An open-source driver and tool to monitor the traffic between applications and arbitrary serial or parallel ports.
Compatible with Windows XP or later (32-bit and 64-bit).
ENLYZE PortSniffer has been inspired by the Sysinternals Portmon tool, but has several distinct differences:
Advantages
- Based on the modern Kernel-Mode Driver Framework (KMDF) instead of the legacy NT4 driver model, thereby correctly reacting to Plug&Play events concerning serial/parallel ports.
- Compatible with 64-bit Windows versions.
- The freely available source code under the permissive MIT license and a documented public interface allow easy integration into an own application.
Disadvantages
- Comes with only a simple CLI application instead of a feature-rich GUI.
- Captures only Read and Write events (whereas Portmon captures several additional port events).
- Install the Windows Driver Kit 7.1.0.
- Open the WDK Build Environment for the minimum Windows version you want to support, your desired architecture, and the debug level. I use Windows XP x86 Free Build Environment and Windows Server 2003 x64 Free Build Environment for release versions.
- Move to the root directory of your Git checkout and call
build_all.
The build_on_ci.ps1 PowerShell script automates the building of release binaries with precise version information.
It is currently unused, because I haven't found a public CI system with WDK 7.1.0 yet.
All bug reports and pull requests improving the driver and tool quality are very welcome!
The code has been written to follow all known best practices and coding style guidelines for Windows driver development.
It currently builds with zero compiler and PREfast warnings, and shall continue to do so.
As of now, there are no plans to add a GUI or capture additional events like Portmon does. Due to the documented public interface, a GUI could very well be developed as a separate project outside the PortSniffer repository. If somebody wants to do that, this is the recommended approach, as it would also free you from the limitations of the WDK 7.1.0 Build Environment.
There are also no plans to move away from WDK 7.1.0, because the driver shall remain compatible with Windows XP.
Currently, the published driver binaries are unsigned and therefore only work in Test Mode under 64-bit Windows versions.
This may change in the future depending on the availability of a suitable code-signing certificate and Microsoft's blessing...
32-bit operating systems are not affected by this Windows limitation.
Colin Finck (c.finck@enlyze.com)