A question to maybe some who have worked extensively with WinUSB APIs or user mode USB drivers - can the WinUSB API or a user mode driver be used as a passive observer of USB connections, capturing notification of interrupts, control requests, data transfers, etc. without interfering with other applications (such as iTunes) which would obviously require concurrent access to the device at the same time my application is monitoring the connection and displaying data on it?
Or do you pretty much have to write a kernel-mode filter driver and inject yourself in the USB stack in order to make that happen?
In the past, there have been a few credible options (libusb-win32 and usbsnoop to be specific) though both are built around the old DDK, not the Windows Driver Foundation, and are not really supported on a regular basis any more. I'm hesitant to build something significant around them, as a result.
You must write a filter driver. There is no other way to intercept traffic generated by other devices. And you can use newer versions of the DDK, that is, KMDF for this task. It will make your life easier. But I think it will be cheaper and more effective just to get a hardware bus analyzer.
There is a good overview by OSR. You must signed in to read this, but I strongly advice to sign in anyway if you are going to do any kernel mode development.