FireDaemon Restore 1.0.0 Beta Now Available

Last Updated: February 8, 2018

What Is This Sorcery?

With the release of Windows 10 and Server 2016, Microsoft decided to block keyboard and mouse input on Session 0. So if, for example, you had an interactive service running on Session 0, your keyboard and mouse would not work and you would not be able to interact with your application. Please refer to our comprehensive discussion on the matter.

So, behold, we have created FireDaemon Restore. This is a driver that patches the Windows win32kfull.sys system kernel driver to restore the keyboard and mouse functionality on Session 0 on Windows 10 and Server 2016.


Warning and Disclaimer


By downloading and installing the FireDaemon Restore you fully acknowledge that this software modifies the behaviour of your Windows operating system which may result in your operating system ceasing to function normally. As such, you assume all risk and FireDaemon Technologies Limited will not be liable for any loss or damage to your operating system. If you have any doubt whatsoever in regard to the usefulness or fit for purpose of this driver then please, do not use it.


Installation Recommendation


Per the Warning and Disclaimer above, we strongly recommend you try this driver in a disposable virtual machine or similar test environment first to ensure it works and meets your requirements prior to deploying in production.


Installation Instructions

  1. Ensure you have Windows 10 or Server 2016 installed and that the operating system is fully patched
  2. Ensure you have a full backup of your operating system such that you can completely restore
  3. Login in as a local or domain administrator
  4. Download the driver ZIP file and unpack to a location of your choice
  5. Determine your machine architecture - either 32-bit or 64-bit
  6. If you have a 32-bit version of Windows 10 installed copy the file "FDUI0Input.sys" from the x86 folder to C:\Windows\System32\drivers
  7. If you have a 64-bit version of Windows 10 or Server 2016 installed copy the file "FDUI0Input.sys" from the x64 folder to C:\Windows\System32\drivers
  8. Open an elevated Windows command prompt
  9. Put your operating system in Driver Test Signing Mode. At the command prompt type the following:
    bcdedit /set testsigning on
  10. Reboot your machine
  11. Login again as a local or domain administrator
  12. Open an elevated command prompt once again
  13. Install the driver. At the command prompt type the following paying special attention to the spaces:
    sc create FDUI0Input type= kernel binPath= C:\Windows\System32\drivers\FDUI0Input.sys start= system
  14. Reboot your operating system once more and log back in
  15. If you have FireDaemon Pro 4 or FireDaemon Zero 2 installed - when you switch to Session 0 - you will find your keyboard and mouse working again on Session 0 on Windows 10 or Windows Server 2016! Cool, eh?

Removing The Driver

This is straight forward:
  1. Login as a local or domain administrator
  2. Open an elevated command prompt.
  3. At the elevated command prompt type:
    sc delete FDUI0Input
    bcdedit /set testsigning off
  4. Then reboot you machine.

Limitations

At this point, the driver uses our DigiCert Authenticode Certificate and, hence, for it function, you need to place your operating system in test mode. This will leave a watermark on your desktop (which can be conveniently removed) and operating system in a state where other drivers could be installed surreptitiously. To resolve this the driver needs to be signed with an EV kernel certificate and submitted to the Microsoft Windows Hardware Development Center for counter signing. At this point we don't possess an EV kernel certificate.

Also, after applying Windows Updates, you might find your machine is no longer in Driver Test Signing Mode. You will have to enable Driver Test Signing Mode again per the instructions above and reboot.

Bugs? Issues? Feature Requests?


Tell us what you think! All feedback gratefully received!


FireDaemon Restore In Action

The screenshot below shows the driver in action. winver.exe and notepad.exe are being run by FireDaemon Pro 4. As you can see you can interact with the desktop, move windows around and type into notepad.exe.

image


Login or Signup to post a comment