oblitum / interception Goto Github PK

Can the driver or a simulated device be found anywhere in the Windows device manager or elsewhere? How can you detect that it's installed? If it's there somewhere a note about this in the docs or a read-me file would be helpful.

Hi,

I check interception librairie, but I have a problem with interception_create_context() function.
The CreateFile() function return INVALID_HANDLE_VALUE.
GetLastError() return ERROR_FILE_NOT_FOUND - The system cannot find the file specified.

I'm Adminstrator of my workstation
Windows 7 x64 Service Pack 1
Visual Studio 2010 Professional Service Pack 1

Can you help me?

Kind regards,
Guillaume

Hello there.

Kudos for making this great project!

However, I'm having a hard time figuring out how I could change the mouse orientation\rotation with a couple of radians.

Is this possible with the current version? If it is it would be great if anyone could send me in the right direction, or add support for it if it is not already supported.

Thanks!

I'm currently testing the cadstop sample, trying to intercept the ctrl-alt-del sequence, but it's not working for me. Keypresses are being caught, but not the ctrl-alt-del sequence. Seems like stroke_sequence array is being filled by the same key (ctrl). Any ideas?

my mouse have 11 button, the extra 3 seems not captured

I'm sure this is something simple I'm doing wrong, but when I try to compile the sample applications, I get errors like the following:

error LNK2001: unresolved external symbol __imp__interception_destroy_context   c:\data\projects\kdump\kdump.obj

I get one of those for every function that I'm using from the Interception library. I get the same error whether I'm trying to compile the samples or if I create my own project from scratch.

I've unzipped the library into the project folder, and added the lib\x86\release and include directories to the project settings under the C++ and Linker General configuration settings. What am I doing wrong?

I tried running install-inception on my Windows 8.1 system, and I get "This version of Windows is not supported". You state that it should work on any version of Windows through 10.

I'm happy to dive into the source code and see what's up, but I don't see the source for install-inception. Would you be up for posting the source for this on github?

install-inception works great on my Windows 7 box.

Thanks!

interception_create_context behaves incorrectly for some reason. To be exact, line 59

device_array[i].handle = CreateFile(device_name, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL);

always returns INVALID_HANDLE_VALUE, so no devices are detected.
I've installed the Interception driver. Windows 10 x64.
Also tried on Windows 8 x64 virtual machine, no luck as well.

Am I missing something obvious?

Hi,
Can we rename the interception device? The issue is a anti-cheat engine (Gepard) can detect the interception.

Thanks.

Hi, I'm having troubles in compiling your examples in Visual Studio 2015.
When I try to compile I get an error:
invalid or corrupt file: cannot read at 0x298

Would you be able by any chance to write a C# wrapper library for your dll?
Is that even possible?

I also have problems with uninstalling your hook driver.
I get the message:
"Error deleting \system32\drivers\keyboard.sys"
When I manualy deleted keyboard.sys and mouse.sys there was another:
"Error deleting keyboard driver key"

I build the cadstop sample and run it in windows 7 x86, all is ok utill i press "Pause Break" key.
I use procexp look up the thread , found the thread is blocked with State: Wait:WrLpcReply.

I use my laptop with MS Sculpt Ergonomic desktop (wireless mouse + keyboard). After connect/disconnect, which I'm doing several times per day, I have firstly mouse stopped working, and then keyboard too. Not only userspace filtering app stopped from receiving messages from interception, but keyboard and mouse don't work entirely. Stopping or disabling userspace program don't solves issue. After interception driver uninstallation it started working as expected.

Source Code: The source code for install-interception.exe and interception.sys does not seem to be available. Is it meant to be?

License: There is no license included as far as I can tell, or any license headers in the files. What license is Interception available under? Can it be used in closed source applications? Commercial applications?

This problem is very easy to replicate:
• Start from any Windows 10 installation (for example a clean install of Professional x64)
• Enable Remote Desktop Services
• Install Interception driver via "install-interception.exe /install" and reboot
• Log into and out of an RDP remote session a few times
• By the third or fourth time the remote client will hang at a black screen before it finishes the login

When this happens, you can check the Event Viewer Application Log. The Winlogon process shows a 4005 unexpected termination error but is not specific about the cause. If you uninstall interception and reboot the problem disappears.

