AntiJiggler
The "Mouse Jiggler" and similar products seem like a great tool for a prank or some mischief at first sight - but they can be pretty dangerous if used for evil purposes.This will give you an idea:
Whether you're thinking about forensics experts or data thieves, one thing is certain: you should be able to counter something like the Mouse Jiggler pretty easily.
Its stated purpose is to prevent the computer password prompt from being displayed: so why don't we simply lock the desktop immediately when a new input device (mouse or keyboard) is attached to the machine? If the new hardware was attached for a legitimate reason, the user can enter his password and continue working - if he does not have a password he will have a hard time getting back to the desktop.

AntiJiggler's only GUI feature: a message presented on the Logon screen.
The program below is extremely simple. It's only ~200 lines (including whitespace, debug output and comments), and about half of that is there to wrangle the display name of the new device from Windows' depths and display it on the screen.
AntiJiggler does not require administrative privileges to do its job - or even to install.
Here's how you receive and dispatch device notifications:
// get HID interface class GUID GUID hidGuid; HidD_GetHidGuid(&hidGuid); // init notification filter DEV_BROADCAST_DEVICEINTERFACE NotificationFilter = {0}; NotificationFilter.dbcc_size = sizeof(DEV_BROADCAST_DEVICEINTERFACE); NotificationFilter.dbcc_devicetype = DBT_DEVTYP_DEVICEINTERFACE; NotificationFilter.dbcc_classguid = hidGuid; // register notifications for HID devices HDEVNOTIFY hdn = RegisterDeviceNotification(hWnd, &NotificationFilter, DEVICE_NOTIFY_WINDOW_HANDLE); // start processing messages while (GetMessage (&msg, NULL, 0,0)) { TranslateMessage(&msg); DispatchMessage(&msg); } // clean up UnregisterDeviceNotification(hdn);
And here's how you handle them in your WndProc:
// the only message we care about case WM_DEVICECHANGE: // is a device being attached? if (wParam == DBT_DEVICEARRIVAL) { DEV_BROADCAST_HDR* pHdr = (DEV_BROADCAST_HDR*)lParam; // correct type of device? if (pHdr->dbch_devicetype == DBT_DEVTYP_DEVICEINTERFACE) { // get struct pointer and display message DEV_BROADCAST_DEVICEINTERFACE* pIface = (DEV_BROADCAST_DEVICEINTERFACE*)lParam; // lock the workstation LockWorkStation(); // display a message to the user DisplayLockedMsg(pIface); } } break;
The app is tiny: in its current state, less than 60 kilobytes. There's no setup program and no user interface - just put it somewhere and make sure it starts every time you log on. You can drop it straight into your Startup folder if you like. You might want to consider renaming the executable before putting it to use so a simple look at the process list won't reveal its existence.
To get rid of AntiJiggler after it's been "installed", simply kill the process if it's running and delete the executable.
Fairly obvious improvement ideas:
AntiJiggler is distributed under the MIT license. As usual, no warranties are implied or expressly granted.
Copyright (c) 2007, Marton Anka
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
You can download the source code from here: antijiggler-1.0.src.zip (10 kB)
Win32 binary (runs on x86/x64 XP & Vista): antijiggler-1.0.bin.zip (31 kB)