This is the second part of my series of blogposts about hooking miniport and minifilter drivers. In this session I will focus on how to hook display miniport callbacks.
Port and miniport drivers are a concept that Microsoft uses to simplify the development of kernel code by different vendors. The port driver (Supplied by Microsoft) is responsible of performing common tasks and by that it helps vendors to avoid writing a lot of boilerplate code. Miniport drivers, supplied by third party vendors, are responsible for the execution tasks for a specific device. …
This post is the first part of series about hooking minifilter/miniport objects. During the course of this series I will explain how the management of these objects works, focusing where various callbacks reside in memory, The manner in which they are called by the manager driver, and how we might be able hook them without triggering PatchGuard.
The Filter Manager (FltMgr.sys) is a kernel component that allows other drivers to install callbacks that intercept file system operations. The filter manager is a replacement of the legacy file system filter driver model, and operates at the same level. …