Events such as pressing/releasing keys like "My computer", "Calculator", "Web Home" (and etc.) that can be found on some keyboards are not registered by Interception ( or atleast I am unable to make it happen ). They are a special case so this is no surpise.

Should you decide on adding support for such keys this may be of use to you:
When reading raw input from such keys, the raw data values are:
dwType = RIM_TYPEKEYBOARD ( equal to 1)
hDevice = Null
MakeCode = 0
Flags = 2
Reserved = 0
Message = 256 (like all other keys)
ExtraInformation = 0
Those are the same for all such keys on my keyboard. However they have different VKey value. The values can be matched against those in http://msdn.microsoft.com/en-us/library/dd375731%28VS.85%29.aspx like:
VK_BROWSER_HOME
VK_LAUNCH_MAIL
VK_LAUNCH_MEDIA_SELECT
VK_LAUNCH_APP1

Hi,
The "cadstop" example block the CTRL-ALT-DEL, but if you press several time, very quick on these key, the application doesn't block it and the CTRL-ALT-DEL fire.

I tried it on Win10 x64 & Win8.1 x64.

Any solution?

Hello,

to my understanding, every malicious bit of software that is able to call DLL functions (even from non-elevated processes) is able so simulate keyboard and mouse input or log the user input if a user has just the Interception driver installed. I don't want to use the driver and library in this state.

1. I would suggest a version of the library that only allows sending, but not receiving to prevent keyloggers.
2. Further, are there any ways for some kind of authentication so that only applications are able to send user input that are trusted by the user, without forcing the user to type admin passwords on every application start if the account is not an admin account?

data I got from stroke is

2byte button up and down
2byte 0
2byte rolling data
2byte 0
4byte x
4byte y

windows10 x64

Hello, I bought two of these numpads (https://www.amazon.com/dp/B01E8U8HKW/ref=cm_sw_r_sms_awdb_aTZ6ybF4DBGZZ ) to use them both at the same time with their own separate hotkeys binded to them. Problem is that interception assigns them both the same HID/VID so intercept thinks they are both the same device so only half of the hotkeys work. How can I fix this and give one of the keyboards a different id? Thanks for your time!

When attempting to install Interception on 64 Bit Windows 10 Pro, it fails with the error Unable to write to \system32\drivers. I am running it in an elevated command prompt and I even tried it in Safe Mode, all to no avail.

Hi

Thanks for writing this, it seems to work pretty well and is easy to use :-)

I work with very large documents and so I bought a trackball and was hoping to be able to use Interception to translate rolling the trackball around into keyboard/mouse messages that scroll the document horizontally and vertically i.e. to pan the document.

I've got something working, but as the document scrolls around, the cursor on the screen keeps moving. All the sample programs do a interception_receive(), then a interception_send(), which implies that if you only do the interception_receive(), the event will be consumed and not passed on downstream.

I had a look through the source code but couldn't see anything to do this - is there any way to stop these mouse move events from being processed by the rest of the system?

What exactly is install-interception.exe doing? What driver does it installs? Is the source code available anywhere, if no, then what is the reason?

Thanks.

As you can tell from the title this issue is a fusion of a two questions/problems:

1. If I wanted to do another "key mapping" and use it simultaneously with caps2esc, is it better to build the code in one cpp (create 1 executable) or two (create 2 executables)?

Actually, it's probably better to first know my specific case(s) since what I want may not be possible at all:

In my case, I want to basically do the same thing as caps2esc, but it only involves 1 key (i.e. no pair to swap like caps and esc):
- Make the right control key (scancode 0x1D) act as the (context) menu key (scancode 0x5D).
- Note that the menu key doesn't exist on my keyboard (which is why I'm mapping it)
- Also note that (this may be the killer) the goal would be to allow the ctrl key to act as two keys:
- Menu key when pressed alone
- ctrl when pressed with another key.

