(Login MCalkins) C-Forum Posted Jan 6, 2012 6:20 PM
Windows NT uses two privilege levels:
ring 0, "kernel mode", for ntoskrnl.exe/ntkrnpa.exe, hal.dll, win32k.sys, all the device drivers (*.sys), etc.
ring 3, "user mode", for ntdll.dll, csrss.exe, the API dlls, all the applications, etc.
ring 3 code generally cannot directly mess with hardware.
In general, the API dlls, such as kernel32.dll, call into ntdll.dll, which in turn calls into the ring 0 code with either "int 0x2e", "sysenter" (Intel Pentium 2), or "syscall" (AMD K6).
So, unless you want to write a ring 0 driver, you will have to go through the system service dispatcher ("int 0x2e", etc), or call a library function.
All the ring 3 .dlls, such as ntdll.dll, that your ring 3 application links to will be mapped into your application's virtual address space. Therefore, you will be able to disassemble them while using a debugger on your application. Is this what you mean by seeing what is going on, or do you mean at the source level?
If you are interested in clarity at the source level, I would say that using library functions would probably be the clearest. It hides the implementation, but that is a good thing. It keeps you from getting overwhelmed by details. Also, I think you would probably have a hard time improving on the efficiency of the existing libraries.
I have no experience with 2D graphics in Windows. However here are some links:
A little bit of info about low level graphics calls: