-
-
看雪CTF.TSRC 2018 团队赛-第9题
-
发表于: 2018-12-18 07:21 3421
-
1. 总体逻辑
程序使用的nana库写的界面,
有两个label, 一个是显示"
Correct
", 一个是显示"Wrong", 都在相同的位置, 相同的大小
在textbox的text_changed事件中获取sn,
按"^([[:d:]]{10})([[:d:]]{10})([[:d:]]{10})$"的格式获取三个10位数字,
加锁处理sn(转换为16进制后写入directx的线程参数)
开启一个线程用于directx验证sn及在label处绘制"Correct"/"Wrong"
线程的参数如下
struct st_dx_param {
DWORD hThread;
DWORD dwThreadId;
HANDLE hEvent;
DWORD d03;
HWND hWndParent;
DWORD d05;
DWORD d06;
DWORD d07;
DWORD d08;
DWORD d09;
DWORD d10;
DWORD d11;
DWORD d12;
int X; // 50
int Y; // 20
int nWidth; // 200
int nHeight; // 80
DWORD d17;
double rgbSuccess[4]; // 0,128,0,1 green
double rgbFail[4]; // 255,0,0,1 red
CRITICAL_SECTION cs;
DWORD sn0; // 0
DWORD sn1; // 0
DWORD sn2; // 0
};struct st_dx_param {
DWORD hThread;
DWORD dwThreadId;
HANDLE hEvent;
DWORD d03;
HWND hWndParent;
DWORD d05;
DWORD d06;
DWORD d07;
DWORD d08;
DWORD d09;
DWORD d10;
DWORD d11;
DWORD d12;
int X; // 50
int Y; // 20
int nWidth; // 200
int nHeight; // 80
DWORD d17;
double rgbSuccess[4]; // 0,128,0,1 green
double rgbFail[4]; // 255,0,0,1 red
CRITICAL_SECTION cs;
DWORD sn0; // 0
DWORD sn1; // 0
DWORD sn2; // 0
};2. nana::textbox(sn的处理及赋值)
// textbox.text_changed的lambda表达式 .text:00402D80 mov dword ptr [ebp-16Ch], offset ??_7textbox@nana@@6B@ ; const nana::textbox::`vftable' ... .text:00402DE3 mov dword ptr [ebp-420h], offset x_textbox_text_changed_lambda_vtbl ... .text:00402E0F mov dword ptr [edi], offset ??_7docker@?$basic_event@Uarg_textbox@nana@@@nana@@6B@ ; const nana::basic_event<nana::arg_textbox>::docker::`vftable' // x_DoCall是text_changed的处理函数 .rdata:004AB384 x_textbox_text_changed_lambda_vtbl dd offset sub_410C90 .rdata:004AB384 ; DATA XREF: wWinMain(x,x,x,x)+B43↑o .rdata:004AB388 dd offset sub_410C90 .rdata:004AB38C dd offset x_DoCall .rdata:004AB390 dd offset sub_410C80 .rdata:004AB394 dd offset sub_410C50 .rdata:004AB398 dd offset sub_410C70 // 字符串 -> 整数, 写入st_dx_param .text:00403528 call x_atoi .text:0040352D mov ecx, [eax] .text:0040352F mov ecx, [ecx+4] .text:00403532 test byte ptr [ecx+eax+0Ch], 6 .text:00403537 jnz short loc_403595 .text:00403539 lea eax, [ebp+var_1C] .text:0040353C push eax .text:0040353D lea ecx, [ebp+var_1D8] .text:00403543 call x_atoi .text:00403548 mov ecx, [eax] .text:0040354A mov ecx, [ecx+4] .text:0040354D test byte ptr [ecx+eax+0Ch], 6 .text:00403552 jnz short loc_403595 .text:00403554 lea eax, [ebp+sn0] .text:00403557 push eax .text:00403558 lea ecx, [ebp+var_130] .text:0040355E call x_atoi .text:00403563 mov ecx, [eax] .text:00403565 mov ecx, [ecx+4] .text:00403568 test byte ptr [ecx+eax+0Ch], 6 .text:0040356D jnz short loc_403595 .text:0040356F mov ecx, [esi+8] .text:00403572 mov eax, [ebp+var_18] .text:00403575 mov [ecx+st_dx_param.sn0], eax .text:0040357B mov ecx, [esi+8] .text:0040357E mov eax, [ebp+var_1C] .text:00403581 mov [ecx+st_dx_param.sn1], eax .text:00403587 mov ecx, [esi+8] .text:0040358A mov eax, [ebp+sn0] .text:0040358D mov [ecx+st_dx_param.sn2], eax
