Win32_SystemDriver to disable device drivers

Question

Trying to find an answer to my question: https://stackoverflow.com/questions/29181012/c-control-usb-drives-connected-to-my-system, I figured it out using the SetupDiXxx Classes. But the problem was that,once it is disabled/enabled, it was able to enable/disable the device from device manager. So any user can easily overcome the ban.

On further study, I saw that Win32_SystemDriver class of WMI has a StopService method that can be used to disable the driver for the device. But I am not sure on how to write the code for the same. Can anyone help me in coding this in C++. I am in MSVS 2010.

Answer 1

You can access WMI classes in C++ with this: https://msdn.microsoft.com/en-us/library/aa392109(v=vs.85).aspx But that seems very hacky and not very easy. If you do this anyway, here is the shortest example I can find: https://msdn.microsoft.com/en-us/library/aa390421(v=vs.85).aspx . I've updated it to match what you're doing:

#define _WIN32_DCOM
#include <windows.h>
#include <Wbemidl.h>
#include <comdef.h>

# pragma comment(lib, "wbemuuid.lib")

void main()
{
    BSTR MethodName = SysAllocString(L"StopService");
    BSTR ClassName = SysAllocString(L"WINMGMTS:\\\\.\\ROOT\\CIMV2\\ms_409:Win32_SystemDriver");

    IWbemServices *pSvc = NULL;
    HRESULT hres = CoInitializeEx(0, COINIT_MULTITHREADED);
    if (FAILED(hres))
    {
        return;
    }

    hres = CoInitializeSecurity(
        NULL,
        -1,                          // COM negotiates service
        NULL,                        // Authentication services
        NULL,                        // Reserved
        RPC_C_AUTHN_LEVEL_DEFAULT,   // Default authentication 
        RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation
        NULL,                        // Authentication info
        EOAC_NONE,                   // Additional capabilities 
        NULL                         // Reserved
        );

    if (FAILED(hres))
    {
        CoUninitialize();
        return;
    }

    IWbemLocator *pLoc = NULL;
    hres = CoCreateInstance(
        CLSID_WbemLocator,
        0,
        CLSCTX_INPROC_SERVER,
        IID_IWbemLocator, (LPVOID *)&pLoc);

    if (FAILED(hres))
    {
        CoUninitialize();
        return;
    }

    hres = pLoc->ConnectServer(
        _bstr_t(L"ROOT\\CIMV2"),
        NULL,
        NULL,
        0,
        NULL,
        0,
        0,
        &pSvc
        );

    IWbemClassObject* pClass = NULL;
    hres = pSvc->GetObject(ClassName, 0, NULL, &pClass, NULL);

    if (FAILED(hres))
    {
        CoUninitialize();
        return;
    }

    IWbemClassObject* pInParamsDefinition = NULL;
    hres = pClass->GetMethod(MethodName, 0,
        &pInParamsDefinition, NULL);

    // Execute Method
    IWbemClassObject* pOutParams = NULL;
    hres = pSvc->ExecMethod(ClassName, MethodName, 0, NULL, NULL, &pOutParams, NULL);

    CoUninitialize();
}

You would replace the classname to point to your driver. If you don't, it will fail with WBEM_E_INVALID_OBJECT_PATH. To find this, You need to enumerate your wmi objects so you can see/pick. This is definitely easiest in powershell, just open powershell and run Get-WmiObject -class Win32_SystemDriver. Although you should probably do all of this from powershell, come to think of it.

It sounds like you might instead want to consider learning how to leverage windows security policies for restricting which devices can be used: https://msdn.microsoft.com/en-us/library/bb530324.aspx . You would start by launching gpedit and follow the directions until you've blocked device installation.