none
How to simulate a hardware mouse click? RRS feed

  • Question

  • i kown hardware click is diffrent from  software click(SendtInput), 

    I want to know how to implement it, such as simulate usb mouse device. i can use DeviceControl to Control it。

    thanks, best regards!

    Monday, September 2, 2019 8:22 AM

Answers

  • If you want to truly simulate hardware, then you'll need a driver. Look at this sample in the WDK

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    • Marked as answer by Tennn Wednesday, September 4, 2019 2:48 PM
    Monday, September 2, 2019 11:56 PM
    Moderator

All replies

  • Easy.

    Buy an Arduino Leonardo and read: https://www.arduino.cc/reference/en/language/functions/usb/mouse/mouseclick 

    It will cost too much for you to spend thousand of dollars for a certificate to have a digital signed kernel driver just for that purpose :D





    • Edited by wqaxs36 Monday, September 2, 2019 9:25 AM
    Monday, September 2, 2019 9:18 AM
  • If you want to truly simulate hardware, then you'll need a driver. Look at this sample in the WDK

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    • Marked as answer by Tennn Wednesday, September 4, 2019 2:48 PM
    Monday, September 2, 2019 11:56 PM
    Moderator
  • i already use hid driver:

    https://github.com/oblitum/Interception

    it's still different from hardware driver,  such as:

    if( GetAsyncKeyState(VK_LBUTTON) & 0x8000 )
     {		
    // click test	
     }
    •  hid driver :

    It will not be detected

    • user control mouse click

    It will be detected

    So there are different places between them。


    Tuesday, September 3, 2019 9:10 AM
  • Too expensive and still requires hardware support :(
    Tuesday, September 3, 2019 9:14 AM
  • too expensive ?

    10 usd lifetime vs 500 usd per year :D

    Tuesday, September 3, 2019 10:53 AM
  • "Interception" is not a HID driver.  It's a filter.  What were you trying to filter?

    If a mouse driver sends a proper "mouse down" indication, then GetAsyncKeyState will catch it.  It's just that simple.  If you filtered a keyboard driver, then the system isn't looking for mouse state.


    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Tuesday, September 3, 2019 5:47 PM
  • Passing through filter driver is apparently not enough to not get caught cheating in Fortnite :)

    Well I assume that he want to do that for video game, just assumption ^^



    • Edited by wqaxs36 Tuesday, September 3, 2019 9:01 PM
    Tuesday, September 3, 2019 8:57 PM
  • Passing through filter driver is apparently not enough to not get caught cheating in Fortnite :)

    Well I assume that he want to do that for video game, just assumption ^^



    Sorry, my expression is not clear, I mean the driver signature. and i only for learning drive development for job opportunities. 
    Wednesday, September 4, 2019 2:31 PM
  • "Interception" is not a HID driver.  It's a filter.  What were you trying to filter?

    If a mouse driver sends a proper "mouse down" indication, then GetAsyncKeyState will catch it.  It's just that simple.  If you filtered a keyboard driver, then the system isn't looking for mouse state.


    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    so i just try this: vhidmini2 ? 

    thanks.

    Wednesday, September 4, 2019 2:46 PM
  • You can give that a shot, but as it is written, vhidmini2 exposes a "vendor" class collection.  It is neither a keyboard nor a mouse.

    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Wednesday, September 4, 2019 8:53 PM
  • Would this be more appropriate?

    https://github.com/ms-iot/samples/tree/develop/HIDInjector
    https://docs.microsoft.com/en-us/windows-hardware/drivers/hid/virtual-hid-framework--vhf-

    With kind regards


    Thursday, September 5, 2019 8:36 AM
  • Hmm you just made me think of what if I use your method to simulate mouse smoothing.

    Do you think will it works ?

    Gather the physical mouse coordinate, send them to the fake HID user driver, calculate new coordinate and send them to all applications from the fake HID user driver.

    It would be easier than writing his own mouse filter kernel driver and far cheaper :D



    • Edited by wqaxs36 Thursday, September 5, 2019 10:47 AM
    Thursday, September 5, 2019 10:46 AM
  • Would this be more appropriate?

    https://github.com/ms-iot/samples/tree/develop/HIDInjector
    https://docs.microsoft.com/en-us/windows-hardware/drivers/hid/virtual-hid-framework--vhf-

    With kind regards


    That looks very useful, I will try it. thanks
    Friday, September 6, 2019 2:47 AM
  • It(GetAsyncKeyState) still can't detect events click when HIDInjector send click actions
    • Edited by Tennn Saturday, September 7, 2019 12:46 PM
    Saturday, September 7, 2019 12:44 PM
  • Does https://github.com/microsoft/Windows-driver-samples/tree/master/hid/vhidmini2 works ?