// textbox.text_changed的lambda表达式 .text:00402D80 mov dword ptr [ebp-16Ch], offset ??_7textbox@nana@@6B@ ; const nana::textbox::`vftable' ... .text:00402DE3 mov dword ptr [ebp-420h], offset x_textbox_text_changed_lambda_vtbl ... .text:00402E0F mov dword ptr [edi], offset ??_7docker@?$basic_event@Uarg_textbox@nana@@@nana@@6B@ ; const nana::basic_event<nana::arg_textbox>::docker::`vftable' // x_DoCall是text_changed的处理函数 .rdata:004AB384 x_textbox_text_changed_lambda_vtbl dd offset sub_410C90 .rdata:004AB384 ; DATA XREF: wWinMain(x,x,x,x)+B43↑o .rdata:004AB388 dd offset sub_410C90 .rdata:004AB38C dd offset x_DoCall .rdata:004AB390 dd offset sub_410C80 .rdata:004AB394 dd offset sub_410C50 .rdata:004AB398 dd offset sub_410C70 // 字符串 -> 整数, 写入st_dx_param .text:00403528 call x_atoi .text:0040352D mov ecx, [eax] .text:0040352F mov ecx, [ecx+4] .text:00403532 test byte ptr [ecx+eax+0Ch], 6 .text:00403537 jnz short loc_403595 .text:00403539 lea eax, [ebp+var_1C] .text:0040353C push eax .text:0040353D lea ecx, [ebp+var_1D8] .text:00403543 call x_atoi .text:00403548 mov ecx, [eax] .text:0040354A mov ecx, [ecx+4] .text:0040354D test byte ptr [ecx+eax+0Ch], 6 .text:00403552 jnz short loc_403595 .text:00403554 lea eax, [ebp+sn0] .text:00403557 push eax .text:00403558 lea ecx, [ebp+var_130] .text:0040355E call x_atoi .text:00403563 mov ecx, [eax] .text:00403565 mov ecx, [ecx+4] .text:00403568 test byte ptr [ecx+eax+0Ch], 6 .text:0040356D jnz short loc_403595 .text:0040356F mov ecx, [esi+8] .text:00403572 mov eax, [ebp+var_18] .text:00403575 mov [ecx+st_dx_param.sn0], eax .text:0040357B mov ecx, [esi+8] .text:0040357E mov eax, [ebp+var_1C] .text:00403581 mov [ecx+st_dx_param.sn1], eax .text:00403587 mov ecx, [esi+8] .text:0040358A mov eax, [ebp+sn0] .text:0040358D mov [ecx+st_dx_param.sn2], eax
后面好像有一串计算过程及验证, 不过直接patch跳过去, 并不会显示"Correct",所以这里并不是真正的验证点
3. directx
.text:00403D75 mov eax, [esi+30h] .text:00403D78 mov [eax+10h], ecx .text:00403D7B mov ecx, [esi+30h] .text:00403D7E lea eax, [ecx+4] .text:00403D81 push eax ; lpThreadId .text:00403D82 push 0 ; dwCreationFlags .text:00403D84 push ecx ; lpParameter .text:00403D85 push offset x_dx_thread ; lpStartAddress .text:00403D8A push 0 ; dwStackSize .text:00403D8C push 0 ; lpThreadAttributes .text:00403D8E call ds:CreateThread
.text:00403D75 mov eax, [esi+30h] .text:00403D78 mov [eax+10h], ecx .text:00403D7B mov ecx, [esi+30h] .text:00403D7E lea eax, [ecx+4] .text:00403D81 push eax ; lpThreadId .text:00403D82 push 0 ; dwCreationFlags .text:00403D84 push ecx ; lpParameter .text:00403D85 push offset x_dx_thread ; lpStartAddress .text:00403D8A push 0 ; dwStackSize .text:00403D8C push 0 ; lpThreadAttributes .text:00403D8E call ds:CreateThread
将d3d11.h的头文件修改下导入IDA
这里有3个Directx Shader Bytecode
__m128d ConstantBufferData[15];
sn放到ConstantBufferData[14]
VertexShader的输入格式
struct {
DXGI_FORMAT_R32G32B32_FLOAT POSITION;
DXGI_FORMAT_R32G32_FLOAT TEXCOORD;
DXGI_FORMAT_R32G32B32A32_FLOAT COLOR;
};struct {
DXGI_FORMAT_R32G32B32_FLOAT POSITION;
DXGI_FORMAT_R32G32_FLOAT TEXCOORD;
DXGI_FORMAT_R32G32B32A32_FLOAT COLOR;
};g_buf_input1的点绘制出来是"绿色背景的Correct!"
g_buf_input2的点绘制出来是"红色背景的Wrong!"
