HidGuardian v1 driver installation

HidGuardian v1 driver installation

Attention

This article covers the installation of the (deprecated) HidGuardian major version 1 (a.k.a. Gen1) driver. Its development has been discontinued yet there's software out there depending on it. Please make sure you need version 1 first before going through this article!

About

HidGuardian (abridged as HG) v1 is very limited in functionality. It was more of a proof of concept (PoC) than a full blown product. Nonetheless it can still assist you in blocking input devices which is its core intention.

Attention

If you're a developer starting with a fresh project, please refrain from using HG v1 as it won't receive any new features or fixes, thank you!

Some facts about HG v1:

  • Configured via registry keys and values
  • Can only whitelist processes based on PID (numeric Process ID)
  • Has no real "official" API so might break between minor releases

Projects known to depend on HG v1

This list is in no way complete as we rely on community/developer feedback. Some known products include:

Preparations

👉 Grab the driver archive matching your systems architecture from here and extract them (e.g. to C:\hg)

Hint

Some morons/trolls might have told you that you have to put drivers into system32 folder. Don't do that, Windows can take care of its drivers by itself, fooling around in your system folders can brick your machine. You have been warned.

👉 Now get the Device Console (devcon) utility and also extract it somewhere (e.g. to C:\hg)

So the folder structure you end up with should look like so:

vmware_2018-08-15_16-02-58.png

2018-08-15_16-04-35.png

Driver installation

Alright, here we go 😊 take one last deep breath and continue reading carefully and nothing will go wrong.

Fire up PowerShell as Administrator and insert the following commands one after another:

C:\hg\devcon\x64\devcon.exe install C:\hg\x64\HidGuardian.inf Root\HidGuardian

Which is expected to return:

Device node created. Install is complete when drivers are installed...
Updating drivers for Root\HidGuardian from C:\hg\x64\HidGuardian.inf.
Drivers installed successfully.

Hint

This command created a virtual "dummy device" so the driver can get loaded.

And finally:

C:\hg\devcon\x64\devcon.exe classfilter HIDClass upper -HidGuardian

Which is expected to return:

Class filters changed. Restart the devices or reboot the system to make the change effective.
    HidGuardian

Hint

This command internally adjusted some registry values causing the driver to get loaded onto every input device automatically.

That's it! You're ready to rock 🎉

Attention

You'll either need to unplug and plug in your input devices or reboot the machine for the driver to work!

2018-08-15_16-14-01.png

Driver removal

Attention

Removing HG requires a special procedure described here or else you could end up with no keyboard/mouse!

For removal you don't need the original driver files, you will need devcon though so make sure you got it ready as described earlier.

👉 Then from an elevated PowerShell execute:

C:\hg\devcon\x64\devcon.exe classfilter HIDClass upper !HidGuardian
C:\hg\devcon\x64\devcon.exe remove Root\HidGuardian

Hint

It might have accidentally happened that your system has more than one virtual device. If that's the case, simply execute the two commands multiple times until they're all gone.

Now reboot and you're good to go 😄

Registry clean-up

Some registry keys and values can be safely removed manually after the driver is gone.

In Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidGuardian\Parameters the following values can be removed (if they exist):

  • AffectedDevices
  • ExcemptedDevices
  • Force

The key Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidGuardian\Parameters\Whitelist and all sub-keys can be removed as well.