-
-
看雪CTF.TSRC 2018 团队赛-第9题
-
发表于: 2018-12-18 07:21 3603
-
1. 总体逻辑
程序使用的nana库写的界面,
有两个label, 一个是显示"
Correct
", 一个是显示"Wrong", 都在相同的位置, 相同的大小
在textbox的text_changed事件中获取sn,
按"^([[:d:]]{10})([[:d:]]{10})([[:d:]]{10})$"的格式获取三个10位数字,
加锁处理sn(转换为16进制后写入directx的线程参数)
开启一个线程用于directx验证sn及在label处绘制"Correct"/"Wrong"
线程的参数如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | struct st_dx_param { DWORD hThread; DWORD dwThreadId; HANDLE hEvent; DWORD d03; HWND hWndParent; DWORD d05; DWORD d06; DWORD d07; DWORD d08; DWORD d09; DWORD d10; DWORD d11; DWORD d12; int X; // 50 int Y; // 20 int nWidth; // 200 int nHeight; // 80 DWORD d17; double rgbSuccess[4]; // 0,128,0,1 green double rgbFail[4]; // 255,0,0,1 red CRITICAL_SECTION cs; DWORD sn0; // 0 DWORD sn1; // 0 DWORD sn2; // 0}; |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | struct st_dx_param { DWORD hThread; DWORD dwThreadId; HANDLE hEvent; DWORD d03; HWND hWndParent; DWORD d05; DWORD d06; DWORD d07; DWORD d08; DWORD d09; DWORD d10; DWORD d11; DWORD d12; int X; // 50 int Y; // 20 int nWidth; // 200 int nHeight; // 80 DWORD d17; double rgbSuccess[4]; // 0,128,0,1 green double rgbFail[4]; // 255,0,0,1 red CRITICAL_SECTION cs; DWORD sn0; // 0 DWORD sn1; // 0 DWORD sn2; // 0}; |
2. nana::textbox(sn的处理及赋值)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | // textbox.text_changed的lambda表达式.text:00402D80 mov dword ptr [ebp-16Ch], offset ??_7textbox@nana@@6B@ ; const nana::textbox::`vftable'....text:00402DE3 mov dword ptr [ebp-420h], offset x_textbox_text_changed_lambda_vtbl....text:00402E0F mov dword ptr [edi], offset ??_7docker@?$basic_event@Uarg_textbox@nana@@@nana@@6B@ ; const nana::basic_event<nana::arg_textbox>::docker::`vftable'// x_DoCall是text_changed的处理函数.rdata:004AB384 x_textbox_text_changed_lambda_vtbl dd offset sub_410C90.rdata:004AB384 ; DATA XREF: wWinMain(x,x,x,x)+B43↑o.rdata:004AB388 dd offset sub_410C90.rdata:004AB38C dd offset x_DoCall.rdata:004AB390 dd offset sub_410C80.rdata:004AB394 dd offset sub_410C50.rdata:004AB398 dd offset sub_410C70// 字符串 -> 整数, 写入st_dx_param.text:00403528 call x_atoi.text:0040352D mov ecx, [eax].text:0040352F mov ecx, [ecx+4].text:00403532 test byte ptr [ecx+eax+0Ch], 6.text:00403537 jnz short loc_403595.text:00403539 lea eax, [ebp+var_1C].text:0040353C push eax.text:0040353D lea ecx, [ebp+var_1D8].text:00403543 call x_atoi.text:00403548 mov ecx, [eax].text:0040354A mov ecx, [ecx+4].text:0040354D test byte ptr [ecx+eax+0Ch], 6.text:00403552 jnz short loc_403595.text:00403554 lea eax, [ebp+sn0].text:00403557 push eax.text:00403558 lea ecx, [ebp+var_130].text:0040355E call x_atoi.text:00403563 mov ecx, [eax].text:00403565 mov ecx, [ecx+4].text:00403568 test byte ptr [ecx+eax+0Ch], 6.text:0040356D jnz short loc_403595.text:0040356F mov ecx, [esi+8].text:00403572 mov eax, [ebp+var_18].text:00403575 mov [ecx+st_dx_param.sn0], eax.text:0040357B mov ecx, [esi+8].text:0040357E mov eax, [ebp+var_1C].text:00403581 mov [ecx+st_dx_param.sn1], eax.text:00403587 mov ecx, [esi+8].text:0040358A mov eax, [ebp+sn0].text:0040358D mov [ecx+st_dx_param.sn2], eax |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | // textbox.text_changed的lambda表达式.text:00402D80 mov dword ptr [ebp-16Ch], offset ??