DrvInitialization failed: 2 about mouhidinputhook HOT 10 CLOSED

Can you post the driver debug output? You can get this using windbg or dbgview.

from mouhidinputhook.

PasteBin
This is a debug output from WinDBG

from mouhidinputhook.

Sorry, I should have specified WinDbg attached as a kernel debugger. Download DbgView (or DebugView) from msdn then use the following list to get the driver debug output:

1. Run DbgView.
2. In DbgView, enable Capture Kernel and Enable Verbose Kernel Output using the Capture menu.
3. Load the driver (use a debug build configuration).
4. Run MouHidMonitor.

Also, what version of Windows are you using?

from mouhidinputhook.

After successfully debugging, the issue was that the driver would fail to load because of windows saying it couldn't find a digital certificate. After putting my main system in test mode, the driver worked, as well as the application. What I don't know is how to install the driver with the specified security certificate. How would one do that? Also, there is no output from running MouHidMonitor via CMD, is this intended?

• Windows 10 User

from mouhidinputhook.

Drivers must be digitally signed in order to be loaded on modern versions of Windows x64. This project does not have a signed certificate.

If the driver loaded successfully then MouHidMonitor should display the following text in command prompt:

MouHid Input Monitor enabled.
Press ENTER to exit.

Make sure DbgView has the correct settings enabled in the Capture menu (enable them all). In test mode, start DbgView, verify settings, load the driver, run MouHidMonitor. Print the output from DbgView here.

from mouhidinputhook.

Sorry for the late response, I attached WinDBG as a kernel debugger to a remote virtual machine. When I launch MouHidMonitor.exe, it says "MouHid Monitor enabled...". So how do I see the mouse packets activity? After the default message, the console is empty. Here is a pastebin with the debug info.

https://pastebin.com/JJbbKmXq

from mouhidinputhook.

The mouse packet data is printed by the driver so you should see packet data messages in WinDbg output. You can also use DbgView to capture the driver output.

It looks like the driver loaded successfully. It is strange that there is only one MouHid device object. I test on a VMware virtual machine running on my local machine. I'm wondering if remoting into the virtual machine causes VMware (or Windows) to use the TermDD mouse device stack instead of the HID USB mouse device stack. If this is the case then this technique would not capture packet data because they are being handled by a different device stack. It would also explain why there is only one MouHid device object instead of two.

Are able to run your virtual machine on your local machine? I use VMware and VirtualKD for my test environment. If you connect to the vm directly (i.e., not remotely) you should see two MouHid device objects being detected in WinDbg output. After loading the driver and running MouHidMonitor.exe you should see packet messages in WinDbg output when you move your mouse in the vm. If this does not work then paste the WinDbg output here.

from mouhidinputhook.

do you have contact info? thanks

from mouhidinputhook.

@anotherfinemess84 To your question, I have figured this out. You need to load the driver using something like OSRLOADER and make sure your OS is in Test Mode.

@changeofpace One more question before I close this issue, do you plan on getting a certificate for this driver?

from mouhidinputhook.

@AliHERAVI No, I do not intend to get a certificate.

from mouhidinputhook.