hello
does anyone know how the exection flow works?
as far as i know it works that way:
gui app -> calls some apis from opengl32.dll/d3d9.dll -> goes to usermode part of device driver nvogl.dll/atiogl32.dll (vendor specific) -> goes to kernelmode part nvxxx.sys/atixxx.sys (again vendor specific)
on the other hand we have win32k.sys which controls gdi32 stuff and others(??) (all those NtGdi*, NtGdiDd* and NtGdiDDI* funcs).
is it possible to intercept / use any of the opengl or d3d funcs from within a driver? without hooking IDT and placing bp on the func in der usermode process?or do you have to hook irp of the graphics driver?
does anyone know how the exection flow works?
as far as i know it works that way:
gui app -> calls some apis from opengl32.dll/d3d9.dll -> goes to usermode part of device driver nvogl.dll/atiogl32.dll (vendor specific) -> goes to kernelmode part nvxxx.sys/atixxx.sys (again vendor specific)
on the other hand we have win32k.sys which controls gdi32 stuff and others(??) (all those NtGdi*, NtGdiDd* and NtGdiDDI* funcs).
is it possible to intercept / use any of the opengl or d3d funcs from within a driver? without hooking IDT and placing bp on the func in der usermode process?or do you have to hook irp of the graphics driver?