2. Would it be possible/better to create a general "template" [i.e. "organize" and "add" parts (if necessary) in caps2esc.cpp so that sections can more easily be "commented/uncommented" for different situations] so that we have a more general "tool" that can be used for a variety of "swaps" among modifier keys (like ctrl), contextual system command keys (like the Application/menu key or Escape key) and lock keys (like caps lock, or num lock, etc.)

Hi,
Is there an option to stop the "interception_wait"?
My situation is: My app receives a command from another application, which supposed to stop the input hooking.
I thought about 2 solutions:

1. Run the hooking process on another thread and close it when the app receive the stop command - Is it safe?
2. Use "interception_wait_with_timeout" and check every x seconds (exit the loop if a boolean variable was update) - How it will affect on OS performances?

Please advise,
Thanks

Hi,
Is there a registry entry or other means besides using the devicetree tool to determine if the interception driver is installed?
thanks.

Hi,

I am struggling for couple of days now with using the interception library in my code.
I have a C windows driver project in visual studio 2013, and I've added the path for the include folder (interception.h) and for the interception.lib files in the linker, and still I get this error.
I also tried to change the build properties as you suggested before- to release/debug- but I still get the error.
Am I doing something wrong?
Is it possible to use the interception with VS 2013?
I am developing on Win 8.1- is this a problem?

Thanks
Shira

there is any reason to restart the system after installing interception? kbdfilters cannot be installed without restarting?

As brilliant as this software is, it is giving me issues when connecting new devices.

Every time (after a reboot) I connect a keyboard OR mouse for the 4th time(possibly related to the amount of (virtual) keyboards/mice I have connected), that device doesn't transmit anything to Windows anymore. But it does still light up, and the other devices that were already connected still work fine. After that, any device I connect has the same issues. Until a reboot of Windows, which (usually) fixes things. Until I (re)connect devices again in the same way.

Now mind, this is BEFORE I ran any programs to create a context at all. And after I uninstall Interception and reboot my pc, and try connecting devices in the same way, everything works like expected again.

Also note, it doesn't matter if it's the same device or different devices I (re)connect. 4th time is the charm (in my case). Also not sure if related to Windows 10 or if this would be the case for all Windows systems, as I don't have a W8/W7 device to test it on. Though my notebook is giving the same issues (also W10).

Can it be used to simulate/send inputs (both mouse and keyboard) on multiple games running on same system individually in a way that each receives input specified for it?

Currently I am hooking DirectInput but it does not work in all games. Also even in one game it does not work everywhere e.g. not on the widgets. So I am sending window messages + directinput to make it work.

In cadstop example, a combination of Ctrl+Alt+Delete is intercepted, but if Delete key from numpad is used - it still goes through the filter (not intercepted).

Scan codes and state for Delete and Del (numpad) keys:

Delete

• Down: Code 0x53 State: INTERCEPTION_KEY_DOWN | INTERCEPTION_KEY_E0 (0 OR 2 = 2)
• Up: Code 0x53 State: INTERCEPTION_KEY_UP or INTERCEPTION_KEY_E0 (1 OR 2 = 3)

Numpad Del (for both NumLock on and off)

• Down: Code 0x53 State: INTERCEPTION_KEY_DOWN (0)
• Up: Code 0x53 State: INTERCEPTION_KEY_UP (1)

Constant definition of Delete key in cadstop code looks like this:

InterceptionKeyStroke del_down = {scancode::del , INTERCEPTION_KEY_DOWN | INTERCEPTION_KEY_E0, 0};
InterceptionKeyStroke del_up = {scancode::del , INTERCEPTION_KEY_UP | INTERCEPTION_KEY_E0 , 0};

And then key that was pressed by user is compared, by checking keystroke code and state to be exactly the same as in constant:

return first.code == second.code && first.state == second.state;

in this case only Delete (not numpad version) key, will be considered as del_down or del_up.

