ( &pDeviceInit, &objectAttributes, &wdfChildDevice ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } Status = WdfIoQueueCreate ( wdfChildDevice, &QueueConfig, WDF_NO_OBJECT_ATTRIBUTES, &Queue ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } RtlInitUnicodeString ( &referenceString, L"Interface Reference" ); Status = WdfDeviceCreateDeviceInterface ( wdfChildDevice, ( LPGUID ) &GUID_BTHPORT_DEVICE_INTERFACE, &referenceString ); if ( !NT_SUCCESS ( Status ) ) { goto Cleanup; } WdfDeviceSetDeviceInterfaceState ( wdfChildDevice, ( LPGUID ) &GUID_BTHPORT_DEVICE_INTERFACE, &referenceString, TRUE );

    I have set the device interface as GUID_BTHPORT_DEVICE_INTERFACE. I am not sure if this is OK, When the PDO is created, the BtEnum.sys is not loaded and also the internal device control callback in not invoked.

    Friday, April 28, 2017 9:47 AM
  • That seems like it would work, but since you don't have access to the Bluetooth bus driver, it won't be clear what's going on. You'd be better off using one of the bus driver examples in the WDK, such as Toaster

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, May 1, 2017 9:42 PM
    Moderator