DOCSLIB.ORG

Automated Malware Analysis Report for RFQ.Exe

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Malware Analysis Report for RFQ.Exe ID: 295709 Sample Name: RFQ.exe Cookbook: default.jbs Time: 11:10:56 Date: 09/10/2020 Version: 30.0.0 Red Diamond Table of Contents Table of Contents 2 Analysis Report RFQ.exe 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 5 Malware Configuration 5 Yara Overview 5 Memory Dumps 5 Unpacked PEs 6 Sigma Overview 6 Signature Overview 6 AV Detection: 6 Networking: 6 System Summary: 6 Data Obfuscation: 7 Malware Analysis System Evasion: 7 HIPS / PFW / Operating System Protection Evasion: 7 Stealing of Sensitive Information: 7 Remote Access Functionality: 7 Mitre Att&ck Matrix 7 Behavior Graph 8 Screenshots 8 Thumbnails 8 Antivirus, Machine Learning and Genetic Malware Detection 9 Initial Sample 9 Dropped Files 9 Unpacked PE Files 9 Domains 9 URLs 9 Domains and IPs 11 Contacted Domains 11 Contacted URLs 11 URLs from Memory and Binaries 11 Contacted IPs 14 Public 14 General Information 14 Simulations 16 Behavior and APIs 16 Joe Sandbox View / Context 16 IPs 16 Domains 16 ASN 17 JA3 Fingerprints 17 Dropped Files 17 Created / dropped Files 17 Static File Info 18 General 18 File Icon 19 Static PE Info 19 General 19 Entrypoint Preview 19 Data Directories 21 Sections 21 Copyright null 2020 Page 2 of 34 Resources 21 Imports 21 Version Infos 21 Network Behavior 22 Network Port Distribution 22 TCP Packets 22 UDP Packets 22 DNS Queries 23 DNS Answers 23 HTTP Request Dependency Graph 24 HTTP Packets 24 Code Manipulations 25 Statistics 25 Behavior 25 System Behavior 25 Analysis Process: RFQ.exe PID: 3148 Parent PID: 5684 25 General 25 File Activities 26 File Created 26 File Read 26 Registry Activities 27 Key Created 27 Analysis Process: powershell.exe PID: 5284 Parent PID: 3148 27 General 27 File Activities 28 File Created 28 File Deleted 28 File Written 28 File Read 30 Analysis Process: conhost.exe PID: 6180 Parent PID: 5284 33 General 33 Disassembly 33 Code Analysis 33 Copyright null 2020 Page 3 of 34 Analysis Report RFQ.exe Overview General Information Detection Signatures Classification Sample RFQ.exe Name: Maallliiicciiioouuss ssaampplllee ddeettteeccttteedd (((ttthhrrroouugghh … Analysis ID: 295709 Muaulllttiticii AiAoVuV s SS sccaaamnnnpneleerrr ddeettteecctttieiioodnn ( fftfohorrr o ssuugbbhm … MD5: e483f3e062560f3… YMYaaurrrlatai dAdeeVttte eScccttteaednd n AAennrt ttidiiVVeMte__c33tion for subm SHA1: 29be5983a4575f2… YYaarrraa ddeettteeccttteedd MAnaatssiVssLMLoo_gg3ggeerrr RRAATT SHA256: 2d9767641256c4… ..Y.NNaEEraTT dsseootuuerrrcctee dcc ooMddaees ccsooLnnotttgaagiiinnessr pRpooAttteTenntttiiiaa… Tags: exe A.ANddEddTss asa o dduiiirrrececectt tocororryyd eex xcccolllunustsaiiiooinns tt topo o Wteiiinndtdioao… Most interesting Screenshot: MAdaadccshh iiiann eed iLLreecaatrrronnriiiynn gge xddceeltutteescciotttiiionon nt o fffo oWrrr sisnaadmopp… Maaycy h ccihnheec cLkke tttahhreen ioonnnglll iiindnee t IeIIPPc t aiaoddndd rfrreoesrs ss a oomfff …p MassLogger RAT QMuaueyerr riciieehsse scseken ntshsiieitttii ivvoeen lvviniiiddeee IooP d daeedvvdiiiccree s iiinsn fffoofrrr m… Score: 100 Range: 0 - 100 TQTrrruiiieessr i tettoos ddseetttneesccittt i svsaean nvddidbbeoooxxe edsse avanincdde oointtthfhoeerrrrm… Whitelisted: false TTrrriiieess tttoo hdhaearrtrvevecests ttst aanndd b ssotttexeaealsll b barrrnoodww sosetehrrr e iiinrn… Confidence: 100% TTrrriiieess tttoo shsttateeraavllel Msta aaiiillln ccdrrr eesddteeannltt tiibiaarlllsos w (((vvsiiieaar f ffiiilnll… YTYarairerraas ddtoee tttseetcectttaeeld dM CCaooils scttturuerrrada e