Possible solutions for this issue

• A numpad version of del_down and del_up can be made like this:

  InterceptionKeyStroke numpaddel_down = {scancode::del , INTERCEPTION_KEY_DOWN , 0};
InterceptionKeyStroke numpaddel_up = {scancode::del , INTERCEPTION_KEY_UP , 0};

  and then code expanded in function shall_produce_keystroke to use it along with del_down and del_up

• Instead of testing keystroke state value to equal constant definition, in custom == operator use OR that will allow combinations of INTERCEPTION_KEY_DOWN/UP and INTERCEPTION_KEY_E0.

  return first.code == second.code && ((first.state | second.state) == second.state);

  It is currently not possible to do this because key state enumeration begins with 0 so it will give false positives. i.e. 0 | 3 == 3, also 1 | 3 == 3

I believe second solution should be the right one. Key state enumeration should begin from 1, not 0. Zero should be used as "no/invalid/unknown/no action" state, so bitmask operations can be performed on valid key states.

For mouse buttons state enumeration begins from 1 which is technically more correct.

Keep up the good work.

Holding a key down or repeatedly pressing the same key does not get issued by interception.
With the following start of the while loop:

raise_process_priority();

context = interception_create_context();

interception_set_filter(context, interception_is_keyboard, INTERCEPTION_FILTER_KEY_ALL);
while(interception_receive(context, device = interception_wait(context), &stroke, 1) > 0)
{
    [...]//processing

The processing is intended to block certain keys, which works fine, as long as one does not hold the key down such that key repetition kicks in or pressing the key quit faste multiple times.

Is it possible to get the device instance path for a USB keyboard instead of the HID Hardware ID using interception_get_hardware_id()?

Using your function i'll get:

HID\VID_413C&PID_2105&REV_0352

This makes it impossible to identify devices of the same type (vendor, product and revision are the same).
If it's somehow possible to get the device instance path instead, which looks like this:

USB\VID_413C&PID_2105\6&2912A764&0&2

we could identify devices by its serial number (here: 2912A764)

I assume this is a driver level implementation, or am I wrong?

I can't seem to figure out how to "convert" the command line "buildit" scripts to work with the newer WDK (integrated with Visual Studio 2015). Is there any way you could give "solutions" (in both meanings of the word I guess, solution and *.sln) for the library/samples? I think Microsoft might've deprecated the older build command.

I just updated to windows 10 and sadly Interception was not working.
I tried installing again (admin prompt etc) but gave a "could not write to system32\drivers" error.
Nice piece of software! I hope you can get windows 10 support up soon!

Edit: It is actually WORKING!, just the uninstall/install process is acting weird. ( I had it installed under windows 8.1 )

If it isn't too much of a hassle, I was wondering if I could glean some "intuition" on the 3 players above (in the title of the issue). I'm admittedly new to this whole driver building thing, and since microsoft hasn't exactly stuck with WDK 7.1 (I'm on Windows 10, btw), it hasn't been exactly any easier for me to get a hold of what's going on (though I have managed to build the necessary pieces using WDK 7--haven't figured out how to use WDK 10). All in all though, I just want to learn a thing or two.

So, to be more clear and ask more specific questions, I would like to know first what install-interception does--I don't need the source code of it or anything, I just want to know why it needs to be installed first, and whether or not it needs to be installed for every PC that runs, say, the caps2esc.exe I just built.

In addition, since I don't get what the installer does, I would not know--as a matter of course--why the Interception API library (interception.dll) still needs to be kept around at the end of everything. (So It may or may not be necessary to clarify what interception.dll does after explaining the installer above.) Nonetheless, I still do want to ask if there is any (easy) way to embed the necessary dependencies (like interception.dll) in the exe (e.g. caps2esc) so that the files are kept together.

I don't think you really need to explain what the header (or library, I guess) does, I've just tagged it along in case things get more "involved". Knowledge of what a library/header does is really not particular/unique to this project, so there is really no reason for you to explain it unless it becomes relevant to understanding Interception from a broader perspective.

I think most of the issues stem from the fact that there isn't much documentation (at all, other than your website) on this seemingly very powerful driver. If only there was sufficient documentation...

