1
00:00:00,780 --> 00:00:03,870
Welcome to the practical walkthrough on IED hooking.

2
00:00:05,340 --> 00:00:16,260
So let's copy the path through this folder, right click and copy and then open x64 and tools command

3
00:00:16,260 --> 00:00:16,560
from.

4
00:00:19,170 --> 00:00:29,460
And change to the directory that you just copy cargo capacity to build both the hookah as well as the

5
00:00:29,460 --> 00:00:29,850
target.

6
00:00:36,610 --> 00:00:44,140
Now that he has finished, you can see the two new files, the tiger itself and also the -- that

7
00:00:44,140 --> 00:00:47,080
is trying the target and see what he does to make sure that he's looking.

8
00:00:56,630 --> 00:01:02,300
So it shows the first message which is expected, we'll hear his message.

9
00:01:05,480 --> 00:01:06,460
You click OK.

10
00:01:07,330 --> 00:01:14,470
You show us the second message box coming from here, you look again and you show us the items box coming

11
00:01:14,470 --> 00:01:14,960
from here.

12
00:01:16,270 --> 00:01:18,640
And then here you can see the.

13
00:01:20,080 --> 00:01:23,440
Console output target for Hugo he study coming from here.

14
00:01:25,040 --> 00:01:28,570
If you hit OK, now you show the second.

15
00:01:29,930 --> 00:01:33,290
Message target for exiting, which is coming from here.

16
00:01:34,610 --> 00:01:40,070
So now we are going to hope the progress table using our hookah.

17
00:01:41,930 --> 00:01:51,050
So let's try it again now is showing the first message box and you are going to use Process Hacker as

18
00:01:51,120 --> 00:01:57,590
you sure, and then select right click me target.

19
00:01:59,620 --> 00:02:07,600
Click on Miscellaneous and then click on Inject Yeah, and select your --, I.D. --.

20
00:02:09,140 --> 00:02:09,710
Kate, Open.

21
00:02:11,740 --> 00:02:18,740
No idea who has been injected, as has already been attached.

22
00:02:19,330 --> 00:02:20,220
Yes, they've been sent.

23
00:02:22,340 --> 00:02:23,180
Let's click OK.

24
00:02:25,490 --> 00:02:29,480
Straight away, no pop up message box is showing you step.

25
00:02:30,110 --> 00:02:30,740
We see.

26
00:02:32,140 --> 00:02:40,470
This new console output, who has been set for it for machine message box here, if you look at the,

27
00:02:42,160 --> 00:02:44,080
you will see that it comes from here.

28
00:02:57,550 --> 00:03:00,660
From here, who has been set for it function.

29
00:03:01,870 --> 00:03:02,830
And then after they.

30
00:03:04,650 --> 00:03:06,210
Modified message, Moscow.

31
00:03:06,510 --> 00:03:07,860
No message pop up on the screen.

32
00:03:08,790 --> 00:03:16,230
So what he does is he executes the new function, which will replace.

33
00:03:18,050 --> 00:03:23,930
If you hear used to replace the original function, so it is calling the hulking function, which is

34
00:03:23,930 --> 00:03:29,340
just one monjuvi message which brings up this message modifying message box.

35
00:03:29,780 --> 00:03:31,670
So this one is shown here.

36
00:03:33,460 --> 00:03:42,310
After that, when the tiger process tries to open the message box, the third message box again, this

37
00:03:42,310 --> 00:03:46,750
25 message box is caught and that's why it prints this line again.

38
00:03:46,960 --> 00:03:57,820
And you see here after day, he prints target for Hugo Exiting, which is the last message that you

39
00:03:57,820 --> 00:04:00,760
see just before he could.

40
00:04:03,510 --> 00:04:04,170
Which is here.

41
00:04:07,240 --> 00:04:07,630
OK.

42
00:04:09,360 --> 00:04:10,530
So that's how it works.

43
00:04:14,430 --> 00:04:22,350
So in the days of watching in the next video crew, reverse engineer the IED cable looking to have a

44
00:04:22,350 --> 00:04:24,600
low level look, thank you for watching.