AAnsstsisaeelms (bbvlllyiya L Lfoiol… AYAVaVr papr rrdooecceteesscsst e ssdtttrr riiCinngogss t fuffooruaun nAdds ((s(ooeffftmtteenbn l yuu ssLeeo… CAChVhe epccrkkossc ieiifff s AAsn nstttiitivrviiinrrruugss/// AAfonnutttiinissdpp yy(wowfataerrrene// /FuFisiirrree… CChheecckkss iiifff ttAthhneet icvcuiurrrurrrrese/nnAttt n pptrirrsoopccyeewsssas riiises / bFbeieriieinn… CCohonenttctaakiiinsn ssif lllotohnnegg c ssulllerereeppnsst p(((>>ro==c 3e3 s msi iinins))) bein CCrroreenaattatteeinss s aa l oDDniiirrgree csctltteIIInneppuusttt (oo>bb=jjje e3cc ttmt (((oionffft)tteenn fffoo… CCrrreeaattteess aa pDprrrioroeccceetssInss p iiinun t s souubssjpepecentn d(doeefdtde mn ofoo… DCDereettteaectcettteesd da p ppoortttoeecnnetttiisiaaslll cicnrrry yspputttoso p fffueunncdcttetiiiodon nmo EDEnenataebbcllleteessd dd peeobbtuueggn tppiarrriiliv vciiillrleeyggpeetoss function FEFonouaunbndlde asa hdhieiiggbhhu ngnu upmribvbeielerrr g ooefff s Wiiinnddooww /// UUss… HFHoTTuTTnPPd G aE EhTTig ohorr r n PPuOmSSbTTe r ww oiiittfth hWoouuinttt d aao uwuss e/e rrUr …s IIHIPPT aaTddPdd rrGreeEsssTs ssoeere ePnnO iiinnS cTco ownnnintheeocctuttiiioto nan wuwsiiitttehhr oo… MIPaa ayyd ssdlllereeeespps ( ((seeevveaanssi iivivnee c lllooonopnpses))c) tttoio nhh iiinwndditeherr r o … Moaonyni iittstoolerrrsse pcce e(rrertttavaaiiinns irrrveeegg iilisosttotrrrypy s kk)ee tyyoss h /// i nvvadalelluur… PMPEEo n fffiiilltleeo rccsoo cnnetttaartiiinansisn s srttetrrraganinsggtreey rrrkeeessyoosuu rr/rc cveeasslu QPEuue efrrirliiiee ssc ossenentnassiiniitttisiivv ese t prparrronocgcees srsseoosrrro iiiunnrfffocoerrrms aa… Quueerrriiieess ttsthheeen pspirrrtoiovddeuu cpctrtt o IIIDcDe oosffsf Wori iininnddfoowrwmssa Quueerrriiieess ttthhee vpvoroollluudmuceet iiiInnDfffo oorrrmf Waatttiiinioodnno (((wnnasam… SQSaaumerppielllees eethxxee ccvuuotttliiiuoomnn esst ttoionppfoss r wmwhhaiiitllleieo npp rrr(oonccaeem… SSaampplllee ffefiiillxleee iicissu ddtiiioiffffffnee rrrseetnonttpt ttsthh awannh ioloerrri iigpgiirinnoaacllel … YSYaarrmraa p sslieiigg nfnialaettt uuisrrre ed miffaeatrttcechnht than original Yara signature match Copyright null 2020 Page 4 of 34 Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Startup System is w10x64 RFQ.exe (PID: 3148 cmdline: 'C:\Users\user\Desktop\RFQ.exe' MD5: E483F3E062560F3BFC1E1B6BF258AF69) powershell.exe (PID: 5284 cmdline: 'powershell' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\RFQ.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10) conhost.exe (PID: 6180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cleanup Malware Configuration No configs have been found Yara Overview Memory Dumps Source Rule Description Author Strings 00000000.00000002.503999630.0000000004FE Quasar_RAT_1 Detects Quasar Florian Roth 0xbcd48:$op1: 04 1E FE 02 04 16 FE 01 60 B000.00000004.00000001.sdmp RAT 0xbcc0b:$op2: 00 17 03 1F 20 17 19 15 28 0xbd574:$op3: 00 04 03 69 91 1B 40 0xbe7a1:$op3: 00 04 03 69 91 1B 40 Copyright null 2020 Page 5 of 34 Source Rule Description Author Strings 00000000.00000002.503999630.0000000004FE JoeSecurity_MassLogger Yara detected Joe Security B000.00000004.00000001.sdmp MassLogger RAT 00000000.00000002.509144159.0000000007FB Quasar_RAT_1 Detects Quasar Florian Roth 0xa00:$op1: 04 1E FE 02 04 16 FE 01 60 0000.00000004.00000001.sdmp RAT 0x8c3:$op2: 00 17 03 1F 20 17 19 15 28 0x122c:$op3: 00 04 03 69 91 1B 40 0x2459:$op3: 00 04 03 69 91 1B 40 00000000.00000002.509144159.0000000007FB JoeSecurity_MassLogger Yara detected Joe Security 0000.00000004.00000001.sdmp MassLogger RAT Process Memory Space: RFQ.exe PID: 3148 JoeSecurity_AntiVM_3 Yara detected