EDIT: I'm appending a tl;dr question bulleted format + miscellaneous questions

(I really do wish there were a "README" for this kind of stuff):

• What does install-interception.exe do?
• Does install-interception.exe need to be run on all computers (that run the programs)?
• What are the static and dynamic libraries (interception.dll and interception.lib) to be used for?
  • Should the libraries be kept with the exe compiled (this is just for confirmation--in all likelihood, the answer is yes)
• More importantly, how can I embed the libraries into the exe (if it's possible at all)?
• Does one have to restart the exe (caps2esc for example) after every reboot?
• Does there exist any more documentation for the API (anywhere?)

hi Sir

Thanks a lot for the great library. Today i occurs an issue on multi pointer device. 3 pointer device are attached in a same computer, they are PS/2 touch Pad, a logitech usb mouse, and a wacom digital pad.

In tools "device tree", under /Driver/mouse, I can see 3 Dev and 10 interceptions (10 to 19), and I verify 3 devices works without any hw issue

After executing the sample to query their HW ID or query the mouse X,Y position, I found touch pad and mouse work as excpeted, but wacom digital pad can not be intercepted by in any case.

Could you give me some comments how to troubleshooting and how to make it work for the digital pad.

Hey,

First of all, thanks for this amazing library you made.

I wanto to ask if it's possible to detect a mouse button that is held down? I've added a filter for mouse down/up events but it only registers one time(when the button is pressed) and it won't register anything until I release that specific button.

Thanks in advance!

I've made sure that the program is running in an administrator cmd prompt and tried compatibility settings, neither have fixed the issue.

Please add a sample program demonstrating sending keystrokes

What is the maximum stroke.code value for keyboards? Can i for example increase all codes by 300?

stroke.code = stroke.code + 300; //no events fired
stroke.code = stroke.code + 1;//fires keyboard event and outputs next key in keyboard

Is there any way i can send custom unicode? Thanks.

A key is accompanied by an InterceptionKeyState. I understand the KEY_DOWN, KEY_UP and E0 and E1 states but what is TERMSRV_SET_LED, TERMSRV_SHADOW and TERMSRV_VKPACKET? How do you generate those states?
Thanks.

Will there be a Windows 8 version of Interception?
Thanks!

I have 7 keyboards/numpads plugged in right now, and 12 USB devices overall.
http://i.imgur.com/udq3WWK.jpg
I use interception and a command-line tool called intercept.exe to reprogram these extra keyboards, so that I can use AutoHotKey to turn them into multipurpose macros.
(All you never wanted to know about my process for doing that can be found here: https://www.youtube.com/watch?v=y3e_ri-vOIo)

The problem, however, is that ever since I installed interception, my USB devices are not recognized unless they were already plugged in when I booted the computer. (Windows 10, 64 GB RAM, Intel i7-6950X)

FURTHERMORE, sometimes some of my keyboards or other USB devices are not recognized at all, even if they WERE plugged in when the computer is rebooted.

Also, often the 18 macro keys on my Logitech G15 keyboard will NOT work at all, even though the regular keys DO work. And I've had the exact same problem with my new Corsair K95 RGB.

I believe this is related to interception, because I tried uninstalling it, and then all my devices were recognized with no issues. I installed the latest version (v1.0.1) and my issues returned.

Right now, the only way for me to fix this is to have far fewer USB devices plugged in, and/or to reboot until the correct ones are recognized.

Let me know if this is fixable, or if you need any further information. Thanks!

After I have reinstalled intercept I have this error message.
Are you able to tell me what happen
Thank you very much for your help
D

Hi, is it possible to include the source code for the install-interception.exe tool that's used to install the interception driver?

I got a "working" CADStop.exe. If I press slowly ctrl-alt-del it works fine. But as soon I press it twice fast cadstop.exe just exits.

Any ideas?

If I run the caps2esc sample and try to do the desktop switch shortcut of Win+Ctrl+Right Arrow by using the CapsLock key for Ctrl what I actually get is Win+Right Arrow which moves my window over to the right half of the screen. Doing the shortcut with the native Ctrl key works properly.

Is this a known issue? ie. combinations with the Win key don't work properly or something along those lines?

So this online game anti cheat developer decided your driver interceptor is not healthy for their community so they blacklisted it (the game won't run if interceptor is installed whether it is being detected through your driver signature. Driver name in mouse and keyboard or port I don't know :( ) is there a way to bypass fix it
Thank you

Is it possible to run interception_send without specific device.
Or is there option to get the device without waiting for key to be pressed?

Thnaks