1
00:00:01,260 --> 00:00:01,980
Hello, everybody.

2
00:00:02,009 --> 00:00:03,810
Welcome back to Basic Expo Development.

3
00:00:04,230 --> 00:00:08,430
And in this section, we're going to show you how to generate the egg hunter and ensure that the egg

4
00:00:08,430 --> 00:00:09,780
hunter actually works.

5
00:00:10,250 --> 00:00:11,360
Now, remember what we did.

6
00:00:11,370 --> 00:00:18,000
We calculate an offset of 70 A's, and within those 70 A's, we are going to place our egg hunter.

7
00:00:18,750 --> 00:00:26,490
Now, what we're going to do sites, by the time we hijack execution with the jump instruction, then

8
00:00:26,490 --> 00:00:36,420
it's going to hit our jump 70 bytes back so that we can land back into our buffer of A's.

9
00:00:39,650 --> 00:00:47,980
So let's go ahead and generate her hunter to make sure that works in the surf hunter dash.

10
00:00:48,640 --> 00:00:49,290
Going to see.

11
00:00:49,910 --> 00:00:50,930
Let's go through how many.

12
00:00:55,760 --> 00:00:59,000
And this set a counter format python.

13
00:01:00,600 --> 00:01:01,290
Tashi.

14
00:01:02,200 --> 00:01:02,550
Woot.

15
00:01:03,370 --> 00:01:03,940
Remember this?

16
00:01:04,330 --> 00:01:05,120
Remember this.

17
00:01:05,140 --> 00:01:09,010
You need to use the two x.

18
00:01:09,010 --> 00:01:13,810
That means woot appended to your show code for it to work, but you don't have to put in one.

19
00:01:14,950 --> 00:01:19,870
As you can see, please get four bites, then take control.

20
00:01:25,590 --> 00:01:27,870
So let's copy and paste this and drop it in.

21
00:01:38,980 --> 00:01:44,260
And we're going to place a kind of her first by rewriting this evil string.

22
00:01:44,440 --> 00:01:45,220
We will string.

23
00:01:46,070 --> 00:01:46,730
People's.

24
00:01:48,880 --> 00:01:50,940
Remember a set of A's instead of the A's.

25
00:01:50,950 --> 00:01:53,770
Now we're going to add we're replacing with not.

26
00:01:56,640 --> 00:02:00,300
So 18 apps plus the Egg Hunters 32.

27
00:02:00,660 --> 00:02:01,550
That makes 50.

28
00:02:03,010 --> 00:02:06,130
Remember, we're trying to jump back 70 bytes plus.

29
00:02:08,669 --> 00:02:09,750
20 more knots.

30
00:02:14,550 --> 00:02:15,000
Oops.

31
00:02:17,740 --> 00:02:18,520
You're just zooming in.

32
00:02:20,090 --> 00:02:20,870
Times 20.

33
00:02:21,260 --> 00:02:22,400
So what's the math here?

34
00:02:22,790 --> 00:02:25,280
Because we're going to do a short job, 20 bytes.

35
00:02:25,370 --> 00:02:26,990
I mean, I 70 bytes right here.

36
00:02:27,590 --> 00:02:36,320
Well, basically, 18 plus 32 the most, but 800, as well as many other self coded countries are 32

37
00:02:36,320 --> 00:02:36,890
bytes long.

38
00:02:37,160 --> 00:02:39,870
18 plus 32 is 50 plus.

39
00:02:40,220 --> 00:02:42,230
Another 20 knots.

40
00:02:43,040 --> 00:02:51,330
That way, when we jump back and we land an incorrect section, then it only will execute nothing.

41
00:02:51,350 --> 00:02:53,180
That's basically do nothing.

42
00:02:53,360 --> 00:02:58,400
Just do nothing and keep incrementing down the stack to find other instructions.

43
00:03:00,170 --> 00:03:04,490
Now we're going to add our job ESP command.

44
00:03:06,630 --> 00:03:08,240
Then our short jump back.

45
00:03:15,810 --> 00:03:17,970
And then we're doing a let's see.

46
00:03:21,070 --> 00:03:22,330
How the rest of sees.

47
00:03:22,750 --> 00:03:23,830
Do your math again.

48
00:03:24,070 --> 00:03:34,510
256 bytes -18 -32 for the egg hunter, -20 for the not following it, minus four more for the jump instruction

49
00:03:34,720 --> 00:03:37,360
and minus four more for jumping back 70 bytes.

50
00:03:37,360 --> 00:03:38,110
That instruction.

51
00:03:46,580 --> 00:03:46,710
We.

52
00:03:47,180 --> 00:03:47,520
We're.

53
00:03:48,400 --> 00:03:51,330
See, but stirred up in the bugger again.

54
00:03:57,720 --> 00:04:01,470
You could play, but make sure you had your break point a jump.

55
00:04:08,830 --> 00:04:12,670
And then go back for the truth concept.

56
00:04:17,260 --> 00:04:18,370
We hit our break point.

57
00:04:20,180 --> 00:04:25,190
Press the button that is two buttons to the right of play to increment.

58
00:04:26,730 --> 00:04:28,190
We landed on our short jump.

59
00:04:28,200 --> 00:04:29,070
Sonia bites.

60
00:04:29,310 --> 00:04:30,150
Where does that take us?

61
00:04:32,020 --> 00:04:37,540
It takes us to our beautiful, beautiful country right here, as you can see.

62
00:04:38,560 --> 00:04:41,110
So before this, no operation instructions.

63
00:04:41,410 --> 00:04:44,980
So that way, if we don't land somewhere right here, we land here.

64
00:04:45,310 --> 00:04:52,990
So the execution, smoothly executing it, once it hits here, it will now find look for that that egg,

65
00:04:52,990 --> 00:04:54,400
basically for the shelf code.

66
00:04:54,970 --> 00:04:57,430
This if you were to keep on earth meaning this.

67
00:05:01,690 --> 00:05:02,760
Just goes in a cycle.

68
00:05:02,770 --> 00:05:03,340
You see that?

69
00:05:04,060 --> 00:05:05,260
That's the egg hunter's coat.

70
00:05:09,290 --> 00:05:14,420
And then in our next video, we're going to show you how the control works on some bogus show code that

71
00:05:14,420 --> 00:05:14,990
will generate.