Joe Security AntiVM_3 Click to see the 2 entries Unpacked PEs Source Rule Description Author Strings 0.2.RFQ.exe.7fb0000.5.unpack JoeSecurity_MassLogger Yara detected Joe Security MassLogger RAT 0.2.RFQ.exe.7fb0000.5.raw.unpack Quasar_RAT_1 Detects Quasar Florian Roth 0xa00:$op1: 04 1E FE 02 04 16 FE 01 60 RAT 0x8c3:$op2: 00 17 03 1F 20 17 19 15 28 0x122c:$op3: 00 04 03 69 91 1B 40 0x2459:$op3: 00 04 03 69 91 1B 40 0.2.RFQ.exe.7fb0000.5.raw.unpack JoeSecurity_MassLogger Yara detected Joe Security MassLogger RAT Sigma Overview No Sigma rule has matched Signature Overview • AV Detection • Networking • Key, Mouse, Clipboard, Microphone and Screen Capturing • System Summary • Data Obfuscation • Hooking and other Techniques for Hiding and Protection • Malware Analysis System Evasion • Anti Debugging • HIPS / PFW / Operating System Protection Evasion • Language, Device and Operating System Detection • Lowering of HIPS / PFW / Operating System Security Settings • Stealing of Sensitive Information • Remote Access Functionality Click to jump to signature section AV Detection: Multi AV Scanner detection for submitted file Machine Learning detection for sample Networking: May check the online IP address of the machine System Summary: Malicious sample detected (through community Yara rule) Copyright null 2020 Page 6 of 34 Data Obfuscation: .NET source code contains potential unpacker Yara detected Costura Assembly Loader Malware Analysis System Evasion: Yara detected AntiVM_3 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) HIPS / PFW / Operating System Protection Evasion: Adds a directory exclusion to Windows Defender Stealing of Sensitive Information: Yara detected MassLogger RAT Tries to harvest and steal browser information (history, passwords, etc) Tries to steal Mail credentials (via file access) Remote Access Functionality: Yara detected MassLogger RAT Mitre Att&ck Matrix Initial Privilege Credential Lateral Command Access Execution Persistence Escalation Defense Evasion Access Discovery Movement Collection Exfiltration and Control Valid Windows Management Path Process Masquerading
Load more

Recommended publications
  • As of Directx 8, Directdraw (2D) and Direct3d (3D) Have Been Combined
    GAM666 – Introduction To Game Programming Basic 3D Using DirectX 9 ● As of DirectX 8, DirectDraw (2D) and Direct3D (3D) have been combined into DirectX Graphics (still often called Direct3D, however) ● DirectX Graphics includes a library of 3D math helper functions, d3dx9math.h, the use of which is entirely optional but has gained wide acceptance GAM666 – Introduction To Game Programming Basic 3D Using DirectX 9 DirectX 9 COM Object Pointers: ● LPDIRECT3D9 – main Direct3D control object used to create others ● LPDIRECT3DDEVICE9 – device onto which 3D is rendered ● LPDIRECT3DVERTEXBUFFER9 – list of vertices describing a shape to be rendered ● LP3DXFONT – font for rendering text onto a 3D scene GAM666 – Introduction To Game Programming Basic 3D Using DirectX 9 Basic frame rendering logic: ● Clear the display target's backbuffer using Direct3DDevice Clear() ● Call Direct3DDevice BeginScene() ● Render primitives [shapes] using Direct3DDevice DrawPrimitive() and text using Direct3DXFont DrawText() ● Call Direct3DDevice EndScene() ● Flip backbuffer to screen with Direct3DDevice Present() GAM666 – Introduction To Game Programming 3D Setup ● Direct3DCreate9() to create Direct3D object ● Enumeration in DirectX Graphics is easier than in DirectDraw7 (no enumeration callback function needs to be supplied, rather call a query function in your own loop) ● Direct3D CreateDevice() to create Direct3DDevice ● Direct3DDevice CreateVertexBuffer() to allocate vertex buffers ● D3DXCreateFont() to make 3D font GAM666 – Introduction To Game Programming Critical