_7textbox@nana@@6B@ ; const nana::textbox::`vftable'....text:00402DE3 mov dword ptr [ebp-420h], offset x_textbox_text_changed_lambda_vtbl....text:00402E0F mov dword ptr [edi], offset ??_7docker@?$basic_event@Uarg_textbox@nana@@@nana@@6B@ ; const nana::basic_event<nana::arg_textbox>::docker::`vftable'// x_DoCall是text_changed的处理函数.rdata:004AB384 x_textbox_text_changed_lambda_vtbl dd offset sub_410C90.rdata:004AB384 ; DATA XREF: wWinMain(x,x,x,x)+B43↑o.rdata:004AB388 dd offset sub_410C90.rdata:004AB38C dd offset x_DoCall.rdata:004AB390 dd offset sub_410C80.rdata:004AB394 dd offset sub_410C50.rdata:004AB398 dd offset sub_410C70// 字符串 -> 整数, 写入st_dx_param.text:00403528 call x_atoi.text:0040352D mov ecx, [eax].text:0040352F mov ecx, [ecx+4].text:00403532 test byte ptr [ecx+eax+0Ch], 6.text:00403537 jnz short loc_403595.text:00403539 lea eax, [ebp+var_1C].text:0040353C push eax.text:0040353D lea ecx, [ebp+var_1D8].text:00403543 call x_atoi.text:00403548 mov ecx, [eax].text:0040354A mov ecx, [ecx+4].text:0040354D test byte ptr [ecx+eax+0Ch], 6.text:00403552 jnz short loc_403595.text:00403554 lea eax, [ebp+sn0].text:00403557 push eax.text:00403558 lea ecx, [ebp+var_130].text:0040355E call x_atoi.text:00403563 mov ecx, [eax].text:00403565 mov ecx, [ecx+4].text:00403568 test byte ptr [ecx+eax+0Ch], 6.text:0040356D jnz short loc_403595.text:0040356F mov ecx, [esi+8].text:00403572 mov eax, [ebp+var_18].text:00403575 mov [ecx+st_dx_param.sn0], eax.text:0040357B mov ecx, [esi+8].text:0040357E mov eax, [ebp+var_1C].text:00403581 mov [ecx+st_dx_param.sn1], eax.text:00403587 mov ecx, [esi+8].text:0040358A mov eax, [ebp+sn0].text:0040358D mov [ecx+st_dx_param.sn2], eax |
后面好像有一串计算过程及验证, 不过直接patch跳过去, 并不会显示"Correct",所以这里并不是真正的验证点
3. directx
1 2 3 4 5 6 7 8 9 10 11 | .text:00403D75 mov eax, [esi+30h].text:00403D78 mov [eax+10h], ecx.text:00403D7B mov ecx, [esi+30h].text:00403D7E lea eax, [ecx+4].text:00403D81 push eax ; lpThreadId.text:00403D82 push 0 ; dwCreationFlags.text:00403D84 push ecx ; lpParameter.text:00403D85 push offset x_dx_thread ; lpStartAddress.text:00403D8A push 0 ; dwStackSize.text:00403D8C push 0 ; lpThreadAttributes.text:00403D8E call ds:CreateThread |
1 2 3 4 5 6 7 8 9 10 11 | .text:00403D75 mov eax, [esi+30h].text:00403D78 mov [eax+10h], ecx.text:00403D7B mov ecx, [esi+30h].text:00403D7E lea eax, [ecx+4].text:00403D81 push eax ; lpThreadId.text:00403D82 push 0 ; dwCreationFlags.text:00403D84 push ecx ; lpParameter.text:00403D85 push offset x_dx_thread ; lpStartAddress.text:00403D8A push 0 ; dwStackSize.text:00403D8C push 0 ; lpThreadAttributes.text:00403D8E call ds:CreateThread |
将d3d11.h的头文件修改下导入IDA
这里有3个Directx Shader Bytecode
__m128d ConstantBufferData[15];
sn放到ConstantBufferData[14]
VertexShader的输入格式
1 2 3 4 5 | struct { DXGI_FORMAT_R32G32B32_FLOAT POSITION; DXGI_FORMAT_R32G32_FLOAT TEXCOORD; DXGI_FORMAT_R32G32B32A32_FLOAT COLOR;}; |
1 2 3 4 5 | struct { DXGI_FORMAT_R32G32B32_FLOAT POSITION; DXGI_FORMAT_R32G32_FLOAT TEXCOORD; DXGI_FORMAT_R32G32B32A32_FLOAT COLOR;}; |
g_buf_input1的点绘制出来是"绿色背景的Correct!"
g_buf_input2的点绘制出来是"红色背景的Wrong!"