DWORD __stdcall x_dx_thread(st_dx_param *param)
{
//...
WNDCLASSEXW a1;
//...
RegisterClassExW(&a1);
HWND hWnd = CreateWindowExW(0, a1.lpszClassName, L"2018CTF@pediy.com", 0x50000000,
param->X,
param->Y,
param->nWidth,
param->nHeight,
param->hWndParent,
0, GetWindowLongW(param->hWndParent, GWL_HINSTANCE), 0);
ShowWindow(hWnd, SW_SHOW);
//...
RECT rect;
GetClientRect(param->hWndParent, &rect);
GetWindowRect(param->hWndParent, &rect);
//...
float rgbSuccess[4];
float rgbFail[4];
memcpy(rgbSuccess, param->rgbSuccess, 16);
memcpy(rgbFail, param->rgbFail, 16);
//...
D3D_DRIVER_TYPE DriverTypes[3];
DriverTypes[0] = D3D_DRIVER_TYPE_HARDWARE;
DriverTypes[1] = D3D_DRIVER_TYPE_WARP;
DriverTypes[2] = D3D_DRIVER_TYPE_SOFTWARE;
D3D_FEATURE_LEVEL FeatureLevels[3];
FeatureLevels[0] = D3D_FEATURE_LEVEL_11_0;
FeatureLevels[1] = D3D_FEATURE_LEVEL_10_1;
FeatureLevels[2] = D3D_FEATURE_LEVEL_10_0;
D3D_FEATURE_LEVEL FeatureLevel = D3D_FEATURE_LEVEL_11_0;
DXGI_SWAP_CHAIN_DESC SwapChainDesc;
SwapChainDesc.BufferDesc.Width = param->nWidth;
SwapChainDesc.BufferDesc.Height = param->nHeight;
SwapChainDesc.OutputWindow = hWnd;
SwapChainDesc.BufferCount = 1;
SwapChainDesc.BufferDesc.Format = DXGI_FORMAT_R8G8B8A8_UNORM;
SwapChainDesc.BufferDesc.RefreshRate.Numerator = 60;
SwapChainDesc.BufferDesc.RefreshRate.Denominator = 1;
SwapChainDesc.BufferUsage = 32;
SwapChainDesc.SampleDesc.Count = 1;
SwapChainDesc.SampleDesc.Quality = 0;
SwapChainDesc.Windowed = 1;
IDXGISwapChain *SwapChain;
ID3D11Device *Device;
ID3D11DeviceContext *DeviceContext;
D3D11CreateDeviceAndSwapChain(0, DriverTypes[i], 0, 0, FeatureLevels, 3, 7, &SwapChainDesc, &SwapChain, &Device, &FeatureLevel, &DeviceContext);
ID3D11Texture2D *Surface;
D3D11_TEXTURE2D_DESC Desc;
ID3D11RenderTargetView *RenderTargetView;
SwapChain->lpVtbl->GetBuffer(SwapChain, 0, &IID_D3D11Texture2D, &Surface);
Surface->lpVtbl->GetDesc(Surface, &Desc);
Device->lpVtbl->CreateRenderTargetView(Device, Surface, 0, &RenderTargetView);
ID3D11Texture2D *Resource0;
ID3D11Texture2D *Resource1;
Desc.Usage = 0;
Desc.BindFlags = D3D11_BIND_RENDER_TARGET|D3D11_BIND_SHADER_RESOURCE;
Desc.CPUAccessFlags = 0;
Desc.MiscFlags = D3D11_RESOURCE_MISC_GENERATE_MIPS;
Device->lpVtbl->CreateTexture2D(Device, &Desc, 0, &Resource0);
Device->lpVtbl->CreateTexture2D(Device, &Desc, 0, &Resource1);
ID3D11RenderTargetView *RenderTargetViewSuccess;
ID3D11RenderTargetView *RenderTargetViewFail;
Device->lpVtbl->CreateRenderTargetView(Device, Resource0, 0, &RenderTargetViewSuccess);
Device->lpVtbl->CreateRenderTargetView(Device, Resource1, 0, &RenderTargetViewFail);
D3D11_SHADER_RESOURCE_VIEW_DESC ResourceViewDesc;
ResourceViewDesc.Format = Desc.Format;
ResourceViewDesc.Texture2D.MostDetailedMip = 0;
ResourceViewDesc.Texture2D.MipLevels = -1;
ResourceViewDesc.ViewDimension = D3D_SRV_DIMENSION_TEXTURE2D;
