4.4. USB枚举(Emulation)
上一页  第 4 章 USB协议细节  下一页

4.4. USB枚举(Emulation)

关于USB的枚举,是学习USB协议所面临的第一个最基础也是最重要的内容。

4.4.1. 什么是USB枚举

USB枚举,USB Emulation,从字面意思看,就是去列举USB,而列举啥呢,其实就是USB的初始化。

简单来说,USB的枚举,对应的就是USB的Host和Device之间的对话,即Host根据Device所报告上来的参数,得知USB的device是啥类型的,具有啥功能,然后初始化相关参数。

接下来,就USB Device就可以正常工作了。

所以,可以简单的理解为,USB枚举,就是USB设备的初始化(init)。

4.4.2. USB枚举的过程

此处摘录一个,[12]中的关于windows下USB枚举的过程的总结:

  1. The host or hub detects the connection of a new device via the device's pull up resistors on the data pair. The host waits for at least 100ms allowing for the plug to be inserted fully and for power to stabilise on the device.
  2. Host issues a reset placing the device is the default state. The device may now respond to the default address zero.
  3. The MS Windows host asks for the first 64 bytes of the Device Descriptor.
  4. After receiving the first 8 bytes of the Device Descriptor, it immediately issues another bus reset.
  5. The host now issues a Set Address command, placing the device in the addressed state.
  6. The host asks for the entire 18 bytes of the Device Descriptor.
  7. It then asks for 9 bytes of the Configuration Descriptor to determine the overall size.
  8. The host asks for 255 bytes of the Configuration Descriptor.
  9. Host asks for any String Descriptors if they were specified.

At the end of Step 9, Windows will ask for a driver for your device. It is then common to see it request all the descriptors again before it issues a Set Configuration request.

而相对来说,更加详细一点的解释,可以去看Enumeration: How the Host Learns about Devices

其实,单独看此文字描述,虽然解释的很是详细了,但是还是很难彻底搞懂。

所以,后面会专门通过第 4.4.3 节 “举例详解USB的枚举过程”来彻底的解析,到底USB的枚举的过程如何,以及发送的数据的详细所对应的含义。

4.4.3. 举例详解USB的枚举过程

既然说到举例,那么就要有相应的数据。

此处的USB枚举所涉及到的数据,是之前某次开发过程中,通过第 2.2.3 节 “其他一些USB测试和协议分析等软件”中所介绍的SBAE USB所抓取出来的数据,并且软件可以详细分析每个字节所对应的含义。

4.4.3.1. USB枚举示例数据

抓包工具抓到了共0x42=66字节的数据,其中每个字节对应的十六进制表示是两个数字,所以一共是66x2=132个数字:

0902420002010480E10904000002FF000000092110010001223F0007050103400001070581034000010904010001030000000921100100012221000705820340000A

可被拆分为对应的8组:

  • 0902420002010480E1
  • 0904000002FF000000
  • 092110010001223F00
  • 07050103400001
  • 07058103400001
  • 090401000103000000
  • 092110010001222100
  • 0705820340000A

而关于为何可以被分成这8组,此处先解释一下:

[提示] 如何(解析)看懂USB枚举的数据

对于Configuration,Interface,Endpoint,Class等部分,其数据格式的定义中,首字节,都是表示长度,即,接下来多少个字节,属于当前这部分。

所以,对于上述数据来说,从开始的“09”,我们就知道了,接下来的8个字节的数据“02420002010480E1”,都是属于当前Configuration部分的。

以此接着往下判断,则分别可以判断出对应的每一部分的数据,都是哪些。

而对于这些数据分组的依次顺序,则是USB协议中定义的。详细定义,请参考USB协议。

4.4.3.2. 详细分析USB枚举数据的每个字段的具体含义

接下来,就是分析,每一部分的数据,到底对应的是何种含义。

此处,再把上述数据贴出来,并进行分析:

0902420002010480E11
0904000002FF0000002
092110010001223F003
070501034000014
070581034000015
0904010001030000006
0921100100012221007
0705820340000A8

1

此部分内容对应着的是:Configuration

其定义为:

表 4.3. USB Configuration Descriptors

Offset Field Size Value Description
0 bLength 1 Number Size of Descriptor in Bytes
1 bDescriptorType 1 Constant Configuration Descriptor (0x02)
2 wTotalLength 2 Number Total length in bytes of data returned
4 bNumInterfaces 1 Number Number of Interfaces
5 bConfigurationValue 1 Number Value to use as an argument to select this configuration
6 iConfiguration 1 Index Index of String Descriptor describing this configuration
7 bmAttributes 1 Bitmap
D7 Reserved, set to 1. (USB 1.0 Bus Powered)
D6 Self Powered
D5 Remote Wakeup
D4..0 Reserved, set to 0.
8 bMaxPower 1 mA Maximum Power Consumption in 2mA units

其每个字节对应的含义为:

图 4.7. Configuration Descriptor: 0902420002010480E1

Configuration Descriptor: 0902420002010480E1

2

此部分内容对应着的是:Interface

其定义为:

表 4.4. USB Interface Descriptors

Offset Field Size Value Description
0 bLength 1 Number Size of Descriptor in Bytes (9 Bytes)
1 bDescriptorType 1 Constant Interface Descriptor (0x04)
2 bInterfaceNumber 1 Number Number of Interface
3 bAlternateSetting 1 Number Value used to select alternative setting
4 bNumEndpoints 1 Number Number of Endpoints used for this interface
5 bInterfaceClass 1 Class Class Code (Assigned by USB Org)
6 bInterfaceSubClass 1 SubClass Subclass Code (Assigned by USB Org)
7 bInterfaceProtocol 1 Protocol Protocol Code (Assigned by USB Org)
8 iInterface 1 Index Index of String Descriptor Describing this interface

其每个字节对应的含义为:

图 4.8. Interface Descriptor: 0904000002FF000000

Interface Descriptor: 0904000002FF000000

3

此部分内容对应着的是:Class

由于其前面的2中bInterfaceClass=0xFF,对应着表 4.1 “USB Class表”中的vendor-specific,所以此部分的值的含义,是针对特定厂家的特定的含义,因此此处就不具体解释了。

4

此部分内容对应着的是:Endpoint

其定义为:

表 4.5. USB Endpoint Descriptors

Offset Field Size Value Description
0 bLength 1 Number Size of Descriptor in Bytes (7 bytes)
1 bDescriptorType 1 Constant Endpoint Descriptor (0x05)
2 bEndpointAddress 1 Endpoint Endpoint Address
Bits 0..3b Endpoint Number
Bits 4..6b Reserved. Set to Zero
Bits 7 Remote Wakeup
D4..D0 Direction
0 Out
1 In (Ignored for Control Endpoints)
3 bmAttributes 1 Bitmap
Bits 0..1 Transfer Type
00 Control
01 Isochronous
10 Bulk
11 Interrupt
Bits 2..7 are reserved.

If Isochronous endpoint:

Bits 3..2 Synchronisation Type (Iso Mode)
00 No Synchonisation
01 Asynchronous
10 Adaptive
11 Synchronous
Bits 5..4 Usage Type (Iso Mode)
00 Data Endpoint
01 Feedback Endpoint
10 Explicit Feedback Data Endpoint
11 Reserved
4 wMaxPacketSize 2 Number Maximum Packet Size this endpoint is capable of sending or receiving
6 bInterval 1 Number Interval for polling endpoint data transfers. Value in frame counts. Ignored for Bulk & Control Endpoints. Isochronous must equal 1 and field may range from 1 to 255 for interrupt endpoints.

其每个字节对应的含义为:

图 4.9. Endpoint (Interrupt Out) Descriptor: 07050103400001

Endpoint (Interrupt Out) Descriptor: 07050103400001

5

此部分内容和4类似,也是对应着:Endpoint

对应定义为:表 4.5 “USB Endpoint Descriptors”

其每个字节对应的含义为:

图 4.10. Endpoint (Interrupt In) Descriptor: 07058103400001

Endpoint (Interrupt In) Descriptor: 07058103400001

6

此部分内容对应着的是:Interface

其定义为参考:表 4.4 “USB Interface Descriptors”

其每个字节对应的含义为:

图 4.11. Interface Descriptor: 090401000103000000

Interface Descriptor: 090401000103000000

7

由于6中bInterfaceClass=0x03,对应着表 4.1 “USB Class表”中的HID,所以,此部分内容的解析,依赖于对应的HID中的定义。

可在官方的1.1版本的HID协议:HID1_11.pdf中的“6.2.1 HID Descriptor”部分找到对应的定义:

表 4.6. USB HID Descriptors

Part Offset/Size(Bytes) Description
bLength 0/1 Numeric expression that is the total size of the HID descriptor.
bDescriptorType 1/1 Constant name specifying type of HID descriptor.
bcdHID 2/2 Numeric expression identifying the HID Class Specification release.
bCountryCode 4/1 Numeric expression identifying country code of the localized hardware.
bNumDescriptors 5/1 Numeric expression specifying the number of class descriptors (always at least one i.e. Report descriptor.)
bDescriptorType 6/1 Constant name identifying type of class descriptor. See Section 7.1.2: Set_Descriptor Request for a table of class descriptor constants.
wDescriptorLength 7/2 Numeric expression that is the total size of the Report descriptor.
[bDescriptorType] 9/1 Constant name specifying type of optional descriptor.
[wDescriptorLength] 10/2 Numeric expression that is the total size of the optional descriptor.

其每个字节对应的含义为:

表 4.7. USB HID Descriptor: 090401000103000000

Offset Field Size Value Description
0 bLength 1 09 the total size of the HID descriptor =9 bytes
1 bDescriptorType 1 21 descriptor constant, HID = 0x21
2 bcdHID 2 1001 HID Class Specification release 0x0110= 1.10
4 bCountryCode 1 00 No country code of the localized hardware
5 bNumDescriptors 1 01 the number of class descriptors = 1
6 bDescriptorType 1 22 Class descriptor constant, 0x22 = Report descriptor
7 wDescriptorLength 2 2100 the total size of the Report descriptor =0x0021=33 bytes
9 [bDescriptorType] 2    
10 [wDescriptorLength]      

8

此部分内容和5类似,也是对应着:Endpoint

对应定义为:表 4.5 “USB Endpoint Descriptors”

其每个字节对应的含义为:

图 4.12. Endpoint (Interrupt In 2) Descriptor: 0705820340000A

Endpoint (Interrupt In 2) Descriptor: 0705820340000A
上一页  上一级  下一页
4.3. USB Transfer and Transaction  起始页  4.5. USB OHCI学习笔记