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 | DWORD __stdcall x_dx_thread(st_dx_param *param){ //... WNDCLASSEXW a1; //... RegisterClassExW(&a1); HWND hWnd = CreateWindowExW(0, a1.lpszClassName, L"2018CTF@pediy.com", 0x50000000, param->X, param->Y, param->nWidth, param->nHeight, param->hWndParent, 0, GetWindowLongW(param->hWndParent, GWL_HINSTANCE), 0); ShowWindow(hWnd, SW_SHOW); //... RECT rect; GetClientRect(param->hWndParent, &rect); GetWindowRect(param->hWndParent, &rect); //... float rgbSuccess[4]; float rgbFail[4]; memcpy(rgbSuccess, param->rgbSuccess, 16); memcpy(rgbFail, param->rgbFail, 16); //... D3D_DRIVER_TYPE DriverTypes[3]; DriverTypes[0] = D3D_DRIVER_TYPE_HARDWARE; DriverTypes[1] = D3D_DRIVER_TYPE_WARP; DriverTypes[2] = D3D_DRIVER_TYPE_SOFTWARE; D3D_FEATURE_LEVEL FeatureLevels[3]; FeatureLevels[0] = D3D_FEATURE_LEVEL_11_0; FeatureLevels[1] = D3D_FEATURE_LEVEL_10_1; FeatureLevels[2] = D3D_FEATURE_LEVEL_10_0; D3D_FEATURE_LEVEL FeatureLevel = D3D_FEATURE_LEVEL_11_0; DXGI_SWAP_CHAIN_DESC SwapChainDesc; SwapChainDesc.BufferDesc.Width = param->nWidth; SwapChainDesc.BufferDesc.Height = param->nHeight; SwapChainDesc.OutputWindow = hWnd; SwapChainDesc.BufferCount = 1; SwapChainDesc.BufferDesc.Format = DXGI_FORMAT_R8G8B8A8_UNORM; SwapChainDesc.BufferDesc.RefreshRate.Numerator = 60; SwapChainDesc.BufferDesc.RefreshRate.Denominator = 1; SwapChainDesc.BufferUsage = 32; SwapChainDesc.SampleDesc.Count = 1; SwapChainDesc.SampleDesc.Quality = 0; SwapChainDesc.Windowed = 1; IDXGISwapChain *SwapChain; ID3D11Device *Device; ID3D11DeviceContext *DeviceContext; D3D11CreateDeviceAndSwapChain(0, DriverTypes[i], 0, 0, FeatureLevels, 3, 7, &SwapChainDesc, &SwapChain, &Device, &FeatureLevel, &DeviceContext); ID3D11Texture2D *Surface; D3D11_TEXTURE2D_DESC Desc; ID3D11RenderTargetView *RenderTargetView; SwapChain->lpVtbl->GetBuffer(SwapChain, 0, &IID_D3D11Texture2D, &Surface); Surface->lpVtbl->GetDesc(Surface, &Desc); Device->lpVtbl->CreateRenderTargetView(Device, Surface, 0, &RenderTargetView); ID3D11Texture2D *Resource0; ID3D11Texture2D *Resource1; Desc.Usage = 0; Desc.BindFlags = D3D11_BIND_RENDER_TARGET|D3D11_BIND_SHADER_RESOURCE; Desc.CPUAccessFlags = 0; Desc.MiscFlags = D3D11_RESOURCE_MISC_GENERATE_MIPS; Device->lpVtbl->CreateTexture2D(Device, &Desc, 0, &Resource0); Device->lpVtbl->CreateTexture2D(Device, &Desc, 0, &Resource1); ID3D11RenderTargetView *RenderTargetViewSuccess; ID3D11RenderTargetView *RenderTargetViewFail; Device->lpVtbl->CreateRenderTargetView(Device, Resource0, 0, &RenderTargetViewSuccess); Device->lpVtbl->CreateRenderTargetView(Device, Resource1, 0, &RenderTargetViewFail); D3D11_SHADER_RESOURCE_VIEW_DESC ResourceViewDesc; ResourceViewDesc.Format = Desc.Format; ResourceViewDesc.Texture2D.MostDetailedMip = 0; ResourceViewDesc.Texture2D.MipLevels = -1; ResourceViewDesc.ViewDimension = D3D_SRV_DIMENSION_TEXTURE2D; ID3D11ShaderResourceView *ShaderResourceViewSuccess; ID3D11ShaderResourceView *ShaderResourceViewFail; Device->lpVtbl->CreateShaderResourceView(Device, Resource0, &ResourceViewDesc, &ShaderResourceViewSuccess); Device->lpVtbl->CreateShaderResourceView(Device, Resource1, &ResourceViewDesc, &ShaderResourceViewFail); char g_buf_VertexShader[1308]; char g_buf_PixelShader0[496]; char g_buf_PixelShader1[3108]; D3D11_INPUT_ELEMENT_DESC InputElementDescs[3]; InputElementDescs[0].SemanticName = "POSITION"; InputElementDescs[0].SemanticIndex = 0; InputElementDescs[0].Format = DXGI_FORMAT_R32G32B32_FLOAT; InputElementDescs[0].InputSlot = 0; InputElementDescs[0].AlignedByteOffset = 0; InputElementDescs[0].InputSlotClass = 0; InputElementDescs[0].InstanceDataStepRate = 0; InputElementDescs[1].SemanticName = "TEXCOORD"; InputElementDescs[1].SemanticIndex = 0; InputElementDescs[1].Format = DXGI_FORMAT_R32G32_FLOAT; InputElementDescs[1].InputSlot = 0; InputElementDescs[1].AlignedByteOffset = 12; InputElementDescs[1].InputSlotClass = 0; InputElementDescs[1].InstanceDataStepRate = 0; InputElementDescs[2].SemanticName = "COLOR"; InputElementDescs[2].SemanticIndex = 0; InputElementDescs[2].Format = DXGI_FORMAT_R32G32B32A32_FLOAT; InputElementDescs[2].InputSlot = 0; InputElementDescs[2].AlignedByteOffset = 20; InputElementDescs[2].InputSlotClass = 0; InputElementDescs[2].InstanceDataStepRate = 0; ID3D11VertexShader *VertexShader; ID3D11InputLayout *InputLayout; ID3D11PixelShader *PixelShader0; ID3D11PixelShader *PixelShader1; Device->lpVtbl->CreateVertexShader(Device, g_buf_VertexShader, 1308, 0, &VertexShader); Device->lpVtbl->CreateInputLayout(Device, InputElementDescs, 3, g_buf_VertexShader, 1308, &InputLayout); Device->lpVtbl->CreatePixelShader(Device, g_buf_PixelShader0, 496, 0, &PixelShader0); Device->lpVtbl->CreatePixelShader(Device, g_buf_PixelShader1, 3108, 0, &PixelShader1); D3D11_SAMPLER_DESC SamplerDesc; SamplerDesc.Filter = D3D11_FILTER_MIN_MAG_MIP_LINEAR; SamplerDesc.AddressU = D3D11_TEXTURE_ADDRESS_WRAP; SamplerDesc.AddressV = D3D11_TEXTURE_ADDRESS_WRAP; SamplerDesc.AddressW = D3D11_TEXTURE_ADDRESS_WRAP; SamplerDesc.ComparisonFunc = D3D11_COMPARISON_NEVER; SamplerDesc.MinLOD = 0; SamplerDesc.MaxLOD = FLT_MAX; ID3D11SamplerState *Sampler; Device->lpVtbl->CreateSamplerState(Device, &SamplerDesc, &Sampler); char g_buf_input0[144]; char g_buf_input1[63936]; char g_buf_input2[62028]; __int16 g_buf_indice0[6]; __int16 g_buf_indice1[5283]; __int16 g_buf_indice2[5142]; D3D11_SUBRESOURCE_DATA InitialData; D3D11_BUFFER_DESC BufferDesc; ID3D11Buffer *VertexBuffer0; ID3D11Buffer *VertexBuffer1; ID3D11Buffer *VertexBuffer2; ID3D11Buffer *IndexBuffer0; ID3D11Buffer *IndexBuffer1; ID3D11Buffer *IndexBuffer2; ID3D11Buffer *ConstantBuffer; //... BufferDesc.BindFlags = D3D11_BIND_VERTEX_BUFFER; InitialData.pSysMem = g_buf_input0; BufferDesc.ByteWidth = sizeof(g_buf_input0); Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &VertexBuffer0); //... InitialData.pSysMem = g_buf_input1; BufferDesc.ByteWidth = sizeof(g_buf_input1); Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &VertexBuffer1); //... InitialData.pSysMem = g_buf_input2; BufferDesc.ByteWidth = sizeof(g_buf_input2); Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &VertexBuffer2); //... BufferDesc.BindFlags = D3D11_BIND_INDEX_BUFFER; InitialData.pSysMem = g_buf_indice0; BufferDesc.ByteWidth = sizeof(g_buf_indice0); Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &IndexBuffer0); //... InitialData.pSysMem = g_buf_indice1; BufferDesc.ByteWidth = sizeof(g_buf_indice1); Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &IndexBuffer1); //... InitialData.pSysMem = g_buf_indice2; BufferDesc.ByteWidth = sizeof(g_buf_indice2); Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &IndexBuffer2); //... BufferDesc.ByteWidth = 240; BufferDesc.BindFlags = D3D11_BIND_CONSTANT_BUFFER; Device->lpVtbl->CreateBuffer(Device, &BufferDesc, 0, &ConstantBuffer); __m128d ConstantBufferData[15]; // ... ConstantBufferData init D3D11_VIEWPORT Viewport; Viewport.MinDepth = 0.0; Viewport.MaxDepth = 1.0; Viewport.TopLeftX = 0.0; Viewport.TopLeftY = 0.0; Viewport.Width = param->nWidth; Viewport.Height = param->nHeight; UINT Stride = 36; UINT Offset = 0; // g_buf_input1 -> VertexShader -> PixelShader0 DeviceContext->lpVtbl->UpdateSubresource(DeviceContext, ConstantBuffer, 0, 0, ConstantBufferData, 0, 0); DeviceContext->lpVtbl->ClearRenderTargetView(DeviceContext, RenderTargetViewSuccess, rgbSuccess); DeviceContext->lpVtbl->OMSetRenderTargets(DeviceContext, 1, &RenderTargetViewSuccess, 0); DeviceContext->lpVtbl->RSSetViewports(DeviceContext, 1, &Viewport); DeviceContext->lpVtbl->IASetVertexBuffers(DeviceContext, 0, 1, &VertexBuffer1, &Stride, &Offset); DeviceContext->lpVtbl->IASetIndexBuffer(DeviceContext, IndexBuffer1, DXGI_FORMAT_R16_UINT, 0); DeviceContext->lpVtbl->IASetInputLayout(DeviceContext, InputLayout); DeviceContext->lpVtbl->IASetPrimitiveTopology(DeviceContext, D3D_PRIMITIVE_TOPOLOGY_TRIANGLELIST); DeviceContext->lpVtbl->VSSetShader(DeviceContext, VertexShader, 0, 0); DeviceContext->lpVtbl->VSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer); DeviceContext->lpVtbl->PSSetShader(DeviceContext, PixelShader0, 0, 0); DeviceContext->lpVtbl->PSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer); DeviceContext->lpVtbl->PSSetSamplers(DeviceContext, 0, 1, &Sampler); DeviceContext->lpVtbl->DrawIndexed(DeviceContext, ARRAYSIZE(g_buf_indice1), 0, 0); // g_buf_input2 -> VertexShader -> PixelShader0 DeviceContext->lpVtbl->GenerateMips(DeviceContext, ShaderResourceViewSuccess); DeviceContext->lpVtbl->UpdateSubresource(DeviceContext, ConstantBuffer, 0, 0, ConstantBufferData, 0, 0); DeviceContext->lpVtbl->ClearRenderTargetView(DeviceContext, RenderTargetViewFail, rgbFail); DeviceContext->lpVtbl->OMSetRenderTargets(DeviceContext, 1, &RenderTargetViewFail, 0); DeviceContext->lpVtbl->RSSetViewports(DeviceContext, 1, &Viewport); DeviceContext->lpVtbl->IASetVertexBuffers(DeviceContext, 0, 