ID3D11ShaderResourceView *ShaderResourceViewSuccess;
ID3D11ShaderResourceView *ShaderResourceViewFail;
Device->lpVtbl->CreateShaderResourceView(Device, Resource0, &ResourceViewDesc, &ShaderResourceViewSuccess);
Device->lpVtbl->CreateShaderResourceView(Device, Resource1, &ResourceViewDesc, &ShaderResourceViewFail);
char g_buf_VertexShader[1308];
char g_buf_PixelShader0[496];
char g_buf_PixelShader1[3108];
D3D11_INPUT_ELEMENT_DESC InputElementDescs[3];
InputElementDescs[0].SemanticName = "POSITION";
InputElementDescs[0].SemanticIndex = 0;
InputElementDescs[0].Format = DXGI_FORMAT_R32G32B32_FLOAT;
InputElementDescs[0].InputSlot = 0;
InputElementDescs[0].AlignedByteOffset = 0;
InputElementDescs[0].InputSlotClass = 0;
InputElementDescs[0].InstanceDataStepRate = 0;
InputElementDescs[1].SemanticName = "TEXCOORD";
InputElementDescs[1].SemanticIndex = 0;
InputElementDescs[1].Format = DXGI_FORMAT_R32G32_FLOAT;
InputElementDescs[1].InputSlot = 0;
InputElementDescs[1].AlignedByteOffset = 12;
InputElementDescs[1].InputSlotClass = 0;
InputElementDescs[1].InstanceDataStepRate = 0;
InputElementDescs[2].SemanticName = "COLOR";
InputElementDescs[2].SemanticIndex = 0;
InputElementDescs[2].Format = DXGI_FORMAT_R32G32B32A32_FLOAT;
InputElementDescs[2].InputSlot = 0;
InputElementDescs[2].AlignedByteOffset = 20;
InputElementDescs[2].InputSlotClass = 0;
InputElementDescs[2].InstanceDataStepRate = 0;
ID3D11VertexShader *VertexShader;
ID3D11InputLayout *InputLayout;
ID3D11PixelShader *PixelShader0;
ID3D11PixelShader *PixelShader1;
Device->lpVtbl->CreateVertexShader(Device, g_buf_VertexShader, 1308, 0, &VertexShader);
Device->lpVtbl->CreateInputLayout(Device, InputElementDescs, 3, g_buf_VertexShader, 1308, &InputLayout);
Device->lpVtbl->CreatePixelShader(Device, g_buf_PixelShader0, 496, 0, &PixelShader0);
Device->lpVtbl->CreatePixelShader(Device, g_buf_PixelShader1, 3108, 0, &PixelShader1);
D3D11_SAMPLER_DESC SamplerDesc;
SamplerDesc.Filter = D3D11_FILTER_MIN_MAG_MIP_LINEAR;
SamplerDesc.AddressU = D3D11_TEXTURE_ADDRESS_WRAP;
SamplerDesc.AddressV = D3D11_TEXTURE_ADDRESS_WRAP;
SamplerDesc.AddressW = D3D11_TEXTURE_ADDRESS_WRAP;
SamplerDesc.ComparisonFunc = D3D11_COMPARISON_NEVER;
SamplerDesc.MinLOD = 0;
SamplerDesc.MaxLOD = FLT_MAX;
ID3D11SamplerState *Sampler;
Device->lpVtbl->CreateSamplerState(Device, &SamplerDesc, &Sampler);
char g_buf_input0[144];
char g_buf_input1[63936];
char g_buf_input2[62028];
__int16 g_buf_indice0[6];
__int16 g_buf_indice1[5283];
__int16 g_buf_indice2[5142];
D3D11_SUBRESOURCE_DATA InitialData;
D3D11_BUFFER_DESC BufferDesc;
ID3D11Buffer *VertexBuffer0;
ID3D11Buffer *VertexBuffer1;
ID3D11Buffer *VertexBuffer2;
ID3D11Buffer *IndexBuffer0;
ID3D11Buffer *IndexBuffer1;
ID3D11Buffer *IndexBuffer2;
ID3D11Buffer *ConstantBuffer;
//...
