How do I send and receive keystrokes (mouse moves) from kernel mode?

Well, I had to find the answer for a product I was developing. Under Win2k Microsoft doesn't seem to offer a way to do this. I have devised a solution for W2k and WXP which is in a commercially available product with a WHQL signature. Start with the KBfilter (Moufiltr) example from the ddk. Modify it from a PS/2 single device upper filter to a generic class upper filter. Prepend it to the kbdclass (mouclass) Upperfilters registry entry.

This will allow you to tap into the flow of keyboard (mouse) data and you can send keystrokes (mouse moves) the same way.

There are a lot of technical details that you will have to work out for yourself. Eventually I will add in more of the details. I may violate confidentiality agreements if I gave you too many details and I certainly can't give you any code. These pointers ought to give you a good start.

I had a very interesting discussion with the microsoft developer of the kbfilter program. He indicated that ms wants developers to send keystrokes from user mode. He agreed that prepending the class filter with a modification of the kbfilter program was a valid approach.

He brought up the question of what I would do if there was no keyboard. I had thought about that but was not prepared to address it yet. He mentioned the idea of a virtual keyboard function driver. That is going to be an interesting one to develop. It is such a useful idea with benefits to so many developers that it is a shame that microsoft doesn't include one in the ddk. Now that would be helpful! Too bad whatever I develop will have to be proprietary. Maybe some ambitious developer with time on their hands will develop a generic solution that anyone can use. I will fill in more details here as time and interest permits.

The ddk example is an i8042 device filter only. The filter key is under enum for devices not under control for classes. If you are trying to filter every and any keyboard you must prepend the kbdclass filter key. The kbdfilter example uses the class callback address so it must prepend the class.

There is a program some have tried to use as a starting point called ctrl2cap. The ctrl2cap program manages irps so it appends the class key. This method is much more complex and limiting than what I propose.

The most important question you may ask is just what registry entry do you make to load your driver?

The key to use for a keyboard:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="myfilter\0kbclasss\0\0"

The key to use for a mouse:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="myfilter\0kmouasss\0\0"