What Module Handles the Drawing of Windows, Cursor, etc..?

Forum for discussion about kernel-mode development.
Post Reply
SirRonald
Posts: 1
Joined: Thu Oct 04, 2018 9:29 pm

What Module Handles the Drawing of Windows, Cursor, etc..?

Post by SirRonald » Thu Oct 04, 2018 9:38 pm

Hello,

I'm looking into creating my own external forms, windows, UIs, etc.. by hooking into whatever kernel module handles the specific drawing operations.

I've looked into NtUserPaintMonitor, and also NtUserPaintDesktop - however none of these functions are triggered on my system (Using normal detours, Windows 10, 1803).

I've tried more generic functions like NtGdiExtEscape, however that is not called (unless of course I start some type of application that uses it).

Surely, there would be some sort of module that renders the desktop/monitor at your selected refresh rate? Preferably something with a HDC, so that I can use GDI calls to it?

Windows Internals book, said that Cdd.dll handles the rendering of the mouse cursor, however I found no evidence of that looking at the code.

User avatar
mrfearless
Posts: 3
Joined: Fri Feb 19, 2016 10:09 pm
Location: Ireland
Contact:

Re: What Module Handles the Drawing of Windows, Cursor, etc..?

Post by mrfearless » Sun Oct 07, 2018 6:50 pm

Im guessing its probably this:

https://docs.microsoft.com/en-us/window ... erspective
"GDI service functions are identified by their Eng prefix, and functions that provide access to GDI-maintained structures have names in the form XxxOBJ*_*Xxx."

Looking at the reactos code might give you a better idea if that is where you need to look: https://doxygen.reactos.org/dir_27871eb ... 01fd6.html

And some of the functions listed here might be useful: https://j00ru.vexillium.org/syscalls/win32k/32/

like NtGdiEngBitBlt, NtGdiBitBlt, NtGdiCreateCompatibleDC, NtGdiCreateCompatibleBitmap, NtGdiCreateSolidBrush etc

also check the ntgdi.h in the SDKs for those functions, and they seem referenced in the win32k.lib file which is for the Win32k.sys file.

Post Reply