BufferDesc.BindFlags = D3D11_BIND_VERTEX_BUFFER;
InitialData.pSysMem = g_buf_input0;
BufferDesc.ByteWidth = sizeof(g_buf_input0);
Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &VertexBuffer0);
//...
InitialData.pSysMem = g_buf_input1;
BufferDesc.ByteWidth = sizeof(g_buf_input1);
Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &VertexBuffer1);
//...
InitialData.pSysMem = g_buf_input2;
BufferDesc.ByteWidth = sizeof(g_buf_input2);
Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &VertexBuffer2);
//...
BufferDesc.BindFlags = D3D11_BIND_INDEX_BUFFER;
InitialData.pSysMem = g_buf_indice0;
BufferDesc.ByteWidth = sizeof(g_buf_indice0);
Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &IndexBuffer0);
//...
InitialData.pSysMem = g_buf_indice1;
BufferDesc.ByteWidth = sizeof(g_buf_indice1);
Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &IndexBuffer1);
//...
InitialData.pSysMem = g_buf_indice2;
BufferDesc.ByteWidth = sizeof(g_buf_indice2);
Device->lpVtbl->CreateBuffer(Device, &BufferDesc, &InitialData, &IndexBuffer2);
//...
BufferDesc.ByteWidth = 240;
BufferDesc.BindFlags = D3D11_BIND_CONSTANT_BUFFER;
Device->lpVtbl->CreateBuffer(Device, &BufferDesc, 0, &ConstantBuffer);
__m128d ConstantBufferData[15];
// ... ConstantBufferData init
D3D11_VIEWPORT Viewport;
Viewport.MinDepth = 0.0;
Viewport.MaxDepth = 1.0;
Viewport.TopLeftX = 0.0;
Viewport.TopLeftY = 0.0;
Viewport.Width = param->nWidth;
Viewport.Height = param->nHeight;
UINT Stride = 36;
UINT Offset = 0;
// g_buf_input1 -> VertexShader -> PixelShader0
DeviceContext->lpVtbl->UpdateSubresource(DeviceContext, ConstantBuffer, 0, 0, ConstantBufferData, 0, 0);
DeviceContext->lpVtbl->ClearRenderTargetView(DeviceContext, RenderTargetViewSuccess, rgbSuccess);
DeviceContext->lpVtbl->OMSetRenderTargets(DeviceContext, 1, &RenderTargetViewSuccess, 0);
DeviceContext->lpVtbl->RSSetViewports(DeviceContext, 1, &Viewport);
DeviceContext->lpVtbl->IASetVertexBuffers(DeviceContext, 0, 1, &VertexBuffer1, &Stride, &Offset);
DeviceContext->lpVtbl->IASetIndexBuffer(DeviceContext, IndexBuffer1, DXGI_FORMAT_R16_UINT, 0);
DeviceContext->lpVtbl->IASetInputLayout(DeviceContext, InputLayout);
DeviceContext->lpVtbl->IASetPrimitiveTopology(DeviceContext, D3D_PRIMITIVE_TOPOLOGY_TRIANGLELIST);
DeviceContext->lpVtbl->VSSetShader(DeviceContext, VertexShader, 0, 0);
DeviceContext->lpVtbl->VSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer);
DeviceContext->lpVtbl->PSSetShader(DeviceContext, PixelShader0, 0, 0);
DeviceContext->lpVtbl->PSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer);
DeviceContext->lpVtbl->PSSetSamplers(DeviceContext, 0, 1, &Sampler);
DeviceContext->lpVtbl->DrawIndexed(DeviceContext, ARRAYSIZE(g_buf_indice1), 0, 0);
// g_buf_input2 -> VertexShader -> PixelShader0
DeviceContext->lpVtbl->GenerateMips(DeviceContext, ShaderResourceViewSuccess);
DeviceContext->lpVtbl->UpdateSubresource(DeviceContext, ConstantBuffer, 0, 0, ConstantBufferData, 0, 0);
DeviceContext->lpVtbl->ClearRenderTargetView(DeviceContext, RenderTargetViewFail, rgbFail);
DeviceContext->lpVtbl->OMSetRenderTargets(DeviceContext, 1, &RenderTargetViewFail, 0);
DeviceContext->lpVtbl->RSSetViewports(DeviceContext, 1, &Viewport);
DeviceContext->lpVtbl->IASetVertexBuffers(DeviceContext, 0, 1, &VertexBuffer2, &Stride, &Offset);
DeviceContext->lpVtbl->IASetIndexBuffer(DeviceContext, IndexBuffer2, DXGI_FORMAT_R16_UINT, 0);
DeviceContext->lpVtbl->IASetInputLayout(DeviceContext, InputLayout);
DeviceContext->lpVtbl->IASetPrimitiveTopology(DeviceContext, D3D_PRIMITIVE_TOPOLOGY_TRIANGLELIST);
DeviceContext->lpVtbl->VSSetShader(DeviceContext, VertexShader, 0, 0);
DeviceContext->lpVtbl->VSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer);
DeviceContext->lpVtbl->PSSetShader(DeviceContext, PixelShader0, 0, 0);
DeviceContext->lpVtbl->PSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer);
DeviceContext->lpVtbl->PSSetSamplers(DeviceContext, 0, 1, &Sampler);
DeviceContext->lpVtbl->DrawIndexed(DeviceContext, ARRAYSIZE(g_buf_indice2), 0, 0);
DeviceContext->lpVtbl->GenerateMips(DeviceContext, ShaderResourceViewFail);
//...
