The Microsoft Bluetooth stack on Windows Vista added support for programming L2CAP and SCO connections.  Also added are a set of IOCTL codes for accessing the stack in various other ways.  Fifteen the codes are listed at http://msdn.microsoft.com/en-us/library/ff536601.aspx “Bluetooth Profile Driver I/O Function Codes” and are all supported from Vista onwards.  One more is defined at http://msdn.microsoft.com/en-us/library/ff536593.aspx “Bluetooth Vendor Commands and Events”, and is supported by “Microsoft Windows Vista SP2 and later operating system versions”

I have previously used the IOCTL_BTH_GET_LOCAL_INFO code for bug 30326 “Windows 7 BluetoothRadio HCI and LMP version numbers” which allows us to get the attached controllers HCI and LMP version numbers.

However when one looks at the Windows SDK header file (bthioctl.h) that defines these codes, we find more listed than are documented at MSDN.  The 15 above are as expected are defined for Vista (no service-pack) and later, these include IOCTL_BTH_GET_LOCAL_INFO, IOCTL_BTH_GET_DEVICE_INFO, IOCTL_BTH_SDP_CONNECT, also present are the ones for the L2CAP and SCO interfaces (e.g. IOCTL_INTERNAL_BTH_SUBMIT_BRB).  We then see the single code (IOCTL_BTH_HCI_VENDOR_COMMAND) which is included on Windows 7, and on Windows Vista with Service Pack 2 or with the Windows Vista Feature Pack for Wireless (KB942567).

Finally we see five that are defined there but not enabled in any current platform, these include IOCTL_BTH_EIR_GET_RECORDS and IOCTL_BTH_EIR_SUBMIT_RECORD.  These are disabled with the comment (sic):

#ifdef FULL_EIR_SUPPORT // in WUR this funcitonality is disabled

I’ve done some investigation to find out which codes are truly supported on which platforms.  I tested all user-level codes from 0 to 255 (i.e. 0x410300 to 0x4103FC).  On XP, as expected, all codes fail and return error 50 which is ERROR_NOT_SUPPORTED.  On Windows 7 again –we find the support matches the documentation.  All the ones disabled with that comment return that same error code, with only the sixteen documented working (all the others fail).

I guess this is not too surprising but i would have been nice to find that these extra features were present. :-,)

So to confirm on Windows 7 the supported user-level codes are:

0x410000 IOCTL_BTH_GET_LOCAL_INFO
0x410004 IOCTL_BTH_GET_RADIO_INFO
0x410008 IOCTL_BTH_GET_DEVICE_INFO
0×41000C IOCTL_BTH_DISCONNECT_DEVICE
0x410050 IOCTL_BTH_HCI_VENDOR_COMMAND
0x410200 IOCTL_BTH_SDP_CONNECT
0x410204 IOCTL_BTH_SDP_DISCONNECT
0x410208 IOCTL_BTH_SDP_SERVICE_SEARCH
0×41020C IOCTL_BTH_SDP_ATTRIBUTE_SEARCH
0x410210 IOCTL_BTH_SDP_SERVICE_ATTRIBUTE_SEARCH
0x410214 IOCTL_BTH_SDP_SUBMIT_RECORD
0x410218 IOCTL_BTH_SDP_REMOVE_RECORD
0×41021C IOCTL_BTH_SDP_SUBMIT_RECORD_WITH_INFO