What exactly happens when I insert my USB into a computer?
Asked
Active
Viewed 4,477 times
2 Answers
1
I'm having to guess the 'why' of your question from the tags.
Your computer identifies it through a simple handshake on the USB protocol - such as this and decides if it needs drivers for it. If it does, it often downloads it from the internet, grabs it off the device (if its designed as such) or asks for it. If not it mounts it, or otherwise initialises and starts talking to the device.
Here's where the problem starts. Back in the good old days, when a cd rom drive was the thing the cool kids had, a decision was made to allow programs to run automatically when the autorun.inf file said so on.
This carried on with USB keys. While running an installer made life easier, it also meant you could automatically load up malware (and then an installer if you wanted to be sneaky). Modern OSes often disable this option.
Now, having a system run arbitrary programs, on the basis of trust is a poor basis for govenment is a pretty poor idea in a day and age of industrial and government espionage, hackers 'simply' leaving USB keys around for the unweary and such things.
Journeyman Geek
- 133,878
1
- Directoires : Drivers are installed into 2 directories. The running part gets (in most cases) installed into %RootDir%\system32, the device information part gets installed into %RootDir%\inf. Under the inf dir, for a installed/registered driver an oem*.inf file is created. (* is a number). Under Vista the driver gets copied into the %RootDir%\system32\driverstore directory as a reference when installing not yet encountered devices.
- Registry : A driver gets installed as a kernel mode service. For this certain registry keys are created for the driver service. There is another place under the bus driver, where the corresponding devices get an individual device instance key. In this key, the device has a reference to the currently used driver for this device.
- Device 'arrival' : When the bus driver finds a new device on its bus, it creates a key registry under its own key which correspondents to a unique device instance id, which can be used to uniquely identify a device on the system. If this key already exists, the bus driver tries to load the device referenced by this node. When this node does not exist, or the driver does not load, the system tries to find a compatible driver for the device, by scanning the registered device drivers under %RootDir%\inf. The drivers that qualify for this device, get enumerated and sorted. The best driver is then selected and loaded for the device.
- Driver search : Drivers are searched first in the inf directory. When no driver is found, windows ask the user, if he can provide drivers or if it should look on the microsoft server. Driver Manufacturers may submit their drivers for inclusion on the microsoft device driver server.
This is for Windows :
When a USB device is plugged into the system, the USB bus driver is notified. The bus driver sends a standard USB request (USB_DEVICE_DESCRIPTOR) to the device. With this the device reports its name and type. (bDeviceClass/bDeviceSubClass/bDeviceProtocol).
With this information, Windows creates an device entry in the system. This the Hardware-ID. The system now tries to find either a generic driver which can handle the device (HID/UVC) or a driver which specifically registered itself to support this Hardware-ID.
To register a driver as the handler for a specific device, you have to install the driver into the system, or you must supply Microsoft with one, which they can provide on their servers.
