KB / USB Device Enumeration on Windows
USB Device Enumeration and Raw Access on Windows
Windows gives you Device Manager and not much else. When you need to know exactly what a USB device is — its VID:PID, its descriptor tree, which COM port it landed on, or what firmware it runs — the built-in tooling runs out fast.
The Native Options and Their Limits
- Device Manager — shows friendly names and lets you dig VID:PID out of the Details tab, one device at a time, by hand.
- PowerShell
Get-PnpDevice — scriptable but returns PnP abstractions, not USB-level data. No descriptors, no endpoints, no class-specific detail.
- USBView (Windows SDK) — shows the full descriptor tree but is GUI-only, cannot export, and requires installing the SDK.
- WinAPI (SetupAPI + WinUSB) — full power, but now you are writing C.
What Full Enumeration Looks Like
A complete USB inventory answers, for every attached device:
- Bus and address, VID:PID, device class (HID, Mass Storage, Printer, CDC, DFU...)
- Manufacturer and product strings
- The full descriptor tree — configurations, interfaces, endpoints, HID report descriptors
- Port mapping — which COM port a serial adapter got, which USB print port a printer claimed
- Firmware identifiers — version strings, BOS capabilities, DFU dump where the device supports it
Raw Access: When You Need to Talk to the Device
Reading descriptors is passive. Sometimes you need to send actual transfers — a vendor-specific control request to read a config register, or a bulk read to capture what a device streams. On Windows that requires a WinUSB or libusbK driver bound to the device (installable per-device with Zadig, reversible in Device Manager), and then a way to craft transfers without writing code.
USB Probe — USB Analysis CLI for Windows
One command enumerates everything: usb-probe scan. Deep probe per device, firmware reading including full DFU dump, COM/printer port discovery from the registry, an interactive REPL for raw control and bulk transfers, and JSON output for automation.
See USB Probe →
Safety Notes
- Enumeration and descriptor reads are completely passive — safe on any device.
- Control and bulk transfers are the same operations the device's own driver performs. The risk is sending vendor commands you do not understand to a device you cannot reflash.
- DFU firmware writing is the only genuinely dangerous operation. Dumping (reading) firmware is safe.