    [Show full text]
  • High Performance Visualization Through Graphics Hardware and Integration Issues in an Electric Power Grid Computer-Aided-Design Application
    UNIVERSITY OF A CORUÑA FACULTY OF INFORMATICS Department of Computer Science Ph.D. Thesis High performance visualization through graphics hardware and integration issues in an electric power grid Computer-Aided-Design application Author: Javier Novo Rodríguez Advisors: Elena Hernández Pereira Mariano Cabrero Canosa A Coruña, June, 2015 August 27, 2015 UNIVERSITY OF A CORUÑA FACULTY OF INFORMATICS Campus de Elviña s/n 15071 - A Coruña (Spain) Copyright notice: No part of this publication may be reproduced, stored in a re- trieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording and/or other- wise without the prior permission of the authors. Acknowledgements I would like to thank Gas Natural Fenosa, particularly Ignacio Manotas, for their long term commitment to the University of A Coru˜na. This research is a result of their funding during almost five years through which they carefully balanced business-driven objectives with the freedom to pursue more academic goals. I would also like to express my most profound gratitude to my thesis advisors, Elena Hern´andez and Mariano Cabrero. Elena has also done an incredible job being the lead coordinator of this collaboration between Gas Natural Fenosa and the University of A Coru˜na. I regard them as friends, just like my other colleagues at LIDIA, with whom I have spent so many great moments. Thank you all for that. Last but not least, I must also thank my family – to whom I owe everything – and friends. I have been unbelievably lucky to meet so many awesome people in my life; every single one of them is part of who I am and contributes to whatever I may achieve.
    [Show full text]
  • Advanced 3D Game Programming with Directx 10.0 / by Peter Walsh
    Advanced 3D Game Programming with DirectX® 10.0 Peter Walsh Wordware Publishing, Inc. Library of Congress Cataloging-in-Publication Data Walsh, Peter, 1980- Advanced 3D game programming with DirectX 10.0 / by Peter Walsh. p. cm. Includes index. ISBN 10: 1-59822-054-3 ISBN 13: 978-1-59822-054-4 1. Computer games--Programming. 2. DirectX. I. Title. QA76.76.C672W3823 2007 794.8'1526--dc22 2007041625 © 2008, Wordware Publishing, Inc. All Rights Reserved 1100 Summit Avenue, Suite 102 Plano, Texas 75074 No part of this book may be reproduced in any form or by any means without permission in writing from Wordware Publishing, Inc. Printed in the United States of America ISBN 10: 1-59822-054-3 ISBN 13: 978-1-59822-054-4 10987654321 0712 DirectX is a registered trademark of Microsoft Corporation in the United States and/or other counties. Other brand names and product names mentioned in this book are trademarks or service marks of their respective companies. Any omission or misuse (of any kind) of service marks or trademarks should not be regarded as intent to infringe on the property of others. The publisher recognizes and respects all marks used by companies, manufacturers, and developers as a means to distinguish their products. This book is sold as is, without warranty of any kind, either express or implied, respecting the contents of this book and any disks or programs that may accompany it, including but not limited to implied warranties for the book’s quality,performance, merchantability,or fitness for any particular purpose. Neither Wordware Publishing, Inc.
