This PoC shows one of the simplest way to prevent HID input manipulation
A few days ago I heard some poor RPG game is suffering from macro users and so on finally found the answer on the toilet. Most of them use Kernel-Based libraries to send HID input to Operating System. There are some filter drivers and more cheat-like drivers but this PoC aims them and it is good enough unless KPP(aka PatchGuard) turns his eyeball to kbdclass.sys in future.
Find KeybardClassServiceCallback by using AOB pattern. Place inline hook to entry of KeybardClassServiceCallback.
Add getDriverObject(PVOID ReturnAddress)