while ( WaitForSingleObjectEx(param->hEvent, 0, 0) == WAIT_TIMEOUT )
{
MSG msg;
if (PeekMessageW(&msg, 0, 0, 0, 1))
{
TranslateMessage(&msg);
DispatchMessageW(&msg);
}
EnterCriticalSection(¶m->cs);
ConstantBufferData[14].m128d_f32[0] = param->sn0;
ConstantBufferData[14].m128d_f32[1] = param->sn1;
ConstantBufferData[14].m128d_f32[2] = param->sn2;
LeaveCriticalSection(¶m->cs);
//...
// g_buf_input0 -> VertexShader -> PixelShader1
DeviceContext->lpVtbl->UpdateSubresource(DeviceContext, ConstantBuffer, 0, 0, ConstantBufferData, 0, 0);
DeviceContext->lpVtbl->ClearRenderTargetView(DeviceContext, RenderTargetView, rgbBlack);
DeviceContext->lpVtbl->OMSetRenderTargets(DeviceContext, 1, &RenderTargetView, 0);
DeviceContext->lpVtbl->RSSetViewports(DeviceContext, 1, &Viewport);
DeviceContext->lpVtbl->IASetVertexBuffers(DeviceContext, 0, 1, &VertexBuffer0, &Stride, &Offset);
DeviceContext->lpVtbl->IASetIndexBuffer(DeviceContext, IndexBuffer0, DXGI_FORMAT_R16_UINT, 0);
DeviceContext->lpVtbl->IASetInputLayout(DeviceContext, InputLayout);
DeviceContext->lpVtbl->IASetPrimitiveTopology(DeviceContext, D3D_PRIMITIVE_TOPOLOGY_TRIANGLELIST);
DeviceContext->lpVtbl->VSSetShader(DeviceContext, VertexShader, 0, 0);
DeviceContext->lpVtbl->VSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer);
DeviceContext->lpVtbl->PSSetShader(DeviceContext, PixelShader1, 0, 0);
DeviceContext->lpVtbl->PSSetConstantBuffers(DeviceContext, 0, 1, &ConstantBuffer);
DeviceContext->lpVtbl->PSSetShaderResources(DeviceContext, 0, 1, &ShaderResourceViewSuccess);
DeviceContext->lpVtbl->PSSetShaderResources(DeviceContext, 1, 1, &ShaderResourceViewFail);
DeviceContext->lpVtbl->PSSetSamplers(DeviceContext, 0, 1, &Sampler);
DeviceContext->lpVtbl->DrawIndexed(DeviceContext, 6, 0, 0);
SwapChain->lpVtbl->Present(SwapChain, 0, 0);
Sleep(2);
}
//...
return 0;
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
最后于 2018-12-18 15:19
被风间仁编辑
,原因:
赞赏记录
参与人
雪币
留言
时间
一笑人间万事
为你点赞~
2022-7-27 22:34
飘零丶
为你点赞~
2022-7-17 03:23
Editor
为你点赞~
2018-12-24 15:47
赞赏
|
|
|---|---|
|
|
他的文章
- KCTF2022春季赛 第三题 石像病毒 8855
- KCTF2022春季赛 第二题 末日邀请 16176
- KCTF2021秋季赛 第二题 迷失丛林 18803
- KCTF2020秋季赛 第十题 终焉之战 8861
- KCTF2020秋季赛 第九题 命悬一线 6461
赞赏
雪币:
留言:
