PG & NVIDA

No - what Wayne mentioned (not Gavin, as your post states) was backtracing calls. My suggestion is to set a flag once a DirectX/3D call has been started which could then be reset once it is ended - if Physical Memory access was permitted while that flag was set, it would have the effect of restricting it to DirectX/3D routines only without having to perform any backtracing.

This would limit the scope of Phys Mem access to Microsoft's DirectX and the graphics driver code - far better from a security perspective than having to allow it for whole applications. And having a separate DirectX permission for each application in PG allows you to restrict this access only to those applications that need it.

 

Sorry, slip of the keyboard...

So a filter on calls made by an application?, .. would this not cause a lot of CPU time by PG to monitor?

 

This could be implemented in a similar way to PG's other functions - via hooks. It would just require more functions to be hooked.

 

O.K., thanks,..
Digress a bit,... I know of pgms such as sysinternals/icesword which give/show implemented hooks, any good reading on this anywhere?

 

also, Nvidia drivers use rundll32.exe

 

The drivers themselves don't - but Nvidia's separate Display Driver Service does. This can be disabled with no ill-effect in my experience.