[sane-devel] Canoscan 3000F backend dev started
Ralph Little
skelband at gmail.com
Sun Jan 19 22:27:00 GMT 2020
Hi,
Some basic analysis, in case someone recognises a pattern:
bRequest either 4 or 12.
wValue one of 0x82 (OUT), 0x83 (OUT), 0x84 (IN), 0x85 (OUT), 0x8e (IN)
0x8e looks like a status response request and nearly always returns 0x01.
0x83 and 0x85 usually seen in pairs. (i.e. 0x83, 0x85, 0x83, 0x85...)
and might be set register, set value pairs. (?)
bRequest of 4
===============
OUT commands are accompanied by data fragments of up to 8 bytes, 8 byte
args being the most common.
Examples:
00000000b83b0000 (very common)
00000000dc1d0000
9385a880b000
b100b200 - these look like pair sequences (e.g. reg/val pairs)
850084008494 - also here
bRequest of 12
================
OUT commands only ever have a single byte data fragment.
Receiving bulk scan data
=====================
A typical bulk reading sequence for a package of scan data looks like this:
CONTROL OUT bRequest=4, wValue=0x82, wIndex=0, wLength=8
fragment=00000000b83b0000
CONTROL IN bRequest=12, wValue=0x8e, wIndex=32, wLength=1 (returns 0x01
in response)
BULK IN 14848 bytes
BULK IN 440 bytes
I'm guessing that the 8 byte arg encodes a max request buffer size somehow.
Ah yes, 14848+440=0x3bb8, so that would be a little-endian size starting
from the third byte.
Another example confirms it:
00000000dc1d0000
Bytes in=7168+476=0x1ddc :)
---------------------------------------
Does this look familiar to anyone?
Cheers,
Ralph
More information about the sane-devel
mailing list