1, &VertexBuffer2, &Stride, &Offset); DeviceContext->lpVtbl->IASetIndexBuffer(DeviceContext, IndexBuffer2, DXGI_FORMAT_R16_UINT, 0); DeviceContext->lpVtbl->IASetInputLayout(DeviceContext, InputLayout); DeviceContext->lpVtbl->IASetPrimitiveTopology(DeviceContext, D3D_PRIMITIVE_TOPOLOGY_TRIANGLELIST); DeviceContext->lpVtbl->VSSetShader(DeviceContext, VertexShader, 0, 0); DeviceContext->lpVtbl->VSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer); DeviceContext->lpVtbl->PSSetShader(DeviceContext, PixelShader0, 0, 0); DeviceContext->lpVtbl->PSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer); DeviceContext->lpVtbl->PSSetSamplers(DeviceContext, 0, 1, &Sampler); DeviceContext->lpVtbl->DrawIndexed(DeviceContext, ARRAYSIZE(g_buf_indice2), 0, 0); DeviceContext->lpVtbl->GenerateMips(DeviceContext, ShaderResourceViewFail); //... while ( WaitForSingleObjectEx(param->hEvent, 0, 0) == WAIT_TIMEOUT ) { MSG msg; if (PeekMessageW(&msg, 0, 0, 0, 1)) { TranslateMessage(&msg); DispatchMessageW(&msg); } EnterCriticalSection(¶m->cs); ConstantBufferData[14].m128d_f32[0] = param->sn0; ConstantBufferData[14].m128d_f32[1] = param->sn1; ConstantBufferData[14].m128d_f32[2] = param->sn2; LeaveCriticalSection(¶m->cs); //... // g_buf_input0 -> VertexShader -> PixelShader1 DeviceContext->lpVtbl->UpdateSubresource(DeviceContext, ConstantBuffer, 0, 0, ConstantBufferData, 0, 0); DeviceContext->lpVtbl->ClearRenderTargetView(DeviceContext, RenderTargetView, rgbBlack); DeviceContext->lpVtbl->OMSetRenderTargets(DeviceContext, 1, &RenderTargetView, 0); DeviceContext->lpVtbl->RSSetViewports(DeviceContext, 1, &Viewport); DeviceContext->lpVtbl->IASetVertexBuffers(DeviceContext, 0, 1, &VertexBuffer0, &Stride, &Offset); DeviceContext->lpVtbl->IASetIndexBuffer(DeviceContext, IndexBuffer0, DXGI_FORMAT_R16_UINT, 0); DeviceContext->lpVtbl->IASetInputLayout(DeviceContext, InputLayout); DeviceContext->lpVtbl->IASetPrimitiveTopology(DeviceContext, D3D_PRIMITIVE_TOPOLOGY_TRIANGLELIST); DeviceContext->lpVtbl->VSSetShader(DeviceContext, VertexShader, 0, 0); DeviceContext->lpVtbl->VSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer); DeviceContext->lpVtbl->PSSetShader(DeviceContext, PixelShader1, 0, 0); DeviceContext->lpVtbl->PSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer); DeviceContext->lpVtbl->PSSetShaderResources(DeviceContext, 0, 1, &ShaderResourceViewSuccess); DeviceContext->lpVtbl->PSSetShaderResources(DeviceContext, 1, 1, &ShaderResourceViewFail); DeviceContext->lpVtbl->PSSetSamplers(DeviceContext, 0, 1, &Sampler); DeviceContext->lpVtbl->DrawIndexed(DeviceContext, 6, 0, 0); SwapChain->lpVtbl->Present(SwapChain, 0, 0); Sleep(2); } //... return 0; |
最后于 2018-12-18 15:19
被风间仁编辑
,原因:
赞赏记录
参与人
雪币
留言
时间
PLEBFE
为你点赞~
2022-7-27 22:34
飘零丶
为你点赞~
2022-7-17 03:23
Editor
为你点赞~
2018-12-24 15:47
赞赏
|
|
|---|---|
|
|
他的文章
- KCTF2022春季赛 第三题 石像病毒 9112
- KCTF2022春季赛 第二题 末日邀请 16450
- KCTF2021秋季赛 第二题 迷失丛林 19187
- KCTF2020秋季赛 第十题 终焉之战 9199
- KCTF2020秋季赛 第九题 命悬一线 6709
赞赏
雪币:
留言:
