The ENLYZE PortSniffer - Monitor serial/parallel port traffic on modern Windows

I’m proud to release the first open-source product of ENLYZE today, a driver and tool to monitor serial/parallel port traffic on modern Windows systems (Windows XP and later). You can download it and get the source code from our GitHub page.

Naturally, we would have used the popular Sysinternals Portmon tool for this task. But Portmon hasn’t seen a new release since 2012 and is incompatible to modern 64-bit Windows operating systems. Looking deeper into Portmon, it turns out that it still uses the legacy NT4 driver model and has no notion of Plug&Play events - which may partly explain why there is no signed 64-bit version of it. Finally, we needed a solution with a pluggable API that we can freely redistribute with our software.

The ENLYZE PortSniffer aims to solve this by building upon Microsoft’s modern Kernel-Mode Driver Framework (KMDF). This doesn’t just ensure correctness while saving a lot of code, but also guarantees proper handling of Plug&Play events. Keep in mind that a monitored serial port today may actually be a USB-to-Serial adapter, which can be unplugged anytime. You don’t want the computer to misbehave in that case.

What we don’t have yet is a comfortable GUI and neither a driver signature. If you run a 64-bit version of Windows that requires driver signatures, you need to enable Test Mode AND Disable driver signature enforcement at boot-up. We hope to change that in the future, but Microsoft doesn’t make it easier by changing driver signature requirements with every Windows 10 update and even making signatures for older Windows versions impossible.
A Portmon-like GUI is not impossible though. It just hasn’t been a priority yet. But you are free to develop one independently, considering that the PortSniffer driver is MIT-licensed and comes with a pluggable API.

Thanks go out to my buddy Thomas Faber from the ReactOS Project, who had some valuable tips during the driver development!