If you type this into Google, the first three results will likely be malicious. Because HidHide requires kernel-level access (Ring 0), it is a prime target for threat actors. A fake HidHide driver is essentially a rootkit.
HidHide sits at the class filter level of the driver stack. It intercepts the IRP_MJ_CREATE and IRP_MJ_DEVICE_CONTROL calls before they reach the upper-level drivers.
If you have ever tried to use a high-end gaming peripheral, a flight stick, a racing wheel, or a MIDI controller alongside consumer software, you have run into a specific, infuriating problem: Collisions .