    [Show full text]
  • Introduction to Direct 3D
    Introduction to Direct 3D by John Tsiombikas [email protected] What is Direct3D? 3D graphics API (Application Programming Interface) Similar to OpenGL Takes advantage of available graphics hardware Usable through C++ Based on COM objects and OOP paradigm Direct3D vs OpenGL Controlled completely by MS Controlled by ARB Object oriented design Procedural interface, functions that affect Usable through C++ only the state of the OpenGL state machine Even the most recent features are fully Usable through C or C++ integrated into the core of the API Most very recent features are provided Frequent revisions / volatile interface through an extension mechanism Only available on MS Windows Slow major revisions / stable interface Cross-platform (UNIX, Windows, MacOS etc.) Direct3D Initialization Steps Win32 API: create window, handle events, etc. Initialize Direct3D Device (see example below) IDirect3D8 *d3d = Direct3DCreate8(D3D_SDK_VERSION); D3DDISPLAYMODE d3ddm; d3d->GetAdapterDisplayMode(D3DADAPTER_DEFAULT, &d3ddm); D3DPRESENT_PARAMETERS d3dpp; memset(&d3dpp, 0, sizeof(D3DPRESENT_PARAMETERS)); d3dpp.Windowed = true; d3dpp.SwapEffect = D3DSWAPEFFECT_DISCARD; d3dpp.BackBufferFormat = d3ddm.Format; IDirect3DDevice *d3ddevice; d3d->CreateDevice(D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, window, D3DCREATE_HARDWARE_VERTEXPROCESSING, &d3dpp, &d3ddevice); Direct3D rendering pipeline local (model) space d3ddevice->SetTransform(D3DTS_WORLD, matrix); world space d3ddevice->SetTransform(D3DTS_VIEW, matrix); camera (view) space d3ddevice->SetTransform(D3DTS_PROJECTION,
    [Show full text]
  • 22 Debugging
    Chapter 22 Debugging \He that assures himself he never errs will always err." Joseph Glanville: The Vanity of Dogmatizing, XXIII, 1661 (Cf. Nordern, ante, 1607) \Blue is true, Yellow's jealous, Green's forsaken, Red's brazen, White is love, And black is death." Author unidenti¯ed 22.1 Overview Debugging ordinary programs is often a di±cult and frustrating task. Direct3D programs can be even more di±cult to debug and lead to even more frustration. This chapter covers techniques and advice for debugging Windows programs in general and Direct3D programs in particular. The best way to debug a program is to write a program with no bugs. Naturally, this is almost impossible for all but the simplest of programs. How- ever, there are techniques you can use to avoid common mistakes. First, we will discuss techniques for avoiding some of the most common pitfalls of C++ applications. The Windows operating system also provides some facilities for debugging of applications. Using these facilities can help you obtain information about your program while it is running and can also be used to provide information about the execution context of your program when it encounters a fatal error. Next, we will discuss the debugging facilities in Visual C++ 6. Detailed information on the debugger is found in the Visual C++ documentation, while we provide suggestions and tips for using the debugger with Direct3D applications. 789 790 CHAPTER 22. DEBUGGING Finally, we will conclude with debugging techniques speci¯c to Direct3D programs and the unique challenges they present in debugging. 22.2 Version Control Systems One of the most frustrating mistakes we can make is to accidentally delete the very code we have been struggling to write.
    [Show full text]
  • Beginning Direct3d Game Programming, 2Nd Edition
    Beginning Direct3D® Game Programming 2nd Edition Beginning Direct3D® Game Programming 2nd Edition Wolfgang F. Engel © 2003 by Premier Press, a division of Course Technology. All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system without written permission from Premier Press, except for the inclusion of brief quotations in a review. The Premier Press logo and related trade dress are trademarks of Premier Press and may not be used without written permission. Publisher: Stacy L. Hiquet Senior Marketing Manager: Martine Edwards Marketing Manager: Heather Hurley Associate Marketing Manager: Kristin Eisenzopf Manager of Editorial Services: Heather Talbot Acquisitions Editor: Mitzi Foster-Koontz Project Editor/Copy Editor: Cathleen D. Snyder Technical Reviewer: André LaMothe Retail Market Coordinator: Sarah Dubois Interior Layout: Shawn Morningstar Cover Designer: Mike Tanamachi CD-ROM Producer: Brandon Penticuff Indexer: Katherine Stimson Proofreader: Lorraine Gunter DirectDraw, DirectMusic, DirectPlay, DirectSound, DirectX, Microsoft, Visual Basic, Visual C++, Windows, Windows NT, Xbox, and/or other Microsoft products are registered trademarks or trade- marks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks are the property of their respective owners. Important: Premier Press cannot provide software support. Please contact the appropriate software manufacturer’s technical support line or Web site for assistance. Premier Press and the author have attempted throughout this book to distinguish proprietary trade- marks from descriptive terms by following the capitalization style used by the manufacturer. Information contained in this book has been obtained by Premier Press from sources believed to be reliable.