    • Edited by wqaxs36 Saturday, September 7, 2019 3:42 PM
    Saturday, September 7, 2019 3:36 PM
  • Not familiar with these mouse things, but looks for me like this HidInjector is quite low in driver stack (here Hyper V)

    1: kd> k
      *** Stack trace for last set context - .thread/.cxr resets it
    Child-SP          RetAddr           Call Site
    ffffb181`9ed6c948 fffff80e`0f0d35ba mouclass!MouseClassServiceCallback [c:\developer\mouclass\mouclass\mouclass\mouclass.c @ 2354]
    ffffb181`9ed6c950 fffff801`296dbba2 mouhid!MouHid_ReadComplete+0x6ba
    ffffb181`9ed6c9f0 fffff80e`0ef12083 nt!IopfCompleteRequest+0x112
    ffffb181`9ed6cb10 fffff801`296dbba2 HIDCLASS!HidpInterruptReadComplete+0x7d3
    ffffb181`9ed6cbf0 fffff80e`0d046907 nt!IopfCompleteRequest+0x112
    (Inline Function) --------`-------- Wdf01000!FxIrp::CompleteRequest+0xd [d:\rs1\minkernel\wdf\framework\shared\inc\private\km\fxirpkm.hpp @ 75]
    ffffb181`9ed6cd10 fffff80e`0d043190 Wdf01000!FxRequest::CompleteInternal+0x247 [d:\rs1\minkernel\wdf\framework\shared\core\fxrequest.cpp @ 871]
    (Inline Function) --------`-------- Wdf01000!FxRequest::Complete+0x31 [d:\rs1\minkernel\wdf\framework\shared\inc\private\common\fxrequest.hpp @ 805]
    ffffb181`9ed6cdc0 fffff80e`0f023f7e Wdf01000!imp_WdfRequestComplete+0x90 [d:\rs1\minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 436]
    ffffb181`9ed6ce20 fffff80e`0f023e19 vhf!ReadReportLoop_CompleteLocked+0x12e
    ffffb181`9ed6ce60 fffff80e`0f022943 vhf!ReadReportLoop_ProcessCompletion+0x135
    ffffb181`9ed6cec0 fffff80e`0f021bf3 vhf!PDO_ReadReportComplete+0xaf
    ffffb181`9ed6cf10 fffff80e`0d045e4f vhf!FDO_EvtIoInCallerContext+0xf3
    (Inline Function) --------`-------- Wdf01000!FxIoInCallerContext::Invoke+0x15 [d:\rs1\minkernel\wdf\framework\shared\inc\private\common\fxdevicecallbacks.hpp @ 55]
    (Inline Function) --------`-------- Wdf01000!FxPkgIo::DispathToInCallerContextCallback+0xb7 [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 1748]
    (Inline Function) --------`-------- Wdf01000!FxPkgIo::DispatchStep2+0x5f3 [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 459]
    ffffb181`9ed6cfa0 fffff80e`0d043a9b Wdf01000!FxPkgIo::DispatchStep1+0x66f [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 324]
    (Inline Function) --------`-------- Wdf01000!FxPkgIo::Dispatch+0x4c [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 118]
    (Inline Function) --------`-------- Wdf01000!DispatchWorker+0x685 [d:\rs1\minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1572]
    (Inline Function) --------`-------- Wdf01000!FxDevice::Dispatch+0x691 [d:\rs1\minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1586]
    ffffb181`9ed6d060 fffff80e`0f032e9e Wdf01000!FxDevice::DispatchWithLock+0x6fb [d:\rs1\minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1430]
    ffffb181`9ed6d150 fffff80e`0f0328dc HidInjectorSample!Vhfi_SubmitReadReport+0xbe [d:\os\src\onecore\drivers\input\hid\miniports\vhf\src\lib\kernel\vhfkm.c @ 485]
    ffffb181`9ed6d180 fffff80e`0f037534 HidInjectorSample!VhfReadReportSubmit+0x60 [d:\os\src\onecore\drivers\input\hid\miniports\vhf\src\lib\kernel\vhfkm.c @ 444]
    ffffb181`9ed6d1b0 fffff80e`0f031194 HidInjectorSample!HIDINJECTOR_VhfSubmitReadReport+0x44 [c:\developer\hidinjector\driver\hidinjectorkd.c @ 505]
    ffffb181`9ed6d200 fffff80e`0d0d0403 HidInjectorSample!HIDINJECTOR_EvtIoWriteFromRawPdo+0xd4 [c:\developer\hidinjector\driver\hidinjectorkd.c @ 415]
    ffffb181`9ed6d260 fffff80e`0d0914d1 Wdf01000!FxIoQueueIoRead::Invoke+0x47 [d:\rs1\minkernel\wdf\framework\shared\inc\private\common\fxioqueuecallbacks.hpp @ 159]
    ffffb181`9ed6d290 fffff80e`0d04a7aa Wdf01000!FxIoQueue::DispatchRequestToDriver+0x46151 [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3308]
