Bob,
Thanks for the response.
My first assumption about this is that the unique
key is part of the
device instance ID, which includes the USBSTOR part
on down to the unique number.
To be honest, what we're trying to avoid, or at least
minimize, is assumptions.
This can be seen in the details tab
in the hardware
properties of the USB device. I would assume that
there is a serial
number or GUID on each USB device (which you have
validated yourself)
We're also trying to avoid assumptions. However, the
devices do have a GUID, but that does nothing to
address the questions I posed in my original post.
and that number is used by Windows to keep
the devices
separate when reading and writing,
This would seem to be the case, but with regards to
information pulled from the USB device (firmware)
itself, what we're trying to determine (and support
with the appropriate documentation) is just how the
number or value is used by Windows...hence the
question about APIs and data structures.
I would think in-depth
studying of any PnP API or USB-related stuff would
be a good lead.
You're right, it is. However, we're also trying to
get documentation to support our findings.
Again, thanks for your response.
Harlan
=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