    [Show full text]
  • Displacement Mapping
    Advanced Visual Effects with Direct3D® Presenters: Cem Cebenoyan, Sim Dietrich, Richard Huddy, Greg James, Jason Mitchell, Ashu Rege, Guennadi Riguer, Alex Vlachos and Matthias Wloka Today’s Agenda • DirectX® 9 Features – Jason Mitchell & Cem Cebenoyan Coffee break – 11:00 – 11:15 • DirectX 9 Shader Models – Sim Dietrich & Jason L. Mitchell Lunch break – 12:30 – 2:00 • D3DX Effects & High-Level Shading Language – Guennadi Riguer & Ashu Rege • Optimization for DirectX 9 Graphics – Matthias Wloka & Richard Huddy Coffee break – 4:00 – 4:15 • Special Effects – Alex Vlachos & Greg James • Conclusion and Call to Action DirectX® 9 Features Jason Mitchell Cem Cebenoyan [email protected] [email protected] Outline • Feeding Geometry to the GPU – Vertex stream offset and VB indexing – Vertex declarations – Presampled displacement mapping • Pixel processing – New surface formats – Multiple render targets – Depth bias with slope scale – Auto mipmap generation – Multisampling – Multihead – sRGB / gamma – Two-sided stencil • Miscellaneous – Asynchronous notification / occlusion query Feeding the GPU In response to ISV requests, some key changes were made to DirectX 9: • Addition of new stream component types • Stream Offset • Separation of Vertex Declarations from Vertex Shader Functions • BaseVertexIndex change to DIP() New stream component types • D3DDECLTYPE_UBYTE4N – Each of 4 bytes is normalized by dividing by 255.0 • D3DDECLTYPE_SHORT2N – 2D signed short normalized (v[0]/32767.0,v[1]/32767.0,0,1) • D3DDECLTYPE_SHORT4N – 4D signed short normalized
    [Show full text]
  • Introduction
    Chapter 1 Introduction \The beginnings of all things are weak and tender. We must therefore be clear-sighted in beginnings, for, as in their budding we discern not the danger, so in their full growth we perceive not the remedy." Michel de Montaigne: Essays, III, 1588 1.1 Overview This book describes the Direct3D graphics pipeline, from presentation of scene data to pixels appearing on the screen. The book is organized sequentially following the data flow through the pipeline from the application to the image displayed on the monitor. Each major section of the pipeline is treated by a part of the book, with chapters and subsections detailing each discrete stage of the pipeline. This section summarizes the contents of the book. Part I begins with a review of basic concepts used in 3D computer graphics and their representations in Direct3D. The IDirect3D9 interface is introduced and device selection is described. The IDirect3DDevice9 interface is introduced and an overview of device methods and internal state is given. Finally, a basic framework is given for a 2D application. Chapter 1 begins with an overview of the entire book. A review is given of display technology and the important concept of gamma correction. The representation of color in Direct3D and the macros for manipulating color values are described. The relevant mathematics of vectors, geometry and matrices are reviewed and summarized. A summary of COM and the IUnknown interface is COM: Component Object given. Finally, the coding style conventions followed in this book are presented Model along with some useful C++ coding techniques.