    ffffb181`9ed6d330 fffff80e`0d04beba Wdf01000!FxIoQueue::DispatchEvents+0x3aa [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3122]
    ffffb181`9ed6d400 fffff80e`0d05073d Wdf01000!FxIoQueue::QueueRequestFromForward+0x1aa [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 2493]
    (Inline Function) --------`-------- Wdf01000!FxIoQueue::ForwardRequestWorker+0xa4 [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 1441]
    (Inline Function) --------`-------- Wdf01000!FxIoQueue::ForwardRequest+0xb5 [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 1778]
    ffffb181`9ed6d480 fffff80e`0f032726 Wdf01000!imp_WdfRequestForwardToIoQueue+0x17d [d:\rs1\minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 3130]
    ffffb181`9ed6d4f0 fffff80e`0f031d6c HidInjectorSample!WdfRequestForwardToIoQueue+0x46 [c:\program files (x86)\windows kits\10\include\wdf\kmdf\1.15\wdfrequest.h @ 1584]
    ffffb181`9ed6d530 fffff80e`0d0d0403 HidInjectorSample!HIDINJECTOR_EvtIoWriteForRawPdo+0x4c [c:\developer\hidinjector\driver\rawpdo.c @ 325]
    ffffb181`9ed6d580 fffff80e`0d0914d1 Wdf01000!FxIoQueueIoRead::Invoke+0x47 [d:\rs1\minkernel\wdf\framework\shared\inc\private\common\fxioqueuecallbacks.hpp @ 159]
    ffffb181`9ed6d5b0 fffff80e`0d04a7aa Wdf01000!FxIoQueue::DispatchRequestToDriver+0x46151 [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3308]
    ffffb181`9ed6d650 fffff80e`0d045d0c Wdf01000!FxIoQueue::DispatchEvents+0x3aa [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3122]
    (Inline Function) --------`-------- Wdf01000!FxIoQueue::QueueRequest+0x8b [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 2364]
    (Inline Function) --------`-------- Wdf01000!FxPkgIo::DispatchStep2+0x4b0 [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 469]
    ffffb181`9ed6d720 fffff80e`0d043a9b Wdf01000!FxPkgIo::DispatchStep1+0x52c [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 324]
    (Inline Function) --------`-------- Wdf01000!FxPkgIo::Dispatch+0x4c [d:\rs1\minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 118]
    (Inline Function) --------`-------- Wdf01000!DispatchWorker+0x685 [d:\rs1\minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1572]
    (Inline Function) --------`-------- Wdf01000!FxDevice::Dispatch+0x691 [d:\rs1\minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1586]
    ffffb181`9ed6d7e0 fffff801`29b0bcd0 Wdf01000!FxDevice::DispatchWithLock+0x6fb [d:\rs1\minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1430]
    ffffb181`9ed6d8d0 fffff801`29b091eb nt!IopSynchronousServiceTail+0x1a0
    ffffb181`9ed6d990 fffff801`297d2393 nt!NtWriteFile+0x65b
    ffffb181`9ed6da90 00007ffc`ae0461d4 nt!KiSystemServiceCopyEnd+0x13
    0000002f`b755f318 00007ffc`aa507826 ntdll!NtWriteFile+0x14
    0000002f`b755f320 00000000`00f9aece KERNELBASE!WriteFile+0x76
    0000002f`b755f390 00000000`010a3043 testvhid!SendHidReport+0x6e [c:\developer\hidinjector\app\sendinput.cpp @ 15]
    0000002f`b755f398 00000000`00000000 testvhid!_NULL_IMPORT_DESCRIPTOR <PERF> (testvhid+0x173043)

    A 'real' mouse-click in a Hyper V

    0: kd> k
    Child-SP          RetAddr           Call Site
    fffff803`1ca85e88 fffff804`193435ba mouclass!MouseClassServiceCallback [c:\developer\mouclass\mouclass\mouclass\mouclass.c @ 2354]
    fffff803`1ca85e90 fffff803`1ae7bba2 mouhid!MouHid_ReadComplete+0x6ba
    fffff803`1ca85f30 fffff804`19d82083 nt!IopfCompleteRequest+0x112
    fffff803`1ca86050 fffff803`1ae7bba2 HIDCLASS!HidpInterruptReadComplete+0x7d3
    fffff803`1ca86130 fffff804`19d71ea4 nt!IopfCompleteRequest+0x112
    fffff803`1ca86250 fffff804`19d72851 VMBusHID!OnInputReport+0x204 
    ....
    

    With kind regards

    Saturday, September 7, 2019 11:20 PM
  • I've found this kernel driver: https://github.com/everdox/HIDInput

    But need to pay to install it :/

    Saturday, September 7, 2019 11:37 PM