    [Show full text]
  • Direct3d 11 with Windows 8 Metro Applications
    Direct3D 11 with Windows 8 Metro Applications Frank Luna May 11, 2012 www.d3dcoder.net Direct3D 11 is the official 3D rendering API for Windows 8 Metro styled applications. The API is the same for both desktop and Metro styled applications. Therefore, while the book Introduction to 3D Game Programming with DirectX 11 is not Metro specific, all the core Direct3D concepts apply. However, the book’s sample projects will not compile as Metro applications for a couple of reasons: The samples do not use the Metro API for creating windows (i.e., the sample applications were not written as Metro styled applications). The samples use the Effects framework and the D3DX library for texture loading, which are not supported by Metro styled applications. The samples should compile and run just fine as desktop applications on Windows 8 because Windows 8 maintains compatibility with non-Metro styled applications. (Instructions for getting the book demos working on Win8 and Visual Studio 2012 (VS12) are available at http://d3dcoder.net/WordPress/?p=17 and also the forums http://www.d3dcoder.net/phpBB/viewforum.php?f=4). This tutorial shows how to port the “Textured Columns” exercise from Chapter 8 to a Metro styled application. With this tutorial, you should feel comfortable applying the concepts in Introduction to 3D Game Programming with DirectX 11 to Metro styled applications. We have three main topics to tackle: Managing constant buffers. In the book, we mostly let the Effects framework handle this for us. Because we cannot use the Effects framework with Metro styled applications, we must update constant buffers ourselves and bind them to the pipeline ourselves.
    [Show full text]
  • Advanced Animation with Directx.Pdf
    Table of Contents Advanced Animation with DirectX..................................................................................................................1 Introduction.........................................................................................................................................................4 Part One: Preparations.....................................................................................................................................7 Chapter 1: Preparing for the Book..................................................................................................................8 Overview.................................................................................................................................................8 Installing the DirectX SDK.....................................................................................................................8 Choosing the Debug or Retail Libraries...............................................................................................10 Configuring Your Compiler..................................................................................................................11 Setting the DirectX SDK Directories.............................................................................................11 Linking to the DirectX Libraries....................................................................................................12 Setting the Default char State.........................................................................................................14
    [Show full text]
  • Windows RT and Wine
    Windows 8/RT and Wine Admittedly not usually ARM-specific Ridiculous Terminology • MS introduced a mess of new terms for Windows 8, and I have to go through them so we don’t get confused. • Windows RT: An edition of Windows 8 that runs on ARM devices. Microsoft has not defined what RT stands for. • Formerly: Windows on ARM • Not to be confused with: WinRT • In addition to running on ARM, this version refuses to run non-MS executables on the desktop. But an easy jailbreak is available. • App container: A special security token that represents an application running as a specific user. App containers have limited permissions, will be suspended/terminated at the system’s whim, and are exempt from signing requirements. Ridiculous Terminology (part 2) • Windows Store Environment: The part of Windows 8 that isn’t the desktop. • This might not be the official name. • Alternative names: Metro, Windows Store, Touch-Optimized Interface • Immersive Process: An instance of a program that runs in the Windows 8 store environment. AFAICT these must run inside an app container. • Charms Menu: That silly thing on the right side of the screen that no one figures out they need the first time they want to turn off their Windows 8 computer. I guess this is also sort of an overview? • App Contract/Extension: Capabilities of an application that it registers with Windows and that Windows will activate under specific circumstances. • Example: The search contract allows Windows to list the application on the Search charm and activate it when the user selects it to search.
    [Show full text]
  • Skinned Mesh Character Animation with Direct3d 9.0C
    Skinned Mesh Character Animation with Direct3D 9.0c Frank Luna www.moon-labs.com Copyright © 2004. All rights reserved. Created on Monday, February 20, 2004 Update 1 on Friday, September 10, 2004 Real-Time character animation plays an important role in a wide variety of 3D simulation programs, and particularly in 3D computer games. This paper describes the data structures and algorithms used to drive a modern real-time character animation system. In addition, it presents a thorough examination of the D3DX 9.0c Animation API. Section 1 describes the motion and data structural representation of a 3D character. Section 2 focuses on the datasets needed to describe an animation sequence. Section 3 examines an animation technique that works with rigid bodies and emphasizes the problems associated with this approach. Section 4 explains a new animation technique, vertex blending (also called skinned mesh animation), which does not suffer the problems of rigid body animation. Section 5 shows how to implement a skinned mesh character animation using the D3DX Animation API. Section 6 demonstrates how to play multiple distinct animation sequences. Section 7 explores how to create new animations from existing ones using the D3DX animation blending functionality. And finally, Section 8 explains how to execute code in parallel with an animation sequence, using the D3DX animation callback functionality. 1 An Overview of Character Mesh Hierarchies Figure 1 shows a character mesh. The highlighted chain of bones in the figure is called a skeleton. A skeleton provides a natural underlying structure for driving a character animation system. The skeleton is surrounded by an exterior skin, which we model as 3D geometry (vertices and polygons).
    [Show full text]